pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/chat/znc
Module Name: pkgsrc
Committed By: nia
Date: Tue Jun 18 10:21:37 UTC 2019
Modified Files:
pkgsrc/chat/znc: Makefile distinfo
Added Files:
pkgsrc/chat/znc/patches: patch-include_znc_Modules.h
patch-src_Modules.cpp
Log Message:
znc: Fix CVE-2019-12816
This is an remote code execution and privilege escalation vulnerability.
It requires an already-existing unprivileged ZNC user.
This is znc-1.7.3nb2.
To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 pkgsrc/chat/znc/Makefile
cvs rdiff -u -r1.3 -r1.4 pkgsrc/chat/znc/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/chat/znc/patches/patch-include_znc_Modules.h \
pkgsrc/chat/znc/patches/patch-src_Modules.cpp
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/chat/znc/Makefile
diff -u pkgsrc/chat/znc/Makefile:1.6 pkgsrc/chat/znc/Makefile:1.7
--- pkgsrc/chat/znc/Makefile:1.6 Wed Apr 3 00:32:28 2019
+++ pkgsrc/chat/znc/Makefile Tue Jun 18 10:21:37 2019
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.6 2019/04/03 00:32:28 ryoon Exp $
+# $NetBSD: Makefile,v 1.7 2019/06/18 10:21:37 nia Exp $
DISTNAME= znc-1.7.3
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= net
MASTER_SITES= https://znc.in/releases/archive/
Index: pkgsrc/chat/znc/distinfo
diff -u pkgsrc/chat/znc/distinfo:1.3 pkgsrc/chat/znc/distinfo:1.4
--- pkgsrc/chat/znc/distinfo:1.3 Sun Mar 31 15:20:42 2019
+++ pkgsrc/chat/znc/distinfo Tue Jun 18 10:21:37 2019
@@ -1,6 +1,8 @@
-$NetBSD: distinfo,v 1.3 2019/03/31 15:20:42 nia Exp $
+$NetBSD: distinfo,v 1.4 2019/06/18 10:21:37 nia Exp $
SHA1 (znc-1.7.3.tar.gz) = 76c1c32d3ec6fc052b0c3854dbbb8896aecafee5
RMD160 (znc-1.7.3.tar.gz) = a52f7f8500dc3156dd3387f9450e8558132013d6
SHA512 (znc-1.7.3.tar.gz) = 4cd63be2cb3bc1e3950f38984b128c6511bd1b9fc01a00d51cfcdc46826c2dedad120d6ed8e30d9c400909e33d39b2b14579fb40ee1e3508b7f3a07eff3a15d8
Size (znc-1.7.3.tar.gz) = 2084575 bytes
+SHA1 (patch-include_znc_Modules.h) = 57f5d2dcb0021c3c7c0162ccd06ad8698e68022e
+SHA1 (patch-src_Modules.cpp) = adb6f87f4c441cd438110aa58fdb31b481212eff
Added files:
Index: pkgsrc/chat/znc/patches/patch-include_znc_Modules.h
diff -u /dev/null pkgsrc/chat/znc/patches/patch-include_znc_Modules.h:1.1
--- /dev/null Tue Jun 18 10:21:37 2019
+++ pkgsrc/chat/znc/patches/patch-include_znc_Modules.h Tue Jun 18 10:21:37 2019
@@ -0,0 +1,16 @@
+$NetBSD: patch-include_znc_Modules.h,v 1.1 2019/06/18 10:21:37 nia Exp $
+
+Fix CVE-2019-12816
+
+https://github.com/znc/znc/commit/8de9e376ce531fe7f3c8b0aa4876d15b479b7311
+
+--- include/znc/Modules.h.orig 2019-03-30 14:37:00.000000000 +0000
++++ include/znc/Modules.h
+@@ -1600,6 +1600,7 @@ class CModules : public std::vector<CMod
+ private:
+ static ModHandle OpenModule(const CString& sModule, const CString& sModPath,
+ CModInfo& Info, CString& sRetMsg);
++ static bool ValidateModuleName(const CString& sModule, CString& sRetMsg);
+
+ protected:
+ CUser* m_pUser;
Index: pkgsrc/chat/znc/patches/patch-src_Modules.cpp
diff -u /dev/null pkgsrc/chat/znc/patches/patch-src_Modules.cpp:1.1
--- /dev/null Tue Jun 18 10:21:37 2019
+++ pkgsrc/chat/znc/patches/patch-src_Modules.cpp Tue Jun 18 10:21:37 2019
@@ -0,0 +1,79 @@
+$NetBSD: patch-src_Modules.cpp,v 1.1 2019/06/18 10:21:37 nia Exp $
+
+Fix CVE-2019-12816
+
+https://github.com/znc/znc/commit/8de9e376ce531fe7f3c8b0aa4876d15b479b7311
+
+--- src/Modules.cpp.orig 2019-03-30 14:37:00.000000000 +0000
++++ src/Modules.cpp
+@@ -1624,11 +1624,30 @@ CModule* CModules::FindModule(const CStr
+ return nullptr;
+ }
+
++bool CModules::ValidateModuleName(const CString& sModule, CString& sRetMsg) {
++ for (unsigned int a = 0; a < sModule.length(); a++) {
++ if (((sModule[a] < '0') || (sModule[a] > '9')) &&
++ ((sModule[a] < 'a') || (sModule[a] > 'z')) &&
++ ((sModule[a] < 'A') || (sModule[a] > 'Z')) && (sModule[a] != '_')) {
++ sRetMsg =
++ t_f("Module names can only contain letters, numbers and "
++ "underscores, [{1}] is invalid")(sModule);
++ return false;
++ }
++ }
++
++ return true;
++}
++
+ bool CModules::LoadModule(const CString& sModule, const CString& sArgs,
+ CModInfo::EModuleType eType, CUser* pUser,
+ CIRCNetwork* pNetwork, CString& sRetMsg) {
+ sRetMsg = "";
+
++ if (!ValidateModuleName(sModule, sRetMsg)) {
++ return false;
++ }
++
+ if (FindModule(sModule) != nullptr) {
+ sRetMsg = t_f("Module {1} already loaded.")(sModule);
+ return false;
+@@ -1781,6 +1800,10 @@ bool CModules::ReloadModule(const CStrin
+
+ bool CModules::GetModInfo(CModInfo& ModInfo, const CString& sModule,
+ CString& sRetMsg) {
++ if (!ValidateModuleName(sModule, sRetMsg)) {
++ return false;
++ }
++
+ CString sModPath, sTmp;
+
+ bool bSuccess;
+@@ -1799,6 +1822,10 @@ bool CModules::GetModInfo(CModInfo& ModI
+
+ bool CModules::GetModPathInfo(CModInfo& ModInfo, const CString& sModule,
+ const CString& sModPath, CString& sRetMsg) {
++ if (!ValidateModuleName(sModule, sRetMsg)) {
++ return false;
++ }
++
+ ModInfo.SetName(sModule);
+ ModInfo.SetPath(sModPath);
+
+@@ -1911,15 +1938,8 @@ ModHandle CModules::OpenModule(const CSt
+ // Some sane defaults in case anything errors out below
+ sRetMsg.clear();
+
+- for (unsigned int a = 0; a < sModule.length(); a++) {
+- if (((sModule[a] < '0') || (sModule[a] > '9')) &&
+- ((sModule[a] < 'a') || (sModule[a] > 'z')) &&
+- ((sModule[a] < 'A') || (sModule[a] > 'Z')) && (sModule[a] != '_')) {
+- sRetMsg =
+- t_f("Module names can only contain letters, numbers and "
+- "underscores, [{1}] is invalid")(sModule);
+- return nullptr;
+- }
++ if (!ValidateModuleName(sModule, sRetMsg)) {
++ return nullptr;
+ }
+
+ // The second argument to dlopen() has a long history. It seems clear
Home |
Main Index |
Thread Index |
Old Index