diff --git a/CVE-2019-13045-pre.patch b/CVE-2019-13045-pre.patch deleted file mode 100644 index 788f9f5..0000000 --- a/CVE-2019-13045-pre.patch +++ /dev/null @@ -1,132 +0,0 @@ -From 0a77b366d33bc5e3d7251235defa68650586af4c Mon Sep 17 00:00:00 2001 -From: ailin-nemui -Date: Thu, 4 Feb 2021 15:44:21 +0800 -Subject: [PATCH] Disconnect SASL properly in case the sasl module got unloaded - from server - -stops from getting on the network when sasl is unavailable - -fixes #629 ---- - src/fe-common/irc/fe-sasl.c | 22 ------------------- - src/irc/core/irc-servers-setup.c | 2 +- - src/irc/core/sasl.c | 36 ++++++++++++++++++++++++++++++++ - 3 files changed, 37 insertions(+), 23 deletions(-) - -diff --git a/src/fe-common/irc/fe-sasl.c b/src/fe-common/irc/fe-sasl.c -index fc8105f..ed11f04 100644 ---- a/src/fe-common/irc/fe-sasl.c -+++ b/src/fe-common/irc/fe-sasl.c -@@ -40,36 +40,14 @@ static void sig_sasl_failure(IRC_SERVER_REC *server, const char *reason) - printformat(server, NULL, MSGLEVEL_CRAP, IRCTXT_SASL_ERROR, reason); - } - --static void sig_cap_end(IRC_SERVER_REC *server) --{ -- /* The negotiation has now been terminated, if we didn't manage to -- * authenticate successfully with the server just disconnect. */ -- if (!server->sasl_success && -- server->connrec->sasl_mechanism != SASL_MECHANISM_NONE && -- settings_get_bool("sasl_disconnect_on_failure")) { -- /* We can't use server_disconnect() here because we'd end up -- * freeing the 'server' object and be guilty of a slew of UaF. */ -- server->connection_lost = TRUE; -- /* By setting connection_lost we make sure the communication is -- * halted and when the control goes back to irc_parse_incoming -- * the server object is safely destroyed. */ -- signal_stop(); -- } -- --} -- - void fe_sasl_init(void) - { -- settings_add_bool("server", "sasl_disconnect_on_failure", TRUE); -- - signal_add("server sasl success", (SIGNAL_FUNC) sig_sasl_success); - signal_add("server sasl failure", (SIGNAL_FUNC) sig_sasl_failure); -- signal_add_first("server cap end", (SIGNAL_FUNC) sig_cap_end); - } - - void fe_sasl_deinit(void) - { - signal_remove("server sasl success", (SIGNAL_FUNC) sig_sasl_success); - signal_remove("server sasl failure", (SIGNAL_FUNC) sig_sasl_failure); -- signal_remove("server cap end", (SIGNAL_FUNC) sig_cap_end); - } -diff --git a/src/irc/core/irc-servers-setup.c b/src/irc/core/irc-servers-setup.c -index e79557a..0af9390 100644 ---- a/src/irc/core/irc-servers-setup.c -+++ b/src/irc/core/irc-servers-setup.c -@@ -98,9 +98,9 @@ static void sig_server_setup_fill_chatnet(IRC_SERVER_CONNECT_REC *conn, - if (ircnet->sasl_mechanism != NULL) { - if (!g_ascii_strcasecmp(ircnet->sasl_mechanism, "plain")) { - /* The PLAIN method needs both the username and the password */ -+ conn->sasl_mechanism = SASL_MECHANISM_PLAIN; - if (ircnet->sasl_username != NULL && *ircnet->sasl_username && - ircnet->sasl_password != NULL && *ircnet->sasl_password) { -- conn->sasl_mechanism = SASL_MECHANISM_PLAIN; - conn->sasl_username = ircnet->sasl_username; - conn->sasl_password = ircnet->sasl_password; - } else -diff --git a/src/irc/core/sasl.c b/src/irc/core/sasl.c -index c5aa2ca..b7abe74 100644 ---- a/src/irc/core/sasl.c -+++ b/src/irc/core/sasl.c -@@ -301,9 +301,42 @@ static void sasl_disconnected(IRC_SERVER_REC *server) - sasl_timeout_stop(server); - } - -+static void sig_sasl_over(IRC_SERVER_REC *server) -+{ -+ if (!IS_IRC_SERVER(server)) -+ return; -+ -+ /* The negotiation has now been terminated, if we didn't manage to -+ * authenticate successfully with the server just disconnect. */ -+ if (!server->sasl_success && -+ server->connrec->sasl_mechanism != SASL_MECHANISM_NONE) { -+ if (server->cap_supported == NULL || -+ !g_hash_table_lookup_extended(server->cap_supported, "sasl", NULL, NULL)) { -+ signal_emit("server sasl failure", 2, server, "The server did not offer SASL"); -+ } -+ -+ if (settings_get_bool("sasl_disconnect_on_failure")) { -+ /* We can't use server_disconnect() here because we'd end up -+ * freeing the 'server' object and be guilty of a slew of UaF. */ -+ server->connection_lost = TRUE; -+ /* By setting connection_lost we make sure the communication is -+ * halted and when the control goes back to irc_parse_incoming -+ * the server object is safely destroyed. */ -+ signal_stop(); -+ } -+ } -+ -+} -+ - void sasl_init(void) - { -+ settings_add_bool("server", "sasl_disconnect_on_failure", TRUE); -+ -+ signal_add_first("event 001", (SIGNAL_FUNC) sig_sasl_over); -+ /* this event can get us connected on broken ircds, see irc-servers.c */ -+ signal_add_first("event 375", (SIGNAL_FUNC) sig_sasl_over); - signal_add_first("server cap ack sasl", (SIGNAL_FUNC) sasl_start); -+ signal_add_first("server cap end", (SIGNAL_FUNC) sig_sasl_over); - signal_add_first("event authenticate", (SIGNAL_FUNC) sasl_step); - signal_add_first("event 903", (SIGNAL_FUNC) sasl_success); - signal_add_first("event 902", (SIGNAL_FUNC) sasl_fail); -@@ -316,7 +349,10 @@ void sasl_init(void) - - void sasl_deinit(void) - { -+ signal_remove("event 001", (SIGNAL_FUNC) sig_sasl_over); -+ signal_remove("event 375", (SIGNAL_FUNC) sig_sasl_over); - signal_remove("server cap ack sasl", (SIGNAL_FUNC) sasl_start); -+ signal_remove("server cap end", (SIGNAL_FUNC) sig_sasl_over); - signal_remove("event authenticate", (SIGNAL_FUNC) sasl_step); - signal_remove("event 903", (SIGNAL_FUNC) sasl_success); - signal_remove("event 902", (SIGNAL_FUNC) sasl_fail); --- -2.23.0 - diff --git a/CVE-2019-13045.patch b/CVE-2019-13045.patch deleted file mode 100644 index 35ab8c0..0000000 --- a/CVE-2019-13045.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 5a67b983dc97caeb5df1139aabd0bc4f260a47d8 Mon Sep 17 00:00:00 2001 -From: ailin-nemui -Date: Mon, 17 Jun 2019 15:22:27 +0200 -Subject: [PATCH] copy sasl username and password values - ---- - src/irc/core/irc-core.c | 2 ++ - src/irc/core/irc-servers-reconnect.c | 4 ++-- - src/irc/core/irc-servers-setup.c | 4 ++-- - 3 files changed, 6 insertions(+), 4 deletions(-) - -diff --git a/src/irc/core/irc-core.c b/src/irc/core/irc-core.c -index e65abe255..b5e80f2a0 100644 ---- a/src/irc/core/irc-core.c -+++ b/src/irc/core/irc-core.c -@@ -75,6 +75,8 @@ static void destroy_server_connect(SERVER_CONNECT_REC *conn) - - g_free_not_null(ircconn->usermode); - g_free_not_null(ircconn->alternate_nick); -+ g_free_not_null(ircconn->sasl_username); -+ g_free_not_null(ircconn->sasl_password); - } - - void irc_core_init(void) -diff --git a/src/irc/core/irc-servers-reconnect.c b/src/irc/core/irc-servers-reconnect.c -index 3d2933f4e..cfe28a1a0 100644 ---- a/src/irc/core/irc-servers-reconnect.c -+++ b/src/irc/core/irc-servers-reconnect.c -@@ -49,8 +49,8 @@ static void sig_server_connect_copy(SERVER_CONNECT_REC **dest, - rec->usermode = g_strdup(src->usermode); - rec->alternate_nick = g_strdup(src->alternate_nick); - rec->sasl_mechanism = src->sasl_mechanism; -- rec->sasl_username = src->sasl_username; -- rec->sasl_password = src->sasl_password; -+ rec->sasl_username = g_strdup(src->sasl_username); -+ rec->sasl_password = g_strdup(src->sasl_password); - *dest = (SERVER_CONNECT_REC *) rec; - } - -diff --git a/src/irc/core/irc-servers-setup.c b/src/irc/core/irc-servers-setup.c -index 56e52edd0..5f1290a2f 100644 ---- a/src/irc/core/irc-servers-setup.c -+++ b/src/irc/core/irc-servers-setup.c -@@ -101,8 +101,8 @@ static void sig_server_setup_fill_chatnet(IRC_SERVER_CONNECT_REC *conn, - conn->sasl_mechanism = SASL_MECHANISM_PLAIN; - if (ircnet->sasl_username != NULL && *ircnet->sasl_username && - ircnet->sasl_password != NULL && *ircnet->sasl_password) { -- conn->sasl_username = ircnet->sasl_username; -- conn->sasl_password = ircnet->sasl_password; -+ conn->sasl_username = g_strdup(ircnet->sasl_username); -+ conn->sasl_password = g_strdup(ircnet->sasl_password); - } else - g_warning("The fields sasl_username and sasl_password are either missing or empty"); - } diff --git a/Execute-setlocale-before-printing.patch b/Execute-setlocale-before-printing.patch deleted file mode 100644 index 8e320af..0000000 --- a/Execute-setlocale-before-printing.patch +++ /dev/null @@ -1,84 +0,0 @@ -From c32047a4b4583e745b663a03ca89587a59c2059f Mon Sep 17 00:00:00 2001 -From: lingsheng -Date: Wed, 22 Sep 2021 14:36:39 +0800 -Subject: [PATCH] Execute setlocale before printing - ---- - src/fe-none/irssi.c | 13 +++++++++++++ - src/fe-text/irssi.c | 22 +++++++++++----------- - 2 files changed, 24 insertions(+), 11 deletions(-) - -diff --git a/src/fe-none/irssi.c b/src/fe-none/irssi.c -index 6c60162..3c5e4df 100644 ---- a/src/fe-none/irssi.c -+++ b/src/fe-none/irssi.c -@@ -25,6 +25,8 @@ - #include "signals.h" - #include "core.h" - -+#include -+ - #ifdef HAVE_STATIC_PERL - void perl_core_init(void); - void perl_core_deinit(void); -@@ -86,6 +88,17 @@ int main(int argc, char **argv) - { NULL } - }; - -+ /* setlocale() must be called at the beginning before any calls that -+ affect it, especially regexps seem to break if they're generated -+ before this call. -+ -+ locales aren't actually used for anything else than autodetection -+ of UTF-8 currently.. -+ -+ furthermore to get the users's charset with g_get_charset() properly -+ you have to call setlocale(LC_ALL, "") */ -+ setlocale(LC_ALL, ""); -+ - autoload_module = NULL; - core_register_options(); - args_register(options); -diff --git a/src/fe-text/irssi.c b/src/fe-text/irssi.c -index 0288e4f..58ce661 100644 ---- a/src/fe-text/irssi.c -+++ b/src/fe-text/irssi.c -@@ -271,6 +271,17 @@ int main(int argc, char **argv) - }; - int loglev; - -+ /* setlocale() must be called at the beginning before any calls that -+ affect it, especially regexps seem to break if they're generated -+ before this call. -+ -+ locales aren't actually used for anything else than autodetection -+ of UTF-8 currently.. -+ -+ furthermore to get the users's charset with g_get_charset() properly -+ you have to call setlocale(LC_ALL, "") */ -+ setlocale(LC_ALL, ""); -+ - core_register_options(); - fe_common_core_register_options(); - args_register(options); -@@ -293,17 +304,6 @@ int main(int argc, char **argv) - SOCKSinit(argv[0]); - #endif - -- /* setlocale() must be called at the beginning before any calls that -- affect it, especially regexps seem to break if they're generated -- before this call. -- -- locales aren't actually used for anything else than autodetection -- of UTF-8 currently.. -- -- furthermore to get the users's charset with g_get_charset() properly -- you have to call setlocale(LC_ALL, "") */ -- setlocale(LC_ALL, ""); -- - loglev = g_log_set_always_fatal(G_LOG_FATAL_MASK | G_LOG_LEVEL_CRITICAL); - textui_init(); - --- -2.23.0 - diff --git a/irssi-1.1.2.tar.xz b/irssi-1.1.2.tar.xz deleted file mode 100644 index 9968348..0000000 Binary files a/irssi-1.1.2.tar.xz and /dev/null differ diff --git a/irssi-1.4.1-botti-perl-link-fix.patch b/irssi-1.4.1-botti-perl-link-fix.patch new file mode 100644 index 0000000..7a7efdc --- /dev/null +++ b/irssi-1.4.1-botti-perl-link-fix.patch @@ -0,0 +1,43 @@ +diff --git a/configure.ac b/configure.ac +index f03569e..53a9de6 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -650,6 +650,7 @@ for c in $CHAT_MODULES; do + done + + FE_COMMON_LIBS="$FE_COMMON_LIBS../fe-common/core/libfe_common_core.a" ++AC_SUBST(FE_COMMON_LIBS) + + dnl ** common libraries needed by frontends + COMMON_NOUI_LIBS="$CHAT_LIBS $CORE_LIBS" +diff --git a/src/fe-none/Makefile.am b/src/fe-none/Makefile.am +index bbcd63f..e8ce8d6 100644 +--- a/src/fe-none/Makefile.am ++++ b/src/fe-none/Makefile.am +@@ -4,12 +4,13 @@ AM_CPPFLAGS = \ + -I$(top_builddir) \ + $(GLIB_CFLAGS) + +-botti_DEPENDENCIES = @COMMON_NOUI_LIBS@ ++botti_DEPENDENCIES = @COMMON_NOUI_LIBS@ @FE_COMMON_LIBS@ + + botti_LDADD = \ + @COMMON_NOUI_LIBS@ \ + @PERL_LINK_LIBS@ \ + @PERL_LINK_FLAGS@ \ ++ @FE_COMMON_LIBS@ \ + @PROG_LIBS@ + + botti_SOURCES = \ +diff --git a/src/fe-none/meson.build b/src/fe-none/meson.build +index 58df15f..8e32b94 100644 +--- a/src/fe-none/meson.build ++++ b/src/fe-none/meson.build +@@ -11,6 +11,7 @@ executable('botti', + libconfig_a, + libcore_a, + libirc_a, ++ libfe_common_core_a, + ], + install : true, + dependencies : dep diff --git a/irssi-1.4.4.tar.xz b/irssi-1.4.4.tar.xz new file mode 100644 index 0000000..f537040 Binary files /dev/null and b/irssi-1.4.4.tar.xz differ diff --git a/irssi-config.h b/irssi-config.h index da8f82a..b393e7a 100644 --- a/irssi-config.h +++ b/irssi-config.h @@ -1,7 +1,9 @@ -#ifndef IRSSI_CONFIG_H -#define IRSSI_CONFIG_H - #include -#include "irssi-config-64.h" +#if __WORDSIZE == 32 +#include "irssi-config-32.h" +#elif __WORDSIZE == 64 +#include "irssi-config-64.h" +#else +#error "Unknown word size" #endif diff --git a/irssi.spec b/irssi.spec index 152b9ec..0bb3c60 100644 --- a/irssi.spec +++ b/irssi.spec @@ -1,16 +1,14 @@ %define perl_vendorarch %(eval "`perl -V:installvendorarch`"; echo $installvendorarch) Name: irssi -Version: 1.1.2 -Release: 4 +Version: 1.4.4 +Release: 1 Summary: A modular char client. License: GPLv2+ URL: http://irssi.org/ Source0: https://github.com/irssi/irssi/releases/download/%{version}/irssi-%{version}.tar.xz Source1: irssi-config.h -Patch0000: CVE-2019-13045-pre.patch -Patch0001: CVE-2019-13045.patch -Patch0002: Execute-setlocale-before-printing.patch +Patch0: irssi-1.4.1-botti-perl-link-fix.patch BuildRequires: ncurses-devel openssl-devel zlib-devel autoconf automake libtool BuildRequires: pkgconfig glib2-devel perl-devel perl-generators perl(ExtUtils::Embed) @@ -61,8 +59,12 @@ chmod -R u+w $RPM_BUILD_ROOT%{perl_vendorarch} %files devel %{_includedir}/irssi/ +%{_libdir}/pkgconfig/irssi-1.pc %changelog +* Wed Apr 12 2023 yaoxin - 1.4.4-1 +- Update to 1.4.4 + * Wed Sep 22 2021 lingsheng - 1.1.2-4 - Execute setlocale before printing