Revbump for security bug 400599, fixing CVE-2012-0806. Depend on yacc and flex, bug 397405. Remove unneeded vulnerable version.

(Portage version: 2.2.0_alpha84/cvs/Linux x86_64)
author: Alex Legler <a3li@gentoo.org> 2012-01-27 17:07:03 +0000
committer: Alex Legler <a3li@gentoo.org> 2012-01-27 17:07:03 +0000
commit: 49637c1d7b7c60e648d95dfcad328b452a8243a5 (patch)
tree: 785f87a3adc747c6c13e367d4d67309d63675d88 /net-irc
parent: Stable for amd64, wrt bug #400527 (diff)
download: gentoo-2-49637c1d7b7c60e648d95dfcad328b452a8243a5.tar.gz
gentoo-2-49637c1d7b7c60e648d95dfcad328b452a8243a5.tar.bz2
gentoo-2-49637c1d7b7c60e648d95dfcad328b452a8243a5.zip
5 files changed, 145 insertions, 84 deletions
diff --git a/net-irc/bip/ChangeLog b/net-irc/bip/ChangeLog
index da1bf508a249..bcaa611a4d38 100644
--- a/net-irc/bip/ChangeLog
+++ b/net-irc/bip/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for net-irc/bip
-# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-irc/bip/ChangeLog,v 1.22 2011/10/25 16:42:55 phajdan.jr Exp $
+# Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/net-irc/bip/ChangeLog,v 1.23 2012/01/27 17:07:03 a3li Exp $
+
+*bip-0.8.8-r1 (27 Jan 2012)
+
+  27 Jan 2012; Alex Legler <a3li@gentoo.org> -bip-0.8.5-r1.ebuild,
+  +bip-0.8.8-r1.ebuild, -files/bip-CVE-2010-3071.patch,
+  +files/bip-CVE-2012-0806.patch, -files/bip-configure.patch:
+  Revbump for security bug 400599, fixing CVE-2012-0806. Depend on yacc and
+  flex, bug 397405. Remove unneeded vulnerable version.
 
   25 Oct 2011; Pawel Hajdan jr <phajdan.jr@gentoo.org> bip-0.8.8.ebuild:
   x86 stable wrt bug #388285
diff --git a/net-irc/bip/bip-0.8.5-r1.ebuild b/net-irc/bip/bip-0.8.8-r1.ebuild
index 4f25f242e57e..7b5d863431f0 100644
--- a/net-irc/bip/bip-0.8.5-r1.ebuild
+++ b/net-irc/bip/bip-0.8.8-r1.ebuild
@@ -1,28 +1,31 @@
-# Copyright 1999-2010 Gentoo Foundation
+# Copyright 1999-2012 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-irc/bip/bip-0.8.5-r1.ebuild,v 1.3 2010/09/10 10:49:48 hwoarang Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-irc/bip/bip-0.8.8-r1.ebuild,v 1.1 2012/01/27 17:07:03 a3li Exp $
 
 EAPI="2"
 inherit eutils autotools
 
-DESCRIPTION="Multiuser IRC proxy with ssl support"
-HOMEPAGE="http://bip.t1r.net/"
-SRC_URI="http://bip.t1r.net/downloads/${P}.tar.gz"
+DESCRIPTION="Multiuser IRC proxy with SSL support"
+HOMEPAGE="http://bip.milkypond.org/"
+SRC_URI="ftp://ftp.duckcorp.org/bip/${P}.tar.gz"
 
 LICENSE="GPL-2"
 SLOT="0"
-KEYWORDS="amd64 x86"
+KEYWORDS="~amd64 ~x86"
 IUSE="debug freenode noctcp ssl vim-syntax oidentd"
 
-DEPEND="ssl? ( dev-libs/openssl )"
+DEPEND="sys-devel/flex
+	virtual/yacc
+	ssl? ( dev-libs/openssl )"
+
 RDEPEND="${DEPEND}
-	vim-syntax? ( || ( app-editors/vim
-	app-editors/gvim ) )
+	vim-syntax? (
+		|| ( app-editors/vim app-editors/gvim ) )
 	oidentd? ( >=net-misc/oidentd-2.0 )"
 
 src_prepare() {
-	epatch "${FILESDIR}/${PN}-configure.patch" || die
-	epatch "${FILESDIR}/${PN}-CVE-2010-3071.patch" || die
+	epatch "${FILESDIR}/${P}-configure.patch" || die
+	epatch "${FILESDIR}/${PN}-CVE-2012-0806.patch" || die
 
 	eautoreconf
 
diff --git a/net-irc/bip/files/bip-CVE-2010-3071.patch b/net-irc/bip/files/bip-CVE-2010-3071.patch
deleted file mode 100644
index be862aa62748..000000000000
--- a/net-irc/bip/files/bip-CVE-2010-3071.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From ad771372ac3f2f649a9f3f300c2d51a4701ad9ea Mon Sep 17 00:00:00 2001
-From: Alex Legler <a3li@gentoo.org>
-Date: Thu, 9 Sep 2010 16:37:43 +0200
-Subject: [PATCH] Check LINK(lc) before using it to avoid a null-pointer dereference (CVE-2010-3071)
-
----
- src/irc.c |    6 +++---
- 1 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/src/irc.c b/src/irc.c
-index fa98e09..c5f65a2 100644
---- a/src/irc.c
-+++ b/src/irc.c
-@@ -2449,7 +2449,7 @@ void bip_on_event(bip_t *bip, connection_t *conn)
- 	if (err) {
- 		if (TYPE(lc) == IRC_TYPE_SERVER) {
- 			mylog(LOG_ERROR, "[%s] read_lines error, closing...",
--					LINK(lc)->name);
-+					LINK(lc) ? LINK(lc)->name : "?");
- 			irc_server_shutdown(LINK(lc)->l_server);
- 		} else {
- 			mylog(LOG_ERROR, "client read_lines error, closing...");
-@@ -2471,7 +2471,7 @@ void bip_on_event(bip_t *bip, connection_t *conn)
- 		line = irc_line_new_from_string(line_s);
- 		if (!line) {
- 			mylog(LOG_ERROR, "[%s] Error in protocol, closing...",
--					LINK(lc)->name);
-+					LINK(lc) ? LINK(lc)->name : "?");
- 			free(line_s);
- 			goto prot_err_lines;
- 		}
-@@ -2481,7 +2481,7 @@ void bip_on_event(bip_t *bip, connection_t *conn)
- 		free(line_s);
- 		if (r == ERR_PROTOCOL) {
- 			mylog(LOG_ERROR, "[%s] Error in protocol, closing...",
--					LINK(lc)->name);
-+					LINK(lc) ? LINK(lc)->name : "?");
- 			goto prot_err_lines;
- 		}
- 		if (r == ERR_AUTH)
--- 
-1.7.2
-
diff --git a/net-irc/bip/files/bip-CVE-2012-0806.patch b/net-irc/bip/files/bip-CVE-2012-0806.patch
new file mode 100644
index 000000000000..6ea26aead2bb
--- /dev/null
+++ b/net-irc/bip/files/bip-CVE-2012-0806.patch
@@ -0,0 +1,121 @@
+commit 222a33cb84a2e52ad55a88900b7895bf9dd0262c
+Author: Pierre-Louis Bonicoli <pierre-louis.bonicoli@gmx.fr>
+Date:   Sat Jan 7 11:41:02 2012 +0100
+
+    Buffer Overflow: check against the implicit size of select() arrays
+    
+    Reported by Julien Tinnes (Fix #269)
+    exit is called when the listening socket can not be created
+
+diff --git a/src/bip.c b/src/bip.c
+index d46ee2b..b4ac706 100644
+--- a/src/bip.c
++++ b/src/bip.c
+@@ -1311,7 +1311,7 @@ int main(int argc, char **argv)
+ 	close(fd);
+ 
+ 	bip.listener = listen_new(conf_ip, conf_port, conf_css);
+-	if (!bip.listener)
++	if (!bip.listener || bip.listener->connected == CONN_ERROR)
+ 		fatal("Could not create listening socket");
+ 
+ 	for (;;) {
+diff --git a/src/connection.c b/src/connection.c
+index 07ab431..5c4c24a 100644
+--- a/src/connection.c
++++ b/src/connection.c
+@@ -124,6 +124,18 @@ static void connect_trynext(connection_t *cn)
+ 			continue;
+ 		}
+ 
++		if (cn->handle >= FD_SETSIZE) {
++			mylog(LOG_WARN, "too many fd used, close socket %d",
++					cn->handle);
++
++			if (close(cn->handle) == -1)
++				mylog(LOG_WARN, "Error on socket close: %s",
++						strerror(errno));
++
++			cn->handle = -1;
++			break;
++		}
++
+ 		socket_set_nonblock(cn->handle);
+ 
+ 		if (cn->connecting_data->src) {
+@@ -789,13 +801,8 @@ list_t *wait_event(list_t *cn_list, int *msec, int *nc)
+ 		/*
+ 		 * This shouldn't happen ! just in case...
+ 		 */
+-		if (cn->handle < 0) {
+-			mylog(LOG_WARN, "wait_event invalid socket %d",
+-					cn->handle);
+-			if (cn_is_connected(cn))
+-				cn->connected = CONN_ERROR;
+-			continue;
+-		}
++		if (cn->handle < 0 || cn->handle >= FD_SETSIZE)
++			fatal("wait_event invalid socket %d", cn->handle);
+ 
+ 		/* exceptions are OOB and disconnections */
+ 		FD_SET(cn->handle, &fds_except);
+@@ -966,6 +973,18 @@ static void create_listening_socket(char *hostname, char *port,
+ 			continue;
+ 		}
+ 
++		if (cn->handle >= FD_SETSIZE) {
++			mylog(LOG_WARN, "too many fd used, close listening socket %d",
++					cn->handle);
++
++			if (close(cn->handle) == -1)
++				mylog(LOG_WARN, "Error on socket close: %s",
++						strerror(errno));
++
++			cn->handle = -1;
++			break;
++		}
++
+ 		if (setsockopt(cn->handle, SOL_SOCKET, SO_REUSEADDR,
+ 					(char *)&multi_client,
+ 					sizeof(multi_client)) < 0) {
+@@ -1113,10 +1132,21 @@ connection_t *accept_new(connection_t *cn)
+ 
+ 	mylog(LOG_DEBUG, "Trying to accept new client on %d", cn->handle);
+ 	err = accept(cn->handle, &sa, &sa_len);
++
+ 	if (err < 0) {
+-		mylog(LOG_ERROR, "accept failed: %s", strerror(errno));
++		fatal("accept failed: %s", strerror(errno));
++	}
++
++	if (err >= FD_SETSIZE) {
++		mylog(LOG_WARN, "too many client connected, close %d", err);
++
++		if (close(err) == -1)
++			mylog(LOG_WARN, "Error on socket close: %s",
++					strerror(errno));
++
+ 		return NULL;
+ 	}
++
+ 	socket_set_nonblock(err);
+ 
+ 	conn = connection_init(cn->anti_flood, cn->ssl, cn->timeout, 0);
+diff --git a/src/irc.c b/src/irc.c
+index ebc1b34..147a315 100644
+--- a/src/irc.c
++++ b/src/irc.c
+@@ -2439,9 +2439,10 @@ void bip_on_event(bip_t *bip, connection_t *conn)
+ 
+ 	if (conn == bip->listener) {
+ 		struct link_client *n = irc_accept_new(conn);
+-		assert(n);
+-		list_add_last(&bip->conn_list, CONN(n));
+-		list_add_last(&bip->connecting_client_list, n);
++		if (n) {
++			list_add_last(&bip->conn_list, CONN(n));
++			list_add_last(&bip->connecting_client_list, n);
++		}
+ 		return;
+ 	}
+ 
diff --git a/net-irc/bip/files/bip-configure.patch b/net-irc/bip/files/bip-configure.patch
deleted file mode 100644
index 028c7f0610b4..000000000000
--- a/net-irc/bip/files/bip-configure.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-Respecting user CFLAGS, removing unneded LDFLAGS.
-The -O0 stuff shouldn't be there as it disables fortifying.
-
-Upstream: to be submitted (2010-08-07)
-
-diff --git a/configure.ac b/configure.ac
-index f61a9ed..6720150 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -44,16 +44,14 @@ AC_ARG_ENABLE([pie], AS_HELP_STRING([--disable-pie], [Do not build a position in
- 
- AM_CONDITIONAL(DEBUG, test x$enable_debug = xyes)
- AS_IF([test "x$enable_debug" = "xyes"], [
--	CFLAGS="-O0 -g -W -Wall"
--	LDFLAGS="-g"
-+	CFLAGS="${CFLAGS} -g -W -Wall"
- 	AC_CHECK_FUNC(backtrace_symbols_fd, [
- 		AC_DEFINE(HAVE_BACKTRACE, [], [Use glibc backtrace on fatal()])
- 		LDFLAGS="-rdynamic $LDFLAGS"
- 		backtrace="(with backtrace)"
- 	])
- ], [
--	CFLAGS="-O2 -g -W -Wall"
--	LDFLAGS="-g"
-+	CFLAGS="${CFLAGS} -g -W -Wall"
- 	enable_debug=no
- ])
-
author	Alex Legler <a3li@gentoo.org>	2012-01-27 17:07:03 +0000
committer	Alex Legler <a3li@gentoo.org>	2012-01-27 17:07:03 +0000
commit	49637c1d7b7c60e648d95dfcad328b452a8243a5 (patch)
tree	785f87a3adc747c6c13e367d4d67309d63675d88 /net-irc
parent	Stable for amd64, wrt bug #400527 (diff)
download	gentoo-2-49637c1d7b7c60e648d95dfcad328b452a8243a5.tar.gz gentoo-2-49637c1d7b7c60e648d95dfcad328b452a8243a5.tar.bz2 gentoo-2-49637c1d7b7c60e648d95dfcad328b452a8243a5.zip