Bug#870659: pu: package irssi/1.0.2-1+deb9u2

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Cc: 870659@bugs.debian.org
Subject: Bug#870659: pu: package irssi/1.0.2-1+deb9u2
From: Rhonda D'Vine <rhonda@debian.org>
Date: Thu, 3 Aug 2017 23:35:46 +0200
Message-id: <[🔎] 20170803213546.GA16677@anguilla.debian.or.at>
Reply-to: Rhonda D'Vine <rhonda@debian.org>, 870659@bugs.debian.org
In-reply-to: <[🔎] 1501796058.29960.74.camel@adam-barratt.org.uk>
References: <[🔎] 20170803201300.GA31846@anguilla.debian.or.at> <[🔎] 1501796058.29960.74.camel@adam-barratt.org.uk>

* Adam D. Barratt <adam@adam-barratt.org.uk> [2017-08-03 23:34:18 CEST]:
> Control: tags -1 + stretch moreinfo
> 
> On Thu, 2017-08-03 at 22:13 +0200, Rhonda D'Vine wrote:
> >  for fixing #867598 in stable I prepared a 1.0.2-1+deb9u2 update for
> > irssi.  Please find the debdiff attached.
> 
> Apparently not. :)

 Darn.  I really need more caffein, but people won't bring it to me in
the Garden. :)

 Find it attached this time, for sure.
Rhonda
-- 
Fühlst du dich mutlos, fass endlich Mut, los      |
Fühlst du dich hilflos, geh raus und hilf, los    | Wir sind Helden
Fühlst du dich machtlos, geh raus und mach, los   | 23.55: Alles auf Anfang
Fühlst du dich haltlos, such Halt und lass los    |

diff -Nru irssi-1.0.2/debian/changelog irssi-1.0.2/debian/changelog
--- irssi-1.0.2/debian/changelog	2017-06-17 09:21:44.000000000 -0400
+++ irssi-1.0.2/debian/changelog	2017-08-03 15:59:51.000000000 -0400
@@ -1,3 +1,11 @@
+irssi (1.0.2-1+deb9u2) stretch; urgency=high
+
+  * Security related update pulling upstream 5e26325317 (closes: 867598):
+    - Fix null pointer dereference (CVE-2017-10965)
+    - Fix use-after-free condition for nicklist (CVE-2017-10966)
+
+ -- Rhonda D'Vine <rhonda@debian.org>  Thu, 03 Aug 2017 15:59:51 -0400
+
 irssi (1.0.2-1+deb9u1) stretch-security; urgency=high
 
   * Non-maintainer upload by the Security Team.
diff -Nru irssi-1.0.2/debian/patches/28Fix-use-after-free-and-null-pointer-dereference.patch irssi-1.0.2/debian/patches/28Fix-use-after-free-and-null-pointer-dereference.patch
--- irssi-1.0.2/debian/patches/28Fix-use-after-free-and-null-pointer-dereference.patch	1969-12-31 19:00:00.000000000 -0500
+++ irssi-1.0.2/debian/patches/28Fix-use-after-free-and-null-pointer-dereference.patch	2017-08-03 15:59:51.000000000 -0400
@@ -0,0 +1,72 @@
+From 29ebac987da1da2c892aed5ed329256b7bc94bca Mon Sep 17 00:00:00 2001
+From: Nei <ailin.nemui@gmail.com>
+Date: Thu, 29 Jun 2017 13:48:44 +0000
+Subject: [PATCH 1/2] Check return value of localtime
+
+Fixes #10
+---
+ src/core/misc.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/core/misc.c b/src/core/misc.c
+index ce49925b1..0b2d8e776 100644
+--- a/src/core/misc.c
++++ b/src/core/misc.c
+@@ -560,6 +560,9 @@ char *my_asctime(time_t t)
+         int len;
+ 
+ 	tm = localtime(&t);
++	if (tm == NULL)
++	    return g_strdup("???");
++
+ 	str = g_strdup(asctime(tm));
+ 
+ 	len = strlen(str);
+
+From 73b851c39c11d01199e6c040749fb20e468f6c8d Mon Sep 17 00:00:00 2001
+From: ailin-nemui <ailin-nemui@users.noreply.github.com>
+Date: Tue, 4 Jul 2017 16:10:55 +0200
+Subject: [PATCH 2/2] correct GHashTable usage
+
+---
+ src/core/nicklist.c | 17 ++++++++++-------
+ 1 file changed, 10 insertions(+), 7 deletions(-)
+
+diff --git a/src/core/nicklist.c b/src/core/nicklist.c
+index 54dfb5fb2..0bc88ab8d 100644
+--- a/src/core/nicklist.c
++++ b/src/core/nicklist.c
+@@ -54,23 +54,26 @@ static void nick_hash_add(CHANNEL_REC *channel, NICK_REC *nick)
+ 
+ static void nick_hash_remove(CHANNEL_REC *channel, NICK_REC *nick)
+ {
+-	NICK_REC *list;
++	NICK_REC *list, *newlist;
+ 
+ 	list = g_hash_table_lookup(channel->nicks, nick->nick);
+ 	if (list == NULL)
+ 		return;
+ 
+-	if (list == nick || list->next == NULL) {
+-		g_hash_table_remove(channel->nicks, nick->nick);
+-		if (list->next != NULL) {
+-			g_hash_table_insert(channel->nicks, nick->next->nick,
+-					    nick->next);
+-		}
++	if (list == nick) {
++		newlist = nick->next;
+ 	} else {
++		newlist = list;
+ 		while (list->next != nick)
+ 			list = list->next;
+ 		list->next = nick->next;
+ 	}
++
++	g_hash_table_remove(channel->nicks, nick->nick);
++	if (newlist != NULL) {
++		g_hash_table_insert(channel->nicks, newlist->nick,
++				    newlist);
++	}
+ }
+ 
+ /* Add new nick to list */
diff -Nru irssi-1.0.2/debian/patches/series irssi-1.0.2/debian/patches/series
--- irssi-1.0.2/debian/patches/series	2017-06-17 09:21:44.000000000 -0400
+++ irssi-1.0.2/debian/patches/series	2017-08-03 15:59:51.000000000 -0400
@@ -10,3 +10,4 @@
 25tls-ssl-compat-defines
 26Fix-dcc_request-where-addr-is-NULL.patch
 27Fix-oob-read-of-one-byte-in-get_file_params_count-_r.patch
+28Fix-use-after-free-and-null-pointer-dereference.patch

Reply to:

Follow-Ups:
- Bug#870659: pu: package irssi/1.0.2-1+deb9u2
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

References:
- Bug#870659: pu: package irssi/1.0.2-1+deb9u2
  - From: Rhonda D'Vine <rhonda@debian.org>
- Bug#870659: pu: package irssi/1.0.2-1+deb9u2
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Processed: Re: Bug#870659: pu: package irssi/1.0.2-1+deb9u2
Next by Date: Bug#835812: marked as done (jessie-pu: package ccache/3.1.12-2)
Previous by thread: Bug#870659: pu: package irssi/1.0.2-1+deb9u2
Next by thread: Bug#870659: pu: package irssi/1.0.2-1+deb9u2
Index(es):
- Date
- Thread