Bug#925587: unblock: znc/1.7.2-2
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package znc
It fixes a security bug:
diff -Naur '--exclude=.svn' 1.7.2-1/debian/changelog 1.7.2-2/debian/changelog
--- 1.7.2-1/debian/changelog 2019-01-28 10:58:47.648083837 +0100
+++ 1.7.2-2/debian/changelog 2019-03-26 12:58:06.264919659 +0100
@@ -1,3 +1,11 @@
+znc (1.7.2-2) unstable; urgency=high
+
+ * Add upstream patch 01-CVE-2019-9917 to fix a crash on invalid encoding,
+ which fixes CVE-2019-9917.
+ Closes: #925285
+
+ -- Patrick Matthäi <pmatthaei@debian.org> Tue, 26 Mar 2019 12:46:42 +0100
+
znc (1.7.2-1) unstable; urgency=medium
* New upstream release.
diff -Naur '--exclude=.svn' 1.7.2-1/debian/patches/01-CVE-2019-9917.diff 1.7.2-2/debian/patches/01-CVE-2019-9917.diff
--- 1.7.2-1/debian/patches/01-CVE-2019-9917.diff 1970-01-01 01:00:00.000000000 +0100
+++ 1.7.2-2/debian/patches/01-CVE-2019-9917.diff 2019-03-26 12:58:06.272919610 +0100
@@ -0,0 +1,108 @@
+# Don't crash if user specified invalid encoding.
+# References: CVE-2019-9917
+# Closes: #925285
+# URL: https://github.com/znc/znc/commit/64613bc8b6b4adf1e32231f9844d99cd512b8973
+
+diff -Naur znc-1.7.2.orig/modules/controlpanel.cpp znc-1.7.2/modules/controlpanel.cpp
+--- znc-1.7.2.orig/modules/controlpanel.cpp 2019-01-27 10:20:05.000000000 +0100
++++ znc-1.7.2/modules/controlpanel.cpp 2019-03-26 12:42:34.298707717 +0100
+@@ -495,7 +495,7 @@
+ #ifdef HAVE_ICU
+ else if (sVar == "clientencoding") {
+ pUser->SetClientEncoding(sValue);
+- PutModule("ClientEncoding = " + sValue);
++ PutModule("ClientEncoding = " + pUser->GetClientEncoding());
+ }
+ #endif
+ else
+diff -Naur znc-1.7.2.orig/src/IRCNetwork.cpp znc-1.7.2/src/IRCNetwork.cpp
+--- znc-1.7.2.orig/src/IRCNetwork.cpp 2019-01-27 10:20:05.000000000 +0100
++++ znc-1.7.2/src/IRCNetwork.cpp 2019-03-26 12:42:34.302707692 +0100
+@@ -1482,9 +1482,9 @@
+ }
+
+ void CIRCNetwork::SetEncoding(const CString& s) {
+- m_sEncoding = s;
++ m_sEncoding = CZNC::Get().FixupEncoding(s);
+ if (GetIRCSock()) {
+- GetIRCSock()->SetEncoding(s);
++ GetIRCSock()->SetEncoding(m_sEncoding);
+ }
+ }
+
+diff -Naur znc-1.7.2.orig/src/User.cpp znc-1.7.2/src/User.cpp
+--- znc-1.7.2.orig/src/User.cpp 2019-01-27 10:20:05.000000000 +0100
++++ znc-1.7.2/src/User.cpp 2019-03-26 12:42:34.302707692 +0100
+@@ -1253,9 +1253,9 @@
+ void CUser::SetDenySetBindHost(bool b) { m_bDenySetBindHost = b; }
+ void CUser::SetDefaultChanModes(const CString& s) { m_sDefaultChanModes = s; }
+ void CUser::SetClientEncoding(const CString& s) {
+- m_sClientEncoding = s;
++ m_sClientEncoding = CZNC::Get().FixupEncoding(s);
+ for (CClient* pClient : GetAllClients()) {
+- pClient->SetEncoding(s);
++ pClient->SetEncoding(m_sClientEncoding);
+ }
+ }
+ void CUser::SetQuitMsg(const CString& s) { m_sQuitMsg = s; }
+diff -Naur znc-1.7.2.orig/src/znc.cpp znc-1.7.2/src/znc.cpp
+--- znc-1.7.2.orig/src/znc.cpp 2019-01-27 10:20:05.000000000 +0100
++++ znc-1.7.2/src/znc.cpp 2019-03-26 12:42:34.302707692 +0100
+@@ -2092,18 +2092,36 @@
+ m_uiForceEncoding++;
+ #ifdef HAVE_ICU
+ for (Csock* pSock : GetManager()) {
+- if (pSock->GetEncoding().empty()) {
+- pSock->SetEncoding("UTF-8");
+- }
++ pSock->SetEncoding(FixupEncoding(pSock->GetEncoding()));
+ }
+ #endif
+ }
+ void CZNC::UnforceEncoding() { m_uiForceEncoding--; }
+ bool CZNC::IsForcingEncoding() const { return m_uiForceEncoding; }
+ CString CZNC::FixupEncoding(const CString& sEncoding) const {
+- if (sEncoding.empty() && m_uiForceEncoding) {
++ if (!m_uiForceEncoding) {
++ return sEncoding;
++ }
++ if (sEncoding.empty()) {
+ return "UTF-8";
+ }
++ const char* sRealEncoding = sEncoding.c_str();
++ if (sEncoding[0] == '*' || sEncoding[0] == '^') {
++ sRealEncoding++;
++ }
++ if (!*sRealEncoding) {
++ return "UTF-8";
++ }
++#ifdef HAVE_ICU
++ UErrorCode e = U_ZERO_ERROR;
++ UConverter* cnv = ucnv_open(sRealEncoding, &e);
++ if (cnv) {
++ ucnv_close(cnv);
++ }
++ if (U_FAILURE(e)) {
++ return "UTF-8";
++ }
++#endif
+ return sEncoding;
+ }
+
+diff -Naur znc-1.7.2.orig/test/integration/tests/scripting.cpp znc-1.7.2/test/integration/tests/scripting.cpp
+--- znc-1.7.2.orig/test/integration/tests/scripting.cpp 2019-01-27 10:20:05.000000000 +0100
++++ znc-1.7.2/test/integration/tests/scripting.cpp 2019-03-26 12:42:34.302707692 +0100
+@@ -55,6 +55,13 @@
+ ircd.Write(":n!u@h PRIVMSG nick :Hi\xF0, github issue #1229");
+ // "replacement character"
+ client.ReadUntil("Hi\xEF\xBF\xBD, github issue");
++
++ // Non-existing encoding
++ client.Write("PRIVMSG *controlpanel :Set ClientEncoding $me Western");
++ client.Write("JOIN #a\342");
++ client.ReadUntil(
++ ":*controlpanel!znc@znc.in PRIVMSG nick :ClientEncoding = UTF-8");
++ ircd.ReadUntil("JOIN #a\xEF\xBF\xBD");
+ }
+
+ TEST_F(ZNCTest, ModpythonSocket) {
diff -Naur '--exclude=.svn' 1.7.2-1/debian/patches/series 1.7.2-2/debian/patches/series
--- 1.7.2-1/debian/patches/series 1970-01-01 01:00:00.000000000 +0100
+++ 1.7.2-2/debian/patches/series 2019-03-26 12:58:06.280919560 +0100
@@ -0,0 +1 @@
+01-CVE-2019-9917.diff
unblock znc/1.7.2-2
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Reply to: