Bug#925587: marked as done (unblock: znc/1.7.2-2)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Wed, 27 Mar 2019 20:26:00 +0000
with message-id <14c1cd30-96b9-7403-3f14-48d8da2b67a9@thykier.net>
and subject line Re: Bug#925587: unblock: znc/1.7.2-2
has caused the Debian Bug report #925587,
regarding unblock: znc/1.7.2-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
925587: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925587
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: unblock: znc/1.7.2-2
• From: Patrick Matthäi <pmatthaei@debian.org>
• Date: Wed, 27 Mar 2019 09:15:23 +0100
• Message-id: <[🔎] 155367452316.18806.16452719478975839907.reportbug@srv1.linux-dev.org>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package znc

It fixes a security bug:


diff -Naur '--exclude=.svn' 1.7.2-1/debian/changelog 1.7.2-2/debian/changelog
--- 1.7.2-1/debian/changelog    2019-01-28 10:58:47.648083837 +0100
+++ 1.7.2-2/debian/changelog    2019-03-26 12:58:06.264919659 +0100
@@ -1,3 +1,11 @@
+znc (1.7.2-2) unstable; urgency=high
+
+  * Add upstream patch 01-CVE-2019-9917 to fix a crash on invalid encoding,
+    which fixes CVE-2019-9917.
+    Closes: #925285
+
+ -- Patrick Matthäi <pmatthaei@debian.org>  Tue, 26 Mar 2019 12:46:42 +0100
+
 znc (1.7.2-1) unstable; urgency=medium

   * New upstream release.
diff -Naur '--exclude=.svn' 1.7.2-1/debian/patches/01-CVE-2019-9917.diff 1.7.2-2/debian/patches/01-CVE-2019-9917.diff
--- 1.7.2-1/debian/patches/01-CVE-2019-9917.diff        1970-01-01 01:00:00.000000000 +0100
+++ 1.7.2-2/debian/patches/01-CVE-2019-9917.diff        2019-03-26 12:58:06.272919610 +0100
@@ -0,0 +1,108 @@
+# Don't crash if user specified invalid encoding.
+# References: CVE-2019-9917
+# Closes: #925285
+# URL: https://github.com/znc/znc/commit/64613bc8b6b4adf1e32231f9844d99cd512b8973
+
+diff -Naur znc-1.7.2.orig/modules/controlpanel.cpp znc-1.7.2/modules/controlpanel.cpp
+--- znc-1.7.2.orig/modules/controlpanel.cpp    2019-01-27 10:20:05.000000000 +0100
++++ znc-1.7.2/modules/controlpanel.cpp 2019-03-26 12:42:34.298707717 +0100
+@@ -495,7 +495,7 @@
+ #ifdef HAVE_ICU
+         else if (sVar == "clientencoding") {
+             pUser->SetClientEncoding(sValue);
+-            PutModule("ClientEncoding = " + sValue);
++            PutModule("ClientEncoding = " + pUser->GetClientEncoding());
+         }
+ #endif
+         else
+diff -Naur znc-1.7.2.orig/src/IRCNetwork.cpp znc-1.7.2/src/IRCNetwork.cpp
+--- znc-1.7.2.orig/src/IRCNetwork.cpp  2019-01-27 10:20:05.000000000 +0100
++++ znc-1.7.2/src/IRCNetwork.cpp       2019-03-26 12:42:34.302707692 +0100
+@@ -1482,9 +1482,9 @@
+ }
+
+ void CIRCNetwork::SetEncoding(const CString& s) {
+-    m_sEncoding = s;
++    m_sEncoding = CZNC::Get().FixupEncoding(s);
+     if (GetIRCSock()) {
+-        GetIRCSock()->SetEncoding(s);
++        GetIRCSock()->SetEncoding(m_sEncoding);
+     }
+ }
+
+diff -Naur znc-1.7.2.orig/src/User.cpp znc-1.7.2/src/User.cpp
+--- znc-1.7.2.orig/src/User.cpp        2019-01-27 10:20:05.000000000 +0100
++++ znc-1.7.2/src/User.cpp     2019-03-26 12:42:34.302707692 +0100
+@@ -1253,9 +1253,9 @@
+ void CUser::SetDenySetBindHost(bool b) { m_bDenySetBindHost = b; }
+ void CUser::SetDefaultChanModes(const CString& s) { m_sDefaultChanModes = s; }
+ void CUser::SetClientEncoding(const CString& s) {
+-    m_sClientEncoding = s;
++    m_sClientEncoding = CZNC::Get().FixupEncoding(s);
+     for (CClient* pClient : GetAllClients()) {
+-        pClient->SetEncoding(s);
++        pClient->SetEncoding(m_sClientEncoding);
+     }
+ }
+ void CUser::SetQuitMsg(const CString& s) { m_sQuitMsg = s; }
+diff -Naur znc-1.7.2.orig/src/znc.cpp znc-1.7.2/src/znc.cpp
+--- znc-1.7.2.orig/src/znc.cpp 2019-01-27 10:20:05.000000000 +0100
++++ znc-1.7.2/src/znc.cpp      2019-03-26 12:42:34.302707692 +0100
+@@ -2092,18 +2092,36 @@
+     m_uiForceEncoding++;
+ #ifdef HAVE_ICU
+     for (Csock* pSock : GetManager()) {
+-        if (pSock->GetEncoding().empty()) {
+-            pSock->SetEncoding("UTF-8");
+-        }
++        pSock->SetEncoding(FixupEncoding(pSock->GetEncoding()));
+     }
+ #endif
+ }
+ void CZNC::UnforceEncoding() { m_uiForceEncoding--; }
+ bool CZNC::IsForcingEncoding() const { return m_uiForceEncoding; }
+ CString CZNC::FixupEncoding(const CString& sEncoding) const {
+-    if (sEncoding.empty() && m_uiForceEncoding) {
++    if (!m_uiForceEncoding) {
++        return sEncoding;
++    }
++    if (sEncoding.empty()) {
+         return "UTF-8";
+     }
++    const char* sRealEncoding = sEncoding.c_str();
++    if (sEncoding[0] == '*' || sEncoding[0] == '^') {
++        sRealEncoding++;
++    }
++    if (!*sRealEncoding) {
++        return "UTF-8";
++    }
++#ifdef HAVE_ICU
++    UErrorCode e = U_ZERO_ERROR;
++    UConverter* cnv = ucnv_open(sRealEncoding, &e);
++    if (cnv) {
++        ucnv_close(cnv);
++    }
++    if (U_FAILURE(e)) {
++        return "UTF-8";
++    }
++#endif
+     return sEncoding;
+ }
+
+diff -Naur znc-1.7.2.orig/test/integration/tests/scripting.cpp znc-1.7.2/test/integration/tests/scripting.cpp
+--- znc-1.7.2.orig/test/integration/tests/scripting.cpp        2019-01-27 10:20:05.000000000 +0100
++++ znc-1.7.2/test/integration/tests/scripting.cpp     2019-03-26 12:42:34.302707692 +0100
+@@ -55,6 +55,13 @@
+     ircd.Write(":n!u@h PRIVMSG nick :Hi\xF0, github issue #1229");
+     // "replacement character"
+     client.ReadUntil("Hi\xEF\xBF\xBD, github issue");
++
++    // Non-existing encoding
++    client.Write("PRIVMSG *controlpanel :Set ClientEncoding $me Western");
++    client.Write("JOIN #a\342");
++    client.ReadUntil(
++        ":*controlpanel!znc@znc.in PRIVMSG nick :ClientEncoding = UTF-8");
++    ircd.ReadUntil("JOIN #a\xEF\xBF\xBD");
+ }
+
+ TEST_F(ZNCTest, ModpythonSocket) {
diff -Naur '--exclude=.svn' 1.7.2-1/debian/patches/series 1.7.2-2/debian/patches/series
--- 1.7.2-1/debian/patches/series       1970-01-01 01:00:00.000000000 +0100
+++ 1.7.2-2/debian/patches/series       2019-03-26 12:58:06.280919560 +0100
@@ -0,0 +1 @@
+01-CVE-2019-9917.diff



unblock znc/1.7.2-2

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

--- End Message ---

--- Begin Message ---

• To: Patrick Matthäi <pmatthaei@debian.org>, 925587-done@bugs.debian.org
• Subject: Re: Bug#925587: unblock: znc/1.7.2-2
• From: Niels Thykier <niels@thykier.net>
• Date: Wed, 27 Mar 2019 20:26:00 +0000
• Message-id: <14c1cd30-96b9-7403-3f14-48d8da2b67a9@thykier.net>
• In-reply-to: <[🔎] 155367452316.18806.16452719478975839907.reportbug@srv1.linux-dev.org>
• References: <[🔎] 155367452316.18806.16452719478975839907.reportbug@srv1.linux-dev.org>

Patrick Matthäi:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Please unblock package znc
> 
> It fixes a security bug:
> 
> 
> [...]
> 
> 
> 
> unblock znc/1.7.2-2
> 
> [...]

Unblocked, thanks.
~Niels

--- End Message ---