Hello community, here is the log from the commit of package atheme for openSUSE:Factory checked in at 2016-05-05 08:13:09 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/atheme (Old) and /work/SRC/openSUSE:Factory/.atheme.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "atheme" Changes: -------- --- /work/SRC/openSUSE:Factory/atheme/atheme.changes 2015-04-05 02:04:19.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.atheme.new/atheme.changes 2016-05-05 08:13:11.000000000 +0200 @@ -1,0 +2,13 @@ +Tue May 3 10:43:10 UTC 2016 - jengelh@inai.de + +- Update to new upstream release 7.2.6 +* avoid potential NULL dereference in language code +* Add NOPASSWORD criterion to nickserv/list helpfile +* new nickserv/list criterion VACATION +- Add 0001-Do-not-copy-more-bytes-than-were-allocated.patch + [CVE-2016-4478] +- Add 0001-chanserv-flags-make-Anope-FLAGS-compatibility-an-opt.patch + [CVE-2014-9773, boo#978170] +- Add atheme-serno.diff, a build fix + +------------------------------------------------------------------- Old: ---- atheme-services-7.2.5.tar.bz2 New: ---- 0001-Do-not-copy-more-bytes-than-were-allocated.patch 0001-chanserv-flags-make-Anope-FLAGS-compatibility-an-opt.patch atheme-7.2.6.tar.gz atheme-serno.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ atheme.spec ++++++ --- /var/tmp/diff_new_pack.wJANVr/_old 2016-05-05 08:13:12.000000000 +0200 +++ /var/tmp/diff_new_pack.wJANVr/_new 2016-05-05 08:13:12.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package atheme # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ Name: atheme %define lname libathemecore1 -Version: 7.2.5 +Version: 7.2.6 Release: 0 Url: http://atheme.net/ Summary: A portable, secure set of open source, modular IRC services @@ -26,10 +26,13 @@ Group: Productivity/Networking/IRC #Git-Clone: git://github.com/atheme/atheme -Source: http://atheme.net/downloads/atheme-services-%version.tar.bz2 +Source: https://github.com/atheme/atheme/archive/%name-%version.tar.gz Source9: example.conf Patch1: atheme-lockmodes.diff -Patch3: atheme-nodate.diff +Patch2: atheme-nodate.diff +Patch3: atheme-serno.diff +Patch4: 0001-Do-not-copy-more-bytes-than-were-allocated.patch +Patch5: 0001-chanserv-flags-make-Anope-FLAGS-compatibility-an-opt.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: cracklib-devel BuildRequires: fdupes @@ -74,16 +77,17 @@ in %lname. %prep -%setup -qn %name-services-%version -%patch -P 1 -P 3 -p1 -# use system libmowgli; ignore contrib modules +%setup -qn %name-%name-%version +%patch -P 1 -P 2 -P 3 -P 4 -P 5 -p1 +# nudge atheme in the direction of using the system-provided libmowgli rm -Rf libmowgli-2 +# ignore contrib modules mkdir -p libmowgli-2 modules/contrib touch libmowgli-2/Makefile modules/contrib/Makefile %build %if 0%{?suse_version} >= 1210 -export RUNDIR="/run"; +export RUNDIR="/run" %endif %configure \ --sysconfdir="%_sysconfdir/%name" \ @@ -92,17 +96,16 @@ --enable-fhs-paths \ --enable-warnings \ --enable-large-net \ - --with-pcre \ - --enable-contrib + --with-pcre make %{?_smp_mflags} %install %if 0%{?suse_version} >= 1210 -export RUNDIR="/run"; +export RUNDIR="/run" %endif b="%buildroot"; -%make_install DOCDIR="%_docdir/%name"; +%make_install DOCDIR="%_docdir/%name" # additional documentation mkdir -p "$b/%_docdir/%name" @@ -131,11 +134,11 @@ %pre /usr/bin/getent group atheme >/dev/null 2>/dev/null || \ - /usr/sbin/groupadd -r atheme >/dev/null || :; + /usr/sbin/groupadd -r atheme >/dev/null || : /usr/bin/getent passwd atheme >/dev/null 2>/dev/null || \ /usr/sbin/useradd -r -g atheme -s /bin/false \ -c "Atheme IRC Services daemon" -d "%atheme_home" \ - atheme >/dev/null || :; + atheme >/dev/null || : %service_add_pre atheme.service %post ++++++ 0001-Do-not-copy-more-bytes-than-were-allocated.patch ++++++

From 87580d767868360d2fed503980129504da84b63e Mon Sep 17 00:00:00 2001 From: Hans-Christian Esperer <hc@hcesperer.org> Date: Sat, 9 Jan 2016 19:58:58 +0100 Subject: [PATCH] Do not copy more bytes than were allocated

--- modules/transport/xmlrpc/xmlrpclib.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/transport/xmlrpc/xmlrpclib.c b/modules/transport/xmlrpc/xmlrpclib.c index b67d215..5fcde9e 100644 --- a/modules/transport/xmlrpc/xmlrpclib.c +++ b/modules/transport/xmlrpc/xmlrpclib.c @@ -777,8 +777,9 @@ void xmlrpc_char_encode(char *outbuffer, const char *s1) s->append_char(s, c); } } + s->append_char(s, 0); - memcpy(outbuffer, s->str, XMLRPC_BUFSIZE); + strncpy(outbuffer, s->str, XMLRPC_BUFSIZE); } static void xmlrpc_append_char_encode(mowgli_string_t *s, const char *s1) -- 2.6.6 ++++++ 0001-chanserv-flags-make-Anope-FLAGS-compatibility-an-opt.patch ++++++

From c597156adc60a45b5f827793cd420945f47bc03b Mon Sep 17 00:00:00 2001 From: Max Teufel <max@teufelsnetz.com> Date: Sun, 6 Mar 2016 10:27:40 +0100 Subject: [PATCH] chanserv/flags: make Anope FLAGS compatibility an option

Previously, ChanServ FLAGS behavior could be modified by registering or dropping the keyword nicks "LIST", "CLEAR", and "MODIFY". Now, a configuration option is available that when turned on (default), disables registration of these keyword nicks and enables this compatibility feature. When turned off, registration of these keyword nicks is possible, and compatibility to Anope's FLAGS command is disabled. Fixes atheme/atheme#397 --- modules/chanserv/flags.c | 37 ++++++++++++++++++++++++++++++++++--- 1 file changed, 34 insertions(+), 3 deletions(-) diff --git a/modules/chanserv/flags.c b/modules/chanserv/flags.c index 289345d..72d8fcf 100644 --- a/modules/chanserv/flags.c +++ b/modules/chanserv/flags.c @@ -17,18 +17,35 @@ DECLARE_MODULE_V1 ); static void cs_cmd_flags(sourceinfo_t *si, int parc, char *parv[]); +static void check_registration_keywords(hook_user_register_check_t *hdata); command_t cs_flags = { "FLAGS", N_("Manipulates specific permissions on a channel."), AC_NONE, 3, cs_cmd_flags, { .path = "cservice/flags" } }; +static bool anope_flags_compat = true; + void _modinit(module_t *m) { service_named_bind_command("chanserv", &cs_flags); + + add_bool_conf_item("ANOPE_FLAGS_COMPAT", &chansvs.me->conf_table, 0, &anope_flags_compat, true); + + hook_add_event("nick_can_register"); + hook_add_nick_can_register(check_registration_keywords); + + hook_add_event("user_can_register"); + hook_add_user_can_register(check_registration_keywords); } void _moddeinit(module_unload_intent_t intent) { service_named_unbind_command("chanserv", &cs_flags); + + hook_del_nick_can_register(check_registration_keywords); + + hook_del_user_can_register(check_registration_keywords); + + del_conf_item("ANOPE_FLAGS_COMPAT", &chansvs.me->conf_table); } typedef struct { @@ -150,6 +167,20 @@ static void do_list(sourceinfo_t *si, mychan_t *mc, unsigned int flags) logcommand(si, CMDLOG_GET, "FLAGS: \2%s\2", mc->name); } +static void check_registration_keywords(hook_user_register_check_t *hdata) +{ + if (hdata->approved || !anope_flags_compat) + { + return; + } + + if (!strcasecmp(hdata->account, "LIST") || !strcasecmp(hdata->account, "CLEAR") || !strcasecmp(hdata->account, "MODIFY")) + { + command_fail(hdata->si, fault_badparams, "The nick \2%s\2 is reserved and cannot be registered.", hdata->account); + hdata->approved = 1; + } +} + /* FLAGS <channel> [user] [flags] */ static void cs_cmd_flags(sourceinfo_t *si, int parc, char *parv[]) { @@ -218,14 +249,14 @@ static void cs_cmd_flags(sourceinfo_t *si, int parc, char *parv[]) * * --nenolod */ - else if (!strcasecmp(target, "LIST") && myentity_find_ext(target) == NULL) + else if (anope_flags_compat && !strcasecmp(target, "LIST") && myentity_find_ext(target) == NULL) { do_list(si, mc, 0); free(target); return; } - else if (!strcasecmp(target, "CLEAR") && myentity_find_ext(target) == NULL) + else if (anope_flags_compat && !strcasecmp(target, "CLEAR") && myentity_find_ext(target) == NULL) { free(target); @@ -251,7 +282,7 @@ static void cs_cmd_flags(sourceinfo_t *si, int parc, char *parv[]) command_success_nodata(si, _("Cleared flags in \2%s\2."), mc->name); return; } - else if (!strcasecmp(target, "MODIFY") && myentity_find_ext(target) == NULL) + else if (anope_flags_compat && !strcasecmp(target, "MODIFY") && myentity_find_ext(target) == NULL) { free(target); -- 2.6.6 ++++++ atheme-serno.diff ++++++ From: Jan Engelhardt <jengelh@inai.de> Date: 2016-05-04 11:21:18.899894344 +0200 References: https://github.com/atheme/atheme/issues/488 Avoid build failure because of serno.h non-existence. --- include/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: atheme-atheme-7.2.6/include/Makefile =================================================================== --- atheme-atheme-7.2.6.orig/include/Makefile +++ atheme-atheme-7.2.6/include/Makefile @@ -68,6 +68,6 @@ hooktypes.h: hooktypes.in mkhooktypes.sh serno.h: $(info Generate: $@) @revh=`git log -1 --pretty=oneline | cut -d' ' -f1 2>/dev/null` || :; \ - [ -z "$$revh" ] || echo "#define SERNO \"$$revh\"" >serno.h + echo "#define SERNO \"$$revh\"" >serno.h include ../buildsys.mk