Revbump for security bug 400599, fixing CVE-2012-0806. Depend on yacc and flex, bug 397405. Remove unneeded vulnerable version.

Package-Manager: portage-2.2.0_alpha84/cvs/Linux x86_64

6 files changed, 163 insertions, 94 deletions

diff --git a/net-irc/bip/ChangeLog b/net-irc/bip/ChangeLog
index da1bf508a249..bcaa611a4d38 100644
--- a/net-irc/bip/ChangeLog
+++ b/net-irc/bip/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for net-irc/bip
-# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-irc/bip/ChangeLog,v 1.22 2011/10/25 16:42:55 phajdan.jr Exp $
+# Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/net-irc/bip/ChangeLog,v 1.23 2012/01/27 17:07:03 a3li Exp $
+
+*bip-0.8.8-r1 (27 Jan 2012)
+
+  27 Jan 2012; Alex Legler <a3li@gentoo.org> -bip-0.8.5-r1.ebuild,
+  +bip-0.8.8-r1.ebuild, -files/bip-CVE-2010-3071.patch,
+  +files/bip-CVE-2012-0806.patch, -files/bip-configure.patch:
+  Revbump for security bug 400599, fixing CVE-2012-0806. Depend on yacc and
+  flex, bug 397405. Remove unneeded vulnerable version.
 
   25 Oct 2011; Pawel Hajdan jr <phajdan.jr@gentoo.org> bip-0.8.8.ebuild:
   x86 stable wrt bug #388285
diff --git a/net-irc/bip/Manifest b/net-irc/bip/Manifest
index a87296bd7db0..de016748cf88 100644
--- a/net-irc/bip/Manifest
+++ b/net-irc/bip/Manifest
@@ -1,21 +1,29 @@
 -----BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA512
+Hash: SHA256
 
 AUX bip-0.8.8-configure.patch 1465 RMD160 792099c49f351aab2970630d273bb89b08d7358a SHA1 56339f86de394bf8f36d0e5181d30d599ca4c494 SHA256 286e169745e6cd768f0cb95bbc9589ca2bda497eb06461174549b80a459d901c
-AUX bip-CVE-2010-3071.patch 1388 RMD160 4c9a853437c91503b90ad83663f17b58fa058fcf SHA1 8f4333ce21dd9b6491f529c2eb0d15c09076065d SHA256 587b889a16e13fd93dfeb6f66e10bcecb843071ebbbef1dc6b727e2c202f41e9
-AUX bip-configure.patch 813 RMD160 d09c941021ab093f37bb4fc7bc9b2ab65361cf13 SHA1 5d2212cba40696d739ae3efdb0337f2d91eb54f6 SHA256 e713c197fedc1abf6424528b51ffb5afe6acb69dd8f1d93bb7b2770ab4306d99
+AUX bip-CVE-2012-0806.patch 3367 RMD160 7e01e9bbb813d55ef6bf9fc38838e3bf282e56a1 SHA1 b6d923df0e05bf2d4fda31b05fe1196f75a479d6 SHA256 e47523095ee1d717c762ca0195520026c6ea2c30d8adcf434d276d42f052d506
 AUX bip-freenode.patch 671 RMD160 8a418013b4443e3ea916399346d216984bcb17b1 SHA1 bce7080721511c50f361b2cb4f4a2d39b32b5a23 SHA256 a67e582f89cc6a32d5bb48c7e8ceb647b889808c2c8798ae3eb27d88869b892f
 AUX bip.vim 157 RMD160 b6b18f156f31ea515e271e7cec714d994c056a41 SHA1 7d0b4e3ddaf6dc5dae04ba1c853075f3ad3232fc SHA256 7c97eaef6d3b51d0e2f9572c919e25a5fc2f480a95469194b012fc507da55fc5
-DIST bip-0.8.5.tar.gz 219985 RMD160 2e0d610f5b8883bd7f453524676ebe95a1a9ea4c SHA1 c8dc9cde94d0ff6b12d6ad2c5c316a58a70f98a5 SHA256 06adbfde12ee7c93b55793d340f6eec60f70dfddbf091ba6664f0b2af593be12
 DIST bip-0.8.8.tar.gz 220232 RMD160 8b6bee0d1d9805de20dfc6a4f096e6ffc890ec3c SHA1 4ec683fd8a71d298e85980b624a334fbae63aed9 SHA256 7ca3fb96f5ee6b76eb398d7ea45344ea24855344ced11632241a33353bba05d7
-EBUILD bip-0.8.5-r1.ebuild 1780 RMD160 4a91c4344a4fb528a67e8ede78335c607bb063b3 SHA1 d3b12cff5b7acb1a3a78538110e6c2098686cf1a SHA256 721057bc8fed2be862ddae610af804aa5f19e3ad164173389ef30aca97b791fe
+EBUILD bip-0.8.8-r1.ebuild 1813 RMD160 57cbf48b3c7f59398a6f131257f5cd0c2e51ac41 SHA1 eeb792f190301965eae55e9cc708ef1bda5e4af2 SHA256 cacfcfe2612bc2705ec7258c56c84d74f860a757077133ff46850f7d2b8b2680
 EBUILD bip-0.8.8.ebuild 1727 RMD160 96c2b12f39c46e3a9d747170cbfcc3cf5ddd642a SHA1 2e113e745466140447fc3be55a65db9675dca0f5 SHA256 79b8994047a51ec0d8de7f7c2afdad5be3a2b5f664222372a1787ca669d06018
-MISC ChangeLog 3655 RMD160 5ead696257a41ce48505a388d74b2df9a2ad55f8 SHA1 2c1d267e9d20ab0c7ba1f3c8b316ba6af98bcafd SHA256 3a2313ff04c8a22fcd83e67d753d633f4347da1538e893c9f336e557f27ec828
+MISC ChangeLog 3996 RMD160 c0be990e51eab5379e208bde4c3d3ddadd637447 SHA1 fcc69caa8963c1197c557b754adbbdc8f266b696 SHA256 b7b0f58f493699d49453215af814a8b8703d9cee88d9de3f66485b13a90ea61a
 MISC metadata.xml 1080 RMD160 38cc7c35f37f0917b4651b462e92d8d2d0af8b2b SHA1 a461fe7140fbc6dab380dda7e0e083a7c384ab6a SHA256 346de76eb67f8c3be2d088a7492386e1c0ac14937da4209943b7414554764a3e
 -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.17 (GNU/Linux)
+Version: GnuPG v2.0.18 (GNU/Linux)
 
-iEYEAREKAAYFAk6m5xAACgkQuUQtlDBCeQL/jACfZDTkedFA8OTxB471BfXoJ6V1
-EUoAnRlpBCkJc0VF/6Aj9ZcnnRhFloxO
-=g4Dy
+iQIcBAEBCAAGBQJPItm+AAoJEIce3keOdAI4S5gP/i7YJl6Q48wYOMByTrqAqRV3
+bT2ArymoinX9bD6utFmR+i2q0AWLKv291JKDrEIAWSA3unYEH/ddiu7mWzn83s1k
+EJdza7GMgabujlRqJc+/7folXYmWBgk+4vZIEBJiEHcak5ejV/QhMoVHC30kqnSq
+L2Bf5Hz5d7V57PeulLNdMD3+SS976L4QpjCx6j+scMWwivIC9ifN8ala4Z8aeYpw
+u3C3l55tkzITyFGyzj4M3kb0qvbUtxSaEpauLhg6HqUNK4UMDrgWKsou1TpFHuHV
+aQ82vDhSiGSw82Y9TFaTBDnPoCXTl2YmSPic/4Zligj8+xrOq0n85kitmtkiWERI
+938QSRRfk6p73eac1F4EX1wFGb6aLyXJfwXJTRGWLBdqp4Vm3UOe78/Wh79YlWIa
+mwjuXoBTI8n+0/5+cGIyAlOna3bt5BAHe89JUKrsZPBT/eIOHt6EjdyB/W5Mu6aW
+4G+wsA/GRuxETmZTQnfkaFxUYIyyDLTokrvdxzMXPgYKnPWHc+Oc52US7lhWpnzk
+WEB8v0G8s19eUC/GEee7rUeBDyi5D2VDYMT2sCNrQbx4crY/Slie6iSvkc5wlNak
+2g+mkG+L4El6k6nA4QeGXy+ZBAXMC1a32tJUiPscnO89Imzh+CIMaWx9Ga6Q70Nc
+0SlUfIViA2tRNxtKAy4Z
+=F57V
 -----END PGP SIGNATURE-----
diff --git a/net-irc/bip/bip-0.8.5-r1.ebuild b/net-irc/bip/bip-0.8.8-r1.ebuild
index 4f25f242e57e..7b5d863431f0 100644
--- a/net-irc/bip/bip-0.8.5-r1.ebuild
+++ b/net-irc/bip/bip-0.8.8-r1.ebuild
@@ -1,28 +1,31 @@
-# Copyright 1999-2010 Gentoo Foundation
+# Copyright 1999-2012 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-irc/bip/bip-0.8.5-r1.ebuild,v 1.3 2010/09/10 10:49:48 hwoarang Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-irc/bip/bip-0.8.8-r1.ebuild,v 1.1 2012/01/27 17:07:03 a3li Exp $
 
 EAPI="2"
 inherit eutils autotools
 
-DESCRIPTION="Multiuser IRC proxy with ssl support"
-HOMEPAGE="http://bip.t1r.net/"
-SRC_URI="http://bip.t1r.net/downloads/${P}.tar.gz"
+DESCRIPTION="Multiuser IRC proxy with SSL support"
+HOMEPAGE="http://bip.milkypond.org/"
+SRC_URI="ftp://ftp.duckcorp.org/bip/${P}.tar.gz"
 
 LICENSE="GPL-2"
 SLOT="0"
-KEYWORDS="amd64 x86"
+KEYWORDS="~amd64 ~x86"
 IUSE="debug freenode noctcp ssl vim-syntax oidentd"
 
-DEPEND="ssl? ( dev-libs/openssl )"
+DEPEND="sys-devel/flex
+	virtual/yacc
+	ssl? ( dev-libs/openssl )"
+
 RDEPEND="${DEPEND}
-	vim-syntax? ( || ( app-editors/vim
-	app-editors/gvim ) )
+	vim-syntax? (
+		|| ( app-editors/vim app-editors/gvim ) )
 	oidentd? ( >=net-misc/oidentd-2.0 )"
 
 src_prepare() {
-	epatch "${FILESDIR}/${PN}-configure.patch" || die
-	epatch "${FILESDIR}/${PN}-CVE-2010-3071.patch" || die
+	epatch "${FILESDIR}/${P}-configure.patch" || die
+	epatch "${FILESDIR}/${PN}-CVE-2012-0806.patch" || die
 
 	eautoreconf
 
diff --git a/net-irc/bip/files/bip-CVE-2010-3071.patch b/net-irc/bip/files/bip-CVE-2010-3071.patch
deleted file mode 100644
index be862aa62748..000000000000
--- a/net-irc/bip/files/bip-CVE-2010-3071.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From ad771372ac3f2f649a9f3f300c2d51a4701ad9ea Mon Sep 17 00:00:00 2001
-From: Alex Legler <a3li@gentoo.org>
-Date: Thu, 9 Sep 2010 16:37:43 +0200
-Subject: [PATCH] Check LINK(lc) before using it to avoid a null-pointer dereference (CVE-2010-3071)
-
----
- src/irc.c |    6 +++---
- 1 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/src/irc.c b/src/irc.c
-index fa98e09..c5f65a2 100644
---- a/src/irc.c
-+++ b/src/irc.c
-@@ -2449,7 +2449,7 @@ void bip_on_event(bip_t *bip, connection_t *conn)
- 	if (err) {
- 		if (TYPE(lc) == IRC_TYPE_SERVER) {
- 			mylog(LOG_ERROR, "[%s] read_lines error, closing...",
--					LINK(lc)->name);
-+					LINK(lc) ? LINK(lc)->name : "?");
- 			irc_server_shutdown(LINK(lc)->l_server);
- 		} else {
- 			mylog(LOG_ERROR, "client read_lines error, closing...");
-@@ -2471,7 +2471,7 @@ void bip_on_event(bip_t *bip, connection_t *conn)
- 		line = irc_line_new_from_string(line_s);
- 		if (!line) {
- 			mylog(LOG_ERROR, "[%s] Error in protocol, closing...",
--					LINK(lc)->name);
-+					LINK(lc) ? LINK(lc)->name : "?");
- 			free(line_s);
- 			goto prot_err_lines;
- 		}
-@@ -2481,7 +2481,7 @@ void bip_on_event(bip_t *bip, connection_t *conn)
- 		free(line_s);
- 		if (r == ERR_PROTOCOL) {
- 			mylog(LOG_ERROR, "[%s] Error in protocol, closing...",
--					LINK(lc)->name);
-+					LINK(lc) ? LINK(lc)->name : "?");
- 			goto prot_err_lines;
- 		}
- 		if (r == ERR_AUTH)
--- 
-1.7.2
-
diff --git a/net-irc/bip/files/bip-CVE-2012-0806.patch b/net-irc/bip/files/bip-CVE-2012-0806.patch
new file mode 100644
index 000000000000..6ea26aead2bb
--- /dev/null
+++ b/net-irc/bip/files/bip-CVE-2012-0806.patch
@@ -0,0 +1,121 @@
+commit 222a33cb84a2e52ad55a88900b7895bf9dd0262c
+Author: Pierre-Louis Bonicoli <pierre-louis.bonicoli@gmx.fr>
+Date:   Sat Jan 7 11:41:02 2012 +0100
+
+    Buffer Overflow: check against the implicit size of select() arrays
+    
+    Reported by Julien Tinnes (Fix #269)
+    exit is called when the listening socket can not be created
+
+diff --git a/src/bip.c b/src/bip.c
+index d46ee2b..b4ac706 100644
+--- a/src/bip.c
++++ b/src/bip.c
+@@ -1311,7 +1311,7 @@ int main(int argc, char **argv)
+ 	close(fd);
+ 
+ 	bip.listener = listen_new(conf_ip, conf_port, conf_css);
+-	if (!bip.listener)
++	if (!bip.listener || bip.listener->connected == CONN_ERROR)
+ 		fatal("Could not create listening socket");
+ 
+ 	for (;;) {
+diff --git a/src/connection.c b/src/connection.c
+index 07ab431..5c4c24a 100644
+--- a/src/connection.c
++++ b/src/connection.c
+@@ -124,6 +124,18 @@ static void connect_trynext(connection_t *cn)
+ 			continue;
+ 		}
+ 
++		if (cn->handle >= FD_SETSIZE) {
++			mylog(LOG_WARN, "too many fd used, close socket %d",
++					cn->handle);
++
++			if (close(cn->handle) == -1)
++				mylog(LOG_WARN, "Error on socket close: %s",
++						strerror(errno));
++
++			cn->handle = -1;
++			break;
++		}
++
+ 		socket_set_nonblock(cn->handle);
+ 
+ 		if (cn->connecting_data->src) {
+@@ -789,13 +801,8 @@ list_t *wait_event(list_t *cn_list, int *msec, int *nc)
+ 		/*
+ 		 * This shouldn't happen ! just in case...
+ 		 */
+-		if (cn->handle < 0) {
+-			mylog(LOG_WARN, "wait_event invalid socket %d",
+-					cn->handle);
+-			if (cn_is_connected(cn))
+-				cn->connected = CONN_ERROR;
+-			continue;
+-		}
++		if (cn->handle < 0 || cn->handle >= FD_SETSIZE)
++			fatal("wait_event invalid socket %d", cn->handle);
+ 
+ 		/* exceptions are OOB and disconnections */
+ 		FD_SET(cn->handle, &fds_except);
+@@ -966,6 +973,18 @@ static void create_listening_socket(char *hostname, char *port,
+ 			continue;
+ 		}
+ 
++		if (cn->handle >= FD_SETSIZE) {
++			mylog(LOG_WARN, "too many fd used, close listening socket %d",
++					cn->handle);
++
++			if (close(cn->handle) == -1)
++				mylog(LOG_WARN, "Error on socket close: %s",
++						strerror(errno));
++
++			cn->handle = -1;
++			break;
++		}
++
+ 		if (setsockopt(cn->handle, SOL_SOCKET, SO_REUSEADDR,
+ 					(char *)&multi_client,
+ 					sizeof(multi_client)) < 0) {
+@@ -1113,10 +1132,21 @@ connection_t *accept_new(connection_t *cn)
+ 
+ 	mylog(LOG_DEBUG, "Trying to accept new client on %d", cn->handle);
+ 	err = accept(cn->handle, &sa, &sa_len);
++
+ 	if (err < 0) {
+-		mylog(LOG_ERROR, "accept failed: %s", strerror(errno));
++		fatal("accept failed: %s", strerror(errno));
++	}
++
++	if (err >= FD_SETSIZE) {
++		mylog(LOG_WARN, "too many client connected, close %d", err);
++
++		if (close(err) == -1)
++			mylog(LOG_WARN, "Error on socket close: %s",
++					strerror(errno));
++
+ 		return NULL;
+ 	}
++
+ 	socket_set_nonblock(err);
+ 
+ 	conn = connection_init(cn->anti_flood, cn->ssl, cn->timeout, 0);
+diff --git a/src/irc.c b/src/irc.c
+index ebc1b34..147a315 100644
+--- a/src/irc.c
++++ b/src/irc.c
+@@ -2439,9 +2439,10 @@ void bip_on_event(bip_t *bip, connection_t *conn)
+ 
+ 	if (conn == bip->listener) {
+ 		struct link_client *n = irc_accept_new(conn);
+-		assert(n);
+-		list_add_last(&bip->conn_list, CONN(n));
+-		list_add_last(&bip->connecting_client_list, n);
++		if (n) {
++			list_add_last(&bip->conn_list, CONN(n));
++			list_add_last(&bip->connecting_client_list, n);
++		}
+ 		return;
+ 	}
+ 
diff --git a/net-irc/bip/files/bip-configure.patch b/net-irc/bip/files/bip-configure.patch
deleted file mode 100644
index 028c7f0610b4..000000000000
--- a/net-irc/bip/files/bip-configure.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-Respecting user CFLAGS, removing unneded LDFLAGS.
-The -O0 stuff shouldn't be there as it disables fortifying.
-
-Upstream: to be submitted (2010-08-07)
-
-diff --git a/configure.ac b/configure.ac
-index f61a9ed..6720150 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -44,16 +44,14 @@ AC_ARG_ENABLE([pie], AS_HELP_STRING([--disable-pie], [Do not build a position in
- 
- AM_CONDITIONAL(DEBUG, test x$enable_debug = xyes)
- AS_IF([test "x$enable_debug" = "xyes"], [
--	CFLAGS="-O0 -g -W -Wall"
--	LDFLAGS="-g"
-+	CFLAGS="${CFLAGS} -g -W -Wall"
- 	AC_CHECK_FUNC(backtrace_symbols_fd, [
- 		AC_DEFINE(HAVE_BACKTRACE, [], [Use glibc backtrace on fatal()])
- 		LDFLAGS="-rdynamic $LDFLAGS"
- 		backtrace="(with backtrace)"
- 	])
- ], [
--	CFLAGS="-O2 -g -W -Wall"
--	LDFLAGS="-g"
-+	CFLAGS="${CFLAGS} -g -W -Wall"
- 	enable_debug=no
- ])
-