diff --git a/srcpkgs/bitchx/patches/bitchx-1.2.1-security.patch b/srcpkgs/bitchx/patches/bitchx-1.2.1-security.patch new file mode 100644 index 00000000000..4964db9c847 --- /dev/null +++ b/srcpkgs/bitchx/patches/bitchx-1.2.1-security.patch @@ -0,0 +1,76 @@ +diff --git include/dcc.h include/dcc.h +index 9cc1e7c..3e4f12d 100644 +--- include/dcc.h ++++ include/dcc.h +@@ -97,6 +97,7 @@ + #define DCC_OFFER 0x00040000 + #define DCC_DELETE 0x00080000 + #define DCC_TWOCLIENTS 0x00100000 ++#define DCC_RESUME_REQ 0x00200000 + + #ifdef NON_BLOCKING_CONNECTS + #define DCC_CNCT_PEND 0x00200000 +diff --git source/dcc.c source/dcc.c +index d0706f8..b158189 100644 +--- source/dcc.c ++++ source/dcc.c +@@ -1415,6 +1415,7 @@ UserList *ul = NULL; + if (autoresume && stat(fullname, &sb) != -1) { + n->transfer_orders.byteoffset = sb.st_size; + n->bytes_read = 0L; ++ new_d->sock.flags |= DCC_RESUME_REQ; + send_ctcp(CTCP_PRIVMSG, nick, CTCP_DCC, "RESUME %s %d %ld", n->filename, ntohs(n->remport), sb.st_size); + } else { + DCC_int *new = NULL; +@@ -3430,6 +3431,7 @@ void dcc_getfile_resume_start (char *nick, char *description, char *address, cha + { + SocketList *s; + DCC_int *n; ++const DCC_List *pending; + char *tmp = NULL; + char *fullname = NULL; + struct stat sb; +@@ -3442,6 +3444,14 @@ struct stat sb; + put_it("%s", convert_output_format("$G %RDCC%n warning in dcc_getfile_resume_start", NULL)); + return; + } ++ ++ pending = find_dcc_pending(nick, description, NULL, DCC_FILEREAD, 0, -1); ++ if (!pending || !(pending->sock.flags & DCC_RESUME_REQ)) ++ { ++ put_it("%s", convert_output_format("$G %RDCC%n Ignoring unsolicited ACCEPT from $0", "%s", nick)); ++ return; ++ } ++ + if (!(n = dcc_create(nick, description, NULL, 0, port?atol(port):0, DCC_FILEREAD, DCC_TWOCLIENTS|DCC_OFFER, start_dcc_get))) + return; + +@@ -3488,17 +3498,13 @@ int blocksize = 0; + user = get_dcc_args(&args, &passwd, &port, &blocksize); + if (!user) + { +- put_it("%s", convert_output_format("$G %RDCC%n You must supply a nickname for DCC get", NULL, NULL)); ++ put_it("%s", convert_output_format("$G %RDCC%n You must supply a nickname for DCC RESUME", NULL)); + return; + } ++ + if (!blocksize || blocksize > MAX_DCC_BLOCK_SIZE) + blocksize = get_int_var(DCC_BLOCK_SIZE_VAR); + +- if (!user) +- { +- put_it("%s", convert_output_format("$G %RDCC%n You must supply a nickname for DCC RESUME", NULL)); +- return; +- } + if (args && *args) + filename = args; + +@@ -3557,6 +3563,8 @@ int blocksize = 0; + n->blocksize = blocksize; + n->transfer_orders.byteoffset = sb.st_size; + ++ s->flags |= DCC_RESUME_REQ; ++ + old_dp = doing_privmsg; old_dn = doing_notice; old_dc = in_ctcp_flag; + /* Just in case we have to fool the protocol enforcement. */ + doing_privmsg = doing_notice = in_ctcp_flag = 0; diff --git a/srcpkgs/bitchx/template b/srcpkgs/bitchx/template index 9631aaf0c05..4dc64d2176e 100644 --- a/srcpkgs/bitchx/template +++ b/srcpkgs/bitchx/template @@ -1,7 +1,7 @@ # Template file for 'bitchx' pkgname=bitchx version=1.2.1 -revision=6 +revision=7 build_style=gnu-configure configure_args="--with-ssl --with-ipv6 --with-plugins" makedepends="libressl-devel ncurses-devel"