aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--network/rhapsody/README2
-rw-r--r--network/rhapsody/rhapsody.SlackBuild32
-rw-r--r--network/rhapsody/rhapsody.info2
-rw-r--r--network/rhapsody/securityfix.diff54
4 files changed, 79 insertions, 11 deletions
diff --git a/network/rhapsody/README b/network/rhapsody/README
index a3e174d53978..fde0ab3badae 100644
--- a/network/rhapsody/README
+++ b/network/rhapsody/README
@@ -1,3 +1,5 @@
+rhapsody (text console IRC client for Unix operating systems)
+
Rhapsody is small, fast, portable and easy to use, yet it is full
featured. The thing that separates it from the crowd is its intuitive
menu driven user interface.
diff --git a/network/rhapsody/rhapsody.SlackBuild b/network/rhapsody/rhapsody.SlackBuild
index 747f40319261..6d85a502b6f4 100644
--- a/network/rhapsody/rhapsody.SlackBuild
+++ b/network/rhapsody/rhapsody.SlackBuild
@@ -6,11 +6,23 @@
# Licensed under the WTFPL. See http://www.wtfpl.net/txt/copying/ for details.
+# 20210923 bkw: fix build on -current, mitigate buffer overflow.
+
+# TODO: see if there's anything to these:
+# https://www.cvedetails.com/cve/CVE-2007-1502/
+# https://www.cvedetails.com/cve/CVE-2007-1503/
+# ...these appear to be the same CVE. Huh.
+# It looks autogenerated, and there's no POC. Pretty much all the
+# buffer overflows would depend on the user typing >1024 characters.
+# The patch below prevents that, at least. There are a bunch of
+# format string warnings from gcc that deserve looking at, but I
+# don't have the time right now.
+
cd $(dirname $0) ; CWD=$(pwd)
PRGNAM=rhapsody
VERSION=${VERSION:-0.28b}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
TAG=${TAG:-_SBo}
PKGTYPE=${PKGTYPE:-tgz}
@@ -22,9 +34,6 @@ if [ -z "$ARCH" ]; then
esac
fi
-# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
-# the name of the created package would be, and then exit. This information
-# could be useful to other scripts.
if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
echo "$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.$PKGTYPE"
exit 0
@@ -58,14 +67,17 @@ rm -rf $PRGNAM-$VERSION
tar xvf $CWD/${PRGNAM}_$VERSION.tgz
cd $PRGNAM-$VERSION
chown -R root:root .
-find -L . \
- \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \
- -o -perm 511 \) -exec chmod 755 {} \; -o \
- \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
- -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \;
+find -L . -perm /111 -a \! -perm 755 -a -exec chmod 755 {} \+ -o \
+ \! -perm /111 -a \! -perm 644 -a -exec chmod 644 {} \+
+
+# This patch does:
+# - prevent input buffer overflow if user types/pastes > 1023 chars
+# into the input window.
+# - ignore incoming DCC files, if their names contain a /
+patch -p1 < $CWD/securityfix.diff
./configure -i /usr/bin -d /usr/doc/$PRGNAM-$VERSION
-make LOCALFLAGS="$SLKCFLAGS"
+make LOCALFLAGS="$SLKCFLAGS -fcommon"
strip $PRGNAM
make install \
INSTALLPATH=$PKG/usr/bin \
diff --git a/network/rhapsody/rhapsody.info b/network/rhapsody/rhapsody.info
index 5decd05926f8..b401f337cb21 100644
--- a/network/rhapsody/rhapsody.info
+++ b/network/rhapsody/rhapsody.info
@@ -1,7 +1,7 @@
PRGNAM="rhapsody"
VERSION="0.28b"
HOMEPAGE="http://rhapsody.sourceforge.net/"
-DOWNLOAD="http://downloads.sourceforge.net/rhapsody/rhapsody_0.28b.tgz"
+DOWNLOAD="https://downloads.sourceforge.net/rhapsody/rhapsody_0.28b.tgz"
MD5SUM="0792de636a2625a826491e387fcb1305"
DOWNLOAD_x86_64=""
MD5SUM_x86_64=""
diff --git a/network/rhapsody/securityfix.diff b/network/rhapsody/securityfix.diff
new file mode 100644
index 000000000000..bb9db0d646eb
--- /dev/null
+++ b/network/rhapsody/securityfix.diff
@@ -0,0 +1,54 @@
+diff -Naur rhapsody-0.28b/src/dcc.c rhapsody-0.28b.patched/src/dcc.c
+--- rhapsody-0.28b/src/dcc.c 2006-02-24 01:46:19.000000000 -0500
++++ rhapsody-0.28b.patched/src/dcc.c 2021-09-16 15:46:52.830186229 -0400
+@@ -702,7 +702,11 @@
+ FILE *fp;
+ int fd;
+
+- sprintf(filepath, "%s/%s", configuration.dccdlpath, filename);
++ if(strchr(filename, "/")) {
++ vprint_all_attrib(ERROR_COLOR, "DCC File: Filename %s has directory separators, not allowed\n", filename);
++ }
++
++ snprintf(filepath, 1023, "%s/%s", configuration.dccdlpath, filename);
+
+ /* check if the file exists, and if it does, append a timestamp extension */
+ fp = fopen(filepath, "rb");
+@@ -710,13 +714,13 @@
+ if (fp != NULL && configuration.dccduplicates == 1){
+ ct = time(NULL);
+ t = localtime(&ct);
+- sprintf(filestamp, "%s.%04d%02d%02d%02d%02d%02d", filename, t->tm_year + 1900, t->tm_mon, t->tm_mday, t->tm_hour, t->tm_min, t->tm_sec);
++ snprintf(filestamp, 1023, "%s.%04d%02d%02d%02d%02d%02d", filename, t->tm_year + 1900, t->tm_mon, t->tm_mday, t->tm_hour, t->tm_min, t->tm_sec);
+ vprint_all_attrib(DCC_COLOR, "DCC file %s exists, saving as %s\n", filename, filestamp);
+- sprintf(filepath, "%s/%s", configuration.dccdlpath, filestamp);
++ snprintf(filepath, 1023, "%s/%s", configuration.dccdlpath, filestamp);
+ fclose(fp);
+ strcpy(filenamex, filestamp);
+ }
+- else strcpy(filenamex, filename);
++ else strncpy(filenamex, filename, 1023);
+
+ //fp = fopen(filepath, "wb");
+ //if (fp == NULL){
+diff -Naur rhapsody-0.28b/src/screen.c rhapsody-0.28b.patched/src/screen.c
+--- rhapsody-0.28b/src/screen.c 2006-02-24 01:46:19.000000000 -0500
++++ rhapsody-0.28b.patched/src/screen.c 2021-09-16 15:39:03.142240866 -0400
+@@ -2294,7 +2294,7 @@
+ void add_input_buffer(inputwin *I, int value){
+ char scratch[MAXDATASIZE];
+
+- if (I->cursorpos < MAXDATASIZE){
++ if (I->cursorpos < MAXDATASIZE - 1){
+ strcpy(scratch, &(I->inputbuffer)[I->cursorpos]);
+ (I->inputbuffer)[I->cursorpos] = value;
+ strcpy(&(I->inputbuffer)[I->cursorpos+1], scratch);
+@@ -2306,7 +2306,7 @@
+ void append_input_buffer(inputwin *I, char *string){
+ char scratch[MAXDATASIZE];
+
+- if (I->cursorpos + strlen(string) < MAXDATASIZE){
++ if (I->cursorpos + strlen(string) < MAXDATASIZE - 1){
+ strcpy(scratch, &(I->inputbuffer)[I->cursorpos]);
+ strcpy(&(I->inputbuffer)[I->cursorpos], string);
+ strcpy(&(I->inputbuffer)[I->cursorpos + strlen(string)], scratch);