CVS commit: pkgsrc/chat/bitchx

["Nia Alarie" <nia%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   nia
Date:           Sat Mar 16 13:11:56 UTC 2024

Modified Files:
        pkgsrc/chat/bitchx: Makefile distinfo
Added Files:
        pkgsrc/chat/bitchx/patches: patch-dll_aim_toc_interface.c
            patch-include_dcc.h patch-source_commands.c patch-source_dcc.c
            patch-source_expr2.c patch-source_modules.c patch-source_numbers.c

Log Message:
bitchx: Various security & sanity patches from other packaging systems.


To generate a diff of this commit:
cvs rdiff -u -r1.65 -r1.66 pkgsrc/chat/bitchx/Makefile
cvs rdiff -u -r1.23 -r1.24 pkgsrc/chat/bitchx/distinfo
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/chat/bitchx/patches/patch-dll_aim_toc_interface.c \
    pkgsrc/chat/bitchx/patches/patch-include_dcc.h \
    pkgsrc/chat/bitchx/patches/patch-source_commands.c \
    pkgsrc/chat/bitchx/patches/patch-source_dcc.c \
    pkgsrc/chat/bitchx/patches/patch-source_expr2.c \
    pkgsrc/chat/bitchx/patches/patch-source_modules.c \
    pkgsrc/chat/bitchx/patches/patch-source_numbers.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/chat/bitchx/Makefile
diff -u pkgsrc/chat/bitchx/Makefile:1.65 pkgsrc/chat/bitchx/Makefile:1.66
--- pkgsrc/chat/bitchx/Makefile:1.65    Tue Oct 24 22:08:19 2023
+++ pkgsrc/chat/bitchx/Makefile Sat Mar 16 13:11:55 2024
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.65 2023/10/24 22:08:19 wiz Exp $
+# $NetBSD: Makefile,v 1.66 2024/03/16 13:11:55 nia Exp $
 
 DISTNAME=      bitchx-1.2.1
-PKGREVISION=   6
+PKGREVISION=   7
 CATEGORIES=    chat
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=bitchx/}
 

Index: pkgsrc/chat/bitchx/distinfo
diff -u pkgsrc/chat/bitchx/distinfo:1.23 pkgsrc/chat/bitchx/distinfo:1.24
--- pkgsrc/chat/bitchx/distinfo:1.23    Tue Oct 26 10:05:11 2021
+++ pkgsrc/chat/bitchx/distinfo Sat Mar 16 13:11:55 2024
@@ -1,6 +1,13 @@
-$NetBSD: distinfo,v 1.23 2021/10/26 10:05:11 nia Exp $
+$NetBSD: distinfo,v 1.24 2024/03/16 13:11:55 nia Exp $
 
 BLAKE2s (bitchx-1.2.1.tar.gz) = 8ae54865abc252701948be70b9122b168e9b4de81af89afa9d3f32f95e3dfc5b
 SHA512 (bitchx-1.2.1.tar.gz) = d5e0a151c69a85cca2544db8478af9fbd8fca17f882993fab7f898a95221087bf6219ad2144caedecb5bc508dfa02fa724737c615fbda47aeb8df8298cdfd645
 Size (bitchx-1.2.1.tar.gz) = 2549182 bytes
 SHA1 (patch-configure) = fa29df53d26437edf98901fd1a192978cda2e685
+SHA1 (patch-dll_aim_toc_interface.c) = d0b5be5f4be3e929952fec7db30289b4e5e39f19
+SHA1 (patch-include_dcc.h) = bdfb044a4dc5f432762932bd8a39d07c65d16770
+SHA1 (patch-source_commands.c) = f97c82140ab8f189a5d4c14f090deb9d609cb84f
+SHA1 (patch-source_dcc.c) = b20e60c9170b5c376fc6b504c2e54a247b0f211d
+SHA1 (patch-source_expr2.c) = ae4955e51a1c6e6cac5c987dac0928b975ff71a1
+SHA1 (patch-source_modules.c) = b9d57405344ff8b14d06be23a5510b36fc9fdd9b
+SHA1 (patch-source_numbers.c) = 7d60a19ce987d61b30d4ba7ebbc3e34ac19e6176

Added files:

Index: pkgsrc/chat/bitchx/patches/patch-dll_aim_toc_interface.c
diff -u /dev/null pkgsrc/chat/bitchx/patches/patch-dll_aim_toc_interface.c:1.1
--- /dev/null   Sat Mar 16 13:11:56 2024
+++ pkgsrc/chat/bitchx/patches/patch-dll_aim_toc_interface.c    Sat Mar 16 13:11:55 2024
@@ -0,0 +1,25 @@
+$NetBSD: patch-dll_aim_toc_interface.c,v 1.1 2024/03/16 13:11:55 nia Exp $
+
+Add a missing #include <string.h> for the strcpy declaration.
+
+Upstream removed the plugin:
+
+commit 35b1a65f03a2ca2dde31c9dbd77968587b6027d3
+Author: Kevin Easton <caf%bitchx.org@localhost>
+Date:   Sun Sep 6 23:33:36 2015 +1000
+
+    Remove obsolete AIM plugin
+    
+    The servers for the TOC protocol used by this plugin were decomissioned
+    by AOL in 2012, so it can't be used any longer.
+
+--- dll/aim/toc/interface.c.orig       2008-02-25 09:49:14.000000000 +0000
++++ dll/aim/toc/interface.c
+@@ -8,6 +8,7 @@
+ 
+ #include <stdlib.h>
+ #include <stdio.h>
++#include <string.h>
+ #include <time.h>
+ #include "toc.h"
+ 
Index: pkgsrc/chat/bitchx/patches/patch-include_dcc.h
diff -u /dev/null pkgsrc/chat/bitchx/patches/patch-include_dcc.h:1.1
--- /dev/null   Sat Mar 16 13:11:56 2024
+++ pkgsrc/chat/bitchx/patches/patch-include_dcc.h      Sat Mar 16 13:11:55 2024
@@ -0,0 +1,15 @@
+$NetBSD: patch-include_dcc.h,v 1.1 2024/03/16 13:11:55 nia Exp $
+
+Fixes a security issue with DCC.
+https://sourceforge.net/p/bitchx/git/ci/726884b0b076d0a77f7f5c7866caa09a164e8ae9/
+
+--- include/dcc.h.orig 2008-04-30 13:57:56.000000000 +0000
++++ include/dcc.h
+@@ -97,6 +97,7 @@
+ #define DCC_OFFER     0x00040000
+ #define DCC_DELETE    0x00080000
+ #define DCC_TWOCLIENTS        0x00100000
++#define DCC_RESUME_REQ 0x00200000
+ 
+ #ifdef NON_BLOCKING_CONNECTS
+ #define DCC_CNCT_PEND 0x00200000
Index: pkgsrc/chat/bitchx/patches/patch-source_commands.c
diff -u /dev/null pkgsrc/chat/bitchx/patches/patch-source_commands.c:1.1
--- /dev/null   Sat Mar 16 13:11:56 2024
+++ pkgsrc/chat/bitchx/patches/patch-source_commands.c  Sat Mar 16 13:11:55 2024
@@ -0,0 +1,14 @@
+$NetBSD: patch-source_commands.c,v 1.1 2024/03/16 13:11:55 nia Exp $
+
+Remove duplicate symbols. From Fedora Linux.
+
+--- source/commands.c.orig     2014-11-04 10:54:23.000000000 +0000
++++ source/commands.c
+@@ -118,7 +118,6 @@ extern     int     doing_notice;
+ 
+ static        void    oper_password_received (char *, char *);
+ 
+-int   no_hook_notify = 0;
+ int   load_depth = -1;
+ 
+ extern char   cx_function[];
Index: pkgsrc/chat/bitchx/patches/patch-source_dcc.c
diff -u /dev/null pkgsrc/chat/bitchx/patches/patch-source_dcc.c:1.1
--- /dev/null   Sat Mar 16 13:11:56 2024
+++ pkgsrc/chat/bitchx/patches/patch-source_dcc.c       Sat Mar 16 13:11:55 2024
@@ -0,0 +1,67 @@
+$NetBSD: patch-source_dcc.c,v 1.1 2024/03/16 13:11:55 nia Exp $
+
+Fixes a security issue with DCC.
+https://sourceforge.net/p/bitchx/git/ci/726884b0b076d0a77f7f5c7866caa09a164e8ae9/
+
+--- source/dcc.c.orig  2014-03-02 19:59:13.000000000 +0000
++++ source/dcc.c
+@@ -1420,6 +1420,7 @@ UserList *ul = NULL;
+                       if (autoresume && stat(fullname, &sb) != -1) {
+                               n->transfer_orders.byteoffset = sb.st_size;
+                               n->bytes_read = 0L;
++                              new_d->sock.flags |= DCC_RESUME_REQ;
+                               send_ctcp(CTCP_PRIVMSG, nick, CTCP_DCC, "RESUME %s %d %ld", n->filename, ntohs(n->remport), sb.st_size);
+                       } else {
+                               DCC_int *new = NULL;
+@@ -3437,6 +3438,7 @@ void dcc_getfile_resume_start (char *nic
+ {
+ SocketList *s;
+ DCC_int *n;
++const DCC_List *pending;
+ char *tmp = NULL;
+ char *fullname = NULL;
+ struct stat sb;
+@@ -3449,6 +3451,14 @@ struct stat sb;
+               put_it("%s", convert_output_format("$G %RDCC%n warning in dcc_getfile_resume_start", NULL));
+               return;
+       }
++      
++      pending = find_dcc_pending(nick, description, NULL, DCC_FILEREAD, 0, -1);
++      if (!pending || !(pending->sock.flags & DCC_RESUME_REQ))
++      {
++              put_it("%s", convert_output_format("$G %RDCC%n Ignoring unsolicited ACCEPT from $0", "%s", nick));
++              return;
++      }
++
+       if (!(n = dcc_create(nick, description, NULL, 0, port?atol(port):0, DCC_FILEREAD, DCC_TWOCLIENTS|DCC_OFFER, start_dcc_get)))
+               return;
+ 
+@@ -3495,17 +3505,13 @@ int            blocksize = 0;
+       user = get_dcc_args(&args, &passwd, &port, &blocksize);
+       if (!user)
+       {
+-              put_it("%s", convert_output_format("$G %RDCC%n You must supply a nickname for DCC get", NULL, NULL));
++              put_it("%s", convert_output_format("$G %RDCC%n You must supply a nickname for DCC RESUME", NULL));
+               return;
+       }
++
+       if (!blocksize || blocksize > MAX_DCC_BLOCK_SIZE)
+               blocksize = get_int_var(DCC_BLOCK_SIZE_VAR);
+ 
+-      if (!user)
+-      {
+-              put_it("%s", convert_output_format("$G %RDCC%n You must supply a nickname for DCC RESUME", NULL));
+-              return;
+-      }
+       if (args && *args)
+               filename = args;
+ 
+@@ -3564,6 +3570,8 @@ int              blocksize = 0;
+               n->blocksize = blocksize;
+               n->transfer_orders.byteoffset = sb.st_size;
+ 
++              s->flags |= DCC_RESUME_REQ;
++
+               old_dp = doing_privmsg; old_dn = doing_notice; old_dc = in_ctcp_flag;
+               /* Just in case we have to fool the protocol enforcement. */
+               doing_privmsg = doing_notice = in_ctcp_flag = 0;
Index: pkgsrc/chat/bitchx/patches/patch-source_expr2.c
diff -u /dev/null pkgsrc/chat/bitchx/patches/patch-source_expr2.c:1.1
--- /dev/null   Sat Mar 16 13:11:56 2024
+++ pkgsrc/chat/bitchx/patches/patch-source_expr2.c     Sat Mar 16 13:11:55 2024
@@ -0,0 +1,35 @@
+$NetBSD: patch-source_expr2.c,v 1.1 2024/03/16 13:11:55 nia Exp $
+
+Fix build with Clang > 13.
+
+via Fedora Linux, but MacPorts has the same patch.
+
+--- source/expr2.c.orig        2008-02-25 09:49:14.000000000 +0000
++++ source/expr2.c
+@@ -1192,7 +1192,7 @@ int      lexerr (expr_info *c, char *format, 
+  * case 'operand' is set to 1.  When an operand is lexed, then the next token
+  * is expected to be a binary operator, so 'operand' is set to 0. 
+  */
+-__inline int  check_implied_arg (expr_info *c)
++__inline static int   check_implied_arg (expr_info *c)
+ {
+       if (c->operand == 2)
+       {
+@@ -1205,7 +1205,7 @@ __inline int     check_implied_arg (expr_inf
+       return c->operand;
+ }
+ 
+-__inline TOKEN        operator (expr_info *c, char *x, int y, TOKEN z)
++__inline static TOKEN         operator (expr_info *c, char *x, int y, TOKEN z)
+ {
+       check_implied_arg(c);
+       if (c->operand)
+@@ -1216,7 +1216,7 @@ __inline TOKEN   operator (expr_info *c, 
+       return z;
+ }
+ 
+-__inline TOKEN        unary (expr_info *c, char *x, int y, TOKEN z)
++__inline static TOKEN         unary (expr_info *c, char *x, int y, TOKEN z)
+ {
+       if (!c->operand)
+               return lexerr(c, "An operator (%s) was found where "
Index: pkgsrc/chat/bitchx/patches/patch-source_modules.c
diff -u /dev/null pkgsrc/chat/bitchx/patches/patch-source_modules.c:1.1
--- /dev/null   Sat Mar 16 13:11:56 2024
+++ pkgsrc/chat/bitchx/patches/patch-source_modules.c   Sat Mar 16 13:11:55 2024
@@ -0,0 +1,15 @@
+$NetBSD: patch-source_modules.c,v 1.1 2024/03/16 13:11:55 nia Exp $
+
+Fix duplicate symbols, via Fedora Linux.
+
+--- source/modules.c.orig      2010-06-26 08:18:34.000000000 +0000
++++ source/modules.c
+@@ -83,7 +83,7 @@ extern int (*dcc_output_func) (int, int,
+ extern int (*dcc_input_func)  (int, int, char *, int, int);
+ extern int (*dcc_close_func) (int, unsigned long, int);
+ 
+-int (*serv_open_func) (int, unsigned long, int);
++extern int (*serv_open_func) (int, unsigned long, int);
+ extern int (*serv_output_func) (int, int, char *, int);
+ extern int (*serv_input_func)  (int, char *, int, int, int);
+ extern int (*serv_close_func) (int, unsigned long, int);
Index: pkgsrc/chat/bitchx/patches/patch-source_numbers.c
diff -u /dev/null pkgsrc/chat/bitchx/patches/patch-source_numbers.c:1.1
--- /dev/null   Sat Mar 16 13:11:56 2024
+++ pkgsrc/chat/bitchx/patches/patch-source_numbers.c   Sat Mar 16 13:11:55 2024
@@ -0,0 +1,14 @@
+$NetBSD: patch-source_numbers.c,v 1.1 2024/03/16 13:11:55 nia Exp $
+
+Fix duplicate symbols, via Fedora Linux.
+
+--- source/numbers.c.orig      2014-11-14 10:34:50.000000000 +0000
++++ source/numbers.c
+@@ -66,7 +66,6 @@ void show_server_map         (void);
+ int   stats_k_grep            (char **);
+ void  who_handlekill          (char *, char *, char *);
+ void  handle_tracekill        (int, char *, char *, char *);
+-int   no_hook_notify;
+ extern  AJoinList *ajoin_list;
+ void  remove_from_server_list (int);
+