Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package znc It fixes a security bug: diff -Naur '--exclude=.svn' 1.7.2-1/debian/changelog 1.7.2-2/debian/changelog --- 1.7.2-1/debian/changelog 2019-01-28 10:58:47.648083837 +0100 +++ 1.7.2-2/debian/changelog 2019-03-26 12:58:06.264919659 +0100 @@ -1,3 +1,11 @@ +znc (1.7.2-2) unstable; urgency=high + + * Add upstream patch 01-CVE-2019-9917 to fix a crash on invalid encoding, + which fixes CVE-2019-9917. + Closes: #925285 + + -- Patrick Matthäi <pmatth...@debian.org> Tue, 26 Mar 2019 12:46:42 +0100 + znc (1.7.2-1) unstable; urgency=medium * New upstream release. diff -Naur '--exclude=.svn' 1.7.2-1/debian/patches/01-CVE-2019-9917.diff 1.7.2-2/debian/patches/01-CVE-2019-9917.diff --- 1.7.2-1/debian/patches/01-CVE-2019-9917.diff 1970-01-01 01:00:00.000000000 +0100 +++ 1.7.2-2/debian/patches/01-CVE-2019-9917.diff 2019-03-26 12:58:06.272919610 +0100 @@ -0,0 +1,108 @@ +# Don't crash if user specified invalid encoding. +# References: CVE-2019-9917 +# Closes: #925285 +# URL: https://github.com/znc/znc/commit/64613bc8b6b4adf1e32231f9844d99cd512b8973 + +diff -Naur znc-1.7.2.orig/modules/controlpanel.cpp znc-1.7.2/modules/controlpanel.cpp +--- znc-1.7.2.orig/modules/controlpanel.cpp 2019-01-27 10:20:05.000000000 +0100 ++++ znc-1.7.2/modules/controlpanel.cpp 2019-03-26 12:42:34.298707717 +0100 +@@ -495,7 +495,7 @@ + #ifdef HAVE_ICU + else if (sVar == "clientencoding") { + pUser->SetClientEncoding(sValue); +- PutModule("ClientEncoding = " + sValue); ++ PutModule("ClientEncoding = " + pUser->GetClientEncoding()); + } + #endif + else +diff -Naur znc-1.7.2.orig/src/IRCNetwork.cpp znc-1.7.2/src/IRCNetwork.cpp +--- znc-1.7.2.orig/src/IRCNetwork.cpp 2019-01-27 10:20:05.000000000 +0100 ++++ znc-1.7.2/src/IRCNetwork.cpp 2019-03-26 12:42:34.302707692 +0100 +@@ -1482,9 +1482,9 @@ + } + + void CIRCNetwork::SetEncoding(const CString& s) { +- m_sEncoding = s; ++ m_sEncoding = CZNC::Get().FixupEncoding(s); + if (GetIRCSock()) { +- GetIRCSock()->SetEncoding(s); ++ GetIRCSock()->SetEncoding(m_sEncoding); + } + } + +diff -Naur znc-1.7.2.orig/src/User.cpp znc-1.7.2/src/User.cpp +--- znc-1.7.2.orig/src/User.cpp 2019-01-27 10:20:05.000000000 +0100 ++++ znc-1.7.2/src/User.cpp 2019-03-26 12:42:34.302707692 +0100 +@@ -1253,9 +1253,9 @@ + void CUser::SetDenySetBindHost(bool b) { m_bDenySetBindHost = b; } + void CUser::SetDefaultChanModes(const CString& s) { m_sDefaultChanModes = s; } + void CUser::SetClientEncoding(const CString& s) { +- m_sClientEncoding = s; ++ m_sClientEncoding = CZNC::Get().FixupEncoding(s); + for (CClient* pClient : GetAllClients()) { +- pClient->SetEncoding(s); ++ pClient->SetEncoding(m_sClientEncoding); + } + } + void CUser::SetQuitMsg(const CString& s) { m_sQuitMsg = s; } +diff -Naur znc-1.7.2.orig/src/znc.cpp znc-1.7.2/src/znc.cpp +--- znc-1.7.2.orig/src/znc.cpp 2019-01-27 10:20:05.000000000 +0100 ++++ znc-1.7.2/src/znc.cpp 2019-03-26 12:42:34.302707692 +0100 +@@ -2092,18 +2092,36 @@ + m_uiForceEncoding++; + #ifdef HAVE_ICU + for (Csock* pSock : GetManager()) { +- if (pSock->GetEncoding().empty()) { +- pSock->SetEncoding("UTF-8"); +- } ++ pSock->SetEncoding(FixupEncoding(pSock->GetEncoding())); + } + #endif + } + void CZNC::UnforceEncoding() { m_uiForceEncoding--; } + bool CZNC::IsForcingEncoding() const { return m_uiForceEncoding; } + CString CZNC::FixupEncoding(const CString& sEncoding) const { +- if (sEncoding.empty() && m_uiForceEncoding) { ++ if (!m_uiForceEncoding) { ++ return sEncoding; ++ } ++ if (sEncoding.empty()) { + return "UTF-8"; + } ++ const char* sRealEncoding = sEncoding.c_str(); ++ if (sEncoding[0] == '*' || sEncoding[0] == '^') { ++ sRealEncoding++; ++ } ++ if (!*sRealEncoding) { ++ return "UTF-8"; ++ } ++#ifdef HAVE_ICU ++ UErrorCode e = U_ZERO_ERROR; ++ UConverter* cnv = ucnv_open(sRealEncoding, &e); ++ if (cnv) { ++ ucnv_close(cnv); ++ } ++ if (U_FAILURE(e)) { ++ return "UTF-8"; ++ } ++#endif + return sEncoding; + } + +diff -Naur znc-1.7.2.orig/test/integration/tests/scripting.cpp znc-1.7.2/test/integration/tests/scripting.cpp +--- znc-1.7.2.orig/test/integration/tests/scripting.cpp 2019-01-27 10:20:05.000000000 +0100 ++++ znc-1.7.2/test/integration/tests/scripting.cpp 2019-03-26 12:42:34.302707692 +0100 +@@ -55,6 +55,13 @@ + ircd.Write(":n!u@h PRIVMSG nick :Hi\xF0, github issue #1229"); + // "replacement character" + client.ReadUntil("Hi\xEF\xBF\xBD, github issue"); ++ ++ // Non-existing encoding ++ client.Write("PRIVMSG *controlpanel :Set ClientEncoding $me Western"); ++ client.Write("JOIN #a\342"); ++ client.ReadUntil( ++ ":*controlpanel!z...@znc.in PRIVMSG nick :ClientEncoding = UTF-8"); ++ ircd.ReadUntil("JOIN #a\xEF\xBF\xBD"); + } + + TEST_F(ZNCTest, ModpythonSocket) { diff -Naur '--exclude=.svn' 1.7.2-1/debian/patches/series 1.7.2-2/debian/patches/series --- 1.7.2-1/debian/patches/series 1970-01-01 01:00:00.000000000 +0100 +++ 1.7.2-2/debian/patches/series 2019-03-26 12:58:06.280919560 +0100 @@ -0,0 +1 @@ +01-CVE-2019-9917.diff unblock znc/1.7.2-2 -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-2-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
