Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_1710594716219530"
MIME-Version: 1.0
Date: Sat, 16 Mar 2024 13:11:56 +0000
From: "Nia Alarie" <nia@netbsd.org>
Subject: CVS commit: pkgsrc/chat/bitchx
To: pkgsrc-changes@NetBSD.org
Reply-To: nia@netbsd.org
Message-Id: <20240316131156.34F49FA2C@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
Precedence: bulk

This is a multi-part message in MIME format.

--_----------=_1710594716219530
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	nia
Date:		Sat Mar 16 13:11:56 UTC 2024

Modified Files:
	pkgsrc/chat/bitchx: Makefile distinfo
Added Files:
	pkgsrc/chat/bitchx/patches: patch-dll_aim_toc_interface.c
	    patch-include_dcc.h patch-source_commands.c patch-source_dcc.c
	    patch-source_expr2.c patch-source_modules.c patch-source_numbers.c

Log Message:
bitchx: Various security & sanity patches from other packaging systems.


To generate a diff of this commit:
cvs rdiff -u -r1.65 -r1.66 pkgsrc/chat/bitchx/Makefile
cvs rdiff -u -r1.23 -r1.24 pkgsrc/chat/bitchx/distinfo
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/chat/bitchx/patches/patch-dll_aim_toc_interface.c \
    pkgsrc/chat/bitchx/patches/patch-include_dcc.h \
    pkgsrc/chat/bitchx/patches/patch-source_commands.c \
    pkgsrc/chat/bitchx/patches/patch-source_dcc.c \
    pkgsrc/chat/bitchx/patches/patch-source_expr2.c \
    pkgsrc/chat/bitchx/patches/patch-source_modules.c \
    pkgsrc/chat/bitchx/patches/patch-source_numbers.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_1710594716219530
Content-Disposition: inline
Content-Length: 9899
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/chat/bitchx/Makefile
diff -u pkgsrc/chat/bitchx/Makefile:1.65 pkgsrc/chat/bitchx/Makefile:1.66
--- pkgsrc/chat/bitchx/Makefile:1.65	Tue Oct 24 22:08:19 2023
+++ pkgsrc/chat/bitchx/Makefile	Sat Mar 16 13:11:55 2024
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.65 2023/10/24 22:08:19 wiz Exp $
+# $NetBSD: Makefile,v 1.66 2024/03/16 13:11:55 nia Exp $
 
 DISTNAME=	bitchx-1.2.1
-PKGREVISION=	6
+PKGREVISION=	7
 CATEGORIES=	chat
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=bitchx/}
 

Index: pkgsrc/chat/bitchx/distinfo
diff -u pkgsrc/chat/bitchx/distinfo:1.23 pkgsrc/chat/bitchx/distinfo:1.24
--- pkgsrc/chat/bitchx/distinfo:1.23	Tue Oct 26 10:05:11 2021
+++ pkgsrc/chat/bitchx/distinfo	Sat Mar 16 13:11:55 2024
@@ -1,6 +1,13 @@
-$NetBSD: distinfo,v 1.23 2021/10/26 10:05:11 nia Exp $
+$NetBSD: distinfo,v 1.24 2024/03/16 13:11:55 nia Exp $
 
 BLAKE2s (bitchx-1.2.1.tar.gz) = 8ae54865abc252701948be70b9122b168e9b4de81af89afa9d3f32f95e3dfc5b
 SHA512 (bitchx-1.2.1.tar.gz) = d5e0a151c69a85cca2544db8478af9fbd8fca17f882993fab7f898a95221087bf6219ad2144caedecb5bc508dfa02fa724737c615fbda47aeb8df8298cdfd645
 Size (bitchx-1.2.1.tar.gz) = 2549182 bytes
 SHA1 (patch-configure) = fa29df53d26437edf98901fd1a192978cda2e685
+SHA1 (patch-dll_aim_toc_interface.c) = d0b5be5f4be3e929952fec7db30289b4e5e39f19
+SHA1 (patch-include_dcc.h) = bdfb044a4dc5f432762932bd8a39d07c65d16770
+SHA1 (patch-source_commands.c) = f97c82140ab8f189a5d4c14f090deb9d609cb84f
+SHA1 (patch-source_dcc.c) = b20e60c9170b5c376fc6b504c2e54a247b0f211d
+SHA1 (patch-source_expr2.c) = ae4955e51a1c6e6cac5c987dac0928b975ff71a1
+SHA1 (patch-source_modules.c) = b9d57405344ff8b14d06be23a5510b36fc9fdd9b
+SHA1 (patch-source_numbers.c) = 7d60a19ce987d61b30d4ba7ebbc3e34ac19e6176

Added files:

Index: pkgsrc/chat/bitchx/patches/patch-dll_aim_toc_interface.c
diff -u /dev/null pkgsrc/chat/bitchx/patches/patch-dll_aim_toc_interface.c:1.1
--- /dev/null	Sat Mar 16 13:11:56 2024
+++ pkgsrc/chat/bitchx/patches/patch-dll_aim_toc_interface.c	Sat Mar 16 13:11:55 2024
@@ -0,0 +1,25 @@
+$NetBSD: patch-dll_aim_toc_interface.c,v 1.1 2024/03/16 13:11:55 nia Exp $
+
+Add a missing #include <string.h> for the strcpy declaration.
+
+Upstream removed the plugin:
+
+commit 35b1a65f03a2ca2dde31c9dbd77968587b6027d3
+Author: Kevin Easton <caf@bitchx.org>
+Date:   Sun Sep 6 23:33:36 2015 +1000
+
+    Remove obsolete AIM plugin
+    
+    The servers for the TOC protocol used by this plugin were decomissioned
+    by AOL in 2012, so it can't be used any longer.
+
+--- dll/aim/toc/interface.c.orig	2008-02-25 09:49:14.000000000 +0000
++++ dll/aim/toc/interface.c
+@@ -8,6 +8,7 @@
+ 
+ #include <stdlib.h>
+ #include <stdio.h>
++#include <string.h>
+ #include <time.h>
+ #include "toc.h"
+ 
Index: pkgsrc/chat/bitchx/patches/patch-include_dcc.h
diff -u /dev/null pkgsrc/chat/bitchx/patches/patch-include_dcc.h:1.1
--- /dev/null	Sat Mar 16 13:11:56 2024
+++ pkgsrc/chat/bitchx/patches/patch-include_dcc.h	Sat Mar 16 13:11:55 2024
@@ -0,0 +1,15 @@
+$NetBSD: patch-include_dcc.h,v 1.1 2024/03/16 13:11:55 nia Exp $
+
+Fixes a security issue with DCC.
+https://sourceforge.net/p/bitchx/git/ci/726884b0b076d0a77f7f5c7866caa09a164e8ae9/
+
+--- include/dcc.h.orig	2008-04-30 13:57:56.000000000 +0000
++++ include/dcc.h
+@@ -97,6 +97,7 @@
+ #define DCC_OFFER	0x00040000
+ #define DCC_DELETE	0x00080000
+ #define DCC_TWOCLIENTS	0x00100000
++#define DCC_RESUME_REQ 0x00200000
+ 
+ #ifdef NON_BLOCKING_CONNECTS
+ #define DCC_CNCT_PEND	0x00200000
Index: pkgsrc/chat/bitchx/patches/patch-source_commands.c
diff -u /dev/null pkgsrc/chat/bitchx/patches/patch-source_commands.c:1.1
--- /dev/null	Sat Mar 16 13:11:56 2024
+++ pkgsrc/chat/bitchx/patches/patch-source_commands.c	Sat Mar 16 13:11:55 2024
@@ -0,0 +1,14 @@
+$NetBSD: patch-source_commands.c,v 1.1 2024/03/16 13:11:55 nia Exp $
+
+Remove duplicate symbols. From Fedora Linux.
+
+--- source/commands.c.orig	2014-11-04 10:54:23.000000000 +0000
++++ source/commands.c
+@@ -118,7 +118,6 @@ extern	int	doing_notice;
+ 
+ static	void	oper_password_received (char *, char *);
+ 
+-int	no_hook_notify = 0;
+ int	load_depth = -1;
+ 
+ extern char	cx_function[];
Index: pkgsrc/chat/bitchx/patches/patch-source_dcc.c
diff -u /dev/null pkgsrc/chat/bitchx/patches/patch-source_dcc.c:1.1
--- /dev/null	Sat Mar 16 13:11:56 2024
+++ pkgsrc/chat/bitchx/patches/patch-source_dcc.c	Sat Mar 16 13:11:55 2024
@@ -0,0 +1,67 @@
+$NetBSD: patch-source_dcc.c,v 1.1 2024/03/16 13:11:55 nia Exp $
+
+Fixes a security issue with DCC.
+https://sourceforge.net/p/bitchx/git/ci/726884b0b076d0a77f7f5c7866caa09a164e8ae9/
+
+--- source/dcc.c.orig	2014-03-02 19:59:13.000000000 +0000
++++ source/dcc.c
+@@ -1420,6 +1420,7 @@ UserList *ul = NULL;
+ 			if (autoresume && stat(fullname, &sb) != -1) {
+ 				n->transfer_orders.byteoffset = sb.st_size;
+ 				n->bytes_read = 0L;
++				new_d->sock.flags |= DCC_RESUME_REQ;
+ 				send_ctcp(CTCP_PRIVMSG, nick, CTCP_DCC, "RESUME %s %d %ld", n->filename, ntohs(n->remport), sb.st_size);
+ 			} else {
+ 				DCC_int *new = NULL;
+@@ -3437,6 +3438,7 @@ void dcc_getfile_resume_start (char *nic
+ {
+ SocketList *s;
+ DCC_int *n;
++const DCC_List *pending;
+ char *tmp = NULL;
+ char *fullname = NULL;
+ struct stat sb;
+@@ -3449,6 +3451,14 @@ struct stat sb;
+ 		put_it("%s", convert_output_format("$G %RDCC%n warning in dcc_getfile_resume_start", NULL));
+ 		return;
+ 	}
++	
++	pending = find_dcc_pending(nick, description, NULL, DCC_FILEREAD, 0, -1);
++	if (!pending || !(pending->sock.flags & DCC_RESUME_REQ))
++	{
++		put_it("%s", convert_output_format("$G %RDCC%n Ignoring unsolicited ACCEPT from $0", "%s", nick));
++		return;
++	}
++
+ 	if (!(n = dcc_create(nick, description, NULL, 0, port?atol(port):0, DCC_FILEREAD, DCC_TWOCLIENTS|DCC_OFFER, start_dcc_get)))
+ 		return;
+ 
+@@ -3495,17 +3505,13 @@ int		blocksize = 0;
+ 	user = get_dcc_args(&args, &passwd, &port, &blocksize);
+ 	if (!user)
+ 	{
+-		put_it("%s", convert_output_format("$G %RDCC%n You must supply a nickname for DCC get", NULL, NULL));
++		put_it("%s", convert_output_format("$G %RDCC%n You must supply a nickname for DCC RESUME", NULL));
+ 		return;
+ 	}
++
+ 	if (!blocksize || blocksize > MAX_DCC_BLOCK_SIZE)
+ 		blocksize = get_int_var(DCC_BLOCK_SIZE_VAR);
+ 
+-	if (!user)
+-	{
+-		put_it("%s", convert_output_format("$G %RDCC%n You must supply a nickname for DCC RESUME", NULL));
+-		return;
+-	}
+ 	if (args && *args)
+ 		filename = args;
+ 
+@@ -3564,6 +3570,8 @@ int		blocksize = 0;
+ 		n->blocksize = blocksize;
+ 		n->transfer_orders.byteoffset = sb.st_size;
+ 
++		s->flags |= DCC_RESUME_REQ;
++
+ 		old_dp = doing_privmsg;	old_dn = doing_notice; old_dc = in_ctcp_flag;
+ 		/* Just in case we have to fool the protocol enforcement. */
+ 		doing_privmsg = doing_notice = in_ctcp_flag = 0;
Index: pkgsrc/chat/bitchx/patches/patch-source_expr2.c
diff -u /dev/null pkgsrc/chat/bitchx/patches/patch-source_expr2.c:1.1
--- /dev/null	Sat Mar 16 13:11:56 2024
+++ pkgsrc/chat/bitchx/patches/patch-source_expr2.c	Sat Mar 16 13:11:55 2024
@@ -0,0 +1,35 @@
+$NetBSD: patch-source_expr2.c,v 1.1 2024/03/16 13:11:55 nia Exp $
+
+Fix build with Clang > 13.
+
+via Fedora Linux, but MacPorts has the same patch.
+
+--- source/expr2.c.orig	2008-02-25 09:49:14.000000000 +0000
++++ source/expr2.c
+@@ -1192,7 +1192,7 @@ int	lexerr (expr_info *c, char *format, 
+  * case 'operand' is set to 1.  When an operand is lexed, then the next token
+  * is expected to be a binary operator, so 'operand' is set to 0. 
+  */
+-__inline int	check_implied_arg (expr_info *c)
++__inline static int	check_implied_arg (expr_info *c)
+ {
+ 	if (c->operand == 2)
+ 	{
+@@ -1205,7 +1205,7 @@ __inline int	check_implied_arg (expr_inf
+ 	return c->operand;
+ }
+ 
+-__inline TOKEN 	operator (expr_info *c, char *x, int y, TOKEN z)
++__inline static TOKEN 	operator (expr_info *c, char *x, int y, TOKEN z)
+ {
+ 	check_implied_arg(c);
+ 	if (c->operand)
+@@ -1216,7 +1216,7 @@ __inline TOKEN 	operator (expr_info *c, 
+ 	return z;
+ }
+ 
+-__inline TOKEN 	unary (expr_info *c, char *x, int y, TOKEN z)
++__inline static TOKEN 	unary (expr_info *c, char *x, int y, TOKEN z)
+ {
+ 	if (!c->operand)
+ 		return lexerr(c, "An operator (%s) was found where "
Index: pkgsrc/chat/bitchx/patches/patch-source_modules.c
diff -u /dev/null pkgsrc/chat/bitchx/patches/patch-source_modules.c:1.1
--- /dev/null	Sat Mar 16 13:11:56 2024
+++ pkgsrc/chat/bitchx/patches/patch-source_modules.c	Sat Mar 16 13:11:55 2024
@@ -0,0 +1,15 @@
+$NetBSD: patch-source_modules.c,v 1.1 2024/03/16 13:11:55 nia Exp $
+
+Fix duplicate symbols, via Fedora Linux.
+
+--- source/modules.c.orig	2010-06-26 08:18:34.000000000 +0000
++++ source/modules.c
+@@ -83,7 +83,7 @@ extern int (*dcc_output_func) (int, int,
+ extern int (*dcc_input_func)  (int, int, char *, int, int);
+ extern int (*dcc_close_func) (int, unsigned long, int);
+ 
+-int (*serv_open_func) (int, unsigned long, int);
++extern int (*serv_open_func) (int, unsigned long, int);
+ extern int (*serv_output_func) (int, int, char *, int);
+ extern int (*serv_input_func)  (int, char *, int, int, int);
+ extern int (*serv_close_func) (int, unsigned long, int);
Index: pkgsrc/chat/bitchx/patches/patch-source_numbers.c
diff -u /dev/null pkgsrc/chat/bitchx/patches/patch-source_numbers.c:1.1
--- /dev/null	Sat Mar 16 13:11:56 2024
+++ pkgsrc/chat/bitchx/patches/patch-source_numbers.c	Sat Mar 16 13:11:55 2024
@@ -0,0 +1,14 @@
+$NetBSD: patch-source_numbers.c,v 1.1 2024/03/16 13:11:55 nia Exp $
+
+Fix duplicate symbols, via Fedora Linux.
+
+--- source/numbers.c.orig	2014-11-14 10:34:50.000000000 +0000
++++ source/numbers.c
+@@ -66,7 +66,6 @@ void	show_server_map		(void);
+ int	stats_k_grep		(char **);
+ void	who_handlekill		(char *, char *, char *);
+ void	handle_tracekill	(int, char *, char *, char *);
+-int	no_hook_notify;
+ extern  AJoinList *ajoin_list;
+ void	remove_from_server_list (int);
+ 


--_----------=_1710594716219530--