From 1eb415280a8267ce1999f41c2256797cc33e4efd Mon Sep 17 00:00:00 2001
From: Robert Scheck <robert@fedoraproject.org>
Date: May 26 2009 20:40:11 +0000
Subject: Added upstream ctcpfix to solve CVE-2009-1789 (#502650)


---

diff --git a/eggdrop-1.6.19-ctcpfix.patch b/eggdrop-1.6.19-ctcpfix.patch
new file mode 100644
index 0000000..337a3c1
--- /dev/null
+++ b/eggdrop-1.6.19-ctcpfix.patch
@@ -0,0 +1,51 @@
+Patch by Eggheads team: mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19
+and earlier allows remote attackers to cause a denial of service (crash) via a crafted
+PRIVMSG that causes an empty string to trigger a negative string length copy. NOTE: this
+issue exists because of an incorrect fix for CVE-2007-2807.
+
+Further information:
+ - https://bugzilla.redhat.com/show_bug.cgi?id=502650
+ - http://secunia.com/advisories/35104
+ - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1789
+ - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2807
+
+--- eggdrop1.6.19/doc/UPDATES1.6			2008-04-19 06:23:06.000000000 +0200
++++ eggdrop1.6.19/doc/UPDATES1.6.ctcpfix		2009-05-15 04:27:58.000000000 +0200
+@@ -10,6 +10,11 @@
+ 
+     ftp://ftp.eggheads.org/pub/eggdrop/UPDATES/
+ 
++  1.6.19+ctcpfix (14 May 2009):
++    - Fixed another bug in the CTCP parsing code introduced by the servmsg.c
++      buffer overflow patch in 1.6.19.
++    * Patch by: thommey
++
+ 
+   1.6.19 (18 April 2008):
+     - Update the recommended TCL version to 8.5
+--- eggdrop1.6.19/src/mod/server.mod/servmsg.c		2008-02-16 22:41:10.000000000 +0100
++++ eggdrop1.6.19/src/mod/server.mod/servmsg.c.ctcpfix	2009-05-15 04:27:58.000000000 +0200
+@@ -488,9 +488,9 @@
+       *p = 0;
+       strncpyz(ctcpbuf, p1, sizeof(ctcpbuf));
+       ctcp = ctcpbuf;
+-      /* copy the part after the second : in front of it after
+-       * the first :, this is temporary copied to ctcpbuf */
+-      strncpy(p1 - 1, p + 1, strlen(ctcpbuf) - 1);
++
++      /* remove the ctcp in msg */
++      memmove(p1 - 1, p + 1, strlen(p + 1) + 1);
+ 
+       if (!ignoring)
+         detect_flood(nick, uhost, from,
+--- eggdrop1.6.19/src/patch.h				2008-04-19 06:21:20.000000000 +0200
++++ eggdrop1.6.19/src/patch.h.ctcpfix			2009-05-15 04:27:58.000000000 +0200
+@@ -36,7 +36,7 @@
+  *
+  *
+  */
+-/* PATCH GOES HERE */
++patch("ctcpfix");
+ /*
+  *
+  *
diff --git a/eggdrop.spec b/eggdrop.spec
index 88606cc..877d5d5 100644
--- a/eggdrop.spec
+++ b/eggdrop.spec
@@ -1,7 +1,7 @@
 Summary:	The world's most popular Open Source IRC bot
 Name:		eggdrop
 Version:	1.6.19
-Release:	2%{?dist}
+Release:	4%{?dist}
 License:	GPLv2+
 Group:		Applications/Communications
 URL:		http://www.eggheads.org/
@@ -10,6 +10,7 @@ Patch0:		eggdrop-1.6.19-conf.patch
 Patch1:		eggdrop-1.6.17-langdir.patch
 Patch2:		eggdrop-1.6.19-no_libdns.patch
 Patch3:		eggdrop-1.6.18-suzi_sp0007.patch
+Patch4:		eggdrop-1.6.19-ctcpfix.patch
 BuildRequires:	tcl-devel >= 8.3, zlib-devel, autoconf
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
@@ -25,6 +26,7 @@ able to form botnets, share partylines and userfiles between bots.
 %patch1 -p1 -b .langdir
 %patch2 -p1 -b .no_libdns
 %patch3 -p1 -b .suzi_sp0007
+%patch4 -p1 -b .ctcpfix
 autoconf
 
 %build
@@ -34,7 +36,7 @@ make %{_smp_mflags}
 
 %install
 rm -rf $RPM_BUILD_ROOT
-make DEST=$RPM_BUILD_ROOT%{_datadir}/%{name} install
+make DEST=$RPM_BUILD_ROOT%{_datadir}/%{name} INSTALL='install -p' install
 
 rm -rf $RPM_BUILD_ROOT%{_datadir}/%{name}/{README,doc,eggdrop*,filesys,logs,modules}
 install -D -m 755 %{name} $RPM_BUILD_ROOT%{_bindir}/%{name}
@@ -46,14 +48,16 @@ mv -f $RPM_BUILD_ROOT%{_datadir}/%{name}/modules-%{version} $RPM_BUILD_ROOT%{_li
 
 # Documentation cleanups
 find doc -name "Makefile*" -exec rm {} \;
-mv doc/html .
-rm -rf doc/man1
+mv doc/html . ; rm -rf doc/man1
 chmod -x doc/WEIRD-MESSAGES eggdrop.conf src/mod/transfer.mod/*.c
 
 # Convert everything to UTF-8
 iconv -f iso-8859-1 -t utf-8 -o doc/KNOWN-PROBLEMS.utf8 doc/KNOWN-PROBLEMS
+touch -c -r doc/KNOWN-PROBLEMS doc/KNOWN-PROBLEMS.utf8
 mv -f doc/KNOWN-PROBLEMS.utf8 doc/KNOWN-PROBLEMS
+
 iconv -f iso-8859-1 -t utf-8 -o doc/UPDATES1.6.utf8 doc/UPDATES1.6
+touch -c -r doc/UPDATES1.6 doc/UPDATES1.6.utf8
 mv -f doc/UPDATES1.6.utf8 doc/UPDATES1.6
 
 # Fix paths of example eggdrop.conf
@@ -73,6 +77,12 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man?/*
 
 %changelog
+* Tue May 26 2009 Robert Scheck <robert@fedoraproject.org> 1.6.19-4
+- Added upstream ctcpfix to solve CVE-2009-1789 (#502650)
+
+* Mon Feb 23 2009 Robert Scheck <robert@fedoraproject.org> 1.6.19-3
+- Rebuild for gcc 4.4 and rpm 4.6
+
 * Sat Aug 30 2008 Robert Scheck <robert@fedoraproject.org> 1.6.19-2
 - Re-diffed eggdrop configuration patch for no fuzz