Actually remove bitchx-devel and add a VuXML entry.

Security: CVE-2007-4584 Security: CVE-2007-5839 Security: CVE-2007-5922
svn path=/head/; revision=319486
2025-01-16 07:58:04 +00:00 · 2013-05-31 11:33:41 +00:00 · 2013-05-31 11:33:41 +00:00 · 9aa023d98b · 2021-03-31 03:12:20 +00:00
commit 9aa023d98b
parent bf5ecc9466
11 changed files with 51 additions and 330 deletions
--- a/1
+++ b/1
@ -4333,3 +4333,4 @@ x11-toolkits/linux-gtk2||2013-05-30|Has expired: Only used on FreeBSD 7, which i
 x11-toolkits/linux-openmotif||2013-05-30|Has expired: Only used on FreeBSD 7, which is end-of-life
 x11-toolkits/linux-pango||2013-05-30|Has expired: Only used on FreeBSD 7, which is end-of-life
 x11-toolkits/linux-qt33||2013-05-30|Has expired: Only used on FreeBSD 7, which is end-of-life
+irc/bitchx-devel|irc/bitchx|2013-05-31|Release finally cut
--- a/irc/Makefile
+++ b/irc/Makefile
@ -6,7 +6,6 @@
    SUBDIR += anope
    SUBDIR += bip
    SUBDIR += bitchx
-    SUBDIR += bitchx-devel
    SUBDIR += bitlbee
    SUBDIR += bnc
    SUBDIR += bobot++
--- a/irc/bitchx-devel/Makefile
+++ b/irc/bitchx-devel/Makefile
@ -1,118 +0,0 @@
-# Created by: Jimbo Bahooli <griffin@blackhole.iceworld.org>
-# $FreeBSD$
-
-PORTNAME=	BitchX
-PORTVERSION=	1.2
-CATEGORIES+=	irc
-DISTNAME=	${PORTNAME}-${PORTNAME}${PORTVERSION}-${GH_COMMIT}
-
-MAINTAINER?=	dan.mashal@gmail.com
-COMMENT?=	Feature-rich scriptable IRC client
-
-USE_GITHUB=	yes
-GH_ACCOUNT=	${PORTNAME}
-GH_PROJECT=	${PORTNAME}1.2
-GH_TAGNAME=	master
-GH_COMMIT=	a22b86f
-
-LATEST_LINK=	BitchX-devel
-GNU_CONFIGURE=	yes
-CONFIGURE_ENV=	LIBS="-L${LOCALBASE}/lib"
-CONFIGURE_ARGS=	--libdir="${PREFIX}/share"
-USE_GMAKE=	yes
-USE_PERL5=	yes
-WANT_GNOME=	yes
-DOCSDIR=	${PREFIX}/share/bx/help
-PORTDOCS=	*
-
-MAN1=		${PORTNAME}.1
-
-OPTIONS_DEFINE=	ESOUND GNOME IPV6 LATIN PLUGINS SSL XMMS
-
-GNOME_DESC=	Legacy GTK/GNOME frontend
-LATIN_DESC=	Recommended for ISO-8859-1 display
-PLUGINS_DESC=	Build a handful of BitchX plugins
-XMMS_DESC=	Build XMMS plugin
-
-OPTIONS_DEFAULT=	IPV6 PLUGINS SSL
-
-.include <bsd.port.pre.mk>
-
-.if ${ARCH} == "amd64" || ${ARCH} == "ia64"
-CFLAGS+=	-fPIC
-.endif
-
-.if ${PORT_OPTIONS:MIPV6}
-CONFIGURE_ARGS+=	--enable-ipv6
-.endif
-
-.if ${PORT_OPTIONS:MSSL}
-CONFIGURE_ARGS+=	--with-ssl
-.endif
-
-.if ${PORT_OPTIONS:MGNOME} || ${PORT_OPTIONS:MESOUND}
-USE_GNOME=	gnomelibs
-CONFIGURE_ARGS+=	--with-gtk
-. if ${PORT_OPTIONS:MESOUND}
-USE_GNOME+=	esound
-CONFIGURE_ARGS+=	--enable-sound
-. endif
-CFLAGS+=	-I${LOCALBASE}/include/gnome-1.0
-PLIST_SUB+=	NOGNOME="@comment " GNOME=""
-.else
-CONFIGURE_ARGS+=	--without-gtk
-PLIST_SUB+=	GNOME="@comment " NOGNOME=""
-.endif
-
-.if ${PORT_OPTIONS:MPLUGINS}
-PLUGINS=	abot acro aim arcfour autocycle blowfish cavlink cdrom \
-		encrypt europa fserv hint nap nicklist pkga possum qbx \
-		qmail wavplay
-PLIST_SUB+=	PLUGINS=""
-.else
-PLIST_SUB+=	PLUGINS="@comment "
-.endif
-
-.if ${PORT_OPTIONS:MXMMS}
-LIB_DEPENDS=	xmms:${PORTSDIR}/multimedia/xmms
-PLUGINS+=	xmms
-PLIST_SUB+=	XMMS=""
-.else
-PLIST_SUB+=	XMMS="@comment "
-.endif
-
-.if !empty(PLUGINS)
-CONFIGURE_ARGS+=	--with-plugins="${PLUGINS:C/\$$/,/g}"
-.else
-CONFIGURE_ARGS+=	--without-plugins
-.endif
-
-post-patch:
-.if ${PORT_OPTIONS:MLATIN}
-	${REINPLACE_CMD} -e 's|#undef LATIN1|#define LATIN1|' \
-		${WRKSRC}/include/config.h
-.endif
-	${REINPLACE_CMD} -e 's|bzip2|true|g' ${WRKSRC}/Makefile.in
-
-post-install:
-.if ${PORT_OPTIONS:MGNOME}
-	${STRIP_CMD} ${PREFIX}/bin/gtkBitchX
-.else
-	${STRIP_CMD} ${PREFIX}/bin/BitchX
-	${STRIP_CMD} ${PREFIX}/bin/scr-bx
-.endif
-.if ${PORT_OPTIONS:MDOCS}
-	@${MKDIR} ${DOCSDIR}
-	cd ${WRKSRC}/bitchx-docs && ${COPYTREE_SHARE} . ${DOCSDIR}
-.endif
-
-# Ensure that `@dirrm share/bx' will be appended last (after PORTDOCS stuff)
-add-plist-post:
-	@${ECHO_CMD} "@dirrm share/bx" >> ${TMPPLIST}
-.if (${PREFIX} != ${LOCALBASE} && ${PREFIX} != ${LINUXBASE} && ${PREFIX} != "/usr")
-	@${ECHO_CMD} "@unexec rmdir %D 2> /dev/null || true" >> ${TMPPLIST}
-.else
-	@${DO_NADA}
-.endif
-
-.include <bsd.port.post.mk>
--- a/irc/bitchx-devel/distinfo
+++ b/irc/bitchx-devel/distinfo
@ -1,2 +0,0 @@
-SHA256 (BitchX-BitchX1.2-a22b86f.tar.gz) = 78868bf79960fdb3cb716f38a90a084aaf9dfd76498e0c7df252ef1e43ca9a08
-SIZE (BitchX-BitchX1.2-a22b86f.tar.gz) = 2555622
--- a/irc/bitchx-devel/files/patch-amd64_fix
+++ b/irc/bitchx-devel/files/patch-amd64_fix
@ -1,32 +0,0 @@
-
-
-Patch attached with submission follows:
-
-diff -ur BitchX.orig/include/module.h BitchX/include/module.h
--- BitchX.orig/include/module.h	Fri Apr 11 03:09:07 2003
-+++ include/module.h	Sun Jan  8 17:18:15 2006
-@@ -15,7 +15,7 @@
- 
- #include "struct.h"
- 
-typedef int (*Function_ptr)();
-+typedef long (*Function_ptr)();
- 
- #ifdef WANT_DLL
- #ifdef HPUX
-diff -ur BitchX.orig/source/screen.c BitchX/source/screen.c
--- BitchX.orig/source/screen.c	Thu Jul 31 09:01:08 2003
-+++ source/screen.c	Sun Jan  8 17:18:18 2006
-@@ -1377,8 +1377,8 @@
- {
- 	if (!w)
- 		w = current_window;
-	if (w->screen)
-		w->screen->cursor_window = w;
-+/*	if (w->screen)
-+		w->screen->cursor_window = w;*/
- }
- 
- /*
-
-
--- a/irc/bitchx-devel/files/patch-aq
+++ b/irc/bitchx-devel/files/patch-aq
@ -1,33 +0,0 @@
--- include/config.h.old	Wed Mar 14 11:20:48 2001
-+++ include/config.h	Wed Mar 14 11:23:51 2001
-@@ -225,7 +225,7 @@
-  * in the client. defining this variable to 1 allows that happen. It also
-  * adds a HEBREW_TOGGLE variable which can turn this feature on/off
-  */
-#undef WANT_HEBREW
-+#define WANT_HEBREW
- 
- /* if you use cidentd the filename is called .authlie instead of .noident.
-  * as well some modifications to the format of the file were made. So we 
-@@ -480,9 +480,9 @@
- #define DEFAULT_AINV 0
- #define DEFAULT_ANNOY_KICK OFF
- #define DEFAULT_AOP_VAR OFF
-#define DEFAULT_AUTO_AWAY ON
-#define DEFAULT_KICK_OPS ON
-#define DEFAULT_AUTO_REJOIN ON
-+#define DEFAULT_AUTO_AWAY OFF
-+#define DEFAULT_KICK_OPS OFF
-+#define DEFAULT_AUTO_REJOIN OFF
- #define DEFAULT_DEOPFLOOD ON
- #if defined(__EMXPM__) || defined(WIN32)
- #define DEFAULT_CODEPAGE 437
-@@ -684,7 +684,7 @@
- #endif
- 
- #undef PARANOID		/* #define this if your paranoid about dcc hijacking */
-#undef WANT_CHAN_NICK_SERV	/* do we want to include some chan/nick/oper server commands */
-+#define WANT_CHAN_NICK_SERV	/* do we want to include some chan/nick/oper server commands */
- 
- /* new epic stuff */
- #define OLD_STATUS_S_EXPANDO_BEHAVIOR
--- a/irc/bitchx-devel/files/patch-configure
+++ b/irc/bitchx-devel/files/patch-configure
@ -1,26 +0,0 @@
--- configure.orig	2012-11-18 22:48:07.000000000 -0500
-+++ configure	2012-11-18 22:48:27.000000000 -0500
-@@ -14756,11 +14756,6 @@
-             SHLIB_LD="ld -shared"
-         fi
-         ;;
-      FreeBSD-1*)
-                { { echo "$as_me:$LINENO: error: sorry" >&5
-echo "$as_me: error: sorry" >&2;}
-   { (exit no plugins on $ac_cv_system_version); exit no plugins on $ac_cv_system_version; }; }
-        ;;
-       FreeBSD-2.2*)
-         SHLIB_LD="ld -Bshareable"
-         ;;
-@@ -16242,11 +16237,6 @@
-             SHLIB_LD="ld -shared"
-         fi
-         ;;
-      FreeBSD-1*)
-                { { echo "$as_me:$LINENO: error: sorry" >&5
-echo "$as_me: error: sorry" >&2;}
-   { (exit no plugins on $ac_cv_system_version); exit no plugins on $ac_cv_system_version; }; }
-        ;;
-       FreeBSD-2.2*)
-         SHLIB_LD="ld -Bshareable"
-         ;;
--- a/irc/bitchx-devel/files/patch-source-Makefile.in
+++ b/irc/bitchx-devel/files/patch-source-Makefile.in
@ -1,19 +0,0 @@
--- source/Makefile.in.orig	Fri Apr 11 03:09:07 2003
-+++ source/Makefile.in	Tue Mar 30 14:44:20 2004
-@@ -37,7 +37,7 @@
- IRCLIB = @IRCLIB@
- 
- CC = @CC@
-DEFS = @INCLUDES@
-+DEFS = @INCLUDES@ @CPPFLAGS@
- LIBS = @LIBS@
- 
- # Tcl library.
-@@ -51,6 +51,7 @@
- # Set this to -g if you want to be able to debug the client, otherwise
- # use -O to have the compiler do some optimization instead.
- CFLAGS = @CFLAGS@
-+CPPFLAGS= @CPPFLAGS@
- 
- # Set this to -s if you want the binary to be stripped.
- LDFLAGS = @LDFLAGS@
--- a/irc/bitchx-devel/pkg-descr
+++ b/irc/bitchx-devel/pkg-descr
@ -1,15 +0,0 @@
-BitchX is an IRC (Internet Relay Chat) client by Colten Edwards aka
-panasync@EFnet, it is based on its predecessors ircII and Epic.
-
-BitchX was originally started as a script by Trench and HappyCrappy for
-the popular Unix IRC client ircII.  Around Christmas of 1994 the script
-was patched directly into the client by Colten Edwards.
-
-BitchX includes features which make it an eggdrop, a bouncer, and a
-friendly IRC client at the same time.
-
-BitchX is one the most popular IRC clients among Unix systems.  It is
-highly customizable and capable of running scripts, so it can be used
-as an IRC bot too.
-
-WWW: http://www.bitchx.org/
--- a/irc/bitchx-devel/pkg-plist
+++ b/irc/bitchx-devel/pkg-plist
@ -1,84 +0,0 @@
-@unexec if [ -f %D/share/bx/script/bxglobal.old ]; then rm -f %D/share/bx/script/bxglobal.old; fi
-%%NOGNOME%%bin/BitchX
-%%NOGNOME%%bin/BitchX-1.2c01-svn
-%%GNOME%%bin/gtkBitchX
-%%GNOME%%bin/gtkBitchX-1.2c01-svn
-%%NOGNOME%%bin/scr-bx
-share/bx/BitchX.help
-share/bx/BitchX.ircnames
-share/bx/BitchX.quit
-share/bx/BitchX.kick
-%%PLUGINS%%share/bx/plugins/BitchX.hints
-%%PLUGINS%%share/bx/plugins/acro.so
-%%PLUGINS%%share/bx/plugins/autobot.so
-%%PLUGINS%%share/bx/plugins/blowfish.so
-%%PLUGINS%%share/bx/plugins/encrypt.so
-%%PLUGINS%%share/bx/plugins/fserv.so
-%%PLUGINS%%share/bx/plugins/hint.so
-%%PLUGINS%%share/bx/plugins/pkga.so
-%%PLUGINS%%share/bx/plugins/possum.so
-%%PLUGINS%%share/bx/plugins/qmail.so
-%%PLUGINS%%share/bx/plugins/wavplay.so
-%%PLUGINS%%share/bx/plugins/qbx.so
-%%PLUGINS%%share/bx/plugins/arcfour.so
-%%PLUGINS%%share/bx/plugins/autocycle.so
-%%PLUGINS%%share/bx/plugins/aim.so
-%%PLUGINS%%share/bx/plugins/cavlink.so
-%%PLUGINS%%share/bx/plugins/cdrom.so
-%%PLUGINS%%share/bx/plugins/nap.so
-%%PLUGINS%%share/bx/plugins/nicklist.so
-%%XMMS%%share/bx/plugins/xmms.so
-share/bx/script/SCRIPTS
-share/bx/script/actplug.gmz
-share/bx/script/bxglobal
-share/bx/script/bxtcl.tcl
-share/bx/script/cyp1.0k.tar.gz
-share/bx/script/dcc_fserve-0.50.tgz
-share/bx/script/example-.bitchxrc
-share/bx/script/file.tcl
-share/bx/script/fserve+vfs.tar.gz
-share/bx/script/logger.bx
-share/bx/script/menu.bx
-share/bx/script/operchallenge-1.3.tar
-share/bx/script/query.bx
-share/bx/script/auto_resume
-share/bx/script/fserve.irc
-share/bx/script/query
-share/bx/translation/ASCII
-share/bx/translation/CP437
-share/bx/translation/CP850
-share/bx/translation/DANISH
-share/bx/translation/DEC_MCS
-share/bx/translation/DG_MCS
-share/bx/translation/DUTCH
-share/bx/translation/FINNISH
-share/bx/translation/FRENCH
-share/bx/translation/FRENCH_CANADIAN
-share/bx/translation/GERMAN
-share/bx/translation/HP_MCS
-share/bx/translation/IRV
-share/bx/translation/ITALIAN
-share/bx/translation/JIS
-share/bx/translation/MACINTOSH
-share/bx/translation/NEXT
-share/bx/translation/NORWEGIAN_1
-share/bx/translation/NORWEGIAN_2
-share/bx/translation/POLISH
-share/bx/translation/POLISH_NOPL
-share/bx/translation/PORTUGUESE
-share/bx/translation/PORTUGUESE_COM
-share/bx/translation/RUSSIAN
-share/bx/translation/RUSSIAN_ALT
-share/bx/translation/RUSSIAN_WIN
-share/bx/translation/SPANISH
-share/bx/translation/SWEDISH
-share/bx/translation/SWEDISH_NAMES
-share/bx/translation/SWEDISH_NAMES_COM
-share/bx/translation/SWISS
-share/bx/translation/UNITED_KINGDOM
-share/bx/translation/UNITED_KINGDOM_COM
-%%NOGNOME%%share/bx/wserv
-@dirrm share/bx/translation
-@dirrm share/bx/script
-@dirrm share/bx/plugins
-@comment "@dirrm share/bx" must be appended after PORTDOCS stuff, see Makefile
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@ -51,6 +51,56 @@ Note:  Please add new entries to the beginning of this file.

 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="0a799a8e-c9d4-11e2-a424-14dae938ec40">
+    <topic>irc/bitchx -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>BitchX</name>
+	<range><lt>1.2.*,1</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>bannedit reports:</p>
+	<blockquote cite="http://www.cvedetails.com/cve/CVE-2007-4584/">
+	  <p>Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC
+	    servers to execute arbitrary code via a long string in a MODE
+	    command, related to the p_mode variable.</p>
+	</blockquote>
+	<p>Nico Golde reports:</p>
+	<blockquote cite="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449149">
+	  <p>There is a security issue in ircii-pana in bitchx' hostname
+	    command.  The e_hostname function (commands.c) uses tmpnam to
+	    create a temporary file which is known to be insecure.</p>
+	</blockquote>
+	<p>Chris reports:</p>
+	<blockquote cite="http://secunia.com/advisories/27556">
+	  <p>Chris has reported a vulnerability in the Cypress script for
+	    BitchX, which can be exploited by malicious people to disclose
+	    potentially sensitive information or to compromise a vulnerable
+	    system.</p>
+
+	  <p>The vulnerability is caused due to malicious code being present
+	    in the modules/mdop.m file.  This can be exploited to disclose the
+	    content of various system files or to execute arbitrary shell
+	    commands.</p>
+
+	  <p>Successful exploitation allows execution of arbitrary code, but
+	    requires the control of the "lsyn.webhop.net" domain.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2007-4584</cvename>
+      <cvename>CVE-2007-5839</cvename>
+      <cvename>CVE-2007-5922</cvename>
+    </references>
+    <dates>
+      <discovery>2007-08-28</discovery>
+      <entry>2013-05-31</entry>
+    </dates>
+  </vuln>
+
  <vuln vid="19751e06-c798-11e2-a373-000c29833058">
    <topic>znc -- null pointer dereference in webadmin module</topic>
    <affects>