Pullup ticket 2097 - requested by salo

security fix for eggdrop

- pkgsrc/chat/eggdrop/Makefile				1.26
- pkgsrc/chat/eggdrop/distinfo				1.11
- pkgsrc/chat/eggdrop/patches/patch-al			1.1
- pkgsrc/chat/eggdrop/patches/patch-am			1.1

   Module Name:	pkgsrc
   Committed By:	lkundrak
   Date:		Tue May 22 16:47:05 UTC 2007

   Modified Files:
	   pkgsrc/chat/eggdrop: Makefile distinfo
   Added Files:
	   pkgsrc/chat/eggdrop/patches: patch-al patch-am

   Log Message:
   Fix for the following:
   eggdrop<=1.6.18         arbitrary-code-execution        http://www.eggheads.org/bugzilla/show_bug.cgi?id=462

4 files changed, 37 insertions, 2 deletions

diff --git a/chat/eggdrop/Makefile b/chat/eggdrop/Makefile
index 4754c8586d2..6c76f92dcb4 100644
--- a/chat/eggdrop/Makefile
+++ b/chat/eggdrop/Makefile
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.25 2007/02/22 19:26:11 wiz Exp $
+# $NetBSD: Makefile,v 1.25.2.1 2007/05/24 09:13:12 ghen Exp $
 
 DISTNAME=	eggdrop1.6.17
 PKGNAME=	eggdrop-1.6.17
+PKGREVISION=	1
 CATEGORIES=	chat
 MASTER_SITES=	ftp://ftp.eggheads.org/pub/eggdrop/source/1.6/
 EXTRACT_SUFX=	.tar.bz2
diff --git a/chat/eggdrop/distinfo b/chat/eggdrop/distinfo
index f892c241ad1..f24256b53ae 100644
--- a/chat/eggdrop/distinfo
+++ b/chat/eggdrop/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.10 2005/12/01 20:42:42 joerg Exp $
+$NetBSD: distinfo,v 1.10.12.1 2007/05/24 09:13:12 ghen Exp $
 
 SHA1 (eggdrop1.6.17.tar.bz2) = 0e8a0b5506dde4a99f2be9f0700d6da65f54357f
 RMD160 (eggdrop1.6.17.tar.bz2) = 206d6d055b8efa66fde4a79c4cb3eacc4418ff01
@@ -13,3 +13,5 @@ SHA1 (patch-ag) = 61a030dc33de4f78cb19653035bebf7661f57c50
 SHA1 (patch-ah) = a5360c748e16cbc3d6ae4f2968799e96007971f1
 SHA1 (patch-ai) = ee0cfe95a1aa9a883fd95db0fbc0cef60deb8e3a
 SHA1 (patch-ak) = 92f269a3f382a9f917d7e58c2cee5bb1d500ab6d
+SHA1 (patch-al) = 744ef092d0a25d4a267a968f139468361bda4f7d
+SHA1 (patch-am) = 19df141bab53fb1079f76fe6d880a44778c50c68
diff --git a/chat/eggdrop/patches/patch-al b/chat/eggdrop/patches/patch-al
new file mode 100644
index 00000000000..e1e47e54952
--- /dev/null
+++ b/chat/eggdrop/patches/patch-al
@@ -0,0 +1,16 @@
+$NetBSD: patch-al,v 1.1.2.2 2007/05/24 09:13:13 ghen Exp $
+
+Fix for http://www.eggheads.org/bugzilla/show_bug.cgi?id=462
+
+--- src/mod/irc.mod/chan.c.orig	2007-05-22 18:29:41.000000000 +0200
++++ src/mod/irc.mod/chan.c
+@@ -2204,7 +2204,8 @@ static int gotmsg(char *from, char *msg)
+   if (!chan)
+     return 0;                   /* Private msg to an unknown channel?? */
+   fixcolon(msg);
+-  strcpy(uhost, from);
++  strncpy(uhost, from, UHOSTMAX);
++  uhost[UHOSTMAX] = '\0';
+   nick = splitnick(&uhost);
+   /* Only check if flood-ctcp is active */
+   if (flud_ctcp_thr && detect_avalanche(msg)) {
diff --git a/chat/eggdrop/patches/patch-am b/chat/eggdrop/patches/patch-am
new file mode 100644
index 00000000000..581b21070b2
--- /dev/null
+++ b/chat/eggdrop/patches/patch-am
@@ -0,0 +1,16 @@
+$NetBSD: patch-am,v 1.1.2.2 2007/05/24 09:13:13 ghen Exp $
+
+Fix for http://www.eggheads.org/bugzilla/show_bug.cgi?id=462
+
+--- src/mod/server.mod/servmsg.c.orig	2007-05-22 18:29:49.000000000 +0200
++++ src/mod/server.mod/servmsg.c
+@@ -424,7 +424,8 @@ static int gotmsg(char *from, char *msg)
+   to = newsplit(&msg);
+   fixcolon(msg);
+   /* Only check if flood-ctcp is active */
+-  strcpy(uhost, from);
++  strncpy(uhost, from, UHOSTMAX);
++  uhost[UHOSTMAX] = '\0';
+   nick = splitnick(&uhost);
+   if (flud_ctcp_thr && detect_avalanche(msg)) {
+     if (!ignoring) {