From 849c82e6ddb224728cc4ac8d14d0f278c4376f87 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Jan 21 2020 19:14:08 +0000
Subject: import irssi-1.1.1-3.el8


---

diff --git a/SOURCES/irssi-1.1.1-CVE-2019-13045.patch b/SOURCES/irssi-1.1.1-CVE-2019-13045.patch
new file mode 100644
index 0000000..084a15a
--- /dev/null
+++ b/SOURCES/irssi-1.1.1-CVE-2019-13045.patch
@@ -0,0 +1,43 @@
+diff --git a/src/irc/core/irc-core.c b/src/irc/core/irc-core.c
+index a9221e0..9cffc86 100644
+--- a/src/irc/core/irc-core.c
++++ b/src/irc/core/irc-core.c
+@@ -75,6 +75,8 @@ static void destroy_server_connect(SERVER_CONNECT_REC *conn)
+ 
+ 	g_free_not_null(ircconn->usermode);
+ 	g_free_not_null(ircconn->alternate_nick);
++	g_free_not_null(ircconn->sasl_username);
++	g_free_not_null(ircconn->sasl_password);
+ }
+ 
+ void irc_core_init(void)
+diff --git a/src/irc/core/irc-servers-reconnect.c b/src/irc/core/irc-servers-reconnect.c
+index ca61492..715ab38 100644
+--- a/src/irc/core/irc-servers-reconnect.c
++++ b/src/irc/core/irc-servers-reconnect.c
+@@ -49,8 +49,8 @@ static void sig_server_connect_copy(SERVER_CONNECT_REC **dest,
+ 	rec->usermode = g_strdup(src->usermode);
+ 	rec->alternate_nick = g_strdup(src->alternate_nick);
+ 	rec->sasl_mechanism = src->sasl_mechanism;
+-	rec->sasl_username = src->sasl_username;
+-	rec->sasl_password = src->sasl_password;
++	rec->sasl_username = g_strdup(src->sasl_username);
++	rec->sasl_password = g_strdup(src->sasl_password);
+ 	*dest = (SERVER_CONNECT_REC *) rec;
+ }
+ 
+diff --git a/src/irc/core/irc-servers-setup.c b/src/irc/core/irc-servers-setup.c
+index e79557a..5fb5c2b 100644
+--- a/src/irc/core/irc-servers-setup.c
++++ b/src/irc/core/irc-servers-setup.c
+@@ -101,8 +101,8 @@ static void sig_server_setup_fill_chatnet(IRC_SERVER_CONNECT_REC *conn,
+ 			if (ircnet->sasl_username != NULL && *ircnet->sasl_username &&
+ 			    ircnet->sasl_password != NULL && *ircnet->sasl_password) {
+ 				conn->sasl_mechanism = SASL_MECHANISM_PLAIN;
+-				conn->sasl_username = ircnet->sasl_username;
+-				conn->sasl_password = ircnet->sasl_password;
++				conn->sasl_username = g_strdup(ircnet->sasl_username);
++				conn->sasl_password = g_strdup(ircnet->sasl_password);
+ 			} else
+ 				g_warning("The fields sasl_username and sasl_password are either missing or empty");
+ 		}
diff --git a/SPECS/irssi.spec b/SPECS/irssi.spec
index f9af6b2..abd413e 100644
--- a/SPECS/irssi.spec
+++ b/SPECS/irssi.spec
@@ -3,7 +3,7 @@
 Summary:	Modular text mode IRC client with Perl scripting
 Name:		irssi
 Version:	1.1.1
-Release:	2%{?dist}
+Release:	3%{?dist}
 
 License:	GPLv2+
 Group:		Applications/Communications
@@ -15,6 +15,7 @@ BuildRequires:	pkgconfig glib2-devel perl-devel perl-generators perl(ExtUtils::E
 BuildRequires:	autoconf automake libtool
 Requires:	perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
 Patch0:		irssi-1.1.1-coverity-scan-fix.patch
+Patch1:		irssi-1.1.1-CVE-2019-13045.patch
 
 %package devel
 Summary:	Development package for irssi
@@ -37,6 +38,7 @@ being maintained.
 %prep
 %setup -q
 %patch0 -p1 -b .coverity-scan-fix
+%patch1 -p1 -b .CVE-2019-13045
 
 %build
 autoreconf -i
@@ -85,6 +87,10 @@ chmod -R u+w $RPM_BUILD_ROOT%{perl_vendorarch}
 
 
 %changelog
+* Fri Nov  1 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 1.1.1-3
+- Fixed use after free when sending SASL login to server
+  Resolves: CVE-2019-13045
+
 * Thu Dec  6 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 1.1.1-2
 - Fixed issue found by coverity scan
   Resolves: rhbz#1602558