diff -Nru weechat-2.6/debian/changelog weechat-2.6/debian/changelog --- weechat-2.6/debian/changelog 2020-03-03 12:39:30.000000000 +0000 +++ weechat-2.6/debian/changelog 2020-04-13 10:21:33.000000000 +0100 @@ -1,3 +1,11 @@ +weechat (2.6-2ubuntu2) UNRELEASED; urgency=medium + + * Correctly find and link against libpython3.8 (LP: #1866065) + * CVE-2020-8955 fix crashes when receiving malformed messages + (LP: #1872425) + + -- Tj Mon, 13 Apr 2020 10:21:33 +0100 + weechat (2.6-2ubuntu1) focal; urgency=medium * Add ruby2.7 support (LP: #1865873) diff -Nru weechat-2.6/debian/patches/lp1866065-python3-linking.patch weechat-2.6/debian/patches/lp1866065-python3-linking.patch --- weechat-2.6/debian/patches/lp1866065-python3-linking.patch 1970-01-01 01:00:00.000000000 +0100 +++ weechat-2.6/debian/patches/lp1866065-python3-linking.patch 2020-04-13 09:17:03.000000000 +0100 @@ -0,0 +1,36 @@ +commit 3da688a8f8ba75a9f3cb411011e24398d65497ad +Author: Tj +Date: Mon Apr 13 09:09:33 2020 +0100 + + python: find and correctly link against libpython3.8 + +diff --git a/cmake/FindPython.cmake b/cmake/FindPython.cmake +index 2e71e4c57..4fa6d24e7 100644 +--- a/cmake/FindPython.cmake ++++ b/cmake/FindPython.cmake +@@ -33,5 +33,8 @@ include(FindPkgConfig) + if(ENABLE_PYTHON2) + pkg_check_modules(PYTHON python2) + else() +- pkg_check_modules(PYTHON python3) ++ pkg_check_modules(PYTHON python3-embed) ++ if(NOT PYTHON_FOUND) ++ pkg_check_modules(PYTHON python3) ++ endif() + endif() +diff --git a/configure.ac b/configure.ac +index ea014a988..e026789c3 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -477,7 +477,10 @@ if test "x$enable_python" = "xyes" ; then + if test "x$enable_python2" = "xyes" ; then + PKG_CHECK_MODULES(PYTHON, [python2], [PYTHON_FOUND=yes; PYTHON_VERSION=`$PKGCONFIG --modversion python2`], [PYTHON_FOUND=no]) + else +- PKG_CHECK_MODULES(PYTHON, [python3], [PYTHON_FOUND=yes; PYTHON_VERSION=`$PKGCONFIG --modversion python3`], [PYTHON_FOUND=no]) ++ PKG_CHECK_MODULES(PYTHON, [python3-embed], [PYTHON_FOUND=yes; PYTHON_VERSION=`$PKGCONFIG --modversion python3-embed`], [PYTHON_FOUND=no]) ++ if test "x$PYTHON_FOUND" != "xyes"; then ++ PKG_CHECK_MODULES(PYTHON, [python3], [PYTHON_FOUND=yes; PYTHON_VERSION=`$PKGCONFIG --modversion python3`], [PYTHON_FOUND=no]) ++ fi + fi + if test "x$PYTHON_FOUND" != "xyes" ; then + AC_MSG_WARN([ diff -Nru weechat-2.6/debian/patches/lp1872425-CVEs-from-2.7.1.patch weechat-2.6/debian/patches/lp1872425-CVEs-from-2.7.1.patch --- weechat-2.6/debian/patches/lp1872425-CVEs-from-2.7.1.patch 1970-01-01 01:00:00.000000000 +0100 +++ weechat-2.6/debian/patches/lp1872425-CVEs-from-2.7.1.patch 2020-04-13 10:20:51.000000000 +0100 @@ -0,0 +1,153 @@ +diff --git a/src/plugins/irc/irc-mode.c b/src/plugins/irc/irc-mode.c +index d6c749168..55e0b612a 100644 +--- a/src/plugins/irc/irc-mode.c ++++ b/src/plugins/irc/irc-mode.c +@@ -224,17 +224,20 @@ irc_mode_channel_update (struct t_irc_server *server, + current_arg++; + if (pos[0] == chanmode) + { +- chanmode_found = 1; +- if (set_flag == '+') ++ if (!chanmode_found) + { +- str_mode[0] = pos[0]; +- str_mode[1] = '\0'; +- strcat (new_modes, str_mode); +- if (argument) ++ chanmode_found = 1; ++ if (set_flag == '+') + { +- if (new_args[0]) +- strcat (new_args, " "); +- strcat (new_args, argument); ++ str_mode[0] = pos[0]; ++ str_mode[1] = '\0'; ++ strcat (new_modes, str_mode); ++ if (argument) ++ { ++ if (new_args[0]) ++ strcat (new_args, " "); ++ strcat (new_args, argument); ++ } + } + } + } +diff --git a/src/plugins/irc/irc-nick.c b/src/plugins/irc/irc-nick.c +index 57bb1d601..765a39e59 100644 +--- a/src/plugins/irc/irc-nick.c ++++ b/src/plugins/irc/irc-nick.c +@@ -643,6 +643,53 @@ irc_nick_set_mode (struct t_irc_server *server, struct t_irc_channel *channel, + } + } + ++/* ++ * Reallocates the "prefixes" string in all nicks of all channels on the server ++ * (after 005 has been received). ++ */ ++ ++void ++irc_nick_realloc_prefixes (struct t_irc_server *server, ++ int old_length, int new_length) ++{ ++ struct t_irc_channel *ptr_channel; ++ struct t_irc_nick *ptr_nick; ++ char *new_prefixes; ++ ++ for (ptr_channel = server->channels; ptr_channel; ++ ptr_channel = ptr_channel->next_channel) ++ { ++ for (ptr_nick = ptr_channel->nicks; ptr_nick; ++ ptr_nick = ptr_nick->next_nick) ++ { ++ if (ptr_nick->prefixes) ++ { ++ new_prefixes = realloc (ptr_nick->prefixes, new_length + 1); ++ if (new_prefixes) ++ { ++ ptr_nick->prefixes = new_prefixes; ++ if (new_length > old_length) ++ { ++ memset (ptr_nick->prefixes + old_length, ++ ' ', ++ new_length - old_length); ++ } ++ ptr_nick->prefixes[new_length] = '\0'; ++ } ++ } ++ else ++ { ++ ptr_nick->prefixes = malloc (new_length + 1); ++ if (ptr_nick->prefixes) ++ { ++ memset (ptr_nick->prefixes, ' ', new_length); ++ ptr_nick->prefixes[new_length] = '\0'; ++ } ++ } ++ } ++ } ++} ++ + /* + * Removes a nick from a channel. + */ +diff --git a/src/plugins/irc/irc-nick.h b/src/plugins/irc/irc-nick.h +index 52316891d..1d5b2914d 100644 +--- a/src/plugins/irc/irc-nick.h ++++ b/src/plugins/irc/irc-nick.h +@@ -74,6 +74,8 @@ extern void irc_nick_change (struct t_irc_server *server, + extern void irc_nick_set_mode (struct t_irc_server *server, + struct t_irc_channel *channel, + struct t_irc_nick *nick, int set, char mode); ++extern void irc_nick_realloc_prefixes (struct t_irc_server *server, ++ int old_length, int new_length); + extern void irc_nick_free (struct t_irc_server *server, + struct t_irc_channel *channel, + struct t_irc_nick *nick); +diff --git a/src/plugins/irc/irc-protocol.c b/src/plugins/irc/irc-protocol.c +index 9b483930d..c2beef541 100644 +--- a/src/plugins/irc/irc-protocol.c ++++ b/src/plugins/irc/irc-protocol.c +@@ -4681,7 +4681,7 @@ IRC_PROTOCOL_CALLBACK(352) + + if (argc > 8) + { +- arg_start = (strcmp (argv[8], "*") == 0) ? 9 : 8; ++ arg_start = ((argc > 9) && (strcmp (argv[8], "*") == 0)) ? 9 : 8; + if (argv[arg_start][0] == ':') + { + pos_attr = NULL; +diff --git a/src/plugins/irc/irc-server.c b/src/plugins/irc/irc-server.c +index 1b3737b99..6e4a597df 100644 +--- a/src/plugins/irc/irc-server.c ++++ b/src/plugins/irc/irc-server.c +@@ -986,11 +986,15 @@ irc_server_set_prefix_modes_chars (struct t_irc_server *server, + const char *prefix) + { + char *pos; +- int i, length_modes, length_chars; ++ int i, old_length_chars, length_modes, length_chars; + + if (!server || !prefix) + return; + ++ old_length_chars = (server->prefix_chars) ? ++ strlen (server->prefix_chars) : ++ strlen (irc_server_prefix_chars_default); ++ + /* free previous values */ + if (server->prefix_modes) + { +@@ -1030,6 +1034,13 @@ irc_server_set_prefix_modes_chars (struct t_irc_server *server, + } + } + } ++ ++ length_chars = (server->prefix_chars) ? ++ strlen (server->prefix_chars) : ++ strlen (irc_server_prefix_chars_default); ++ ++ if (length_chars != old_length_chars) ++ irc_nick_realloc_prefixes (server, old_length_chars, length_chars); + } + + /* diff -Nru weechat-2.6/debian/patches/series weechat-2.6/debian/patches/series --- weechat-2.6/debian/patches/series 2020-03-03 12:39:30.000000000 +0000 +++ weechat-2.6/debian/patches/series 2020-04-13 10:21:14.000000000 +0100 @@ -1,3 +1,5 @@ 01_fix_asciidoctor_options.patch guile_2.2-support.patch ruby27-support.patch +lp1866065-python3-linking.patch +lp1872425-CVEs-from-2.7.1.patch