weechat: 2.7 -> 2.7.1 #80672
weechat: 2.7 -> 2.7.1 #80672
Conversation
Release notes: irc: fix crash when receiving a malformed message 352 (who) irc: fix crash when a new message 005 is received with longer nick prefixes irc: fix crash when receiving a malformed message 324 (channel mode) (CVE-2020-8955)
mweinelt
force-pushed
the
pr/weechat/2.7.1
branch
from
cc06c9d
to
2d77fc3
Compare
|
@mweinelt Yes I saw thew after finishing my review 😅 We should probably check if it is possible to backport security fixes to 2.6 on |
|
Unless upstream provides security fixes for the older version we should try to avoid maintaining custom patch sets. Those will likely be incomplete since we lack the complete picture. I think that has also been done in the past unless there was some real breakage that wouldn't be acceptable. In the past weechat upgrades weren't that intrusive but only the changelog / git log can tell that. |
|
There is no branch for the 2.6 release, so I don't think they're patching older versions. |
|
I was just checking if the commits the refer to (https://weechat.org/doc/security/) are trivially applicable (they are not). Then no problem porting the update to 19.09 ! |
|
Just make sure to mention those CVEs in the backports. Makes it easier to discover. I'd also like them in the commit messages for each of the changes. Git log will be forever. GitHub might go away :-) |
|
The one CVE is part of the commit message, here and in the backports. |
Motivation for this change
https://github.com/weechat/weechat/releases/tag/v2.7.1
Things done
sandboxinnix.confon non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"./result/bin/)nix path-info -Sbefore and after)@andir @flokli @lovek323 @the-kenny @lheckemann @Ma27