irssi: bump version to version 1.0.2

Notice that this fixes a security issue:

CWE-416 (use after free condition during netjoin processing). No CVE
assigned yet:

https://irssi.org/security/irssi_sa_2017_03.txt

But the 0.8.x series is not believed to be vulnerable to this specific
issue.  From the advisory:

Affected versions
-----------------

Irssi up to and including 1.0.1

We believe Irssi 0.8.21 and prior are not affected since a different
code path causes the netjoins to be flushed prior to reaching the use
after free condition.

Openssl is no longer optional, so select it and drop the enable/disable
handling.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

diff --git a/package/irssi/Config.in b/package/irssi/Config.in
index 7d292017892e65e39e7d42cd363b72e1c1581194..2cdd06c87c0525204e3fa73faac19ca446018a5e 100644 (file)
--- a/package/irssi/Config.in
+++ b/package/irssi/Config.in
@@ -2,6 +2,7 @@ config BR2_PACKAGE_IRSSI
        bool "irssi"
        select BR2_PACKAGE_LIBGLIB2
        select BR2_PACKAGE_NCURSES
+       select BR2_PACKAGE_OPENSSL
        depends on BR2_USE_WCHAR # libglib2
        depends on BR2_TOOLCHAIN_HAS_THREADS # libglib2
        depends on BR2_USE_MMU # fork()

diff --git a/package/irssi/irssi.hash b/package/irssi/irssi.hash
index b1048bf8f521e791ab578e742f41836175ae6c58..f1472e04bf9419bb457ef6eba3f653734fd88561 100644 (file)
--- a/package/irssi/irssi.hash
+++ b/package/irssi/irssi.hash
@@ -1,2 +1,2 @@
 # Locally calculated after checking pgp signature
-sha256 e433063b8714dcf17438126902c9a9d5c97944b3185ecd0fc5ae25c4959bf35a        irssi-0.8.21.tar.xz
+sha256 5c1c3cc2caf103aad073fadeb000e0f8cb3b416833a7f43ceb8bd9fcf275fbe9        irssi-1.0.2.tar.xz

diff --git a/package/irssi/irssi.mk b/package/irssi/irssi.mk
index e467f89890c7cb2dd574f708d9965fb8ff2a540c..7df7bbc445e3b8478f636e6a3b8bc541bc144af1 100644 (file)
--- a/package/irssi/irssi.mk
+++ b/package/irssi/irssi.mk
@@ -4,27 +4,20 @@
 #
 ################################################################################
 
-IRSSI_VERSION = 0.8.21
+IRSSI_VERSION = 1.0.2
 IRSSI_SOURCE = irssi-$(IRSSI_VERSION).tar.xz
 # Do not use the github helper here. The generated tarball is *NOT* the
 # same as the one uploaded by upstream for the release.
 IRSSI_SITE = https://github.com/irssi/irssi/releases/download/$(IRSSI_VERSION)
 IRSSI_LICENSE = GPLv2+
 IRSSI_LICENSE_FILES = COPYING
-IRSSI_DEPENDENCIES = host-pkgconf libglib2 ncurses
+IRSSI_DEPENDENCIES = host-pkgconf libglib2 ncurses openssl
 
 IRSSI_CONF_OPTS = \
        --disable-glibtest \
        --with-ncurses=$(STAGING_DIR)/usr \
        --without-perl
 
-ifeq ($(BR2_PACKAGE_OPENSSL),y)
-IRSSI_CONF_OPTS += --enable-ssl
-IRSSI_DEPENDENCIES += openssl
-else
-IRSSI_CONF_OPTS += --disable-ssl
-endif
-
 ifeq ($(BR2_PACKAGE_IRSSI_PROXY),y)
 IRSSI_CONF_OPTS += --with-proxy
 # If shared libs are disabled, 'proxy' has to go in the list of built-in