[meta-networking,scarthgap,09/12] znc: patch CVE-2024-39844

Message ID	20260109092843.1924568-9-ankur.tyagi85@gmail.com
State	New
Headers	show Return-Path: <ankur.tyagi85@gmail.com> ip: 209.85.214.174, mailfrom: ankur.tyagi85@gmail.com) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi <ankur.tyagi85@gmail.com> Subject: [oe][meta-networking][scarthgap][PATCH 09/12] znc: patch CVE-2024-39844 Date: Fri, 9 Jan 2026 22:28:39 +1300 Message-ID: <20260109092843.1924568-9-ankur.tyagi85@gmail.com> In-Reply-To: <20260109092843.1924568-1-ankur.tyagi85@gmail.com> References: <20260109092843.1924568-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[meta-networking,scarthgap,01/12] cifs-utils: patch CVE-2025-2312 \| expand [meta-networking,scarthgap,01/12] cifs-utils: patch CVE-2025-2312 [meta-networking,scarthgap,02/12] dante: upgrade 1.4.3 -> 1.4.4 [meta-networking,scarthgap,03/12] dante: Add _GNU_SOURCE for musl builds [meta-networking,scarthgap,04/12] frr: ignore CVE-2024-44070 [meta-networking,scarthgap,05/12] libcoap: patch CVE-2025-34468 [meta-networking,scarthgap,06/12] mtr: patch CVE-2025-49809 [meta-networking,scarthgap,07/12] open62541: patch CVE-2024-53429 [meta-networking,scarthgap,08/12] proftpd: patch CVE-2024-48651 [meta-networking,scarthgap,09/12] znc: patch CVE-2024-39844 [meta-networking,scarthgap,10/12] tinyproxy: patch CVE-2025-63938 [meta-networking,scarthgap,11/12] wolfssl: patch CVE-2025-7394 [meta-networking,scarthgap,12/12] unbound: patch CVE-2025-5994

Message ID

20260109092843.1924568-9-ankur.tyagi85@gmail.com

State

New

Headers

From: ankur.tyagi85@gmail.com
To: openembedded-devel@lists.openembedded.org
Cc: Ankur Tyagi <ankur.tyagi85@gmail.com>
Subject: [oe][meta-networking][scarthgap][PATCH 09/12] znc: patch
 CVE-2024-39844
Date: Fri,  9 Jan 2026 22:28:39 +1300
Message-ID: <20260109092843.1924568-9-ankur.tyagi85@gmail.com>
In-Reply-To: <20260109092843.1924568-1-ankur.tyagi85@gmail.com>
References: <20260109092843.1924568-1-ankur.tyagi85@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[meta-networking,scarthgap,01/12] cifs-utils: patch CVE-2025-2312 | expand

Commit Message

Ankur Tyagi Jan. 9, 2026, 9:28 a.m. UTC

From: Ankur Tyagi <ankur.tyagi85@gmail.com>

Details: https://nvd.nist.gov/vuln/detail/CVE-2024-39844

Backport commit[1] from https://github.com/znc/znc/releases/tag/znc-1.9.1
[1] https://github.com/znc/znc/commit/8cbf8d628174ddf23da680f3f117dc54da0eb06e

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
 .../recipes-irc/znc/znc/CVE-2024-39844.patch  | 62 +++++++++++++++++++
 meta-networking/recipes-irc/znc/znc_1.8.2.bb  |  1 +
 2 files changed, 63 insertions(+)
 create mode 100644 meta-networking/recipes-irc/znc/znc/CVE-2024-39844.patch

diff --git a/meta-networking/recipes-irc/znc/znc/CVE-2024-39844.patch b/meta-networking/recipes-irc/znc/znc/CVE-2024-39844.patch
new file mode 100644
index 0000000000..cf9486791c
--- /dev/null
+++ b/meta-networking/recipes-irc/znc/znc/CVE-2024-39844.patch
@@ -0,0 +1,62 @@ 
+From d3867e667ec813a448a0845087a8d87bad58402d Mon Sep 17 00:00:00 2001
+From: Alexey Sokolov <alexey+znc@asokolov.org>
+Date: Mon, 1 Jul 2024 09:59:16 +0100
+Subject: [PATCH] Fix RCE vulnerability in modtcl
+
+Remote attacker could execute arbitrary code embedded into the kick
+reason while kicking someone on a channel.
+
+To mitigate this for existing installations, simply unload the modtcl
+module for every user, if it's loaded.
+Note that only users with admin rights can load modtcl at all.
+
+While at it, also escape the channel name.
+
+Discovered by Johannes Kuhn (DasBrain)
+
+Patch by https://github.com/glguy
+
+CVE-2024-39844
+
+CVE: CVE-2024-39844
+Upstream-Status: Backport [https://github.com/znc/znc/commit/8cbf8d628174ddf23da680f3f117dc54da0eb06e]
+(cherry picked from commit 8cbf8d628174ddf23da680f3f117dc54da0eb06e)
+Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+---
+ modules/modtcl.cpp | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/modules/modtcl.cpp b/modules/modtcl.cpp
+index c64bc43f..58e68f51 100644
+--- a/modules/modtcl.cpp
++++ b/modules/modtcl.cpp
+@@ -248,8 +248,9 @@ class CModTcl : public CModule {
+         // chan specific
+         unsigned int nLength = vChans.size();
+         for (unsigned int n = 0; n < nLength; n++) {
++            CString sChannel = TclEscape(CString(vChans[n]->GetName()));
+             sCommand = "Binds::ProcessNick {" + sOldNick + "} {" + sHost +
+-                       "} - {" + vChans[n]->GetName() + "} {" + sNewNickTmp +
++                       "} - {" + sChannel + "} {" + sNewNickTmp +
+                        "}";
+             int i = Tcl_Eval(interp, sCommand.c_str());
+             if (i != TCL_OK) {
+@@ -260,14 +261,16 @@ class CModTcl : public CModule {
+ 
+     void OnKick(const CNick& OpNick, const CString& sKickedNick, CChan& Channel,
+                 const CString& sMessage) override {
++        CString sMes = TclEscape(sMessage);
+         CString sOpNick = TclEscape(CString(OpNick.GetNick()));
+         CString sNick = TclEscape(sKickedNick);
+         CString sOpHost =
+             TclEscape(CString(OpNick.GetIdent() + "@" + OpNick.GetHost()));
++        CString sChannel = TclEscape(Channel.GetName());
+ 
+         CString sCommand = "Binds::ProcessKick {" + sOpNick + "} {" + sOpHost +
+-                           "} - {" + Channel.GetName() + "} {" + sNick + "} {" +
+-                           sMessage + "}";
++                           "} - {" + sChannel + "} {" + sNick + "} {" +
++                           sMes + "}";
+         int i = Tcl_Eval(interp, sCommand.c_str());
+         if (i != TCL_OK) {
+             PutModule(Tcl_GetStringResult(interp));
diff --git a/meta-networking/recipes-irc/znc/znc_1.8.2.bb b/meta-networking/recipes-irc/znc/znc_1.8.2.bb
index 68dd0702f7..9901344601 100644
--- a/meta-networking/recipes-irc/znc/znc_1.8.2.bb
+++ b/meta-networking/recipes-irc/znc/znc_1.8.2.bb
@@ -7,6 +7,7 @@  DEPENDS = "openssl zlib icu"
 
 SRC_URI = "git://github.com/znc/znc.git;name=znc;branch=master;protocol=https \
            git://github.com/jimloco/Csocket.git;destsuffix=git/third_party/Csocket;name=Csocket;branch=master;protocol=https \
+           file://CVE-2024-39844.patch \
           "
 SRCREV_znc = "bf253640d33d03331310778e001fb6f5aba2989e"
 SRCREV_Csocket = "e8d9e0bb248c521c2c7fa01e1c6a116d929c41b4"