diff options
| author | abs <abs@pkgsrc.org> | 2004-11-29 17:55:08 +0000 |
|---|---|---|
| committer | abs <abs@pkgsrc.org> | 2004-11-29 17:55:08 +0000 |
| commit | bd5e2604cde3237d2dc2345eddafbcf06bfd9c32 (patch) | |
| tree | 3e857cf9ea7bf684173aadb26cb6e245b10be257 | |
| parent | 491a2742a0b251635f7019e23009c74b233cee5e (diff) | |
| download | pkgsrc-bd5e2604cde3237d2dc2345eddafbcf06bfd9c32.tar.gz | |
Update jabberd2 to jabberd-2.0s4nb1, by pulling in patches from
http://www.marquard.net/jabber/#recommended,
specifically patch 58 which fixes the remote exploit listed at:
http://www.securityfocus.com/archive/1/382250
Patches included:
28* patch-jedi8-sm-object_c
Remove incorrect semicolumn from os_object_free() in sm/object.c
29* patch-jedi-mysql-storage
Fixes to mysql storage for boundary conditions
30* patch-base64
Fix length-related issues in base64 decoding routines
31* patch-sm-storage_db
Fixes to storage_db.c to avoid roster corruption: "sm/storage_db
inserts items in the filter hash table with keys which are located
on the stack. This creates confusion when the code later tries to
compare with these keys."
32* patch-nad-escape
Fixes bug in _nad_escape() where escaping ]]> can cause a segfault
when handling large messages where nad_realloc is called.
38* patch-jedi-pgsql-storage
Fixes to pgsql storage for boundary conditions and incorrect buffer
length calculation
46* patch-memleaks
Fix minor memory leaks in digest-md5 authentication and nad_free()
47* patch-ns-fix
Fixes omission of namespace declaration where a namespace has
already been used in the XML stanza
48* patch-sm-nad-triplet
Fixes omission of prefix on attributes processed by nad_parse (e.g.
in queue storage)
49* patch-mod_disco_publish
Corrects check for deleting previously published disco items from
"delete" to "remove" (as per JEP-0030).
50* patch-sm-filter
Alters filter handling and adds mysql/pgsql escaping on filter
strings to allow brackets and apostrophes in resource names that
form part of JIDs stored as roster entries
58* patch-c2s-buffers
Fixes buffer overflow that can lead to segfault in c2s mysql and
pgsql auth modules - see report by icbm (www.venustech.com.cn)
| -rw-r--r-- | doc/CHANGES | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/doc/CHANGES b/doc/CHANGES index 9185e305183..2ad216f7d0e 100644 --- a/doc/CHANGES +++ b/doc/CHANGES @@ -1,4 +1,4 @@ -$NetBSD: CHANGES,v 1.8155 2004/11/29 17:39:44 jmmv Exp $ +$NetBSD: CHANGES,v 1.8156 2004/11/29 17:55:08 abs Exp $ Changes to the packages collection and infrastructure in 2004: @@ -5644,3 +5644,5 @@ Changes to the packages collection and infrastructure in 2004: Updated AiCA to 0.81 [wiz 2004-11-29] Updated xchat2 to 2.4.1 [minskim 2004-11-29] Updated epiphany to 2.4.6 [jmmv 2004-11-29] + Updated jabberd2 to 2.0s4nb1 [abs 2004-11-29] + |