summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorsalo <salo@pkgsrc.org>2005-08-10 16:13:33 +0000
committersalo <salo@pkgsrc.org>2005-08-10 16:13:33 +0000
commit72767cb80182d54c9bc3dbb84223b066a5d5d6c4 (patch)
treec5f0b4f8aa7f79f9b74c09b2a3e276611b8a3b90
parente4463962016ece075018568a8aaff4d90c7af15d (diff)
downloadpkgsrc-72767cb80182d54c9bc3dbb84223b066a5d5d6c4.tar.gz
Security fixes for CAN-2005-2102 and CAN-2005-2103.
- An error in the handling of away messages can be exploited to cause a heap-based buffer overflow by sending a specially crafted away message to a user logged into AIM or ICQ. Successful exploitation allows execution of arbitrary code. - An error in the handling of file transfers can be exploited to crash the application by attempting to upload a file with a non-UTF8 filename to a user logged into AIM or ICQ. Patches from RedHat.
-rw-r--r--chat/gaim/Makefile4
-rw-r--r--chat/gaim/buildlink3.mk4
-rw-r--r--chat/gaim/distinfo4
-rw-r--r--chat/gaim/patches/patch-af78
-rw-r--r--chat/gaim/patches/patch-ag26
5 files changed, 111 insertions, 5 deletions
diff --git a/chat/gaim/Makefile b/chat/gaim/Makefile
index 76c7993c881..7d4b5fae442 100644
--- a/chat/gaim/Makefile
+++ b/chat/gaim/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.93 2005/08/05 14:33:53 salo Exp $
+# $NetBSD: Makefile,v 1.94 2005/08/10 16:13:33 salo Exp $
DISTNAME= gaim-1.4.0
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= chat x11
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=gaim/}
EXTRACT_SUFX= .tar.bz2
diff --git a/chat/gaim/buildlink3.mk b/chat/gaim/buildlink3.mk
index d213606c29e..0bc4e40ad39 100644
--- a/chat/gaim/buildlink3.mk
+++ b/chat/gaim/buildlink3.mk
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.6 2005/08/05 14:33:53 salo Exp $
+# $NetBSD: buildlink3.mk,v 1.7 2005/08/10 16:13:34 salo Exp $
BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH}+
GAIM_BUILDLINK3_MK:= ${GAIM_BUILDLINK3_MK}+
@@ -12,7 +12,7 @@ BUILDLINK_PACKAGES+= gaim
.if !empty(GAIM_BUILDLINK3_MK:M+)
BUILDLINK_DEPENDS.gaim+= gaim>=1.1.2
-BUILDLINK_RECOMMENDED.gaim+= gaim>=1.4.0nb1
+BUILDLINK_RECOMMENDED.gaim+= gaim>=1.4.0nb2
BUILDLINK_PKGSRCDIR.gaim?= ../../chat/gaim
PRINT_PLIST_AWK+= /^@dirrm lib\/gaim$$/ \
diff --git a/chat/gaim/distinfo b/chat/gaim/distinfo
index eb1c261a17c..9a4649d18e0 100644
--- a/chat/gaim/distinfo
+++ b/chat/gaim/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.67 2005/08/05 14:33:53 salo Exp $
+$NetBSD: distinfo,v 1.68 2005/08/10 16:13:34 salo Exp $
SHA1 (gaim-1.4.0.tar.bz2) = 49955722104216e6e41757657abaa94388c42249
RMD160 (gaim-1.4.0.tar.bz2) = d12354df0828451d32124750340b759180289591
@@ -6,3 +6,5 @@ Size (gaim-1.4.0.tar.bz2) = 5979303 bytes
SHA1 (patch-aa) = 555c394dbb4cd9ef4fea621d30ce72baae309067
SHA1 (patch-ad) = 21ffc478343793ce065c75a24ed0cf58b0677359
SHA1 (patch-ae) = 6c8a5960918ea77a766cdb4f3c2d805a61235771
+SHA1 (patch-af) = 63f14c28109a3515bffbed1ece14ae56f0652d13
+SHA1 (patch-ag) = 145aaa3e990eaada33186a5b13196e613b5aac91
diff --git a/chat/gaim/patches/patch-af b/chat/gaim/patches/patch-af
new file mode 100644
index 00000000000..7e0dd28621e
--- /dev/null
+++ b/chat/gaim/patches/patch-af
@@ -0,0 +1,78 @@
+$NetBSD: patch-af,v 1.1 2005/08/10 16:13:34 salo Exp $
+
+Fix for CAN-2005-2103, from RedHat.
+
+--- src/util.c.orig 2005-06-09 06:00:36.000000000 +0200
++++ src/util.c 2005-08-10 16:35:33.000000000 +0200
+@@ -2129,8 +2129,7 @@
+ gaim_str_sub_away_formatters(const char *str, const char *name)
+ {
+ char *c;
+- gchar *cpy;
+- int cnt = 0;
++ GString *cpy;
+ time_t t;
+ struct tm *tme;
+ char tmp[20];
+@@ -2138,12 +2137,12 @@
+ g_return_val_if_fail(str != NULL, NULL);
+ g_return_val_if_fail(name != NULL, NULL);
+
+- cpy = g_malloc(BUF_LONG);
++ /* Create an empty GString that is hopefully big enough for most messages */
++ cpy = g_string_sized_new(1024);
+
+ t = time(NULL);
+ tme = localtime(&t);
+
+- cpy[0] = '\0';
+ c = (char *)str;
+ while (*c) {
+ switch (*c) {
+@@ -2152,39 +2151,35 @@
+ switch (*(c + 1)) {
+ case 'n':
+ /* append name */
+- strcpy(cpy + cnt, name);
+- cnt += strlen(name);
++ g_string_append(cpy, name);
+ c++;
+ break;
+ case 'd':
+ /* append date */
+ strftime(tmp, 20, "%m/%d/%Y", tme);
+- strcpy(cpy + cnt, tmp);
+- cnt += strlen(tmp);
++ g_string_append(cpy, tmp);
+ c++;
+ break;
+ case 't':
+ /* append time */
+ strftime(tmp, 20, "%I:%M:%S %p", tme);
+- strcpy(cpy + cnt, tmp);
+- cnt += strlen(tmp);
++ g_string_append(cpy, tmp);
+ c++;
+ break;
+ default:
+- cpy[cnt++] = *c;
++ g_string_append_c(cpy, *c);
+ }
+ } else {
+- cpy[cnt++] = *c;
++ g_string_append_c(cpy, *c);
+ }
+ break;
+ default:
+- cpy[cnt++] = *c;
++ g_string_append_c(cpy, *c);
+ }
+ c++;
+ }
+- cpy[cnt] = '\0';
+
+- return cpy;
++ return g_string_free(cpy, FALSE);
+ }
+
+ gchar *
diff --git a/chat/gaim/patches/patch-ag b/chat/gaim/patches/patch-ag
new file mode 100644
index 00000000000..64ed2fdbdef
--- /dev/null
+++ b/chat/gaim/patches/patch-ag
@@ -0,0 +1,26 @@
+$NetBSD: patch-ag,v 1.1 2005/08/10 16:13:34 salo Exp $
+
+Fix for CAN-2005-2102, from RedHat.
+
+--- src/protocols/oscar/oscar.c.orig 2005-07-02 18:13:14.000000000 +0200
++++ src/protocols/oscar/oscar.c 2005-08-10 16:37:02.000000000 +0200
+@@ -3455,7 +3455,18 @@
+ xfer = gaim_xfer_new(gc->account, GAIM_XFER_RECEIVE, userinfo->sn);
+ xfer->remote_ip = g_strdup(args->verifiedip);
+ xfer->remote_port = args->port;
+- gaim_xfer_set_filename(xfer, args->info.sendfile.filename);
++
++ if (g_utf8_validate(args->info.sendfile.filename, -1,
++ NULL)) {
++ gaim_xfer_set_filename(xfer,
++ args->info.sendfile.filename);
++ } else {
++ gchar * utf8_filename = gaim_utf8_salvage(
++ args->info.sendfile.filename);
++ gaim_xfer_set_filename(xfer, utf8_filename);
++ g_free(utf8_filename);
++ }
++
+ gaim_xfer_set_size(xfer, args->info.sendfile.totsize);
+ gaim_xfer_set_message(xfer, message);
+