diff options
| author | abs <abs@pkgsrc.org> | 2004-11-29 17:54:03 +0000 |
|---|---|---|
| committer | abs <abs@pkgsrc.org> | 2004-11-29 17:54:03 +0000 |
| commit | 28a60048cd7562060329c642e5004e90fee13e92 (patch) | |
| tree | 7798e3b8db0e6a50b36bc97d8ebddcaabbd5f9b8 /chat | |
| parent | b922837e83b27eaf53d65ea9270fbe90b5348729 (diff) | |
| download | pkgsrc-28a60048cd7562060329c642e5004e90fee13e92.tar.gz | |
Update jabberd2 to jabberd-2.0s4nb1, by pulling in patches from
http://www.marquard.net/jabber/#recommended,
specifically patch 58 which fixes the remote exploit listed at:
http://www.securityfocus.com/archive/1/382250
Patches included:
28* patch-jedi8-sm-object_c
Remove incorrect semicolumn from os_object_free() in sm/object.c
29* patch-jedi-mysql-storage
Fixes to mysql storage for boundary conditions
30* patch-base64
Fix length-related issues in base64 decoding routines
31* patch-sm-storage_db
Fixes to storage_db.c to avoid roster corruption: "sm/storage_db
inserts items in the filter hash table with keys which are located
on the stack. This creates confusion when the code later tries to
compare with these keys."
32* patch-nad-escape
Fixes bug in _nad_escape() where escaping ]]> can cause a segfault
when handling large messages where nad_realloc is called.
38* patch-jedi-pgsql-storage
Fixes to pgsql storage for boundary conditions and incorrect buffer
length calculation
46* patch-memleaks
Fix minor memory leaks in digest-md5 authentication and nad_free()
47* patch-ns-fix
Fixes omission of namespace declaration where a namespace has
already been used in the XML stanza
48* patch-sm-nad-triplet
Fixes omission of prefix on attributes processed by nad_parse (e.g.
in queue storage)
49* patch-mod_disco_publish
Corrects check for deleting previously published disco items from
"delete" to "remove" (as per JEP-0030).
50* patch-sm-filter
Alters filter handling and adds mysql/pgsql escaping on filter
strings to allow brackets and apostrophes in resource names that
form part of JIDs stored as roster entries
58* patch-c2s-buffers
Fixes buffer overflow that can lead to segfault in c2s mysql and
pgsql auth modules - see report by icbm (www.venustech.com.cn)
Diffstat (limited to 'chat')
| -rw-r--r-- | chat/jabberd2/Makefile | 11 | ||||
| -rw-r--r-- | chat/jabberd2/distinfo | 30 |
2 files changed, 37 insertions, 4 deletions
diff --git a/chat/jabberd2/Makefile b/chat/jabberd2/Makefile index e181810833b..f8f31f2c526 100644 --- a/chat/jabberd2/Makefile +++ b/chat/jabberd2/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.14 2004/11/10 10:34:50 xtraeme Exp $ +# $NetBSD: Makefile,v 1.15 2004/11/29 17:54:03 abs Exp $ # DISTNAME= jabberd-2.0s4 +PKGREVISION= 1 CATEGORIES= chat MASTER_SITES= http://www.jabberstudio.org/files/jabberd2/ @@ -9,6 +10,14 @@ MAINTAINER= xtraeme@NetBSD.org HOMEPAGE= http://jabberd.jabberstudio.org/2/ COMMENT= Instant messaging server (version 2) +PATCH_SITES= http://www.marquard.net/jabber/patches/ +PATCHFILES= patch-jedi8-sm-object_c patch-jedi-mysql-storage patch-base64 \ + patch-sm-storage_db patch-nad-escape patch-jedi-pgsql-storage \ + patch-memleaks patch-ns-fix patch-sm-nad-triplet \ + patch-mod_disco_publish patch-sm-filter patch-c2s-buffers +DIST_SUBDIR= ${PKGNAME_NOREV} + + CONFLICTS= jabberd-[0-9]*:../../chat/jabberd USE_BUILDLINK3= yes diff --git a/chat/jabberd2/distinfo b/chat/jabberd2/distinfo index 0d5d61c5f40..65df6ece4d8 100644 --- a/chat/jabberd2/distinfo +++ b/chat/jabberd2/distinfo @@ -1,7 +1,31 @@ -$NetBSD: distinfo,v 1.3 2004/10/27 13:54:41 xtraeme Exp $ +$NetBSD: distinfo,v 1.4 2004/11/29 17:54:03 abs Exp $ -SHA1 (jabberd-2.0s4.tar.gz) = cb429db090982118f2b448499635ff14b91718b8 -Size (jabberd-2.0s4.tar.gz) = 716819 bytes +SHA1 (jabberd-2.0s4/jabberd-2.0s4.tar.gz) = cb429db090982118f2b448499635ff14b91718b8 +Size (jabberd-2.0s4/jabberd-2.0s4.tar.gz) = 716819 bytes +SHA1 (jabberd-2.0s4/patch-jedi8-sm-object_c) = 06d0737e93c3eee677c20fd2914b4dc70286acf6 +Size (jabberd-2.0s4/patch-jedi8-sm-object_c) = 341 bytes +SHA1 (jabberd-2.0s4/patch-jedi-mysql-storage) = 4684a8f89f8f79b31d2fcd9c39929404d840e3ef +Size (jabberd-2.0s4/patch-jedi-mysql-storage) = 1563 bytes +SHA1 (jabberd-2.0s4/patch-base64) = 1fb446754e86fb5a4361f8be81063d77d1d06a9f +Size (jabberd-2.0s4/patch-base64) = 4252 bytes +SHA1 (jabberd-2.0s4/patch-sm-storage_db) = a42c3b75c719bf36148b4a03e05c10d23d8da30a +Size (jabberd-2.0s4/patch-sm-storage_db) = 1264 bytes +SHA1 (jabberd-2.0s4/patch-nad-escape) = 3e32fc737958afc2d5faa0134407d12b5cf841c9 +Size (jabberd-2.0s4/patch-nad-escape) = 1052 bytes +SHA1 (jabberd-2.0s4/patch-jedi-pgsql-storage) = fb3226177bfafeced72a8c74c1594c4ed851d32c +Size (jabberd-2.0s4/patch-jedi-pgsql-storage) = 2648 bytes +SHA1 (jabberd-2.0s4/patch-memleaks) = 5d57fc737667ed39185dccc29d9174ae4ece85db +Size (jabberd-2.0s4/patch-memleaks) = 969 bytes +SHA1 (jabberd-2.0s4/patch-ns-fix) = 4b3b53cd54c7d93fd4f57a30bcf888fc96a6bf41 +Size (jabberd-2.0s4/patch-ns-fix) = 1193 bytes +SHA1 (jabberd-2.0s4/patch-sm-nad-triplet) = feedb1b21dc526cf0e1b643c57663c0c7b75a66c +Size (jabberd-2.0s4/patch-sm-nad-triplet) = 238 bytes +SHA1 (jabberd-2.0s4/patch-mod_disco_publish) = ff87c23b48ed1a68f77f6757249ac173c1ab2039 +Size (jabberd-2.0s4/patch-mod_disco_publish) = 509 bytes +SHA1 (jabberd-2.0s4/patch-sm-filter) = 4efd5fb4b5eca2b09eb475bd1be8d25ed6f72a47 +Size (jabberd-2.0s4/patch-sm-filter) = 12616 bytes +SHA1 (jabberd-2.0s4/patch-c2s-buffers) = bc66b98f81d23d2314b5515cf2191be38985afaf +Size (jabberd-2.0s4/patch-c2s-buffers) = 12112 bytes SHA1 (patch-aa) = ff9a1aa6c39b7e96870d4f884de09be8307ac169 SHA1 (patch-ab) = de1c8ec12b55117223bcca2071499c42ab145a34 SHA1 (patch-ac) = 312a07fa6772956297789e15025e0ca0fad9ebb7 |