summaryrefslogtreecommitdiff
path: root/chat
diff options
context:
space:
mode:
authoradrianp <adrianp@pkgsrc.org>2005-09-19 19:42:11 +0000
committeradrianp <adrianp@pkgsrc.org>2005-09-19 19:42:11 +0000
commitc56fedc1f66e3d23912dcde840bec41b78a384c6 (patch)
tree6be51d0b53a30638566d64150754de1ad95479ea /chat
parent8cb5c2d2ced2936cce67fa8d7b8aaff791ccf4ef (diff)
downloadpkgsrc-c56fedc1f66e3d23912dcde840bec41b78a384c6.tar.gz
Security fix for centericq via Debian
http://secunia.com/advisories/16240/
Diffstat (limited to 'chat')
-rw-r--r--chat/centericq/Makefile4
-rw-r--r--chat/centericq/distinfo8
-rw-r--r--chat/centericq/patches/patch-af80
-rw-r--r--chat/centericq/patches/patch-ag16
-rw-r--r--chat/centericq/patches/patch-ah161
-rw-r--r--chat/centericq/patches/patch-ai31
-rw-r--r--chat/centericq/patches/patch-aj83
-rw-r--r--chat/centericq/patches/patch-ak13
8 files changed, 393 insertions, 3 deletions
diff --git a/chat/centericq/Makefile b/chat/centericq/Makefile
index b2ea1c3eb62..28bf6e694dd 100644
--- a/chat/centericq/Makefile
+++ b/chat/centericq/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.52 2005/07/16 18:55:22 adrianp Exp $
+# $NetBSD: Makefile,v 1.53 2005/09/19 19:42:11 adrianp Exp $
#
DISTNAME= centericq-4.20.0
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= chat
MASTER_SITES= http://konst.org.ua/download/ \
http://centericq.de/archive/source/releases/
diff --git a/chat/centericq/distinfo b/chat/centericq/distinfo
index 1fbb00a2bd1..43f706b836e 100644
--- a/chat/centericq/distinfo
+++ b/chat/centericq/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.17 2005/09/06 08:10:57 abs Exp $
+$NetBSD: distinfo,v 1.18 2005/09/19 19:42:11 adrianp Exp $
SHA1 (centericq-4.20.0.tar.bz2) = 14b37c5257039853f0a1b948c7eaa49581a5913c
RMD160 (centericq-4.20.0.tar.bz2) = 7f17cd87aa4b98269fa65173b3e6317143c7c8ca
@@ -8,3 +8,9 @@ SHA1 (patch-ab) = 6d9beb28024666bbfef2e95cab648d7058f8136c
SHA1 (patch-ac) = 74ae25e19bf5d250a407a937bf78405b38cc86da
SHA1 (patch-ad) = be8ba5c952bf560b0758c97ba81c4faef04ffe49
SHA1 (patch-ae) = 01b4bf2e26c9974b189ffe5d0361651aabaef549
+SHA1 (patch-af) = 5104572b93c4bc1872340ac4d179d74f74958fe8
+SHA1 (patch-ag) = c63b3e1011205f7635ca1710a6e5b39f7ef8986c
+SHA1 (patch-ah) = 2e643c6cfd5812f5f35a08e29cfa858902e1760b
+SHA1 (patch-ai) = 2ac32940347733dbb63e12bdd54212435795b30d
+SHA1 (patch-aj) = 1e4ea16dfc5c8eeae9b70b4bda01a2b367ea2879
+SHA1 (patch-ak) = 155067c43db79d398465bac2d70878e8b714fa8b
diff --git a/chat/centericq/patches/patch-af b/chat/centericq/patches/patch-af
new file mode 100644
index 00000000000..4ffe4344711
--- /dev/null
+++ b/chat/centericq/patches/patch-af
@@ -0,0 +1,80 @@
+$NetBSD: patch-af,v 1.1 2005/09/19 19:42:11 adrianp Exp $
+
+--- libgadu-0.1/common.c.orig 2004-07-31 11:47:20.000000000 +0100
++++ libgadu-0.1/common.c
+@@ -284,6 +284,8 @@ char *gg_read_line(int sock, char *buf,
+ {
+ int ret;
+
++ if (!buf || length < 0)
++ return NULL;
+ for (; length > 1; buf++, length--) {
+ do {
+ if ((ret = read(sock, buf, 1)) == -1 && errno != EINTR) {
+@@ -340,7 +342,7 @@ char *gg_urlencode(const char *str)
+ {
+ char *q, *buf, hex[] = "0123456789abcdef";
+ const char *p;
+- int size = 0;
++ unsigned int size = 0;
+
+ if (!str && !(str = strdup("")))
+ return NULL;
+@@ -392,18 +394,18 @@ int gg_http_hash(const char *format, ...
+ va_start(ap, format);
+
+ for (j = 0; j < strlen(format); j++) {
+- unsigned char *arg, buf[16];
++ char *arg, buf[16];
+
+ if (format[j] == 'u') {
+ snprintf(buf, sizeof(buf), "%d", va_arg(ap, uin_t));
+ arg = buf;
+ } else {
+- if (!(arg = va_arg(ap, unsigned char*)))
++ if (!(arg = va_arg(ap, char*)))
+ arg = "";
+ }
+
+ i = 0;
+- while ((c = (int) arg[i++]) != 0) {
++ while ((c = (unsigned char) arg[i++]) != 0) {
+ a = (c ^ b) + (c << 8);
+ b = (a >> 24) | (a << 8);
+ }
+@@ -532,7 +534,7 @@ static char gg_base64_charset[] =
+ char *gg_base64_encode(const char *buf)
+ {
+ char *out, *res;
+- int i = 0, j = 0, k = 0, len = strlen(buf);
++ unsigned int i = 0, j = 0, k = 0, len = strlen(buf);
+
+ res = out = malloc((len / 3 + 1) * 4 + 2);
+
+@@ -590,7 +592,7 @@ char *gg_base64_decode(const char *buf)
+ {
+ char *res, *save, *foo, val;
+ const char *end;
+- int index = 0;
++ unsigned int index = 0;
+
+ if (!buf)
+ return NULL;
+@@ -684,7 +686,7 @@ static int gg_crc32_initialized = 0;
+ static void gg_crc32_make_table()
+ {
+ uint32_t h = 0;
+- int i, j;
++ unsigned int i, j;
+
+ memset(gg_crc32_table, 0, sizeof(gg_crc32_table));
+
+@@ -713,6 +715,8 @@ uint32_t gg_crc32(uint32_t crc, const un
+ {
+ if (!gg_crc32_initialized)
+ gg_crc32_make_table();
++ if (!buf || len < 0)
++ return crc;
+
+ crc ^= 0xffffffffL;
+
diff --git a/chat/centericq/patches/patch-ag b/chat/centericq/patches/patch-ag
new file mode 100644
index 00000000000..bb389286c9d
--- /dev/null
+++ b/chat/centericq/patches/patch-ag
@@ -0,0 +1,16 @@
+$NetBSD: patch-ag,v 1.1 2005/09/19 19:42:11 adrianp Exp $
+
+--- libgadu-0.1/dcc.c.orig 2004-01-26 23:49:33.000000000 +0000
++++ libgadu-0.1/dcc.c
+@@ -51,9 +51,9 @@
+ * - buf - bufor z danymi
+ * - size - rozmiar danych
+ */
+-static void gg_dcc_debug_data(const char *prefix, int fd, const void *buf, int size)
++static void gg_dcc_debug_data(const char *prefix, int fd, const void *buf, unsigned int size)
+ {
+- int i;
++ unsigned int i;
+
+ gg_debug(GG_DEBUG_MISC, "++ gg_dcc %s (fd=%d,len=%d)", prefix, fd, size);
+
diff --git a/chat/centericq/patches/patch-ah b/chat/centericq/patches/patch-ah
new file mode 100644
index 00000000000..c221113feb3
--- /dev/null
+++ b/chat/centericq/patches/patch-ah
@@ -0,0 +1,161 @@
+$NetBSD: patch-ah,v 1.1 2005/09/19 19:42:11 adrianp Exp $
+
+--- libgadu-0.1/events.c.orig 2004-06-10 20:20:08.000000000 +0100
++++ libgadu-0.1/events.c
+@@ -27,6 +27,7 @@
+ #include <arpa/inet.h>
+
+ #include "libgadu-config.h"
++#include "libgadu.h"
+
+ #include <errno.h>
+ #ifdef __GG_LIBGADU_HAVE_PTHREAD
+@@ -153,7 +154,7 @@ int gg_image_queue_remove(struct gg_sess
+ * - e - opis zdarzenia
+ * -
+ */
+-static void gg_image_queue_parse(struct gg_event *e, char *p, int len, struct gg_session *sess, uin_t sender)
++static void gg_image_queue_parse(struct gg_event *e, char *p, unsigned int len, struct gg_session *sess, uin_t sender)
+ {
+ struct gg_msg_image_reply *i = (void*) p;
+ struct gg_image_queue *q, *qq;
+@@ -285,7 +286,7 @@ static int gg_handle_recv_msg(struct gg_
+
+ count = gg_fix32(m->count);
+
+- if (p + count * sizeof(uin_t) > packet_end) {
++ if (p + count * sizeof(uin_t) > packet_end || p + count * sizeof(uin_t) < p || count > 0xffff) {
+ gg_debug(GG_DEBUG_MISC, "// gg_handle_recv_msg() packet out of bounds (1.5)\n");
+ goto malformed;
+ }
+@@ -296,8 +297,11 @@ static int gg_handle_recv_msg(struct gg_
+ goto fail;
+ }
+
+- for (i = 0; i < count; i++, p += sizeof(uin_t))
+- e->event.msg.recipients[i] = gg_fix32(*((uint32_t*) p));
++ for (i = 0; i < count; i++, p += sizeof(uint32_t)) {
++ uint32_t u;
++ memcpy(&u, p, sizeof(uint32_t));
++ e->event.msg.recipients[i] = gg_fix32(u);
++ }
+
+ e->event.msg.recipients_count = count;
+
+@@ -306,15 +310,15 @@ static int gg_handle_recv_msg(struct gg_
+
+ case 0x02: /* richtext */
+ {
+- unsigned short len;
++ uint16_t len;
+ char *buf;
+
+ if (p + 3 > packet_end) {
+ gg_debug(GG_DEBUG_MISC, "// gg_handle_recv_msg() packet out of bounds (2)\n");
+ goto malformed;
+ }
+-
+- len = gg_fix16(*((unsigned short*) (p + 1)));
++ memcpy(&len, p + 1, sizeof(uint16_t));
++ len = gg_fix16(len);
+
+ if (!(buf = malloc(len))) {
+ gg_debug(GG_DEBUG_MISC, "// gg_handle_recv_msg() not enough memory for richtext data\n");
+@@ -361,12 +365,22 @@ static int gg_handle_recv_msg(struct gg_
+ case 0x05: /* image_reply */
+ case 0x06:
+ {
+- if (p + sizeof(struct gg_msg_image_reply) + 1 > packet_end) {
++ struct gg_msg_image_reply *rep = (void*)p;
++
++ if (p + sizeof(struct gg_msg_image_reply) == packet_end) {
++ e->type = GG_EVENT_IMAGE_REPLY;
++ e->event.image_reply.sender = gg_fix32(r->sender);
++ e->event.image_reply.size = 0;
++ e->event.image_reply.crc32 = gg_fix32(rep->crc32);
++ e->event.image_reply.filename = NULL;
++ e->event.image_reply.image = NULL;
++ } else if (p + sizeof(struct gg_msg_image_reply) + 1 > packet_end) {
+ gg_debug(GG_DEBUG_MISC, "// gg_handle_recv_msg() packet out of bounds (4)\n");
+ goto malformed;
+ }
+-
+- gg_image_queue_parse(e, p, (int)(packet_end - p), sess, gg_fix32(r->sender));
++ rep->size = gg_fix32(rep->size);
++ rep->crc32 = gg_fix32(rep->crc32);
++ gg_image_queue_parse(e, p, (unsigned int)(packet_end - p), sess, gg_fix32(r->sender));
+
+ return 0;
+ }
+@@ -443,7 +457,7 @@ static int gg_watch_fd_connected(struct
+ case GG_NOTIFY_REPLY:
+ {
+ struct gg_notify_reply *n = (void*) p;
+- int count, i;
++ unsigned int count, i;
+ char *tmp;
+
+ gg_debug(GG_DEBUG_MISC, "// gg_watch_fd_connected() received a notify reply\n");
+@@ -454,7 +468,7 @@ static int gg_watch_fd_connected(struct
+ goto fail;
+ }
+
+- if (gg_fix32(n->status) == GG_STATUS_BUSY_DESCR || gg_fix32(n->status == GG_STATUS_NOT_AVAIL_DESCR) || gg_fix32(n->status) == GG_STATUS_AVAIL_DESCR) {
++ if (gg_fix32(n->status) == GG_STATUS_BUSY_DESCR || gg_fix32(n->status) == GG_STATUS_NOT_AVAIL_DESCR || gg_fix32(n->status) == GG_STATUS_AVAIL_DESCR) {
+ e->type = GG_EVENT_NOTIFY_DESCR;
+
+ if (!(e->event.notify_descr.notify = (void*) malloc(sizeof(*n) * 2))) {
+@@ -557,6 +571,8 @@ static int gg_watch_fd_connected(struct
+ e->event.notify60[i].descr = NULL;
+ e->event.notify60[i].time = 0;
+
++ if (uin & 0x40000000)
++ e->event.notify60[i].version |= GG_HAS_AUDIO_MASK;
+ if (GG_S_D(n->status)) {
+ unsigned char descr_len = *((char*) n + sizeof(struct gg_notify_reply60));
+
+@@ -628,8 +644,11 @@ static int gg_watch_fd_connected(struct
+
+ e->event.status60.descr = buf;
+
+- if (len > 4 && p[h->length - 5] == 0)
+- e->event.status60.time = *((int*) (p + h->length - 4));
++ if (len > 4 && p[h->length - 5] == 0) {
++ uint32_t t;
++ memcpy(&t, p + h->length - 4, sizeof(uint32_t));
++ e->event.status60.time = gg_fix32(t);
++ }
+ }
+
+ break;
+@@ -695,7 +714,7 @@ static int gg_watch_fd_connected(struct
+
+ if (h->length > 1) {
+ char *tmp;
+- int len = (sess->userlist_reply) ? strlen(sess->userlist_reply) : 0;
++ unsigned int len = (sess->userlist_reply) ? strlen(sess->userlist_reply) : 0;
+
+ gg_debug(GG_DEBUG_MISC, "userlist_reply=%p, len=%d\n", sess->userlist_reply, len);
+
+@@ -1336,7 +1355,11 @@ struct gg_event *gg_watch_fd(struct gg_s
+ free(sess->password);
+ sess->password = NULL;
+
+- gg_debug(GG_DEBUG_MISC, "// gg_watch_fd() gg_dcc_ip = %s\n", inet_ntoa(*((struct in_addr*) &gg_dcc_ip)));
++ {
++ struct in_addr dcc_ip;
++ dcc_ip.s_addr = gg_dcc_ip;
++ gg_debug(GG_DEBUG_MISC, "// gg_watch_fd() gg_dcc_ip = %s\n", inet_ntoa(dcc_ip));
++ }
+
+ if (gg_dcc_ip == (unsigned long) inet_addr("255.255.255.255")) {
+ struct sockaddr_in sin;
+@@ -1363,7 +1386,7 @@ struct gg_event *gg_watch_fd(struct gg_s
+
+ if (sess->external_addr && sess->external_port > 1023) {
+ l.external_ip = sess->external_addr;
+- l.external_port = sess->external_port;
++ l.external_port = gg_fix16(sess->external_port);
+ }
+
+ gg_debug(GG_DEBUG_TRAFFIC, "// gg_watch_fd() sending GG_LOGIN60 packet\n");
diff --git a/chat/centericq/patches/patch-ai b/chat/centericq/patches/patch-ai
new file mode 100644
index 00000000000..ac708434087
--- /dev/null
+++ b/chat/centericq/patches/patch-ai
@@ -0,0 +1,31 @@
+$NetBSD: patch-ai,v 1.1 2005/09/19 19:42:11 adrianp Exp $
+
+--- libgadu-0.1/http.c.orig 2005-01-23 13:22:37.000000000 +0000
++++ libgadu-0.1/http.c
+@@ -264,7 +264,7 @@ int gg_http_watch_fd(struct gg_http *h)
+ }
+
+ if (h->state == GG_STATE_SENDING_QUERY) {
+- unsigned int res;
++ int res;
+
+ if ((res = write(h->fd, h->query, strlen(h->query))) < 1) {
+ gg_debug(GG_DEBUG_MISC, "=> http, write() failed (len=%d, res=%d, errno=%d)\n", strlen(h->query), res, errno);
+@@ -293,7 +293,7 @@ int gg_http_watch_fd(struct gg_http *h)
+
+ if (h->state == GG_STATE_READING_HEADER) {
+ char buf[1024], *tmp;
+- unsigned int res;
++ int res;
+
+ if ((res = read(h->fd, buf, sizeof(buf))) == -1) {
+ gg_debug(GG_DEBUG_MISC, "=> http, reading header failed (errno=%d)\n", errno);
+@@ -401,7 +401,7 @@ int gg_http_watch_fd(struct gg_http *h)
+
+ if (h->state == GG_STATE_READING_DATA) {
+ char buf[1024];
+- unsigned int res;
++ int res;
+
+ if ((res = read(h->fd, buf, sizeof(buf))) == -1) {
+ gg_debug(GG_DEBUG_MISC, "=> http, reading body failed (errno=%d)\n", errno);
diff --git a/chat/centericq/patches/patch-aj b/chat/centericq/patches/patch-aj
new file mode 100644
index 00000000000..fa9a1d38314
--- /dev/null
+++ b/chat/centericq/patches/patch-aj
@@ -0,0 +1,83 @@
+$NetBSD: patch-aj,v 1.1 2005/09/19 19:42:11 adrianp Exp $
+
+--- libgadu-0.1/libgadu.c.orig 2004-03-30 23:44:07.000000000 +0100
++++ libgadu-0.1/libgadu.c
+@@ -378,7 +378,7 @@ int gg_read(struct gg_session *sess, cha
+ */
+ int gg_write(struct gg_session *sess, const char *buf, int length)
+ {
+- int res;
++ int res = 0;
+
+ #ifdef __GG_LIBGADU_HAVE_OPENSSL
+ if (sess->ssl) {
+@@ -415,7 +415,8 @@ void *gg_recv_packet(struct gg_session *
+ {
+ struct gg_header h;
+ char *buf = NULL;
+- int ret = 0, offset, size = 0;
++ int ret = 0;
++ unsigned int offset, size = 0;
+
+ gg_debug(GG_DEBUG_FUNCTION, "** gg_recv_packet(%p);\n", sess);
+
+@@ -477,7 +478,7 @@ void *gg_recv_packet(struct gg_session *
+ memcpy(&h, sess->recv_buf, sizeof(h));
+
+ /* jakieś sensowne limity na rozmiar pakietu */
+- if (h.length < 0 || h.length > 65535) {
++ if (h.length > 65535) {
+ gg_debug(GG_DEBUG_MISC, "// gg_recv_packet() invalid packet length (%d)\n", h.length);
+ errno = ERANGE;
+ return NULL;
+@@ -503,11 +504,18 @@ void *gg_recv_packet(struct gg_session *
+ while (size > 0) {
+ ret = gg_read(sess, buf + sizeof(h) + offset, size);
+ gg_debug(GG_DEBUG_MISC, "// gg_recv_packet() body recv(%d,%p,%d) = %d\n", sess->fd, buf + sizeof(h) + offset, size, ret);
++ if (!ret) {
++ gg_debug(GG_DEBUG_MISC, "// gg_recv_packet() failed: connection broken\n");
++ errno = ECONNRESET;
++ return NULL;
++ }
+ if (ret > -1 && ret <= size) {
+ offset += ret;
+ size -= ret;
+ } else if (ret == -1) {
++ int errno2 = errno;
+ gg_debug(GG_DEBUG_MISC, "// gg_recv_packet() body recv() failed (errno=%d, %s)\n", errno, strerror(errno));
++ errno = errno2;
+ if (errno == EAGAIN) {
+ gg_debug(GG_DEBUG_MISC, "// gg_recv_packet() %d bytes received, %d left\n", offset, size);
+ sess->recv_buf = buf;
+@@ -558,9 +566,9 @@ int gg_send_packet(struct gg_session *se
+ {
+ struct gg_header *h;
+ char *tmp;
+- int tmp_length;
++ unsigned int tmp_length;
+ void *payload;
+- int payload_length;
++ unsigned int payload_length;
+ va_list ap;
+ int res;
+
+@@ -584,7 +592,9 @@ int gg_send_packet(struct gg_session *se
+ while (payload) {
+ char *tmp2;
+
+- payload_length = va_arg(ap, int);
++ if (payload_length < 0)
++ gg_debug(GG_DEBUG_MISC, "// gg_send_packet() invalid payload length (%d)\n", payload_length);
++ payload_length = va_arg(ap, unsigned int);
+
+ if (payload_length < 0)
+ gg_debug(GG_DEBUG_MISC, "// gg_send_packet() invalid payload length (%d)\n", payload_length);
+@@ -1150,7 +1160,7 @@ int gg_image_reply(struct gg_session *se
+ struct gg_send_msg s;
+ const char *tmp;
+ char buf[1910];
+- int res;
++ int res = -1;
+
+ gg_debug(GG_DEBUG_FUNCTION, "** gg_image_reply(%p, %d, \"%s\", %p, %d);\n", sess, recipient, filename, image, size);
+
diff --git a/chat/centericq/patches/patch-ak b/chat/centericq/patches/patch-ak
new file mode 100644
index 00000000000..daef14e61e4
--- /dev/null
+++ b/chat/centericq/patches/patch-ak
@@ -0,0 +1,13 @@
+$NetBSD: patch-ak,v 1.1 2005/09/19 19:42:11 adrianp Exp $
+
+--- libgadu-0.1/libgadu.h.orig 2004-06-10 20:20:08.000000000 +0100
++++ libgadu-0.1/libgadu.h
+@@ -351,7 +351,7 @@ struct gg_login_params {
+ int tls; /* czy łączymy po TLS? */
+ int image_size; /* maksymalny rozmiar obrazka w KiB */
+
+- char dummy[7 * sizeof(int)]; /* miejsce na kolejnych 8 zmiennych,
++ char dummy[6 * sizeof(int)]; /* miejsce na kolejnych 8 zmiennych,
+ * żeby z dodaniem parametru nie
+ * zmieniał się rozmiar struktury */
+ };