From 4b8982cf8f75b002169cbb36a517a814758780f0 Mon Sep 17 00:00:00 2001 From: salo Date: Fri, 5 Aug 2005 14:33:53 +0000 Subject: Security fix for CAN-2005-2370 "Multiple "memory alignment errors" in libgadu, as used in ekg before 1.6rc2 and other packages, allows remote attackers to cause a denial of service (bus error) on certain architectures such as SPARC via an incoming message." Bump PKGREVISION, patch from Gaim CVS. --- chat/gaim/Makefile | 3 ++- chat/gaim/buildlink3.mk | 4 ++-- chat/gaim/distinfo | 3 ++- chat/gaim/patches/patch-ae | 20 ++++++++++++++++++++ 4 files changed, 26 insertions(+), 4 deletions(-) create mode 100644 chat/gaim/patches/patch-ae (limited to 'chat/gaim') diff --git a/chat/gaim/Makefile b/chat/gaim/Makefile index 5551cd002d4..76c7993c881 100644 --- a/chat/gaim/Makefile +++ b/chat/gaim/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.92 2005/07/21 16:29:45 wiz Exp $ +# $NetBSD: Makefile,v 1.93 2005/08/05 14:33:53 salo Exp $ DISTNAME= gaim-1.4.0 +PKGREVISION= 1 CATEGORIES= chat x11 MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=gaim/} EXTRACT_SUFX= .tar.bz2 diff --git a/chat/gaim/buildlink3.mk b/chat/gaim/buildlink3.mk index 63a9d100721..d213606c29e 100644 --- a/chat/gaim/buildlink3.mk +++ b/chat/gaim/buildlink3.mk @@ -1,4 +1,4 @@ -# $NetBSD: buildlink3.mk,v 1.5 2005/05/12 10:32:18 salo Exp $ +# $NetBSD: buildlink3.mk,v 1.6 2005/08/05 14:33:53 salo Exp $ BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH}+ GAIM_BUILDLINK3_MK:= ${GAIM_BUILDLINK3_MK}+ @@ -12,7 +12,7 @@ BUILDLINK_PACKAGES+= gaim .if !empty(GAIM_BUILDLINK3_MK:M+) BUILDLINK_DEPENDS.gaim+= gaim>=1.1.2 -BUILDLINK_RECOMMENDED.gaim+= gaim>=1.3.0 +BUILDLINK_RECOMMENDED.gaim+= gaim>=1.4.0nb1 BUILDLINK_PKGSRCDIR.gaim?= ../../chat/gaim PRINT_PLIST_AWK+= /^@dirrm lib\/gaim$$/ \ diff --git a/chat/gaim/distinfo b/chat/gaim/distinfo index ef4f011584a..eb1c261a17c 100644 --- a/chat/gaim/distinfo +++ b/chat/gaim/distinfo @@ -1,7 +1,8 @@ -$NetBSD: distinfo,v 1.66 2005/07/08 09:39:47 grant Exp $ +$NetBSD: distinfo,v 1.67 2005/08/05 14:33:53 salo Exp $ SHA1 (gaim-1.4.0.tar.bz2) = 49955722104216e6e41757657abaa94388c42249 RMD160 (gaim-1.4.0.tar.bz2) = d12354df0828451d32124750340b759180289591 Size (gaim-1.4.0.tar.bz2) = 5979303 bytes SHA1 (patch-aa) = 555c394dbb4cd9ef4fea621d30ce72baae309067 SHA1 (patch-ad) = 21ffc478343793ce065c75a24ed0cf58b0677359 +SHA1 (patch-ae) = 6c8a5960918ea77a766cdb4f3c2d805a61235771 diff --git a/chat/gaim/patches/patch-ae b/chat/gaim/patches/patch-ae new file mode 100644 index 00000000000..c6ad1d130db --- /dev/null +++ b/chat/gaim/patches/patch-ae @@ -0,0 +1,20 @@ +$NetBSD: patch-ae,v 1.3 2005/08/05 14:33:53 salo Exp $ + +Fix for CAN-2005-2370, from Gaim CVS. + +--- src/protocols/gg/libgg.c.orig 2005-03-02 12:53:57.000000000 +0100 ++++ src/protocols/gg/libgg.c 2005-08-05 15:38:42.000000000 +0200 +@@ -1098,8 +1098,11 @@ + + e->event.status60.descr = buf; + +- if (len > 4 && p[h->length - 5] == 0) +- e->event.status60.time = *((int*) (p + h->length - 4)); ++ if (len > 4 && p[h->length - 5] == 0) { ++ uint32_t t; ++ memcpy(&t, p + h->length - 4, sizeof(uint32_t)); ++ e->event.status60.time = t; ++ } + } + + break; -- cgit v1.2.3