From 37fbcb8563c4a34b2b10d6420b58655dbe71b4fc Mon Sep 17 00:00:00 2001 From: tonnerre Date: Sun, 13 Jul 2008 12:04:11 +0000 Subject: Upgrade silc-client to version 1.1.4. This fixes two security issues and various character set problems. The security issues fixed: * NICK_CHANGE buffer overflow: CVE-2007-3728. * pkcs_decode buffer overflow: CORE-2007-1212. Changes since version 1.0.4.1: - Fixed NEW_CLIENT packet handling crash. - Fixed partial encryption in CTR mode in AES. - Fixed printable fingerprint buffer overflow. - Fixed UNIX signal delivery il SILC scheduler. - Reprocess JOIN command synchronously after resolving channel user list. - In JOIN command reply check if the channel key is already saved. - Remove all channel keys and hmacs after giving LEAVE command. - Added missing channel unreferencing in CMODE, CUMODE, TOPIC, INVITE, BAN and KICK command replies. - Fixed connection authentication with public keys to use correct public key as responder. - Zero tail of CTR mode IV in IV Included mode. - Fixed CTR mode rekey. - Rewrote the IV Included CTR mode encryption/decryption in packet engine. - Fixed non-IPv6 compilation error. - Fixed channel private key deleting when deleting the channel. - Fixed TIMEOUT handling in user info resolving during JOINing, fixes crash. - Fixed mandatory UN and HN SILC public key identifier checking. - Fixed alignment issues with 64-bit CPUs. - Added "There are now xx nick's" to "are xx nicks". - Fixed USERS command user mode handling (integer overflow). - Fixed big-endian issues from aes implementation. - Fixed lib/silcutil/silcatomic.h compilation on IA64. - Fixed public key identifier parsing to check lengths correctly. - In silc_client_free check that scheduler is allocated before trying to free it. - Fixed buffer overflow in NICK_CHANGE notify. The destination buffer for old nicknames was too small. - Added support for rekey with PFS when using CTR mode encryption. - Added silc_idcache_move that can be used to move entries between caches. - Added better checks for invalid argument and notify payloads. - Fixed SILC_PACKET_FLAG_LONG_PAD bitmask value. - Set the destination ID to packet stream as SKE responder if ID was present in key exchange packet. - Compile sources with _GNU_SOURCE on Linux systems. - Fixed Unix signal task dispatching to not lock the signals when dispatching the callback to avoid deadlocks. - Added SILC_VERSION macro for checking package versions at compile time. - Use SILC_VERIFY to assert that silc_rwlock_wrlock can be called only once per thread on Unix. - Fixed USERS command reply write-lock unlocking. - Fixed silc_create_key_pair to check for valid identifier. - Rewrite signed public message handling, adopting the new hilight interface. - Fix off by one error when loading modules. - Don't delete hilight entry (because it's just a pointer, not a copy). - Added __SILC_TOOLKIT_x_x_x macro to all Toolkit distribution which can be used to check for Toolkit version in third-party software. - Added support for channel@server channel name strings to client library (SILC protocol version 1.3 change). - Added full_nicknames and full_channel_names settings to SilcClientParams that can be used to specify whether client library returns full nickname and channel name strings. Full strings are nick@server and channel@server. - Fixed unix connecting failure to return error code correctly. - Fixed SKE timeout double free crash. - Fixed MIME multipart decoding buffer overflow. - Fixed connection auth protocol timeout crash. - Fixed FSM machine finishing to check for existing threads at the final free callback to allow time for the threads to finish. - Fixed silc_client_get_clients_local to check the nick's server also if nick@server nickname string is given to the function. - And many more, oh well. For the user this means: better charset support, less crashes, nick names now potentially user#23, server specific channels and more sanity. Talked over a while ago with wiz with no objections. --- chat/silc-client/patches/patch-aa | 37 ++++++++----------------- chat/silc-client/patches/patch-ab | 58 +++++++++++++++++++++++++++------------ chat/silc-client/patches/patch-ac | 24 ++++++++-------- chat/silc-client/patches/patch-ad | 39 ++++++++------------------ chat/silc-client/patches/patch-ae | 13 +++++++++ 5 files changed, 89 insertions(+), 82 deletions(-) create mode 100644 chat/silc-client/patches/patch-ae (limited to 'chat/silc-client/patches') diff --git a/chat/silc-client/patches/patch-aa b/chat/silc-client/patches/patch-aa index 9c9b00a9f1d..f7f81ef9079 100644 --- a/chat/silc-client/patches/patch-aa +++ b/chat/silc-client/patches/patch-aa @@ -1,26 +1,13 @@ -$NetBSD: patch-aa,v 1.12 2007/05/18 21:04:25 salo Exp $ +$NetBSD: patch-aa,v 1.13 2008/07/13 12:04:11 tonnerre Exp $ ---- Makefile.in.orig 2006-01-06 14:46:28.000000000 +0100 -+++ Makefile.in 2006-01-08 20:45:25.000000000 +0100 -@@ -763,18 +763,18 @@ - - - @with_irssi_TRUE@install-dirs-client: --@with_irssi_TRUE@ -mkdir -p $(etcdir) -+@with_irssi_TRUE@ -mkdir -p $(examplesdir) - @with_irssi_TRUE@ -mkdir -p $(helpdir) - @with_irssi_TRUE@ -mkdir -p $(mandir)/man1 - - @with_irssi_TRUE@doc-install-client: --@with_irssi_TRUE@ $(INSTALL_DATA) $(srcdir)/apps/irssi/silc.conf $(docdir)/example_silc.conf -+@with_irssi_TRUE@ $(INSTALL_DATA) $(srcdir)/apps/irssi/silc.conf $(examplesdir)/silc.conf.default - @with_irssi_TRUE@ -@if test -f $(srcdir)/doc/silc.1 ; then $(INSTALL_DATA) $(srcdir)/doc/silc.1 $(mandir)/man1; fi - - @with_irssi_TRUE@etc-install-client: - @with_irssi_TRUE@ -@if test '!' -d $(srcdir)/apps/irssi ; then if test '!' -f $(etcdir)/silc.conf ; then $(INSTALL_DATA) $(srcdir)/apps/irssi/silc.conf $(etcdir)/silc.conf; fi; fi - --@with_irssi_TRUE@install-data-hook: install-dirs-client doc-install-client etc-install-client -+@with_irssi_TRUE@install-data-hook: install-dirs-client doc-install-client - - @INCLUDE_DEFINES_INT@ - +--- apps/irssi/docs/help/Makefile.in.orig 2007-12-07 18:10:34.000000000 +0100 ++++ apps/irssi/docs/help/Makefile.in 2007-12-07 18:10:48.000000000 +0100 +@@ -211,7 +211,7 @@ + target_alias = @target_alias@ + top_builddir = @top_builddir@ + top_srcdir = @top_srcdir@ +-@SILCPLUGIN_FALSE@helpdir = $(datadir)/silc/help ++@SILCPLUGIN_FALSE@helpdir = $(datadir)/silc-client/help + @SILCPLUGIN_TRUE@helpdir = $(datadir)/irssi/help/silc + @SILCPLUGIN_FALSE@SILCHELP = + @SILCPLUGIN_TRUE@SILCHELP = silc diff --git a/chat/silc-client/patches/patch-ab b/chat/silc-client/patches/patch-ab index a27b00cc32e..32812d12597 100644 --- a/chat/silc-client/patches/patch-ab +++ b/chat/silc-client/patches/patch-ab @@ -1,22 +1,44 @@ -$NetBSD: patch-ab,v 1.12 2007/05/18 21:04:25 salo Exp $ +$NetBSD: patch-ab,v 1.13 2008/07/13 12:04:11 tonnerre Exp $ ---- apps/irssi/Makefile.in.orig 2007-03-07 19:02:19.000000000 +0000 -+++ apps/irssi/Makefile.in 2007-05-18 20:19:04.000000000 +0000 -@@ -282,7 +282,7 @@ sysconfdir = @sysconfdir@ - target_alias = @target_alias@ - @BUILD_PLUGINS_TRUE@PLUGINS = plugins - @BUILD_SERVERTEST_TRUE@SERVERTEST = servertest --SUBDIRS = src docs scripts -+SUBDIRS = src docs - - # - # INCLUDE defines -@@ -297,7 +297,7 @@ INCLUDES = $(ADD_INCLUDES) $(SILC_CFLAGS +--- apps/irssi/Makefile.in.orig 2007-11-06 15:45:06.000000000 +0100 ++++ apps/irssi/Makefile.in 2007-12-07 17:25:54.000000000 +0100 +@@ -291,7 +291,7 @@ #confdir = $(sysconfdir) confdir = $(silc_etcdir) conffile = silc.conf --themedir = $(datadir)/silc/themes -+themedir = $(datadir)/silc-client/themes - theme_DATA = default.theme - noinst_HEADERS = irssi-version.h.in - EXTRA_DIST = \ +-@SILCPLUGIN_FALSE@themedir = $(datadir)/silc/themes ++@SILCPLUGIN_FALSE@themedir = $(datadir)/silc-client/themes + @SILCPLUGIN_TRUE@themedir = $(datadir)/irssi/themes + @SILCPLUGIN_FALSE@theme_DATA = default.theme plugin.theme + @SILCPLUGIN_TRUE@theme_DATA = plugin.theme +@@ -815,7 +815,8 @@ + -mkdir -p $(mandir)/man1 + + doc-install-client: +- $(INSTALL_DATA) $(silc_top_srcdir)/apps/irssi/silc.conf $(docdir)/example_silc.conf ++ $(INSTALL) -d $(examplesdir)/ ++ $(INSTALL_DATA) $(silc_top_srcdir)/apps/irssi/silc.conf $(examplesdir)/silc.conf.default + -@if test -f $(silc_top_srcdir)/doc/silc.1 ; then \ + $(INSTALL_DATA) $(silc_top_srcdir)/doc/silc.1 $(mandir)/man1; \ + fi +@@ -823,16 +824,16 @@ + etc-install-client: + -@if test -d $(silc_top_srcdir)/apps/irssi ; then \ + mkdir -p $(etcdir) ; \ +- if test '!' -f $(etcdir)/silc.conf ; then \ ++ if test '!' -f $(examplesdir)/silc.conf.default ; then \ + $(INSTALL_DATA) $(silc_top_srcdir)/apps/irssi/silc.conf \ +- $(etcdir)/silc.conf; \ ++ $(examplesdir)/silc.conf.default; \ + fi; \ + fi + + install-data-hook: \ + install-dirs-client \ +- doc-install-client \ +- $(ETCINSTALL) ++ doc-install-client ++ + # Tell versions [3.59,3.63) of GNU make to not export all variables. + # Otherwise a system limit (for SysV at least) may be exceeded. + .NOEXPORT: diff --git a/chat/silc-client/patches/patch-ac b/chat/silc-client/patches/patch-ac index 2769f08d957..93b2b3d7fdd 100644 --- a/chat/silc-client/patches/patch-ac +++ b/chat/silc-client/patches/patch-ac @@ -1,13 +1,13 @@ -$NetBSD: patch-ac,v 1.9 2007/05/18 21:04:25 salo Exp $ +$NetBSD: patch-ac,v 1.10 2008/07/13 12:04:11 tonnerre Exp $ ---- apps/irssi/src/perl/Makefile.in.orig 2006-01-06 14:46:28.000000000 +0100 -+++ apps/irssi/src/perl/Makefile.in 2006-01-08 20:47:56.000000000 +0100 -@@ -281,7 +281,7 @@ - -I$(top_srcdir)/src/fe-common/core \ - -I$(top_srcdir)/src/fe-common/silc \ - $(GLIB_CFLAGS) \ -- -DSCRIPTDIR=\""$(datadir)/silc/scripts"\" \ -+ -DSCRIPTDIR=\""$(prefix)/libexec/silc-client/scripts"\" \ - -DPERL_USE_LIB=\""$(PERL_USE_LIB)"\" \ - -DPERL_STATIC_LIBS=$(PERL_STATIC_LIBS) \ - $(PERL_CFLAGS) +--- apps/irssi/src/perl/Makefile.in.orig 2007-11-06 15:45:06.000000000 +0100 ++++ apps/irssi/src/perl/Makefile.in 2007-12-07 16:08:08.000000000 +0100 +@@ -291,7 +291,7 @@ + moduledir = @SILC_IRSSIDIR@ + @SILCPLUGIN_FALSE@perl_dirs = common ui textui silc + @SILCPLUGIN_TRUE@perl_dirs = silc +-@SILCPLUGIN_FALSE@SCRIPTDIR = "$(datadir)/silc/scripts" ++@SILCPLUGIN_FALSE@SCRIPTDIR = "$(prefix)/libexec/silc-client/scripts" + @SILCPLUGIN_TRUE@SCRIPTDIR = "$(datadir)/irssi/scripts" + module_LTLIBRARIES = $(perl_module_lib) $(perl_module_fe_lib) + noinst_LTLIBRARIES = $(perl_static_lib) $(perl_static_fe_lib) diff --git a/chat/silc-client/patches/patch-ad b/chat/silc-client/patches/patch-ad index 3fdf26ade2c..a10c3d27cc3 100644 --- a/chat/silc-client/patches/patch-ad +++ b/chat/silc-client/patches/patch-ad @@ -1,28 +1,13 @@ -$NetBSD: patch-ad,v 1.4 2007/05/18 21:04:25 salo Exp $ +$NetBSD: patch-ad,v 1.5 2008/07/13 12:04:11 tonnerre Exp $ ---- doc/Makefile.in.orig 2007-03-07 19:02:19.000000000 +0000 -+++ doc/Makefile.in 2007-05-18 20:41:05.000000000 +0000 -@@ -450,15 +450,6 @@ uninstall-am: uninstall-info-am - mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ - ps ps-am uninstall uninstall-am uninstall-info-am - -- --all: -- touch draft-riikonen-silc-spec-08.txt -- touch draft-riikonen-silc-pp-09.txt -- touch draft-riikonen-silc-ke-auth-08.txt -- touch draft-riikonen-silc-commands-06.txt -- touch draft-riikonen-silc-flags-payloads-04.txt -- touch draft-riikonen-presence-attrs-03.txt -- - dist-hook: - $(SILC_TOP_SRCDIR)/scripts/manpages.pl - rm draft-riikonen*.txt -@@ -472,7 +463,6 @@ dist-hook: - doc-install: - -mkdir -p $(docdir) - -$(INSTALL_DATA) $(top_srcdir)/doc/FAQ $(docdir)/ -- -$(INSTALL_DATA) $(top_srcdir)/doc/*.txt $(docdir)/ - -$(INSTALL_DATA) $(top_srcdir)/COPYING $(docdir)/ - -$(INSTALL_DATA) $(top_srcdir)/CHANGES $(docdir)/ - -$(INSTALL_DATA) $(top_srcdir)/CREDITS $(docdir)/ +--- apps/irssi/scripts/Makefile.in.orig 2008-03-20 06:47:18.000000000 +0000 ++++ apps/irssi/scripts/Makefile.in +@@ -211,7 +211,7 @@ top_builddir = @top_builddir@ + top_srcdir = @top_srcdir@ + SUBDIRS = examples + PLUGIN_SCR = silc.pl +-@SILCPLUGIN_FALSE@scriptdir = $(datadir)/silc/scripts ++@SILCPLUGIN_FALSE@scriptdir = $(prefix)/libexec/silc-client/scripts + @SILCPLUGIN_TRUE@scriptdir = $(datadir)/irssi/scripts + @SILCPLUGIN_FALSE@IRSSI_SCR = \ + @SILCPLUGIN_FALSE@ autoop.pl \ diff --git a/chat/silc-client/patches/patch-ae b/chat/silc-client/patches/patch-ae new file mode 100644 index 00000000000..22d8260b261 --- /dev/null +++ b/chat/silc-client/patches/patch-ae @@ -0,0 +1,13 @@ +$NetBSD: patch-ae,v 1.3 2008/07/13 12:04:11 tonnerre Exp $ + +--- apps/irssi/scripts/examples/Makefile.in.orig 2008-03-20 06:47:18.000000000 +0000 ++++ apps/irssi/scripts/examples/Makefile.in +@@ -197,7 +197,7 @@ sysconfdir = @sysconfdir@ + target_alias = @target_alias@ + top_builddir = @top_builddir@ + top_srcdir = @top_srcdir@ +-@SILCPLUGIN_FALSE@scriptdir = $(datadir)/silc/scripts ++@SILCPLUGIN_FALSE@scriptdir = $(prefix)/libexec/silc-client/scripts + @SILCPLUGIN_TRUE@scriptdir = $(datadir)/irssi/scripts + @SILCPLUGIN_FALSE@IRSSI_EX_SCR = \ + @SILCPLUGIN_FALSE@ command.pl \ -- cgit v1.2.3