pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/chat/gaim Security fixes for CAN-2005-2102 and CAN-200...
details: https://anonhg.NetBSD.org/pkgsrc/rev/045cb9f01fb0
branches: trunk
changeset: 498024:045cb9f01fb0
user: salo <salo%pkgsrc.org@localhost>
date: Wed Aug 10 16:13:33 2005 +0000
description:
Security fixes for CAN-2005-2102 and CAN-2005-2103.
- An error in the handling of away messages can be exploited to cause
a heap-based buffer overflow by sending a specially crafted away message
to a user logged into AIM or ICQ.
Successful exploitation allows execution of arbitrary code.
- An error in the handling of file transfers can be exploited to crash
the application by attempting to upload a file with a non-UTF8 filename
to a user logged into AIM or ICQ.
Patches from RedHat.
diffstat:
chat/gaim/Makefile | 4 +-
chat/gaim/buildlink3.mk | 4 +-
chat/gaim/distinfo | 4 +-
chat/gaim/patches/patch-af | 78 ++++++++++++++++++++++++++++++++++++++++++++++
chat/gaim/patches/patch-ag | 26 +++++++++++++++
5 files changed, 111 insertions(+), 5 deletions(-)
diffs (158 lines):
diff -r e6b0dcd3382d -r 045cb9f01fb0 chat/gaim/Makefile
--- a/chat/gaim/Makefile Wed Aug 10 13:58:47 2005 +0000
+++ b/chat/gaim/Makefile Wed Aug 10 16:13:33 2005 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.93 2005/08/05 14:33:53 salo Exp $
+# $NetBSD: Makefile,v 1.94 2005/08/10 16:13:33 salo Exp $
DISTNAME= gaim-1.4.0
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= chat x11
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=gaim/}
EXTRACT_SUFX= .tar.bz2
diff -r e6b0dcd3382d -r 045cb9f01fb0 chat/gaim/buildlink3.mk
--- a/chat/gaim/buildlink3.mk Wed Aug 10 13:58:47 2005 +0000
+++ b/chat/gaim/buildlink3.mk Wed Aug 10 16:13:33 2005 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.6 2005/08/05 14:33:53 salo Exp $
+# $NetBSD: buildlink3.mk,v 1.7 2005/08/10 16:13:34 salo Exp $
BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH}+
GAIM_BUILDLINK3_MK:= ${GAIM_BUILDLINK3_MK}+
@@ -12,7 +12,7 @@
.if !empty(GAIM_BUILDLINK3_MK:M+)
BUILDLINK_DEPENDS.gaim+= gaim>=1.1.2
-BUILDLINK_RECOMMENDED.gaim+= gaim>=1.4.0nb1
+BUILDLINK_RECOMMENDED.gaim+= gaim>=1.4.0nb2
BUILDLINK_PKGSRCDIR.gaim?= ../../chat/gaim
PRINT_PLIST_AWK+= /^@dirrm lib\/gaim$$/ \
diff -r e6b0dcd3382d -r 045cb9f01fb0 chat/gaim/distinfo
--- a/chat/gaim/distinfo Wed Aug 10 13:58:47 2005 +0000
+++ b/chat/gaim/distinfo Wed Aug 10 16:13:33 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.67 2005/08/05 14:33:53 salo Exp $
+$NetBSD: distinfo,v 1.68 2005/08/10 16:13:34 salo Exp $
SHA1 (gaim-1.4.0.tar.bz2) = 49955722104216e6e41757657abaa94388c42249
RMD160 (gaim-1.4.0.tar.bz2) = d12354df0828451d32124750340b759180289591
@@ -6,3 +6,5 @@
SHA1 (patch-aa) = 555c394dbb4cd9ef4fea621d30ce72baae309067
SHA1 (patch-ad) = 21ffc478343793ce065c75a24ed0cf58b0677359
SHA1 (patch-ae) = 6c8a5960918ea77a766cdb4f3c2d805a61235771
+SHA1 (patch-af) = 63f14c28109a3515bffbed1ece14ae56f0652d13
+SHA1 (patch-ag) = 145aaa3e990eaada33186a5b13196e613b5aac91
diff -r e6b0dcd3382d -r 045cb9f01fb0 chat/gaim/patches/patch-af
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/chat/gaim/patches/patch-af Wed Aug 10 16:13:33 2005 +0000
@@ -0,0 +1,78 @@
+$NetBSD: patch-af,v 1.1 2005/08/10 16:13:34 salo Exp $
+
+Fix for CAN-2005-2103, from RedHat.
+
+--- src/util.c.orig 2005-06-09 06:00:36.000000000 +0200
++++ src/util.c 2005-08-10 16:35:33.000000000 +0200
+@@ -2129,8 +2129,7 @@
+ gaim_str_sub_away_formatters(const char *str, const char *name)
+ {
+ char *c;
+- gchar *cpy;
+- int cnt = 0;
++ GString *cpy;
+ time_t t;
+ struct tm *tme;
+ char tmp[20];
+@@ -2138,12 +2137,12 @@
+ g_return_val_if_fail(str != NULL, NULL);
+ g_return_val_if_fail(name != NULL, NULL);
+
+- cpy = g_malloc(BUF_LONG);
++ /* Create an empty GString that is hopefully big enough for most messages */
++ cpy = g_string_sized_new(1024);
+
+ t = time(NULL);
+ tme = localtime(&t);
+
+- cpy[0] = '\0';
+ c = (char *)str;
+ while (*c) {
+ switch (*c) {
+@@ -2152,39 +2151,35 @@
+ switch (*(c + 1)) {
+ case 'n':
+ /* append name */
+- strcpy(cpy + cnt, name);
+- cnt += strlen(name);
++ g_string_append(cpy, name);
+ c++;
+ break;
+ case 'd':
+ /* append date */
+ strftime(tmp, 20, "%m/%d/%Y", tme);
+- strcpy(cpy + cnt, tmp);
+- cnt += strlen(tmp);
++ g_string_append(cpy, tmp);
+ c++;
+ break;
+ case 't':
+ /* append time */
+ strftime(tmp, 20, "%I:%M:%S %p", tme);
+- strcpy(cpy + cnt, tmp);
+- cnt += strlen(tmp);
++ g_string_append(cpy, tmp);
+ c++;
+ break;
+ default:
+- cpy[cnt++] = *c;
++ g_string_append_c(cpy, *c);
+ }
+ } else {
+- cpy[cnt++] = *c;
++ g_string_append_c(cpy, *c);
+ }
+ break;
+ default:
+- cpy[cnt++] = *c;
++ g_string_append_c(cpy, *c);
+ }
+ c++;
+ }
+- cpy[cnt] = '\0';
+
+- return cpy;
++ return g_string_free(cpy, FALSE);
+ }
+
+ gchar *
diff -r e6b0dcd3382d -r 045cb9f01fb0 chat/gaim/patches/patch-ag
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/chat/gaim/patches/patch-ag Wed Aug 10 16:13:33 2005 +0000
@@ -0,0 +1,26 @@
+$NetBSD: patch-ag,v 1.1 2005/08/10 16:13:34 salo Exp $
+
+Fix for CAN-2005-2102, from RedHat.
+
+--- src/protocols/oscar/oscar.c.orig 2005-07-02 18:13:14.000000000 +0200
++++ src/protocols/oscar/oscar.c 2005-08-10 16:37:02.000000000 +0200
+@@ -3455,7 +3455,18 @@
+ xfer = gaim_xfer_new(gc->account, GAIM_XFER_RECEIVE, userinfo->sn);
+ xfer->remote_ip = g_strdup(args->verifiedip);
+ xfer->remote_port = args->port;
+- gaim_xfer_set_filename(xfer, args->info.sendfile.filename);
++
++ if (g_utf8_validate(args->info.sendfile.filename, -1,
++ NULL)) {
++ gaim_xfer_set_filename(xfer,
++ args->info.sendfile.filename);
++ } else {
++ gchar * utf8_filename = gaim_utf8_salvage(
++ args->info.sendfile.filename);
++ gaim_xfer_set_filename(xfer, utf8_filename);
++ g_free(utf8_filename);
++ }
++
+ gaim_xfer_set_size(xfer, args->info.sendfile.totsize);
+ gaim_xfer_set_message(xfer, message);
+
Home |
Main Index |
Thread Index |
Old Index