Subject: CVS commit: [pkgsrc-2003Q4] pkgsrc/chat/gaim
To: None <pkgsrc-changes@NetBSD.org>
From: Alistair G. Crooks <agc@netbsd.org>
List: pkgsrc-changes
Date: 01/29/2004 18:38:50
Module Name: pkgsrc
Committed By: agc
Date: Thu Jan 29 18:38:50 UTC 2004
Modified Files:
pkgsrc/chat/gaim [pkgsrc-2003Q4]: Makefile PLIST distinfo
Added Files:
pkgsrc/chat/gaim/patches [pkgsrc-2003Q4]: patch-aa patch-ab patch-ac
patch-ad
Log Message:
Update gaim to version 0.75 to fix security problem on the
pkgsrc-2003Q4 branch, requested by Marc Recht. The files here were
hand-edited, since much has changed between the version of this
package on the pkgsrc-2003Q4 branch and the head.
Original commit message follows:
Module Name: pkgsrc
Committed By: recht
Date: Tue Jan 27 01:24:52 UTC 2004
Modified Files:
pkgsrc/chat/gaim: Makefile distinfo
pkgsrc/chat/gaim/patches: patch-aa
Added Files:
pkgsrc/chat/gaim/patches: patch-ab patch-ac patch-ad
Log Message:
12 vulnerabilities were found in the instant messenger GAIM that allow
remote compromise. The 12 identified problems range from simple standard
stack overflows, over heap overflows to an integer overflow that can be
abused to cause a heap overflow. Due to the nature of instant messaging
some of these bugs require man-in-the-middle attacks between client and
server. But the underlying protocols are easy to implement and MIM attacks
on ordinary TCP sessions is afairly simple task.
Please see http://security.e-matters.de/advisories/012004.html
for more details.
Apply the fix posted in that advisory (originally by the FreeBSD security
team) and bump PKGREVISION to 1.
To generate a diff of this commit:
cvs rdiff -r1.42 -r1.42.2.1 pkgsrc/chat/gaim/Makefile
cvs rdiff -r1.20 -r1.20.2.1 pkgsrc/chat/gaim/PLIST
cvs rdiff -r1.33 -r1.33.2.1 pkgsrc/chat/gaim/distinfo
cvs rdiff -r0 -r1.15.2.1 pkgsrc/chat/gaim/patches/patch-aa
cvs rdiff -r0 -r1.5.2.1 pkgsrc/chat/gaim/patches/patch-ab
cvs rdiff -r0 -r1.4.2.1 pkgsrc/chat/gaim/patches/patch-ac
cvs rdiff -r0 -r1.1.2.1 pkgsrc/chat/gaim/patches/patch-ad
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.