[pkgsrc/trunk]: pkgsrc/chat/jabberd2 Update jabberd2 to jabberd-2.0s4nb1, by ...

[abs <abs%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/e8b8b7c44cac
branches:  trunk
changeset: 484772:e8b8b7c44cac
user:      abs <abs%pkgsrc.org@localhost>
date:      Mon Nov 29 17:54:03 2004 +0000

description:
Update jabberd2 to jabberd-2.0s4nb1, by pulling in patches from
    http://www.marquard.net/jabber/#recommended,

specifically patch 58 which fixes the remote exploit listed at:
    http://www.securityfocus.com/archive/1/382250

Patches included:

28*     patch-jedi8-sm-object_c
Remove incorrect semicolumn from os_object_free() in sm/object.c

29*     patch-jedi-mysql-storage
Fixes to mysql storage for boundary conditions

30*     patch-base64
Fix length-related issues in base64 decoding routines

31*     patch-sm-storage_db
Fixes to storage_db.c to avoid roster corruption: "sm/storage_db
inserts items in the filter hash table with keys which are located
on the stack. This creates confusion when the code later tries to
compare with these keys."

32*     patch-nad-escape
Fixes bug in _nad_escape() where escaping ]]> can cause a segfault
when handling large messages where nad_realloc is called.

38*     patch-jedi-pgsql-storage
Fixes to pgsql storage for boundary conditions and incorrect buffer
length calculation

46*     patch-memleaks
Fix minor memory leaks in digest-md5 authentication and nad_free()

47*     patch-ns-fix
Fixes omission of namespace declaration where a namespace has
already been used in the XML stanza

48*     patch-sm-nad-triplet
Fixes omission of prefix on attributes processed by nad_parse (e.g.
in queue storage)

49*     patch-mod_disco_publish
Corrects check for deleting previously published disco items from
"delete" to "remove" (as per JEP-0030).

50*     patch-sm-filter
Alters filter handling and adds mysql/pgsql escaping on filter
strings to allow brackets and apostrophes in resource names that
form part of JIDs stored as roster entries

58*     patch-c2s-buffers
Fixes buffer overflow that can lead to segfault in c2s mysql and
pgsql auth modules - see report by icbm (www.venustech.com.cn)

diffstat:

 chat/jabberd2/Makefile |  11 ++++++++++-
 chat/jabberd2/distinfo |  30 +++++++++++++++++++++++++++---
 2 files changed, 37 insertions(+), 4 deletions(-)

diffs (66 lines):

diff -r 074e94f92223 -r e8b8b7c44cac chat/jabberd2/Makefile
--- a/chat/jabberd2/Makefile    Mon Nov 29 17:39:44 2004 +0000
+++ b/chat/jabberd2/Makefile    Mon Nov 29 17:54:03 2004 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.14 2004/11/10 10:34:50 xtraeme Exp $
+# $NetBSD: Makefile,v 1.15 2004/11/29 17:54:03 abs Exp $
 #
 
 DISTNAME=              jabberd-2.0s4
+PKGREVISION=           1
 CATEGORIES=            chat
 MASTER_SITES=          http://www.jabberstudio.org/files/jabberd2/
 
@@ -9,6 +10,14 @@
 HOMEPAGE=              http://jabberd.jabberstudio.org/2/
 COMMENT=               Instant messaging server (version 2)
 
+PATCH_SITES=   http://www.marquard.net/jabber/patches/
+PATCHFILES=    patch-jedi8-sm-object_c patch-jedi-mysql-storage patch-base64 \
+               patch-sm-storage_db patch-nad-escape patch-jedi-pgsql-storage \
+               patch-memleaks patch-ns-fix patch-sm-nad-triplet \
+               patch-mod_disco_publish patch-sm-filter patch-c2s-buffers
+DIST_SUBDIR=           ${PKGNAME_NOREV}
+
+
 CONFLICTS=             jabberd-[0-9]*:../../chat/jabberd
 
 USE_BUILDLINK3=                yes
diff -r 074e94f92223 -r e8b8b7c44cac chat/jabberd2/distinfo
--- a/chat/jabberd2/distinfo    Mon Nov 29 17:39:44 2004 +0000
+++ b/chat/jabberd2/distinfo    Mon Nov 29 17:54:03 2004 +0000
@@ -1,7 +1,31 @@
-$NetBSD: distinfo,v 1.3 2004/10/27 13:54:41 xtraeme Exp $
+$NetBSD: distinfo,v 1.4 2004/11/29 17:54:03 abs Exp $
 
-SHA1 (jabberd-2.0s4.tar.gz) = cb429db090982118f2b448499635ff14b91718b8
-Size (jabberd-2.0s4.tar.gz) = 716819 bytes
+SHA1 (jabberd-2.0s4/jabberd-2.0s4.tar.gz) = cb429db090982118f2b448499635ff14b91718b8
+Size (jabberd-2.0s4/jabberd-2.0s4.tar.gz) = 716819 bytes
+SHA1 (jabberd-2.0s4/patch-jedi8-sm-object_c) = 06d0737e93c3eee677c20fd2914b4dc70286acf6
+Size (jabberd-2.0s4/patch-jedi8-sm-object_c) = 341 bytes
+SHA1 (jabberd-2.0s4/patch-jedi-mysql-storage) = 4684a8f89f8f79b31d2fcd9c39929404d840e3ef
+Size (jabberd-2.0s4/patch-jedi-mysql-storage) = 1563 bytes
+SHA1 (jabberd-2.0s4/patch-base64) = 1fb446754e86fb5a4361f8be81063d77d1d06a9f
+Size (jabberd-2.0s4/patch-base64) = 4252 bytes
+SHA1 (jabberd-2.0s4/patch-sm-storage_db) = a42c3b75c719bf36148b4a03e05c10d23d8da30a
+Size (jabberd-2.0s4/patch-sm-storage_db) = 1264 bytes
+SHA1 (jabberd-2.0s4/patch-nad-escape) = 3e32fc737958afc2d5faa0134407d12b5cf841c9
+Size (jabberd-2.0s4/patch-nad-escape) = 1052 bytes
+SHA1 (jabberd-2.0s4/patch-jedi-pgsql-storage) = fb3226177bfafeced72a8c74c1594c4ed851d32c
+Size (jabberd-2.0s4/patch-jedi-pgsql-storage) = 2648 bytes
+SHA1 (jabberd-2.0s4/patch-memleaks) = 5d57fc737667ed39185dccc29d9174ae4ece85db
+Size (jabberd-2.0s4/patch-memleaks) = 969 bytes
+SHA1 (jabberd-2.0s4/patch-ns-fix) = 4b3b53cd54c7d93fd4f57a30bcf888fc96a6bf41
+Size (jabberd-2.0s4/patch-ns-fix) = 1193 bytes
+SHA1 (jabberd-2.0s4/patch-sm-nad-triplet) = feedb1b21dc526cf0e1b643c57663c0c7b75a66c
+Size (jabberd-2.0s4/patch-sm-nad-triplet) = 238 bytes
+SHA1 (jabberd-2.0s4/patch-mod_disco_publish) = ff87c23b48ed1a68f77f6757249ac173c1ab2039
+Size (jabberd-2.0s4/patch-mod_disco_publish) = 509 bytes
+SHA1 (jabberd-2.0s4/patch-sm-filter) = 4efd5fb4b5eca2b09eb475bd1be8d25ed6f72a47
+Size (jabberd-2.0s4/patch-sm-filter) = 12616 bytes
+SHA1 (jabberd-2.0s4/patch-c2s-buffers) = bc66b98f81d23d2314b5515cf2191be38985afaf
+Size (jabberd-2.0s4/patch-c2s-buffers) = 12112 bytes
 SHA1 (patch-aa) = ff9a1aa6c39b7e96870d4f884de09be8307ac169
 SHA1 (patch-ab) = de1c8ec12b55117223bcca2071499c42ab145a34
 SHA1 (patch-ac) = 312a07fa6772956297789e15025e0ca0fad9ebb7