pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/chat/centericq Security fix for centericq via Debian
details: https://anonhg.NetBSD.org/pkgsrc/rev/b19e91961947
branches: trunk
changeset: 499323:b19e91961947
user: adrianp <adrianp%pkgsrc.org@localhost>
date: Mon Sep 19 19:42:11 2005 +0000
description:
Security fix for centericq via Debian
http://secunia.com/advisories/16240/
diffstat:
chat/centericq/Makefile | 4 +-
chat/centericq/distinfo | 8 +-
chat/centericq/patches/patch-af | 80 +++++++++++++++++++
chat/centericq/patches/patch-ag | 16 +++
chat/centericq/patches/patch-ah | 161 ++++++++++++++++++++++++++++++++++++++++
chat/centericq/patches/patch-ai | 31 +++++++
chat/centericq/patches/patch-aj | 83 ++++++++++++++++++++
chat/centericq/patches/patch-ak | 13 +++
8 files changed, 393 insertions(+), 3 deletions(-)
diffs (truncated from 441 to 300 lines):
diff -r 4f61f2e4e5ad -r b19e91961947 chat/centericq/Makefile
--- a/chat/centericq/Makefile Mon Sep 19 19:35:25 2005 +0000
+++ b/chat/centericq/Makefile Mon Sep 19 19:42:11 2005 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.52 2005/07/16 18:55:22 adrianp Exp $
+# $NetBSD: Makefile,v 1.53 2005/09/19 19:42:11 adrianp Exp $
#
DISTNAME= centericq-4.20.0
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= chat
MASTER_SITES= http://konst.org.ua/download/ \
http://centericq.de/archive/source/releases/
diff -r 4f61f2e4e5ad -r b19e91961947 chat/centericq/distinfo
--- a/chat/centericq/distinfo Mon Sep 19 19:35:25 2005 +0000
+++ b/chat/centericq/distinfo Mon Sep 19 19:42:11 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.17 2005/09/06 08:10:57 abs Exp $
+$NetBSD: distinfo,v 1.18 2005/09/19 19:42:11 adrianp Exp $
SHA1 (centericq-4.20.0.tar.bz2) = 14b37c5257039853f0a1b948c7eaa49581a5913c
RMD160 (centericq-4.20.0.tar.bz2) = 7f17cd87aa4b98269fa65173b3e6317143c7c8ca
@@ -8,3 +8,9 @@
SHA1 (patch-ac) = 74ae25e19bf5d250a407a937bf78405b38cc86da
SHA1 (patch-ad) = be8ba5c952bf560b0758c97ba81c4faef04ffe49
SHA1 (patch-ae) = 01b4bf2e26c9974b189ffe5d0361651aabaef549
+SHA1 (patch-af) = 5104572b93c4bc1872340ac4d179d74f74958fe8
+SHA1 (patch-ag) = c63b3e1011205f7635ca1710a6e5b39f7ef8986c
+SHA1 (patch-ah) = 2e643c6cfd5812f5f35a08e29cfa858902e1760b
+SHA1 (patch-ai) = 2ac32940347733dbb63e12bdd54212435795b30d
+SHA1 (patch-aj) = 1e4ea16dfc5c8eeae9b70b4bda01a2b367ea2879
+SHA1 (patch-ak) = 155067c43db79d398465bac2d70878e8b714fa8b
diff -r 4f61f2e4e5ad -r b19e91961947 chat/centericq/patches/patch-af
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/chat/centericq/patches/patch-af Mon Sep 19 19:42:11 2005 +0000
@@ -0,0 +1,80 @@
+$NetBSD: patch-af,v 1.1 2005/09/19 19:42:11 adrianp Exp $
+
+--- libgadu-0.1/common.c.orig 2004-07-31 11:47:20.000000000 +0100
++++ libgadu-0.1/common.c
+@@ -284,6 +284,8 @@ char *gg_read_line(int sock, char *buf,
+ {
+ int ret;
+
++ if (!buf || length < 0)
++ return NULL;
+ for (; length > 1; buf++, length--) {
+ do {
+ if ((ret = read(sock, buf, 1)) == -1 && errno != EINTR) {
+@@ -340,7 +342,7 @@ char *gg_urlencode(const char *str)
+ {
+ char *q, *buf, hex[] = "0123456789abcdef";
+ const char *p;
+- int size = 0;
++ unsigned int size = 0;
+
+ if (!str && !(str = strdup("")))
+ return NULL;
+@@ -392,18 +394,18 @@ int gg_http_hash(const char *format, ...
+ va_start(ap, format);
+
+ for (j = 0; j < strlen(format); j++) {
+- unsigned char *arg, buf[16];
++ char *arg, buf[16];
+
+ if (format[j] == 'u') {
+ snprintf(buf, sizeof(buf), "%d", va_arg(ap, uin_t));
+ arg = buf;
+ } else {
+- if (!(arg = va_arg(ap, unsigned char*)))
++ if (!(arg = va_arg(ap, char*)))
+ arg = "";
+ }
+
+ i = 0;
+- while ((c = (int) arg[i++]) != 0) {
++ while ((c = (unsigned char) arg[i++]) != 0) {
+ a = (c ^ b) + (c << 8);
+ b = (a >> 24) | (a << 8);
+ }
+@@ -532,7 +534,7 @@ static char gg_base64_charset[] =
+ char *gg_base64_encode(const char *buf)
+ {
+ char *out, *res;
+- int i = 0, j = 0, k = 0, len = strlen(buf);
++ unsigned int i = 0, j = 0, k = 0, len = strlen(buf);
+
+ res = out = malloc((len / 3 + 1) * 4 + 2);
+
+@@ -590,7 +592,7 @@ char *gg_base64_decode(const char *buf)
+ {
+ char *res, *save, *foo, val;
+ const char *end;
+- int index = 0;
++ unsigned int index = 0;
+
+ if (!buf)
+ return NULL;
+@@ -684,7 +686,7 @@ static int gg_crc32_initialized = 0;
+ static void gg_crc32_make_table()
+ {
+ uint32_t h = 0;
+- int i, j;
++ unsigned int i, j;
+
+ memset(gg_crc32_table, 0, sizeof(gg_crc32_table));
+
+@@ -713,6 +715,8 @@ uint32_t gg_crc32(uint32_t crc, const un
+ {
+ if (!gg_crc32_initialized)
+ gg_crc32_make_table();
++ if (!buf || len < 0)
++ return crc;
+
+ crc ^= 0xffffffffL;
+
diff -r 4f61f2e4e5ad -r b19e91961947 chat/centericq/patches/patch-ag
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/chat/centericq/patches/patch-ag Mon Sep 19 19:42:11 2005 +0000
@@ -0,0 +1,16 @@
+$NetBSD: patch-ag,v 1.1 2005/09/19 19:42:11 adrianp Exp $
+
+--- libgadu-0.1/dcc.c.orig 2004-01-26 23:49:33.000000000 +0000
++++ libgadu-0.1/dcc.c
+@@ -51,9 +51,9 @@
+ * - buf - bufor z danymi
+ * - size - rozmiar danych
+ */
+-static void gg_dcc_debug_data(const char *prefix, int fd, const void *buf, int size)
++static void gg_dcc_debug_data(const char *prefix, int fd, const void *buf, unsigned int size)
+ {
+- int i;
++ unsigned int i;
+
+ gg_debug(GG_DEBUG_MISC, "++ gg_dcc %s (fd=%d,len=%d)", prefix, fd, size);
+
diff -r 4f61f2e4e5ad -r b19e91961947 chat/centericq/patches/patch-ah
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/chat/centericq/patches/patch-ah Mon Sep 19 19:42:11 2005 +0000
@@ -0,0 +1,161 @@
+$NetBSD: patch-ah,v 1.1 2005/09/19 19:42:11 adrianp Exp $
+
+--- libgadu-0.1/events.c.orig 2004-06-10 20:20:08.000000000 +0100
++++ libgadu-0.1/events.c
+@@ -27,6 +27,7 @@
+ #include <arpa/inet.h>
+
+ #include "libgadu-config.h"
++#include "libgadu.h"
+
+ #include <errno.h>
+ #ifdef __GG_LIBGADU_HAVE_PTHREAD
+@@ -153,7 +154,7 @@ int gg_image_queue_remove(struct gg_sess
+ * - e - opis zdarzenia
+ * -
+ */
+-static void gg_image_queue_parse(struct gg_event *e, char *p, int len, struct gg_session *sess, uin_t sender)
++static void gg_image_queue_parse(struct gg_event *e, char *p, unsigned int len, struct gg_session *sess, uin_t sender)
+ {
+ struct gg_msg_image_reply *i = (void*) p;
+ struct gg_image_queue *q, *qq;
+@@ -285,7 +286,7 @@ static int gg_handle_recv_msg(struct gg_
+
+ count = gg_fix32(m->count);
+
+- if (p + count * sizeof(uin_t) > packet_end) {
++ if (p + count * sizeof(uin_t) > packet_end || p + count * sizeof(uin_t) < p || count > 0xffff) {
+ gg_debug(GG_DEBUG_MISC, "// gg_handle_recv_msg() packet out of bounds (1.5)\n");
+ goto malformed;
+ }
+@@ -296,8 +297,11 @@ static int gg_handle_recv_msg(struct gg_
+ goto fail;
+ }
+
+- for (i = 0; i < count; i++, p += sizeof(uin_t))
+- e->event.msg.recipients[i] = gg_fix32(*((uint32_t*) p));
++ for (i = 0; i < count; i++, p += sizeof(uint32_t)) {
++ uint32_t u;
++ memcpy(&u, p, sizeof(uint32_t));
++ e->event.msg.recipients[i] = gg_fix32(u);
++ }
+
+ e->event.msg.recipients_count = count;
+
+@@ -306,15 +310,15 @@ static int gg_handle_recv_msg(struct gg_
+
+ case 0x02: /* richtext */
+ {
+- unsigned short len;
++ uint16_t len;
+ char *buf;
+
+ if (p + 3 > packet_end) {
+ gg_debug(GG_DEBUG_MISC, "// gg_handle_recv_msg() packet out of bounds (2)\n");
+ goto malformed;
+ }
+-
+- len = gg_fix16(*((unsigned short*) (p + 1)));
++ memcpy(&len, p + 1, sizeof(uint16_t));
++ len = gg_fix16(len);
+
+ if (!(buf = malloc(len))) {
+ gg_debug(GG_DEBUG_MISC, "// gg_handle_recv_msg() not enough memory for richtext data\n");
+@@ -361,12 +365,22 @@ static int gg_handle_recv_msg(struct gg_
+ case 0x05: /* image_reply */
+ case 0x06:
+ {
+- if (p + sizeof(struct gg_msg_image_reply) + 1 > packet_end) {
++ struct gg_msg_image_reply *rep = (void*)p;
++
++ if (p + sizeof(struct gg_msg_image_reply) == packet_end) {
++ e->type = GG_EVENT_IMAGE_REPLY;
++ e->event.image_reply.sender = gg_fix32(r->sender);
++ e->event.image_reply.size = 0;
++ e->event.image_reply.crc32 = gg_fix32(rep->crc32);
++ e->event.image_reply.filename = NULL;
++ e->event.image_reply.image = NULL;
++ } else if (p + sizeof(struct gg_msg_image_reply) + 1 > packet_end) {
+ gg_debug(GG_DEBUG_MISC, "// gg_handle_recv_msg() packet out of bounds (4)\n");
+ goto malformed;
+ }
+-
+- gg_image_queue_parse(e, p, (int)(packet_end - p), sess, gg_fix32(r->sender));
++ rep->size = gg_fix32(rep->size);
++ rep->crc32 = gg_fix32(rep->crc32);
++ gg_image_queue_parse(e, p, (unsigned int)(packet_end - p), sess, gg_fix32(r->sender));
+
+ return 0;
+ }
+@@ -443,7 +457,7 @@ static int gg_watch_fd_connected(struct
+ case GG_NOTIFY_REPLY:
+ {
+ struct gg_notify_reply *n = (void*) p;
+- int count, i;
++ unsigned int count, i;
+ char *tmp;
+
+ gg_debug(GG_DEBUG_MISC, "// gg_watch_fd_connected() received a notify reply\n");
+@@ -454,7 +468,7 @@ static int gg_watch_fd_connected(struct
+ goto fail;
+ }
+
+- if (gg_fix32(n->status) == GG_STATUS_BUSY_DESCR || gg_fix32(n->status == GG_STATUS_NOT_AVAIL_DESCR) || gg_fix32(n->status) == GG_STATUS_AVAIL_DESCR) {
++ if (gg_fix32(n->status) == GG_STATUS_BUSY_DESCR || gg_fix32(n->status) == GG_STATUS_NOT_AVAIL_DESCR || gg_fix32(n->status) == GG_STATUS_AVAIL_DESCR) {
+ e->type = GG_EVENT_NOTIFY_DESCR;
+
+ if (!(e->event.notify_descr.notify = (void*) malloc(sizeof(*n) * 2))) {
+@@ -557,6 +571,8 @@ static int gg_watch_fd_connected(struct
+ e->event.notify60[i].descr = NULL;
+ e->event.notify60[i].time = 0;
+
++ if (uin & 0x40000000)
++ e->event.notify60[i].version |= GG_HAS_AUDIO_MASK;
+ if (GG_S_D(n->status)) {
+ unsigned char descr_len = *((char*) n + sizeof(struct gg_notify_reply60));
+
+@@ -628,8 +644,11 @@ static int gg_watch_fd_connected(struct
+
+ e->event.status60.descr = buf;
+
+- if (len > 4 && p[h->length - 5] == 0)
+- e->event.status60.time = *((int*) (p + h->length - 4));
++ if (len > 4 && p[h->length - 5] == 0) {
++ uint32_t t;
++ memcpy(&t, p + h->length - 4, sizeof(uint32_t));
++ e->event.status60.time = gg_fix32(t);
++ }
+ }
+
+ break;
+@@ -695,7 +714,7 @@ static int gg_watch_fd_connected(struct
+
+ if (h->length > 1) {
+ char *tmp;
+- int len = (sess->userlist_reply) ? strlen(sess->userlist_reply) : 0;
++ unsigned int len = (sess->userlist_reply) ? strlen(sess->userlist_reply) : 0;
+
+ gg_debug(GG_DEBUG_MISC, "userlist_reply=%p, len=%d\n", sess->userlist_reply, len);
+
+@@ -1336,7 +1355,11 @@ struct gg_event *gg_watch_fd(struct gg_s
+ free(sess->password);
+ sess->password = NULL;
+
+- gg_debug(GG_DEBUG_MISC, "// gg_watch_fd() gg_dcc_ip = %s\n", inet_ntoa(*((struct in_addr*) &gg_dcc_ip)));
++ {
++ struct in_addr dcc_ip;
++ dcc_ip.s_addr = gg_dcc_ip;
++ gg_debug(GG_DEBUG_MISC, "// gg_watch_fd() gg_dcc_ip = %s\n", inet_ntoa(dcc_ip));
++ }
+
+ if (gg_dcc_ip == (unsigned long) inet_addr("255.255.255.255")) {
+ struct sockaddr_in sin;
+@@ -1363,7 +1386,7 @@ struct gg_event *gg_watch_fd(struct gg_s
+
+ if (sess->external_addr && sess->external_port > 1023) {
+ l.external_ip = sess->external_addr;
+- l.external_port = sess->external_port;
++ l.external_port = gg_fix16(sess->external_port);
+ }
Home |
Main Index |
Thread Index |
Old Index