Module Name:	pkgsrc
Committed By:	agc
Date:		Thu Jan 29 18:38:50 UTC 2004

Modified Files:
	pkgsrc/chat/gaim [pkgsrc-2003Q4]: Makefile PLIST distinfo
Added Files:
	pkgsrc/chat/gaim/patches [pkgsrc-2003Q4]: patch-aa patch-ab patch-ac
	    patch-ad

Log Message:
Update gaim to version 0.75 to fix security problem on the
pkgsrc-2003Q4 branch, requested by Marc Recht.  The files here were
hand-edited, since much has changed between the version of this
package on the pkgsrc-2003Q4 branch and the head.

Original commit message follows:

	Module Name:    pkgsrc
	Committed By:   recht
	Date:           Tue Jan 27 01:24:52 UTC 2004

	Modified Files:
		pkgsrc/chat/gaim: Makefile distinfo
		pkgsrc/chat/gaim/patches: patch-aa
	Added Files:
		pkgsrc/chat/gaim/patches: patch-ab patch-ac patch-ad

	Log Message:
	12 vulnerabilities were found in the instant messenger GAIM that allow
	remote compromise. The 12 identified problems range from simple standard
	stack overflows, over heap overflows to an integer overflow that can be
	abused to cause a heap overflow. Due to the nature of instant messaging
	some of these bugs require man-in-the-middle attacks between client and
	server. But the underlying protocols are easy to implement and MIM attacks
	on ordinary TCP sessions is afairly simple task.

	Please see http://security.e-matters.de/advisories/012004.html
	for more details.

	Apply the fix posted in that advisory (originally by the FreeBSD security
	team) and bump PKGREVISION to 1.


To generate a diff of this commit:
cvs rdiff -r1.42 -r1.42.2.1 pkgsrc/chat/gaim/Makefile
cvs rdiff -r1.20 -r1.20.2.1 pkgsrc/chat/gaim/PLIST
cvs rdiff -r1.33 -r1.33.2.1 pkgsrc/chat/gaim/distinfo
cvs rdiff -r0 -r1.15.2.1 pkgsrc/chat/gaim/patches/patch-aa
cvs rdiff -r0 -r1.5.2.1 pkgsrc/chat/gaim/patches/patch-ab
cvs rdiff -r0 -r1.4.2.1 pkgsrc/chat/gaim/patches/patch-ac
cvs rdiff -r0 -r1.1.2.1 pkgsrc/chat/gaim/patches/patch-ad

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.