pkgsrc-changes: CVS commit: pkgsrc/chat/jabberd2

Subject: CVS commit: pkgsrc/chat/jabberd2
To: None <pkgsrc-changes@NetBSD.org>
From: David Brownlee <abs@netbsd.org>
List: pkgsrc-changes
Date: 11/29/2004 17:54:03
Module Name:	pkgsrc
Committed By:	abs
Date:		Mon Nov 29 17:54:03 UTC 2004

Modified Files:
	pkgsrc/chat/jabberd2: Makefile distinfo

Log Message:
Update jabberd2 to jabberd-2.0s4nb1, by pulling in patches from
    http://www.marquard.net/jabber/#recommended,

specifically patch 58 which fixes the remote exploit listed at:
    http://www.securityfocus.com/archive/1/382250

Patches included:

28*	patch-jedi8-sm-object_c
Remove incorrect semicolumn from os_object_free() in sm/object.c

29*	patch-jedi-mysql-storage
Fixes to mysql storage for boundary conditions

30*	patch-base64
Fix length-related issues in base64 decoding routines

31*	patch-sm-storage_db
Fixes to storage_db.c to avoid roster corruption: "sm/storage_db
inserts items in the filter hash table with keys which are located
on the stack. This creates confusion when the code later tries to
compare with these keys."

32*	patch-nad-escape
Fixes bug in _nad_escape() where escaping ]]> can cause a segfault
when handling large messages where nad_realloc is called.

38*	patch-jedi-pgsql-storage
Fixes to pgsql storage for boundary conditions and incorrect buffer
length calculation

46*	patch-memleaks
Fix minor memory leaks in digest-md5 authentication and nad_free()

47*	patch-ns-fix
Fixes omission of namespace declaration where a namespace has
already been used in the XML stanza

48*	patch-sm-nad-triplet
Fixes omission of prefix on attributes processed by nad_parse (e.g.
in queue storage)

49*	patch-mod_disco_publish
Corrects check for deleting previously published disco items from
"delete" to "remove" (as per JEP-0030).

50*	patch-sm-filter
Alters filter handling and adds mysql/pgsql escaping on filter
strings to allow brackets and apostrophes in resource names that
form part of JIDs stored as roster entries

58*	patch-c2s-buffers
Fixes buffer overflow that can lead to segfault in c2s mysql and
pgsql auth modules - see report by icbm (www.venustech.com.cn)


To generate a diff of this commit:
cvs rdiff -r1.14 -r1.15 pkgsrc/chat/jabberd2/Makefile
cvs rdiff -r1.3 -r1.4 pkgsrc/chat/jabberd2/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.