head 1.17; access; symbols pkgsrc-2013Q2:1.17.0.20 pkgsrc-2013Q2-base:1.17 pkgsrc-2012Q4:1.17.0.18 pkgsrc-2012Q4-base:1.17 pkgsrc-2011Q4:1.17.0.16 pkgsrc-2011Q4-base:1.17 pkgsrc-2011Q2:1.17.0.14 pkgsrc-2011Q2-base:1.17 pkgsrc-2009Q4:1.17.0.12 pkgsrc-2009Q4-base:1.17 pkgsrc-2008Q4:1.17.0.10 pkgsrc-2008Q4-base:1.17 pkgsrc-2008Q3:1.17.0.8 pkgsrc-2008Q3-base:1.17 cube-native-xorg:1.17.0.6 cube-native-xorg-base:1.17 pkgsrc-2008Q2:1.17.0.4 pkgsrc-2008Q2-base:1.17 pkgsrc-2008Q1:1.17.0.2 pkgsrc-2008Q1-base:1.17 pkgsrc-2007Q4:1.16.0.18 pkgsrc-2007Q4-base:1.16 pkgsrc-2007Q3:1.16.0.16 pkgsrc-2007Q3-base:1.16 pkgsrc-2007Q2:1.16.0.14 pkgsrc-2007Q2-base:1.16 pkgsrc-2007Q1:1.16.0.12 pkgsrc-2007Q1-base:1.16 pkgsrc-2006Q4:1.16.0.10 pkgsrc-2006Q4-base:1.16 pkgsrc-2006Q3:1.16.0.8 pkgsrc-2006Q3-base:1.16 pkgsrc-2006Q2:1.16.0.6 pkgsrc-2006Q2-base:1.16 pkgsrc-2006Q1:1.16.0.4 pkgsrc-2006Q1-base:1.16 pkgsrc-2005Q4:1.16.0.2 pkgsrc-2005Q4-base:1.16 pkgsrc-2005Q3:1.15.0.4 pkgsrc-2005Q3-base:1.15 pkgsrc-2005Q2:1.15.0.2 pkgsrc-2005Q2-base:1.15 pkgsrc-2005Q1:1.13.0.4 pkgsrc-2005Q1-base:1.13 pkgsrc-2004Q4:1.13.0.2 pkgsrc-2004Q4-base:1.13 pkgsrc-2004Q3:1.10.0.4 pkgsrc-2004Q3-base:1.10 pkgsrc-2004Q2:1.10.0.2 pkgsrc-2004Q2-base:1.10 pkgsrc-2004Q1:1.6.0.2 pkgsrc-2004Q1-base:1.6 pkgsrc-2003Q4:1.5.0.2 pkgsrc-2003Q4-base:1.5 netbsd-1-6-1:1.4.0.2 netbsd-1-6-1-base:1.4 buildlink2-base:1.1 buildlink2:1.1.0.4 netbsd-1-6:1.1.0.6 netbsd-1-6-RELEASE-base:1.1 pkgviews:1.1.0.2 pkgviews-base:1.1; locks; strict; comment @# @; 1.17 date 2008.03.05.15.41.23; author tnn; state dead; branches; next 1.16; 1.16 date 2005.12.15.23.31.04; author joerg; state Exp; branches; next 1.15; 1.15 date 2005.04.05.09.50.06; author salo; state dead; branches; next 1.14; 1.14 date 2005.03.22.09.47.47; author jmmv; state Exp; branches; next 1.13; 1.13 date 2004.12.03.12.43.24; author adam; state dead; branches; next 1.12; 1.12 date 2004.11.12.22.58.25; author jmmv; state Exp; branches; next 1.11; 1.11 date 2004.09.22.18.09.40; author gavan; state dead; branches; next 1.10; 1.10 date 2004.06.06.21.43.28; author salo; state Exp; branches; next 1.9; 1.9 date 2004.06.01.21.00.59; author jmmv; state dead; branches; next 1.8; 1.8 date 2004.04.24.09.29.54; author jmmv; state Exp; branches; next 1.7; 1.7 date 2004.04.02.16.08.22; author jmmv; state dead; branches; next 1.6; 1.6 date 2004.01.27.01.24.52; author recht; state Exp; branches; next 1.5; 1.5 date 2003.04.11.15.41.41; author jmmv; state dead; branches 1.5.2.1; next 1.4; 1.4 date 2003.01.09.16.15.09; author mycroft; state Exp; branches; next 1.3; 1.3 date 2002.08.28.07.43.57; author jlam; state Exp; branches; next 1.2; 1.2 date 2002.08.25.21.49.33; author jlam; state Exp; branches; next 1.1; 1.1 date 2002.07.19.05.13.35; author mycroft; state Exp; branches 1.1.4.1; next ; 1.5.2.1 date 2004.01.29.18.38.50; author agc; state Exp; branches; next ; 1.1.4.1 date 2002.07.19.05.13.35; author jlam; state dead; branches; next 1.1.4.2; 1.1.4.2 date 2002.08.25.21.19.58; author jlam; state Exp; branches; next ; desc @@ 1.17 log @Remove gaim and related packages. The gaim project was renamed to pidgin, see the chat/pidgin* packages. @ text @$NetBSD: patch-ab,v 1.16 2005/12/15 23:31:04 joerg Exp $ --- src/protocols/zephyr/ZLocations.c.orig 2005-12-15 23:15:33.000000000 +0000 +++ src/protocols/zephyr/ZLocations.c @@@@ -20,10 +20,10 @@@@ static char rcsid_ZLocations_c[] = #include "internal.h" +#include #include extern char *getenv(); -extern int errno; Code_t ZSetLocation(exposure) char *exposure; @ 1.16 log @Fix errno. @ text @d1 1 a1 1 $NetBSD$ @ 1.15 log @Update to version 1.2.1 Security fixes for three DoS vulnerabilities: Remote DoS on receiving malformed HTML Remote DoS on receiving certain messages over IRC Jabber remote crash Changes: - URL escaping now works with UTF-8 text. This may break some old log files. - Revert to XOR auth for ICQ as the md5 is not fully functional - Fix bug with going away while in a jabber chat - MSN bug fixes (Felipe Contreras) - Escape things properly in IRC From MAINTAINER via PR pkg/29888 @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.14 2005/03/22 09:47:47 jmmv Exp $ d3 3 a5 18 --- src/protocols/yahoo/yahoochat.c.orig Mon Mar 21 20:00:56 2005 +++ src/protocols/yahoo/yahoochat.c Mon Mar 21 20:03:09 2005 @@@@ -342,9 +342,12 @@@@ void yahoo_process_chat_join(GaimConnection *gc, struct yahoo_packet *pkt) { struct yahoo_data *yd = (struct yahoo_data *) gc->proto_data; + GaimAccount *account; GaimConversation *c = NULL; + GaimConversationUiOps *ops; GSList *l; GList *members = NULL; + GList *roomies = NULL; char *room = NULL; char *topic = NULL; char *someid, *someotherid, *somebase64orhashosomething, *somenegativenumber; @@@@ -443,10 +446,8 @@@@ yahoo_chat_add_users(GAIM_CONV_CHAT(c), members); } d7 10 a16 8 - GList *roomies=NULL; - GaimConversationUiOps *ops; ops = gaim_conversation_get_ui_ops(c); - GaimAccount *account = gaim_connection_get_account(gc); + account = gaim_connection_get_account(gc); for (l = account->deny; l != NULL; l = l->next) { for (roomies = members; roomies; roomies = roomies->next) { if (!gaim_utf8_strcasecmp((char *)l->data, roomies->data)) { @ 1.14 log @Update to 1.2.0. Patch provided by Matthew Luckie (maintainer) in PR pkg/29752. * Yahoo file receiving and buddy icon receiving work again. * Limit animated buddy icon frame rates to 10 frames per second (Nathan Conrad) * Fix a bug where portions of your account configuration would fail to be read correctly if you set a proxy user name or password containing invalid XML characters such as < and > (Bastien Durel) * Yahoo! privacy improvements (Bleeter) @ text @d1 1 a1 1 $NetBSD$ @ 1.13 log @Changes 1.1.0: New Features: * Binary relocable. Gaim will find its files even if it's installed in a location other than the --prefix it was ./configured with. Pass --disable-binreloc to ./configure to disable. * IRC now has fallback encodings, and tries harder to display something useful during an encoding error. * New MSN protocol icon (Felipe Contreras) Bug Fixes: * Fix some leaks (Miah Gregory, Felipe Contreras) * Fix crashes when removing buddies in certain situations (Andrew Hart) * Eliminate MSN switchboard errors (Felipe Contreras) * Fix MSN buddy icon syncronization (Felipe Contreras) * Correctly display file transfer dialogs for filenames containing &, < or > * Correctly display MSN authorization dialogs for friendly names containing &, < or > * Properly align the right-click docklet menu with the docklet icon in *nix. * Fix a crash if the MSN buddy list is not available * Fix a bug in the request api (Gary Kramlich) @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.12 2004/11/12 22:58:25 jmmv Exp $ d3 4 a6 5 --- src/log.c.orig 2004-11-11 20:11:43.000000000 +0100 +++ src/log.c @@@@ -74,11 +74,12 @@@@ void gaim_log_free(GaimLog *log) void gaim_log_write(GaimLog *log, GaimMessageFlags type, const char *from, time_t time, const char *message) d8 13 a20 5 + struct _gaim_logsize_user *lu; + g_return_if_fail(log); g_return_if_fail(log->logger); g_return_if_fail(log->logger->write); d22 8 a29 4 - struct _gaim_logsize_user *lu; (log->logger->write)(log, type, from, time, message); lu = g_new(struct _gaim_logsize_user, 1); @ 1.12 log @Update to 1.0.3, from Matthew Luckie (maintainer) in private mail: Bug Fixes: * Jabber authentication fixes (Michael Plump) * Yahoo buddy idle reporting is more accurate (Evan Schoenberg) * "Allow All" privacy setting works on Yahoo (Peter Lawler) * Fix a crash when dragging a buddy to the conversation entry area * Fix a crash removing chats from the buddy list * Correctly display buddy pounces for aliases with &, < or > in them * Correctly follow the per-conversation logging option @ text @d1 1 a1 1 $NetBSD$ @ 1.11 log @Update to 1.0.0: New Features: * Drag-and-drop buddy support for the Invite dialog (Stu Tomlinson) * Drag-and-drop buddy support for the Pounce dialog (Stu Tomlinson) * View Chat log available from the interface (Daniel Atallah) * Ability to receive offline messages in character encodings other than ASCII (thanks to Nick Sukharev) * File transfer status messages printed to conversation windows (Dave West) * Display file transfer messages when someone sends you a file over AIM (Dave West) * Handle MSN buddy lists more sanely (Felipe Contreras) * Zephyr can use tzc to run from behind a firewall (Arun A Tharuvai) Bug Fixes: * Work around window manager stupidity with new dialog windows (Dave West) * Compile with gtk 2.5.x (Gary Kramlich) * Escape invalid characters in log names (Daniel Atallah) * Fix for clicking add in an msn chat with 2 or more people in your buddy list (Daniel Atallah) Based on patch from maintainer, Matthew Luckie, in private mail. @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.10 2004/06/06 21:43:28 salo Exp $ d3 16 a18 11 --- configure.orig 2004-05-30 19:18:38.000000000 +0200 +++ configure 2004-06-06 13:25:05.000000000 +0200 @@@@ -24124,7 +24124,7 @@@@ if test "$ac_silc_libs" != "no"; then SILC_LIBS="-L$ac_silc_libs" fi -SILC_LIBS="$SILC_LIBS -lsilc -lsilcclient -lpthread -ldl" +SILC_LIBS="$SILC_LIBS -lsilc -lsilcclient -lpthread" echo "$as_me:$LINENO: checking for silc_client_init in -lsilcclient" >&5 echo $ECHO_N "checking for silc_client_init in -lsilcclient... $ECHO_C" >&6 if test "${ac_cv_lib_silcclient_silc_client_init+set}" = set; then @ 1.10 log @PKGREVISION++ - Enable SILC protocol support. - Don't build static versions of plugin libraries. - Use more appropriate DESCR and COMMENT. - Style & delint. Ok MAINTAINER, Matthew Luckie. @ text @d1 1 a1 1 $NetBSD$ @ 1.9 log @Update to 0.78: New Features: * Support for the SILC protocol (http://www.silcnet.org/) (Pekka Riikonen) * Option to suppress disconnect notification when using the autoreconnect plugin (Christopher (siege) O'Brien) * Added support for dragging buddies from the buddy list into the Add Buddy Pounce dialog * Pounce notification now includes time (Mike Lundy) * The history plugin now shows history for chats in addition to IMs * Menu item to view conversation logs (Tom Samstag) * Conversation and chat sizes automatically saved (Stu Tomlinson) * Added support for Novell privacy settings (Mike Stoddard of Novell) * Added ability to initiate multi-user conferences (chats) in Novell (Mike Stoddard of Novell) * Find and Save buttons on the debug window (Stu Tomlinson) * Plugin Actions menu (Christopher (siege) O'Brien) * Plugins can now add entries to the right-click menu of a group or chat (Stu Tomlinson and Christopher (siege) O'Brien) * Hyperlink colors are now themeable via your ~/.gtkrc-2.0 file Bug Fixes: * Compiles again with gcc 2.96 (Ignacio J. Elia) * Gtk2.0 compatibility fixes (Tim Ringenbach) * Many documentation updates (Jonathan Champ, Gary Kramlich, Stu Tomlinson, and Kevin Stange) * Yahoo works on 64 bit machines (Gary Kramlich) * Zephyr works on 64 bit machines (Arun A Tharuvai) * Novell 64bit fixes, better error messages, and buddy list sync fixes (Mike Stoddard of Novell) * Novell protocol works on big endian machines (Novell) * Massive rewrite of MSN support, which should fix a number of issues and make errors easier to interpret (Felipe Contreras) * Fixed a privacy-related bug in MSN that affected blocking/permitting, which was due to case-sensitive string comparisons (Gudmundur Olafsson) * Fixed an MSN HTTP method bug where MSN would queue data indefinitely. (Andrew Wellington) * All known MSN formatting bugs were fixed. * Overly long messages and paging cell phones in MSN no longer cause disconnects (Felipe Contreras) * Several bug fixes for MSN's MSNSLP and MSNObject support (Finlay Dobbie) * ALT-F works correctly in the System Log Viewer (Stu Tomlinson) * New tabs should scroll correctly again (Tim Ringenbach) * Dialogs opened from a conversation window are now closed when the conversation window is closed, preventing a crash (Kevin Stange) * Copy/paste encoding fixes (Joe Marcus Clarke) * IRC disconnect crash fix (Luciano Miguel Ferreira Rocha) * Ampersands in links should work correctly (Tim Ringenbach) * DirectIM and IM Image support for AIM are greatly improved (Tim Ringenbach) * Gadu-Gadu updates (Andrew Wellington) * Print Gadu-Gadu messages to the debug window instead of the console * Updated and standardized blist signals (Gary Kramlich) * Made the recieve-*-msg signals match the sending ones (Stu Tomlinson) * The idle time for the buddy-idle and buddy-unidle signals should be correct again. Preference Changes: * Added "Conversation placement - By conversation count" * Added a "none" smiley theme to replace the "Show graphical smileys" option * Replace default formatting preferences with a dialog to set a default formatting in a WYSIWYG manner. * Removed "Show logins in window," default to yes * Removed "Send URLs as links," default to yes (in protocols that support HTML) * Removed "Show URLs as links," default to yes * Removed New window height & width and Entry field height for Chats & IMs, sizes are now saved automatically * Removed "Tab-complete nicks" default to yes * Removed "Old-style tab completion", no longer supported * Removed "Sending message removes away status", default to no * Removed "Show numbers in groups", default to yes * Removed "Icons on tabs", default to yes * Removed "Sounds when you log in", default to no * Removed "Seconds before resending autoresponse", default to 600 seconds * Removed "Send autoresponse in active conversations", default to no * Removed "Show people joining in window", default to yes * Removed "Show people leaving in window", default to yes @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.8 2004/04/24 09:29:54 jmmv Exp $ d3 11 a13 18 --- src/gtkrequest.c.orig Sun Apr 18 18:22:41 2004 +++ src/gtkrequest.c Sat Apr 24 06:19:00 2004 @@@@ -260,6 +260,7 @@@@ GtkWidget *label; GtkWidget *entry; GtkWidget *img; + GtkWidget *toolbar; char *label_text; data = g_new0(GaimGtkRequestData, 1); @@@@ -338,7 +339,6 @@@@ gtk_widget_set_size_request(sw, 320, 130); /* Toolbar */ - GtkWidget *toolbar; toolbar = gtk_imhtmltoolbar_new(); gtk_box_pack_start(GTK_BOX(vbox), toolbar, FALSE, FALSE, 0); @ 1.8 log @Update to 0.77, based on patch from Matthew Luckie (maintainer): New Features: * The System Log returns (Ka-Hing Cheung) * Added a conversation-drag-ended signal (Etan Reisner) * Reorganized and cleaned up the MSN protocol plugin (Felipe Contreras) * Added the -c option to specify location of the .gaim directory, removed the outdated -f option that no longer had any effect (Daniel Atallah) * Novell GroupWise protocol support added (Novell) * WYSIWYG improvements (Tim Ringenbach) * WYSIWYG editing for user info (Jon Oberheide) * Rich-text copy and paste * Plugins can now add menu items to the buddy context menu (Christopher O'Brien) * Plugins can now add preferences (Gary Kramlich) * The TOC protocol is no longer built by default. The plugin is not being properly tested and is no longer officially supported. * Bumped up the plugin API version number, and added version numbers for loader plugins and protocol plugins. Authors will want to update their plugins, and possibly use GAIM_PLUGIN_API_VERSION, GAIM_PRPL_API_VERSION, and GAIM_LOADER_API_VERSION constants. * Zephyr error reporting works (Arun A. Tharuvai) * Zephyr deals with non-utf8 characters (Arun A. Tharuvai) Bug Fixes: * Formatting in the Log viewer is fixed (Kevin Stange) * Save Conversation works again (Kevin Stange) * The Clear button in privacy works (Robert Mibus) * MSN error reporting works again (Stu Tomlinson) * MSN e-mail notifications should no longer cause Gaim to crash (Felipe Contreras) * Fixed an infinite loop bug that would sometimes cause MSN to lock up (Nickolai Zeldovich) * All away messages should now show up in tooltips * Removing zephyr buddies no longer crashes (Arun A. Tharuvai) @ text @d1 1 a1 1 $NetBSD$ @ 1.7 log @Update to 0.76, based on patch from Matthew Luckie (maintainer). New Features: * WYSIWYG text input (with much help from Gary Kramlich and Kevin Stange) * Ability to be invisible on AIM * Chatroom list support (Tim Ringenbach) * Added auto-completion for screen names to the New Instant Message and Get User Info dialogs. * Non-ascii character support in AIM chats (Uli Luckas and Marco Ziech) * Vastly improved browser opening, with tab support! (Nathan Fredrickson) * Added support for connecting to MSN using the port 80 method. * Support for Mozilla Firefox (Chris Friesen and Nathan Fredrickson) * Added protocol-specific preferences (Gary Kramlich) * Local IP address information can be changed in Preferences (Tim Ringenbach) * Improved local IP address detection (Tim Ringenbach) * Offline accounts in account drop-down lists are now greyed (Etan Reisner) * Improved accessibility support for screen readers and other accessibility tools (Marc Mulcahy) * Improved accessibility in conversation windows (Nathan Fredrickson) * Keyboard access to context menus via Shift+F10 (Marc Mulcahy) * Core/UI split event loop code. (Scott Lamb) * Added improvements to the multi-field request code, including required fields and account fields. * Moved more dialogs to the request API for interface consistency (Send Message, Get User Info, and Insert Link dialogs) * Jabber file transfer * IRC file transfer (Tim Ringenbach) * Added a hidden preference for disabling buddy list tooltips or changing the pop-up delay in prefs.xml. * Moved translation news to po/ChangeLog Bug Fixes: * Significant work on the Zephyr plugin (Arun A. Tharuvai) * You can now use :/ as a smiley safely (Nathan Owens) * Various buffer overflow fixes (Stefan Esser) * Tabs now stay green when they are supposed to (Etan Reisner) * Fixed a bug where only the first user in a chat room list was removed sometimes when trying to remove a group of users (Tim Ringenbach) * Clearing an AIM buddy icon actually removes it from the server, icons changes in the account editor do not take effect if the cancel button is used (Stu Tomlinson) * Improved chat parting logic (Tim Ringenbach) * Yet Another IRC channel user duplication bugfix (Tim Ringenbach) * Deleting an account while modifying it will no longer crash gaim. * Only one account preference window will now appear per account when clicking Modify. * Aliases are now shown alongside the screen name in the message queue window. (Kevin Stange). * TCL Plugin API changed * The mobile icon on MSN users is now removed when the person disables mobile paging (Stu Tomlinson) * Removing invalid buddies in MSN with a space in their name no longer causes a disconnect (Stu Tomlinson) * Multiple MSN chats should now work (Robert Mibus) * Added new MSN error codes and fixed an incorrect one (Stu Tomlinson) * Incoming colors are now processed correctly in MSN. * Conversation placement by account now works correctly with both chats and IMs, and takes the Combine Chats and IMs option into consideration. * Minor tweaks to the list box in the multi-field request dialogs so they work without a label and scrollbar (Pekka Riikonen) * Hitting enter in a multi-field request dialog when a textfield has the focus no longer ignores the changed text in the textfield (Gary Kramlich) * The Disconnect dialog no longer raises and gains focus each time a disconnected account is added (Ka-Hing Cheung) * Gadu-Gadu might actually connect again (Ignacy Gawedzki) * Buddy pounces for an account are removed when the account is deleted (Gary Kramlich) * Various bug and memory leak fixes (Gary Kramlich) * Assorted SSL crashfixes * --enable-debug no longer breaks compilation when using gtk 2.4, which also broke garnome. * Tooltips shouldn't crash now (Daniel Atallah) @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.6 2004/01/27 01:24:52 recht Exp $ d3 17 a19 8 --- src/protocols/yahoo/yahoo.c.orig 2004-01-10 06:04:09.000000000 +0100 +++ src/protocols/yahoo/yahoo.c @@@@ -20,6 +20,7 @@@@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * */ +#include #include "internal.h" a20 165 #include "account.h" @@@@ -131,8 +132,15 @@@@ static void yahoo_packet_read(struct yah while (pos + 1 < len) { if (data[pos] == 0xc0 && data[pos + 1] == 0x80) break; + if (x >= sizeof(key)-1) { + x++; + continue; + + } key[x++] = data[pos++]; } + if (x >= sizeof(key)-1) + x = 0; key[x] = 0; pos += 2; pair->key = strtol(key, NULL, 10); @@@@ -868,32 +876,66 @@@@ static void yahoo_process_contact(GaimCo } } + +static void octal(const char **p, const char *end, unsigned char *n) +{ + int i, c; + + for (i = 0, c = 0; i < 3 && *p < end; ++i, ++*p) { + c <<= 3; + switch (**p) { + case '0': break; + case '1': c += 1; break; + case '2': c += 2; break; + case '3': c += 3; break; + case '4': c += 4; break; + case '5': c += 5; break; + case '6': c += 6; break; + case '7': c += 7; break; + default: + if (i == 0) { + *n = **p; + ++*p; + return; + } + c >>= 3; + goto done; + } + } +done: + *n = (c > UCHAR_MAX) ? '?' : c; + return; +} + #define OUT_CHARSET "utf-8" static char *yahoo_decode(const char *text) { char *converted; - char *p, *n, *new; - - n = new = g_malloc(strlen (text) + 1); - - for (p = (char *)text; *p; p++, n++) { + unsigned char *n, *new; + size_t len; + const char *p, *end; + + len = strlen (text); + p = text; + end = &text[len]; + n = new = g_malloc(len + 1); + while (p < end) { if (*p == '\\') { - sscanf(p + 1, "%3o\n", (int *)n); - p += 3; - } - else - *n = *p; + ++p; + octal(&p, end, n); + } else + *n = *p++; + ++n; } - *n = '\0'; - converted = g_convert(new, n - new, OUT_CHARSET, "iso-8859-1", NULL, NULL, NULL); g_free(new); return converted; } + static void yahoo_process_mail(GaimConnection *gc, struct yahoo_packet *pkt) { GaimAccount *account = gaim_connection_get_account(gc); @@@@ -1903,32 +1945,30 @@@@ static void yahoo_got_web_connected(gpoi static void yahoo_web_pending(gpointer data, gint source, GaimInputCondition cond) { + static const char http302[] = "HTTP/1.0 302"; + static const char setcookie[] = "Set-Cookie: "; GaimConnection *gc = data; GaimAccount *account = gaim_connection_get_account(gc); struct yahoo_data *yd = gc->proto_data; - char buf[1024], buf2[256], *i = buf, *r = buf2; - int len, o = 0; + char buf[1024], *i = buf; + int len; + GString *s; len = read(source, buf, sizeof(buf)); - if (len <= 0 || strncmp(buf, "HTTP/1.0 302", strlen("HTTP/1.0 302"))) { + if (len <= 0 || (len >= sizeof(http302)-1 && + memcmp(http302, buf, sizeof(http302)-1) != 0)) { gaim_connection_error(gc, _("Unable to read")); return; } - - while ((i = strstr(i, "Set-Cookie: ")) && 0 < 2) { - i += strlen("Set-Cookie: "); - for (;*i != ';'; r++, i++) { - *r = *i; - } - *r=';'; - r++; - *r=' '; - r++; - o++; - } - /* Get rid of that "; " */ - *(r-2) = '\0'; - yd->auth = g_strdup(buf2); + s = g_string_sized_new(len); + buf[len] = '\0'; + while ((i = strstr(i, setcookie)) != NULL) { + i += sizeof(setcookie)-1; + for (;*i != ';'; i++) + g_string_append_c(s, *i); + g_string_append(s, "; "); + } + yd->auth = g_string_free(s, FALSE); gaim_input_remove(gc->inpa); close(source); /* Now we have our cookies to login with. I'll go get the milk. */ @@@@ -1974,15 +2014,17 @@@@ static GHashTable *yahoo_login_page_hash const char *c = buf; char *d; char name[64], value[64]; + int count = sizeof(name)-1; while ((c < (buf + len)) && (c = strstr(c, "') < d) break; - for (c = d, d = value; *c!='"'; c++, d++) + for (c = d, d = value; *c!='"' && count; c++, d++, count--) *d = *c; *d = '\0'; g_hash_table_insert(hash, g_strdup(name), g_strdup(value)); @ 1.6 log @12 vulnerabilities were found in the instant messenger GAIM that allow remote compromise. The 12 identified problems range from simple standard stack overflows, over heap overflows to an integer overflow that can be abused to cause a heap overflow. Due to the nature of instant messaging some of these bugs require man-in-the-middle attacks between client and server. But the underlying protocols are easy to implement and MIM attacks on ordinary TCP sessions is afairly simple task. Please see http://security.e-matters.de/advisories/012004.html for more details. Apply the fix posted in that advisory (originally by the FreeBSD security team) and bump PKGREVISION to 1. @ text @d1 1 a1 1 $NetBSD$ @ 1.5 log @Update gaim to 0.61, based on the package provided by mjl@@luckie.org.nz in pkgsrc-wip. This new version includes lots of changes since 0.59.x, but maybe the most important is the switch to GTK v2. @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.4 2003/01/09 16:15:09 mycroft Exp $ d3 20 a22 21 --- src/perl.c.orig Sat Dec 21 20:08:19 2002 +++ src/perl.c Thu Jan 9 16:03:03 2003 @@@@ -178,15 +178,13 @@@@ { DIR *dir; struct dirent *ent; - struct dirent *dirent_buf; char *buf; char *path; path = gaim_user_dir(); dir = opendir(path); if (dir) { - dirent_buf = g_malloc(sizeof(struct dirent) + NAME_MAX); - while ((readdir_r(dir,dirent_buf,&ent),ent)) { + while ((ent = readdir(dir))) { if (strcmp(ent->d_name, ".") && strcmp(ent->d_name, "..")) { if (is_pl_file(ent->d_name)) { buf = g_malloc(strlen(path) + strlen(ent->d_name) + 2); @@@@ -197,7 +195,6 @@@@ } d24 6 a29 2 closedir(dir); - g_free(dirent_buf); a30 1 g_free(path); a31 17 @@@@ -295,7 +292,7 @@@@ XS (XS_GAIM_register) { char *name, *ver, *callback, *unused; /* exactly like X-Chat, eh? :) */ - unsigned int junk; + STRLEN junk; struct perlscript *scp; dXSARGS; items = 0; @@@@ -406,7 +403,7 @@@@ { char *title; char *message; - unsigned int junk; + STRLEN junk; dXSARGS; items = 0; d33 67 a99 1 @@@@ -474,7 +471,7 @@@@ d101 2 a102 51 XS (XS_GAIM_command) { - unsigned int junk; + STRLEN junk; char *command = NULL; dXSARGS; items = 0; @@@@ -526,7 +523,7 @@@@ XS (XS_GAIM_user_info) { struct gaim_connection *gc; - unsigned int junk; + STRLEN junk; struct buddy *buddy = NULL; dXSARGS; items = 0; @@@@ -552,7 +549,7 @@@@ { char *nick, *who, *what; struct conversation *c; - int junk; + STRLEN junk; int send, wflags; dXSARGS; items = 0; @@@@ -584,7 +581,7 @@@@ struct gaim_connection *gc; char *nick, *what; int isauto; - int junk; + STRLEN junk; dXSARGS; items = 0; @@@@ -607,7 +604,7 @@@@ char *nick, *what; int isauto; struct conversation *c; - unsigned int junk; + STRLEN junk; dXSARGS; items = 0; @@@@ -637,7 +634,7 @@@@ char *what; struct conversation *b = NULL; GSList *bcs; - unsigned int junk; + STRLEN junk; dXSARGS; items = 0; d104 2 a105 3 @@@@ -803,7 +800,7 @@@@ XS (XS_GAIM_add_event_handler) d107 2 a108 6 - unsigned int junk; + STRLEN junk; struct _perl_event_handlers *handler; dXSARGS; items = 0; @@@@ -830,7 +827,7 @@@@ d110 1 a110 1 XS (XS_GAIM_add_timeout_handler) d112 65 a176 5 - unsigned int junk; + STRLEN junk; long timeout; struct _perl_timeout_handlers *handler; dXSARGS; @ 1.5.2.1 log @Update gaim to version 0.75 to fix security problem on the pkgsrc-2003Q4 branch, requested by Marc Recht. The files here were hand-edited, since much has changed between the version of this package on the pkgsrc-2003Q4 branch and the head. Original commit message follows: Module Name: pkgsrc Committed By: recht Date: Tue Jan 27 01:24:52 UTC 2004 Modified Files: pkgsrc/chat/gaim: Makefile distinfo pkgsrc/chat/gaim/patches: patch-aa Added Files: pkgsrc/chat/gaim/patches: patch-ab patch-ac patch-ad Log Message: 12 vulnerabilities were found in the instant messenger GAIM that allow remote compromise. The 12 identified problems range from simple standard stack overflows, over heap overflows to an integer overflow that can be abused to cause a heap overflow. Due to the nature of instant messaging some of these bugs require man-in-the-middle attacks between client and server. But the underlying protocols are easy to implement and MIM attacks on ordinary TCP sessions is afairly simple task. Please see http://security.e-matters.de/advisories/012004.html for more details. Apply the fix posted in that advisory (originally by the FreeBSD security team) and bump PKGREVISION to 1. @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.6 2004/01/27 01:24:52 recht Exp $ d3 21 a23 20 --- src/protocols/yahoo/yahoo.c.orig 2004-01-10 06:04:09.000000000 +0100 +++ src/protocols/yahoo/yahoo.c @@@@ -20,6 +20,7 @@@@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * */ +#include #include "internal.h" #include "account.h" @@@@ -131,8 +132,15 @@@@ static void yahoo_packet_read(struct yah while (pos + 1 < len) { if (data[pos] == 0xc0 && data[pos + 1] == 0x80) break; + if (x >= sizeof(key)-1) { + x++; + continue; + + } key[x++] = data[pos++]; d25 2 a26 6 + if (x >= sizeof(key)-1) + x = 0; key[x] = 0; pos += 2; pair->key = strtol(key, NULL, 10); @@@@ -868,32 +876,66 @@@@ static void yahoo_process_contact(GaimCo d28 1 d30 17 d48 53 a100 67 + +static void octal(const char **p, const char *end, unsigned char *n) +{ + int i, c; + + for (i = 0, c = 0; i < 3 && *p < end; ++i, ++*p) { + c <<= 3; + switch (**p) { + case '0': break; + case '1': c += 1; break; + case '2': c += 2; break; + case '3': c += 3; break; + case '4': c += 4; break; + case '5': c += 5; break; + case '6': c += 6; break; + case '7': c += 7; break; + default: + if (i == 0) { + *n = **p; + ++*p; + return; + } + c >>= 3; + goto done; + } + } +done: + *n = (c > UCHAR_MAX) ? '?' : c; + return; +} + #define OUT_CHARSET "utf-8" static char *yahoo_decode(const char *text) { char *converted; - char *p, *n, *new; - - n = new = g_malloc(strlen (text) + 1); - - for (p = (char *)text; *p; p++, n++) { + unsigned char *n, *new; + size_t len; + const char *p, *end; + + len = strlen (text); + p = text; + end = &text[len]; + n = new = g_malloc(len + 1); + while (p < end) { if (*p == '\\') { - sscanf(p + 1, "%3o\n", (int *)n); - p += 3; - } - else - *n = *p; + ++p; + octal(&p, end, n); + } else + *n = *p++; + ++n; } - *n = '\0'; - converted = g_convert(new, n - new, OUT_CHARSET, "iso-8859-1", NULL, NULL, NULL); g_free(new); d102 1 a102 2 return converted; } d104 1 a104 2 + static void yahoo_process_mail(GaimConnection *gc, struct yahoo_packet *pkt) d106 6 a111 2 GaimAccount *account = gaim_connection_get_account(gc); @@@@ -1903,32 +1945,30 @@@@ static void yahoo_got_web_connected(gpoi d113 1 a113 1 static void yahoo_web_pending(gpointer data, gint source, GaimInputCondition cond) d115 5 a119 65 + static const char http302[] = "HTTP/1.0 302"; + static const char setcookie[] = "Set-Cookie: "; GaimConnection *gc = data; GaimAccount *account = gaim_connection_get_account(gc); struct yahoo_data *yd = gc->proto_data; - char buf[1024], buf2[256], *i = buf, *r = buf2; - int len, o = 0; + char buf[1024], *i = buf; + int len; + GString *s; len = read(source, buf, sizeof(buf)); - if (len <= 0 || strncmp(buf, "HTTP/1.0 302", strlen("HTTP/1.0 302"))) { + if (len <= 0 || (len >= sizeof(http302)-1 && + memcmp(http302, buf, sizeof(http302)-1) != 0)) { gaim_connection_error(gc, _("Unable to read")); return; } - - while ((i = strstr(i, "Set-Cookie: ")) && 0 < 2) { - i += strlen("Set-Cookie: "); - for (;*i != ';'; r++, i++) { - *r = *i; - } - *r=';'; - r++; - *r=' '; - r++; - o++; - } - /* Get rid of that "; " */ - *(r-2) = '\0'; - yd->auth = g_strdup(buf2); + s = g_string_sized_new(len); + buf[len] = '\0'; + while ((i = strstr(i, setcookie)) != NULL) { + i += sizeof(setcookie)-1; + for (;*i != ';'; i++) + g_string_append_c(s, *i); + g_string_append(s, "; "); + } + yd->auth = g_string_free(s, FALSE); gaim_input_remove(gc->inpa); close(source); /* Now we have our cookies to login with. I'll go get the milk. */ @@@@ -1974,15 +2014,17 @@@@ static GHashTable *yahoo_login_page_hash const char *c = buf; char *d; char name[64], value[64]; + int count = sizeof(name)-1; while ((c < (buf + len)) && (c = strstr(c, "') < d) break; - for (c = d, d = value; *c!='"'; c++, d++) + for (c = d, d = value; *c!='"' && count; c++, d++, count--) *d = *c; *d = '\0'; g_hash_table_insert(hash, g_strdup(name), g_strdup(value)); @ 1.4 log @Update from 0.59.6 to 0.59.8. version 0.59.8 (01/06/2003): * Ripped out all gtk2 support (Thanks Nathan Walp). * Fixed smiley related segfault (Thanks Robert McQueen) * Yahoo! can connect again version 0.59.7 (12/21/2002): * Yahoo i18n fix (Thanks Ethan Blanton). * Fixed a bug in escaping saved passwords (Thanks Eric Timme) * Fixed an overflow bug in perl script autoloading (Thanks David Kaelbling) * Some build fixes for those using stricter compilers, notably MIPSpro (Thanks David Kaelbling) * Fixed a bad argument to accept() calls (Thanks David Kaelbling) * Fixed crashbug on empty rvous requests (Thanks Brandon Scott (Xeon)) for being the first to point this out. @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.3 2002/08/28 07:43:57 jlam Exp $ @ 1.3 log @Update gaim and gaim-gnome to 0.59.1. This update is based on work by Curt Sampson. Relevant changes from version 0.59 include: * Fixed a security bug in the manual browser setting (Thanks Robert McQueen) * Will work with Perl 5.8 (thanks, Timothy Lee and Dan Colascione) * Fix for HTTP proxies (thanks, Ethan Blanton) * Read proxy environment variables. (thanks, Christian Hammond) * Use the pretty gaim.png for our menu entry. The new iconv() support has been explicitly disabled for now until I can get it right across both packages. @ text @d1 1 a1 1 $NetBSD$ d3 10 a12 3 --- src/perl.c.orig Mon Aug 26 11:00:58 2002 +++ src/perl.c Wed Aug 28 13:37:46 2002 @@@@ -185,7 +185,7 @@@@ d16 3 a18 2 - while ((readdir_r(dir,&dirent_buf,&ent),ent)) { + while ((ent = readdir(dir))) { d22 9 a30 1 @@@@ -293,7 +293,7 @@@@ d39 1 a39 1 @@@@ -404,7 +404,7 @@@@ d48 1 a48 1 @@@@ -472,7 +472,7 @@@@ d57 1 a57 1 @@@@ -524,7 +524,7 @@@@ d66 1 a66 1 @@@@ -550,7 +550,7 @@@@ d75 1 a75 1 @@@@ -582,7 +582,7 @@@@ d84 1 a84 1 @@@@ -605,7 +605,7 @@@@ d93 1 a93 1 @@@@ -635,7 +635,7 @@@@ d102 1 a102 1 @@@@ -801,7 +801,7 @@@@ d111 1 a111 1 @@@@ -828,7 +828,7 @@@@ @ 1.2 log @Merge packages from the buildlink2 branch back into the main trunk that have been converted to USE_BUILDLINK2. @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.1.4.1 2002/08/25 21:19:58 jlam Exp $ d3 12 a14 3 --- src/perl.c.orig Fri May 31 05:13:02 2002 +++ src/perl.c Fri Jul 19 05:07:30 2002 @@@@ -289,7 +289,7 @@@@ d23 1 a23 1 @@@@ -400,7 +400,7 @@@@ d32 1 a32 1 @@@@ -468,7 +468,7 @@@@ d41 1 a41 1 @@@@ -520,7 +520,7 @@@@ d50 1 a50 1 @@@@ -546,7 +546,7 @@@@ d59 1 a59 1 @@@@ -578,7 +578,7 @@@@ d68 1 a68 1 @@@@ -601,7 +601,7 @@@@ d77 1 a77 1 @@@@ -631,7 +631,7 @@@@ d86 1 a86 1 @@@@ -797,7 +797,7 @@@@ d95 1 a95 1 @@@@ -824,7 +824,7 @@@@ @ 1.1 log @Clean up the `Perl_sv_2pv' warnings on LP64. @ text @d1 1 a1 1 $NetBSD$ @ 1.1.4.1 log @file patch-ab was added on branch buildlink2 on 2002-08-25 21:19:58 +0000 @ text @d1 94 @ 1.1.4.2 log @Merge changes in the main trunk into the buildlink2 branch for those packages that have been converted to USE_BUILDLINK2. @ text @a0 94 $NetBSD: patch-ab,v 1.1.4.1 2002/08/25 21:19:58 jlam Exp $ --- src/perl.c.orig Fri May 31 05:13:02 2002 +++ src/perl.c Fri Jul 19 05:07:30 2002 @@@@ -289,7 +289,7 @@@@ XS (XS_GAIM_register) { char *name, *ver, *callback, *unused; /* exactly like X-Chat, eh? :) */ - unsigned int junk; + STRLEN junk; struct perlscript *scp; dXSARGS; items = 0; @@@@ -400,7 +400,7 @@@@ { char *title; char *message; - unsigned int junk; + STRLEN junk; dXSARGS; items = 0; @@@@ -468,7 +468,7 @@@@ XS (XS_GAIM_command) { - unsigned int junk; + STRLEN junk; char *command = NULL; dXSARGS; items = 0; @@@@ -520,7 +520,7 @@@@ XS (XS_GAIM_user_info) { struct gaim_connection *gc; - unsigned int junk; + STRLEN junk; struct buddy *buddy = NULL; dXSARGS; items = 0; @@@@ -546,7 +546,7 @@@@ { char *nick, *who, *what; struct conversation *c; - int junk; + STRLEN junk; int send, wflags; dXSARGS; items = 0; @@@@ -578,7 +578,7 @@@@ struct gaim_connection *gc; char *nick, *what; int isauto; - int junk; + STRLEN junk; dXSARGS; items = 0; @@@@ -601,7 +601,7 @@@@ char *nick, *what; int isauto; struct conversation *c; - unsigned int junk; + STRLEN junk; dXSARGS; items = 0; @@@@ -631,7 +631,7 @@@@ char *what; struct conversation *b = NULL; GSList *bcs; - unsigned int junk; + STRLEN junk; dXSARGS; items = 0; @@@@ -797,7 +797,7 @@@@ XS (XS_GAIM_add_event_handler) { - unsigned int junk; + STRLEN junk; struct _perl_event_handlers *handler; dXSARGS; items = 0; @@@@ -824,7 +824,7 @@@@ XS (XS_GAIM_add_timeout_handler) { - unsigned int junk; + STRLEN junk; long timeout; struct _perl_timeout_handlers *handler; dXSARGS; @