head 1.10; access; symbols pkgsrc-2013Q2:1.10.0.20 pkgsrc-2013Q2-base:1.10 pkgsrc-2012Q4:1.10.0.18 pkgsrc-2012Q4-base:1.10 pkgsrc-2011Q4:1.10.0.16 pkgsrc-2011Q4-base:1.10 pkgsrc-2011Q2:1.10.0.14 pkgsrc-2011Q2-base:1.10 pkgsrc-2009Q4:1.10.0.12 pkgsrc-2009Q4-base:1.10 pkgsrc-2008Q4:1.10.0.10 pkgsrc-2008Q4-base:1.10 pkgsrc-2008Q3:1.10.0.8 pkgsrc-2008Q3-base:1.10 cube-native-xorg:1.10.0.6 cube-native-xorg-base:1.10 pkgsrc-2008Q2:1.10.0.4 pkgsrc-2008Q2-base:1.10 pkgsrc-2008Q1:1.10.0.2 pkgsrc-2008Q1-base:1.10 pkgsrc-2007Q4:1.9.0.16 pkgsrc-2007Q4-base:1.9 pkgsrc-2007Q3:1.9.0.14 pkgsrc-2007Q3-base:1.9 pkgsrc-2007Q2:1.9.0.12 pkgsrc-2007Q2-base:1.9 pkgsrc-2007Q1:1.9.0.10 pkgsrc-2007Q1-base:1.9 pkgsrc-2006Q4:1.9.0.8 pkgsrc-2006Q4-base:1.9 pkgsrc-2006Q3:1.9.0.6 pkgsrc-2006Q3-base:1.9 pkgsrc-2006Q2:1.9.0.4 pkgsrc-2006Q2-base:1.9 pkgsrc-2006Q1:1.9.0.2 pkgsrc-2006Q1-base:1.9 pkgsrc-2005Q4:1.8.0.4 pkgsrc-2005Q4-base:1.8 pkgsrc-2005Q3:1.8.0.2 pkgsrc-2005Q3-base:1.8 pkgsrc-2005Q2:1.7.0.4 pkgsrc-2005Q2-base:1.7 pkgsrc-2005Q1:1.7.0.2 pkgsrc-2005Q1-base:1.7 pkgsrc-2004Q4:1.6.0.2 pkgsrc-2004Q4-base:1.6 pkgsrc-2004Q3:1.4.0.4 pkgsrc-2004Q3-base:1.4 pkgsrc-2004Q2:1.4.0.2 pkgsrc-2004Q2-base:1.4 pkgsrc-2004Q1:1.1.0.4 pkgsrc-2004Q1-base:1.1 pkgsrc-2003Q4:1.1.0.2; locks; strict; comment @# @; 1.10 date 2008.03.05.15.41.23; author tnn; state dead; branches; next 1.9; 1.9 date 2006.03.13.20.33.24; author joerg; state Exp; branches; next 1.8; 1.8 date 2005.08.25.21.30.48; author reed; state Exp; branches; next 1.7; 1.7 date 2005.03.18.18.56.04; author jmmv; state Exp; branches; next 1.6; 1.6 date 2004.12.03.12.43.24; author adam; state Exp; branches; next 1.5; 1.5 date 2004.11.16.19.49.42; author ben; state Exp; branches; next 1.4; 1.4 date 2004.06.01.21.00.59; author jmmv; state dead; branches; next 1.3; 1.3 date 2004.04.24.09.29.54; author jmmv; state Exp; branches; next 1.2; 1.2 date 2004.04.02.16.08.22; author jmmv; state dead; branches; next 1.1; 1.1 date 2004.01.27.01.24.52; author recht; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2004.01.27.01.24.52; author agc; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2004.01.29.18.38.50; author agc; state Exp; branches; next ; desc @@ 1.10 log @Remove gaim and related packages. The gaim project was renamed to pidgin, see the chat/pidgin* packages. @ text @$NetBSD: patch-ad,v 1.9 2006/03/13 20:33:24 joerg Exp $ --- configure.orig 2005-08-12 02:21:55.000000000 +0000 +++ configure @@@@ -29137,7 +29137,7 @@@@ fi if test "$ac_silc_libs" != "no"; then SILC_LIBS="-L$ac_silc_libs" fi - SILC_LIBS="$SILC_LIBS -lsilc -lsilcclient -lpthread -ldl" + SILC_LIBS="$SILC_LIBS -lsilc -lsilcclient ${PTHREAD_LIBS} ${DLLIB}" echo "$as_me:$LINENO: checking for silc_client_init in -lsilcclient" >&5 echo $ECHO_N "checking for silc_client_init in -lsilcclient... $ECHO_C" >&6 if test "${ac_cv_lib_silcclient_silc_client_init+set}" = set; then @@@@ -34275,10 +34275,10 @@@@ echo "$as_me: error: Static linkage requ enable_nss="no" else - nsprlibs="-ldl $with_nspr_libs/libplc4.a $with_nspr_libs/libplds4.a $with_nspr_libs/libnspr4.a $PTHREAD_LIB" + nsprlibs="${DLLIB} $with_nspr_libs/libplc4.a $with_nspr_libs/libplds4.a $with_nspr_libs/libnspr4.a $PTHREAD_LIB $PTHREAD_LDFLAGS" fi else - nsprlibs="-ldl -lplc4 -lplds4 -lnspr4 $PTHREAD_LIB" + nsprlibs="${DLLIB} -lplc4 -lplds4 -lnspr4 $PTHREAD_LIB $PTHREAD_LDFLAGS" fi echo "$as_me:$LINENO: checking for Mozilla nspr libraries" >&5 @ 1.9 log @Fix NSPR detection at least for DragonFly, making it actually work. Addresses complains of Tom Hummel via IRC. Bump revision. @ text @d1 1 a1 1 $NetBSD$ @ 1.8 log @Update patch-ad so instead of getting rid of -ldl (which is needed by Linux) in tests, use value of BUILDLINK_LDADD.dl. Also use PTHREAD_LIBS instead of hard-coded -lpthread. Include dlopen.buildlink3.mk and include pthread.buildlink3.mk. This fixes problem on Linux and DragonFly where it was not built with silc support. Okayed by maintainer. I tested this on Linux, DragonFly and NetBSD 2.0.2. I also filed a bug report with gaim last week so they can fix the configure.ac correctly. @ text @d3 3 a5 3 --- configure.orig 2005-08-25 10:19:21.000000000 -0700 +++ configure 2005-08-25 10:23:27.000000000 -0700 @@@@ -29137,7 +29137,7 @@@@ d14 1 a14 1 @@@@ -34275,10 +34275,10 @@@@ d19 1 a19 1 + nsprlibs="${DLLIB} $with_nspr_libs/libplc4.a $with_nspr_libs/libplds4.a $with_nspr_libs/libnspr4.a $PTHREAD_LIB" d23 1 a23 1 + nsprlibs="${DLLIB} -lplc4 -lplds4 -lnspr4 $PTHREAD_LIB" @ 1.7 log @Use nss instead of gnutls for SSL connections. This fixes several problems under NetBSD 1.6 (gaim hanging during MSN connection). Bump revision to 1. No objections in tech-pkg@@ and got positive comments from tv@@ and maintainer. Closes PR pkg/28690 by chemical-al at suomi24.fi. @ text @d1 1 a1 1 $NetBSD: patch-ad,v 1.6 2004/12/03 12:43:24 adam Exp $ d3 3 a5 3 --- configure.orig 2005-02-25 03:44:01.000000000 +0100 +++ configure @@@@ -28205,7 +28205,7 @@@@ fi d10 1 a10 1 + SILC_LIBS="$SILC_LIBS -lsilc -lsilcclient -lpthread" d14 1 a14 1 @@@@ -33268,10 +33268,10 @@@@ echo "$as_me: error: Static linkage requ d19 1 a19 1 + nsprlibs="$with_nspr_libs/libplc4.a $with_nspr_libs/libplds4.a $with_nspr_libs/libnspr4.a $PTHREAD_LIB" d23 1 a23 1 + nsprlibs="-lplc4 -lplds4 -lnspr4 $PTHREAD_LIB" @ 1.6 log @Changes 1.1.0: New Features: * Binary relocable. Gaim will find its files even if it's installed in a location other than the --prefix it was ./configured with. Pass --disable-binreloc to ./configure to disable. * IRC now has fallback encodings, and tries harder to display something useful during an encoding error. * New MSN protocol icon (Felipe Contreras) Bug Fixes: * Fix some leaks (Miah Gregory, Felipe Contreras) * Fix crashes when removing buddies in certain situations (Andrew Hart) * Eliminate MSN switchboard errors (Felipe Contreras) * Fix MSN buddy icon syncronization (Felipe Contreras) * Correctly display file transfer dialogs for filenames containing &, < or > * Correctly display MSN authorization dialogs for friendly names containing &, < or > * Properly align the right-click docklet menu with the docklet icon in *nix. * Fix a crash if the MSN buddy list is not available * Fix a bug in the request api (Gary Kramlich) @ text @d1 1 a1 1 $NetBSD$ d3 1 a3 1 --- configure.orig 2004-12-03 04:24:48.000000000 +0000 d5 1 a5 1 @@@@ -27839,7 +27839,7 @@@@ fi d14 13 @ 1.5 log @Remove -ldl from libsilcclient test in configure.ac and configure. This resolves PR#28333 @ text @d3 1 a3 1 --- configure.orig Thu Nov 11 20:54:53 2004 d5 1 a5 1 @@@@ -27815,7 +27815,7 @@@@ fi @ 1.4 log @Update to 0.78: New Features: * Support for the SILC protocol (http://www.silcnet.org/) (Pekka Riikonen) * Option to suppress disconnect notification when using the autoreconnect plugin (Christopher (siege) O'Brien) * Added support for dragging buddies from the buddy list into the Add Buddy Pounce dialog * Pounce notification now includes time (Mike Lundy) * The history plugin now shows history for chats in addition to IMs * Menu item to view conversation logs (Tom Samstag) * Conversation and chat sizes automatically saved (Stu Tomlinson) * Added support for Novell privacy settings (Mike Stoddard of Novell) * Added ability to initiate multi-user conferences (chats) in Novell (Mike Stoddard of Novell) * Find and Save buttons on the debug window (Stu Tomlinson) * Plugin Actions menu (Christopher (siege) O'Brien) * Plugins can now add entries to the right-click menu of a group or chat (Stu Tomlinson and Christopher (siege) O'Brien) * Hyperlink colors are now themeable via your ~/.gtkrc-2.0 file Bug Fixes: * Compiles again with gcc 2.96 (Ignacio J. Elia) * Gtk2.0 compatibility fixes (Tim Ringenbach) * Many documentation updates (Jonathan Champ, Gary Kramlich, Stu Tomlinson, and Kevin Stange) * Yahoo works on 64 bit machines (Gary Kramlich) * Zephyr works on 64 bit machines (Arun A Tharuvai) * Novell 64bit fixes, better error messages, and buddy list sync fixes (Mike Stoddard of Novell) * Novell protocol works on big endian machines (Novell) * Massive rewrite of MSN support, which should fix a number of issues and make errors easier to interpret (Felipe Contreras) * Fixed a privacy-related bug in MSN that affected blocking/permitting, which was due to case-sensitive string comparisons (Gudmundur Olafsson) * Fixed an MSN HTTP method bug where MSN would queue data indefinitely. (Andrew Wellington) * All known MSN formatting bugs were fixed. * Overly long messages and paging cell phones in MSN no longer cause disconnects (Felipe Contreras) * Several bug fixes for MSN's MSNSLP and MSNObject support (Finlay Dobbie) * ALT-F works correctly in the System Log Viewer (Stu Tomlinson) * New tabs should scroll correctly again (Tim Ringenbach) * Dialogs opened from a conversation window are now closed when the conversation window is closed, preventing a crash (Kevin Stange) * Copy/paste encoding fixes (Joe Marcus Clarke) * IRC disconnect crash fix (Luciano Miguel Ferreira Rocha) * Ampersands in links should work correctly (Tim Ringenbach) * DirectIM and IM Image support for AIM are greatly improved (Tim Ringenbach) * Gadu-Gadu updates (Andrew Wellington) * Print Gadu-Gadu messages to the debug window instead of the console * Updated and standardized blist signals (Gary Kramlich) * Made the recieve-*-msg signals match the sending ones (Stu Tomlinson) * The idle time for the buddy-idle and buddy-unidle signals should be correct again. Preference Changes: * Added "Conversation placement - By conversation count" * Added a "none" smiley theme to replace the "Show graphical smileys" option * Replace default formatting preferences with a dialog to set a default formatting in a WYSIWYG manner. * Removed "Show logins in window," default to yes * Removed "Send URLs as links," default to yes (in protocols that support HTML) * Removed "Show URLs as links," default to yes * Removed New window height & width and Entry field height for Chats & IMs, sizes are now saved automatically * Removed "Tab-complete nicks" default to yes * Removed "Old-style tab completion", no longer supported * Removed "Sending message removes away status", default to no * Removed "Show numbers in groups", default to yes * Removed "Icons on tabs", default to yes * Removed "Sounds when you log in", default to no * Removed "Seconds before resending autoresponse", default to 600 seconds * Removed "Send autoresponse in active conversations", default to no * Removed "Show people joining in window", default to yes * Removed "Show people leaving in window", default to yes @ text @d1 1 a1 1 $NetBSD: patch-ad,v 1.3 2004/04/24 09:29:54 jmmv Exp $ d3 11 a13 48 --- src/protocols/novell/nmuser.c.orig Thu Apr 22 09:01:16 2004 +++ src/protocols/novell/nmuser.c Sat Apr 24 05:11:42 2004 @@@@ -50,10 +50,12 @@@@ nm_initialize_user(const char *name, const char *server_addr, int port, gpointer data, nm_event_cb event_callback) { + NMUser *user; + if (name == NULL || server_addr == NULL || event_callback == NULL) return NULL; - NMUser *user = g_new0(NMUser, 1); + user = g_new0(NMUser, 1); user->conn = g_new0(NMConn, 1); @@@@ -1647,11 +1649,12 @@@@ nm_typed_to_dotted(const char *typed) { unsigned i = 0, j = 0; + char *dotted; if (typed == NULL) return NULL; - char *dotted = g_new0(char, strlen(typed)); + dotted = g_new0(char, strlen(typed)); do { @@@@ -1692,6 +1695,7 @@@@ gint objid1; NMContact *contact; NMFolder *folder; + gpointer item; if (user == NULL || fields == NULL) return; @@@@ -1713,8 +1717,7 @@@@ nm_locate_field(NM_A_SZ_OBJECT_ID, (NMField *) cursor->value); if (locate != NULL && locate->value != 0) { objid1 = atoi((char *) locate->value); - gpointer item = - nm_folder_find_item_by_object_id(user->root_folder, objid1); + item = nm_folder_find_item_by_object_id(user->root_folder, objid1); if (item != NULL) { if (cursor->method == NMFIELD_METHOD_ADD) { if (g_ascii_strcasecmp(cursor->tag, NM_A_FA_CONTACT) == 0) { @ 1.3 log @Update to 0.77, based on patch from Matthew Luckie (maintainer): New Features: * The System Log returns (Ka-Hing Cheung) * Added a conversation-drag-ended signal (Etan Reisner) * Reorganized and cleaned up the MSN protocol plugin (Felipe Contreras) * Added the -c option to specify location of the .gaim directory, removed the outdated -f option that no longer had any effect (Daniel Atallah) * Novell GroupWise protocol support added (Novell) * WYSIWYG improvements (Tim Ringenbach) * WYSIWYG editing for user info (Jon Oberheide) * Rich-text copy and paste * Plugins can now add menu items to the buddy context menu (Christopher O'Brien) * Plugins can now add preferences (Gary Kramlich) * The TOC protocol is no longer built by default. The plugin is not being properly tested and is no longer officially supported. * Bumped up the plugin API version number, and added version numbers for loader plugins and protocol plugins. Authors will want to update their plugins, and possibly use GAIM_PLUGIN_API_VERSION, GAIM_PRPL_API_VERSION, and GAIM_LOADER_API_VERSION constants. * Zephyr error reporting works (Arun A. Tharuvai) * Zephyr deals with non-utf8 characters (Arun A. Tharuvai) Bug Fixes: * Formatting in the Log viewer is fixed (Kevin Stange) * Save Conversation works again (Kevin Stange) * The Clear button in privacy works (Robert Mibus) * MSN error reporting works again (Stu Tomlinson) * MSN e-mail notifications should no longer cause Gaim to crash (Felipe Contreras) * Fixed an infinite loop bug that would sometimes cause MSN to lock up (Nickolai Zeldovich) * All away messages should now show up in tooltips * Removing zephyr buddies no longer crashes (Arun A. Tharuvai) @ text @d1 1 a1 1 $NetBSD$ @ 1.2 log @Update to 0.76, based on patch from Matthew Luckie (maintainer). New Features: * WYSIWYG text input (with much help from Gary Kramlich and Kevin Stange) * Ability to be invisible on AIM * Chatroom list support (Tim Ringenbach) * Added auto-completion for screen names to the New Instant Message and Get User Info dialogs. * Non-ascii character support in AIM chats (Uli Luckas and Marco Ziech) * Vastly improved browser opening, with tab support! (Nathan Fredrickson) * Added support for connecting to MSN using the port 80 method. * Support for Mozilla Firefox (Chris Friesen and Nathan Fredrickson) * Added protocol-specific preferences (Gary Kramlich) * Local IP address information can be changed in Preferences (Tim Ringenbach) * Improved local IP address detection (Tim Ringenbach) * Offline accounts in account drop-down lists are now greyed (Etan Reisner) * Improved accessibility support for screen readers and other accessibility tools (Marc Mulcahy) * Improved accessibility in conversation windows (Nathan Fredrickson) * Keyboard access to context menus via Shift+F10 (Marc Mulcahy) * Core/UI split event loop code. (Scott Lamb) * Added improvements to the multi-field request code, including required fields and account fields. * Moved more dialogs to the request API for interface consistency (Send Message, Get User Info, and Insert Link dialogs) * Jabber file transfer * IRC file transfer (Tim Ringenbach) * Added a hidden preference for disabling buddy list tooltips or changing the pop-up delay in prefs.xml. * Moved translation news to po/ChangeLog Bug Fixes: * Significant work on the Zephyr plugin (Arun A. Tharuvai) * You can now use :/ as a smiley safely (Nathan Owens) * Various buffer overflow fixes (Stefan Esser) * Tabs now stay green when they are supposed to (Etan Reisner) * Fixed a bug where only the first user in a chat room list was removed sometimes when trying to remove a group of users (Tim Ringenbach) * Clearing an AIM buddy icon actually removes it from the server, icons changes in the account editor do not take effect if the cancel button is used (Stu Tomlinson) * Improved chat parting logic (Tim Ringenbach) * Yet Another IRC channel user duplication bugfix (Tim Ringenbach) * Deleting an account while modifying it will no longer crash gaim. * Only one account preference window will now appear per account when clicking Modify. * Aliases are now shown alongside the screen name in the message queue window. (Kevin Stange). * TCL Plugin API changed * The mobile icon on MSN users is now removed when the person disables mobile paging (Stu Tomlinson) * Removing invalid buddies in MSN with a space in their name no longer causes a disconnect (Stu Tomlinson) * Multiple MSN chats should now work (Robert Mibus) * Added new MSN error codes and fixed an incorrect one (Stu Tomlinson) * Incoming colors are now processed correctly in MSN. * Conversation placement by account now works correctly with both chats and IMs, and takes the Combine Chats and IMs option into consideration. * Minor tweaks to the list box in the multi-field request dialogs so they work without a label and scrollbar (Pekka Riikonen) * Hitting enter in a multi-field request dialog when a textfield has the focus no longer ignores the changed text in the textfield (Gary Kramlich) * The Disconnect dialog no longer raises and gains focus each time a disconnected account is added (Ka-Hing Cheung) * Gadu-Gadu might actually connect again (Ignacy Gawedzki) * Buddy pounces for an account are removed when the account is deleted (Gary Kramlich) * Various bug and memory leak fixes (Gary Kramlich) * Assorted SSL crashfixes * --enable-debug no longer breaks compilation when using gtk 2.4, which also broke garnome. * Tooltips shouldn't crash now (Daniel Atallah) @ text @d1 1 a1 1 $NetBSD: patch-ad,v 1.1 2004/01/27 01:24:52 recht Exp $ d3 5 a7 9 --- src/util.c.orig 2004-01-10 05:04:56.000000000 +0100 +++ src/util.c @@@@ -247,24 +247,71 @@@@ gaim_base64_decode(const char *text, cha /************************************************************************** * Quoted Printable Functions **************************************************************************/ -void -gaim_quotedp_decode(const char *str, char **ret_str, int *ret_len) +static void hex(const char **p, const char *end, unsigned char *n) d9 7 a15 2 - char *p, *n, *new; + int i, c; d17 4 a20 73 - n = new = g_malloc(strlen (str) + 1); + for (i = 0, c = 0; i < 2 && *p < end; ++i, ++*p) { + c <<= 4; + switch (**p) { + case '0': break; + case '1': c += 1; break; + case '2': c += 2; break; + case '3': c += 3; break; + case '4': c += 4; break; + case '5': c += 5; break; + case '6': c += 6; break; + case '7': c += 7; break; + case '8': c += 8; break; + case '9': c += 9; break; + case 'a': c += 10; break; + case 'b': c += 11; break; + case 'c': c += 12; break; + case 'd': c += 13; break; + case 'e': c += 14; break; + case 'f': c += 15; break; + case 'A': c += 10; break; + case 'B': c += 11; break; + case 'C': c += 12; break; + case 'D': c += 13; break; + case 'E': c += 14; break; + case 'F': c += 15; break; + default: + if (i == 0) { + *n = **p; + ++*p; + return; + } + c >>= 4; + goto done; + } + } +done: + *n = (c > UCHAR_MAX) ? '?' : c; + return; +} - for (p = (char *)str; *p; p++, n++) { +void +gaim_quotedp_decode(const char *str, char **ret_str, int *ret_len) +{ + const char *p, *end; + unsigned char *n, *new; + size_t len; + + len = strlen (str); + n = new = g_malloc(len + 1); + p = str; + end = &p[len]; + while (p < end) { if (*p == '=') { - sscanf(p + 1, "%2x\n", (int *)n); - p += 2; - } - else if (*p == '_') + ++p; + hex(&p, end, n); + } else if (*p == '_') *n = ' '; else *n = *p; + ++n; } - *n = '\0'; if (ret_len) @@@@ -1962,7 +2009,7 @@@@ gaim_url_parse(const char *url, char **r char **ret_path) d22 8 a29 44 char scan_info[255]; - char port_str[5]; + char port_str[6]; int f; const char *turl; char host[256], path[256]; @@@@ -1982,16 +2029,21 @@@@ gaim_url_parse(const char *url, char **r } g_snprintf(scan_info, sizeof(scan_info), - "%%[%s]:%%[%s]/%%[%s]", addr_ctrl, port_ctrl, page_ctrl); + "%%255[%s]:%%5[%s]/%%255[%s]", addr_ctrl, port_ctrl, page_ctrl); + addr_ctrl[sizeof(addr_ctrl)-1] = '\0'; + port_ctrl[sizeof(port_ctrl)-1] = '\0'; + page_ctrl[sizeof(page_ctrl)-1] = '\0'; f = sscanf(url, scan_info, host, port_str, path); if (f == 1) { g_snprintf(scan_info, sizeof(scan_info), - "%%[%s]/%%[%s]", + "%%255[%s]/%%255[%s]", addr_ctrl, page_ctrl); f = sscanf(url, scan_info, host, path); + addr_ctrl[sizeof(addr_ctrl)-1] = '\0'; + page_ctrl[sizeof(page_ctrl)-1] = '\0'; g_snprintf(port_str, sizeof(port_str), "80"); } @@@@ -2081,9 +2133,14 @@@@ parse_redirect(const char *data, size_t static size_t parse_content_len(const char *data, size_t data_len) { - size_t content_len = 0; + int content_len = 0; + char *tmp; - sscanf(data, "Content-Length: %d", (int *)&content_len); + tmp = g_malloc(data_len + 1); + memcpy(tmp, data, data_len); + tmp[data_len] = '\0'; + sscanf(tmp, "Content-Length: %d", &content_len); + g_free(tmp); d31 20 a50 2 return content_len; } @ 1.1 log @12 vulnerabilities were found in the instant messenger GAIM that allow remote compromise. The 12 identified problems range from simple standard stack overflows, over heap overflows to an integer overflow that can be abused to cause a heap overflow. Due to the nature of instant messaging some of these bugs require man-in-the-middle attacks between client and server. But the underlying protocols are easy to implement and MIM attacks on ordinary TCP sessions is afairly simple task. Please see http://security.e-matters.de/advisories/012004.html for more details. Apply the fix posted in that advisory (originally by the FreeBSD security team) and bump PKGREVISION to 1. @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-ad was added on branch pkgsrc-2003Q4 on 2004-01-27 01:24:52 +0000 @ text @d1 136 @ 1.1.2.2 log @Update gaim to version 0.75 to fix security problem on the pkgsrc-2003Q4 branch, requested by Marc Recht. The files here were hand-edited, since much has changed between the version of this package on the pkgsrc-2003Q4 branch and the head. Original commit message follows: Module Name: pkgsrc Committed By: recht Date: Tue Jan 27 01:24:52 UTC 2004 Modified Files: pkgsrc/chat/gaim: Makefile distinfo pkgsrc/chat/gaim/patches: patch-aa Added Files: pkgsrc/chat/gaim/patches: patch-ab patch-ac patch-ad Log Message: 12 vulnerabilities were found in the instant messenger GAIM that allow remote compromise. The 12 identified problems range from simple standard stack overflows, over heap overflows to an integer overflow that can be abused to cause a heap overflow. Due to the nature of instant messaging some of these bugs require man-in-the-middle attacks between client and server. But the underlying protocols are easy to implement and MIM attacks on ordinary TCP sessions is afairly simple task. Please see http://security.e-matters.de/advisories/012004.html for more details. Apply the fix posted in that advisory (originally by the FreeBSD security team) and bump PKGREVISION to 1. @ text @a0 136 $NetBSD: patch-ad,v 1.1.2.1 2004/01/29 18:38:50 agc Exp $ --- src/util.c.orig 2004-01-10 05:04:56.000000000 +0100 +++ src/util.c @@@@ -247,24 +247,71 @@@@ gaim_base64_decode(const char *text, cha /************************************************************************** * Quoted Printable Functions **************************************************************************/ -void -gaim_quotedp_decode(const char *str, char **ret_str, int *ret_len) +static void hex(const char **p, const char *end, unsigned char *n) { - char *p, *n, *new; + int i, c; - n = new = g_malloc(strlen (str) + 1); + for (i = 0, c = 0; i < 2 && *p < end; ++i, ++*p) { + c <<= 4; + switch (**p) { + case '0': break; + case '1': c += 1; break; + case '2': c += 2; break; + case '3': c += 3; break; + case '4': c += 4; break; + case '5': c += 5; break; + case '6': c += 6; break; + case '7': c += 7; break; + case '8': c += 8; break; + case '9': c += 9; break; + case 'a': c += 10; break; + case 'b': c += 11; break; + case 'c': c += 12; break; + case 'd': c += 13; break; + case 'e': c += 14; break; + case 'f': c += 15; break; + case 'A': c += 10; break; + case 'B': c += 11; break; + case 'C': c += 12; break; + case 'D': c += 13; break; + case 'E': c += 14; break; + case 'F': c += 15; break; + default: + if (i == 0) { + *n = **p; + ++*p; + return; + } + c >>= 4; + goto done; + } + } +done: + *n = (c > UCHAR_MAX) ? '?' : c; + return; +} - for (p = (char *)str; *p; p++, n++) { +void +gaim_quotedp_decode(const char *str, char **ret_str, int *ret_len) +{ + const char *p, *end; + unsigned char *n, *new; + size_t len; + + len = strlen (str); + n = new = g_malloc(len + 1); + p = str; + end = &p[len]; + while (p < end) { if (*p == '=') { - sscanf(p + 1, "%2x\n", (int *)n); - p += 2; - } - else if (*p == '_') + ++p; + hex(&p, end, n); + } else if (*p == '_') *n = ' '; else *n = *p; + ++n; } - *n = '\0'; if (ret_len) @@@@ -1962,7 +2009,7 @@@@ gaim_url_parse(const char *url, char **r char **ret_path) { char scan_info[255]; - char port_str[5]; + char port_str[6]; int f; const char *turl; char host[256], path[256]; @@@@ -1982,16 +2029,21 @@@@ gaim_url_parse(const char *url, char **r } g_snprintf(scan_info, sizeof(scan_info), - "%%[%s]:%%[%s]/%%[%s]", addr_ctrl, port_ctrl, page_ctrl); + "%%255[%s]:%%5[%s]/%%255[%s]", addr_ctrl, port_ctrl, page_ctrl); + addr_ctrl[sizeof(addr_ctrl)-1] = '\0'; + port_ctrl[sizeof(port_ctrl)-1] = '\0'; + page_ctrl[sizeof(page_ctrl)-1] = '\0'; f = sscanf(url, scan_info, host, port_str, path); if (f == 1) { g_snprintf(scan_info, sizeof(scan_info), - "%%[%s]/%%[%s]", + "%%255[%s]/%%255[%s]", addr_ctrl, page_ctrl); f = sscanf(url, scan_info, host, path); + addr_ctrl[sizeof(addr_ctrl)-1] = '\0'; + page_ctrl[sizeof(page_ctrl)-1] = '\0'; g_snprintf(port_str, sizeof(port_str), "80"); } @@@@ -2081,9 +2133,14 @@@@ parse_redirect(const char *data, size_t static size_t parse_content_len(const char *data, size_t data_len) { - size_t content_len = 0; + int content_len = 0; + char *tmp; - sscanf(data, "Content-Length: %d", (int *)&content_len); + tmp = g_malloc(data_len + 1); + memcpy(tmp, data, data_len); + tmp[data_len] = '\0'; + sscanf(tmp, "Content-Length: %d", &content_len); + g_free(tmp); return content_len; } @