head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.40
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.38
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.2.0.36
	pkgsrc-2011Q4-base:1.2
	pkgsrc-2011Q2:1.2.0.34
	pkgsrc-2011Q2-base:1.2
	pkgsrc-2009Q4:1.2.0.32
	pkgsrc-2009Q4-base:1.2
	pkgsrc-2008Q4:1.2.0.30
	pkgsrc-2008Q4-base:1.2
	pkgsrc-2008Q3:1.2.0.28
	pkgsrc-2008Q3-base:1.2
	cube-native-xorg:1.2.0.26
	cube-native-xorg-base:1.2
	pkgsrc-2008Q2:1.2.0.24
	pkgsrc-2008Q2-base:1.2
	pkgsrc-2008Q1:1.2.0.22
	pkgsrc-2008Q1-base:1.2
	pkgsrc-2007Q4:1.2.0.20
	pkgsrc-2007Q4-base:1.2
	pkgsrc-2007Q3:1.2.0.18
	pkgsrc-2007Q3-base:1.2
	pkgsrc-2007Q2:1.2.0.16
	pkgsrc-2007Q2-base:1.2
	pkgsrc-2007Q1:1.2.0.14
	pkgsrc-2007Q1-base:1.2
	pkgsrc-2006Q4:1.2.0.12
	pkgsrc-2006Q4-base:1.2
	pkgsrc-2006Q3:1.2.0.10
	pkgsrc-2006Q3-base:1.2
	pkgsrc-2006Q2:1.2.0.8
	pkgsrc-2006Q2-base:1.2
	pkgsrc-2006Q1:1.2.0.6
	pkgsrc-2006Q1-base:1.2
	pkgsrc-2005Q4:1.2.0.4
	pkgsrc-2005Q4-base:1.2
	pkgsrc-2005Q3:1.2.0.2
	pkgsrc-2005Q3-base:1.2
	pkgsrc-2005Q2:1.1.0.2;
locks; strict;
comment	@# @;


1.2
date	2005.08.12.17.52.16;	author reed;	state dead;
branches;
next	1.1;

1.1
date	2005.08.10.16.13.34;	author salo;	state Exp;
branches
	1.1.2.1;
next	;

1.1.2.1
date	2005.08.10.16.13.34;	author snj;	state dead;
branches;
next	1.1.2.2;

1.1.2.2
date	2005.08.10.18.28.45;	author snj;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Update to 1.5.0 from maintainer, Matthew Luckie, via PR #30974.
"this release of gaim has a few security fixes which mirror
the effects of patch-ae patch-af patch-ag"

ChangeLog says:

version 1.5.0 (8/11/2005):
        * Ability to set IRC quit message (Lalo Martins)
        * OSCAR file transfers now work for 2 users behind the same NAT
          (Jonathan Clark)
        * Yahoo! buddy requests to add you to their buddy list now prompt for
          authorization
        * Added a /clear command for conversations/chats
        * Fixed ICQ encoding for messages with offline ICQ users
          (Ilya Konstantinov, SF Bug #1179452)
        * Default Yahoo! chat roomlist locale to 'us'
@
text
@$NetBSD: patch-af,v 1.1 2005/08/10 16:13:34 salo Exp $

Fix for CAN-2005-2103, from RedHat.

--- src/util.c.orig	2005-06-09 06:00:36.000000000 +0200
+++ src/util.c	2005-08-10 16:35:33.000000000 +0200
@@@@ -2129,8 +2129,7 @@@@
 gaim_str_sub_away_formatters(const char *str, const char *name)
 {
 	char *c;
-	gchar *cpy;
-	int cnt = 0;
+	GString *cpy;
 	time_t t;
 	struct tm *tme;
 	char tmp[20];
@@@@ -2138,12 +2137,12 @@@@
 	g_return_val_if_fail(str  != NULL, NULL);
 	g_return_val_if_fail(name != NULL, NULL);
 
-	cpy = g_malloc(BUF_LONG);
+	/* Create an empty GString that is hopefully big enough for most messages */
+	cpy = g_string_sized_new(1024);
 
 	t = time(NULL);
 	tme = localtime(&t);
 
-	cpy[0] = '\0';
 	c = (char *)str;
 	while (*c) {
 		switch (*c) {
@@@@ -2152,39 +2151,35 @@@@
 				switch (*(c + 1)) {
 				case 'n':
 					/* append name */
-					strcpy(cpy + cnt, name);
-					cnt += strlen(name);
+					g_string_append(cpy, name);
 					c++;
 					break;
 				case 'd':
 					/* append date */
 					strftime(tmp, 20, "%m/%d/%Y", tme);
-					strcpy(cpy + cnt, tmp);
-					cnt += strlen(tmp);
+					g_string_append(cpy, tmp);
 					c++;
 					break;
 				case 't':
 					/* append time */
 					strftime(tmp, 20, "%I:%M:%S %p", tme);
-					strcpy(cpy + cnt, tmp);
-					cnt += strlen(tmp);
+					g_string_append(cpy, tmp);
 					c++;
 					break;
 				default:
-					cpy[cnt++] = *c;
+					g_string_append_c(cpy, *c);
 				}
 			} else {
-				cpy[cnt++] = *c;
+				g_string_append_c(cpy, *c);
 			}
 			break;
 		default:
-			cpy[cnt++] = *c;
+			g_string_append_c(cpy, *c);
 		}
 		c++;
 	}
-	cpy[cnt] = '\0';
 
-	return cpy;
+	return g_string_free(cpy, FALSE);
 }
 
 gchar *
@


1.1
log
@Security fixes for CAN-2005-2102 and CAN-2005-2103.

- An error in the handling of away messages can be exploited to cause
  a heap-based buffer overflow by sending a specially crafted away message
  to a user logged into AIM or ICQ.

  Successful exploitation allows execution of arbitrary code.

- An error in the handling of file transfers can be exploited to crash
  the application by attempting to upload a file with a non-UTF8 filename
  to a user logged into AIM or ICQ.

Patches from RedHat.
@
text
@d1 1
a1 1
$NetBSD$
@


1.1.2.1
log
@file patch-af was added on branch pkgsrc-2005Q2 on 2005-08-10 16:13:34 +0000
@
text
@d1 78
@


1.1.2.2
log
@Pullup ticket 672 - requested by Lubomir Sedlacik
security fixes for gaim

Revisions pulled up:
- pkgsrc/chat/gaim/Makefile		1.94
- pkgsrc/chat/gaim/buildlink3.mk	1.7
- pkgsrc/chat/gaim/distinfo		1.68
- pkgsrc/chat/gaim/patches/patch-af	1.1
- pkgsrc/chat/gaim/patches/patch-ag	1.1

    Module Name:    pkgsrc
    Committed By:   salo
    Date:           Wed Aug 10 16:13:34 UTC 2005

    Modified Files:
            pkgsrc/chat/gaim: Makefile buildlink3.mk distinfo
    Added Files:
            pkgsrc/chat/gaim/patches: patch-af patch-ag

    Log Message:
    Security fixes for CAN-2005-2102 and CAN-2005-2103.

    - An error in the handling of away messages can be exploited to cause
      a heap-based buffer overflow by sending a specially crafted away message
      to a user logged into AIM or ICQ.

      Successful exploitation allows execution of arbitrary code.

    - An error in the handling of file transfers can be exploited to crash
      the application by attempting to upload a file with a non-UTF8 filename
      to a user logged into AIM or ICQ.

    Patches from RedHat.
@
text
@a0 78
$NetBSD: patch-af,v 1.1.2.1 2005/08/10 18:28:45 snj Exp $

Fix for CAN-2005-2103, from RedHat.

--- src/util.c.orig	2005-06-09 06:00:36.000000000 +0200
+++ src/util.c	2005-08-10 16:35:33.000000000 +0200
@@@@ -2129,8 +2129,7 @@@@
 gaim_str_sub_away_formatters(const char *str, const char *name)
 {
 	char *c;
-	gchar *cpy;
-	int cnt = 0;
+	GString *cpy;
 	time_t t;
 	struct tm *tme;
 	char tmp[20];
@@@@ -2138,12 +2137,12 @@@@
 	g_return_val_if_fail(str  != NULL, NULL);
 	g_return_val_if_fail(name != NULL, NULL);
 
-	cpy = g_malloc(BUF_LONG);
+	/* Create an empty GString that is hopefully big enough for most messages */
+	cpy = g_string_sized_new(1024);
 
 	t = time(NULL);
 	tme = localtime(&t);
 
-	cpy[0] = '\0';
 	c = (char *)str;
 	while (*c) {
 		switch (*c) {
@@@@ -2152,39 +2151,35 @@@@
 				switch (*(c + 1)) {
 				case 'n':
 					/* append name */
-					strcpy(cpy + cnt, name);
-					cnt += strlen(name);
+					g_string_append(cpy, name);
 					c++;
 					break;
 				case 'd':
 					/* append date */
 					strftime(tmp, 20, "%m/%d/%Y", tme);
-					strcpy(cpy + cnt, tmp);
-					cnt += strlen(tmp);
+					g_string_append(cpy, tmp);
 					c++;
 					break;
 				case 't':
 					/* append time */
 					strftime(tmp, 20, "%I:%M:%S %p", tme);
-					strcpy(cpy + cnt, tmp);
-					cnt += strlen(tmp);
+					g_string_append(cpy, tmp);
 					c++;
 					break;
 				default:
-					cpy[cnt++] = *c;
+					g_string_append_c(cpy, *c);
 				}
 			} else {
-				cpy[cnt++] = *c;
+				g_string_append_c(cpy, *c);
 			}
 			break;
 		default:
-			cpy[cnt++] = *c;
+			g_string_append_c(cpy, *c);
 		}
 		c++;
 	}
-	cpy[cnt] = '\0';
 
-	return cpy;
+	return g_string_free(cpy, FALSE);
 }
 
 gchar *
@