head 1.4; access; symbols pkgsrc-2019Q2:1.3.0.96 pkgsrc-2019Q2-base:1.3 pkgsrc-2019Q1:1.3.0.94 pkgsrc-2019Q1-base:1.3 pkgsrc-2018Q4:1.3.0.92 pkgsrc-2018Q4-base:1.3 pkgsrc-2018Q3:1.3.0.90 pkgsrc-2018Q3-base:1.3 pkgsrc-2018Q2:1.3.0.88 pkgsrc-2018Q2-base:1.3 pkgsrc-2018Q1:1.3.0.86 pkgsrc-2018Q1-base:1.3 pkgsrc-2017Q4:1.3.0.84 pkgsrc-2017Q4-base:1.3 pkgsrc-2017Q3:1.3.0.82 pkgsrc-2017Q3-base:1.3 pkgsrc-2017Q2:1.3.0.78 pkgsrc-2017Q2-base:1.3 pkgsrc-2017Q1:1.3.0.76 pkgsrc-2017Q1-base:1.3 pkgsrc-2016Q4:1.3.0.74 pkgsrc-2016Q4-base:1.3 pkgsrc-2016Q3:1.3.0.72 pkgsrc-2016Q3-base:1.3 pkgsrc-2016Q2:1.3.0.70 pkgsrc-2016Q2-base:1.3 pkgsrc-2016Q1:1.3.0.68 pkgsrc-2016Q1-base:1.3 pkgsrc-2015Q4:1.3.0.66 pkgsrc-2015Q4-base:1.3 pkgsrc-2015Q3:1.3.0.64 pkgsrc-2015Q3-base:1.3 pkgsrc-2015Q2:1.3.0.62 pkgsrc-2015Q2-base:1.3 pkgsrc-2015Q1:1.3.0.60 pkgsrc-2015Q1-base:1.3 pkgsrc-2014Q4:1.3.0.58 pkgsrc-2014Q4-base:1.3 pkgsrc-2014Q3:1.3.0.56 pkgsrc-2014Q3-base:1.3 pkgsrc-2014Q2:1.3.0.54 pkgsrc-2014Q2-base:1.3 pkgsrc-2014Q1:1.3.0.52 pkgsrc-2014Q1-base:1.3 pkgsrc-2013Q4:1.3.0.50 pkgsrc-2013Q4-base:1.3 pkgsrc-2013Q3:1.3.0.48 pkgsrc-2013Q3-base:1.3 pkgsrc-2013Q2:1.3.0.46 pkgsrc-2013Q2-base:1.3 pkgsrc-2013Q1:1.3.0.44 pkgsrc-2013Q1-base:1.3 pkgsrc-2012Q4:1.3.0.42 pkgsrc-2012Q4-base:1.3 pkgsrc-2012Q3:1.3.0.40 pkgsrc-2012Q3-base:1.3 pkgsrc-2012Q2:1.3.0.38 pkgsrc-2012Q2-base:1.3 pkgsrc-2012Q1:1.3.0.36 pkgsrc-2012Q1-base:1.3 pkgsrc-2011Q4:1.3.0.34 pkgsrc-2011Q4-base:1.3 pkgsrc-2011Q3:1.3.0.32 pkgsrc-2011Q3-base:1.3 pkgsrc-2011Q2:1.3.0.30 pkgsrc-2011Q2-base:1.3 pkgsrc-2011Q1:1.3.0.28 pkgsrc-2011Q1-base:1.3 pkgsrc-2010Q4:1.3.0.26 pkgsrc-2010Q4-base:1.3 pkgsrc-2010Q3:1.3.0.24 pkgsrc-2010Q3-base:1.3 pkgsrc-2010Q2:1.3.0.22 pkgsrc-2010Q2-base:1.3 pkgsrc-2010Q1:1.3.0.20 pkgsrc-2010Q1-base:1.3 pkgsrc-2009Q4:1.3.0.18 pkgsrc-2009Q4-base:1.3 pkgsrc-2009Q3:1.3.0.16 pkgsrc-2009Q3-base:1.3 pkgsrc-2009Q2:1.3.0.14 pkgsrc-2009Q2-base:1.3 pkgsrc-2009Q1:1.3.0.12 pkgsrc-2009Q1-base:1.3 pkgsrc-2008Q4:1.3.0.10 pkgsrc-2008Q4-base:1.3 pkgsrc-2008Q3:1.3.0.8 pkgsrc-2008Q3-base:1.3 cube-native-xorg:1.3.0.6 cube-native-xorg-base:1.3 pkgsrc-2008Q2:1.3.0.4 pkgsrc-2008Q2-base:1.3 cwrapper:1.3.0.2 pkgsrc-2008Q1:1.2.0.4 pkgsrc-2008Q1-base:1.2 pkgsrc-2007Q4:1.2.0.2 pkgsrc-2007Q4-base:1.2 pkgsrc-2007Q3:1.1.0.16 pkgsrc-2007Q3-base:1.1 pkgsrc-2007Q2:1.1.0.14 pkgsrc-2007Q2-base:1.1 pkgsrc-2007Q1:1.1.0.12 pkgsrc-2007Q1-base:1.1 pkgsrc-2006Q4:1.1.0.10 pkgsrc-2006Q4-base:1.1 pkgsrc-2006Q3:1.1.0.8 pkgsrc-2006Q3-base:1.1 pkgsrc-2006Q2:1.1.0.6 pkgsrc-2006Q2-base:1.1 pkgsrc-2006Q1:1.1.0.4 pkgsrc-2006Q1-base:1.1 pkgsrc-2005Q4:1.1.0.2 pkgsrc-2005Q4-base:1.1; locks; strict; comment @# @; 1.4 date 2019.07.05.09.14.50; author nia; state dead; branches; next 1.3; commitid NSZnNF8O6r0hPPtB; 1.3 date 2008.05.11.04.12.34; author tonnerre; state Exp; branches; next 1.2; 1.2 date 2007.12.22.22.34.23; author jdolecek; state dead; branches 1.2.4.1; next 1.1; 1.1 date 2005.12.19.19.38.55; author joerg; state Exp; branches; next ; 1.2.4.1 date 2008.05.12.10.47.37; author rtr; state Exp; branches; next ; desc @@ 1.4 log @Remove licq packages. licq has not been able to connect to ICQ servers since 28th December 2018, while upstream discontinued development in 2014 and has no plans to start over. Also, these packages have not been updated since 2007, so I doubt anyone has used this in a long time. https://github.com/licq-im/licq/issues/53 @ text @$NetBSD: patch-ab,v 1.3 2008/05/11 04:12:34 tonnerre Exp $ --- src/icqd-chat.cpp.orig 2007-09-09 14:05:24.000000000 +0200 +++ src/icqd-chat.cpp @@@@ -23,6 +23,7 @@@@ // Localization #include "gettext.h" +#define MAX_CONNECTS 256 #define DEBUG_THREADS(x) @@@@ -2383,16 +2384,24 @@@@ void *ChatManager_tep(void *arg) // Connection on the server port --------------------------------------- else if (nCurrentSocket == chatman->chatServer.Descriptor()) { - CChatUser *u = new CChatUser; - u->m_pClient = new CChatClient; - - chatman->chatServer.RecvConnection(u->sock); - chatman->sockman.AddSocket(&u->sock); - chatman->sockman.DropSocket(&u->sock); - - u->state = CHAT_STATE_HANDSHAKE; - chatman->chatUsers.push_back(u); - gLog.Info(tr("%sChat: Received connection.\n"), L_TCPxSTR); + if (chatman->sockman.Num() >= MAX_CONNECTS) + { + // Too many sockets, drop this one + gLog.Warn(tr("%sToo many connected clients, rejecting new connection.\n"), L_WARNxSTR); + } + else + { + CChatUser *u = new CChatUser; + u->m_pClient = new CChatClient; + + chatman->chatServer.RecvConnection(u->sock); + chatman->sockman.AddSocket(&u->sock); + chatman->sockman.DropSocket(&u->sock); + + u->state = CHAT_STATE_HANDSHAKE; + chatman->chatUsers.push_back(u); + gLog.Info(tr("%sChat: Received connection.\n"), L_TCPxSTR); + } } // Message from connected socket---------------------------------------- @ 1.3 log @Fix multiple connection handling Denial of Service vulnerability in licq (CVE-2008-1996). Before this, the application would crash if too many TCP connections are opened. @ text @d1 1 a1 1 $NetBSD$ @ 1.2 log @Update licq-{core,gui-console,gui-qt} to 1.3.5. New in 1.3.4 o Fix a few bugs where users would falsely go offline o Make sending typing notifications optional o Fixes for newly registered users o Fix the handling of pidfiles so that Licq always starts unless there actually is an other instance of Licq running. o 64-bit compatibility changes o Compilation fixes o Fixes for Licq on Mac OS X (with Fink) o Iconv fixes o ICQ: Fix a bug where contacts would receive empty messages o ICQ: Update the protocol to properly set info o ICQ: Show more version information of remote clients o ICQ: Fix SSL issue o MSN: Fix a race error in MSN packet parsing o MSN: Fix socket handling o KDE: Addressbook fix o KDE: Add spell checking to the kde-gui (Using KSpell) o Qt/KDE: Show user's pictures as a tooltip or status icon o Qt/KDE: Optional "Send with Enter" o Qt/KDE: Improve hyperlink detection o Qt/KDE: Improve emoticon detection and processing o Qt/KDE: Add a custom message box handler o Qt/KDE: New KDE iconset to better integrate with the KDE desktop Many various minor bugs and crashes fixed... See http://tinyurl.com/ygdrfo for d etails. Build and basic startup done on NetBSD 4.0 and Mac OS X 10.5 @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.1 2005/12/19 19:38:55 joerg Exp $ d3 5 a7 14 --- src/socket.cpp.orig 2005-12-19 18:33:17.000000000 +0000 +++ src/socket.cpp @@@@ -1012,7 +1012,7 @@@@ bool TCPSocket::SSL_Pending() bool TCPSocket::SecureConnect() { pthread_mutex_init(&mutex_ssl, NULL); - m_pSSL = SSL_new(gSSL_CTX); + m_p_SSL = SSL_new(gSSL_CTX); #ifdef SSL_DEBUG m_pSSL->debug = 1; #endif @@@@ -1045,7 +1045,7 @@@@ bool TCPSocket::SecureListen() { pthread_mutex_init(&mutex_ssl, NULL); d9 39 a47 5 - m_pSSL = SSL_new(gSSL_CTX); + m_p_SSL = SSL_new(gSSL_CTX); SSL_set_session(m_pSSL, NULL); SSL_set_fd(m_pSSL, m_nDescriptor); int i = SSL_accept(m_pSSL); @ 1.2.4.1 log @pullup ticket #2372 - requested by tonnerre licq-core: fix for DoS vulnerability revisions pulled up: - pkgsrc/chat/licq-core/Makefile 1.11 - pkgsrc/chat/licq-core/distinfo 1.13 - pkgsrc/chat/licq-core/patches/patch-aa 1.2 - pkgsrc/chat/licq-core/patches/patch-ab 1.3 - pkgsrc/chat/licq-core/patches/patch-ac 1.3 - pkgsrc/chat/licq-core/patches/patch-ag 1.5 Module Name: pkgsrc Committed By: tonnerre Date: Sun May 11 04:12:34 UTC 2008 Modified Files: pkgsrc/chat/licq-core: Makefile distinfo pkgsrc/chat/licq-core/patches: patch-aa Added Files: pkgsrc/chat/licq-core/patches: patch-ab patch-ac patch-ag Log Message: Fix multiple connection handling Denial of Service vulnerability in licq (CVE-2008-1996). Before this, the application would crash if too many TCP connections are opened. @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.3 2008/05/11 04:12:34 tonnerre Exp $ d3 14 a16 5 --- src/icqd-chat.cpp.orig 2007-09-09 14:05:24.000000000 +0200 +++ src/icqd-chat.cpp @@@@ -23,6 +23,7 @@@@ // Localization #include "gettext.h" d18 5 a22 39 +#define MAX_CONNECTS 256 #define DEBUG_THREADS(x) @@@@ -2383,16 +2384,24 @@@@ void *ChatManager_tep(void *arg) // Connection on the server port --------------------------------------- else if (nCurrentSocket == chatman->chatServer.Descriptor()) { - CChatUser *u = new CChatUser; - u->m_pClient = new CChatClient; - - chatman->chatServer.RecvConnection(u->sock); - chatman->sockman.AddSocket(&u->sock); - chatman->sockman.DropSocket(&u->sock); - - u->state = CHAT_STATE_HANDSHAKE; - chatman->chatUsers.push_back(u); - gLog.Info(tr("%sChat: Received connection.\n"), L_TCPxSTR); + if (chatman->sockman.Num() >= MAX_CONNECTS) + { + // Too many sockets, drop this one + gLog.Warn(tr("%sToo many connected clients, rejecting new connection.\n"), L_WARNxSTR); + } + else + { + CChatUser *u = new CChatUser; + u->m_pClient = new CChatClient; + + chatman->chatServer.RecvConnection(u->sock); + chatman->sockman.AddSocket(&u->sock); + chatman->sockman.DropSocket(&u->sock); + + u->state = CHAT_STATE_HANDSHAKE; + chatman->chatUsers.push_back(u); + gLog.Info(tr("%sChat: Received connection.\n"), L_TCPxSTR); + } } // Message from connected socket---------------------------------------- @ 1.1 log @Avoid lvalue cast for GCC 3.4. Add DragonFly support. @ text @d1 1 a1 1 $NetBSD$ @