[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
rpms/gaim/devel gaim-1.4.0-gadugadu-memory-alignment.patch, NONE, 1.1 gaim-1.4.0-mailto-parse-crash-msn.patch, NONE, 1.1 gaim-1.4.0-mailto-parse-crash-util.c.patch, NONE, 1.1 gaim-1.4.0-mailto-parse-crash-zephyr.patch, NONE, 1.1 gaim-1.4.0-msn-email-corrupt.patch, NONE, 1.1 gaim-1.4.0-rename-group-merge-crash.patch, NONE, 1.1 gaim.spec, 1.91, 1.92 gaim-1.4.0-msn-space-username-disconnect.patch, 1.1, NONE
- From: fedora-cvs-commits redhat com
- To: fedora-cvs-commits redhat com
- Subject: rpms/gaim/devel gaim-1.4.0-gadugadu-memory-alignment.patch, NONE, 1.1 gaim-1.4.0-mailto-parse-crash-msn.patch, NONE, 1.1 gaim-1.4.0-mailto-parse-crash-util.c.patch, NONE, 1.1 gaim-1.4.0-mailto-parse-crash-zephyr.patch, NONE, 1.1 gaim-1.4.0-msn-email-corrupt.patch, NONE, 1.1 gaim-1.4.0-rename-group-merge-crash.patch, NONE, 1.1 gaim.spec, 1.91, 1.92 gaim-1.4.0-msn-space-username-disconnect.patch, 1.1, NONE
- Date: Sun, 31 Jul 2005 20:17:03 -0400
Author: wtogami
Update of /cvs/dist/rpms/gaim/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv13989
Modified Files:
gaim.spec
Added Files:
gaim-1.4.0-gadugadu-memory-alignment.patch
gaim-1.4.0-mailto-parse-crash-msn.patch
gaim-1.4.0-mailto-parse-crash-util.c.patch
gaim-1.4.0-mailto-parse-crash-zephyr.patch
gaim-1.4.0-msn-email-corrupt.patch
gaim-1.4.0-rename-group-merge-crash.patch
Removed Files:
gaim-1.4.0-msn-space-username-disconnect.patch
Log Message:
- FC5+ automatic -fstack-protector-all switch
- 150: MSN buddy names with space disconnect and profile corruption
(supercedes patch 149)
- 151: Gadu Gadu memory alignment crash
- 152: Rename Group Merge crash
- 153: mailto: parse crash (util.c)
- 154: mailto: parse crash (MSN)
- 155: mailto: parse crash (Zephyr)
gaim-1.4.0-gadugadu-memory-alignment.patch:
libgg.c | 11 +++++++----
1 files changed, 7 insertions(+), 4 deletions(-)
--- NEW FILE gaim-1.4.0-gadugadu-memory-alignment.patch ---
http://cvs.sourceforge.net/viewcvs.py/gaim/gaim/src/protocols/gg/libgg.c?r1=1.21.2.1&r2=1.21.2.2&diff_format=u
Patch submitted to gaim-devel...
"Marcin Owsiany sent you a draft advisory regarding multiple libgadu
vulnerabilities. "Fortunately" gaim contains an extremely old version of
libgadu and is affected only by memory alignment bug, which cannot be
exploited on x86. No other critical vulnerabilities are known in gaim's
version of libgadu.
You'll find the patch in attachment.
Regards,
Wojtek Kaniewski
ekg/libgadu maintainer"
===================================================================
RCS file: /cvsroot/gaim/gaim/src/protocols/gg/libgg.c,v
retrieving revision 1.21.2.1
retrieving revision 1.21.2.2
diff -u -r1.21.2.1 -r1.21.2.2
--- gaim/gaim/src/protocols/gg/libgg.c 2005/03/02 11:53:57 1.21.2.1
+++ gaim/gaim/src/protocols/gg/libgg.c 2005/07/25 21:21:02 1.21.2.2
@@ -1,4 +1,4 @@
-/* $Id: libgg.c,v 1.21.2.1 2005/03/02 11:53:57 nosnilmot Exp $ */
+/* $Id: libgg.c,v 1.21.2.2 2005/07/25 21:21:02 rlaager Exp $ */
/*
* (C) Copyright 2001 Wojtek Kaniewski <wojtekka irc pl>,
@@ -70,7 +70,7 @@
#ifdef __GNUC__
__attribute__ ((unused))
#endif
-= "$Id: libgg.c,v 1.21.2.1 2005/03/02 11:53:57 nosnilmot Exp $";
+= "$Id: libgg.c,v 1.21.2.2 2005/07/25 21:21:02 rlaager Exp $";
#endif
@@ -1098,8 +1098,11 @@
e->event.status60.descr = buf;
- if (len > 4 && p[h->length - 5] == 0)
- e->event.status60.time = *((int*) (p + h->length - 4));
+ if (len > 4 && p[h->length - 5] == 0) {
+ uint32_t t;
+ memcpy(&t, p + h->length - 4, sizeof(uint32_t));
+ e->event.status60.time = t;
+ }
}
break;
gaim-1.4.0-mailto-parse-crash-msn.patch:
utils.c | 23 +++++++++++++----------
1 files changed, 13 insertions(+), 10 deletions(-)
--- NEW FILE gaim-1.4.0-mailto-parse-crash-msn.patch ---
http://cvs.sourceforge.net/viewcvs.py/gaim/gaim/src/protocols/msn/utils.c?r1=1.22.2.3&r2=1.22.2.4&diff_format=u
Fix a buglet in auto linkifying mailto: things, which was causing the
MSN prpl to have kittens trying to parse what was being sent.
Also fixup the MSN parsing code to be more accomodating in what it
accepts from the core - as this code was originally borrowed from the
Zephyr prpl, robustify Zephyr in a similar way.
Unfortunately I have no way of testing the Zephyr fixes.
===================================================================
RCS file: /cvsroot/gaim/gaim/src/protocols/msn/utils.c,v
retrieving revision 1.22.2.3
retrieving revision 1.22.2.4
diff -u -r1.22.2.3 -r1.22.2.4
--- gaim/gaim/src/protocols/msn/utils.c 2004/11/27 19:25:43 1.22.2.3
+++ gaim/gaim/src/protocols/msn/utils.c 2005/07/31 15:21:02 1.22.2.4
@@ -221,22 +221,24 @@
if (!g_ascii_strncasecmp(c, "mailto:";, 7))
c += 7;
- while (g_ascii_strncasecmp(c, "\">", 2))
+ while ((*c != '\0') && g_ascii_strncasecmp(c, "\">", 2))
msg[retcount++] = *c++;
- c += 2;
+ if (*c != '\0')
+ c += 2;
/* ignore descriptive string */
- while (g_ascii_strncasecmp(c, "</a>", 4))
+ while ((*c != '\0') && g_ascii_strncasecmp(c, "</a>", 4))
c++;
- c += 4;
+ if (*c != '\0')
+ c += 4;
}
else if (!g_ascii_strncasecmp(c + 1, "font", 4))
{
c += 5;
- while (!g_ascii_strncasecmp(c, " ", 1))
+ while ((*c != '\0') && !g_ascii_strncasecmp(c, " ", 1))
c++;
if (!g_ascii_strncasecmp(c, "color=\"#", 7))
@@ -273,18 +275,19 @@
else
{
/* Drop all unrecognized/misparsed font tags */
- while (g_ascii_strncasecmp(c, "\">", 2))
+ while ((*c != '\0') && g_ascii_strncasecmp(c, "\">", 2))
c++;
- c += 2;
+ if (*c != '\0')
+ c += 2;
}
}
else
{
- while (g_ascii_strncasecmp(c, ">", 1))
+ while ((*c != '\0') && (*c != '>'))
+ c++;
+ if (*c != '\0')
c++;
-
- c++;
}
}
else if (*c == '&')
gaim-1.4.0-mailto-parse-crash-util.c.patch:
util.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletion(-)
--- NEW FILE gaim-1.4.0-mailto-parse-crash-util.c.patch ---
http://cvs.sourceforge.net/viewcvs.py/gaim/gaim/src/util.c?r1=1.325.2.24&r2=1.325.2.25&diff_format=u
Fix a buglet in auto linkifying mailto: things, which was causing the
MSN prpl to have kittens trying to parse what was being sent.
Also fixup the MSN parsing code to be more accomodating in what it
accepts from the core - as this code was originally borrowed from the
Zephyr prpl, robustify Zephyr in a similar way.
Unfortunately I have no way of testing the Zephyr fixes.
===================================================================
RCS file: /cvsroot/gaim/gaim/src/util.c,v
retrieving revision 1.325.2.24
retrieving revision 1.325.2.25
diff -u -r1.325.2.24 -r1.325.2.25
--- gaim/gaim/src/util.c 2005/07/24 19:27:34 1.325.2.24
+++ gaim/gaim/src/util.c 2005/07/31 15:21:01 1.325.2.25
@@ -1614,7 +1614,9 @@
/* iterate backwards grabbing the local part of an email address */
g = g_utf8_get_char(t);
if (badchar(*t) || (g >= 127) || (*t == '(') ||
- ((*t == ';') && (t > (text+2)) && !g_ascii_strncasecmp(t - 3, "<", 4))) {
+ ((*t == ';') && ((t > (text+2) && (!g_ascii_strncasecmp(t - 3, "<", 4) ||
+ !g_ascii_strncasecmp(t - 3, ">", 4))) ||
+ (t > (text+4) && (!g_ascii_strncasecmp(t - 5, """, 6)))))) {
/* local part will already be part of ret, strip it out */
ret = g_string_truncate(ret, ret->len - (c - t));
ret = g_string_append_unichar(ret, g);
gaim-1.4.0-mailto-parse-crash-zephyr.patch:
zephyr.c | 41 ++++++++++++++++++++++++-----------------
1 files changed, 24 insertions(+), 17 deletions(-)
--- NEW FILE gaim-1.4.0-mailto-parse-crash-zephyr.patch ---
http://cvs.sourceforge.net/viewcvs.py/gaim/gaim/src/protocols/zephyr/zephyr.c?r1=1.125.2.7&r2=1.125.2.8&diff_format=u
Fix a buglet in auto linkifying mailto: things, which was causing the
MSN prpl to have kittens trying to parse what was being sent.
Also fixup the MSN parsing code to be more accomodating in what it
accepts from the core - as this code was originally borrowed from the
Zephyr prpl, robustify Zephyr in a similar way.
Unfortunately I have no way of testing the Zephyr fixes.
===================================================================
RCS file: /cvsroot/gaim/gaim/src/protocols/zephyr/zephyr.c,v
retrieving revision 1.125.2.7
retrieving revision 1.125.2.8
diff -u -r1.125.2.7 -r1.125.2.8
--- gaim/gaim/src/protocols/zephyr/zephyr.c 2005/07/24 19:27:39 1.125.2.7
+++ gaim/gaim/src/protocols/zephyr/zephyr.c 2005/07/31 15:21:02 1.125.2.8
@@ -379,58 +379,64 @@
retcount += 1;
} else if (!g_ascii_strncasecmp(message + cnt + 1, "a href=\"mailto:";, 15)) {
cnt += 16;
- while (g_ascii_strncasecmp(message + cnt, "\">", 2) != 0) {
+ while ((message[cnt] != '\0') && g_ascii_strncasecmp(message + cnt, "\">", 2) != 0) {
ret[retcount] = message[cnt];
retcount++;
cnt++;
}
- cnt += 2;
+ if (message[cnt] != '\0')
+ cnt += 2;
/* ignore descriptive string */
- while (g_ascii_strncasecmp(message + cnt, "</a>", 4) != 0) {
+ while ((message[cnt] != '\0') && g_ascii_strncasecmp(message + cnt, "</a>", 4) != 0) {
cnt++;
}
- cnt += 4;
+ if (message[cnt] != '\0')
+ cnt += 4;
} else if (!g_ascii_strncasecmp(message + cnt + 1, "a href=\"", 8)) {
cnt += 9;
- while (g_ascii_strncasecmp(message + cnt, "\">", 2) != 0) {
+ while ((message[cnt] != '\0') && g_ascii_strncasecmp(message + cnt, "\">", 2) != 0) {
ret[retcount] = message[cnt];
retcount++;
cnt++;
}
- cnt += 2;
+ if (message[cnt] != '\0')
+ cnt += 2;
/* ignore descriptive string */
- while (g_ascii_strncasecmp(message + cnt, "</a>", 4) != 0) {
+ while ((message[cnt] != '\0') && g_ascii_strncasecmp(message + cnt, "</a>", 4) != 0) {
cnt++;
}
- cnt += 4;
+ if (message[cnt] != '\0')
+ cnt += 4;
} else if (!g_ascii_strncasecmp(message + cnt + 1, "font", 4)) {
cnt += 5;
- while (!g_ascii_strncasecmp(message + cnt, " ", 1))
+ while ((message[cnt] != '\0') && (message[cnt] != ' '))
cnt++;
- if (!g_ascii_strncasecmp(message + cnt, "color=\"", 7)) {
+ if ((message[cnt] != '\0') && !g_ascii_strncasecmp(message + cnt, "color=\"", 7)) {
cnt += 7;
strncpy(ret + retcount, "@color(", 7);
retcount += 7;
- while (g_ascii_strncasecmp(message + cnt, "\">", 2) != 0) {
+ while ((message[cnt] != '\0') && g_ascii_strncasecmp(message + cnt, "\">", 2) != 0) {
ret[retcount] = message[cnt];
retcount++;
cnt++;
}
ret[retcount] = ')';
retcount++;
- cnt += 2;
+ if (message[cnt] != '\0')
+ cnt += 2;
} else if (!g_ascii_strncasecmp(message + cnt, "face=\"", 6)) {
cnt += 6;
strncpy(ret + retcount, "@font(", 6);
retcount += 6;
- while (g_ascii_strncasecmp(message + cnt, "\">", 2) != 0) {
+ while ((message[cnt] != '\0') && g_ascii_strncasecmp(message + cnt, "\">", 2) != 0) {
ret[retcount] = message[cnt];
retcount++;
cnt++;
}
ret[retcount] = ')';
retcount++;
- cnt += 2;
+ if (message[cnt] != '\0')
+ cnt += 2;
} else if (!g_ascii_strncasecmp(message + cnt, "size=\"", 6)) {
cnt += 6;
if ((message[cnt] == '1') || (message[cnt] == '2')) {
@@ -449,10 +455,11 @@
cnt += 3;
} else {
/* Drop all unrecognized/misparsed font tags */
- while (g_ascii_strncasecmp(message + cnt, "\">", 2) != 0) {
+ while ((message[cnt] != '\0') && g_ascii_strncasecmp(message + cnt, "\">", 2) != 0) {
cnt++;
}
- cnt += 2;
+ if (message[cnt] != '\0')
+ cnt += 2;
}
} else if (!g_ascii_strncasecmp(message + cnt + 1, "/i>", 3)
|| !g_ascii_strncasecmp(message + cnt + 1, "/b>", 3)) {
@@ -465,7 +472,7 @@
retcount += 12;
} else {
/* Catch all for all unrecognized/misparsed <foo> tage */
- while (g_ascii_strncasecmp(message + cnt, ">", 1) != 0) {
+ while ((message[cnt] != '\0') && (message[cnt] != '>')) {
ret[retcount] = message[cnt];
retcount++;
cnt++;
gaim-1.4.0-msn-email-corrupt.patch:
userlist.c | 9 +++++++++
1 files changed, 9 insertions(+)
--- NEW FILE gaim-1.4.0-msn-email-corrupt.patch ---
http://cvs.sourceforge.net/viewcvs.py/gaim/gaim/src/protocols/msn/userlist.c?r1=1.16.2.10&r2=1.16.2.11&diff_format=u
I'm applying this to oldstatus now that the string freeze is over:
Patch #1223021 from Jason Roth (jroth2)
Fixes Bug #1222552
"As described in bug report #1222552, gaim will disconnect the current msn session and corrupt blist.xml when you try to add an msn screenname with a space in it" -- jroth2
I reworked this quite a bit. Stu suggested using gaim_email_valid() rather than just checking for a space. I took this advice. I also made it display an error message instead of silently dropping the add request.
===================================================================
RCS file: /cvsroot/gaim/gaim/src/protocols/msn/userlist.c,v
retrieving revision 1.16.2.10
retrieving revision 1.16.2.11
diff -u -r1.16.2.10 -r1.16.2.11
--- gaim/gaim/src/protocols/msn/userlist.c 2005/03/17 05:17:04 1.16.2.10
+++ gaim/gaim/src/protocols/msn/userlist.c 2005/07/08 04:16:17 1.16.2.11
@@ -622,6 +622,15 @@
group_id = -1;
+ if (!gaim_email_is_valid(who))
+ {
+ char *str = g_strdup_printf(_("Unable to add \"%s\"."), who);
+ gaim_notify_error(NULL, NULL, str,
+ _("The screen name specified is invalid."));
+ g_free(str);
+ return;
+ }
+
if (group_name != NULL)
{
group_id = msn_userlist_find_group_id(userlist, group_name);
gaim-1.4.0-rename-group-merge-crash.patch:
blist.c | 3 +++
1 files changed, 3 insertions(+)
--- NEW FILE gaim-1.4.0-rename-group-merge-crash.patch ---
http://cvs.sourceforge.net/viewcvs.py/gaim/gaim/src/blist.c?r1=1.214&r2=1.215&diff_format=u
This fixes a crash when renaming a group causes a merge with an existing group. It is kind of hackish, but works.
===================================================================
RCS file: /cvsroot/gaim/gaim/src/blist.c,v
retrieving revision 1.214
retrieving revision 1.215
diff -u -r1.214 -r1.215
--- gaim/gaim/src/blist.c 2005/07/07 15:43:48 1.214
+++ gaim/gaim/src/blist.c 2005/07/13 02:52:28 1.215
@@ -1170,6 +1170,9 @@
cnode->parent->child = cnode->next;
ops->remove(gaimbuddylist, cnode);
+ /* ops->remove() cleaned up the cnode's ui_data, so we need to
+ * reinitialize it */
+ ops->new_node(cnode);
gaim_blist_schedule_save();
}
Index: gaim.spec
===================================================================
RCS file: /cvs/dist/rpms/gaim/devel/gaim.spec,v
retrieving revision 1.91
retrieving revision 1.92
diff -u -r1.91 -r1.92
--- gaim.spec 12 Jul 2005 01:08:21 -0000 1.91
+++ gaim.spec 1 Aug 2005 00:17:01 -0000 1.92
@@ -13,7 +13,7 @@
Name: gaim
Version: 1.4.0
-Release: 4.fc5
+Release: 5.fc5
Epoch: 1
License: GPL
Group: Applications/Internet
@@ -44,7 +44,14 @@
## Patches 100-199: Upstream CVS Backports
Patch148: gaim-1.4.0-aim-login.crash.patch
-Patch149: gaim-1.4.0-msn-space-username-disconnect.patch
+#Patch149: gaim-1.4.0-msn-space-username-disconnect.patch
+#150 supercedes 149 with the better upstream fix
+Patch150: gaim-1.4.0-msn-email-corrupt.patch
+Patch151: gaim-1.4.0-gadugadu-memory-alignment.patch
+Patch152: gaim-1.4.0-rename-group-merge-crash.patch
+Patch153: gaim-1.4.0-mailto-parse-crash-util.c.patch
+Patch154: gaim-1.4.0-mailto-parse-crash-msn.patch
+Patch155: gaim-1.4.0-mailto-parse-crash-zephyr.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-root
Summary: A Gtk+ based multiprotocol instant messaging client
@@ -111,7 +118,13 @@
# CVS backports go here
%patch148 -p2
-%patch149 -p2
+#%patch149 -p2 superceded by 150, upstream rewrote the fix
+%patch150 -p2
+%patch151 -p2
+%patch152 -p2
+%patch153 -p2
+%patch154 -p2
+%patch155 -p2
# Relabel internal version for support purposes
sed -i "s/%{version}/%{version}-%{release}/g" configure
@@ -140,6 +153,8 @@
WITH_PERL="--disable-perl"
%endif
+# FC5+ automatic -fstack-protector-all switch
+export RPM_OPT_FLAGS=`echo $RPM_OPT_FLAGS | %{__sed} s/-fstack-protector/-fstack-protector-all/`
# disable tcl and tk because nobody uses it
# gnutls is buggy so use mozilla-nss on all distributions
%configure --disable-tcl --disable-tk --enable-gnutls=no --enable-nss=yes $WITH_KRB $WITH_SILC $WITH_PERL
@@ -207,6 +222,16 @@
%endif
%changelog
+* Sun Jul 31 2005 Warren Togami <wtogami redhat com> 1:1.4.0-5
+- FC5+ automatic -fstack-protector-all switch
+- 150: MSN buddy names with space disconnect and profile corruption
+ (supercedes patch 149)
+- 151: Gadu Gadu memory alignment crash
+- 152: Rename Group Merge crash
+- 153: mailto: parse crash (util.c)
+- 154: mailto: parse crash (MSN)
+- 155: mailto: parse crash (Zephyr)
+
* Mon Jul 11 2005 Warren Togami <wtogami redhat com> 1:1.4.0-4
- 149: MSN username with space disconnect fix
- Do not own perl dir, remove empty files (#162994 jpo)
--- gaim-1.4.0-msn-space-username-disconnect.patch DELETED ---
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]