rpms/kdenetwork/FC-4 kdenetwork-3.4.1-kopete-libgadu-va_copy.patch, NONE, 1.1 post-3.4.1-kdenetwork-libgadu.patch, NONE, 1.1 kdenetwork.spec, 1.55, 1.56
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Thu Jul 21 21:03:22 UTC 2005
Author: than
Update of /cvs/dist/rpms/kdenetwork/FC-4
In directory cvs.devel.redhat.com:/tmp/cvs-serv28990
Modified Files:
kdenetwork.spec
Added Files:
kdenetwork-3.4.1-kopete-libgadu-va_copy.patch
post-3.4.1-kdenetwork-libgadu.patch
Log Message:
- fix crash in kopete
- apply patch to fix libgadu vulnerabilities #163811, CVE CAN-2005-1852
thank to kde security team
kdenetwork-3.4.1-kopete-libgadu-va_copy.patch:
configure.in.in | 44 ++++++++++++++++++++++++++++++++++++++++----
1 files changed, 40 insertions(+), 4 deletions(-)
--- NEW FILE kdenetwork-3.4.1-kopete-libgadu-va_copy.patch ---
--- kdenetwork-3.4.1.o/kopete/protocols/configure.in.in.tn 2005-07-21 19:08:18.000000000 +0200
+++ kdenetwork-3.4.1.o/kopete/protocols/configure.in.in 2005-07-21 19:18:41.000000000 +0200
@@ -113,10 +113,46 @@
], [
AC_MSG_RESULT([no])
])
- AC_CHECK_FUNCS([va_copy],
- [AC_LIBGADU_DEFINE([HAVE_VA_COPY])],[])
- AC_CHECK_FUNCS([_va_copy],
- [AC_LIBGADU_DEFINE([HAVE__VA_COPY])],[])
+ AC_MSG_CHECKING([for an implementation of va_copy()])
+ AC_TRY_RUN([
+ #include <stdarg.h>
+ void f (int i, ...) {
+ va_list args1, args2;
+ va_start (args1, i);
+ va_copy (args2, args1);
+ if (va_arg (args2, int) != 42 || va_arg (args1, int) != 42)
+ exit (1);
+ va_end (args1); va_end (args2);
+ }
+ int main() {
+ f (0, 42);
+ return 0;
+ }],[
+ AC_MSG_RESULT([yes])
+ AC_LIBGADU_DEFINE([HAVE_VA_COPY])
+ ], [
+ AC_MSG_RESULT([no])
+ ])
+ AC_MSG_CHECKING([for an implementation of __va_copy()])
+ AC_TRY_RUN([
+ #include <stdarg.h>
+ void f (int i, ...) {
+ va_list args1, args2;
+ va_start (args1, i);
+ __va_copy (args2, args1);
+ if (va_arg (args2, int) != 42 || va_arg (args1, int) != 42)
+ exit (1);
+ va_end (args1); va_end (args2);
+ }
+ int main() {
+ f (0, 42);
+ return 0;
+ }],[
+ AC_MSG_RESULT([yes])
+ AC_LIBGADU_DEFINE([HAVE___VA_COPY])
+ ], [
+ AC_MSG_RESULT([no])
+ ])
fi
post-3.4.1-kdenetwork-libgadu.patch:
common.c | 227 +++++++++++++++++++++++++++------------------------
compat.h | 3
dcc.c | 96 +++++++++++++++++----
events.c | 267 ++++++++++++++++++++++++++++++++++++-------------------------
http.c | 54 ++++++------
libgadu.c | 117 ++++++++++++++++++--------
libgadu.h | 66 +++++++--------
pubdir.c | 227 +++++++++++++++++++++++++++++++--------------------
pubdir50.c | 30 +++---
9 files changed, 654 insertions(+), 433 deletions(-)
--- NEW FILE post-3.4.1-kdenetwork-libgadu.patch ---
Index: kopete/protocols/gadu/libgadu/libgadu.h
===================================================================
--- kopete/protocols/gadu/libgadu/libgadu.h (revision 417278)
+++ kopete/protocols/gadu/libgadu/libgadu.h (working copy)
@@ -33,15 +33,15 @@
extern "C" {
#endif
+#ifdef HAVE_STDINT_H
+#include <stdint.h>
+#endif
+
#include <libgadu-config.h>
#include <sys/types.h>
#include <stdio.h>
#include <stdarg.h>
-#ifdef HAVE_STDINT_H
-#include <stdint.h>
-#endif
-
#ifdef __GG_LIBGADU_HAVE_OPENSSL
#include <openssl/ssl.h>
#endif
@@ -57,10 +57,10 @@
* ogólna struktura opisuj±ca ró¿ne sesje. przydatna w klientach.
*/
#define gg_common_head(x) \
- int fd; /* podgl±dany deskryptor */ \
- int check; /* sprawdzamy zapis czy odczyt */ \
- int state; /* aktualny stan maszynki */ \
- int error; /* kod b³êdu dla GG_STATE_ERROR */ \
+ int fd; /* podgl±dany deskryptor */ \
+ int check; /* sprawdzamy zapis czy odczyt */ \
+ int state; /* aktualny stan maszynki */ \
+ int error; /* kod b³êdu dla GG_STATE_ERROR */ \
int type; /* rodzaj sesji */ \
int id; /* identyfikator */ \
int timeout; /* sugerowany timeout w sekundach */ \
@@ -111,7 +111,7 @@
char *recv_buf; /* bufor na otrzymywane pakiety */
int recv_done; /* ile ju¿ wczytano do bufora */
- int recv_left; /* i ile jeszcze trzeba wczytaæ */
+ int recv_left; /* i ile jeszcze trzeba wczytaæ */
int protocol_version; /* wersja u¿ywanego protoko³u */
char *client_version; /* wersja u¿ywanego klienta */
@@ -150,17 +150,17 @@
struct gg_http {
gg_common_head(struct gg_http)
- int async; /* czy po³±czenie asynchroniczne */
+ int async; /* czy po³±czenie asynchroniczne */
int pid; /* pid procesu resolvera */
int port; /* port, z którym siê ³±czymy */
- char *query; /* bufor zapytania http */
- char *header; /* bufor nag³ówka */
- int header_size; /* rozmiar wczytanego nag³ówka */
- char *body; /* bufor otrzymanych informacji */
- unsigned int body_size; /* oczekiwana ilo¶æ informacji */
+ char *query; /* bufor zapytania http */
+ char *header; /* bufor nag³ówka */
+ int header_size; /* rozmiar wczytanego nag³ówka */
+ char *body; /* bufor otrzymanych informacji */
+ unsigned int body_size; /* oczekiwana ilo¶æ informacji */
- void *data; /* dane danej operacji http */
+ void *data; /* dane danej operacji http */
char *user_data; /* dane u¿ytkownika, nie s± zwalniane przez gg_http_free() */
@@ -265,27 +265,27 @@
* opisuje stan asynchronicznej maszyny.
*/
enum gg_state_t {
- /* wspólne */
- GG_STATE_IDLE = 0, /* nie powinno wyst±piæ. */
- GG_STATE_RESOLVING, /* wywo³a³ gethostbyname() */
+ /* wspólne */
+ GG_STATE_IDLE = 0, /* nie powinno wyst±piæ. */
+ GG_STATE_RESOLVING, /* wywo³a³ gethostbyname() */
GG_STATE_CONNECTING, /* wywo³a³ connect() */
GG_STATE_READING_DATA, /* czeka na dane http */
GG_STATE_ERROR, /* wyst±pi³ b³±d. kod w x->error */
- /* gg_session */
+ /* gg_session */
GG_STATE_CONNECTING_HUB, /* wywo³a³ connect() na huba */
GG_STATE_CONNECTING_GG, /* wywo³a³ connect() na serwer */
GG_STATE_READING_KEY, /* czeka na klucz */
GG_STATE_READING_REPLY, /* czeka na odpowied¼ */
GG_STATE_CONNECTED, /* po³±czy³ siê */
- /* gg_http */
+ /* gg_http */
GG_STATE_SENDING_QUERY, /* wysy³a zapytanie http */
GG_STATE_READING_HEADER, /* czeka na nag³ówek http */
GG_STATE_PARSING, /* przetwarza dane */
GG_STATE_DONE, /* skoñczy³ */
- /* gg_dcc */
+ /* gg_dcc */
GG_STATE_LISTENING, /* czeka na po³±czenia */
GG_STATE_READING_UIN_1, /* czeka na uin peera */
GG_STATE_READING_UIN_2, /* czeka na swój uin */
@@ -350,8 +350,9 @@
uint16_t external_port; /* port widziany na zewnatrz */
int tls; /* czy ³±czymy po TLS? */
int image_size; /* maksymalny rozmiar obrazka w KiB */
+ int era_omnix; /* czy udawaæ klienta era omnix? */
- char dummy[7 * sizeof(int)]; /* miejsce na kolejnych 8 zmiennych,
+ char dummy[6 * sizeof(int)]; /* miejsce na kolejnych 6 zmiennych,
* ¿eby z dodaniem parametru nie
* zmienia³ siê rozmiar struktury */
};
@@ -500,8 +501,8 @@
*/
struct gg_event {
int type; /* rodzaj zdarzenia -- gg_event_t */
- union { /* @event */
- struct gg_notify_reply *notify; /* informacje o li¶cie kontaktów -- GG_EVENT_NOTIFY */
+ union { /* @event */
+ struct gg_notify_reply *notify; /* informacje o li¶cie kontaktów -- GG_EVENT_NOTIFY */
enum gg_failure_t failure; /* b³±d po³±czenia -- GG_EVENT_FAILURE */
@@ -522,20 +523,20 @@
int formats_length; /* d³ugo¶æ informacji o formatowaniu tekstu */
void *formats; /* informacje o formatowaniu tekstu */
- } msg;
+ } msg;
struct { /* @notify_descr informacje o li¶cie kontaktów z opisami stanu -- GG_EVENT_NOTIFY_DESCR */
struct gg_notify_reply *notify; /* informacje o li¶cie kontaktów */
char *descr; /* opis stanu */
} notify_descr;
- struct { /* @status zmiana stanu -- GG_EVENT_STATUS */
+ struct { /* @status zmiana stanu -- GG_EVENT_STATUS */
uin_t uin; /* numer */
uint32_t status; /* nowy stan */
char *descr; /* opis stanu */
} status;
- struct { /* @status60 zmiana stanu -- GG_EVENT_STATUS60 */
+ struct { /* @status60 zmiana stanu -- GG_EVENT_STATUS60 */
uin_t uin; /* numer */
int status; /* nowy stan */
uint32_t remote_ip; /* adres ip */
@@ -748,6 +749,7 @@
/* przypomnienie has³a e-mailem */
struct gg_http *gg_remind_passwd(uin_t uin, int async);
struct gg_http *gg_remind_passwd2(uin_t uin, const char *tokenid, const char *tokenval, int async);
+struct gg_http *gg_remind_passwd3(uin_t uin, const char *email, const char *tokenid, const char *tokenval, int async);
#define gg_remind_passwd_watch_fd gg_pubdir_watch_fd
#define gg_remind_passwd_free gg_pubdir_free
#define gg_free_remind_passwd gg_pubdir_free
@@ -813,6 +815,7 @@
struct gg_dcc *gg_dcc_voice_chat(uint32_t ip, uint16_t port, uin_t my_uin, uin_t peer_uin);
void gg_dcc_set_type(struct gg_dcc *d, int type);
int gg_dcc_fill_file_info(struct gg_dcc *d, const char *filename);
+int gg_dcc_fill_file_info2(struct gg_dcc *d, const char *filename, const char *local_filename);
int gg_dcc_voice_send(struct gg_dcc *d, char *buf, int length);
#define GG_DCC_VOICE_FRAME_LENGTH 195
@@ -940,11 +943,12 @@
#define GG_HTTPS_PORT 443
#define GG_HTTP_USERAGENT "Mozilla/4.7 [en] (Win98; I)"
-#define GG_DEFAULT_CLIENT_VERSION "6, 0, 0, 132"
-#define GG_DEFAULT_PROTOCOL_VERSION 0x20
+#define GG_DEFAULT_CLIENT_VERSION "6, 1, 0, 158"
+#define GG_DEFAULT_PROTOCOL_VERSION 0x24
#define GG_DEFAULT_TIMEOUT 30
#define GG_HAS_AUDIO_MASK 0x40000000
-#define GG_LIBGADU_VERSION "20041222"
+#define GG_ERA_OMNIX_MASK 0x04000000
+#define GG_LIBGADU_VERSION "CVS"
#define GG_DEFAULT_DCC_PORT 1550
Index: kopete/protocols/gadu/libgadu/http.c
===================================================================
--- kopete/protocols/gadu/libgadu/http.c (revision 417278)
+++ kopete/protocols/gadu/libgadu/http.c (working copy)
@@ -12,10 +12,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
[...2586 lines suppressed...]
+ } else if (*q == 234) {
+ *q = 202;
+ } else if (*q == 179) {
+ *q = 163;
+ } else if (*q == 241) {
+ *q = 209;
+ } else if (*q == 243) {
+ *q = 211;
+ } else if (*q == 156) {
+ *q = 140;
+ } else if (*q == 159) {
+ *q = 143;
+ } else if (*q == 191) {
+ *q = 175;
+ }
+ }
+
+ gg_debug(GG_DEBUG_MISC, "// gg_dcc_fill_file_info2() short name \"%s\", dos name \"%s\"\n", name, d->file_info.short_filename);
strncpy(d->file_info.filename, name, sizeof(d->file_info.filename) - 1);
return 0;
@@ -346,7 +389,7 @@
{
struct gg_dcc *c;
struct sockaddr_in sin;
- int sock, bound = 0;
+ int sock, bound = 0, errno2;
gg_debug(GG_DEBUG_FUNCTION, "** gg_create_dcc_socket(%d, %d);\n", uin, port);
@@ -383,7 +426,9 @@
if (listen(sock, 10)) {
gg_debug(GG_DEBUG_MISC, "// gg_create_dcc_socket() unable to listen (%s)\n", strerror(errno));
+ errno2 = errno;
close(sock);
+ errno = errno2;
return NULL;
}
@@ -431,6 +476,7 @@
gg_debug(GG_DEBUG_FUNCTION, "++ gg_dcc_voice_send(%p, %p, %d);\n", d, buf, length);
if (!d || !buf || length < 0 || d->type != GG_SESSION_DCC_VOICE) {
gg_debug(GG_DEBUG_MISC, "// gg_dcc_voice_send() invalid argument\n");
+ errno = EINVAL;
return -1;
}
@@ -502,7 +548,7 @@
struct gg_event *e;
int foo;
- gg_debug(GG_DEBUG_FUNCTION, "** gg_dcc_watch_fd(%p);\n", h);
+ gg_debug(GG_DEBUG_FUNCTION, "** gg_dcc_watch_fd(%p);\n", h);
if (!h || (h->type != GG_SESSION_DCC && h->type != GG_SESSION_DCC_SOCKET && h->type != GG_SESSION_DCC_SEND && h->type != GG_SESSION_DCC_GET && h->type != GG_SESSION_DCC_VOICE)) {
gg_debug(GG_DEBUG_MISC, "// gg_dcc_watch_fd() invalid argument\n");
@@ -862,7 +908,6 @@
e->event.dcc_voice_data.length = h->chunk_size;
h->state = GG_STATE_READING_VOICE_HEADER;
h->voice_buf = NULL;
-
}
h->check = GG_CHECK_READ;
@@ -1058,6 +1103,15 @@
utmp = sizeof(buf);
gg_debug(GG_DEBUG_MISC, "// gg_dcc_watch_fd() offset=%d, size=%d\n", h->offset, h->file_info.size);
+
+ /* koniec pliku? */
+ if (h->file_info.size == 0) {
+ gg_debug(GG_DEBUG_MISC, "// gg_dcc_watch_fd() read() reached eof on empty file\n");
+ e->type = GG_EVENT_DCC_DONE;
+
+ return e;
+ }
+
lseek(h->file_fd, h->offset, SEEK_SET);
size = read(h->file_fd, buf, utmp);
@@ -1215,7 +1269,7 @@
*/
void gg_dcc_free(struct gg_dcc *d)
{
- gg_debug(GG_DEBUG_FUNCTION, "** gg_dcc_free(%p);\n", d);
+ gg_debug(GG_DEBUG_FUNCTION, "** gg_dcc_free(%p);\n", d);
if (!d)
return;
Index: kopete/protocols/gadu/libgadu/pubdir50.c
===================================================================
--- kopete/protocols/gadu/libgadu/pubdir50.c (revision 417278)
+++ kopete/protocols/gadu/libgadu/pubdir50.c (working copy)
@@ -12,10 +12,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307,
+ * USA.
*/
#include <errno.h>
@@ -84,7 +84,7 @@
return 0;
}
-
+
if (!(dupfield = strdup(field))) {
gg_debug(GG_DEBUG_MISC, "// gg_pubdir50_add_n() out of memory\n");
free(dupvalue);
@@ -139,7 +139,7 @@
int gg_pubdir50_seq_set(gg_pubdir50_t req, uint32_t seq)
{
gg_debug(GG_DEBUG_FUNCTION, "** gg_pubdir50_seq_set(%p, %d);\n", req, seq);
-
+
if (!req) {
gg_debug(GG_DEBUG_MISC, "// gg_pubdir50_seq_set() invalid arguments\n");
errno = EFAULT;
@@ -164,7 +164,7 @@
if (!s)
return;
-
+
for (i = 0; i < s->entries_count; i++) {
free(s->entries[i].field);
free(s->entries[i].value);
@@ -192,7 +192,7 @@
struct gg_pubdir50_request *r;
gg_debug(GG_DEBUG_FUNCTION, "** gg_pubdir50(%p, %p);\n", sess, req);
-
+
if (!sess || !req) {
gg_debug(GG_DEBUG_MISC, "// gg_pubdir50() invalid arguments\n");
errno = EFAULT;
@@ -209,7 +209,7 @@
/* wyszukiwanie bierze tylko pierwszy wpis */
if (req->entries[i].num)
continue;
-
+
size += strlen(req->entries[i].field) + 1;
size += strlen(req->entries[i].value) + 1;
}
@@ -261,12 +261,12 @@
struct gg_pubdir50_reply *r = (struct gg_pubdir50_reply*) packet;
gg_pubdir50_t res;
int num = 0;
-
+
gg_debug(GG_DEBUG_FUNCTION, "** gg_pubdir50_handle_reply(%p, %p, %d);\n", e, packet, length);
if (!e || !packet) {
gg_debug(GG_DEBUG_MISC, "// gg_pubdir50_handle_reply() invalid arguments\n");
- errno = EINVAL;
+ errno = EFAULT;
return -1;
}
@@ -318,7 +318,7 @@
}
value = NULL;
-
+
for (p = field; p < end; p++) {
/* je¶li mamy koniec tekstu... */
if (!*p) {
@@ -333,7 +333,7 @@
break;
}
}
-
+
/* sprawd¼my, czy pole nie wychodzi poza pakiet, ¿eby nie
* mieæ segfaultów, je¶li serwer przestanie zakañczaæ pakietów
* przez \0 */
@@ -354,10 +354,10 @@
if (gg_pubdir50_add_n(res, num, field, value) == -1)
goto failure;
}
- }
+ }
res->count = num + 1;
-
+
return 0;
failure:
Index: kdenetwork.spec
===================================================================
RCS file: /cvs/dist/rpms/kdenetwork/FC-4/kdenetwork.spec,v
retrieving revision 1.55
retrieving revision 1.56
diff -u -r1.55 -r1.56
--- kdenetwork.spec 14 Jun 2005 14:54:48 -0000 1.55
+++ kdenetwork.spec 21 Jul 2005 21:03:16 -0000 1.56
@@ -9,7 +9,7 @@
Name: kdenetwork
Version: 3.4.1
-Release: 0.fc4.1
+Release: 0.fc4.2
Summary: K Desktop Environment - Network Applications
Epoch: 7
Group: Applications/Internet
@@ -30,6 +30,10 @@
Patch5: kdenetwork-3.3.0-ksirc.patch
Patch6: admin-visibility.patch
Patch7: kdenetwork-3.4.0-xmms.patch
+Patch8: kdenetwork-3.4.1-kopete-libgadu-va_copy.patch
+
+# CVE CAN-2005-1852, libgadu vulnerabilities
+Patch100: post-3.4.1-kdenetwork-libgadu.patch
Requires: kdelibs >= 6:%{version}
Requires: kdebase >= 6:%{version}
@@ -86,6 +90,8 @@
%if !%{xmms}
%patch7 -p1 -b .xmms
%endif
+%patch8 -p1 -b .libgadu-va_copy
+%patch100 -p0 -b .CAN-2005-1852
find -name CVS | xargs rm -rf
@@ -225,6 +231,11 @@
%endif
%changelog
+* Thu Jul 21 2005 Than Ngo <than at redhat.com> 7:3.4.1-0.fc4.2
+- fix crash in kopete
+- apply patch to fix libgadu vulnerabilities #163811, CVE CAN-2005-1852
+ thank to kde security team
+
* Tue Jun 14 2005 Than Ngo <than at redhat.com> 7:3.4.1-0.fc4.1
- 3.4.1
More information about the fedora-cvs-commits
mailing list