[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

rpms/kdenetwork/FC-4 kdenetwork-3.4.1-kopete-libgadu-va_copy.patch, NONE, 1.1 post-3.4.1-kdenetwork-libgadu.patch, NONE, 1.1 kdenetwork.spec, 1.55, 1.56



Author: than

Update of /cvs/dist/rpms/kdenetwork/FC-4
In directory cvs.devel.redhat.com:/tmp/cvs-serv28990

Modified Files:
	kdenetwork.spec 
Added Files:
	kdenetwork-3.4.1-kopete-libgadu-va_copy.patch 
	post-3.4.1-kdenetwork-libgadu.patch 
Log Message:
- fix crash in kopete
- apply patch to fix libgadu vulnerabilities #163811, CVE CAN-2005-1852
  thank to kde security team



kdenetwork-3.4.1-kopete-libgadu-va_copy.patch:
 configure.in.in |   44 ++++++++++++++++++++++++++++++++++++++++----
 1 files changed, 40 insertions(+), 4 deletions(-)

--- NEW FILE kdenetwork-3.4.1-kopete-libgadu-va_copy.patch ---
--- kdenetwork-3.4.1.o/kopete/protocols/configure.in.in.tn	2005-07-21 19:08:18.000000000 +0200
+++ kdenetwork-3.4.1.o/kopete/protocols/configure.in.in	2005-07-21 19:18:41.000000000 +0200
@@ -113,10 +113,46 @@
 	], [
 		 AC_MSG_RESULT([no])
 	])
-	AC_CHECK_FUNCS([va_copy],
-		       [AC_LIBGADU_DEFINE([HAVE_VA_COPY])],[])
-	AC_CHECK_FUNCS([_va_copy],
-		       [AC_LIBGADU_DEFINE([HAVE__VA_COPY])],[])
+	AC_MSG_CHECKING([for an implementation of va_copy()])
+   AC_TRY_RUN([
+   #include <stdarg.h>
+   void f (int i, ...) {
+   va_list args1, args2;
+   va_start (args1, i);
+   va_copy (args2, args1);
+   if (va_arg (args2, int) != 42 || va_arg (args1, int) != 42)
+     exit (1);
+   va_end (args1); va_end (args2);
+   }
+   int main() {
+     f (0, 42);
+     return 0;
+   }],[
+      AC_MSG_RESULT([yes])
+      AC_LIBGADU_DEFINE([HAVE_VA_COPY])
+   ], [
+       AC_MSG_RESULT([no])
+   ])
+	AC_MSG_CHECKING([for an implementation of __va_copy()])
+   AC_TRY_RUN([
+   #include <stdarg.h>
+   void f (int i, ...) {
+   va_list args1, args2;
+   va_start (args1, i);
+   __va_copy (args2, args1);
+   if (va_arg (args2, int) != 42 || va_arg (args1, int) != 42)
+     exit (1);
+   va_end (args1); va_end (args2);
+   }
+   int main() {
+     f (0, 42);
+     return 0;
+   }],[
+		AC_MSG_RESULT([yes])
+      AC_LIBGADU_DEFINE([HAVE___VA_COPY])
+   ], [
+       AC_MSG_RESULT([no])
+   ])
 fi
 
 

post-3.4.1-kdenetwork-libgadu.patch:
 common.c   |  227 +++++++++++++++++++++++++++------------------------
 compat.h   |    3 
 dcc.c      |   96 +++++++++++++++++----
 events.c   |  267 ++++++++++++++++++++++++++++++++++++-------------------------
 http.c     |   54 ++++++------
 libgadu.c  |  117 ++++++++++++++++++--------
 libgadu.h  |   66 +++++++--------
 pubdir.c   |  227 +++++++++++++++++++++++++++++++--------------------
 pubdir50.c |   30 +++---
 9 files changed, 654 insertions(+), 433 deletions(-)

--- NEW FILE post-3.4.1-kdenetwork-libgadu.patch ---
Index: kopete/protocols/gadu/libgadu/libgadu.h
===================================================================
--- kopete/protocols/gadu/libgadu/libgadu.h	(revision 417278)
+++ kopete/protocols/gadu/libgadu/libgadu.h	(working copy)
@@ -33,15 +33,15 @@
 extern "C" {
 #endif
 
+#ifdef HAVE_STDINT_H
+#include <stdint.h>
+#endif
+	
 #include <libgadu-config.h>
 #include <sys/types.h>
 #include <stdio.h>
 #include <stdarg.h>
 
-#ifdef HAVE_STDINT_H
-#include <stdint.h>
-#endif
-	
 #ifdef __GG_LIBGADU_HAVE_OPENSSL
 #include <openssl/ssl.h>
 #endif
@@ -57,10 +57,10 @@
  * ogólna struktura opisuj±ca ró¿ne sesje. przydatna w klientach.
  */
 #define gg_common_head(x) \
-        int fd;                 /* podgl±dany deskryptor */ \
-        int check;              /* sprawdzamy zapis czy odczyt */ \
-        int state;              /* aktualny stan maszynki */ \
-        int error;              /* kod b³êdu dla GG_STATE_ERROR */ \
+	int fd;			/* podgl±dany deskryptor */ \
+	int check;		/* sprawdzamy zapis czy odczyt */ \
+	int state;		/* aktualny stan maszynki */ \
+	int error;		/* kod b³êdu dla GG_STATE_ERROR */ \
 	int type;		/* rodzaj sesji */ \
 	int id;			/* identyfikator */ \
 	int timeout;		/* sugerowany timeout w sekundach */ \
@@ -111,7 +111,7 @@
 
 	char *recv_buf;		/* bufor na otrzymywane pakiety */
 	int recv_done;		/* ile ju¿ wczytano do bufora */
-        int recv_left;		/* i ile jeszcze trzeba wczytaæ */
+	int recv_left;		/* i ile jeszcze trzeba wczytaæ */
 
 	int protocol_version;	/* wersja u¿ywanego protoko³u */
 	char *client_version;	/* wersja u¿ywanego klienta */
@@ -150,17 +150,17 @@
 struct gg_http {
 	gg_common_head(struct gg_http)
 
-        int async;              /* czy po³±czenie asynchroniczne */
+	int async;              /* czy po³±czenie asynchroniczne */
 	int pid;                /* pid procesu resolvera */
 	int port;               /* port, z którym siê ³±czymy */
 
-        char *query;            /* bufor zapytania http */
-        char *header;           /* bufor nag³ówka */
-        int header_size;        /* rozmiar wczytanego nag³ówka */
-        char *body;             /* bufor otrzymanych informacji */
-        unsigned int body_size; /* oczekiwana ilo¶æ informacji */
+	char *query;            /* bufor zapytania http */
+	char *header;           /* bufor nag³ówka */
+	int header_size;        /* rozmiar wczytanego nag³ówka */
+	char *body;             /* bufor otrzymanych informacji */
+	unsigned int body_size; /* oczekiwana ilo¶æ informacji */
 
-        void *data;             /* dane danej operacji http */
+	void *data;             /* dane danej operacji http */
 
 	char *user_data;	/* dane u¿ytkownika, nie s± zwalniane przez gg_http_free() */
 
@@ -265,27 +265,27 @@
  * opisuje stan asynchronicznej maszyny.
  */
 enum gg_state_t {
-        /* wspólne */
-        GG_STATE_IDLE = 0,		/* nie powinno wyst±piæ. */
-        GG_STATE_RESOLVING,             /* wywo³a³ gethostbyname() */
+		/* wspólne */
+	GG_STATE_IDLE = 0,		/* nie powinno wyst±piæ. */
+	GG_STATE_RESOLVING,             /* wywo³a³ gethostbyname() */
 	GG_STATE_CONNECTING,            /* wywo³a³ connect() */
 	GG_STATE_READING_DATA,		/* czeka na dane http */
 	GG_STATE_ERROR,			/* wyst±pi³ b³±d. kod w x->error */
 
-        /* gg_session */
+		/* gg_session */
 	GG_STATE_CONNECTING_HUB,	/* wywo³a³ connect() na huba */
 	GG_STATE_CONNECTING_GG,         /* wywo³a³ connect() na serwer */
 	GG_STATE_READING_KEY,           /* czeka na klucz */
 	GG_STATE_READING_REPLY,         /* czeka na odpowied¼ */
 	GG_STATE_CONNECTED,             /* po³±czy³ siê */
 
-        /* gg_http */
+		/* gg_http */
 	GG_STATE_SENDING_QUERY,		/* wysy³a zapytanie http */
 	GG_STATE_READING_HEADER,	/* czeka na nag³ówek http */
 	GG_STATE_PARSING,               /* przetwarza dane */
 	GG_STATE_DONE,                  /* skoñczy³ */
 
-	/* gg_dcc */
+		/* gg_dcc */
 	GG_STATE_LISTENING,		/* czeka na po³±czenia */
 	GG_STATE_READING_UIN_1,		/* czeka na uin peera */
 	GG_STATE_READING_UIN_2,		/* czeka na swój uin */
@@ -350,8 +350,9 @@
 	uint16_t external_port;		/* port widziany na zewnatrz */
 	int tls;			/* czy ³±czymy po TLS? */
 	int image_size;			/* maksymalny rozmiar obrazka w KiB */
+	int era_omnix;			/* czy udawaæ klienta era omnix? */
 
-	char dummy[7 * sizeof(int)];	/* miejsce na kolejnych 8 zmiennych,
+	char dummy[6 * sizeof(int)];	/* miejsce na kolejnych 6 zmiennych,
 					 * ¿eby z dodaniem parametru nie 
 					 * zmienia³ siê rozmiar struktury */
 };
@@ -500,8 +501,8 @@
  */
 struct gg_event {
 	int type;	/* rodzaj zdarzenia -- gg_event_t */
-        union {		/* @event */
-                struct gg_notify_reply *notify;	/* informacje o li¶cie kontaktów -- GG_EVENT_NOTIFY */
+	union {		/* @event */
+		struct gg_notify_reply *notify;	/* informacje o li¶cie kontaktów -- GG_EVENT_NOTIFY */
 
 		enum gg_failure_t failure;	/* b³±d po³±czenia -- GG_EVENT_FAILURE */
 
@@ -522,20 +523,20 @@
 			
 			int formats_length;	/* d³ugo¶æ informacji o formatowaniu tekstu */
 			void *formats;		/* informacje o formatowaniu tekstu */
-                } msg;
+		} msg;
 		
 		struct {			/* @notify_descr informacje o li¶cie kontaktów z opisami stanu -- GG_EVENT_NOTIFY_DESCR */
 			struct gg_notify_reply *notify;	/* informacje o li¶cie kontaktów */
 			char *descr;		/* opis stanu */
 		} notify_descr;
 		
-                struct {			/* @status zmiana stanu -- GG_EVENT_STATUS */
+		struct {			/* @status zmiana stanu -- GG_EVENT_STATUS */
 			uin_t uin;		/* numer */
 			uint32_t status;	/* nowy stan */
 			char *descr;		/* opis stanu */
 		} status;
 
-                struct {			/* @status60 zmiana stanu -- GG_EVENT_STATUS60 */
+		struct {			/* @status60 zmiana stanu -- GG_EVENT_STATUS60 */
 			uin_t uin;		/* numer */
 			int status;	/* nowy stan */
 			uint32_t remote_ip;	/* adres ip */
@@ -748,6 +749,7 @@
 /* przypomnienie has³a e-mailem */
 struct gg_http *gg_remind_passwd(uin_t uin, int async);
 struct gg_http *gg_remind_passwd2(uin_t uin, const char *tokenid, const char *tokenval, int async);
+struct gg_http *gg_remind_passwd3(uin_t uin, const char *email, const char *tokenid, const char *tokenval, int async);
 #define gg_remind_passwd_watch_fd gg_pubdir_watch_fd
 #define gg_remind_passwd_free gg_pubdir_free
 #define gg_free_remind_passwd gg_pubdir_free
@@ -813,6 +815,7 @@
 struct gg_dcc *gg_dcc_voice_chat(uint32_t ip, uint16_t port, uin_t my_uin, uin_t peer_uin);
 void gg_dcc_set_type(struct gg_dcc *d, int type);
 int gg_dcc_fill_file_info(struct gg_dcc *d, const char *filename);
+int gg_dcc_fill_file_info2(struct gg_dcc *d, const char *filename, const char *local_filename);
 int gg_dcc_voice_send(struct gg_dcc *d, char *buf, int length);
 
 #define GG_DCC_VOICE_FRAME_LENGTH 195
@@ -940,11 +943,12 @@
 #define GG_HTTPS_PORT 443
 #define GG_HTTP_USERAGENT "Mozilla/4.7 [en] (Win98; I)"
 
-#define GG_DEFAULT_CLIENT_VERSION "6, 0, 0, 132"
-#define GG_DEFAULT_PROTOCOL_VERSION 0x20
+#define GG_DEFAULT_CLIENT_VERSION "6, 1, 0, 158"
+#define GG_DEFAULT_PROTOCOL_VERSION 0x24
 #define GG_DEFAULT_TIMEOUT 30
 #define GG_HAS_AUDIO_MASK 0x40000000
-#define GG_LIBGADU_VERSION "20041222"
+#define GG_ERA_OMNIX_MASK 0x04000000
+#define GG_LIBGADU_VERSION "CVS"
 
 #define GG_DEFAULT_DCC_PORT 1550
 
Index: kopete/protocols/gadu/libgadu/http.c
===================================================================
--- kopete/protocols/gadu/libgadu/http.c	(revision 417278)
+++ kopete/protocols/gadu/libgadu/http.c	(working copy)
@@ -12,10 +12,10 @@
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  *  GNU Lesser General Public License for more details.
  *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- *  02111-1307, USA.
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this program; if not, write to the Free Software
[...2586 lines suppressed...]
+		} else if (*q == 234) {
+			*q = 202;
+		} else if (*q == 179) {
+			*q = 163;
+		} else if (*q == 241) {
+			*q = 209;
+		} else if (*q == 243) {
+			*q = 211;
+		} else if (*q == 156) {
+			*q = 140;
+		} else if (*q == 159) {
+			*q = 143;
+		} else if (*q == 191) {
+			*q = 175;
+		}
+	}
+	
+	gg_debug(GG_DEBUG_MISC, "// gg_dcc_fill_file_info2() short name \"%s\", dos name \"%s\"\n", name, d->file_info.short_filename);
 	strncpy(d->file_info.filename, name, sizeof(d->file_info.filename) - 1);
 
 	return 0;
@@ -346,7 +389,7 @@
 {
 	struct gg_dcc *c;
 	struct sockaddr_in sin;
-	int sock, bound = 0;
+	int sock, bound = 0, errno2;
 	
 	gg_debug(GG_DEBUG_FUNCTION, "** gg_create_dcc_socket(%d, %d);\n", uin, port);
 	
@@ -383,7 +426,9 @@
 
 	if (listen(sock, 10)) {
 		gg_debug(GG_DEBUG_MISC, "// gg_create_dcc_socket() unable to listen (%s)\n", strerror(errno));
+		errno2 = errno;
 		close(sock);
+		errno = errno2;
 		return NULL;
 	}
 	
@@ -431,6 +476,7 @@
 	gg_debug(GG_DEBUG_FUNCTION, "++ gg_dcc_voice_send(%p, %p, %d);\n", d, buf, length);
 	if (!d || !buf || length < 0 || d->type != GG_SESSION_DCC_VOICE) {
 		gg_debug(GG_DEBUG_MISC, "// gg_dcc_voice_send() invalid argument\n");
+		errno = EINVAL;
 		return -1;
 	}
 
@@ -502,7 +548,7 @@
 	struct gg_event *e;
 	int foo;
 
-        gg_debug(GG_DEBUG_FUNCTION, "** gg_dcc_watch_fd(%p);\n", h);
+	gg_debug(GG_DEBUG_FUNCTION, "** gg_dcc_watch_fd(%p);\n", h);
 	
 	if (!h || (h->type != GG_SESSION_DCC && h->type != GG_SESSION_DCC_SOCKET && h->type != GG_SESSION_DCC_SEND && h->type != GG_SESSION_DCC_GET && h->type != GG_SESSION_DCC_VOICE)) {
 		gg_debug(GG_DEBUG_MISC, "// gg_dcc_watch_fd() invalid argument\n");
@@ -862,7 +908,6 @@
 					e->event.dcc_voice_data.length = h->chunk_size;
 					h->state = GG_STATE_READING_VOICE_HEADER;
 					h->voice_buf = NULL;
-				
 				}
 
 				h->check = GG_CHECK_READ;
@@ -1058,6 +1103,15 @@
 					utmp = sizeof(buf);
 				
 				gg_debug(GG_DEBUG_MISC, "// gg_dcc_watch_fd() offset=%d, size=%d\n", h->offset, h->file_info.size);
+
+				/* koniec pliku? */
+				if (h->file_info.size == 0) {
+					gg_debug(GG_DEBUG_MISC, "// gg_dcc_watch_fd() read() reached eof on empty file\n");
+					e->type = GG_EVENT_DCC_DONE;
+
+					return e;
+				}
+
 				lseek(h->file_fd, h->offset, SEEK_SET);
 
 				size = read(h->file_fd, buf, utmp);
@@ -1215,7 +1269,7 @@
  */
 void gg_dcc_free(struct gg_dcc *d)
 {
-        gg_debug(GG_DEBUG_FUNCTION, "** gg_dcc_free(%p);\n", d);
+	gg_debug(GG_DEBUG_FUNCTION, "** gg_dcc_free(%p);\n", d);
 	
 	if (!d)
 		return;
Index: kopete/protocols/gadu/libgadu/pubdir50.c
===================================================================
--- kopete/protocols/gadu/libgadu/pubdir50.c	(revision 417278)
+++ kopete/protocols/gadu/libgadu/pubdir50.c	(working copy)
@@ -12,10 +12,10 @@
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  *  GNU Lesser General Public License for more details.
  *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- *  02111-1307, USA.
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307,
+ *  USA.
  */
 
 #include <errno.h>
@@ -84,7 +84,7 @@
 
 		return 0;
 	}
-
+		
 	if (!(dupfield = strdup(field))) {
 		gg_debug(GG_DEBUG_MISC, "// gg_pubdir50_add_n() out of memory\n");
 		free(dupvalue);
@@ -139,7 +139,7 @@
 int gg_pubdir50_seq_set(gg_pubdir50_t req, uint32_t seq)
 {
 	gg_debug(GG_DEBUG_FUNCTION, "** gg_pubdir50_seq_set(%p, %d);\n", req, seq);
-
+	
 	if (!req) {
 		gg_debug(GG_DEBUG_MISC, "// gg_pubdir50_seq_set() invalid arguments\n");
 		errno = EFAULT;
@@ -164,7 +164,7 @@
 
 	if (!s)
 		return;
-
+	
 	for (i = 0; i < s->entries_count; i++) {
 		free(s->entries[i].field);
 		free(s->entries[i].value);
@@ -192,7 +192,7 @@
 	struct gg_pubdir50_request *r;
 
 	gg_debug(GG_DEBUG_FUNCTION, "** gg_pubdir50(%p, %p);\n", sess, req);
-
+	
 	if (!sess || !req) {
 		gg_debug(GG_DEBUG_MISC, "// gg_pubdir50() invalid arguments\n");
 		errno = EFAULT;
@@ -209,7 +209,7 @@
 		/* wyszukiwanie bierze tylko pierwszy wpis */
 		if (req->entries[i].num)
 			continue;
-
+		
 		size += strlen(req->entries[i].field) + 1;
 		size += strlen(req->entries[i].value) + 1;
 	}
@@ -261,12 +261,12 @@
 	struct gg_pubdir50_reply *r = (struct gg_pubdir50_reply*) packet;
 	gg_pubdir50_t res;
 	int num = 0;
-
+	
 	gg_debug(GG_DEBUG_FUNCTION, "** gg_pubdir50_handle_reply(%p, %p, %d);\n", e, packet, length);
 
 	if (!e || !packet) {
 		gg_debug(GG_DEBUG_MISC, "// gg_pubdir50_handle_reply() invalid arguments\n");
-		errno = EINVAL;
+		errno = EFAULT;
 		return -1;
 	}
 
@@ -318,7 +318,7 @@
 		}
 
 		value = NULL;
-
+		
 		for (p = field; p < end; p++) {
 			/* je¶li mamy koniec tekstu... */
 			if (!*p) {
@@ -333,7 +333,7 @@
 					break;
 			}
 		}
-
+		
 		/* sprawd¼my, czy pole nie wychodzi poza pakiet, ¿eby nie
 		 * mieæ segfaultów, je¶li serwer przestanie zakañczaæ pakietów
 		 * przez \0 */
@@ -354,10 +354,10 @@
 			if (gg_pubdir50_add_n(res, num, field, value) == -1)
 				goto failure;
 		}
-	}
+	}	
 
 	res->count = num + 1;
-
+	
 	return 0;
 
 failure:


Index: kdenetwork.spec
===================================================================
RCS file: /cvs/dist/rpms/kdenetwork/FC-4/kdenetwork.spec,v
retrieving revision 1.55
retrieving revision 1.56
diff -u -r1.55 -r1.56
--- kdenetwork.spec	14 Jun 2005 14:54:48 -0000	1.55
+++ kdenetwork.spec	21 Jul 2005 21:03:16 -0000	1.56
@@ -9,7 +9,7 @@
 
 Name: kdenetwork
 Version: 3.4.1
-Release: 0.fc4.1
+Release: 0.fc4.2
 Summary: K Desktop Environment - Network Applications
 Epoch: 7
 Group: Applications/Internet
@@ -30,6 +30,10 @@
 Patch5: kdenetwork-3.3.0-ksirc.patch
 Patch6: admin-visibility.patch
 Patch7: kdenetwork-3.4.0-xmms.patch
+Patch8: kdenetwork-3.4.1-kopete-libgadu-va_copy.patch
+
+# CVE CAN-2005-1852, libgadu vulnerabilities
+Patch100: post-3.4.1-kdenetwork-libgadu.patch
 
 Requires: kdelibs >= 6:%{version}
 Requires: kdebase >= 6:%{version}
@@ -86,6 +90,8 @@
 %if !%{xmms}
 %patch7 -p1 -b .xmms
 %endif
+%patch8 -p1 -b .libgadu-va_copy
+%patch100 -p0 -b .CAN-2005-1852
 
 find -name CVS | xargs rm -rf 
 
@@ -225,6 +231,11 @@
 %endif
 
 %changelog
+* Thu Jul 21 2005 Than Ngo <than redhat com> 7:3.4.1-0.fc4.2
+- fix crash in kopete
+- apply patch to fix libgadu vulnerabilities #163811, CVE CAN-2005-1852
+  thank to kde security team
+
 * Tue Jun 14 2005 Than Ngo <than redhat com> 7:3.4.1-0.fc4.1
 - 3.4.1
 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]