aboutsummaryrefslogtreecommitdiffstats
path: root/net/gaim
diff options
context:
space:
mode:
authornectar <nectar@FreeBSD.org>2004-04-07 23:17:37 +0800
committernectar <nectar@FreeBSD.org>2004-04-07 23:17:37 +0800
commit711d49e4a1b2dca0e20abe144adf1ecc21f2c5f7 (patch)
tree1fc3b9df4c73afe881be6946ff478186ebc8f16e /net/gaim
parentd1373280ee721e2966fb7b93b763c955c087f363 (diff)
downloadfreebsd-ports-graphics-711d49e4a1b2dca0e20abe144adf1ecc21f2c5f7.tar.gz
freebsd-ports-graphics-711d49e4a1b2dca0e20abe144adf1ecc21f2c5f7.tar.zst
freebsd-ports-graphics-711d49e4a1b2dca0e20abe144adf1ecc21f2c5f7.zip
The last commit lost previously applied security fixes. Again.
Re-apply my fix. Again. Specifically, the GAIM developers have still not addressed the ``Yahoo Octal-Encoding Decoder'' issues. http://www.vuxml.org/freebsd/6fd02439-5d70-11d8-80e3-0020ed76ef5a.html http://security.e-matters.de/advisories/012004.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0005
Diffstat (limited to 'net/gaim')
-rw-r--r--net/gaim/Makefile1
-rw-r--r--net/gaim/files/patch-src::protocols::yahoo::yahoo.c94
2 files changed, 95 insertions, 0 deletions
diff --git a/net/gaim/Makefile b/net/gaim/Makefile
index b4cd411ba60..080c793c435 100644
--- a/net/gaim/Makefile
+++ b/net/gaim/Makefile
@@ -6,6 +6,7 @@
PORTNAME= gaim
PORTVERSION= 0.76
+PORTREVISION= 1
CATEGORIES?= net
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
MASTER_SITE_SUBDIR= ${PORTNAME}
diff --git a/net/gaim/files/patch-src::protocols::yahoo::yahoo.c b/net/gaim/files/patch-src::protocols::yahoo::yahoo.c
new file mode 100644
index 00000000000..2fce1cf7f91
--- /dev/null
+++ b/net/gaim/files/patch-src::protocols::yahoo::yahoo.c
@@ -0,0 +1,94 @@
+*** ./src/protocols/yahoo/yahoo.c.orig Wed Apr 7 09:54:00 2004
+--- src/protocols/yahoo/yahoo.c Wed Apr 7 09:59:43 2004
+***************
+*** 895,924 ****
+ }
+ }
+
+ #define OUT_CHARSET "utf-8"
+
+ static char *yahoo_decode(const char *text)
+ {
+ char *converted;
+! char *n, *new;
+! const char *end, *p;
+! int i;
+!
+! n = new = g_malloc(strlen (text) + 1);
+! end = text + strlen(text);
+
+! for (p = text; p < end; p++, n++) {
+ if (*p == '\\') {
+! sscanf(p + 1, "%3o\n", &i);
+! *n = i;
+! p += 3;
+! }
+! else
+! *n = *p;
+ }
+-
+ *n = '\0';
+-
+ converted = g_convert(new, n - new, OUT_CHARSET, "iso-8859-1", NULL, NULL, NULL);
+ g_free(new);
+
+--- 895,953 ----
+ }
+ }
+
++
++ static void octal(const char **p, const char *end, unsigned char *n)
++ {
++ int i, c;
++
++ for (i = 0, c = 0; i < 3 && *p < end; ++i, ++*p) {
++ c <<= 3;
++ switch (**p) {
++ case '0': break;
++ case '1': c += 1; break;
++ case '2': c += 2; break;
++ case '3': c += 3; break;
++ case '4': c += 4; break;
++ case '5': c += 5; break;
++ case '6': c += 6; break;
++ case '7': c += 7; break;
++ default:
++ if (i == 0) {
++ *n = **p;
++ ++*p;
++ return;
++ }
++ c >>= 3;
++ goto done;
++ }
++ }
++ done:
++ *n = (c > UCHAR_MAX) ? '?' : c;
++ return;
++ }
++
+ #define OUT_CHARSET "utf-8"
+
+ static char *yahoo_decode(const char *text)
+ {
+ char *converted;
+! unsigned char *n, *new;
+! size_t len;
+! const char *p, *end;
+
+! len = strlen (text);
+! p = text;
+! end = &text[len];
+! n = new = g_malloc(len + 1);
+! while (p < end) {
+ if (*p == '\\') {
+! ++p;
+! octal(&p, end, n);
+! } else
+! *n = *p++;
+! ++n;
+ }
+ *n = '\0';
+ converted = g_convert(new, n - new, OUT_CHARSET, "iso-8859-1", NULL, NULL, NULL);
+ g_free(new);
+