[arch-commits] Commit in licq/trunk (4 files)

Jan de Groot jgc at archlinux.org
Sun Jul 20 20:55:35 UTC 2008


    Date: Sunday, July 20, 2008 @ 16:55:35
  Author: jgc
Revision: 5776

upgpkg: licq 1.3.5-3
    Fix DoS, make it compile, fix protocol version

Added:
  licq/trunk/CVE-2008-1996.patch
  licq/trunk/gcc4.3.patch
  licq/trunk/icq-protocol-version.patch
Modified:
  licq/trunk/PKGBUILD

----------------------------+
 CVE-2008-1996.patch        |  111 +++++++++++++++++++++++++++++++++++++++++++
 PKGBUILD                   |   40 +++++++++------
 gcc4.3.patch               |  111 +++++++++++++++++++++++++++++++++++++++++++
 icq-protocol-version.patch |   13 +++++
 4 files changed, 260 insertions(+), 15 deletions(-)

Added: CVE-2008-1996.patch
===================================================================
--- CVE-2008-1996.patch	                        (rev 0)
+++ CVE-2008-1996.patch	2008-07-20 20:55:35 UTC (rev 5776)
@@ -0,0 +1,111 @@
+Source: http://www.licq.org/changeset/6146
+Reason: DoS via large number of connections, bug #219708
+--- /trunk/licq/include/licq_socket.h
++++ /trunk/licq/include/licq_socket.h
+@@ -251,4 +251,5 @@
+   fd_set SocketSet()   {  return m_sSockets.SocketSet(); }
+   int LargestSocket()  {  return m_sSockets.Largest(); }
++  unsigned short Num() {  return m_sSockets.Num(); }
+ 
+ protected:
+--- /trunk/licq/src/socket.cpp
++++ /trunk/licq/src/socket.cpp
+@@ -818,6 +818,24 @@
+   socklen_t sizeofSockaddr = sizeof(struct sockaddr_in);
+ 
+-  newSocket.m_nDescriptor = accept(m_nDescriptor, (struct sockaddr *)&newSocket.m_sRemoteAddr, &sizeofSockaddr);
+-  newSocket.SetLocalAddress();
++  // Make sure we stay under FD_SETSIZE
++  // See:
++  // * http://www.securityfocus.com/archive/1/490711
++  // * http://securityvulns.com/docs7669.html
++  // for more details
++  // This probably has no affect, since we are using multiple threads, but keep it here 
++  // to be used as a sanity check.
++  int newDesc = accept(m_nDescriptor, (struct sockaddr *)&newSocket.m_sRemoteAddr, &sizeofSockaddr);
++  if (newDesc < FD_SETSIZE)
++  {
++    newSocket.m_nDescriptor = newDesc;
++    newSocket.SetLocalAddress();
++  }
++  else
++  {
++    gLog.Error(tr("%sCannot accept new connection, too many descriptors in use.\n"), L_ERRORxSTR);
++    close(newDesc);
++
++    // TODO throw an exception, or do something to tell the caller it failed
++  }
+ }
+ 
+--- /trunk/licq/src/icqd-threads.cpp
++++ /trunk/licq/src/icqd-threads.cpp
+@@ -24,4 +24,5 @@
+ #include "gettext.h"
+ 
++#define MAX_CONNECTS  256
+ #define DEBUG_THREADS(x)
+ //#define DEBUG_THREADS(x) gLog.Info(x)
+@@ -781,6 +782,19 @@
+               tcp->RecvConnection(*newSocket);
+               gSocketManager.DropSocket(tcp);
+-              gSocketManager.AddSocket(newSocket);
+-              gSocketManager.DropSocket(newSocket);
++
++              // Make sure we can handle another socket before accepting it
++              if (gSocketManager.Num() > MAX_CONNECTS)
++              {
++                // Too many sockets, drop this one
++                char remoteIp[32];
++                gLog.Warn(tr("%sToo many connected sockets, rejecting connection from %s.\n"),
++                    L_WARNxSTR, newSocket->RemoteIpStr(remoteIp));
++                delete newSocket;
++              }
++              else
++              {
++                gSocketManager.AddSocket(newSocket);
++                gSocketManager.DropSocket(newSocket);
++              }
+             }
+           }
+--- /trunk/licq/src/icqd-chat.cpp
++++ /trunk/licq/src/icqd-chat.cpp
+@@ -24,4 +24,5 @@
+ #include "gettext.h"
+ 
++#define MAX_CONNECTS  256
+ #define DEBUG_THREADS(x)
+ 
+@@ -2384,14 +2385,22 @@
+         else if (nCurrentSocket == chatman->chatServer.Descriptor())
+         {
+-          CChatUser *u = new CChatUser;
+-          u->m_pClient = new CChatClient;
+-
+-          chatman->chatServer.RecvConnection(u->sock);
+-          chatman->sockman.AddSocket(&u->sock);
+-          chatman->sockman.DropSocket(&u->sock);
+-
+-          u->state = CHAT_STATE_HANDSHAKE;
+-          chatman->chatUsers.push_back(u);
+-          gLog.Info(tr("%sChat: Received connection.\n"), L_TCPxSTR);
++          if (chatman->sockman.Num() >= MAX_CONNECTS)
++          {
++            // Too many sockets, drop this one
++            gLog.Warn(tr("%sToo many connected clients, rejecting new connection.\n"), L_WARNxSTR);
++          }
++          else
++          {
++            CChatUser *u = new CChatUser;
++            u->m_pClient = new CChatClient;
++
++            chatman->chatServer.RecvConnection(u->sock);
++            chatman->sockman.AddSocket(&u->sock);
++            chatman->sockman.DropSocket(&u->sock);
++
++            u->state = CHAT_STATE_HANDSHAKE;
++            chatman->chatUsers.push_back(u);
++            gLog.Info(tr("%sChat: Received connection.\n"), L_TCPxSTR);
++          }
+         }
+ 
+

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2008-07-20 20:24:43 UTC (rev 5775)
+++ PKGBUILD	2008-07-20 20:55:35 UTC (rev 5776)
@@ -2,33 +2,43 @@
 # Maintainer: Juergen Hoetzel <juergen at archlinux.org>
 pkgname=licq
 pkgver=1.3.5
-pkgrel=2
+pkgrel=3
 pkgdesc="Advanced graphical ICQ clone and more for Unix" 
 arch=(i686 x86_64)
 url="http://www.licq.org"
 license=('GPL')
-depends=('libxss' 'qt3' 'openssl' 'bash')
-source=(http://heanet.dl.sourceforge.net/sourceforge/licq/licq-$pkgver.tar.bz2)
-md5sums=('842a73c82980721961fe824f40377292')
+depends=('libxss' 'qt3' 'openssl')
+options=(!libtool)
+source=(http://downloads.sourceforge.net/sourceforge/licq/licq-${pkgver}.tar.bz2
+	gcc4.3.patch
+	CVE-2008-1996.patch
+	icq-protocol-version.patch)
+md5sums=('842a73c82980721961fe824f40377292'
+         '84e22c584249128d74f71e08ef098bb1'
+         '2707540b24b905b536d7c98afaf021be'
+         '8b49bf52ff8ad76619d57d6eb7ae66ed')
 
 build() {
-  cd $startdir/src/$pkgname-$pkgver
+  cd ${srcdir}/${pkgname}-${pkgver}
   . /etc/profile.d/qt3.sh
+
   # licq
-  ./configure --prefix=/usr --enable-gpgme=no 
+  patch -Np1 -i ${srcdir}/gcc4.3.patch || return 1
+  patch -Np3 -i ${srcdir}/CVE-2008-1996.patch || return 1
+  patch -Np0 -i ${srcdir}/icq-protocol-version.patch || return 1
+  GPGME_CONFIG=/bin/false ./configure --prefix=/usr || return 1
   make || return 1
-  make DESTDIR=$startdir/pkg install
+  make DESTDIR=${pkgdir} install || return 1
 
-  # qt-guiA
-  cd plugins/qt-gui
+  # qt-gui
+  cd plugins/qt-gui || return 1
   # for some reason, --without-kde makes ./configure think that
   # the QT libs are missing.  ???
-  ./configure --prefix=/usr  
+  GPGME_CONFIG=/bin/false ./configure --prefix=/usr || return 1 
   make || return 1
-  cd po
+  cd po || return 1
   lrelease *.ts || return 1
-  cd -
-  make DESTDIR=$startdir/pkg install
-  rm -rf $startdir/pkg/opt
-  find $startdir/pkg -name "*.la" -exec rm -f {} \;
+  cd ..
+  make DESTDIR=${pkgdir} install || return 1
+  rm -rf ${pkgdir}/opt
 }

Added: gcc4.3.patch
===================================================================
--- gcc4.3.patch	                        (rev 0)
+++ gcc4.3.patch	2008-07-20 20:55:35 UTC (rev 5776)
@@ -0,0 +1,111 @@
+Source: Anders Olofsson, zimous, Peter Alfredsen, maybe others too.
+Upstream: Probably fixed in next release.
+Reason: gcc-4.3 and glibc-2.8 errors, bugs #218814 and #228373
+diff -NrU5 licq-1.3.5.orig/plugins/auto-reply/configure.ac licq-1.3.5/plugins/auto-reply/configure.ac
+--- licq-1.3.5.orig/plugins/auto-reply/configure.ac	2008-06-21 14:49:20.000000000 +0200
++++ licq-1.3.5/plugins/auto-reply/configure.ac	2008-06-21 14:52:18.000000000 +0200
+@@ -44,11 +44,11 @@
+ 
+ dnl Switch to C++ mode and check for needed C++ headers
+ AC_LANG_SAVE
+ AC_LANG_CPLUSPLUS
+ 
+-AC_CHECK_HEADER(vector.h,,
++AC_CHECK_HEADER(vector,,
+   AC_MSG_ERROR(You need to have the libstdc++ headers installed))
+ 
+ AC_LANG_RESTORE
+ 
+ AC_OUTPUT(
+diff -NrU5 licq-1.3.5.orig/plugins/auto-reply/src/autoreply.cpp licq-1.3.5/plugins/auto-reply/src/autoreply.cpp
+--- licq-1.3.5.orig/plugins/auto-reply/src/autoreply.cpp	2008-06-21 14:49:20.000000000 +0200
++++ licq-1.3.5/plugins/auto-reply/src/autoreply.cpp	2008-06-21 14:52:18.000000000 +0200
+@@ -10,10 +10,11 @@
+ #include <ctype.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <sys/wait.h>
+ #include <signal.h>
++#include <climits>
+ #ifdef HAVE_ERRNO_H
+ #include <errno.h>
+ #else
+ extern int errno;
+ #endif
+diff -NrU5 licq-1.3.5.orig/plugins/email/configure.ac licq-1.3.5/plugins/email/configure.ac
+--- licq-1.3.5.orig/plugins/email/configure.ac	2008-06-21 14:49:20.000000000 +0200
++++ licq-1.3.5/plugins/email/configure.ac	2008-06-21 14:52:18.000000000 +0200
+@@ -46,11 +46,11 @@
+ 
+ dnl Switch to C++ mode and check for needed C++ headers
+ AC_LANG_SAVE
+ AC_LANG_CPLUSPLUS
+ 
+-AC_CHECK_HEADER(vector.h,,
++AC_CHECK_HEADER(vector,,
+   AC_MSG_ERROR(You need to have the libstdc++ headers installed))
+ 
+ AC_LANG_RESTORE
+ 
+ AC_OUTPUT(
+diff -NrU5 licq-1.3.5.orig/plugins/email/src/forwarder.cpp licq-1.3.5/plugins/email/src/forwarder.cpp
+--- licq-1.3.5.orig/plugins/email/src/forwarder.cpp	2008-06-21 14:49:20.000000000 +0200
++++ licq-1.3.5/plugins/email/src/forwarder.cpp	2008-06-21 15:17:53.000000000 +0200
+@@ -7,10 +7,11 @@
+ #include <sys/types.h>
+ #include <unistd.h>
+ #include <string.h>
+ #include <ctype.h>
+ #include <stdio.h>
++#include <climits>
+ #ifdef HAVE_ERRNO_H
+ #include <errno.h>
+ #else
+ extern int errno;
+ #endif
+diff -NrU5 licq-1.3.5.orig/plugins/msn/configure.ac licq-1.3.5/plugins/msn/configure.ac
+--- licq-1.3.5.orig/plugins/msn/configure.ac	2008-06-21 14:49:20.000000000 +0200
++++ licq-1.3.5/plugins/msn/configure.ac	2008-06-21 14:52:18.000000000 +0200
+@@ -51,11 +51,11 @@
+ 
+ dnl Switch to C++ mode and check for needed C++ headers
+ AC_LANG_SAVE
+ AC_LANG_CPLUSPLUS
+ 
+-AC_CHECK_HEADER(vector.h,,
++AC_CHECK_HEADER(vector,,
+   AC_MSG_ERROR(You need to have the libstdc++ headers installed))
+ 
+ AC_LANG_RESTORE
+ 
+ msn_gcc_major_version=0
+diff -NrU5 licq-1.3.5.orig/plugins/rms/src/rms.cpp licq-1.3.5/plugins/rms/src/rms.cpp
+--- licq-1.3.5.orig/plugins/rms/src/rms.cpp	2008-06-21 14:49:20.000000000 +0200
++++ licq-1.3.5/plugins/rms/src/rms.cpp	2008-06-21 15:08:27.000000000 +0200
+@@ -7,10 +7,11 @@
+ #include <sys/types.h>
+ #include <unistd.h>
+ #include <string.h>
+ #include <ctype.h>
+ #include <stdio.h>
++#include <climits>
+ #ifdef HAVE_ERRNO_H
+ #include <errno.h>
+ #else
+ extern int errno;
+ #endif
+diff -NrU5 licq-1.3.5.orig/src/fifo.cpp licq-1.3.5/src/fifo.cpp
+--- licq-1.3.5.orig/src/fifo.cpp	2008-06-21 14:49:20.000000000 +0200
++++ licq-1.3.5/src/fifo.cpp	2008-06-21 14:52:18.000000000 +0200
+@@ -28,10 +28,11 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <sys/stat.h>
+ #include <fcntl.h>
+ #include <ctype.h>
++#include <climits>
+ #include "time-fix.h"
+ 
+ #ifdef HAVE_ERRNO_H
+ #include <errno.h>
+ #else

Added: icq-protocol-version.patch
===================================================================
--- icq-protocol-version.patch	                        (rev 0)
+++ icq-protocol-version.patch	2008-07-20 20:55:35 UTC (rev 5776)
@@ -0,0 +1,13 @@
+Index: src/icqpacket.cpp
+===================================================================
+--- src/icqpacket.cpp	(revision 6387)
++++ src/icqpacket.cpp	(working copy)
+@@ -821,7 +821,7 @@
+ 
+   // Static versioning
+   buffer->PackUnsignedLongBE(0x00160002);
+-  buffer->PackUnsignedShortBE(0x010A);
++  buffer->PackUnsignedShortBE(0x010B);
+   // Client version major (4 == ICQ2000, 5 == ICQ2001)
+   buffer->PackUnsignedLongBE(0x00170002);
+   buffer->PackUnsignedShortBE(0x0014);





More information about the arch-commits mailing list