[arch-commits] Commit in licq/repos (5 files)
Jan de Groot
jgc at archlinux.org
Sun Jul 20 20:55:49 UTC 2008
Date: Sunday, July 20, 2008 @ 16:55:49
Author: jgc
Revision: 5777
Merged revisions 2-5776 via svnmerge from
svn+ssh://svn.archlinux.org/home/svn-packages/licq/trunk
........
r356 | aaron | 2008-04-18 22:56:27 +0000 (Fri, 18 Apr 2008) | 1 line
Added svn:keywords to all PKGBUILDs
........
r5776 | jgc | 2008-07-20 20:55:35 +0000 (Sun, 20 Jul 2008) | 2 lines
upgpkg: licq 1.3.5-3
Fix DoS, make it compile, fix protocol version
........
Added:
licq/repos/extra-x86_64/CVE-2008-1996.patch
(from rev 5776, licq/trunk/CVE-2008-1996.patch)
licq/repos/extra-x86_64/gcc4.3.patch
(from rev 5776, licq/trunk/gcc4.3.patch)
licq/repos/extra-x86_64/icq-protocol-version.patch
(from rev 5776, licq/trunk/icq-protocol-version.patch)
Modified:
licq/repos/extra-x86_64/ (properties)
licq/repos/extra-x86_64/PKGBUILD
----------------------------+
CVE-2008-1996.patch | 111 +++++++++++++++++++++++++++++++++++++++++++
PKGBUILD | 40 +++++++++------
gcc4.3.patch | 111 +++++++++++++++++++++++++++++++++++++++++++
icq-protocol-version.patch | 13 +++++
4 files changed, 260 insertions(+), 15 deletions(-)
Property changes on: licq/repos/extra-x86_64
___________________________________________________________________
Name: svnmerge-integrated
- /licq/trunk:1
+ /licq/trunk:1-5776
Copied: licq/repos/extra-x86_64/CVE-2008-1996.patch (from rev 5776, licq/trunk/CVE-2008-1996.patch)
===================================================================
--- extra-x86_64/CVE-2008-1996.patch (rev 0)
+++ extra-x86_64/CVE-2008-1996.patch 2008-07-20 20:55:49 UTC (rev 5777)
@@ -0,0 +1,111 @@
+Source: http://www.licq.org/changeset/6146
+Reason: DoS via large number of connections, bug #219708
+--- /trunk/licq/include/licq_socket.h
++++ /trunk/licq/include/licq_socket.h
+@@ -251,4 +251,5 @@
+ fd_set SocketSet() { return m_sSockets.SocketSet(); }
+ int LargestSocket() { return m_sSockets.Largest(); }
++ unsigned short Num() { return m_sSockets.Num(); }
+
+ protected:
+--- /trunk/licq/src/socket.cpp
++++ /trunk/licq/src/socket.cpp
+@@ -818,6 +818,24 @@
+ socklen_t sizeofSockaddr = sizeof(struct sockaddr_in);
+
+- newSocket.m_nDescriptor = accept(m_nDescriptor, (struct sockaddr *)&newSocket.m_sRemoteAddr, &sizeofSockaddr);
+- newSocket.SetLocalAddress();
++ // Make sure we stay under FD_SETSIZE
++ // See:
++ // * http://www.securityfocus.com/archive/1/490711
++ // * http://securityvulns.com/docs7669.html
++ // for more details
++ // This probably has no affect, since we are using multiple threads, but keep it here
++ // to be used as a sanity check.
++ int newDesc = accept(m_nDescriptor, (struct sockaddr *)&newSocket.m_sRemoteAddr, &sizeofSockaddr);
++ if (newDesc < FD_SETSIZE)
++ {
++ newSocket.m_nDescriptor = newDesc;
++ newSocket.SetLocalAddress();
++ }
++ else
++ {
++ gLog.Error(tr("%sCannot accept new connection, too many descriptors in use.\n"), L_ERRORxSTR);
++ close(newDesc);
++
++ // TODO throw an exception, or do something to tell the caller it failed
++ }
+ }
+
+--- /trunk/licq/src/icqd-threads.cpp
++++ /trunk/licq/src/icqd-threads.cpp
+@@ -24,4 +24,5 @@
+ #include "gettext.h"
+
++#define MAX_CONNECTS 256
+ #define DEBUG_THREADS(x)
+ //#define DEBUG_THREADS(x) gLog.Info(x)
+@@ -781,6 +782,19 @@
+ tcp->RecvConnection(*newSocket);
+ gSocketManager.DropSocket(tcp);
+- gSocketManager.AddSocket(newSocket);
+- gSocketManager.DropSocket(newSocket);
++
++ // Make sure we can handle another socket before accepting it
++ if (gSocketManager.Num() > MAX_CONNECTS)
++ {
++ // Too many sockets, drop this one
++ char remoteIp[32];
++ gLog.Warn(tr("%sToo many connected sockets, rejecting connection from %s.\n"),
++ L_WARNxSTR, newSocket->RemoteIpStr(remoteIp));
++ delete newSocket;
++ }
++ else
++ {
++ gSocketManager.AddSocket(newSocket);
++ gSocketManager.DropSocket(newSocket);
++ }
+ }
+ }
+--- /trunk/licq/src/icqd-chat.cpp
++++ /trunk/licq/src/icqd-chat.cpp
+@@ -24,4 +24,5 @@
+ #include "gettext.h"
+
++#define MAX_CONNECTS 256
+ #define DEBUG_THREADS(x)
+
+@@ -2384,14 +2385,22 @@
+ else if (nCurrentSocket == chatman->chatServer.Descriptor())
+ {
+- CChatUser *u = new CChatUser;
+- u->m_pClient = new CChatClient;
+-
+- chatman->chatServer.RecvConnection(u->sock);
+- chatman->sockman.AddSocket(&u->sock);
+- chatman->sockman.DropSocket(&u->sock);
+-
+- u->state = CHAT_STATE_HANDSHAKE;
+- chatman->chatUsers.push_back(u);
+- gLog.Info(tr("%sChat: Received connection.\n"), L_TCPxSTR);
++ if (chatman->sockman.Num() >= MAX_CONNECTS)
++ {
++ // Too many sockets, drop this one
++ gLog.Warn(tr("%sToo many connected clients, rejecting new connection.\n"), L_WARNxSTR);
++ }
++ else
++ {
++ CChatUser *u = new CChatUser;
++ u->m_pClient = new CChatClient;
++
++ chatman->chatServer.RecvConnection(u->sock);
++ chatman->sockman.AddSocket(&u->sock);
++ chatman->sockman.DropSocket(&u->sock);
++
++ u->state = CHAT_STATE_HANDSHAKE;
++ chatman->chatUsers.push_back(u);
++ gLog.Info(tr("%sChat: Received connection.\n"), L_TCPxSTR);
++ }
+ }
+
+
Modified: extra-x86_64/PKGBUILD
===================================================================
--- extra-x86_64/PKGBUILD 2008-07-20 20:55:35 UTC (rev 5776)
+++ extra-x86_64/PKGBUILD 2008-07-20 20:55:49 UTC (rev 5777)
@@ -2,33 +2,43 @@
# Maintainer: Juergen Hoetzel <juergen at archlinux.org>
pkgname=licq
pkgver=1.3.5
-pkgrel=2
+pkgrel=3
pkgdesc="Advanced graphical ICQ clone and more for Unix"
arch=(i686 x86_64)
url="http://www.licq.org"
license=('GPL')
-depends=('libxss' 'qt3' 'openssl' 'bash')
-source=(http://heanet.dl.sourceforge.net/sourceforge/licq/licq-$pkgver.tar.bz2)
-md5sums=('842a73c82980721961fe824f40377292')
+depends=('libxss' 'qt3' 'openssl')
+options=(!libtool)
+source=(http://downloads.sourceforge.net/sourceforge/licq/licq-${pkgver}.tar.bz2
+ gcc4.3.patch
+ CVE-2008-1996.patch
+ icq-protocol-version.patch)
+md5sums=('842a73c82980721961fe824f40377292'
+ '84e22c584249128d74f71e08ef098bb1'
+ '2707540b24b905b536d7c98afaf021be'
+ '8b49bf52ff8ad76619d57d6eb7ae66ed')
build() {
- cd $startdir/src/$pkgname-$pkgver
+ cd ${srcdir}/${pkgname}-${pkgver}
. /etc/profile.d/qt3.sh
+
# licq
- ./configure --prefix=/usr --enable-gpgme=no
+ patch -Np1 -i ${srcdir}/gcc4.3.patch || return 1
+ patch -Np3 -i ${srcdir}/CVE-2008-1996.patch || return 1
+ patch -Np0 -i ${srcdir}/icq-protocol-version.patch || return 1
+ GPGME_CONFIG=/bin/false ./configure --prefix=/usr || return 1
make || return 1
- make DESTDIR=$startdir/pkg install
+ make DESTDIR=${pkgdir} install || return 1
- # qt-guiA
- cd plugins/qt-gui
+ # qt-gui
+ cd plugins/qt-gui || return 1
# for some reason, --without-kde makes ./configure think that
# the QT libs are missing. ???
- ./configure --prefix=/usr
+ GPGME_CONFIG=/bin/false ./configure --prefix=/usr || return 1
make || return 1
- cd po
+ cd po || return 1
lrelease *.ts || return 1
- cd -
- make DESTDIR=$startdir/pkg install
- rm -rf $startdir/pkg/opt
- find $startdir/pkg -name "*.la" -exec rm -f {} \;
+ cd ..
+ make DESTDIR=${pkgdir} install || return 1
+ rm -rf ${pkgdir}/opt
}
Copied: licq/repos/extra-x86_64/gcc4.3.patch (from rev 5776, licq/trunk/gcc4.3.patch)
===================================================================
--- extra-x86_64/gcc4.3.patch (rev 0)
+++ extra-x86_64/gcc4.3.patch 2008-07-20 20:55:49 UTC (rev 5777)
@@ -0,0 +1,111 @@
+Source: Anders Olofsson, zimous, Peter Alfredsen, maybe others too.
+Upstream: Probably fixed in next release.
+Reason: gcc-4.3 and glibc-2.8 errors, bugs #218814 and #228373
+diff -NrU5 licq-1.3.5.orig/plugins/auto-reply/configure.ac licq-1.3.5/plugins/auto-reply/configure.ac
+--- licq-1.3.5.orig/plugins/auto-reply/configure.ac 2008-06-21 14:49:20.000000000 +0200
++++ licq-1.3.5/plugins/auto-reply/configure.ac 2008-06-21 14:52:18.000000000 +0200
+@@ -44,11 +44,11 @@
+
+ dnl Switch to C++ mode and check for needed C++ headers
+ AC_LANG_SAVE
+ AC_LANG_CPLUSPLUS
+
+-AC_CHECK_HEADER(vector.h,,
++AC_CHECK_HEADER(vector,,
+ AC_MSG_ERROR(You need to have the libstdc++ headers installed))
+
+ AC_LANG_RESTORE
+
+ AC_OUTPUT(
+diff -NrU5 licq-1.3.5.orig/plugins/auto-reply/src/autoreply.cpp licq-1.3.5/plugins/auto-reply/src/autoreply.cpp
+--- licq-1.3.5.orig/plugins/auto-reply/src/autoreply.cpp 2008-06-21 14:49:20.000000000 +0200
++++ licq-1.3.5/plugins/auto-reply/src/autoreply.cpp 2008-06-21 14:52:18.000000000 +0200
+@@ -10,10 +10,11 @@
+ #include <ctype.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <sys/wait.h>
+ #include <signal.h>
++#include <climits>
+ #ifdef HAVE_ERRNO_H
+ #include <errno.h>
+ #else
+ extern int errno;
+ #endif
+diff -NrU5 licq-1.3.5.orig/plugins/email/configure.ac licq-1.3.5/plugins/email/configure.ac
+--- licq-1.3.5.orig/plugins/email/configure.ac 2008-06-21 14:49:20.000000000 +0200
++++ licq-1.3.5/plugins/email/configure.ac 2008-06-21 14:52:18.000000000 +0200
+@@ -46,11 +46,11 @@
+
+ dnl Switch to C++ mode and check for needed C++ headers
+ AC_LANG_SAVE
+ AC_LANG_CPLUSPLUS
+
+-AC_CHECK_HEADER(vector.h,,
++AC_CHECK_HEADER(vector,,
+ AC_MSG_ERROR(You need to have the libstdc++ headers installed))
+
+ AC_LANG_RESTORE
+
+ AC_OUTPUT(
+diff -NrU5 licq-1.3.5.orig/plugins/email/src/forwarder.cpp licq-1.3.5/plugins/email/src/forwarder.cpp
+--- licq-1.3.5.orig/plugins/email/src/forwarder.cpp 2008-06-21 14:49:20.000000000 +0200
++++ licq-1.3.5/plugins/email/src/forwarder.cpp 2008-06-21 15:17:53.000000000 +0200
+@@ -7,10 +7,11 @@
+ #include <sys/types.h>
+ #include <unistd.h>
+ #include <string.h>
+ #include <ctype.h>
+ #include <stdio.h>
++#include <climits>
+ #ifdef HAVE_ERRNO_H
+ #include <errno.h>
+ #else
+ extern int errno;
+ #endif
+diff -NrU5 licq-1.3.5.orig/plugins/msn/configure.ac licq-1.3.5/plugins/msn/configure.ac
+--- licq-1.3.5.orig/plugins/msn/configure.ac 2008-06-21 14:49:20.000000000 +0200
++++ licq-1.3.5/plugins/msn/configure.ac 2008-06-21 14:52:18.000000000 +0200
+@@ -51,11 +51,11 @@
+
+ dnl Switch to C++ mode and check for needed C++ headers
+ AC_LANG_SAVE
+ AC_LANG_CPLUSPLUS
+
+-AC_CHECK_HEADER(vector.h,,
++AC_CHECK_HEADER(vector,,
+ AC_MSG_ERROR(You need to have the libstdc++ headers installed))
+
+ AC_LANG_RESTORE
+
+ msn_gcc_major_version=0
+diff -NrU5 licq-1.3.5.orig/plugins/rms/src/rms.cpp licq-1.3.5/plugins/rms/src/rms.cpp
+--- licq-1.3.5.orig/plugins/rms/src/rms.cpp 2008-06-21 14:49:20.000000000 +0200
++++ licq-1.3.5/plugins/rms/src/rms.cpp 2008-06-21 15:08:27.000000000 +0200
+@@ -7,10 +7,11 @@
+ #include <sys/types.h>
+ #include <unistd.h>
+ #include <string.h>
+ #include <ctype.h>
+ #include <stdio.h>
++#include <climits>
+ #ifdef HAVE_ERRNO_H
+ #include <errno.h>
+ #else
+ extern int errno;
+ #endif
+diff -NrU5 licq-1.3.5.orig/src/fifo.cpp licq-1.3.5/src/fifo.cpp
+--- licq-1.3.5.orig/src/fifo.cpp 2008-06-21 14:49:20.000000000 +0200
++++ licq-1.3.5/src/fifo.cpp 2008-06-21 14:52:18.000000000 +0200
+@@ -28,10 +28,11 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <sys/stat.h>
+ #include <fcntl.h>
+ #include <ctype.h>
++#include <climits>
+ #include "time-fix.h"
+
+ #ifdef HAVE_ERRNO_H
+ #include <errno.h>
+ #else
Copied: licq/repos/extra-x86_64/icq-protocol-version.patch (from rev 5776, licq/trunk/icq-protocol-version.patch)
===================================================================
--- extra-x86_64/icq-protocol-version.patch (rev 0)
+++ extra-x86_64/icq-protocol-version.patch 2008-07-20 20:55:49 UTC (rev 5777)
@@ -0,0 +1,13 @@
+Index: src/icqpacket.cpp
+===================================================================
+--- src/icqpacket.cpp (revision 6387)
++++ src/icqpacket.cpp (working copy)
+@@ -821,7 +821,7 @@
+
+ // Static versioning
+ buffer->PackUnsignedLongBE(0x00160002);
+- buffer->PackUnsignedShortBE(0x010A);
++ buffer->PackUnsignedShortBE(0x010B);
+ // Client version major (4 == ICQ2000, 5 == ICQ2001)
+ buffer->PackUnsignedLongBE(0x00170002);
+ buffer->PackUnsignedShortBE(0x0014);
More information about the arch-commits
mailing list