The last commit lost previously applied security fixes. Again.

Re-apply my fix. Again. Specifically, the GAIM developers have still not addressed the ``Yahoo Octal-Encoding Decoder'' issues. http://www.vuxml.org/freebsd/6fd02439-5d70-11d8-80e3-0020ed76ef5a.html http://security.e-matters.de/advisories/012004.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0005
svn path=/head/; revision=106423
2025-01-27 10:03:20 +00:00 · 2004-04-07 15:17:37 +00:00 · 2004-04-07 15:17:37 +00:00 · 03d0a4a8f5 · 2021-03-31 03:12:20 +00:00
commit 03d0a4a8f5
parent 4bf6c55460
4 changed files with 190 additions and 0 deletions
--- a/net-im/gaim/Makefile
+++ b/net-im/gaim/Makefile
@ -6,6 +6,7 @@

 PORTNAME=	gaim
 PORTVERSION=	0.76
+PORTREVISION=	1
 CATEGORIES?=	net
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	${PORTNAME}
--- a/net-im/gaim/files/patch-src::protocols::yahoo::yahoo.c
+++ b/net-im/gaim/files/patch-src::protocols::yahoo::yahoo.c
@ -0,0 +1,94 @@
+*** ./src/protocols/yahoo/yahoo.c.orig	Wed Apr  7 09:54:00 2004
+--- src/protocols/yahoo/yahoo.c	Wed Apr  7 09:59:43 2004
+***************
+*** 895,924 ****
+  	}
+  }
+  
+  #define OUT_CHARSET "utf-8"
+  
+  static char *yahoo_decode(const char *text)
+  {
+  	char *converted;
+! 	char *n, *new;
+! 	const char *end, *p;
+! 	int i;
+! 
+! 	n = new = g_malloc(strlen (text) + 1);
+! 	end = text + strlen(text);
+  
+! 	for (p = text; p < end; p++, n++) {
+  		if (*p == '\\') {
+! 			sscanf(p + 1, "%3o\n", &i);
+! 			*n = i;
+! 			p += 3;
+! 		}
+! 		else
+! 			*n = *p;
+  	}
+- 
+  	*n = '\0';
+- 
+  	converted = g_convert(new, n - new, OUT_CHARSET, "iso-8859-1", NULL, NULL, NULL);
+  	g_free(new);
+  
+--- 895,953 ----
+  	}
+  }
+  
+ 
+ static void octal(const char **p, const char *end, unsigned char *n)
+ {
+ 	int i, c;
+ 
+ 	for (i = 0, c = 0; i < 3 && *p < end; ++i, ++*p) {
+ 		c <<= 3;
+ 		switch (**p) {
+ 		case '0': break;
+ 		case '1': c += 1; break;
+ 		case '2': c += 2; break;
+ 		case '3': c += 3; break;
+ 		case '4': c += 4; break;
+ 		case '5': c += 5; break;
+ 		case '6': c += 6; break;
+ 		case '7': c += 7; break;
+ 		default:
+ 			  if (i == 0) {
+ 				  *n = **p;
+ 				  ++*p;
+ 				  return;
+ 			  }
+ 			  c >>= 3;
+ 			  goto done;
+ 		}
+ 	}
+ done:
+ 	*n = (c > UCHAR_MAX) ? '?' : c;
+ 	return;
+ }
+ 
+  #define OUT_CHARSET "utf-8"
+  
+  static char *yahoo_decode(const char *text)
+  {
+  	char *converted;
+! 	unsigned char *n, *new;
+! 	size_t len;
+! 	const char *p, *end;
+  
+! 	len = strlen (text);
+! 	p = text;
+! 	end = &text[len];
+! 	n = new = g_malloc(len + 1);
+! 	while (p < end) {
+  		if (*p == '\\') {
+! 			++p;
+! 			octal(&p, end, n);
+! 		} else
+! 			*n = *p++;
+! 		++n;
+  	}
+  	*n = '\0';
+  	converted = g_convert(new, n - new, OUT_CHARSET, "iso-8859-1", NULL, NULL, NULL);
+  	g_free(new);
+  
--- a/net/gaim/Makefile
+++ b/net/gaim/Makefile
@ -6,6 +6,7 @@

 PORTNAME=	gaim
 PORTVERSION=	0.76
+PORTREVISION=	1
 CATEGORIES?=	net
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	${PORTNAME}
--- a/net/gaim/files/patch-src::protocols::yahoo::yahoo.c
+++ b/net/gaim/files/patch-src::protocols::yahoo::yahoo.c
@ -0,0 +1,94 @@
+*** ./src/protocols/yahoo/yahoo.c.orig	Wed Apr  7 09:54:00 2004
+--- src/protocols/yahoo/yahoo.c	Wed Apr  7 09:59:43 2004
+***************
+*** 895,924 ****
+  	}
+  }
+  
+  #define OUT_CHARSET "utf-8"
+  
+  static char *yahoo_decode(const char *text)
+  {
+  	char *converted;
+! 	char *n, *new;
+! 	const char *end, *p;
+! 	int i;
+! 
+! 	n = new = g_malloc(strlen (text) + 1);
+! 	end = text + strlen(text);
+  
+! 	for (p = text; p < end; p++, n++) {
+  		if (*p == '\\') {
+! 			sscanf(p + 1, "%3o\n", &i);
+! 			*n = i;
+! 			p += 3;
+! 		}
+! 		else
+! 			*n = *p;
+  	}
+- 
+  	*n = '\0';
+- 
+  	converted = g_convert(new, n - new, OUT_CHARSET, "iso-8859-1", NULL, NULL, NULL);
+  	g_free(new);
+  
+--- 895,953 ----
+  	}
+  }
+  
+ 
+ static void octal(const char **p, const char *end, unsigned char *n)
+ {
+ 	int i, c;
+ 
+ 	for (i = 0, c = 0; i < 3 && *p < end; ++i, ++*p) {
+ 		c <<= 3;
+ 		switch (**p) {
+ 		case '0': break;
+ 		case '1': c += 1; break;
+ 		case '2': c += 2; break;
+ 		case '3': c += 3; break;
+ 		case '4': c += 4; break;
+ 		case '5': c += 5; break;
+ 		case '6': c += 6; break;
+ 		case '7': c += 7; break;
+ 		default:
+ 			  if (i == 0) {
+ 				  *n = **p;
+ 				  ++*p;
+ 				  return;
+ 			  }
+ 			  c >>= 3;
+ 			  goto done;
+ 		}
+ 	}
+ done:
+ 	*n = (c > UCHAR_MAX) ? '?' : c;
+ 	return;
+ }
+ 
+  #define OUT_CHARSET "utf-8"
+  
+  static char *yahoo_decode(const char *text)
+  {
+  	char *converted;
+! 	unsigned char *n, *new;
+! 	size_t len;
+! 	const char *p, *end;
+  
+! 	len = strlen (text);
+! 	p = text;
+! 	end = &text[len];
+! 	n = new = g_malloc(len + 1);
+! 	while (p < end) {
+  		if (*p == '\\') {
+! 			++p;
+! 			octal(&p, end, n);
+! 		} else
+! 			*n = *p++;
+! 		++n;
+  	}
+  	*n = '\0';
+  	converted = g_convert(new, n - new, OUT_CHARSET, "iso-8859-1", NULL, NULL, NULL);
+  	g_free(new);
+