Fix security bug #219708, gcc-4.3 and glibc-2.8 fixes (bugs #218814 and #228373) and ICQ protocol upgrade (bug #230387).

(Portage version: 2.2_rc1/cvs/Linux 2.6.25-gentoo-r6 x86_64)
author: Santiago M. Mola <coldwind@gentoo.org> 2008-07-04 15:20:01 +0000
committer: Santiago M. Mola <coldwind@gentoo.org> 2008-07-04 15:20:01 +0000
commit: f3c3f5686a1782f432e92229b9c41147a392dd9e (patch)
tree: a06aebcc765d5a85aeaaad8985ff71d56f8a6605
parent: Stable for HPPA (bug #230567). (diff)
download: gentoo-2-f3c3f5686a1782f432e92229b9c41147a392dd9e.tar.gz
gentoo-2-f3c3f5686a1782f432e92229b9c41147a392dd9e.tar.bz2
gentoo-2-f3c3f5686a1782f432e92229b9c41147a392dd9e.zip
5 files changed, 435 insertions, 1 deletions
diff --git a/net-im/licq/ChangeLog b/net-im/licq/ChangeLog
index 2ea9934b3fba..746faba7bc5c 100644
--- a/net-im/licq/ChangeLog
+++ b/net-im/licq/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for net-im/licq
 # Copyright 2002-2008 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-im/licq/ChangeLog,v 1.92 2008/03/27 15:03:11 coldwind Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-im/licq/ChangeLog,v 1.93 2008/07/04 15:20:01 coldwind Exp $
+
+*licq-1.3.5-r1 (04 Jul 2008)
+
+  04 Jul 2008; Santiago M. Mola <coldwind@gentoo.org>
+  +files/licq-1.3.5-gcc43.patch, +files/licq-1.3.5-logonfix.patch,
+  +files/licq-1.3.5-prevent-dos.patch, +licq-1.3.5-r1.ebuild:
+  Fix security bug #219708, gcc-4.3 and glibc-2.8 fixes (bugs #218814 and
+  #228373) and ICQ protocol upgrade (bug #230387).
 
   27 Mar 2008; Santiago M. Mola <coldwind@gentoo.org> -licq-1.2.7.ebuild,
   -licq-1.3.0.ebuild:
diff --git a/net-im/licq/files/licq-1.3.5-gcc43.patch b/net-im/licq/files/licq-1.3.5-gcc43.patch
new file mode 100644
index 000000000000..fa064cf5c4a3
--- /dev/null
+++ b/net-im/licq/files/licq-1.3.5-gcc43.patch
@@ -0,0 +1,111 @@
+Source: Anders Olofsson, zimous, Peter Alfredsen, maybe others too.
+Upstream: Probably fixed in next release.
+Reason: gcc-4.3 and glibc-2.8 errors, bugs #218814 and #228373
+diff -NrU5 licq-1.3.5.orig/plugins/auto-reply/configure.ac licq-1.3.5/plugins/auto-reply/configure.ac
+--- licq-1.3.5.orig/plugins/auto-reply/configure.ac	2008-06-21 14:49:20.000000000 +0200
++++ licq-1.3.5/plugins/auto-reply/configure.ac	2008-06-21 14:52:18.000000000 +0200
+@@ -44,11 +44,11 @@
+ 
+ dnl Switch to C++ mode and check for needed C++ headers
+ AC_LANG_SAVE
+ AC_LANG_CPLUSPLUS
+ 
+-AC_CHECK_HEADER(vector.h,,
++AC_CHECK_HEADER(vector,,
+   AC_MSG_ERROR(You need to have the libstdc++ headers installed))
+ 
+ AC_LANG_RESTORE
+ 
+ AC_OUTPUT(
+diff -NrU5 licq-1.3.5.orig/plugins/auto-reply/src/autoreply.cpp licq-1.3.5/plugins/auto-reply/src/autoreply.cpp
+--- licq-1.3.5.orig/plugins/auto-reply/src/autoreply.cpp	2008-06-21 14:49:20.000000000 +0200
++++ licq-1.3.5/plugins/auto-reply/src/autoreply.cpp	2008-06-21 14:52:18.000000000 +0200
+@@ -10,10 +10,11 @@
+ #include <ctype.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <sys/wait.h>
+ #include <signal.h>
++#include <climits>
+ #ifdef HAVE_ERRNO_H
+ #include <errno.h>
+ #else
+ extern int errno;
+ #endif
+diff -NrU5 licq-1.3.5.orig/plugins/email/configure.ac licq-1.3.5/plugins/email/configure.ac
+--- licq-1.3.5.orig/plugins/email/configure.ac	2008-06-21 14:49:20.000000000 +0200
++++ licq-1.3.5/plugins/email/configure.ac	2008-06-21 14:52:18.000000000 +0200
+@@ -46,11 +46,11 @@
+ 
+ dnl Switch to C++ mode and check for needed C++ headers
+ AC_LANG_SAVE
+ AC_LANG_CPLUSPLUS
+ 
+-AC_CHECK_HEADER(vector.h,,
++AC_CHECK_HEADER(vector,,
+   AC_MSG_ERROR(You need to have the libstdc++ headers installed))
+ 
+ AC_LANG_RESTORE
+ 
+ AC_OUTPUT(
+diff -NrU5 licq-1.3.5.orig/plugins/email/src/forwarder.cpp licq-1.3.5/plugins/email/src/forwarder.cpp
+--- licq-1.3.5.orig/plugins/email/src/forwarder.cpp	2008-06-21 14:49:20.000000000 +0200
++++ licq-1.3.5/plugins/email/src/forwarder.cpp	2008-06-21 15:17:53.000000000 +0200
+@@ -7,10 +7,11 @@
+ #include <sys/types.h>
+ #include <unistd.h>
+ #include <string.h>
+ #include <ctype.h>
+ #include <stdio.h>
++#include <climits>
+ #ifdef HAVE_ERRNO_H
+ #include <errno.h>
+ #else
+ extern int errno;
+ #endif
+diff -NrU5 licq-1.3.5.orig/plugins/msn/configure.ac licq-1.3.5/plugins/msn/configure.ac
+--- licq-1.3.5.orig/plugins/msn/configure.ac	2008-06-21 14:49:20.000000000 +0200
++++ licq-1.3.5/plugins/msn/configure.ac	2008-06-21 14:52:18.000000000 +0200
+@@ -51,11 +51,11 @@
+ 
+ dnl Switch to C++ mode and check for needed C++ headers
+ AC_LANG_SAVE
+ AC_LANG_CPLUSPLUS
+ 
+-AC_CHECK_HEADER(vector.h,,
++AC_CHECK_HEADER(vector,,
+   AC_MSG_ERROR(You need to have the libstdc++ headers installed))
+ 
+ AC_LANG_RESTORE
+ 
+ msn_gcc_major_version=0
+diff -NrU5 licq-1.3.5.orig/plugins/rms/src/rms.cpp licq-1.3.5/plugins/rms/src/rms.cpp
+--- licq-1.3.5.orig/plugins/rms/src/rms.cpp	2008-06-21 14:49:20.000000000 +0200
++++ licq-1.3.5/plugins/rms/src/rms.cpp	2008-06-21 15:08:27.000000000 +0200
+@@ -7,10 +7,11 @@
+ #include <sys/types.h>
+ #include <unistd.h>
+ #include <string.h>
+ #include <ctype.h>
+ #include <stdio.h>
++#include <climits>
+ #ifdef HAVE_ERRNO_H
+ #include <errno.h>
+ #else
+ extern int errno;
+ #endif
+diff -NrU5 licq-1.3.5.orig/src/fifo.cpp licq-1.3.5/src/fifo.cpp
+--- licq-1.3.5.orig/src/fifo.cpp	2008-06-21 14:49:20.000000000 +0200
++++ licq-1.3.5/src/fifo.cpp	2008-06-21 14:52:18.000000000 +0200
+@@ -28,10 +28,11 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <sys/stat.h>
+ #include <fcntl.h>
+ #include <ctype.h>
++#include <climits>
+ #include "time-fix.h"
+ 
+ #ifdef HAVE_ERRNO_H
+ #include <errno.h>
+ #else
diff --git a/net-im/licq/files/licq-1.3.5-logonfix.patch b/net-im/licq/files/licq-1.3.5-logonfix.patch
new file mode 100644
index 000000000000..bf8cbaa95eb0
--- /dev/null
+++ b/net-im/licq/files/licq-1.3.5-logonfix.patch
@@ -0,0 +1,13 @@
+Source: Upstream homepage, already applied.
+Reason: Can't login after protocol change, bug #230387
+--- src/icqpacket.cpp
++++ src/icqpacket.cpp
+@@ -821,7 +821,7 @@
+ 
+   // Static versioning
+   buffer->PackUnsignedLongBE(0x00160002);
+-  buffer->PackUnsignedShortBE(0x010A);
++  buffer->PackUnsignedShortBE(0x010B);
+   // Client version major (4 == ICQ2000, 5 == ICQ2001)
+   buffer->PackUnsignedLongBE(0x00170002);
+   buffer->PackUnsignedShortBE(0x0014);
diff --git a/net-im/licq/files/licq-1.3.5-prevent-dos.patch b/net-im/licq/files/licq-1.3.5-prevent-dos.patch
new file mode 100644
index 000000000000..3aaa2bc56e02
--- /dev/null
+++ b/net-im/licq/files/licq-1.3.5-prevent-dos.patch
@@ -0,0 +1,111 @@
+Source: http://www.licq.org/changeset/6146
+Reason: DoS via large number of connections, bug #219708
+--- /trunk/licq/include/licq_socket.h
++++ /trunk/licq/include/licq_socket.h
+@@ -251,4 +251,5 @@
+   fd_set SocketSet()   {  return m_sSockets.SocketSet(); }
+   int LargestSocket()  {  return m_sSockets.Largest(); }
++  unsigned short Num() {  return m_sSockets.Num(); }
+ 
+ protected:
+--- /trunk/licq/src/socket.cpp
++++ /trunk/licq/src/socket.cpp
+@@ -818,6 +818,24 @@
+   socklen_t sizeofSockaddr = sizeof(struct sockaddr_in);
+ 
+-  newSocket.m_nDescriptor = accept(m_nDescriptor, (struct sockaddr *)&newSocket.m_sRemoteAddr, &sizeofSockaddr);
+-  newSocket.SetLocalAddress();
++  // Make sure we stay under FD_SETSIZE
++  // See:
++  // * http://www.securityfocus.com/archive/1/490711
++  // * http://securityvulns.com/docs7669.html
++  // for more details
++  // This probably has no affect, since we are using multiple threads, but keep it here 
++  // to be used as a sanity check.
++  int newDesc = accept(m_nDescriptor, (struct sockaddr *)&newSocket.m_sRemoteAddr, &sizeofSockaddr);
++  if (newDesc < FD_SETSIZE)
++  {
++    newSocket.m_nDescriptor = newDesc;
++    newSocket.SetLocalAddress();
++  }
++  else
++  {
++    gLog.Error(tr("%sCannot accept new connection, too many descriptors in use.\n"), L_ERRORxSTR);
++    close(newDesc);
++
++    // TODO throw an exception, or do something to tell the caller it failed
++  }
+ }
+ 
+--- /trunk/licq/src/icqd-threads.cpp
++++ /trunk/licq/src/icqd-threads.cpp
+@@ -24,4 +24,5 @@
+ #include "gettext.h"
+ 
++#define MAX_CONNECTS  256
+ #define DEBUG_THREADS(x)
+ //#define DEBUG_THREADS(x) gLog.Info(x)
+@@ -781,6 +782,19 @@
+               tcp->RecvConnection(*newSocket);
+               gSocketManager.DropSocket(tcp);
+-              gSocketManager.AddSocket(newSocket);
+-              gSocketManager.DropSocket(newSocket);
++
++              // Make sure we can handle another socket before accepting it
++              if (gSocketManager.Num() > MAX_CONNECTS)
++              {
++                // Too many sockets, drop this one
++                char remoteIp[32];
++                gLog.Warn(tr("%sToo many connected sockets, rejecting connection from %s.\n"),
++                    L_WARNxSTR, newSocket->RemoteIpStr(remoteIp));
++                delete newSocket;
++              }
++              else
++              {
++                gSocketManager.AddSocket(newSocket);
++                gSocketManager.DropSocket(newSocket);
++              }
+             }
+           }
+--- /trunk/licq/src/icqd-chat.cpp
++++ /trunk/licq/src/icqd-chat.cpp
+@@ -24,4 +24,5 @@
+ #include "gettext.h"
+ 
++#define MAX_CONNECTS  256
+ #define DEBUG_THREADS(x)
+ 
+@@ -2384,14 +2385,22 @@
+         else if (nCurrentSocket == chatman->chatServer.Descriptor())
+         {
+-          CChatUser *u = new CChatUser;
+-          u->m_pClient = new CChatClient;
+-
+-          chatman->chatServer.RecvConnection(u->sock);
+-          chatman->sockman.AddSocket(&u->sock);
+-          chatman->sockman.DropSocket(&u->sock);
+-
+-          u->state = CHAT_STATE_HANDSHAKE;
+-          chatman->chatUsers.push_back(u);
+-          gLog.Info(tr("%sChat: Received connection.\n"), L_TCPxSTR);
++          if (chatman->sockman.Num() >= MAX_CONNECTS)
++          {
++            // Too many sockets, drop this one
++            gLog.Warn(tr("%sToo many connected clients, rejecting new connection.\n"), L_WARNxSTR);
++          }
++          else
++          {
++            CChatUser *u = new CChatUser;
++            u->m_pClient = new CChatClient;
++
++            chatman->chatServer.RecvConnection(u->sock);
++            chatman->sockman.AddSocket(&u->sock);
++            chatman->sockman.DropSocket(&u->sock);
++
++            u->state = CHAT_STATE_HANDSHAKE;
++            chatman->chatUsers.push_back(u);
++            gLog.Info(tr("%sChat: Received connection.\n"), L_TCPxSTR);
++          }
+         }
+ 
+
diff --git a/net-im/licq/licq-1.3.5-r1.ebuild b/net-im/licq/licq-1.3.5-r1.ebuild
new file mode 100644
index 000000000000..2987b9d09e9d
--- /dev/null
+++ b/net-im/licq/licq-1.3.5-r1.ebuild
@@ -0,0 +1,191 @@
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-im/licq/licq-1.3.5-r1.ebuild,v 1.1 2008/07/04 15:20:01 coldwind Exp $
+
+inherit autotools eutils kde-functions multilib
+
+DESCRIPTION="ICQ Client with v8 support"
+HOMEPAGE="http://www.licq.org/"
+SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="2"
+KEYWORDS="~alpha ~amd64 ~ia64 ~ppc ~sparc ~x86 ~x86-fbsd"
+IUSE="ssl socks5 qt3 kde ncurses crypt msn debug"
+
+# we can't have conditional dependencies so "use kde && inherit kde"
+# won't work -- messes up dep caching.
+
+# need-kde and their eclass friends inject things into DEPEND. But we only
+# want them enabled if the kde USE flag is set. We get around this in the
+# following dep lines:
+RDEPEND="kde? ( >=kde-base/kdelibs-3.0 )"
+DEPEND="kde? ( >=kde-base/kdelibs-3.0 )
+	ssl? ( >=dev-libs/openssl-0.9.6 )
+	qt3? ( =x11-libs/qt-3* )
+	ncurses? ( sys-libs/ncurses >=dev-libs/cdk-4.9.11.20031210-r1 )
+	crypt? ( >=app-crypt/gpgme-1.0.0 )"
+
+src_unpack() {
+	unpack ${A}
+	cd "${S}"
+
+	epatch "${FILESDIR}"/${P}-logonfix.patch
+	epatch "${FILESDIR}"/${P}-prevent-dos.patch
+	epatch "${FILESDIR}"/${P}-gcc43.patch
+
+	use ncurses && epatch "${FILESDIR}"/1.3.0-suse_bool.patch
+
+	if use kde
+	then
+		# fix for #12436
+		ebegin "Setting kde plugin as default"
+		cp "${S}"/src/licq.conf.h "${T}"
+		sed "s:Plugin1 = qt-gui:Plugin1 = kde-gui:" \
+			"${T}"/licq.conf.h > "${S}"/src/licq.conf.h
+		eend $?
+	else
+		if ! use qt3
+		then
+			ebegin "Setting console plugin as default..."
+			cp "${S}"/src/licq.conf.h "${T}"
+			sed "s:Plugin1 = qt-gui:Plugin1 = console:" \
+				"${T}"/licq.conf.h > "${S}"/src/licq.conf.h
+			eend $?
+		fi
+	fi
+
+	# Install plugins in the correct libdir
+	sed -i -e "s:lib/licq/:$(get_libdir)/licq/:" \
+		"${S}"/include/licq_constants.h || die "sed failed"
+	sed -i -e 's:$(prefix)/lib:@libdir@:' \
+		"${S}"/plugins/*/src/Makefile.{in,am} || die "sed failed"
+
+	for plugin in msn auto-reply email ; do
+		cd "${S}"/plugins/${plugin}
+		eautoreconf
+	done
+}
+
+src_compile() {
+	local myconf
+	use ssl     || myconf="${myconf} --disable-openssl"
+	use socks5  && myconf="${myconf} --enable-socks5"
+	use debug   && myconf="${myconf} --enable-debug"
+
+	myconf="${myconf} $(use_enable crypt gpgme)"
+
+	cd "${S}"
+
+	# bug #21009
+	find . -name 'configure' -exec sed -e "s:sed 's/-g:sed 's/^-g:" -i {} \;
+
+	econf ${myconf} || die "econf failed"
+
+	use crypt && {
+		# workaround for gpgme's headers inclusion path
+		sed \
+			-e "s:FAULT_INCLUDES =:FAULT_INCLUDES = -I/usr/include/gpgme:" \
+			-i "${S}"/src/Makefile
+	}
+
+	emake || die "emake failed"
+
+	# Create the various plug-ins
+
+	# First, the Qt plug-in
+	if use qt3
+	then
+		set-qtdir 3
+		set-kdedir 3
+
+		use kde && myconf="${myconf} --with-kde"
+
+		# Problems finding qt on multilib systems
+		myconf="${myconf} --with-qt-libraries=${QTDIR}/$(get_libdir)"
+
+		# note! watch the --prefix=/usr placement;
+		# licq itself installs into /usr, but the
+		# optional kde/qt interface (to which second_conf belogns)
+		# installs its files in $KDE3DIR/{lib,share}/licq
+
+		cd "${S}"/plugins/qt-gui
+		einfo "Compiling Qt GUI plug-in"
+		econf ${myconf} || die
+		emake || die
+	fi
+
+	# Now the console plug-in
+	if use ncurses
+	then
+		cd "${S}"/plugins/console
+		einfo "Compiling the Console plug-in"
+		econf || die
+		emake || die
+	fi
+
+	for plugin in auto-reply rms msn email ; do
+		cd "${S}"/plugins/${plugin}
+		einfo "Compiling '${plugin}' plug-in"
+		econf || die "econf failed for ${plugin} plugin"
+		emake || die "emake failed for ${plugin} plugin"
+	done
+}
+
+src_install() {
+	emake DESTDIR="${D}" install || die "emake install failed"
+
+	dodoc ChangeLog INSTALL README* doc/*
+
+	# Install the plug-ins
+	if use qt3
+	then
+		cd "${S}"/plugins/qt-gui
+		emake DESTDIR="${D}" install || die
+		docinto plugins/qt-gui
+		dodoc README*
+
+	fi
+
+	if use ncurses
+	then
+		cd "${S}"/plugins/console
+		emake DESTDIR="${D}" install || die
+		docinto plugins/console
+		dodoc README
+	fi
+
+	if use msn
+	then
+		cd "${S}"/plugins/msn
+		make DESTDIR="${D}" install || die
+		docinto plugins/msn
+		dodoc README
+	fi
+
+	cd "${S}"/plugins/auto-reply
+	emake DESTDIR="${D}" install || die
+	docinto plugins/auto-reply
+	dodoc README licq_autoreply.conf
+
+	cd "${S}"/plugins/rms
+	make DESTDIR="${D}" install || die
+	docinto plugins/rms
+	dodoc README licq_rms.conf
+
+	exeinto /usr/share/${PN}/upgrade
+	doexe "${S}"/upgrade/*
+
+	# fixes bug #22136 and #149464
+	rm -fR "${D}"/var
+}
+
+pkg_postinst() {
+	echo
+	ewarn
+	ewarn "If you're upgrading from <=licq-1.3.0 - you have to manually "
+	ewarn "upgrade your existing licq installation. Please backup your "
+	ewarn "settings and look into: /usr/share/licq/upgrade for scripts."
+	ewarn
+	echo
+}
author	Santiago M. Mola <coldwind@gentoo.org>	2008-07-04 15:20:01 +0000
committer	Santiago M. Mola <coldwind@gentoo.org>	2008-07-04 15:20:01 +0000
commit	f3c3f5686a1782f432e92229b9c41147a392dd9e (patch)
tree	a06aebcc765d5a85aeaaad8985ff71d56f8a6605
parent	Stable for HPPA (bug #230567). (diff)
download	gentoo-2-f3c3f5686a1782f432e92229b9c41147a392dd9e.tar.gz gentoo-2-f3c3f5686a1782f432e92229b9c41147a392dd9e.tar.bz2 gentoo-2-f3c3f5686a1782f432e92229b9c41147a392dd9e.zip