Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Santiago M. Mola (coldwind)" <coldwind@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in net-im/licq/files: licq-1.3.5-gcc43.patch licq-1.3.5-prevent-dos.patch licq-1.3.5-logonfix.patch
Date: Fri, 04 Jul 2008 15:20:08
Message-Id: E1KEn4s-0003x1-Ac@stork.gentoo.org
1 coldwind 08/07/04 15:20:02
2
3 Added: licq-1.3.5-gcc43.patch licq-1.3.5-prevent-dos.patch
4 licq-1.3.5-logonfix.patch
5 Log:
6 Fix security bug #219708, gcc-4.3 and glibc-2.8 fixes (bugs #218814 and #228373) and ICQ protocol upgrade (bug #230387).
7 (Portage version: 2.2_rc1/cvs/Linux 2.6.25-gentoo-r6 x86_64)
8
9 Revision Changes Path
10 1.1 net-im/licq/files/licq-1.3.5-gcc43.patch
11
12 file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-im/licq/files/licq-1.3.5-gcc43.patch?rev=1.1&view=markup
13 plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-im/licq/files/licq-1.3.5-gcc43.patch?rev=1.1&content-type=text/plain
14
15 Index: licq-1.3.5-gcc43.patch
16 ===================================================================
17 Source: Anders Olofsson, zimous, Peter Alfredsen, maybe others too.
18 Upstream: Probably fixed in next release.
19 Reason: gcc-4.3 and glibc-2.8 errors, bugs #218814 and #228373
20 diff -NrU5 licq-1.3.5.orig/plugins/auto-reply/configure.ac licq-1.3.5/plugins/auto-reply/configure.ac
21 --- licq-1.3.5.orig/plugins/auto-reply/configure.ac 2008-06-21 14:49:20.000000000 +0200
22 +++ licq-1.3.5/plugins/auto-reply/configure.ac 2008-06-21 14:52:18.000000000 +0200
23 @@ -44,11 +44,11 @@
24
25 dnl Switch to C++ mode and check for needed C++ headers
26 AC_LANG_SAVE
27 AC_LANG_CPLUSPLUS
28
29 -AC_CHECK_HEADER(vector.h,,
30 +AC_CHECK_HEADER(vector,,
31 AC_MSG_ERROR(You need to have the libstdc++ headers installed))
32
33 AC_LANG_RESTORE
34
35 AC_OUTPUT(
36 diff -NrU5 licq-1.3.5.orig/plugins/auto-reply/src/autoreply.cpp licq-1.3.5/plugins/auto-reply/src/autoreply.cpp
37 --- licq-1.3.5.orig/plugins/auto-reply/src/autoreply.cpp 2008-06-21 14:49:20.000000000 +0200
38 +++ licq-1.3.5/plugins/auto-reply/src/autoreply.cpp 2008-06-21 14:52:18.000000000 +0200
39 @@ -10,10 +10,11 @@
40 #include <ctype.h>
41 #include <stdio.h>
42 #include <stdlib.h>
43 #include <sys/wait.h>
44 #include <signal.h>
45 +#include <climits>
46 #ifdef HAVE_ERRNO_H
47 #include <errno.h>
48 #else
49 extern int errno;
50 #endif
51 diff -NrU5 licq-1.3.5.orig/plugins/email/configure.ac licq-1.3.5/plugins/email/configure.ac
52 --- licq-1.3.5.orig/plugins/email/configure.ac 2008-06-21 14:49:20.000000000 +0200
53 +++ licq-1.3.5/plugins/email/configure.ac 2008-06-21 14:52:18.000000000 +0200
54 @@ -46,11 +46,11 @@
55
56 dnl Switch to C++ mode and check for needed C++ headers
57 AC_LANG_SAVE
58 AC_LANG_CPLUSPLUS
59
60 -AC_CHECK_HEADER(vector.h,,
61 +AC_CHECK_HEADER(vector,,
62 AC_MSG_ERROR(You need to have the libstdc++ headers installed))
63
64 AC_LANG_RESTORE
65
66 AC_OUTPUT(
67 diff -NrU5 licq-1.3.5.orig/plugins/email/src/forwarder.cpp licq-1.3.5/plugins/email/src/forwarder.cpp
68 --- licq-1.3.5.orig/plugins/email/src/forwarder.cpp 2008-06-21 14:49:20.000000000 +0200
69 +++ licq-1.3.5/plugins/email/src/forwarder.cpp 2008-06-21 15:17:53.000000000 +0200
70 @@ -7,10 +7,11 @@
71 #include <sys/types.h>
72 #include <unistd.h>
73 #include <string.h>
74 #include <ctype.h>
75 #include <stdio.h>
76 +#include <climits>
77 #ifdef HAVE_ERRNO_H
78 #include <errno.h>
79 #else
80 extern int errno;
81 #endif
82 diff -NrU5 licq-1.3.5.orig/plugins/msn/configure.ac licq-1.3.5/plugins/msn/configure.ac
83 --- licq-1.3.5.orig/plugins/msn/configure.ac 2008-06-21 14:49:20.000000000 +0200
84 +++ licq-1.3.5/plugins/msn/configure.ac 2008-06-21 14:52:18.000000000 +0200
85 @@ -51,11 +51,11 @@
86
87 dnl Switch to C++ mode and check for needed C++ headers
88 AC_LANG_SAVE
89 AC_LANG_CPLUSPLUS
90
91 -AC_CHECK_HEADER(vector.h,,
92 +AC_CHECK_HEADER(vector,,
93 AC_MSG_ERROR(You need to have the libstdc++ headers installed))
94
95 AC_LANG_RESTORE
96
97 msn_gcc_major_version=0
98 diff -NrU5 licq-1.3.5.orig/plugins/rms/src/rms.cpp licq-1.3.5/plugins/rms/src/rms.cpp
99 --- licq-1.3.5.orig/plugins/rms/src/rms.cpp 2008-06-21 14:49:20.000000000 +0200
100 +++ licq-1.3.5/plugins/rms/src/rms.cpp 2008-06-21 15:08:27.000000000 +0200
101 @@ -7,10 +7,11 @@
102 #include <sys/types.h>
103 #include <unistd.h>
104 #include <string.h>
105 #include <ctype.h>
106 #include <stdio.h>
107 +#include <climits>
108 #ifdef HAVE_ERRNO_H
109 #include <errno.h>
110 #else
111 extern int errno;
112 #endif
113 diff -NrU5 licq-1.3.5.orig/src/fifo.cpp licq-1.3.5/src/fifo.cpp
114 --- licq-1.3.5.orig/src/fifo.cpp 2008-06-21 14:49:20.000000000 +0200
115 +++ licq-1.3.5/src/fifo.cpp 2008-06-21 14:52:18.000000000 +0200
116 @@ -28,10 +28,11 @@
117 #include <stdio.h>
118 #include <stdlib.h>
119 #include <sys/stat.h>
120 #include <fcntl.h>
121 #include <ctype.h>
122 +#include <climits>
123 #include "time-fix.h"
124
125 #ifdef HAVE_ERRNO_H
126 #include <errno.h>
127 #else
128
129
130
131 1.1 net-im/licq/files/licq-1.3.5-prevent-dos.patch
132
133 file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-im/licq/files/licq-1.3.5-prevent-dos.patch?rev=1.1&view=markup
134 plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-im/licq/files/licq-1.3.5-prevent-dos.patch?rev=1.1&content-type=text/plain
135
136 Index: licq-1.3.5-prevent-dos.patch
137 ===================================================================
138 Source: http://www.licq.org/changeset/6146
139 Reason: DoS via large number of connections, bug #219708
140 --- /trunk/licq/include/licq_socket.h
141 +++ /trunk/licq/include/licq_socket.h
142 @@ -251,4 +251,5 @@
143 fd_set SocketSet() { return m_sSockets.SocketSet(); }
144 int LargestSocket() { return m_sSockets.Largest(); }
145 + unsigned short Num() { return m_sSockets.Num(); }
146
147 protected:
148 --- /trunk/licq/src/socket.cpp
149 +++ /trunk/licq/src/socket.cpp
150 @@ -818,6 +818,24 @@
151 socklen_t sizeofSockaddr = sizeof(struct sockaddr_in);
152
153 - newSocket.m_nDescriptor = accept(m_nDescriptor, (struct sockaddr *)&newSocket.m_sRemoteAddr, &sizeofSockaddr);
154 - newSocket.SetLocalAddress();
155 + // Make sure we stay under FD_SETSIZE
156 + // See:
157 + // * http://www.securityfocus.com/archive/1/490711
158 + // * http://securityvulns.com/docs7669.html
159 + // for more details
160 + // This probably has no affect, since we are using multiple threads, but keep it here
161 + // to be used as a sanity check.
162 + int newDesc = accept(m_nDescriptor, (struct sockaddr *)&newSocket.m_sRemoteAddr, &sizeofSockaddr);
163 + if (newDesc < FD_SETSIZE)
164 + {
165 + newSocket.m_nDescriptor = newDesc;
166 + newSocket.SetLocalAddress();
167 + }
168 + else
169 + {
170 + gLog.Error(tr("%sCannot accept new connection, too many descriptors in use.\n"), L_ERRORxSTR);
171 + close(newDesc);
172 +
173 + // TODO throw an exception, or do something to tell the caller it failed
174 + }
175 }
176
177 --- /trunk/licq/src/icqd-threads.cpp
178 +++ /trunk/licq/src/icqd-threads.cpp
179 @@ -24,4 +24,5 @@
180 #include "gettext.h"
181
182 +#define MAX_CONNECTS 256
183 #define DEBUG_THREADS(x)
184 //#define DEBUG_THREADS(x) gLog.Info(x)
185 @@ -781,6 +782,19 @@
186 tcp->RecvConnection(*newSocket);
187 gSocketManager.DropSocket(tcp);
188 - gSocketManager.AddSocket(newSocket);
189 - gSocketManager.DropSocket(newSocket);
190 +
191 + // Make sure we can handle another socket before accepting it
192 + if (gSocketManager.Num() > MAX_CONNECTS)
193 + {
194 + // Too many sockets, drop this one
195 + char remoteIp[32];
196 + gLog.Warn(tr("%sToo many connected sockets, rejecting connection from %s.\n"),
197 + L_WARNxSTR, newSocket->RemoteIpStr(remoteIp));
198 + delete newSocket;
199 + }
200 + else
201 + {
202 + gSocketManager.AddSocket(newSocket);
203 + gSocketManager.DropSocket(newSocket);
204 + }
205 }
206 }
207 --- /trunk/licq/src/icqd-chat.cpp
208 +++ /trunk/licq/src/icqd-chat.cpp
209 @@ -24,4 +24,5 @@
210 #include "gettext.h"
211
212 +#define MAX_CONNECTS 256
213 #define DEBUG_THREADS(x)
214
215 @@ -2384,14 +2385,22 @@
216 else if (nCurrentSocket == chatman->chatServer.Descriptor())
217 {
218 - CChatUser *u = new CChatUser;
219 - u->m_pClient = new CChatClient;
220 -
221 - chatman->chatServer.RecvConnection(u->sock);
222 - chatman->sockman.AddSocket(&u->sock);
223 - chatman->sockman.DropSocket(&u->sock);
224 -
225 - u->state = CHAT_STATE_HANDSHAKE;
226 - chatman->chatUsers.push_back(u);
227 - gLog.Info(tr("%sChat: Received connection.\n"), L_TCPxSTR);
228 + if (chatman->sockman.Num() >= MAX_CONNECTS)
229 + {
230 + // Too many sockets, drop this one
231 + gLog.Warn(tr("%sToo many connected clients, rejecting new connection.\n"), L_WARNxSTR);
232 + }
233 + else
234 + {
235 + CChatUser *u = new CChatUser;
236 + u->m_pClient = new CChatClient;
237 +
238 + chatman->chatServer.RecvConnection(u->sock);
239 + chatman->sockman.AddSocket(&u->sock);
240 + chatman->sockman.DropSocket(&u->sock);
241 +
242 + u->state = CHAT_STATE_HANDSHAKE;
243 + chatman->chatUsers.push_back(u);
244 + gLog.Info(tr("%sChat: Received connection.\n"), L_TCPxSTR);
245 + }
246 }
247
248
249
250
251
252 1.1 net-im/licq/files/licq-1.3.5-logonfix.patch
253
254 file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-im/licq/files/licq-1.3.5-logonfix.patch?rev=1.1&view=markup
255 plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-im/licq/files/licq-1.3.5-logonfix.patch?rev=1.1&content-type=text/plain
256
257 Index: licq-1.3.5-logonfix.patch
258 ===================================================================
259 Source: Upstream homepage, already applied.
260 Reason: Can't login after protocol change, bug #230387
261 --- src/icqpacket.cpp
262 +++ src/icqpacket.cpp
263 @@ -821,7 +821,7 @@
264
265 // Static versioning
266 buffer->PackUnsignedLongBE(0x00160002);
267 - buffer->PackUnsignedShortBE(0x010A);
268 + buffer->PackUnsignedShortBE(0x010B);
269 // Client version major (4 == ICQ2000, 5 == ICQ2001)
270 buffer->PackUnsignedLongBE(0x00170002);
271 buffer->PackUnsignedShortBE(0x0014);
272
273
274
275 --
276 gentoo-commits@l.g.o mailing list
Report Message
Find on MARC Find on Google Groups