From 76a4c99178354b601471fa150ef4fc73c28ec70a Mon Sep 17 00:00:00 2001
From: brad <brad@openbsd.org>
Date: Fri, 22 Oct 2004 19:16:01 +0000
Subject: [PATCH] upgrade to gaim 1.0.2

fixes 2 remote DoS issues and a buffer overflow.

CAN-2004-0891
---
 net/gaim/Makefile                             |  4 +-
 net/gaim/distinfo                             |  6 +-
 .../patches/patch-src_protocols_msn_slp_c     | 34 -------
 .../patches/patch-src_protocols_msn_slplink_c | 99 -------------------
 4 files changed, 5 insertions(+), 138 deletions(-)
 delete mode 100644 net/gaim/patches/patch-src_protocols_msn_slp_c
 delete mode 100644 net/gaim/patches/patch-src_protocols_msn_slplink_c

diff --git a/net/gaim/Makefile b/net/gaim/Makefile
index 28d0c12c14d..32d2d2e4e22 100644
--- a/net/gaim/Makefile
+++ b/net/gaim/Makefile
@@ -1,10 +1,10 @@
-# $OpenBSD: Makefile,v 1.67 2004/10/14 03:02:37 brad Exp $
+# $OpenBSD: Makefile,v 1.68 2004/10/22 19:16:01 brad Exp $
 
 SHARED_ONLY=	Yes
 
 COMMENT=	"Gtk AIM, ICQ, IRC, Jabber, MSN, Yahoo, SILC and Zephyr client"
 
-DISTNAME=	gaim-1.0.1
+DISTNAME=	gaim-1.0.2
 CATEGORIES=	net
 
 HOMEPAGE=	http://gaim.sourceforge.net/
diff --git a/net/gaim/distinfo b/net/gaim/distinfo
index 962ca0ec0b2..0b6b509508f 100644
--- a/net/gaim/distinfo
+++ b/net/gaim/distinfo
@@ -1,3 +1,3 @@
-MD5 (gaim-1.0.1.tar.gz) = 6ea813767470d1da653d9633cc72890b
-RMD160 (gaim-1.0.1.tar.gz) = 2a44d5c2c7b583464e1eaca1359dfaa02a0a2cb0
-SHA1 (gaim-1.0.1.tar.gz) = 7e8c418c438ab511f799a76e36c1b2887db38360
+MD5 (gaim-1.0.2.tar.gz) = 9b7a8e2f6368ad886123013eddc1d5f2
+RMD160 (gaim-1.0.2.tar.gz) = 6bca7d81a0e6455b75c4f976411ee0c1a6f1b263
+SHA1 (gaim-1.0.2.tar.gz) = 43ba73da7b66c8281a8c3613c1d5cdc20c529af9
diff --git a/net/gaim/patches/patch-src_protocols_msn_slp_c b/net/gaim/patches/patch-src_protocols_msn_slp_c
deleted file mode 100644
index 858e4d38c12..00000000000
--- a/net/gaim/patches/patch-src_protocols_msn_slp_c
+++ /dev/null
@@ -1,34 +0,0 @@
-$OpenBSD: patch-src_protocols_msn_slp_c,v 1.4 2004/10/14 03:02:37 brad Exp $
---- src/protocols/msn/slp.c.orig	Sat Oct  2 07:33:49 2004
-+++ src/protocols/msn/slp.c	Sun Oct 10 23:30:05 2004
-@@ -235,6 +235,8 @@ send_decline(MsnSlpCall *slpcall, const 
- 	msn_slplink_queue_slpmsg(slplink, slpmsg);
- }
- 
-+#define MAX_FILE_NAME_LEN 0x226
-+
- static void
- got_sessionreq(MsnSlpCall *slpcall, const char *branch,
- 			   const char *euf_guid, const char *context)
-@@ -318,6 +320,7 @@ got_sessionreq(MsnSlpCall *slpcall, cons
- 		int bin_len;
- 		guint32 file_size;
- 		char *file_name;
-+		gunichar2 *uni_name;
- 
- 		account = slpcall->slplink->session->account;
- 
-@@ -331,6 +334,13 @@ got_sessionreq(MsnSlpCall *slpcall, cons
- 
- 		gaim_base64_decode(context, &bin, &bin_len);
- 		file_size = GUINT32_FROM_LE(*((gsize *)bin + 2));
-+		
-+		uni_name = (gunichar2 *)(bin + 20);
-+		while(*uni_name != 0 && ((char *)uni_name - (bin + 20)) < MAX_FILE_NAME_LEN) {
-+			*uni_name = GUINT16_FROM_LE(*uni_name);
-+			uni_name++;
-+		}
-+		
- 		file_name = g_utf16_to_utf8((const gunichar2 *)(bin + 20), -1,
- 									NULL, NULL, NULL);
- 
diff --git a/net/gaim/patches/patch-src_protocols_msn_slplink_c b/net/gaim/patches/patch-src_protocols_msn_slplink_c
deleted file mode 100644
index 567ae9dac93..00000000000
--- a/net/gaim/patches/patch-src_protocols_msn_slplink_c
+++ /dev/null
@@ -1,99 +0,0 @@
-$OpenBSD: patch-src_protocols_msn_slplink_c,v 1.1 2004/09/22 05:49:56 brad Exp $
---- src/protocols/msn/slplink.c.orig	Tue Aug 24 21:45:41 2004
-+++ src/protocols/msn/slplink.c	Wed Sep 22 01:23:42 2004
-@@ -571,24 +571,34 @@ typedef struct
- #define MAX_FILE_NAME_LEN 0x226
- 
- static char *
--gen_context(const char *file_name)
-+gen_context(const char *file_name, const char *file_path)
- {
- 	struct stat st;
- 	gsize size = 0;
- 	MsnContextHeader header;
--	gchar *u8;
-+	gchar *u8 = NULL;
- 	gchar *base, *n;
--	gunichar2 *uni;
--	glong uni_len;
-+	gunichar2 *uni = NULL;
-+	glong currentChar = 0;
-+	glong uni_len = 0;
- 	gsize len;
- 
- 	if (stat(file_name, &st) == 0)
- 		size = st.st_size;
- 
--	u8 = gaim_utf8_try_convert(g_basename(file_name));
--	uni = g_utf8_to_utf16(u8, -1, NULL, &uni_len, NULL);
--	g_free(u8);
-+	if(!file_name) {
-+		u8 = gaim_utf8_try_convert(g_basename(file_path));
-+		file_name = u8;
-+	}
- 
-+	uni = g_utf8_to_utf16(file_name, -1, NULL, &uni_len, NULL);
-+
-+	if(u8) {
-+		g_free(u8);
-+		file_name = NULL;
-+		u8 = NULL;
-+	}
-+
- 	len = sizeof(MsnContextHeader) + MAX_FILE_NAME_LEN + 4;
- 
- 	header.length = GUINT32_TO_LE(len);
-@@ -596,21 +606,23 @@ gen_context(const char *file_name)
- 	header.file_size = GUINT32_TO_LE(size);
- 	header.unk2 = GUINT32_TO_LE(0);
- 	header.unk3 = GUINT32_TO_LE(0);
-+	
-+	base = g_malloc(len + 1);
-+	n = base;
- 
--	base = n = g_malloc(len + 1);
--
- 	memcpy(n, &header, sizeof(MsnContextHeader));
- 	n += sizeof(MsnContextHeader);
- 
- 	memset(n, 0x00, MAX_FILE_NAME_LEN);
--	memcpy(n, uni, uni_len * 2);
-+	for(currentChar = 0; currentChar < uni_len; currentChar++) {
-+		*((gunichar2 *)n + currentChar) = GUINT16_TO_LE(uni[currentChar]);
-+	}
- 	n += MAX_FILE_NAME_LEN;
- 
- 	memset(n, 0xFF, 4);
- 	n += 4;
--
-+	
- 	g_free(uni);
--
- 	return gaim_base64_encode(base, len);
- }
- 
-@@ -620,11 +632,13 @@ msn_slplink_request_ft(MsnSlpLink *slpli
- 	MsnSlpCall *slpcall;
- 	char *context;
- 	const char *fn;
-+	const char *fp;
- 
--	fn = gaim_xfer_get_local_filename(xfer);
-+	fn = gaim_xfer_get_filename(xfer);
-+	fp = gaim_xfer_get_local_filename(xfer);
- 
- 	g_return_if_fail(slplink != NULL);
--	g_return_if_fail(fn != NULL);
-+	g_return_if_fail(fp != NULL);
- 
- 	slpcall = msn_slp_call_new(slplink);
- 	msn_slp_call_init(slpcall, MSN_SLPCALL_DC);
-@@ -639,7 +653,7 @@ msn_slplink_request_ft(MsnSlpLink *slpli
- 
- 	xfer->data = slpcall;
- 
--	context = gen_context(fn);
-+	context = gen_context(fn, fp);
- 
- 	msn_slp_call_invite(slpcall, "5D3E02AB-6190-11D3-BBBB-00C04F795683", 2,
- 						context);