Hello community, here is the log from the commit of package licq checked in at Thu Apr 13 15:28:45 CEST 2006. -------- --- KDE/licq/licq.changes 2006-04-03 10:41:57.000000000 +0200 +++ STABLE/licq/licq.changes 2006-04-12 18:41:57.000000000 +0200 @@ -1,0 +2,5 @@ +Wed Apr 12 18:22:39 CEST 2006 - lmichnovic@suse.cz + +- fixed buffer overflow in msn plugin (msn_overflow.patch) + +------------------------------------------------------------------- New: ---- licq-1.3.2-msn_overflow.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ licq.spec ++++++ --- /var/tmp/diff_new_pack.RlfSSb/_old 2006-04-13 15:28:26.000000000 +0200 +++ /var/tmp/diff_new_pack.RlfSSb/_new 2006-04-13 15:28:26.000000000 +0200 @@ -16,7 +16,7 @@ Group: Productivity/Networking/ICQ Autoreqprov: on Version: 1.3.2 -Release: 21 +Release: 25 Summary: Linux ICQ Client Source: %{name}-%{version}.tar.bz2 Patch1: %{name}-config-fix.patch @@ -31,6 +31,7 @@ Patch10: %{name}-%{version}-ssl_fix.patch Patch11: %{name}-%{version}-homedirslash.patch Patch12: %{name}-%{version}-viewurl.patch +Patch13: %{name}-%{version}-msn_overflow.patch URL: http://www.licq.org/ BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -61,6 +62,7 @@ %patch10 %patch11 %patch12 +%patch13 rm -rf plugins/osd/autom4te.cache %build @@ -210,6 +212,8 @@ %exclude %{_libdir}/licq/*.*a %changelog -n licq +* Wed Apr 12 2006 - lmichnovic@suse.cz +- fixed buffer overflow in msn plugin (msn_overflow.patch) * Mon Apr 03 2006 - lmichnovic@suse.cz - fixed building for PLUS * Mon Mar 27 2006 - lmichnovic@suse.cz ++++++ licq-1.3.2-msn_overflow.patch ++++++ Index: plugins/msn/src/msnpacket.cpp =================================================================== --- plugins/msn/src/msnpacket.cpp (revision 4384) +++ plugins/msn/src/msnpacket.cpp (working copy) @@ -440,15 +440,15 @@ CPS_MSNChallenge::CPS_MSNChallenge(const char *szHash) : CMSNPacket() { m_szCommand = strdup("QRY"); - char szParams[] = "msmsgs@msnmsgr.com 32"; + char *szParams = "msmsgs@msnmsgr.com 32"; m_nSize += strlen(szParams) + 32; //payload InitBuffer(); - char szSource[64]; + char szSource[65]; unsigned char szDigest[16]; - char szHexOut[32]; + char szHexOut[33]; snprintf(szSource, 64, "%sQ1P7W2E4J9R8U3S5", szHash); - szSource[63] = '\0'; + szSource[64] = '\0'; MD5((const unsigned char *)szSource, strlen(szSource), szDigest); for (int i = 0; i < 16; i++) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun...