There will be a CAN security notice regarding gaim < 1.0.2. I suggest testing and stabilisation of these packages ASAP. One note is that evolution-data-server is not stable on any arch. Right now repoman is giving me a warning. It is only needed when USE="eds", which only ~arch people would do anyway. I don't have a stable box to test on and will commit this for now in x86.
http://gaim.sourceforge.net/security/
MSN SLP buffer overflow (CAN-2004-0891) Buffer overflow. memcpy was used without checking the size of the buffer before copying to it. Additionally, a logic flaw was causing the wrong buffer to be used as the destination for the copy under certain circumstances. MSN File transfer DOS (malloc error) Remote crash. After accepting a file transfer request, Gaim will attempt to allocate a buffer of a size equal to the entire filesize, this allocation attempt will cause Gaim to crash if the size exceeds the amount of available memory. MSN SLP DOS (malloc error) Remote crash. Gaim allocates a buffer for the payload of each message received based on the size field in the header of the message. A malicious peer could specify an invalid size that exceeds the amount of available memory.
Are we just supposed to commit gaim to stable breaking the deps? There's two choices IMHO: 1- drop the eds USE flag 2- bring some evolution-data-server into stable (which would involve net-libs/libsoup too).
I'm comfortable with removing EDS support for now.
OK EDS support removed.
thanks don. sparc stable now.
Can someone tell me what this is alla bout: make[3]: Entering directory `/var/tmp/portage/gaim-1.0.2/work/gaim-1.0.2/plugins/tcl' /bin/sh ../../libtool --silent --mode=link gcc -march=athlon-xp -mcpu=i686 -pipe -O2 -Wall -g3 -o tcl.la -rpath /usr/lib/gaim -module -avoid-version -L/usr/lib -ltcl8.4 -L/usr/lib -ltk8.4 tcl.lo tcl_glib.lo tcl_cmds.lo tcl_signals.lo -lnsl collect2: ld returned 1 exit status make[3]: *** [tcl.la] Error 1 make[3]: Leaving directory `/var/tmp/portage/gaim-1.0.2/work/gaim-1.0.2/plugins/tcl' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/var/tmp/portage/gaim-1.0.2/work/gaim-1.0.2/plugins' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/var/tmp/portage/gaim-1.0.2/work/gaim-1.0.2' make: *** [all] Error 2 !!! ERROR: net-im/gaim-1.0.2 failed. !!! Function src_compile, Line 96, Exitcode 2 !!! Make failed
Done on ppc.
My apologies for the comment above (#7) - I would delete it if I could. IF possible please delete both of these message. Thanks - ang good work on the release!
hppa/ia64 stable
Stable on mips.
Marked stable on amd64 and alpha. net-im/gaim-1.0.2 now stable on all arches. Should be OK to send GLSA.
GLSA 200410-23