head 1.3; access; symbols pkgsrc-2013Q2:1.3.0.4 pkgsrc-2013Q2-base:1.3 pkgsrc-2012Q4:1.3.0.2 pkgsrc-2012Q4-base:1.3 pkgsrc-2012Q2:1.2.0.44 pkgsrc-2012Q2-base:1.2 pkgsrc-2012Q1:1.2.0.42 pkgsrc-2012Q1-base:1.2 pkgsrc-2011Q4:1.2.0.40 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q3:1.2.0.38 pkgsrc-2011Q3-base:1.2 pkgsrc-2011Q2:1.2.0.36 pkgsrc-2011Q2-base:1.2 pkgsrc-2011Q1:1.2.0.34 pkgsrc-2011Q1-base:1.2 pkgsrc-2010Q4:1.2.0.32 pkgsrc-2010Q4-base:1.2 pkgsrc-2010Q3:1.2.0.30 pkgsrc-2010Q3-base:1.2 pkgsrc-2010Q2:1.2.0.28 pkgsrc-2010Q2-base:1.2 pkgsrc-2010Q1:1.2.0.26 pkgsrc-2010Q1-base:1.2 pkgsrc-2009Q4:1.2.0.24 pkgsrc-2009Q4-base:1.2 pkgsrc-2009Q3:1.2.0.22 pkgsrc-2009Q3-base:1.2 pkgsrc-2009Q2:1.2.0.20 pkgsrc-2009Q2-base:1.2 pkgsrc-2009Q1:1.2.0.18 pkgsrc-2009Q1-base:1.2 pkgsrc-2008Q4:1.2.0.16 pkgsrc-2008Q4-base:1.2 pkgsrc-2008Q3:1.2.0.14 pkgsrc-2008Q3-base:1.2 cube-native-xorg:1.2.0.12 cube-native-xorg-base:1.2 pkgsrc-2008Q2:1.2.0.10 pkgsrc-2008Q2-base:1.2 cwrapper:1.2.0.8 pkgsrc-2008Q1:1.2.0.6 pkgsrc-2008Q1-base:1.2 pkgsrc-2007Q4:1.2.0.4 pkgsrc-2007Q4-base:1.2 pkgsrc-2007Q3:1.2.0.2 pkgsrc-2007Q3-base:1.2 pkgsrc-2007Q2:1.1.0.4 pkgsrc-2007Q2-base:1.1 pkgsrc-2007Q1:1.1.0.2 pkgsrc-2007Q1-base:1.1; locks; strict; comment @# @; 1.3 date 2012.07.14.22.12.42; author dholland; state dead; branches; next 1.2; 1.2 date 2007.07.19.00.43.40; author lkundrak; state Exp; branches; next 1.1; 1.1 date 2007.02.20.18.45.00; author sborrill; state Exp; branches; next ; desc @@ 1.3 log @Remove chat/centericq as promised. This has not been buildable for years due to C++ standards drift and has been superseded by centerim. @ text @$NetBSD: patch-au,v 1.2 2007/07/19 00:43:40 lkundrak Exp $ Part of a fix for CVE-2007-3713. --- src/hooks/jabberhook.cc.orig 2007-07-19 02:34:54.000000000 +0200 +++ src/hooks/jabberhook.cc @@@@ -36,6 +36,8 @@@@ #define DEFAULT_CONFSERV "conference.jabber.org" #define PERIOD_KEEPALIVE 30 +#define NOTIFBUF 512 + static void jidsplit(const string &jid, string &user, string &host, string &rest) { int pos; user = jid; @@@@ -887,11 +889,6 @@@@ void jabberhook::gotsearchresults(xmlnod void jabberhook::gotloggedin() { xmlnode x; - x = jutil_iqnew(JPACKET__GET, NS_AGENTS); - xmlnode_put_attrib(x, "id", "Agent List"); - jab_send(jc, x); - xmlnode_free(x); - x = jutil_iqnew(JPACKET__GET, NS_ROSTER); xmlnode_put_attrib(x, "id", "Roster"); jab_send(jc, x); @@@@ -1289,8 +1286,9 @@@@ void jabberhook::gotversion(const imcont if(vinfo.size() > 128) vinfo.erase(128); - char buf[256]; - sprintf(buf, _("The remote is using %s"), vinfo.c_str()); + char buf[NOTIFBUF]; + snprintf(buf, NOTIFBUF, _("The remote is using %s"), vinfo.c_str()); + buf[NOTIFBUF-1] = '\0'; em.store(imnotification(ic, buf)); } } @ 1.2 log @Fix horrific number of buffer overflows, CVE-2007-3713. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ @ 1.1 log @Remove a deprecated request from the Jabber plugin so that it works with ejabberd servers. http://www.xmpp.org/extensions/xep-0094.html XEP-0094: Agent Information Status: Obsolete Last Updated: 2003-10-08 The problem is that centericq treats some error replies as pertaining to authentication. Previously ejabberd sent "feature-not-implemented" for unknown requests, but now it sends "service-unavailable", as required by the RFC. centericq has a workaround to ignore the former error, but not the latter. Therefore it believes that authentication has failed (which is not the case). Thanks to Jonathan Schleifer and Magnus Henoch for the patch and clarification. @ text @d3 14 a16 3 --- src/hooks/jabberhook.cc.orig 2007-02-20 18:20:36.000000000 +0000 +++ src/hooks/jabberhook.cc 2007-02-20 18:21:08.000000000 +0000 @@@@ -887,11 +887,6 @@@@ d28 12 @