rpms/pidgin/F-11 pidgin-2.6.2-crash-validate-jid.patch, NONE, 1.1 pidgin-2.6.2-yahoo-buddy-idle-time.patch, NONE, 1.1 pidgin-2.6.2-yahoo-status-change-away.patch, NONE, 1.1 .cvsignore, 1.29, 1.30 pidgin.spec, 1.77, 1.78 sources, 1.29, 1.30 pidgin-2.5.8-nss-md2.patch, 1.1, NONE
Warren Togami 砥上勇
wtogami at fedoraproject.org
Fri Oct 16 20:16:03 UTC 2009
- Previous message (by thread): rpms/pidgin/F-12 .cvsignore, 1.34, 1.35 pidgin-2.6.2-crash-validate-jid.patch, 1.1, 1.2 pidgin.spec, 1.97, 1.98 sources, 1.34, 1.35 pidgin-2.6.2-aim-buddy-status-grab.patch, 1.1, NONE
- Next message (by thread): rpms/pidgin/F-10 pidgin-2.6.2-crash-validate-jid.patch, NONE, 1.1 pidgin-2.6.2-yahoo-buddy-idle-time.patch, NONE, 1.1 pidgin-2.6.2-yahoo-status-change-away.patch, NONE, 1.1 .cvsignore, 1.29, 1.30 pidgin.spec, 1.82, 1.83 sources, 1.29, 1.30 pidgin-2.5.8-nss-md2.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: wtogami
Update of /cvs/pkgs/rpms/pidgin/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv23002
Modified Files:
.cvsignore pidgin.spec sources
Added Files:
pidgin-2.6.2-crash-validate-jid.patch
pidgin-2.6.2-yahoo-buddy-idle-time.patch
pidgin-2.6.2-yahoo-status-change-away.patch
Removed Files:
pidgin-2.5.8-nss-md2.patch
Log Message:
2.6.3 CVE-2009-3615
pidgin-2.6.2-crash-validate-jid.patch:
protocols/jabber/jutil.c | 7 +++----
tests/test_jabber_jutil.c | 1 +
2 files changed, 4 insertions(+), 4 deletions(-)
--- NEW FILE pidgin-2.6.2-crash-validate-jid.patch ---
http://developer.pidgin.im/ticket/10259
http://developer.pidgin.im/viewmtn/revision/info/cb46b045aa6e927a3814d9053c2b1c0f08d6fa62
Fix a crash when attempting to validate a JID with an invalid resource.
# patch "libpurple/protocols/jabber/jutil.c"
# from [9047c2dfd575de6ec516dd8377bce70df42d5063]
# to [603120abe6629d5e8f9e79d5198134bb252b0875]
#
# patch "libpurple/tests/test_jabber_jutil.c"
# from [38e36ccd4fbf2682828c201fe178cd637217fc25]
# to [42bdbb36f39b7d894d5f6f68e1b02f4c1ce4973a]
#
============================================================
--- libpurple/protocols/jabber/jutil.c 9047c2dfd575de6ec516dd8377bce70df42d5063
+++ libpurple/protocols/jabber/jutil.c 603120abe6629d5e8f9e79d5198134bb252b0875
@@ -153,10 +153,9 @@ jabber_idn_validate(const char *str, con
if (!jabber_resourceprep(idn_buffer, sizeof(idn_buffer))) {
jabber_id_free(jid);
jid = NULL;
- /* goto out; */
- }
-
- jid->resource = g_strdup(idn_buffer);
+ goto out;
+ } else
+ jid->resource = g_strdup(idn_buffer);
}
out:
============================================================
--- libpurple/tests/test_jabber_jutil.c 38e36ccd4fbf2682828c201fe178cd637217fc25
+++ libpurple/tests/test_jabber_jutil.c 42bdbb36f39b7d894d5f6f68e1b02f4c1ce4973a
@@ -132,6 +132,7 @@ START_TEST(test_jabber_id_new)
assert_invalid_jid("mark.doliner at gmail\\stuff.org");
assert_invalid_jid("paul@[::1]124");
assert_invalid_jid("paul at 2[::1]124/as");
+ assert_invalid_jid("paul@まつ.おおかみ/\x01");
/* Ensure that jabber_id_new is properly lowercasing node and domains */
assert_jid_parts("paul", "darkrain42.org", "PaUL at darkrain42.org");
pidgin-2.6.2-yahoo-buddy-idle-time.patch:
libymsg.c | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
--- NEW FILE pidgin-2.6.2-yahoo-buddy-idle-time.patch ---
http://developer.pidgin.im/viewmtn/revision/info/40005b889ee276fbcd0a4e886a68d8a8cce45698
Better, accurate handling of idle time for a yahoo buddy. Fixes #10099
#
#
# patch "libpurple/protocols/yahoo/libymsg.c"
# from [87ad7ef7612ac888772e8afa7bcb20743f1b3d9c]
# to [9f4d92c3fc86e7a91514246a63ebbd3b9c5c6f05]
#
============================================================
--- libpurple/protocols/yahoo/libymsg.c 87ad7ef7612ac888772e8afa7bcb20743f1b3d9c
+++ libpurple/protocols/yahoo/libymsg.c 9f4d92c3fc86e7a91514246a63ebbd3b9c5c6f05
@@ -220,7 +220,12 @@ static void yahoo_process_status(PurpleC
if (f->status == YAHOO_STATUS_IDLE) {
/* Idle may have already been set in a more precise way in case 137 */
if (f->idle == 0)
- f->idle = time(NULL);
+ {
+ if(pkt->service == YAHOO_SERVICE_STATUS_15)
+ f->idle = -1;
+ else
+ f->idle = time(NULL);
+ }
} else
f->idle = 0;
@@ -253,15 +258,20 @@ static void yahoo_process_status(PurpleC
if (f->away == 2) {
/* Idle may have already been set in a more precise way in case 137 */
if (f->idle == 0)
- f->idle = time(NULL);
+ {
+ if(pkt->service == YAHOO_SERVICE_STATUS_15)
+ f->idle = -1;
+ else
+ f->idle = time(NULL);
+ }
}
break;
- case 138: /* either we're not idle, or we are but won't say how long */
+ case 138: /* when value is 1, either we're not idle, or we are but won't say how long */
if (!f)
break;
- if (f->idle)
+ if( (strtol(pair->value, NULL, 10) == 1) && (f->idle) )
f->idle = -1;
break;
case 137: /* usually idle time in seconds, sometimes login time */
pidgin-2.6.2-yahoo-status-change-away.patch:
libymsg.c | 6 ++++++
1 file changed, 6 insertions(+)
--- NEW FILE pidgin-2.6.2-yahoo-status-change-away.patch ---
http://developer.pidgin.im/ticket/10224
http://developer.pidgin.im/viewmtn/revision/info/37aa00d044431100d37466517568640cb082680c
#
#
# patch "libpurple/protocols/yahoo/libymsg.c"
# from [2e325ac513bc39fb2cb3964c664edcef344c7f14]
# to [87ad7ef7612ac888772e8afa7bcb20743f1b3d9c]
#
============================================================
--- libpurple/protocols/yahoo/libymsg.c 2e325ac513bc39fb2cb3964c664edcef344c7f14
+++ libpurple/protocols/yahoo/libymsg.c 87ad7ef7612ac888772e8afa7bcb20743f1b3d9c
@@ -4500,6 +4500,12 @@ void yahoo_set_status(PurpleAccount *acc
if (purple_presence_is_idle(presence))
yahoo_packet_hash_str(pkt, 47, "2");
+ else {
+ if (!purple_status_is_available(status))
+ yahoo_packet_hash_str(pkt, 47, "1");
+ else
+ yahoo_packet_hash_str(pkt, 47, "0");
+ }
yahoo_packet_send_and_free(pkt, yd);
Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/pidgin/F-11/.cvsignore,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -p -r1.29 -r1.30
--- .cvsignore 6 Sep 2009 01:43:41 -0000 1.29
+++ .cvsignore 16 Oct 2009 20:16:02 -0000 1.30
@@ -1 +1 @@
-pidgin-2.6.2.tar.bz2
+pidgin-2.6.3.tar.bz2
Index: pidgin.spec
===================================================================
RCS file: /cvs/pkgs/rpms/pidgin/F-11/pidgin.spec,v
retrieving revision 1.77
retrieving revision 1.78
diff -u -p -r1.77 -r1.78
--- pidgin.spec 6 Sep 2009 02:05:16 -0000 1.77
+++ pidgin.spec 16 Oct 2009 20:16:03 -0000 1.78
@@ -81,7 +81,7 @@
%endif
Name: pidgin
-Version: 2.6.2
+Version: 2.6.3
Release: 1%{?dist}
License: GPLv2+ and GPLv2 and MIT
# GPLv2+ - libpurple, gnt, finch, pidgin, most prpls
@@ -116,6 +116,9 @@ Source2: one_time_password.c
Patch0: pidgin-NOT-UPSTREAM-2.5.2-rhel4-sound-migration.patch
## Patches 100+: To be Included in Future Upstream
+Patch101: pidgin-2.6.2-yahoo-buddy-idle-time.patch
+Patch102: pidgin-2.6.2-yahoo-status-change-away.patch
+Patch103: pidgin-2.6.2-crash-validate-jid.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-root
Summary: A Gtk+ based multiprotocol instant messaging client
@@ -373,6 +376,9 @@ echo "FEDORA=%{fedora} RHEL=%{rhel}"
%endif
## Patches 100+: To be Included in Future Upstream
+%patch101 -p0 -b .yahoo-buddy-idle-time
+%patch102 -p0 -b .yahoo-status-change-away
+%patch103 -p0 -b .pidgin-2.6.2-crash-validate-jid
# Our preferences
cp %{SOURCE1} prefs.xml
@@ -617,11 +623,22 @@ rm -rf $RPM_BUILD_ROOT
%endif
%changelog
+* Fri Oct 16 2009 Warren Togami <wtogami at redhat.com> 2.6.3-1
+- 2.6.3 CVE-2009-3615
+
+* Wed Sep 09 2009 Warren Togami <wtogami at redhat.com> 2.6.2-2
+- Upstream backports:
+ 97e003ed2bc2bafbb993693c9ae9c6d667731cc1 aim-buddy-status-grab
+ 37aa00d044431100d37466517568640cb082680c yahoo-buddy-idle-time
+ 40005b889ee276fbcd0a4e886a68d8a8cce45698 yahoo-status-change-away
+ cb46b045aa6e927a3814d9053c2b1c0f08d6fa62 crash-validate-jid
+
* Sun Sep 06 2009 Stu Tomlinson <stu at nosnilmot.com> 2.6.2-1.1
- VV support needs to be explicitly disabled on F10
* Sun Sep 06 2009 Stu Tomlinson <stu at nosnilmot.com> 2.6.2-1
- 2.6.2 Fixes a number of crashes
+- CVE-2009-2703, CVE-2009-3083, CVE-2009-3084, CVE-2009-3085
* Wed Aug 19 2009 Warren Togami <wtogami at redhat.com> 2.6.1-1
- 2.6.1: Fix a crash when some users send you a link in a Yahoo IM
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/pidgin/F-11/sources,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -p -r1.29 -r1.30
--- sources 6 Sep 2009 01:43:42 -0000 1.29
+++ sources 16 Oct 2009 20:16:03 -0000 1.30
@@ -1 +1 @@
-a1bbb3c9be7d4ee1f53590d319cbfa72 pidgin-2.6.2.tar.bz2
+8d0ff6215b2d023eaa8efef59097ef83 pidgin-2.6.3.tar.bz2
--- pidgin-2.5.8-nss-md2.patch DELETED ---
- Previous message (by thread): rpms/pidgin/F-12 .cvsignore, 1.34, 1.35 pidgin-2.6.2-crash-validate-jid.patch, 1.1, 1.2 pidgin.spec, 1.97, 1.98 sources, 1.34, 1.35 pidgin-2.6.2-aim-buddy-status-grab.patch, 1.1, NONE
- Next message (by thread): rpms/pidgin/F-10 pidgin-2.6.2-crash-validate-jid.patch, NONE, 1.1 pidgin-2.6.2-yahoo-buddy-idle-time.patch, NONE, 1.1 pidgin-2.6.2-yahoo-status-change-away.patch, NONE, 1.1 .cvsignore, 1.29, 1.30 pidgin.spec, 1.82, 1.83 sources, 1.29, 1.30 pidgin-2.5.8-nss-md2.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list