From 0634c55eb25d8515c82adf766460d4a479bf1a5d Mon Sep 17 00:00:00 2001
From: Warren Togami <wtogami@fedoraproject.org>
Date: Oct 16 2009 20:16:03 +0000
Subject: 2.6.3 CVE-2009-3615


---

diff --git a/.cvsignore b/.cvsignore
index b965008..3bdf73d 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -1 +1 @@
-pidgin-2.6.2.tar.bz2
+pidgin-2.6.3.tar.bz2
diff --git a/pidgin-2.5.8-nss-md2.patch b/pidgin-2.5.8-nss-md2.patch
deleted file mode 100644
index d995dcd..0000000
--- a/pidgin-2.5.8-nss-md2.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-Original Author: qulogic@pidgin.im
-Date: 2009-07-11T06:46:21
-Branch: im.pidgin.pidgin
-
-Modified files:
-        libpurple/plugins/ssl/ssl-nss.c
-
-ChangeLog: 
-
-Enable the weaker MD2 and MD4 with RSA encryption signing algorithms that
-are now disabled in NSS 3.12.3. This allows signing in without errors on at
-least MSN, and some XMPP servers.
-
-============================================================
---- libpurple/plugins/ssl/ssl-nss.c	54d9228e9319318b825b3aa486075d372e8cc8aa
-+++ libpurple/plugins/ssl/ssl-nss.c	5d35e88f8d79d3e07316c324c55c30cec67a1aad
-@@ -152,6 +152,10 @@ ssl_nss_init_nss(void)
- 	SSL_CipherPrefSetDefault(SSL_DHE_RSA_WITH_DES_CBC_SHA, 1);
- 	SSL_CipherPrefSetDefault(SSL_DHE_DSS_WITH_DES_CBC_SHA, 1);
- 
-+	/* Enable some weaker algorithms for XMPP and MSN */
-+	NSS_SetAlgorithmPolicy(SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION, NSS_USE_ALG_IN_CERT_SIGNATURE, 0);
-+	NSS_SetAlgorithmPolicy(SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION, NSS_USE_ALG_IN_CERT_SIGNATURE, 0);
-+
- 	_identity = PR_GetUniqueIdentity("Purple");
- 	_nss_methods = PR_GetDefaultIOMethods();
- }
diff --git a/pidgin-2.6.2-crash-validate-jid.patch b/pidgin-2.6.2-crash-validate-jid.patch
new file mode 100644
index 0000000..5e0dd54
--- /dev/null
+++ b/pidgin-2.6.2-crash-validate-jid.patch
@@ -0,0 +1,40 @@
+http://developer.pidgin.im/ticket/10259
+http://developer.pidgin.im/viewmtn/revision/info/cb46b045aa6e927a3814d9053c2b1c0f08d6fa62
+Fix a crash when attempting to validate a JID with an invalid resource.
+
+# patch "libpurple/protocols/jabber/jutil.c"
+#  from [9047c2dfd575de6ec516dd8377bce70df42d5063]
+#    to [603120abe6629d5e8f9e79d5198134bb252b0875]
+# 
+# patch "libpurple/tests/test_jabber_jutil.c"
+#  from [38e36ccd4fbf2682828c201fe178cd637217fc25]
+#    to [42bdbb36f39b7d894d5f6f68e1b02f4c1ce4973a]
+#
+============================================================
+--- libpurple/protocols/jabber/jutil.c	9047c2dfd575de6ec516dd8377bce70df42d5063
++++ libpurple/protocols/jabber/jutil.c	603120abe6629d5e8f9e79d5198134bb252b0875
+@@ -153,10 +153,9 @@ jabber_idn_validate(const char *str, con
+ 		if (!jabber_resourceprep(idn_buffer, sizeof(idn_buffer))) {
+ 			jabber_id_free(jid);
+ 			jid = NULL;
+-			/* goto out; */
+-		}
+-
+-		jid->resource = g_strdup(idn_buffer);
++			goto out;
++		} else
++			jid->resource = g_strdup(idn_buffer);
+ 	}
+ 
+ out:
+============================================================
+--- libpurple/tests/test_jabber_jutil.c	38e36ccd4fbf2682828c201fe178cd637217fc25
++++ libpurple/tests/test_jabber_jutil.c	42bdbb36f39b7d894d5f6f68e1b02f4c1ce4973a
+@@ -132,6 +132,7 @@ START_TEST(test_jabber_id_new)
+ 	assert_invalid_jid("mark.doliner@gmail\\stuff.org");
+ 	assert_invalid_jid("paul@[::1]124");
+ 	assert_invalid_jid("paul@2[::1]124/as");
++	assert_invalid_jid("paul@まつ.おおかみ/\x01");
+ 
+ 	/* Ensure that jabber_id_new is properly lowercasing node and domains */
+ 	assert_jid_parts("paul", "darkrain42.org", "PaUL@darkrain42.org");
diff --git a/pidgin-2.6.2-yahoo-buddy-idle-time.patch b/pidgin-2.6.2-yahoo-buddy-idle-time.patch
new file mode 100644
index 0000000..dbff712
--- /dev/null
+++ b/pidgin-2.6.2-yahoo-buddy-idle-time.patch
@@ -0,0 +1,50 @@
+http://developer.pidgin.im/viewmtn/revision/info/40005b889ee276fbcd0a4e886a68d8a8cce45698
+Better, accurate handling of idle time for a yahoo buddy. Fixes #10099
+
+#
+#
+# patch "libpurple/protocols/yahoo/libymsg.c"
+#  from [87ad7ef7612ac888772e8afa7bcb20743f1b3d9c]
+#    to [9f4d92c3fc86e7a91514246a63ebbd3b9c5c6f05]
+#
+============================================================
+--- libpurple/protocols/yahoo/libymsg.c	87ad7ef7612ac888772e8afa7bcb20743f1b3d9c
++++ libpurple/protocols/yahoo/libymsg.c	9f4d92c3fc86e7a91514246a63ebbd3b9c5c6f05
+@@ -220,7 +220,12 @@ static void yahoo_process_status(PurpleC
+ 			if (f->status == YAHOO_STATUS_IDLE) {
+ 				/* Idle may have already been set in a more precise way in case 137 */
+ 				if (f->idle == 0)
+-					f->idle = time(NULL);
++				{
++					if(pkt->service == YAHOO_SERVICE_STATUS_15)
++						f->idle = -1;
++					else
++						f->idle = time(NULL);
++				}
+ 			} else
+ 				f->idle = 0;
+ 
+@@ -253,15 +258,20 @@ static void yahoo_process_status(PurpleC
+ 			if (f->away == 2) {
+ 				/* Idle may have already been set in a more precise way in case 137 */
+ 				if (f->idle == 0)
+-					f->idle = time(NULL);
++				{
++					if(pkt->service == YAHOO_SERVICE_STATUS_15)
++						f->idle = -1;
++					else
++						f->idle = time(NULL);
++				}
+ 			}
+ 
+ 			break;
+-		case 138: /* either we're not idle, or we are but won't say how long */
++		case 138: /* when value is 1, either we're not idle, or we are but won't say how long */
+ 			if (!f)
+ 				break;
+ 
+-			if (f->idle)
++			if( (strtol(pair->value, NULL, 10) == 1) && (f->idle) )
+ 				f->idle = -1;
+ 			break;
+ 		case 137: /* usually idle time in seconds, sometimes login time */
diff --git a/pidgin-2.6.2-yahoo-status-change-away.patch b/pidgin-2.6.2-yahoo-status-change-away.patch
new file mode 100644
index 0000000..0edc252
--- /dev/null
+++ b/pidgin-2.6.2-yahoo-status-change-away.patch
@@ -0,0 +1,25 @@
+http://developer.pidgin.im/ticket/10224
+http://developer.pidgin.im/viewmtn/revision/info/37aa00d044431100d37466517568640cb082680c
+
+#
+#
+# patch "libpurple/protocols/yahoo/libymsg.c"
+#  from [2e325ac513bc39fb2cb3964c664edcef344c7f14]
+#    to [87ad7ef7612ac888772e8afa7bcb20743f1b3d9c]
+#
+============================================================
+--- libpurple/protocols/yahoo/libymsg.c	2e325ac513bc39fb2cb3964c664edcef344c7f14
++++ libpurple/protocols/yahoo/libymsg.c	87ad7ef7612ac888772e8afa7bcb20743f1b3d9c
+@@ -4500,6 +4500,12 @@ void yahoo_set_status(PurpleAccount *acc
+ 
+ 	if (purple_presence_is_idle(presence))
+ 		yahoo_packet_hash_str(pkt, 47, "2");
++	else	{
++		if (!purple_status_is_available(status))
++			yahoo_packet_hash_str(pkt, 47, "1");
++		else
++			yahoo_packet_hash_str(pkt, 47, "0");
++	}
+ 
+ 	yahoo_packet_send_and_free(pkt, yd);
+ 
diff --git a/pidgin.spec b/pidgin.spec
index a9b92a7..bb9e110 100644
--- a/pidgin.spec
+++ b/pidgin.spec
@@ -81,7 +81,7 @@
 %endif
 
 Name:		pidgin
-Version:	2.6.2
+Version:	2.6.3
 Release:	1%{?dist}
 License:        GPLv2+ and GPLv2 and MIT
 # GPLv2+ - libpurple, gnt, finch, pidgin, most prpls
@@ -116,6 +116,9 @@ Source2:        one_time_password.c
 Patch0: pidgin-NOT-UPSTREAM-2.5.2-rhel4-sound-migration.patch
 
 ## Patches 100+: To be Included in Future Upstream
+Patch101: pidgin-2.6.2-yahoo-buddy-idle-time.patch
+Patch102: pidgin-2.6.2-yahoo-status-change-away.patch
+Patch103: pidgin-2.6.2-crash-validate-jid.patch
 
 BuildRoot:	%{_tmppath}/%{name}-%{version}-root
 Summary:	A Gtk+ based multiprotocol instant messaging client
@@ -373,6 +376,9 @@ echo "FEDORA=%{fedora} RHEL=%{rhel}"
 %endif
 
 ## Patches 100+: To be Included in Future Upstream
+%patch101 -p0 -b .yahoo-buddy-idle-time
+%patch102 -p0 -b .yahoo-status-change-away
+%patch103 -p0 -b .pidgin-2.6.2-crash-validate-jid
 
 # Our preferences
 cp %{SOURCE1} prefs.xml
@@ -617,11 +623,22 @@ rm -rf $RPM_BUILD_ROOT
 %endif
 
 %changelog
+* Fri Oct 16 2009 Warren Togami <wtogami@redhat.com> 2.6.3-1
+- 2.6.3 CVE-2009-3615
+
+* Wed Sep 09 2009 Warren Togami <wtogami@redhat.com> 2.6.2-2
+- Upstream backports:
+    97e003ed2bc2bafbb993693c9ae9c6d667731cc1 aim-buddy-status-grab
+    37aa00d044431100d37466517568640cb082680c yahoo-buddy-idle-time
+    40005b889ee276fbcd0a4e886a68d8a8cce45698 yahoo-status-change-away
+    cb46b045aa6e927a3814d9053c2b1c0f08d6fa62 crash-validate-jid
+
 * Sun Sep 06 2009 Stu Tomlinson <stu@nosnilmot.com> 2.6.2-1.1
 - VV support needs to be explicitly disabled on F10
 
 * Sun Sep 06 2009 Stu Tomlinson <stu@nosnilmot.com> 2.6.2-1
 - 2.6.2 Fixes a number of crashes
+- CVE-2009-2703, CVE-2009-3083, CVE-2009-3084, CVE-2009-3085
 
 * Wed Aug 19 2009 Warren Togami <wtogami@redhat.com> 2.6.1-1
 - 2.6.1: Fix a crash when some users send you a link in a Yahoo IM
diff --git a/sources b/sources
index ecac081..b2e3b73 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-a1bbb3c9be7d4ee1f53590d319cbfa72  pidgin-2.6.2.tar.bz2
+8d0ff6215b2d023eaa8efef59097ef83  pidgin-2.6.3.tar.bz2