From bb08b72f42ecfabf0da10e4483072efcc1ad466c Mon Sep 17 00:00:00 2001 From: Warren Togami Date: Jan 08 2010 20:29:20 +0000 Subject: - 2.6.5 - CVE-2010-0013 - Other bug fixes --- diff --git a/.cvsignore b/.cvsignore index 4f1e831..bc01baf 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -pidgin-2.6.4.tar.bz2 +pidgin-2.6.5.tar.bz2 diff --git a/one_time_password.c b/one_time_password.c deleted file mode 100644 index caf2921..0000000 --- a/one_time_password.c +++ /dev/null @@ -1,151 +0,0 @@ -/* - * One Time Password support plugin for libpurple - * - * Copyright (C) 2009, Daniel Atallah - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License as - * published by the Free Software Foundation; either version 2 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02111-1301, USA. - */ -#include "internal.h" -#include "debug.h" -#include "plugin.h" -#include "version.h" -#include "account.h" -#include "accountopt.h" - -#define PLUGIN_ID "core-one_time_password" -#define PREF_NAME PLUGIN_ID "_enabled" - -static void -signed_on_cb(PurpleConnection *conn, void *data) -{ - PurpleAccount *account = purple_connection_get_account(conn); - - if (purple_account_get_bool(account, PREF_NAME, FALSE)) { - if(purple_account_get_remember_password(account)) - purple_debug_error("One Time Password", - "Unable to enforce one time password for account %s (%s).\n" - "Account is set to remember the password.\n", - purple_account_get_username(account), - purple_account_get_protocol_name(account)); - else { - - purple_debug_info("One Time Password", "Clearing password for account %s (%s).\n", - purple_account_get_username(account), - purple_account_get_protocol_name(account)); - - purple_account_set_password(account, NULL); - /* TODO: Do we need to somehow clear conn->password ? */ - } - } -} - -static gboolean -plugin_load(PurplePlugin *plugin) -{ - PurplePlugin *prpl; - PurplePluginProtocolInfo *prpl_info; - PurpleAccountOption *option; - GList *l; - - /* Register protocol preference. */ - for (l = purple_plugins_get_protocols(); l != NULL; l = l->next) { - prpl = (PurplePlugin *)l->data; - prpl_info = PURPLE_PLUGIN_PROTOCOL_INFO(prpl); - if (prpl_info != NULL && !(prpl_info->options & OPT_PROTO_NO_PASSWORD)) { - option = purple_account_option_bool_new(_("One Time Password"), - PREF_NAME, FALSE); - prpl_info->protocol_options = g_list_append(prpl_info->protocol_options, option); - } - } - - /* Register callback. */ - purple_signal_connect(purple_connections_get_handle(), "signed-on", - plugin, PURPLE_CALLBACK(signed_on_cb), NULL); - - return TRUE; -} - -static gboolean -plugin_unload(PurplePlugin *plugin) -{ - PurplePlugin *prpl; - PurplePluginProtocolInfo *prpl_info; - PurpleAccountOption *option; - GList *l, *options; - - /* Remove protocol preference. */ - for (l = purple_plugins_get_protocols(); l != NULL; l = l->next) { - prpl = (PurplePlugin *)l->data; - prpl_info = PURPLE_PLUGIN_PROTOCOL_INFO(prpl); - if (prpl_info != NULL && !(prpl_info->options & OPT_PROTO_NO_PASSWORD)) { - options = prpl_info->protocol_options; - while (options != NULL) { - option = (PurpleAccountOption *) options->data; - if (strcmp(PREF_NAME, purple_account_option_get_setting(option)) == 0) { - prpl_info->protocol_options = g_list_delete_link(prpl_info->protocol_options, options); - purple_account_option_destroy(option); - break; - } - options = options->next; - } - } - } - - /* Callback will be automagically unregistered */ - - return TRUE; -} - -static PurplePluginInfo info = -{ - PURPLE_PLUGIN_MAGIC, - PURPLE_MAJOR_VERSION, - PURPLE_MINOR_VERSION, - PURPLE_PLUGIN_STANDARD, /**< type */ - NULL, /**< ui_requirement */ - 0, /**< flags */ - NULL, /**< dependencies */ - PURPLE_PRIORITY_DEFAULT, /**< priority */ - PLUGIN_ID, /**< id */ - N_("One Time Password Support"), /**< name */ - DISPLAY_VERSION, /**< version */ - /** summary */ - N_("Enforce that passwords are used only once."), - /** description */ - N_("Allows you to enforce on a per-account basis that passwords not " - "being saved are only used in a single successful connection.\n" - "Note: The account password must not be saved for this to work."), - "Daniel Atallah ", /**< author */ - PURPLE_WEBSITE, /**< homepage */ - plugin_load, /**< load */ - plugin_unload, /**< unload */ - NULL, /**< destroy */ - NULL, /**< ui_info */ - NULL, /**< extra_info */ - NULL, /**< prefs_info */ - NULL, /**< actions */ - NULL, /**< reserved 1 */ - NULL, /**< reserved 2 */ - NULL, /**< reserved 3 */ - NULL /**< reserved 4 */ -}; - -static void -init_plugin(PurplePlugin *plugin) -{ -} - -PURPLE_INIT_PLUGIN(one_time_password, init_plugin, info) diff --git a/pidgin.spec b/pidgin.spec index e40692c..3421aef 100644 --- a/pidgin.spec +++ b/pidgin.spec @@ -37,6 +37,7 @@ %define vv_support 0 %define libidn_support 0 %define disable_silc 0 +%define disable_evolution 0 # RHEL4: Use ALSA aplay to output sounds because it lacks gstreamer %if 0%{?fedora} < 5 @@ -89,10 +90,15 @@ %if 0%{?rhel} == 6 %define disable_silc 1 %endif +# F13+: Temporarily disable evolution integration until it becomes fixed +# http://developer.pidgin.im/ticket/10852 +%if 0%{?fedora} >= 13 +%define disable_evolution 1 +%endif Name: pidgin -Version: 2.6.4 -Release: 2%{?dist} +Version: 2.6.5 +Release: 1%{?dist} License: GPLv2+ and GPLv2 and MIT # GPLv2+ - libpurple, gnt, finch, pidgin, most prpls # GPLv2 - silc & novell prpls @@ -119,8 +125,6 @@ ExcludeArch: s390 s390x # - Browser "GNOME Default" # - Smiley Theme "Default" Source1: purple-fedora-prefs.xml -Source2: one_time_password.c - ## Patches 0-99: Fedora specific or upstream wont accept Patch0: pidgin-NOT-UPSTREAM-2.5.2-rhel4-sound-migration.patch @@ -170,7 +174,9 @@ BuildRequires: krb5-devel # gtkspell integration (FC1+) BuildRequires: gtkspell-devel # Evolution integration (FC3+) +%if ! %{disable_evolution} BuildRequires: evolution-data-server-devel +%endif # SILC integration (FC3+) %if ! %{disable_silc} BuildRequires: libsilc-devel @@ -403,7 +409,11 @@ SWITCHES="--with-extraversion=%{release}" SWITCHES="$SWITCHES --with-krb4" %endif SWITCHES="$SWITCHES --enable-perl" +%if ! %{disable_evolution} SWITCHES="$SWITCHES --enable-gevolution" +%else + SWITCHES="$SWITCHES --disable-gevolution" +%endif %if %{dbus_integration} SWITCHES="$SWITCHES --enable-dbus" %else @@ -441,8 +451,7 @@ export CFLAGS="$RPM_OPT_FLAGS" make %{?_smp_mflags} LIBTOOL=/usr/bin/libtool -# one_time_password plugin, to be merged upstream soon -cp %{SOURCE2} libpurple/plugins/ +# one_time_password plugin, included upstream but not built by default cd libpurple/plugins/ make one_time_password.so cd - @@ -631,6 +640,14 @@ rm -rf $RPM_BUILD_ROOT %endif %changelog +* Thu Jan 7 2010 Warren Togami - 2.6.5-1 +- 2.6.5 +- CVE-2010-0013 +- Other bug fixes + +* Tue Dec 8 2009 Warren Togami - 2.6.4-4 +- temporarily disable evolution integration in F13 until it is fixed + * Wed Dec 02 2009 Warren Togami 2.6.4-2 - disable SILC in EL6 builds diff --git a/sources b/sources index eff5150..1061cf0 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -6e1dc8b9dd6983a54ff3a6de33efa778 pidgin-2.6.4.tar.bz2 +90847ed22ec830db5d9768748812b661 pidgin-2.6.5.tar.bz2