From c5d58331d9ecf077de6f17472dcd6068714a4cc7 Mon Sep 17 00:00:00 2001 From: Warren Togami Date: Oct 01 2007 15:23:17 +0000 Subject: 2.2.1 with many bug fixes and CVE-2007-4996 DOS fix --- diff --git a/.cvsignore b/.cvsignore index 926dc17..8dca62f 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -pidgin-2.2.0.tar.bz2 +pidgin-2.2.1.tar.bz2 diff --git a/pidgin-2.2.0-fix-proxy-settings.patch b/pidgin-2.2.0-fix-proxy-settings.patch deleted file mode 100644 index 3b31cd2..0000000 --- a/pidgin-2.2.0-fix-proxy-settings.patch +++ /dev/null @@ -1,52 +0,0 @@ ------------------------------------------------------------------ -Revision: 6be36979d022284283217c2a32f2b812740cbbf3 -Ancestor: 81e26f1e56d65a68394405ff0727feba9206ff6f -Author: datallah@pidgin.im -Date: 2007-09-14T17:55:05 -Branch: im.pidgin.pidgin - -Modified files: - libpurple/proxy.c pidgin/gtkprefs.c - -ChangeLog: - -Fix proxy settings to be loaded correctly when libpurple is initialized. This was broken because it relied on the prefs being loaded after proxy initialization so that the pref callbacks would be triggered and I changed the prefs loading to happen right at the beginning to fix other issues. Fixes #3092. - -============================================================ ---- libpurple/proxy.c fa08e3c184837ae16e5f4bb65aaec0ab56096c93 -+++ libpurple/proxy.c 395c4f16647a81960a1ac1430df4ae9fe64d05df -@@ -400,7 +400,7 @@ socket_ready_cb(gpointer data, gint sour - */ - if (!PURPLE_PROXY_CONNECT_DATA_IS_VALID(connect_data)) - return; -- -+ - purple_debug_info("proxy", "Connected to %s:%d.\n", - connect_data->host, connect_data->port); - -@@ -1992,6 +1992,13 @@ purple_proxy_init(void) - proxy_pref_cb, NULL); - purple_prefs_connect_callback(handle, "/purple/proxy/password", - proxy_pref_cb, NULL); -+ -+ /* Load the initial proxy settings */ -+ proxy_pref_cb("/purple/proxy/type", PURPLE_PREF_STRING, purple_prefs_get_string("/purple/proxy/type"), NULL); -+ proxy_pref_cb("/purple/proxy/host", PURPLE_PREF_STRING, purple_prefs_get_string("/purple/proxy/host"), NULL); -+ proxy_pref_cb("/purple/proxy/port", PURPLE_PREF_STRING, GINT_TO_POINTER(purple_prefs_get_int("/purple/proxy/port")), NULL); -+ proxy_pref_cb("/purple/proxy/username", PURPLE_PREF_STRING, purple_prefs_get_string("/purple/proxy/username"), NULL); -+ proxy_pref_cb("/purple/proxy/password", PURPLE_PREF_STRING, purple_prefs_get_string("/purple/proxy/password"), NULL); - } - - void -============================================================ ---- pidgin/gtkprefs.c fee039ede95c6ae3460bcf222f60305eb0bd2671 -+++ pidgin/gtkprefs.c 5a7f1837f163b8d345b590d1509604d30e3c6c1c -@@ -1093,7 +1093,7 @@ proxy_changed_cb(const char *name, Purpl - const char *proxy = value; - - if (strcmp(proxy, "none") && strcmp(proxy, "envvar")) -- gtk_widget_show_all(frame); -+ gtk_widget_show_all(frame); - else - gtk_widget_hide(frame); - } diff --git a/pidgin-2.2.0-fix-status-scores.patch b/pidgin-2.2.0-fix-status-scores.patch deleted file mode 100644 index 6d0ca23..0000000 --- a/pidgin-2.2.0-fix-status-scores.patch +++ /dev/null @@ -1,52 +0,0 @@ ------------------------------------------------------------------ -Revision: 240d37f3b465527200f862ff3c0da77618ae32ae -Ancestor: 6be36979d022284283217c2a32f2b812740cbbf3 -Author: datallah@pidgin.im -Date: 2007-09-14T18:26:20 -Branch: im.pidgin.pidgin - -Modified files: - libpurple/proxy.c libpurple/status.c - -ChangeLog: - -Apply a similar fix to the proxy prefs loading fix to the status scores. - -============================================================ ---- libpurple/proxy.c 395c4f16647a81960a1ac1430df4ae9fe64d05df -+++ libpurple/proxy.c dcb73f3b56ee37fd1b03d306be342bce5167037f -@@ -1994,11 +1994,11 @@ purple_proxy_init(void) - proxy_pref_cb, NULL); - - /* Load the initial proxy settings */ -- proxy_pref_cb("/purple/proxy/type", PURPLE_PREF_STRING, purple_prefs_get_string("/purple/proxy/type"), NULL); -- proxy_pref_cb("/purple/proxy/host", PURPLE_PREF_STRING, purple_prefs_get_string("/purple/proxy/host"), NULL); -- proxy_pref_cb("/purple/proxy/port", PURPLE_PREF_STRING, GINT_TO_POINTER(purple_prefs_get_int("/purple/proxy/port")), NULL); -- proxy_pref_cb("/purple/proxy/username", PURPLE_PREF_STRING, purple_prefs_get_string("/purple/proxy/username"), NULL); -- proxy_pref_cb("/purple/proxy/password", PURPLE_PREF_STRING, purple_prefs_get_string("/purple/proxy/password"), NULL); -+ purple_prefs_trigger_callback("/purple/proxy/type"); -+ purple_prefs_trigger_callback("/purple/proxy/host"); -+ purple_prefs_trigger_callback("/purple/proxy/port"); -+ purple_prefs_trigger_callback("/purple/proxy/username"); -+ purple_prefs_trigger_callback("/purple/proxy/password"); - } - - void -============================================================ ---- libpurple/status.c 1eb4a9526f9b26fa096f6ff8c8205f092b126b1e -+++ libpurple/status.c a0e82882e37ae83691ee52bc46682db953f7cf96 -@@ -1668,6 +1668,14 @@ purple_status_init(void) - purple_prefs_connect_callback(handle, "/purple/status/scores/offline_msg", - score_pref_changed_cb, - GINT_TO_POINTER(SCORE_OFFLINE_MESSAGE)); -+ -+ purple_prefs_trigger_callback("/purple/status/scores/offline"); -+ purple_prefs_trigger_callback("/purple/status/scores/available"); -+ purple_prefs_trigger_callback("/purple/status/scores/invisible"); -+ purple_prefs_trigger_callback("/purple/status/scores/away"); -+ purple_prefs_trigger_callback("/purple/status/scores/extended_away"); -+ purple_prefs_trigger_callback("/purple/status/scores/idle"); -+ purple_prefs_trigger_callback("/purple/status/scores/offline_msg"); - } - - void diff --git a/pidgin-2.2.0-plug-more-memleaks.patch b/pidgin-2.2.0-plug-more-memleaks.patch deleted file mode 100644 index bf6cecb..0000000 --- a/pidgin-2.2.0-plug-more-memleaks.patch +++ /dev/null @@ -1,28 +0,0 @@ ------------------------------------------------------------------ -Revision: 41389df89a4a6a007d41cec33e33043cd41ea159 -Ancestor: 326d6e6c8c6a955cdba84f1f802fc21ec3e6b662 -Author: datallah@pidgin.im -Date: 2007-09-17T16:24:24 -Branch: im.pidgin.pidgin - -Modified files: - libpurple/protocols/jabber/message.c - -ChangeLog: - -more leak fixes. - -============================================================ ---- libpurple/protocols/jabber/message.c 2484754364477f8cacff4778fa87396b81924175 -+++ libpurple/protocols/jabber/message.c 3bc876da8fe16d41770af8d980dce8457b3ac61a -@@ -41,7 +41,10 @@ void jabber_message_free(JabberMessage * - g_free(jm->body); - g_free(jm->xhtml); - g_free(jm->password); -+ g_free(jm->error); -+ g_free(jm->thread_id); - g_list_free(jm->etc); -+ g_list_free(jm->eventitems); - - g_free(jm); - } diff --git a/pidgin-2.2.0-plug_memleaks.patch b/pidgin-2.2.0-plug_memleaks.patch deleted file mode 100644 index 1db9853..0000000 --- a/pidgin-2.2.0-plug_memleaks.patch +++ /dev/null @@ -1,273 +0,0 @@ ------------------------------------------------------------------ -Revision: db4583bc475b46b7cb9baa38229f12473d331870 -Ancestor: 73d2587302ffbbe62f6b7f3e745508c0687813ba -Author: sadrul@pidgin.im -Date: 2007-09-15T18:27:01 -Branch: im.pidgin.pidgin - -Modified files: - libpurple/protocols/jabber/adhoccommands.c - libpurple/protocols/jabber/buddy.c - libpurple/protocols/jabber/jabber.c - libpurple/protocols/jabber/message.c - libpurple/protocols/jabber/presence.c - libpurple/protocols/jabber/usernick.c - libpurple/protocols/jabber/usertune.c - -ChangeLog: - -Plug some memory leaks. - -============================================================ ---- libpurple/protocols/jabber/adhoccommands.c d0b52a470cdc4c95503037ba92f51f87e61bdd10 -+++ libpurple/protocols/jabber/adhoccommands.c 1f8c9a282612f146d5e43e994629da3817e88f48 -@@ -151,8 +151,11 @@ static void jabber_adhoc_parse(JabberStr - /* display result */ - xmlnode *note = xmlnode_get_child(command,"note"); - -- if(note) -- purple_notify_info(NULL, xmlnode_get_attrib(packet, "from"), xmlnode_get_data(note), NULL); -+ if(note) { -+ char *data = xmlnode_get_data(note); -+ purple_notify_info(NULL, xmlnode_get_attrib(packet, "from"), data, NULL); -+ g_free(data); -+ } - - if(xdata) - jabber_x_data_request(js, xdata, (jabber_x_data_cb)do_adhoc_ignoreme, NULL); -============================================================ ---- libpurple/protocols/jabber/buddy.c 6fee8dda0f8e37a98fab4a18606447fa29792fd5 -+++ libpurple/protocols/jabber/buddy.c 490b348e2662e107a450a4e9b08db1437c260d03 -@@ -1455,10 +1455,13 @@ static void do_buddy_avatar_update_data( - return; - - img = purple_base64_decode(b64data, &size); -- if(!img) -+ if(!img) { -+ g_free(b64data); - return; -+ } - - purple_buddy_icons_set_for_user(purple_connection_get_account(js->gc), from, img, size, checksum); -+ g_free(b64data); - } - - void jabber_buddy_avatar_update_metadata(JabberStream *js, const char *from, xmlnode *items) { -============================================================ ---- libpurple/protocols/jabber/jabber.c 8211a80fdca963e6b51e9a4a9d5b096225a57711 -+++ libpurple/protocols/jabber/jabber.c 121e708c2e28ec3ff0da92cbf9e82a89f8d1a3b1 -@@ -813,7 +813,7 @@ jabber_register_cancel_cb(JabberRegister - if(account->registration_cb) - (account->registration_cb)(account, FALSE, account->registration_cb_user_data); - jabber_connection_schedule_close(cbdata->js); --} -+ } - g_free(cbdata->who); - g_free(cbdata); - } -@@ -882,12 +882,12 @@ void jabber_register_parse(JabberStream - if((href = xmlnode_get_data(url))) { - purple_notify_uri(NULL, href); - g_free(href); -- if(js->registration) { -- js->gc->wants_to_die = TRUE; -- if(account->registration_cb) /* succeeded, but we have no login info */ -- (account->registration_cb)(account, TRUE, account->registration_cb_user_data); -- jabber_connection_schedule_close(js); -- } -+ if(js->registration) { -+ js->gc->wants_to_die = TRUE; -+ if(account->registration_cb) /* succeeded, but we have no login info */ -+ (account->registration_cb)(account, TRUE, account->registration_cb_user_data); -+ jabber_connection_schedule_close(js); -+ } - return; - } - } -@@ -987,14 +987,14 @@ void jabber_register_parse(JabberStream - purple_request_field_group_add_field(group, field); - } - -- if((y = xmlnode_get_child(query, "instructions"))) -- instructions = xmlnode_get_data(y); -+ if((y = xmlnode_get_child(query, "instructions"))) -+ instructions = xmlnode_get_data(y); - else if(registered) - instructions = g_strdup(_("Please fill out the information below " - "to change your account registration.")); -- else -- instructions = g_strdup(_("Please fill out the information below " -- "to register your new account.")); -+ else -+ instructions = g_strdup(_("Please fill out the information below " -+ "to register your new account.")); - - cbdata = g_new0(JabberRegisterCBData, 1); - cbdata->js = js; -@@ -1019,8 +1019,8 @@ void jabber_register_parse(JabberStream - g_free(title); - } - -- g_free(instructions); -- } -+ g_free(instructions); -+} - - void jabber_register_start(JabberStream *js) - { -============================================================ ---- libpurple/protocols/jabber/message.c 309b575a8bd728be0fb2b41edf1362c2911b8367 -+++ libpurple/protocols/jabber/message.c 2484754364477f8cacff4778fa87396b81924175 -@@ -324,7 +324,7 @@ void jabber_message_parse(JabberStream * - if(type) { - if(!strcmp(type, "normal")) - jm->type = JABBER_MESSAGE_NORMAL; -- else if(!strcmp(type, "chat")) -+ else if(!strcmp(type, "chat")) - jm->type = JABBER_MESSAGE_CHAT; - else if(!strcmp(type, "groupchat")) - jm->type = JABBER_MESSAGE_GROUPCHAT; -============================================================ ---- libpurple/protocols/jabber/presence.c 64aa78ce207c12bf4c35e137cfa344ba6b0e9926 -+++ libpurple/protocols/jabber/presence.c 2b25212d8c6b6df2aeef8dd484660bff573c3511 -@@ -192,16 +192,11 @@ void jabber_presence_send(PurpleAccount - jabber_tune_set(js->gc, &tuneinfo); - - /* update old values */ -- if(js->old_artist) -- g_free(js->old_artist); -- if(js->old_title) -- g_free(js->old_title); -- if(js->old_source) -- g_free(js->old_source); -- if(js->old_uri) -- g_free(js->old_uri); -- if(js->old_track) -- g_free(js->old_track); -+ g_free(js->old_artist); -+ g_free(js->old_title); -+ g_free(js->old_source); -+ g_free(js->old_uri); -+ g_free(js->old_track); - js->old_artist = g_strdup(artist); - js->old_title = g_strdup(title); - js->old_source = g_strdup(source); -============================================================ ---- libpurple/protocols/jabber/usernick.c 5817ece1551b32a06a815751ec2d0c6e73fce836 -+++ libpurple/protocols/jabber/usernick.c e0e09357277521664d7f14ecf84033d6e84aa564 -@@ -33,7 +33,7 @@ static void jabber_nick_cb(JabberStream - xmlnode *item = xmlnode_get_child(items, "item"); - JabberBuddy *buddy = jabber_buddy_find(js, from, FALSE); - xmlnode *nick; -- const char *nickname = NULL; -+ char *nickname = NULL; - - /* ignore the tune of people not on our buddy list */ - if (!buddy || !item) -@@ -43,8 +43,8 @@ static void jabber_nick_cb(JabberStream - if (!nick) - return; - nickname = xmlnode_get_data(nick); -- - serv_got_alias(js->gc, from, nickname); -+ g_free(nickname); - } - - static void do_nick_set(JabberStream *js, const char *nick) { -@@ -64,7 +64,7 @@ static void do_nick_got_own_nick_cb(Jabb - } - - static void do_nick_got_own_nick_cb(JabberStream *js, const char *from, xmlnode *items) { -- const char *oldnickname = NULL; -+ char *oldnickname = NULL; - xmlnode *item = xmlnode_get_child(items,"item"); - - if(item) { -@@ -77,6 +77,7 @@ static void do_nick_got_own_nick_cb(Jabb - _("This information is visible to all contacts on your contact list, so choose something appropriate."), - oldnickname, FALSE, FALSE, NULL, _("Set"), PURPLE_CALLBACK(do_nick_set), _("Cancel"), NULL, - purple_connection_get_account(js->gc), NULL, NULL, js); -+ g_free(oldnickname); - } - - static void do_nick_set_nick(PurplePluginAction *action) { -============================================================ ---- libpurple/protocols/jabber/usertune.c cdfd425e9ed68eae4aee8d95addd93c093833093 -+++ libpurple/protocols/jabber/usertune.c a20360876437c9c69c30dd9bf3b78c192d47cc79 -@@ -41,48 +41,61 @@ static void jabber_tune_cb(JabberStream - if (!buddy || !item) - return; - -- tuneinfodata.artist = ""; -- tuneinfodata.title = ""; -- tuneinfodata.album = ""; -- tuneinfodata.track = ""; -+ tuneinfodata.artist = NULL; -+ tuneinfodata.title = NULL; -+ tuneinfodata.album = NULL; -+ tuneinfodata.track = NULL; - tuneinfodata.time = -1; -- tuneinfodata.url = ""; -- -+ tuneinfodata.url = NULL; -+ - tune = xmlnode_get_child_with_namespace(item, "tune", "http://jabber.org/protocol/tune"); - if (!tune) - return; -+ resource = jabber_buddy_find_resource(buddy, NULL); -+ if(!resource) -+ return; /* huh? */ - for (tuneinfo = tune->child; tuneinfo; tuneinfo = tuneinfo->next) { - if (tuneinfo->type == XMLNODE_TYPE_TAG) { - if (!strcmp(tuneinfo->name, "artist")) { -- if (tuneinfodata.artist[0] == '\0') /* only pick the first one */ -+ if (tuneinfodata.artist == NULL) /* only pick the first one */ - tuneinfodata.artist = xmlnode_get_data(tuneinfo); - } else if (!strcmp(tuneinfo->name, "length")) { - if (tuneinfodata.time == -1) { - char *length = xmlnode_get_data(tuneinfo); - if (length) - tuneinfodata.time = strtol(length, NULL, 10); -+ g_free(length); - } - } else if (!strcmp(tuneinfo->name, "source")) { -- if (tuneinfodata.album[0] == '\0') /* only pick the first one */ -+ if (tuneinfodata.album == NULL) /* only pick the first one */ - tuneinfodata.album = xmlnode_get_data(tuneinfo); - } else if (!strcmp(tuneinfo->name, "title")) { -- if (tuneinfodata.title[0] == '\0') /* only pick the first one */ -+ if (tuneinfodata.title == NULL) /* only pick the first one */ - tuneinfodata.title = xmlnode_get_data(tuneinfo); - } else if (!strcmp(tuneinfo->name, "track")) { -- if (tuneinfodata.track[0] == '\0') /* only pick the first one */ -+ if (tuneinfodata.track == NULL) /* only pick the first one */ - tuneinfodata.track = xmlnode_get_data(tuneinfo); - } else if (!strcmp(tuneinfo->name, "uri")) { -- if (tuneinfodata.url[0] == '\0') /* only pick the first one */ -+ if (tuneinfodata.url == NULL) /* only pick the first one */ - tuneinfodata.url = xmlnode_get_data(tuneinfo); - } - } - } -- resource = jabber_buddy_find_resource(buddy, NULL); -- if(!resource) -- return; /* huh? */ - status_id = jabber_buddy_state_get_status_id(resource->state); - -- purple_prpl_got_user_status(js->gc->account, from, status_id, PURPLE_TUNE_ARTIST, tuneinfodata.artist, PURPLE_TUNE_TITLE, tuneinfodata.title, PURPLE_TUNE_ALBUM, tuneinfodata.album, PURPLE_TUNE_TRACK, tuneinfodata.track, PURPLE_TUNE_TIME, tuneinfodata.time, PURPLE_TUNE_URL, tuneinfodata.url, NULL); -+ purple_prpl_got_user_status(js->gc->account, from, status_id, -+ PURPLE_TUNE_ARTIST, tuneinfodata.artist, -+ PURPLE_TUNE_TITLE, tuneinfodata.title, -+ PURPLE_TUNE_ALBUM, tuneinfodata.album, -+ PURPLE_TUNE_TRACK, tuneinfodata.track, -+ PURPLE_TUNE_TIME, tuneinfodata.time, -+ PURPLE_TUNE_URL, tuneinfodata.url, NULL); -+ -+ g_free(tuneinfodata.artist); -+ g_free(tuneinfodata.title); -+ g_free(tuneinfodata.album); -+ g_free(tuneinfodata.track); -+ g_free(tuneinfodata.url); - } - - void jabber_tune_init(void) { diff --git a/pidgin.spec b/pidgin.spec index 8aa0d28..df72610 100644 --- a/pidgin.spec +++ b/pidgin.spec @@ -28,8 +28,8 @@ %define perl_devel_separated 1 Name: pidgin -Version: 2.2.0 -Release: 3%{?dist} +Version: 2.2.1 +Release: 1%{?dist} License: GPLv2+ and GPLv2 and MIT # GPLv2+ - libpurple, gnt, finch, pidgin, most prpls # GPLv2 - silc & novell prpls @@ -56,13 +56,9 @@ Source1: purple-fedora-prefs.xml ## Patches 0-99: Fedora specific or upstream wont accept +Patch0: pidgin-2.0.0-beta7-reread-resolvconf.patch ## Patches 100+: To be Included in Future Upstream -Patch100: pidgin-2.2.0-plug_memleaks.patch -Patch101: pidgin-2.2.0-fix-proxy-settings.patch -Patch102: pidgin-2.2.0-fix-status-scores.patch -Patch103: pidgin-2.2.0-plug-more-memleaks.patch -Patch113: pidgin-2.0.0-beta7-reread-resolvconf.patch BuildRoot: %{_tmppath}/%{name}-%{version}-root Summary: A Gtk+ based multiprotocol instant messaging client @@ -507,6 +503,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Mon Oct 1 2007 Warren Togami - 2.2.1-1 +- 2.2.1 with many bug fixes and CVE-2007-4996 DOS fix + * Sat Sep 29 2007 Michel Salim - 2.2.0-3 - Build against avahi proper instead of its HOWL compatibility layer diff --git a/sources b/sources index 5932316..6772e9b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -d71cd4de6ef1459ba9b504d0c06d8d04 pidgin-2.2.0.tar.bz2 +f1703430d4b8ffc96b493fc36cd46131 pidgin-2.2.1.tar.bz2