diff --git a/pidgin-2.6.6-clientLogin-proxy-fix.patch b/pidgin-2.6.6-clientLogin-proxy-fix.patch new file mode 100644 index 0000000..445e16c --- /dev/null +++ b/pidgin-2.6.6-clientLogin-proxy-fix.patch @@ -0,0 +1,49 @@ +http://developer.pidgin.im/viewmtn/revision/info/b14ee507e932a395a0e1f29298af162c8614ca0f +Allow clientLogin POST/GETs to use a configured proxy. +Thanks to jweyrich for discovering this. + +# +# +# patch "libpurple/protocols/oscar/clientlogin.c" +# from [318c59bcf45207fefad4ab7a0e34bd63ebf7de34] +# to [2218cfaa1f1341b9db55d780c9cb5b738a57c81c] +# +============================================================ +--- libpurple/protocols/oscar/clientlogin.c 318c59bcf45207fefad4ab7a0e34bd63ebf7de34 ++++ libpurple/protocols/oscar/clientlogin.c 2218cfaa1f1341b9db55d780c9cb5b738a57c81c +@@ -293,8 +293,12 @@ static void send_start_oscar_session(Osc + static void send_start_oscar_session(OscarData *od, const char *token, const char *session_key, time_t hosttime) + { + char *query_string, *signature, *url; +- gboolean use_tls = purple_account_get_bool(purple_connection_get_account(od->gc), "use_ssl", OSCAR_DEFAULT_USE_SSL); ++ PurpleAccount *account; ++ gboolean use_tls; + ++ account = purple_connection_get_account(od->gc); ++ use_tls = purple_account_get_bool(account, "use_ssl", OSCAR_DEFAULT_USE_SSL); ++ + /* + * Construct the GET parameters. 0x00000611 is the distid given to + * us by AOL for use as the default libpurple distid. +@@ -317,7 +321,8 @@ static void send_start_oscar_session(Osc + g_free(signature); + + /* Make the request */ +- od->url_data = purple_util_fetch_url(url, TRUE, NULL, FALSE, ++ od->url_data = purple_util_fetch_url_request_len_with_account(account, ++ url, TRUE, NULL, FALSE, NULL, FALSE, -1, + start_oscar_session_cb, od); + g_free(url); + } +@@ -573,8 +578,9 @@ void send_client_login(OscarData *od, co + g_string_free(body, TRUE); + + /* Send the POST request */ +- od->url_data = purple_util_fetch_url_request(URL_CLIENT_LOGIN, +- TRUE, NULL, FALSE, request->str, FALSE, ++ od->url_data = purple_util_fetch_url_request_len_with_account( ++ purple_connection_get_account(gc), URL_CLIENT_LOGIN, ++ TRUE, NULL, FALSE, request->str, FALSE, -1, + client_login_cb, od); + g_string_free(request, TRUE); + } diff --git a/pidgin-2.6.6-clientLogin-use-https.patch b/pidgin-2.6.6-clientLogin-use-https.patch new file mode 100644 index 0000000..9de1369 --- /dev/null +++ b/pidgin-2.6.6-clientLogin-use-https.patch @@ -0,0 +1,21 @@ +http://developer.pidgin.im/viewmtn/revision/info/0e3079d15adeb12c1e57ceaf5bf037f9b71c8abd +Change clientLogin to use HTTPS, since the hash calculation appears fixed now. + +# +# +# patch "libpurple/protocols/oscar/clientlogin.c" +# from [d1110c449c4c558d139dffc12b0a941191ac8837] +# to [318c59bcf45207fefad4ab7a0e34bd63ebf7de34] +# +============================================================ +--- libpurple/protocols/oscar/clientlogin.c d1110c449c4c558d139dffc12b0a941191ac8837 ++++ libpurple/protocols/oscar/clientlogin.c 318c59bcf45207fefad4ab7a0e34bd63ebf7de34 +@@ -43,7 +43,7 @@ + #include "core.h" + + #define URL_CLIENT_LOGIN "https://api.screenname.aol.com/auth/clientLogin" +-#define URL_START_OSCAR_SESSION "http://api.oscar.aol.com/aim/startOSCARSession" ++#define URL_START_OSCAR_SESSION "https://api.oscar.aol.com/aim/startOSCARSession" + + /* + * Using clientLogin requires a developer ID. This key is for libpurple. diff --git a/pidgin.spec b/pidgin.spec index 98e06ec..dfc97b1 100644 --- a/pidgin.spec +++ b/pidgin.spec @@ -98,7 +98,7 @@ Name: pidgin Version: 2.6.6 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2+ and GPLv2 and MIT # GPLv2+ - libpurple, gnt, finch, pidgin, most prpls # GPLv2 - silc & novell prpls @@ -130,7 +130,8 @@ Source1: purple-fedora-prefs.xml Patch0: pidgin-NOT-UPSTREAM-2.5.2-rhel4-sound-migration.patch ## Patches 100+: To be Included in Future Upstream -#Patch100: pidgin-2.6.5-old-gcc.patch +Patch100: pidgin-2.6.6-clientLogin-proxy-fix.patch +Patch101: pidgin-2.6.6-clientLogin-use-https.patch BuildRoot: %{_tmppath}/%{name}-%{version}-root Summary: A Gtk+ based multiprotocol instant messaging client @@ -392,7 +393,8 @@ echo "FEDORA=%{fedora} RHEL=%{rhel}" %endif ## Patches 100+: To be Included in Future Upstream -#%patch100 -p1 -b .old_gcc +%patch100 -p0 +%patch101 -p0 # Our preferences cp %{SOURCE1} prefs.xml @@ -647,6 +649,11 @@ rm -rf $RPM_BUILD_ROOT %endif %changelog +* Thu Mar 04 2010 Warren Togami - 2.6.6-2 +- Upstream backports: + 0e3079d15adeb12c1e57ceaf5bf037f9b71c8abd Fix AIM SSL clientLogin + b14ee507e932a395a0e1f29298af162c8614ca0f Fix AIM clientLogin with proxy + * Tue Feb 16 2010 Warren Togami - 2.6.6-1 - 2.6.6 with security and numerous minor bug fixes CVE-2010-0277 CVE-2010-0420 CVE-2010-0423