[arch-commits] Commit in pidgin/trunk (2 files)

Ionut Biru ibiru at archlinux.org
Fri Jul 16 15:24:55 EDT 2010


    Date: Friday, July 16, 2010 @ 15:24:54
  Author: ibiru
Revision: 85620

upgpkg: pidgin 2.7.1-2 fix security vulnerability in libpurple CVE-2010-2528

Added:
  pidgin/trunk/oscar_xstatus_remote_crash_fix_2_for_pidgin_2.7.1.diff
Modified:
  pidgin/trunk/PKGBUILD

--------------------------------------------------------+
 PKGBUILD                                               |   40 +++----
 oscar_xstatus_remote_crash_fix_2_for_pidgin_2.7.1.diff |   84 +++++++++++++++
 2 files changed, 105 insertions(+), 19 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2010-07-16 19:24:23 UTC (rev 85619)
+++ PKGBUILD	2010-07-16 19:24:54 UTC (rev 85620)
@@ -7,7 +7,7 @@
 pkgbase=('pidgin')
 pkgname=('libpurple' 'pidgin' 'finch')
 pkgver=2.7.1
-pkgrel=1
+pkgrel=2
 arch=('i686' 'x86_64')
 url="http://pidgin.im/"
 license=('GPL')
@@ -16,14 +16,16 @@
              'tk' 'ca-certificates' 'intltool' 'networkmanager')
 options=('!libtool')
 source=(http://downloads.sourceforge.net/${pkgbase}/${pkgver}/${pkgbase}-${pkgver}.tar.bz2
-        icq_fix.patch)
-sha256sums=('f412a5a7389ad553229743b49399f968278095c8258dc0f89f766a6cd0ba95d1'
-            '9f5de2d1441f8369f3f13733dc4ffe14e1be9395507b79703b1c849c02602f93')
+        icq_fix.patch oscar_xstatus_remote_crash_fix_2_for_pidgin_2.7.1.diff)
+md5sums=('0dd2adb9e8214ac960f956823c84e7e2'
+         '2ce887cf36e698282b9241832850defd'
+         '29cb9bb0e74db8bf6c18c048e935a60a')
 
 build() {
     cd "${srcdir}/${pkgbase}-${pkgver}"
 
-    patch -Np0 -i "${srcdir}/icq_fix.patch" || return 1
+    patch -Np0 -i "${srcdir}/icq_fix.patch"
+    patch -Np0 -i "${srcdir}/oscar_xstatus_remote_crash_fix_2_for_pidgin_2.7.1.diff"
 
     ./configure --prefix=/usr \
                 --sysconfdir=/etc \
@@ -34,8 +36,8 @@
                 --enable-cyrus-sasl \
                 --disable-doxygen \
                 --enable-nm \
-                --with-system-ssl-certs=/etc/ssl/certs || return 1
-    make || return 1
+                --with-system-ssl-certs=/etc/ssl/certs
+    make
 }
 package_libpurple(){
     pkgdesc="IM library extracted from Pidgin"
@@ -45,7 +47,7 @@
 
     for dir in libpurple share/sounds share/ca-certs m4macros po
     do
-        make -C "${dir}" DESTDIR="${pkgdir}" install || return 1
+        make -C "${dir}" DESTDIR="${pkgdir}" install
     done
 #    rm -rf "$pkgdir/etc" || return 1
 }
@@ -63,17 +65,17 @@
     install=pidgin.install
     cd "${srcdir}/${pkgbase}-${pkgver}"
     #for linking
-    make -C libpurple DESTDIR="${pkgdir}" install-libLTLIBRARIES || return 1
+    make -C libpurple DESTDIR="${pkgdir}" install-libLTLIBRARIES
 
-    make -C pidgin DESTDIR="${pkgdir}" install || return 1
-    make -C doc DESTDIR="${pkgdir}" install || return 1
+    make -C pidgin DESTDIR="${pkgdir}" install
+    make -C doc DESTDIR="${pkgdir}" install
 
     #clean up libpurple
-    make -C libpurple DESTDIR="${pkgdir}" uninstall-libLTLIBRARIES || return 1
+    make -C libpurple DESTDIR="${pkgdir}" uninstall-libLTLIBRARIES
 
-    install -D -m 0644 pidgin.desktop "${pkgdir}"/usr/share/applications/pidgin.desktop || return 1
+    install -D -m 0644 pidgin.desktop "${pkgdir}"/usr/share/applications/pidgin.desktop
 
-    rm -f "${pkgdir}"/usr/share/man/man1/finch.1 || return 1
+    rm -f "${pkgdir}"/usr/share/man/man1/finch.1
 }
 package_finch(){
     pkgdesc="A ncurses-based messaging client"
@@ -84,12 +86,12 @@
 
     cd "${srcdir}/${pkgbase}-${pkgver}"
     #for linking
-    make -C libpurple DESTDIR="${pkgdir}" install-libLTLIBRARIES || return 1
+    make -C libpurple DESTDIR="${pkgdir}" install-libLTLIBRARIES
 
-    make -C finch DESTDIR="${pkgdir}" install || return 1
-    make -C doc DESTDIR="${pkgdir}" install || return 1
+    make -C finch DESTDIR="${pkgdir}" install
+    make -C doc DESTDIR="${pkgdir}" install
 
     #clean up libpurple
-    make -C libpurple DESTDIR="${pkgdir}" uninstall-libLTLIBRARIES || return 1
-    rm -f "${pkgdir}"/usr/share/man/man1/pidgin.1 || return 1
+    make -C libpurple DESTDIR="${pkgdir}" uninstall-libLTLIBRARIES
+    rm -f "${pkgdir}"/usr/share/man/man1/pidgin.1
 }

Added: oscar_xstatus_remote_crash_fix_2_for_pidgin_2.7.1.diff
===================================================================
--- oscar_xstatus_remote_crash_fix_2_for_pidgin_2.7.1.diff	                        (rev 0)
+++ oscar_xstatus_remote_crash_fix_2_for_pidgin_2.7.1.diff	2010-07-16 19:24:54 UTC (rev 85620)
@@ -0,0 +1,84 @@
+#
+# old_revision [915eb72db575b96b63275f0f1d857378adbf3420]
+#
+# patch "libpurple/protocols/oscar/family_icbm.c"
+#  from [52688bc864209fd4471193bfce81c4547ba8ae51]
+#    to [2a3a9ef76a6fd25b6e58b0e527df49bf8f83f2fb]
+#
+============================================================
+--- libpurple/protocols/oscar/family_icbm.c	52688bc864209fd4471193bfce81c4547ba8ae51
++++ libpurple/protocols/oscar/family_icbm.c	2a3a9ef76a6fd25b6e58b0e527df49bf8f83f2fb
+@@ -2687,7 +2687,6 @@ static int clientautoresp(OscarData *od,
+ 	int hdrlen;
+ 	int curpos;
+ 	int num1,num2;
+-	char *desc, *title, *temp;
+ 	PurpleAccount *account;
+ 	PurpleBuddy *buddy;
+ 	PurplePresence *presence;
+@@ -2714,31 +2713,41 @@ static int clientautoresp(OscarData *od,
+ 		 		xml = byte_stream_getstr(bs, bs->len - curpos);
+ 		 		purple_debug_misc("oscar", "X-Status: Received XML reply\n");
+ 		 		if(xml) {
+- 				/* purple_debug_misc("oscar", "X-Status: XML reply: %s\n", (const char*) xml); */
+- 					if ((desc=strstr(xml,"<desc>")) != NULL) {
+- 						temp=strstr(xml,"</desc>");
+- 						temp[0]=0;
+- 						desc=desc+12;
+- 					}
+- 					if ((title=strstr(xml,"<title>")) != NULL) {
+- 						temp=strstr(xml,"</title>");
+- 						temp[0]=0;
+- 						title=title+13;
+- 					} else {
+- 						title="";
+- 					}
+- 					strcpy(xml,title);
+-					if (desc) {
+- 						strcat(xml, " - ");
+- 						strcat(xml, desc);
++					GString *xstatus;
++					char *tmp1, *tmp2;
++
++					/* purple_debug_misc("oscar", "X-Status: XML reply: %s\n", xml); */
++
++					xstatus = g_string_new(NULL);
++
++					tmp1 = strstr(xml, "<title>");
++					if (tmp1 != NULL) {
++						tmp1 += 13;
++						tmp2 = strstr(tmp1, "</title>");
++						if (tmp2 != NULL)
++							g_string_append_len(xstatus, tmp1, tmp2 - tmp1);
+ 					}
+- 					purple_debug_misc("oscar", "X-Status reply: %s\n", (const char*)xml);
+- 					account = purple_connection_get_account(od->gc);
+- 					buddy = purple_find_buddy(account, bn);
+- 					presence = purple_buddy_get_presence(buddy);
+- 					status = purple_presence_get_active_status(presence);
+- 					purple_prpl_got_user_status(account, bn,
+-  					    purple_status_get_id(status), "message", xml, NULL);
++					tmp1 = strstr(xml, "<desc>");
++					if (tmp1 != NULL) {
++						tmp1 += 12;
++						tmp2 = strstr(tmp1, "</desc>");
++						if (tmp2 != NULL) {
++							if (xstatus->len > 0)
++								g_string_append(xstatus, " - ");
++							g_string_append_len(xstatus, tmp1, tmp2 - tmp1);
++						}
++					}
++					if (xstatus->len > 0) {
++						purple_debug_misc("oscar", "X-Status reply: %s\n", xstatus->str);
++						account = purple_connection_get_account(od->gc);
++						buddy = purple_find_buddy(account, bn);
++						presence = purple_buddy_get_presence(buddy);
++						status = purple_presence_get_active_status(presence);
++						purple_prpl_got_user_status(account, bn,
++								purple_status_get_id(status),
++								"message", xstatus->str, NULL);
++					}
++					g_string_free(xstatus, TRUE);
+ 		   		} else {
+ 			 		purple_debug_misc("oscar", "X-Status: Can't get XML reply string\n");
+ 				}



More information about the arch-commits mailing list