diff --git a/.cvsignore b/.cvsignore index b73843b..3bdf73d 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,2 +1 @@ -pidgin-2.6.2.tar.bz2 -pidgin-2.6.2.tar.bz2 +pidgin-2.6.3.tar.bz2 diff --git a/pidgin-2.6.2-aim-buddy-status-grab.patch b/pidgin-2.6.2-aim-buddy-status-grab.patch deleted file mode 100644 index 5a183b3..0000000 --- a/pidgin-2.6.2-aim-buddy-status-grab.patch +++ /dev/null @@ -1,52 +0,0 @@ -http://developer.pidgin.im/viewmtn/revision/info/97e003ed2bc2bafbb993693c9ae9c6d667731cc1 -If an oscar buddy on our buddy list is away and we have not yet -fetched their HTML info, then fallback to using their plaintext -status message when fetching the buddies status text. -Fixes #9843 - -# -# -# patch "libpurple/protocols/oscar/oscar.c" -# from [e8d20222205b810c91ebed0d7193d2004cc2777f] -# to [c0ac247833af9a49df59ca3c58ceab5ce6263366] -# -============================================================ ---- libpurple/protocols/oscar/oscar.c e8d20222205b810c91ebed0d7193d2004cc2777f -+++ libpurple/protocols/oscar/oscar.c c0ac247833af9a49df59ca3c58ceab5ce6263366 -@@ -829,19 +829,25 @@ static void oscar_user_info_append_statu - the "message" attribute of the status contains only the plaintext - message. */ - if (userinfo) { -- if ((userinfo->flags & AIM_FLAG_AWAY)) { -- /* Away message? */ -- if ((userinfo->flags & AIM_FLAG_AWAY) && (userinfo->away_len > 0) && (userinfo->away != NULL) && (userinfo->away_encoding != NULL)) { -- tmp = oscar_encoding_extract(userinfo->away_encoding); -- message = oscar_encoding_to_utf8(account, tmp, userinfo->away, -- userinfo->away_len); -- g_free(tmp); -- } -+ if ((userinfo->flags & AIM_FLAG_AWAY) -+ && userinfo->away_len > 0 -+ && userinfo->away != NULL -+ && userinfo->away_encoding != NULL) -+ { -+ /* Away message */ -+ tmp = oscar_encoding_extract(userinfo->away_encoding); -+ message = oscar_encoding_to_utf8(account, -+ tmp, userinfo->away, userinfo->away_len); -+ g_free(tmp); - } else { -- /* Available message? */ -+ /* -+ * Available message or non-HTML away message (because that's -+ * all we have right now. -+ */ - if ((userinfo->status != NULL) && userinfo->status[0] != '\0') { -- message = oscar_encoding_to_utf8(account, userinfo->status_encoding, -- userinfo->status, userinfo->status_len); -+ message = oscar_encoding_to_utf8(account, -+ userinfo->status_encoding, userinfo->status, -+ userinfo->status_len); - } - #if defined (_WIN32) || defined (__APPLE__) - if (userinfo->itmsurl && (userinfo->itmsurl[0] != '\0')) diff --git a/pidgin-2.6.2-crash-validate-jid.patch b/pidgin-2.6.2-crash-validate-jid.patch index e75f8f7..5e0dd54 100644 --- a/pidgin-2.6.2-crash-validate-jid.patch +++ b/pidgin-2.6.2-crash-validate-jid.patch @@ -2,12 +2,6 @@ http://developer.pidgin.im/ticket/10259 http://developer.pidgin.im/viewmtn/revision/info/cb46b045aa6e927a3814d9053c2b1c0f08d6fa62 Fix a crash when attempting to validate a JID with an invalid resource. -# -# -# patch "ChangeLog" -# from [959824a520d41286c4d89d8899a8e12b684e5ad8] -# to [6e78b15060f29fe30ae1b695f61248014b305d49] -# # patch "libpurple/protocols/jabber/jutil.c" # from [9047c2dfd575de6ec516dd8377bce70df42d5063] # to [603120abe6629d5e8f9e79d5198134bb252b0875] @@ -17,19 +11,6 @@ Fix a crash when attempting to validate a JID with an invalid resource. # to [42bdbb36f39b7d894d5f6f68e1b02f4c1ce4973a] # ============================================================ ---- ChangeLog 959824a520d41286c4d89d8899a8e12b684e5ad8 -+++ ChangeLog 6e78b15060f29fe30ae1b695f61248014b305d49 -@@ -1,5 +1,9 @@ Pidgin and Finch: The Pimpin' Penguin IM - Pidgin and Finch: The Pimpin' Penguin IM Clients That're Good for the Soul - -+version 2.6.3 (??/??/20??): -+ XMPP: -+ * Fix a crash when attempting to validate an invalid JID. -+ - version 2.6.2 (09/05/2009): - libpurple: - * Fix --disable-avahi to actually disable it in configure, as opposed -============================================================ --- libpurple/protocols/jabber/jutil.c 9047c2dfd575de6ec516dd8377bce70df42d5063 +++ libpurple/protocols/jabber/jutil.c 603120abe6629d5e8f9e79d5198134bb252b0875 @@ -153,10 +153,9 @@ jabber_idn_validate(const char *str, con diff --git a/pidgin.spec b/pidgin.spec index b1d6cba..bb9e110 100644 --- a/pidgin.spec +++ b/pidgin.spec @@ -81,8 +81,8 @@ %endif Name: pidgin -Version: 2.6.2 -Release: 2%{?dist} +Version: 2.6.3 +Release: 1%{?dist} License: GPLv2+ and GPLv2 and MIT # GPLv2+ - libpurple, gnt, finch, pidgin, most prpls # GPLv2 - silc & novell prpls @@ -116,7 +116,6 @@ Source2: one_time_password.c Patch0: pidgin-NOT-UPSTREAM-2.5.2-rhel4-sound-migration.patch ## Patches 100+: To be Included in Future Upstream -Patch100: pidgin-2.6.2-aim-buddy-status-grab.patch Patch101: pidgin-2.6.2-yahoo-buddy-idle-time.patch Patch102: pidgin-2.6.2-yahoo-status-change-away.patch Patch103: pidgin-2.6.2-crash-validate-jid.patch @@ -377,7 +376,6 @@ echo "FEDORA=%{fedora} RHEL=%{rhel}" %endif ## Patches 100+: To be Included in Future Upstream -%patch100 -p0 -b .aim-buddy-status-grab %patch101 -p0 -b .yahoo-buddy-idle-time %patch102 -p0 -b .yahoo-status-change-away %patch103 -p0 -b .pidgin-2.6.2-crash-validate-jid @@ -625,6 +623,9 @@ rm -rf $RPM_BUILD_ROOT %endif %changelog +* Fri Oct 16 2009 Warren Togami 2.6.3-1 +- 2.6.3 CVE-2009-3615 + * Wed Sep 09 2009 Warren Togami 2.6.2-2 - Upstream backports: 97e003ed2bc2bafbb993693c9ae9c6d667731cc1 aim-buddy-status-grab diff --git a/sources b/sources index 82456fd..b2e3b73 100644 --- a/sources +++ b/sources @@ -1,2 +1 @@ -306b6b60aefa9c5d5bffb08c576aa955 pidgin-2.6.1.tar.bz2 -a1bbb3c9be7d4ee1f53590d319cbfa72 pidgin-2.6.2.tar.bz2 +8d0ff6215b2d023eaa8efef59097ef83 pidgin-2.6.3.tar.bz2