Date: Friday, July 16, 2010 @ 15:24:54
Author: ibiru
Revision: 85620
upgpkg: pidgin 2.7.1-2 fix security vulnerability in libpurple CVE-2010-2528
Added:
pidgin/trunk/oscar_xstatus_remote_crash_fix_2_for_pidgin_2.7.1.diff
Modified:
pidgin/trunk/PKGBUILD
--------------------------------------------------------+
PKGBUILD | 40 +++----
oscar_xstatus_remote_crash_fix_2_for_pidgin_2.7.1.diff | 84 +++++++++++++++
2 files changed, 105 insertions(+), 19 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2010-07-16 19:24:23 UTC (rev 85619)
+++ PKGBUILD 2010-07-16 19:24:54 UTC (rev 85620)
@@ -7,7 +7,7 @@
pkgbase=('pidgin')
pkgname=('libpurple' 'pidgin' 'finch')
pkgver=2.7.1
-pkgrel=1
+pkgrel=2
arch=('i686' 'x86_64')
url="http://pidgin.im/";
license=('GPL')
@@ -16,14 +16,16 @@
'tk' 'ca-certificates' 'intltool' 'networkmanager')
options=('!libtool')
source=(http://downloads.sourceforge.net/${pkgbase}/${pkgver}/${pkgbase}-${pkgver}.tar.bz2
- icq_fix.patch)
-sha256sums=('f412a5a7389ad553229743b49399f968278095c8258dc0f89f766a6cd0ba95d1'
- '9f5de2d1441f8369f3f13733dc4ffe14e1be9395507b79703b1c849c02602f93')
+ icq_fix.patch oscar_xstatus_remote_crash_fix_2_for_pidgin_2.7.1.diff)
+md5sums=('0dd2adb9e8214ac960f956823c84e7e2'
+ '2ce887cf36e698282b9241832850defd'
+ '29cb9bb0e74db8bf6c18c048e935a60a')
build() {
cd "${srcdir}/${pkgbase}-${pkgver}"
- patch -Np0 -i "${srcdir}/icq_fix.patch" || return 1
+ patch -Np0 -i "${srcdir}/icq_fix.patch"
+ patch -Np0 -i
"${srcdir}/oscar_xstatus_remote_crash_fix_2_for_pidgin_2.7.1.diff"
./configure --prefix=/usr \
--sysconfdir=/etc \
@@ -34,8 +36,8 @@
--enable-cyrus-sasl \
--disable-doxygen \
--enable-nm \
- --with-system-ssl-certs=/etc/ssl/certs || return 1
- make || return 1
+ --with-system-ssl-certs=/etc/ssl/certs
+ make
}
package_libpurple(){
pkgdesc="IM library extracted from Pidgin"
@@ -45,7 +47,7 @@
for dir in libpurple share/sounds share/ca-certs m4macros po
do
- make -C "${dir}" DESTDIR="${pkgdir}" install || return 1
+ make -C "${dir}" DESTDIR="${pkgdir}" install
done
# rm -rf "$pkgdir/etc" || return 1
}
@@ -63,17 +65,17 @@
install=pidgin.install
cd "${srcdir}/${pkgbase}-${pkgver}"
#for linking
- make -C libpurple DESTDIR="${pkgdir}" install-libLTLIBRARIES || return 1
+ make -C libpurple DESTDIR="${pkgdir}" install-libLTLIBRARIES
- make -C pidgin DESTDIR="${pkgdir}" install || return 1
- make -C doc DESTDIR="${pkgdir}" install || return 1
+ make -C pidgin DESTDIR="${pkgdir}" install
+ make -C doc DESTDIR="${pkgdir}" install
#clean up libpurple
- make -C libpurple DESTDIR="${pkgdir}" uninstall-libLTLIBRARIES || return 1
+ make -C libpurple DESTDIR="${pkgdir}" uninstall-libLTLIBRARIES
- install -D -m 0644 pidgin.desktop
"${pkgdir}"/usr/share/applications/pidgin.desktop || return 1
+ install -D -m 0644 pidgin.desktop
"${pkgdir}"/usr/share/applications/pidgin.desktop
- rm -f "${pkgdir}"/usr/share/man/man1/finch.1 || return 1
+ rm -f "${pkgdir}"/usr/share/man/man1/finch.1
}
package_finch(){
pkgdesc="A ncurses-based messaging client"
@@ -84,12 +86,12 @@
cd "${srcdir}/${pkgbase}-${pkgver}"
#for linking
- make -C libpurple DESTDIR="${pkgdir}" install-libLTLIBRARIES || return 1
+ make -C libpurple DESTDIR="${pkgdir}" install-libLTLIBRARIES
- make -C finch DESTDIR="${pkgdir}" install || return 1
- make -C doc DESTDIR="${pkgdir}" install || return 1
+ make -C finch DESTDIR="${pkgdir}" install
+ make -C doc DESTDIR="${pkgdir}" install
#clean up libpurple
- make -C libpurple DESTDIR="${pkgdir}" uninstall-libLTLIBRARIES || return 1
- rm -f "${pkgdir}"/usr/share/man/man1/pidgin.1 || return 1
+ make -C libpurple DESTDIR="${pkgdir}" uninstall-libLTLIBRARIES
+ rm -f "${pkgdir}"/usr/share/man/man1/pidgin.1
}
Added: oscar_xstatus_remote_crash_fix_2_for_pidgin_2.7.1.diff
===================================================================
--- oscar_xstatus_remote_crash_fix_2_for_pidgin_2.7.1.diff
(rev 0)
+++ oscar_xstatus_remote_crash_fix_2_for_pidgin_2.7.1.diff 2010-07-16
19:24:54 UTC (rev 85620)
@@ -0,0 +1,84 @@
+#
+# old_revision [915eb72db575b96b63275f0f1d857378adbf3420]
+#
+# patch "libpurple/protocols/oscar/family_icbm.c"
+# from [52688bc864209fd4471193bfce81c4547ba8ae51]
+# to [2a3a9ef76a6fd25b6e58b0e527df49bf8f83f2fb]
+#
+============================================================
+--- libpurple/protocols/oscar/family_icbm.c
52688bc864209fd4471193bfce81c4547ba8ae51
++++ libpurple/protocols/oscar/family_icbm.c
2a3a9ef76a6fd25b6e58b0e527df49bf8f83f2fb
+@@ -2687,7 +2687,6 @@ static int clientautoresp(OscarData *od,
+ int hdrlen;
+ int curpos;
+ int num1,num2;
+- char *desc, *title, *temp;
+ PurpleAccount *account;
+ PurpleBuddy *buddy;
+ PurplePresence *presence;
+@@ -2714,31 +2713,41 @@ static int clientautoresp(OscarData *od,
+ xml = byte_stream_getstr(bs, bs->len - curpos);
+ purple_debug_misc("oscar", "X-Status: Received
XML reply\n");
+ if(xml) {
+- /* purple_debug_misc("oscar", "X-Status: XML
reply: %s\n", (const char*) xml); */
+- if ((desc=strstr(xml,"<desc>"))
!= NULL) {
+-
temp=strstr(xml,"</desc>");
+- temp[0]=0;
+- desc=desc+12;
+- }
+- if ((title=strstr(xml,"<title>"))
!= NULL) {
+-
temp=strstr(xml,"</title>");
+- temp[0]=0;
+- title=title+13;
+- } else {
+- title="";
+- }
+- strcpy(xml,title);
+- if (desc) {
+- strcat(xml, " - ");
+- strcat(xml, desc);
++ GString *xstatus;
++ char *tmp1, *tmp2;
++
++ /* purple_debug_misc("oscar",
"X-Status: XML reply: %s\n", xml); */
++
++ xstatus = g_string_new(NULL);
++
++ tmp1 = strstr(xml, "<title>");
++ if (tmp1 != NULL) {
++ tmp1 += 13;
++ tmp2 = strstr(tmp1,
"</title>");
++ if (tmp2 != NULL)
++
g_string_append_len(xstatus, tmp1, tmp2 - tmp1);
+ }
+- purple_debug_misc("oscar", "X-Status
reply: %s\n", (const char*)xml);
+- account =
purple_connection_get_account(od->gc);
+- buddy = purple_find_buddy(account, bn);
+- presence =
purple_buddy_get_presence(buddy);
+- status =
purple_presence_get_active_status(presence);
+- purple_prpl_got_user_status(account, bn,
+- purple_status_get_id(status),
"message", xml, NULL);
++ tmp1 = strstr(xml, "<desc>");
++ if (tmp1 != NULL) {
++ tmp1 += 12;
++ tmp2 = strstr(tmp1,
"</desc>");
++ if (tmp2 != NULL) {
++ if (xstatus->len > 0)
++
g_string_append(xstatus, " - ");
++
g_string_append_len(xstatus, tmp1, tmp2 - tmp1);
++ }
++ }
++ if (xstatus->len > 0) {
++ purple_debug_misc("oscar",
"X-Status reply: %s\n", xstatus->str);
++ account =
purple_connection_get_account(od->gc);
++ buddy =
purple_find_buddy(account, bn);
++ presence =
purple_buddy_get_presence(buddy);
++ status =
purple_presence_get_active_status(presence);
++
purple_prpl_got_user_status(account, bn,
++
purple_status_get_id(status),
++ "message",
xstatus->str, NULL);
++ }
++ g_string_free(xstatus, TRUE);
+ } else {
+ purple_debug_misc("oscar", "X-Status:
Can't get XML reply string\n");
+ }
