Hello community, here is the log from the commit of package pidgin for openSUSE:11.4 checked in at Mon Dec 19 16:48:20 CET 2011.
-------- --- old-versions/11.4/UPDATES/all/pidgin/pidgin.changes 2011-11-24 06:58:08.000000000 +0100 +++ 11.4/pidgin/pidgin.changes 2011-12-16 10:26:07.000000000 +0100 @@ -1,0 +2,8 @@ +Fri Dec 16 09:21:47 UTC 2011 - dmzh...@suse.com +- add pidgin-2.7.10.tar.bz2 to package, prevent from downloading from upstream when building +- bnc#736147, CVE-2011-4601, crash in oscar protocol +- bnc#736161, CVE-2011-4603, SILC remote crash on channel messages +- bnc#736162, CVE-2011-4602, Multiple NULL pointer deference flaws in the XMPP +- bnc#736189, CVE-2011-1091, multiple NULL pointer dereference flaws in Yahoo protocol plug-in + +------------------------------------------------------------------- calling whatdependson for 11.4-i586 New: ---- VUL-fixes.patch pidgin-2.7.10.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pidgin.spec ++++++ --- /var/tmp/diff_new_pack.mnRG3X/_old 2011-12-19 16:35:45.000000000 +0100 +++ /var/tmp/diff_new_pack.mnRG3X/_new 2011-12-19 16:35:45.000000000 +0100 @@ -26,12 +26,12 @@ Name: pidgin Summary: GTK+-Based Multiprotocol Instant Messaging Client Version: 2.7.10 -Release: 4.<RELEASE5> +Release: 4.<RELEASE7> # FIXME: check resolution of bnc#659001 to decide what to do about ownership of mhr directories in -lang (last checked: 2012-12-21) License: GPLv2+ Group: Productivity/Networking/Instant Messenger Url: http://www.pidgin.im/ -Source: http://downloads.sourceforge.net/pidgin/%{name}-%{version}.tar.bz2 +Source: pidgin-2.7.10.tar.bz2 Source1: pidgin-NLD-smiley-theme.tar.bz2 Source2: pidgin-Tango-smiley-theme.tar.bz2 Patch1: pidgin-gnome-keyring.patch @@ -43,6 +43,7 @@ # PATCH-FIX-OPENSUSE pidgin-fix-perl-build.patch vu...@opensuse.org -- Revert http://developer.pidgin.im/viewmtn/revision/info/f32151852a00fb5abd3fdccdd8df2419031666de as it breaks the build Patch15: pidgin-fix-perl-build.patch Patch16: silc-fixutf8-securitybug.patch +Patch17: VUL-fixes.patch # Can use external libzephyr BuildRequires: cyrus-sasl-devel @@ -332,6 +333,7 @@ %patch14 -p1 %patch15 -p1 %patch16 -p1 +%patch17 -p1 # Change Myanmar/Myanmar to Myanmar: rename my_MM my po/my_MM.* ++++++ VUL-fixes.patch ++++++ Index: pidgin-2.7.10/libpurple/protocols/oscar/family_feedbag.c =================================================================== --- pidgin-2.7.10.orig/libpurple/protocols/oscar/family_feedbag.c +++ pidgin-2.7.10/libpurple/protocols/oscar/family_feedbag.c @@ -1649,18 +1649,35 @@ static int receiveauthgrant(OscarData *o int ret = 0; aim_rxcallback_t userfunc; guint16 tmp; - char *bn, *msg; + char *bn, *msg, *tmpstr; /* Read buddy name */ - if ((tmp = byte_stream_get8(bs))) - bn = byte_stream_getstr(bs, tmp); - else - bn = NULL; + tmp = byte_stream_get8(bs); + if (!tmp) { + purple_debug_warning("oscar", "Dropping auth grant SNAC " + "because username was empty\n"); + return 0; + } + bn = byte_stream_getstr(bs, tmp); + if (!g_utf8_validate(bn, -1, NULL)) { + purple_debug_warning("oscar", "Dropping auth grant SNAC " + "because the username was not valid UTF-8\n"); + g_free(bn); + } - /* Read message (null terminated) */ - if ((tmp = byte_stream_get16(bs))) + /* Read message */ + tmp = byte_stream_get16(bs); + if (tmp) { msg = byte_stream_getstr(bs, tmp); - else + if (!g_utf8_validate(msg, -1, NULL)) { + /* Ugh, msg isn't UTF8. Let's salvage. */ + purple_debug_warning("oscar", "Got non-UTF8 message in auth " + "grant from %s\n", bn); + tmpstr = purple_utf8_salvage(msg); + g_free(msg); + msg = tmpstr; + } + } else msg = NULL; /* Unknown */ @@ -1807,21 +1824,38 @@ static int receiveauthreply(OscarData *o aim_rxcallback_t userfunc; guint16 tmp; guint8 reply; - char *bn, *msg; + char *bn, *msg, *tmpstr; /* Read buddy name */ - if ((tmp = byte_stream_get8(bs))) - bn = byte_stream_getstr(bs, tmp); - else - bn = NULL; + tmp = byte_stream_get8(bs); + if (!tmp) { + purple_debug_warning("oscar", "Dropping auth reply SNAC " + "because username was empty\n"); + return 0; + } + bn = byte_stream_getstr(bs, tmp); + if (!g_utf8_validate(bn, -1, NULL)) { + purple_debug_warning("oscar", "Dropping auth reply SNAC " + "because the username was not valid UTF-8\n"); + g_free(bn); + } /* Read reply */ reply = byte_stream_get8(bs); - /* Read message (null terminated) */ - if ((tmp = byte_stream_get16(bs))) + /* Read message */ + tmp = byte_stream_get16(bs); + if (tmp) { msg = byte_stream_getstr(bs, tmp); - else + if (!g_utf8_validate(msg, -1, NULL)) { + /* Ugh, msg isn't UTF8. Let's salvage. */ + purple_debug_warning("oscar", "Got non-UTF8 message in auth " + "reply from %s\n", bn); + tmpstr = purple_utf8_salvage(msg); + g_free(msg); + msg = tmpstr; + } + } else msg = NULL; /* Unknown */ @@ -1847,10 +1881,18 @@ static int receiveadded(OscarData *od, F char *bn; /* Read buddy name */ - if ((tmp = byte_stream_get8(bs))) - bn = byte_stream_getstr(bs, tmp); - else - bn = NULL; + tmp = byte_stream_get8(bs); + if (!tmp) { + purple_debug_warning("oscar", "Dropping 'you were added' SNAC " + "because username was empty\n"); + return 0; + } + bn = byte_stream_getstr(bs, tmp); + if (!g_utf8_validate(bn, -1, NULL)) { + purple_debug_warning("oscar", "Dropping 'you were added' SNAC " + "because the username was not valid UTF-8\n"); + g_free(bn); + } if ((userfunc = aim_callhandler(od, snac->family, snac->subtype))) ret = userfunc(od, conn, frame, bn); Index: pidgin-2.7.10/libpurple/protocols/silc/ops.c =================================================================== --- pidgin-2.7.10.orig/libpurple/protocols/silc/ops.c +++ pidgin-2.7.10/libpurple/protocols/silc/ops.c @@ -415,9 +415,16 @@ silc_private_message(SilcClient client, } if (flags & SILC_MESSAGE_FLAG_UTF8) { - tmp = g_markup_escape_text((const char *)message, -1); + const char *msg = (const char *)message; + char *salvaged = NULL; + if (!g_utf8_validate((const char *)message, -1, NULL)) { + salvaged = purple_utf8_salvage((const char *)message); + msg = salvaged; + } + tmp = g_markup_escape_text(msg, -1); /* Send to Purple */ serv_got_im(gc, sender->nickname, tmp, 0, time(NULL)); + g_free(salvaged); g_free(tmp); } } Index: pidgin-2.7.10/libpurple/protocols/jabber/jingle/jingle.c =================================================================== --- pidgin-2.7.10.orig/libpurple/protocols/jabber/jingle/jingle.c +++ pidgin-2.7.10/libpurple/protocols/jabber/jingle/jingle.c @@ -126,7 +126,7 @@ jingle_handle_content_modify(JingleSessi if (local_content != NULL) { const gchar *senders = xmlnode_get_attrib(content, "senders"); gchar *local_senders = jingle_content_get_senders(local_content); - if (strcmp(senders, local_senders)) + if (!purple_strequal(senders, local_senders)) jingle_content_modify(local_content, senders); g_free(local_senders); } else { Index: pidgin-2.7.10/libpurple/protocols/jabber/jingle/rtp.c =================================================================== --- pidgin-2.7.10.orig/libpurple/protocols/jabber/jingle/rtp.c +++ pidgin-2.7.10/libpurple/protocols/jabber/jingle/rtp.c @@ -589,6 +589,16 @@ jingle_rtp_init_media(JingleContent *con senders = jingle_content_get_senders(content); transport = jingle_content_get_transport(content); + if (media_type == NULL) { + g_free(name); + g_free(remote_jid); + g_free(senders); + g_free(params); + g_object_unref(transport); + g_object_unref(session); + return FALSE; + } + if (JINGLE_IS_RAWUDP(transport)) transmitter = "rawudp"; else if (JINGLE_IS_ICEUDP(transport)) @@ -597,17 +607,17 @@ jingle_rtp_init_media(JingleContent *con transmitter = "notransmitter"; g_object_unref(transport); - is_audio = !strcmp(media_type, "audio"); + is_audio = g_str_equal(media_type, "audio"); - if (!strcmp(senders, "both")) - type = is_audio == TRUE ? PURPLE_MEDIA_AUDIO + if (purple_strequal(senders, "both")) + type = is_audio ? PURPLE_MEDIA_AUDIO : PURPLE_MEDIA_VIDEO; - else if ((strcmp(senders, "initiator") == 0) == + else if (purple_strequal(senders, "initiator") == jingle_session_is_initiator(session)) - type = is_audio == TRUE ? PURPLE_MEDIA_SEND_AUDIO + type = is_audio ? PURPLE_MEDIA_SEND_AUDIO : PURPLE_MEDIA_SEND_VIDEO; else - type = is_audio == TRUE ? PURPLE_MEDIA_RECV_AUDIO + type = is_audio ? PURPLE_MEDIA_RECV_AUDIO : PURPLE_MEDIA_RECV_VIDEO; params = @@ -615,7 +625,17 @@ jingle_rtp_init_media(JingleContent *con NULL, NULL, &num_params); creator = jingle_content_get_creator(content); - if (!strcmp(creator, "initiator")) + if (creator == NULL) { + g_free(name); + g_free(media_type); + g_free(remote_jid); + g_free(senders); + g_free(params); + g_object_unref(session); + return FALSE; + } + + if (g_str_equal(creator, "initiator")) is_creator = jingle_session_is_initiator(session); else is_creator = !jingle_session_is_initiator(session); @@ -624,6 +644,8 @@ jingle_rtp_init_media(JingleContent *con if(!purple_media_add_stream(media, name, remote_jid, type, is_creator, transmitter, num_params, params)) { purple_media_end(media, NULL, NULL); + /* TODO: How much clean-up is necessary here? (does calling + purple_media_end lead to cleaning up Jingle structs?) */ return FALSE; } @@ -645,9 +667,22 @@ jingle_rtp_parse_codecs(xmlnode *descrip const char *encoding_name,*id, *clock_rate; PurpleMediaCodec *codec; const gchar *media = xmlnode_get_attrib(description, "media"); - PurpleMediaSessionType type = - !strcmp(media, "video") ? PURPLE_MEDIA_VIDEO : - !strcmp(media, "audio") ? PURPLE_MEDIA_AUDIO : 0; + PurpleMediaSessionType type; + + if (media == NULL) { + purple_debug_warning("jingle-rtp", "missing media type\n"); + return NULL; + } + + if (g_str_equal(media, "video")) { + type = PURPLE_MEDIA_VIDEO; + } else if (g_str_equal(media, "audio")) { + type = PURPLE_MEDIA_AUDIO; + } else { + purple_debug_warning("jingle-rtp", "unknown media type: %s\n", + media); + return NULL; + } for (codec_element = xmlnode_get_child(description, "payload-type") ; codec_element ; @@ -768,19 +803,19 @@ jingle_rtp_handle_action_internal(Jingle switch (action) { case JINGLE_SESSION_ACCEPT: case JINGLE_SESSION_INITIATE: { - JingleSession *session = jingle_content_get_session(content); - JingleTransport *transport = jingle_transport_parse( - xmlnode_get_child(xmlcontent, "transport")); - xmlnode *description = xmlnode_get_child(xmlcontent, "description"); - GList *candidates = jingle_rtp_transport_to_candidates(transport); - GList *codecs = jingle_rtp_parse_codecs(description); - gchar *name = jingle_content_get_name(content); - gchar *remote_jid = - jingle_session_get_remote_jid(session); + JingleSession *session; + JingleTransport *transport; + xmlnode *description; + GList *candidates; + GList *codecs; + gchar *name; + gchar *remote_jid; PurpleMedia *media; + session = jingle_content_get_session(content); + if (action == JINGLE_SESSION_INITIATE && - jingle_rtp_init_media(content) == FALSE) { + !jingle_rtp_init_media(content)) { /* XXX: send error */ jabber_iq_send(jingle_session_terminate_packet( session, "general-error")); @@ -788,6 +823,14 @@ jingle_rtp_handle_action_internal(Jingle break; } + transport = jingle_transport_parse( + xmlnode_get_child(xmlcontent, "transport")); + description = xmlnode_get_child(xmlcontent, "description"); + candidates = jingle_rtp_transport_to_candidates(transport); + codecs = jingle_rtp_parse_codecs(description); + name = jingle_content_get_name(content); + remote_jid = jingle_session_get_remote_jid(session); + media = jingle_rtp_get_media(session); purple_media_set_remote_codecs(media, name, remote_jid, codecs); Index: pidgin-2.7.10/libpurple/protocols/yahoo/libymsg.c =================================================================== --- pidgin-2.7.10.orig/libpurple/protocols/yahoo/libymsg.c +++ pidgin-2.7.10/libpurple/protocols/yahoo/libymsg.c @@ -842,7 +842,7 @@ static void yahoo_process_notify(PurpleC break; } - if (*stat == '1') + if (stat && *stat == '1') serv_got_typing(gc, fed_from, 0, PURPLE_TYPING); else serv_got_typing_stopped(gc, fed_from); @@ -864,7 +864,7 @@ static void yahoo_process_notify(PurpleC yahoo_friend_set_game(f, NULL); - if (*stat == '1') { + if (stat && *stat == '1') { yahoo_friend_set_game(f, game); if (bud) yahoo_update_status(gc, from, f); @@ -922,6 +922,11 @@ static void yahoo_process_sms_message(Pu l = l->next; } + if(!sms) { + purple_debug_info("yahoo", "Received a malformed SMS packet!\n"); + return; + } + if( (pkt->status == -1) || (pkt->status == YAHOO_STATUS_DISCONNECTED) ) { if (server_msg) { PurpleConversation *c; Index: pidgin-2.7.10/libpurple/protocols/jabber/jingle/session.c =================================================================== --- pidgin-2.7.10.orig/libpurple/protocols/jabber/jingle/session.c +++ pidgin-2.7.10/libpurple/protocols/jabber/jingle/session.c @@ -284,7 +284,7 @@ jingle_session_create(JabberStream *js, if (!js->sessions) { purple_debug_info("jingle", "Creating hash table for sessions\n"); - js->sessions = g_hash_table_new(g_str_hash, g_str_equal); + js->sessions = g_hash_table_new_full(g_str_hash, g_str_equal, g_free, NULL); } purple_debug_info("jingle", "inserting session with key: %s into table\n", sid); @@ -407,26 +407,24 @@ jingle_add_jingle_packet(JingleSession * xmlnode_new("jingle"); gchar *local_jid = jingle_session_get_local_jid(session); gchar *remote_jid = jingle_session_get_remote_jid(session); + gchar *sid = jingle_session_get_sid(session); xmlnode_set_namespace(jingle, JINGLE); xmlnode_set_attrib(jingle, "action", jingle_get_action_name(action)); if (jingle_session_is_initiator(session)) { - xmlnode_set_attrib(jingle, "initiator", - jingle_session_get_local_jid(session)); - xmlnode_set_attrib(jingle, "responder", - jingle_session_get_remote_jid(session)); + xmlnode_set_attrib(jingle, "initiator", local_jid); + xmlnode_set_attrib(jingle, "responder", remote_jid); } else { - xmlnode_set_attrib(jingle, "initiator", - jingle_session_get_remote_jid(session)); - xmlnode_set_attrib(jingle, "responder", - jingle_session_get_local_jid(session)); + xmlnode_set_attrib(jingle, "initiator", remote_jid); + xmlnode_set_attrib(jingle, "responder", local_jid); } + xmlnode_set_attrib(jingle, "sid", sid); + g_free(local_jid); g_free(remote_jid); - - xmlnode_set_attrib(jingle, "sid", jingle_session_get_sid(session)); + g_free(sid); return jingle; } @@ -504,11 +502,16 @@ void jingle_session_handle_action(Jingle JingleContent * jingle_session_find_content(JingleSession *session, const gchar *name, const gchar *creator) { - GList *iter = session->priv->contents; + GList *iter; + + if (name == NULL) + return NULL; + + iter = session->priv->contents; for (; iter; iter = g_list_next(iter)) { JingleContent *content = iter->data; gchar *cname = jingle_content_get_name(content); - gboolean result = !strcmp(name, cname); + gboolean result = g_str_equal(name, cname); g_free(cname); if (creator != NULL) { @@ -526,11 +529,16 @@ jingle_session_find_content(JingleSessio JingleContent * jingle_session_find_pending_content(JingleSession *session, const gchar *name, const gchar *creator) { - GList *iter = session->priv->pending_contents; + GList *iter; + + if (name == NULL) + return NULL; + + iter = session->priv->pending_contents; for (; iter; iter = g_list_next(iter)) { JingleContent *content = iter->data; gchar *cname = jingle_content_get_name(content); - gboolean result = !strcmp(name, cname); + gboolean result = g_str_equal(name, cname); g_free(cname); if (creator != NULL) { continue with "q"... Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
