commit empathy for openSUSE:11.4
Hello community, here is the log from the commit of package empathy for openSUSE:11.4 checked in at Fri Nov 4 15:08:27 CET 2011. --- old-versions/11.4/UPDATES/all/empathy/empathy.changes 2011-10-28 10:42:24.0 +0200 +++ 11.4/empathy/empathy.changes2011-11-01 05:27:41.0 +0100 @@ -1,0 +2,6 @@ +Tue Nov 1 04:23:29 UTC 2011 - sree...@suse.com + +- Update empathy-cve-2011-3635.patch to use escaped name + everywhere in theme_adium_append_message + +--- calling whatdependson for 11.4-i586 Other differences: -- ++ empathy.spec ++ --- /var/tmp/diff_new_pack.OTjHOE/_old 2011-11-04 15:05:49.0 +0100 +++ /var/tmp/diff_new_pack.OTjHOE/_new 2011-11-04 15:05:49.0 +0100 @@ -19,7 +19,7 @@ Name: empathy Version:2.32.2 -Release:7. +Release:7. License:GPLv2+ Summary:Instant Messenger Client for GNOME, based on Telepathy Url:http://live.gnome.org/Empathy ++ empathy-cve-2011-3635.patch ++ --- /var/tmp/diff_new_pack.OTjHOE/_old 2011-11-04 15:05:49.0 +0100 +++ /var/tmp/diff_new_pack.OTjHOE/_new 2011-11-04 15:05:49.0 +0100 @@ -11,19 +11,31 @@ const gchar *body; const gchar *name; const gchar *contact_id; -@@ -599,8 +599,10 @@ theme_adium_append_message (EmpathyChatV - } +@@ -469,12 +469,13 @@ theme_adium_append_message (EmpathyChatV + body_escaped = theme_adium_parse_body (body); + name = empathy_contact_get_alias (sender); + contact_id = empathy_contact_get_id (sender); ++ name_escaped = g_markup_escape_text (name, -1); + + /* If this is a /me, append an event */ + if (empathy_message_get_tptype (msg) == TP_CHANNEL_TEXT_MESSAGE_TYPE_ACTION) { + gchar *str; + +- str = g_strdup_printf ("%s %s", name, body_escaped); ++ str = g_strdup_printf ("%s %s", name_escaped, body_escaped); + theme_adium_append_event_escaped (view, str); + + g_free (str); +@@ -600,7 +601,7 @@ theme_adium_append_message (EmpathyChatV if (html != NULL) { -+ name_escaped = g_markup_escape_text (name, -1); -+ theme_adium_append_html (theme, func, html, len, body_escaped, - avatar_filename, name, contact_id, + avatar_filename, name_escaped, contact_id, service_name, message_classes->str, timestamp, is_backlog); } else { -@@ -616,6 +618,7 @@ theme_adium_append_message (EmpathyChatV +@@ -616,6 +617,7 @@ theme_adium_append_message (EmpathyChatV priv->last_is_backlog = is_backlog; g_free (body_escaped); continue with "q"... Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit empathy for openSUSE:11.4
Hello community, here is the log from the commit of package empathy for openSUSE:11.4 checked in at Fri Oct 28 13:56:34 CEST 2011. --- old-versions/11.4/all/empathy/empathy.changes 2011-02-13 17:21:48.0 +0100 +++ 11.4/empathy/empathy.changes2011-10-28 10:42:24.0 +0200 @@ -1,0 +2,6 @@ +Fri Oct 28 08:38:58 UTC 2011 - dims...@opensuse.org + +- Add empathy-cve-2011-3635.patch: escape aliased before displaying + it in theme_adium_append_message. CVE-2011-3635, bnc#727003. + +--- Package does not exist at destination yet. Using Fallback old-versions/11.4/all/empathy Destination is old-versions/11.4/UPDATES/all/empathy calling whatdependson for 11.4-i586 New: empathy-cve-2011-3635.patch Other differences: -- ++ empathy.spec ++ --- /var/tmp/diff_new_pack.DDOz71/_old 2011-10-28 13:34:10.0 +0200 +++ /var/tmp/diff_new_pack.DDOz71/_new 2011-10-28 13:34:10.0 +0200 @@ -19,13 +19,15 @@ Name: empathy Version:2.32.2 -Release:3 +Release:7. License:GPLv2+ Summary:Instant Messenger Client for GNOME, based on Telepathy Url:http://live.gnome.org/Empathy Group: Productivity/Networking/Instant Messenger Source: %{name}-%{version}.tar.bz2 Source99: %{name}-rpmlintrc +# PATCH-FIX-UPSTREAM empathy-cve-2011-3635.patch bnc#727003 bgo#662035 cve-2011-3635 dims...@opensuse.org -- theme_adium_append_message: escape alias before displaying it. +Patch0: empathy-cve-2011-3635.patch BuildRequires: NetworkManager-devel BuildRequires: enchant-devel BuildRequires: evolution-data-server-devel @@ -93,6 +95,7 @@ %prep %setup -q translation-update-upstream +%patch0 -p1 %build %configure --disable-static \ ++ empathy-cve-2011-3635.patch ++ Index: empathy-2.32.2/libempathy-gtk/empathy-theme-adium.c === --- empathy-2.32.2.orig/libempathy-gtk/empathy-theme-adium.c +++ empathy-2.32.2/libempathy-gtk/empathy-theme-adium.c @@ -436,7 +436,7 @@ theme_adium_append_message (EmpathyChatV EmpathyThemeAdiumPriv *priv = GET_PRIV (theme); EmpathyContact*sender; TpAccount *account; - gchar *body_escaped; + gchar *body_escaped, *name_escaped; const gchar *body; const gchar *name; const gchar *contact_id; @@ -599,8 +599,10 @@ theme_adium_append_message (EmpathyChatV } if (html != NULL) { + name_escaped = g_markup_escape_text (name, -1); + theme_adium_append_html (theme, func, html, len, body_escaped, -avatar_filename, name, contact_id, +avatar_filename, name_escaped, contact_id, service_name, message_classes->str, timestamp, is_backlog); } else { @@ -616,6 +618,7 @@ theme_adium_append_message (EmpathyChatV priv->last_is_backlog = is_backlog; g_free (body_escaped); + g_free (name_escaped); g_string_free (message_classes, TRUE); } continue with "q"... Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org