/cpw/tomkiewicz/gg11: d7cf7492cf82: Merge from default
Tomasz Wasilczyk
tomkiewicz at cpw.pidgin.im
Wed Mar 20 20:22:51 EDT 2013
Changeset: d7cf7492cf82d24fef314c7ed53bd434e0d21071
Author: Tomasz Wasilczyk <tomkiewicz at cpw.pidgin.im>
Date: 2013-03-21 01:22 +0100
Branch: default
URL: https://hg.pidgin.im/cpw/tomkiewicz/gg11/rev/d7cf7492cf82
Description:
Merge from default
diffstat:
.hgtags | 1 +
COPYRIGHT | 2 +-
ChangeLog | 33 +-
ChangeLog.API | 5 +
Makefile.mingw | 6 +-
configure.ac | 6 +-
finch/gntlog.c | 2 +-
finch/gntpounce.c | 6 +-
finch/libgnt/gntwm.c | 6 +-
libpurple/account.c | 6 +-
libpurple/buddyicon.c | 4 +-
libpurple/certificate.c | 4 +-
libpurple/dnsquery.c | 4 +-
libpurple/example/nullclient.c | 10 +-
libpurple/log.c | 2 +-
libpurple/plugin.c | 9 +-
libpurple/plugins/ssl/ssl-nss.c | 2 +-
libpurple/plugins/tcl/tcl.c | 4 +-
libpurple/pounce.c | 2 +-
libpurple/protocols/bonjour/jabber.c | 23 +-
libpurple/protocols/gg/image.c | 8 +
libpurple/protocols/gg/resolver-purple.c | 4 +
libpurple/protocols/irc/msgs.c | 24 +-
libpurple/protocols/irc/parse.c | 12 +-
libpurple/protocols/jabber/auth_cyrus.c | 40 +-
libpurple/protocols/jabber/auth_digest_md5.c | 4 +-
libpurple/protocols/jabber/bosh.c | 6 +-
libpurple/protocols/jabber/google/google_roster.c | 26 +-
libpurple/protocols/jabber/google/google_session.c | 13 +-
libpurple/protocols/jabber/ibb.c | 4 -
libpurple/protocols/jabber/jabber.c | 59 +-
libpurple/protocols/jabber/jingle/rtp.c | 3 +-
libpurple/protocols/jabber/oob.c | 9 +-
libpurple/protocols/jabber/si.c | 11 +-
libpurple/protocols/jabber/useravatar.c | 8 +-
libpurple/protocols/jabber/usermood.c | 4 +-
libpurple/protocols/msn/directconn.c | 14 +-
libpurple/protocols/msn/msn.c | 2 +-
libpurple/protocols/msn/soap.c | 3 +-
libpurple/protocols/mxit/cipher.c | 16 +-
libpurple/protocols/mxit/formcmds.c | 16 +-
libpurple/protocols/mxit/http.c | 12 +-
libpurple/protocols/mxit/login.c | 14 +-
libpurple/protocols/mxit/markup.c | 7 +-
libpurple/protocols/mxit/multimx.c | 3 +-
libpurple/protocols/mxit/mxit.c | 7 +-
libpurple/protocols/mxit/mxit.h | 2 +-
libpurple/protocols/mxit/protocol.c | 23 +-
libpurple/protocols/mxit/protocol.h | 1 +
libpurple/protocols/mxit/roster.c | 6 +-
libpurple/protocols/mxit/splashscreen.c | 8 +-
libpurple/protocols/novell/nmrtf.c | 1 -
libpurple/protocols/novell/novell.c | 5 -
libpurple/protocols/oscar/family_icbm.c | 2 +-
libpurple/protocols/oscar/odc.c | 8 +-
libpurple/protocols/oscar/oscar.c | 14 +-
libpurple/protocols/oscar/userinfo.c | 5 -
libpurple/protocols/sametime/sametime.c | 13 +-
libpurple/protocols/silc/buddy.c | 18 +-
libpurple/protocols/silc/chat.c | 4 +-
libpurple/protocols/silc/ops.c | 14 +-
libpurple/protocols/silc/silc.c | 7 +-
libpurple/protocols/silc/silcpurple.h | 2 +-
libpurple/protocols/silc/util.c | 2 +-
libpurple/protocols/silc/wb.c | 2 +-
libpurple/protocols/simple/simple.c | 6 +-
libpurple/protocols/yahoo/libymsg.c | 12 +-
libpurple/protocols/yahoo/yahoo_doodle.c | 6 +-
libpurple/protocols/yahoo/yahoo_profile.c | 2 +-
libpurple/protocols/zephyr/zephyr.c | 14 +-
libpurple/smiley.c | 32 +-
libpurple/theme-loader.c | 1 +
libpurple/upnp.c | 16 +-
libpurple/util.c | 44 +-
libpurple/util.h | 17 +-
libpurple/win32/global.mak | 2 +-
pidgin/gtkblist.c | 9 +-
pidgin/gtkconv.c | 12 +-
pidgin/gtkconv.h | 1 +
pidgin/gtkdialogs.c | 18 +-
pidgin/gtkimhtml.c | 11 +-
pidgin/gtklog.c | 2 +-
pidgin/gtkmain.c | 5 +-
pidgin/gtkmenutray.c | 4 +-
pidgin/gtknotify.c | 2 +-
pidgin/gtkpounce.c | 6 +-
pidgin/gtksourceundomanager.c | 17 +-
pidgin/gtkstatusbox.c | 2 +-
pidgin/gtkutils.c | 6 +-
pidgin/plugins/cap/cap.c | 2 +-
pidgin/plugins/gevolution/add_buddy_dialog.c | 4 +-
pidgin/plugins/gevolution/gevolution.c | 2 +-
pidgin/plugins/timestamp_format.c | 2 +-
pidgin/win32/nsis/generate_gtk_zip.sh | 2 +-
pidgin/win32/nsis/pidgin-installer.nsi | 11 +-
po/ChangeLog | 26 +-
po/POTFILES.skip | 63 +
po/de.po | 1213 +-
po/el.po | 5079 +++------
po/et.po | 5059 +++------
po/ga.po | 9517 +++++++++---------
po/he.po | 886 +-
po/hr.po | 10 +-
po/lt.po | 4389 ++-----
po/my_MM.po | 88 +-
po/nl.po | 557 +-
po/nn.po | 87 +-
po/pa.po | 795 +-
po/pl.po | 552 +-
po/pt.po | 9945 ++++++-------------
po/pt_BR.po | 1807 +--
111 files changed, 16355 insertions(+), 24591 deletions(-)
diffs (truncated from 75474 to 300 lines):
diff --git a/.hgtags b/.hgtags
--- a/.hgtags
+++ b/.hgtags
@@ -86,3 +86,4 @@ dab0253fe3754ffd68e070cdfbbf31cd79f9a421
1d00b9e4aa6add6dca97cca4ac614d63bd105dfd v2.10.4
a3d157700972b48cf0a23b300261a5ab0c6e165b v2.10.5
4992bd90d8ad78ebdd324dd90d3e9d443f7dd002 v2.10.6
+ad7e7fb98db3bbd7bf9ab49072fd34cd4fa25dd9 v2.10.7
diff --git a/COPYRIGHT b/COPYRIGHT
--- a/COPYRIGHT
+++ b/COPYRIGHT
@@ -15,7 +15,7 @@ If concerns are raised as to the copyrig
piece of code, then that code should be traced through our version
control system to see from where it came and who has modified it.
-Copyright (C) 1998-2012 by the following:
+Copyright (C) 1998-2013 by the following:
Mark
Saleem Abdulrasool
diff --git a/ChangeLog b/ChangeLog
--- a/ChangeLog
+++ b/ChangeLog
@@ -57,10 +57,9 @@ version 3.0.0 (??/??/????):
* The Offline Message Emulation plugin now adds a note that the message
was an offline message. (Flavius Anton) (#2497)
-version 2.10.7:
- Gadu-Gadu:
- * Fix a crash at startup with large contact list. Avatar support for
- buddies will be disabled till 3.0.0. (#15226, #14305)
+version 2.10.7 (02/13/2013):
+ Alien hatchery:
+ * No changes
General:
* The configure script will now exit with status 1 when specifying
@@ -68,6 +67,8 @@ version 2.10.7:
--with-dynamic-prpls arguments. (Michael Fiedler) (#15316)
libpurple:
+ * Fix a crash when receiving UPnP responses with abnormally long values.
+ (CVE-2013-0274)
* Don't link directly to libgcrypt when building with GnuTLS support.
(Bartosz Brachaczek) (#15329)
* Fix UPnP mappings on routers that return empty <URLBase/> elements
@@ -82,10 +83,10 @@ version 2.10.7:
Gadu-Gadu:
* Fix a crash at startup with large contact list. Avatar support for
- buddies will be disabled till 3.0.0. (#15226, #14305)
+ buddies will be disabled until 3.0.0. (#15226, #14305)
IRC:
- * Support for SASL authentication. (Thijs Alkemade, Andy Spencer)
+ * Support for SASL authentication. (Thijs Alkemade, Andy Spencer)
(#13270)
* Print topic setter information at channel join. (#13317)
@@ -95,6 +96,11 @@ version 2.10.7:
Barfield) (#15217)
MXit:
+ * Fix two bugs where a remote MXit user could possibly specify a local
+ file path to be written to. (CVE-2013-0271)
+ * Fix a bug where the MXit server or a man-in-the-middle could
+ potentially send specially crafted data that could overflow a buffer
+ and lead to a crash or remote code execution. (CVE-2013-0272)
* Display farewell messages in a different colour to distinguish
them from normal messages.
* Add support for typing notification.
@@ -105,6 +111,12 @@ version 2.10.7:
* The buddy's name was not centered vertically in the buddy-list if they
did not have a status-message or mood set.
* Fix decoding of font-size changes in the markup of received messages.
+ * Increase the maximum file size that can be transferred to 1 MB.
+ * When setting an avatar image, no longer downscale it to 96x96.
+
+ Sametime:
+ * Fix a crash in Sametime when a malicious server sends us an abnormally
+ long user ID. (CVE-2013-0273)
Yahoo!:
* Fix a double-free in profile/picture loading code. (Mihai Serban)
@@ -120,11 +132,14 @@ version 2.10.7:
such as MacPorts' +no_x11 variant.
Windows-Specific Changes:
- * Compile with secure flags (#15290)
+ * Compile with secure flags (Jurre van Bergen) (#15290)
* Installer downloads GTK+ Runtime and Debug Symbols more securely.
- (#15277)
+ Thanks goes to Jacob Appelbaum of the Tor Project for identifying
+ this issue and suggesting solutions. (#15277)
* Updates to a number of dependencies, some of which have security
- related fixes. (#14571, #15285, #15286)
+ related fixes. Thanks again to Jacob Appelbaum and Jurre van Bergen
+ for identifying the vulnerable libraries and to Dieter Verfaillie
+ for helping getting the libraries updated. (#14571, #15285, #15286)
* ATK 1.32.0-2
* Cyrus SASL 2.1.25
* expat 2.1.0-1
diff --git a/ChangeLog.API b/ChangeLog.API
--- a/ChangeLog.API
+++ b/ChangeLog.API
@@ -231,6 +231,8 @@ version 3.0.0 (??/??/????):
* purple_util_fetch_url_request, instead.
* purple_util_fetch_url_request_len_with_account. Use
purple_util_fetch_url_request, instead.
+ * purple_util_get_image_checksum. Use
+ g_compute_checksum_for_data(G_CHECKSUM_SHA1, ...), instead.
* PurpleCertificateVerificationStatus.PURPLE_CERTIFICATE_INVALID
* PurpleConnectionUiOps.report_disconnect_reason
* PurplePluginProtocolInfo.add_buddy_with_invite
@@ -267,6 +269,9 @@ version 3.0.0 (??/??/????):
* xmlnode_set_attrib_with_namespace
* xmlnode_set_attrib_with_prefix
+version 2.10.7:
+ * No changes
+
version 2.10.6:
* No changes
diff --git a/Makefile.mingw b/Makefile.mingw
--- a/Makefile.mingw
+++ b/Makefile.mingw
@@ -38,14 +38,14 @@ authenticode_sign = $(MONO_SIGNCODE) \
-a sha1 -$$ commercial \
-n "$(2)" -i "https://pidgin.im" \
-t "http://timestamp.verisign.com/scripts/timstamp.dll" -tr 10 \
- $(1)
+ $(1) && rm -f $(1).bak
gpg_sign = $(GPG_SIGN) -ab $(1) && $(GPG_SIGN) --verify $(1).asc
STRIPPED_RELEASE_DIR = $(PIDGIN_TREE_TOP)/pidgin-$(PIDGIN_VERSION)-win32bin
DEBUG_SYMBOLS_DIR = $(PIDGIN_TREE_TOP)/pidgin-$(PIDGIN_VERSION)-dbgsym
-PIDGIN_INST_DEP_DIR="$(WIN32_DEV_TOP)/pidgin-inst-deps-20120910"
+PIDGIN_INST_DEP_DIR="$(WIN32_DEV_TOP)/pidgin-inst-deps-20130214"
# Any *.dll or *.exe files included in win32-install-dir that we don't compile
# should be included in this list so they don't get stripped
@@ -109,7 +109,7 @@ endif
cp $(ENCHANT_TOP)/bin/libenchant.dll $(PIDGIN_INSTALL_DIR)/spellcheck
cp -R $(ENCHANT_TOP)/lib/enchant/*.dll $(PIDGIN_INSTALL_DIR)/spellcheck/lib/enchant
cp $(PIDGIN_INST_DEP_DIR)/exchndl.dll $(PIDGIN_INSTALL_DIR)
- cp $(GCC_SSP_TOP)/bin/libssp-0.dll $(PIDGIN_INSTALL_DIR)
+ cp $(GCC_SSP_TOP)/libssp-0.dll $(PIDGIN_INSTALL_DIR)
gtk_runtime_zip:
pidgin/win32/nsis/generate_gtk_zip.sh "`pwd`" "$(GPG_SIGN)"
diff --git a/configure.ac b/configure.ac
--- a/configure.ac
+++ b/configure.ac
@@ -55,7 +55,7 @@ m4_define([purple_display_version], purp
m4_define([gnt_lt_current], [8])
m4_define([gnt_major_version], [2])
m4_define([gnt_minor_version], [8])
-m4_define([gnt_micro_version], [9])
+m4_define([gnt_micro_version], [10])
m4_define([gnt_version_suffix], [devel])
m4_define([gnt_version],
[gnt_major_version.gnt_minor_version.gnt_micro_version])
@@ -2440,12 +2440,12 @@ fi
AC_SUBST(PLUGINS_DEFINE)
dnl #######################################################################
-dnl # Check for Cyrus-SASL (for Jabber)
+dnl # Check for Cyrus-SASL (for xmpp/irc)
dnl #######################################################################
dnl AC_CHECK_SIZEOF(short)
AC_CHECK_FUNCS(snprintf connect)
AC_SUBST(SASL_LIBS)
-AC_ARG_ENABLE(cyrus-sasl, AS_HELP_STRING([--enable-cyrus-sasl], [enable Cyrus SASL support for jabberd]), enable_cyrus_sasl=$enableval, enable_cyrus_sasl=no)
+AC_ARG_ENABLE(cyrus-sasl, AS_HELP_STRING([--enable-cyrus-sasl], [enable Cyrus SASL support for xmpp/irc]), enable_cyrus_sasl=$enableval, enable_cyrus_sasl=no)
if test "x$enable_cyrus_sasl" = "xyes" ; then
AC_CHECK_LIB(sasl2, sasl_client_init, [
AM_CONDITIONAL(USE_CYRUS_SASL, true)
diff --git a/finch/gntlog.c b/finch/gntlog.c
--- a/finch/gntlog.c
+++ b/finch/gntlog.c
@@ -248,7 +248,7 @@ static void populate_log_tree(FinchLogVi
NULL);
gnt_tree_set_expanded(GNT_TREE(lv->tree), month, FALSE);
- strncpy(prev_top_month, month, sizeof(prev_top_month));
+ g_strlcpy(prev_top_month, month, sizeof(prev_top_month));
}
/* sub */
diff --git a/finch/gntpounce.c b/finch/gntpounce.c
--- a/finch/gntpounce.c
+++ b/finch/gntpounce.c
@@ -801,10 +801,8 @@ pounce_cb(PurplePounce *pounce, PurplePo
if (purple_pounce_action_is_enabled(pounce, "open-window"))
{
- conv = purple_find_conversation_with_account(PURPLE_CONV_TYPE_IM, pouncee, account);
-
- if (conv == NULL)
- conv = purple_conversation_new(PURPLE_CONV_TYPE_IM, account, pouncee);
+ if (!purple_find_conversation_with_account(PURPLE_CONV_TYPE_IM, pouncee, account))
+ purple_conversation_new(PURPLE_CONV_TYPE_IM, account, pouncee);
}
if (purple_pounce_action_is_enabled(pounce, "popup-notify"))
diff --git a/finch/libgnt/gntwm.c b/finch/libgnt/gntwm.c
--- a/finch/libgnt/gntwm.c
+++ b/finch/libgnt/gntwm.c
@@ -1243,7 +1243,11 @@ ignore_keys_start(GntBindable *bindable,
static gboolean
ignore_keys_end(GntBindable *bindable, GList *n)
{
- return ignore_keys ? !(ignore_keys = FALSE) : FALSE;
+ if (ignore_keys) {
+ ignore_keys = FALSE;
+ return TRUE;
+ }
+ return FALSE;
}
static gboolean
diff --git a/libpurple/account.c b/libpurple/account.c
--- a/libpurple/account.c
+++ b/libpurple/account.c
@@ -1535,7 +1535,7 @@ purple_account_request_change_password(P
field = purple_request_field_string_new("password", _("Original password"),
NULL, FALSE);
purple_request_field_string_set_masked(field, TRUE);
- if (!(prpl_info && (prpl_info->options | OPT_PROTO_PASSWORD_OPTIONAL)))
+ if (!prpl_info || !(prpl_info->options & OPT_PROTO_PASSWORD_OPTIONAL))
purple_request_field_set_required(field, TRUE);
purple_request_field_group_add_field(group, field);
@@ -1543,7 +1543,7 @@ purple_account_request_change_password(P
_("New password"),
NULL, FALSE);
purple_request_field_string_set_masked(field, TRUE);
- if (!(prpl_info && (prpl_info->options | OPT_PROTO_PASSWORD_OPTIONAL)))
+ if (!prpl_info || !(prpl_info->options & OPT_PROTO_PASSWORD_OPTIONAL))
purple_request_field_set_required(field, TRUE);
purple_request_field_group_add_field(group, field);
@@ -1551,7 +1551,7 @@ purple_account_request_change_password(P
_("New password (again)"),
NULL, FALSE);
purple_request_field_string_set_masked(field, TRUE);
- if (!(prpl_info && (prpl_info->options | OPT_PROTO_PASSWORD_OPTIONAL)))
+ if (!prpl_info || !(prpl_info->options & OPT_PROTO_PASSWORD_OPTIONAL))
purple_request_field_set_required(field, TRUE);
purple_request_field_group_add_field(group, field);
diff --git a/libpurple/buddyicon.c b/libpurple/buddyicon.c
--- a/libpurple/buddyicon.c
+++ b/libpurple/buddyicon.c
@@ -390,7 +390,7 @@ purple_buddy_icon_update(PurpleBuddyIcon
icon_to_set = icon->img ? icon : NULL;
/* Ensure that icon remains valid throughout */
- if (icon) purple_buddy_icon_ref(icon);
+ purple_buddy_icon_ref(icon);
buddies = purple_find_buddies(account, username);
while (buddies != NULL)
@@ -438,7 +438,7 @@ purple_buddy_icon_update(PurpleBuddyIcon
purple_conv_im_set_icon(PURPLE_CONV_IM(conv), icon_to_set);
/* icon's refcount was incremented above */
- if (icon) purple_buddy_icon_unref(icon);
+ purple_buddy_icon_unref(icon);
}
void
diff --git a/libpurple/certificate.c b/libpurple/certificate.c
--- a/libpurple/certificate.c
+++ b/libpurple/certificate.c
@@ -504,8 +504,8 @@ purple_certificate_pool_mkpath(PurpleCer
g_return_val_if_fail(pool->name, NULL);
/* Escape all the elements for filesystem-friendliness */
- esc_scheme_name = pool ? g_strdup(purple_escape_filename(pool->scheme_name)) : NULL;
- esc_name = pool ? g_strdup(purple_escape_filename(pool->name)) : NULL;
+ esc_scheme_name = g_strdup(purple_escape_filename(pool->scheme_name));
+ esc_name = g_strdup(purple_escape_filename(pool->name));
esc_id = id ? g_strdup(purple_escape_filename(id)) : NULL;
path = g_build_filename(purple_user_dir(),
diff --git a/libpurple/dnsquery.c b/libpurple/dnsquery.c
--- a/libpurple/dnsquery.c
+++ b/libpurple/dnsquery.c
@@ -531,12 +531,12 @@ send_dns_request_to_child(PurpleDnsQuery
* instance, we can't use it. */
pid = waitpid(resolver->dns_pid, NULL, WNOHANG);
if (pid > 0) {
- purple_debug_warning("dns", "DNS child %d no longer exists\n",
+ purple_debug_info("dns", "DNS child %d no longer exists\n",
resolver->dns_pid);
purple_dnsquery_resolver_destroy(resolver);
More information about the Commits
mailing list