/pidgin/main: 7a40d62c81d8: Merge with release-2.x.y

Andrew Victor andrew.victor at mxit.com
Tue Mar 26 19:37:44 EDT 2013


Changeset: 7a40d62c81d862e80ed757a2523e3dd2a208a914
Author:	 Andrew Victor <andrew.victor at mxit.com>
Date:	 2013-03-27 01:37 +0200
Branch:	 mxit-2.x.y
URL: https://hg.pidgin.im/pidgin/main/rev/7a40d62c81d8

Description:

Merge with release-2.x.y

diffstat:

 .hgtags                                            |     1 +
 COPYRIGHT                                          |     2 +-
 ChangeLog                                          |    36 +-
 ChangeLog.API                                      |     3 +
 Makefile.mingw                                     |     6 +-
 configure.ac                                       |     8 +-
 finch/gntlog.c                                     |     2 +-
 finch/gntpounce.c                                  |     6 +-
 finch/libgnt/gntwm.c                               |     6 +-
 libpurple/account.c                                |     6 +-
 libpurple/buddyicon.c                              |     4 +-
 libpurple/certificate.c                            |     4 +-
 libpurple/example/nullclient.c                     |    10 +-
 libpurple/log.c                                    |     2 +-
 libpurple/plugin.c                                 |     9 +-
 libpurple/plugins/ssl/ssl-nss.c                    |     2 +-
 libpurple/plugins/tcl/tcl.c                        |     4 +-
 libpurple/pounce.c                                 |     2 +-
 libpurple/protocols/bonjour/jabber.c               |    27 +-
 libpurple/protocols/gg/lib/common.c                |     3 +-
 libpurple/protocols/gg/lib/dcc.c                   |     1 +
 libpurple/protocols/gg/lib/dcc7.c                  |     5 +-
 libpurple/protocols/gg/lib/libgadu.c               |     2 +-
 libpurple/protocols/irc/Makefile.am                |     2 +-
 libpurple/protocols/irc/msgs.c                     |     4 +-
 libpurple/protocols/irc/parse.c                    |    12 +-
 libpurple/protocols/jabber/auth_cyrus.c            |    41 +-
 libpurple/protocols/jabber/auth_digest_md5.c       |     4 +-
 libpurple/protocols/jabber/bosh.c                  |     6 +-
 libpurple/protocols/jabber/google/google_session.c |    13 +-
 libpurple/protocols/jabber/ibb.c                   |     4 -
 libpurple/protocols/jabber/jabber.c                |    59 +-
 libpurple/protocols/jabber/jingle/rtp.c            |     3 +-
 libpurple/protocols/jabber/oob.c                   |     9 +-
 libpurple/protocols/jabber/useravatar.c            |     8 +-
 libpurple/protocols/jabber/usermood.c              |     4 +-
 libpurple/protocols/msn/directconn.c               |    14 +-
 libpurple/protocols/msn/msn.c                      |     2 +-
 libpurple/protocols/msn/soap.c                     |     3 +-
 libpurple/protocols/mxit/cipher.c                  |    16 +-
 libpurple/protocols/mxit/formcmds.c                |    16 +-
 libpurple/protocols/mxit/http.c                    |    12 +-
 libpurple/protocols/mxit/login.c                   |    12 +-
 libpurple/protocols/mxit/markup.c                  |     6 +
 libpurple/protocols/mxit/multimx.c                 |     5 +-
 libpurple/protocols/mxit/mxit.c                    |     7 +-
 libpurple/protocols/mxit/mxit.h                    |     2 +-
 libpurple/protocols/mxit/protocol.c                |    75 +-
 libpurple/protocols/mxit/protocol.h                |     6 +-
 libpurple/protocols/mxit/roster.c                  |     8 +-
 libpurple/protocols/mxit/splashscreen.c            |     4 +-
 libpurple/protocols/novell/nmrtf.c                 |     1 -
 libpurple/protocols/novell/novell.c                |     8 -
 libpurple/protocols/oscar/family_icbm.c            |     2 +-
 libpurple/protocols/oscar/family_locate.c          |     2 +-
 libpurple/protocols/oscar/oscar.c                  |    20 +-
 libpurple/protocols/oscar/peer.c                   |     4 -
 libpurple/protocols/oscar/userinfo.c               |    11 +-
 libpurple/protocols/sametime/sametime.c            |     5 +-
 libpurple/protocols/silc/buddy.c                   |     9 +-
 libpurple/protocols/silc/chat.c                    |     4 +-
 libpurple/protocols/silc/ft.c                      |     2 -
 libpurple/protocols/silc/ops.c                     |    14 +-
 libpurple/protocols/silc/silc.c                    |     7 +-
 libpurple/protocols/silc/silcpurple.h              |     2 +-
 libpurple/protocols/silc/util.c                    |     2 +-
 libpurple/protocols/silc/wb.c                      |     2 +-
 libpurple/protocols/silc10/wb.c                    |     2 +-
 libpurple/protocols/simple/simple.c                |     6 +-
 libpurple/protocols/yahoo/libymsg.c                |     9 +-
 libpurple/protocols/yahoo/libymsg.h                |     2 +-
 libpurple/protocols/yahoo/yahoo_doodle.c           |     6 +-
 libpurple/protocols/yahoo/yahoo_profile.c          |     2 +-
 libpurple/protocols/zephyr/zephyr.c                |    14 +-
 libpurple/smiley.c                                 |    32 +-
 libpurple/theme-loader.c                           |     1 +
 libpurple/upnp.c                                   |    16 +-
 libpurple/util.c                                   |     5 +-
 libpurple/win32/global.mak                         |     4 +-
 pidgin/gtkconv.c                                   |    14 +-
 pidgin/gtkdialogs.c                                |    14 +-
 pidgin/gtkdocklet.c                                |     2 -
 pidgin/gtkimhtml.c                                 |    15 +-
 pidgin/gtklog.c                                    |     2 +-
 pidgin/gtkmain.c                                   |     5 +-
 pidgin/gtknotify.c                                 |     2 +-
 pidgin/gtkpounce.c                                 |    15 +-
 pidgin/gtksourceundomanager.c                      |    17 +-
 pidgin/gtkutils.c                                  |     6 +-
 pidgin/plugins/cap/cap.c                           |     2 +-
 pidgin/plugins/gevolution/add_buddy_dialog.c       |     4 +-
 pidgin/plugins/gevolution/gevolution.c             |     2 +-
 pidgin/plugins/timestamp_format.c                  |     2 +-
 pidgin/win32/nsis/generate_gtk_zip.sh              |     2 +-
 pidgin/win32/nsis/pidgin-installer.nsi             |    11 +-
 po/ChangeLog                                       |    26 +-
 po/POTFILES.skip                                   |    63 +
 po/de.po                                           |   127 +-
 po/el.po                                           |  5079 +++------
 po/et.po                                           |  5059 +++------
 po/ga.po                                           |  9517 +++++++++---------
 po/he.po                                           |   886 +-
 po/hr.po                                           |    10 +-
 po/lt.po                                           |  4389 ++-----
 po/my_MM.po                                        |    88 +-
 po/nl.po                                           |   557 +-
 po/nn.po                                           |    87 +-
 po/pa.po                                           |   795 +-
 po/pl.po                                           |   552 +-
 po/pt.po                                           |  9945 ++++++-------------
 po/pt_BR.po                                        |  1807 +--
 111 files changed, 16084 insertions(+), 23720 deletions(-)

diffs (truncated from 73947 to 300 lines):

diff --git a/.hgtags b/.hgtags
--- a/.hgtags
+++ b/.hgtags
@@ -1,2 +1,3 @@
 a3d157700972b48cf0a23b300261a5ab0c6e165b v2.10.5
 4992bd90d8ad78ebdd324dd90d3e9d443f7dd002 v2.10.6
+ad7e7fb98db3bbd7bf9ab49072fd34cd4fa25dd9 v2.10.7
diff --git a/COPYRIGHT b/COPYRIGHT
--- a/COPYRIGHT
+++ b/COPYRIGHT
@@ -15,7 +15,7 @@ If concerns are raised as to the copyrig
 piece of code, then that code should be traced through our version
 control system to see from where it came and who has modified it.
 
-Copyright (C) 1998-2012 by the following:
+Copyright (C) 1998-2013 by the following:
 
 Mark
 Saleem Abdulrasool
diff --git a/ChangeLog b/ChangeLog
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,14 @@
 Pidgin and Finch: The Pimpin' Penguin IM Clients That're Good for the Soul
 
-version 2.10.7:
+version 2.10.8:
+	Stock market:
+	* Didn't really increase, but didn't plummet, either.
+
+	Windows-Specific Changes:
+	* Updates to dependencies:
+		* NSS 3.14.3 and NSPR 4.9.5
+
+version 2.10.7 (02/13/2013):
 	Alien hatchery:
 	* No changes
 
@@ -10,6 +18,8 @@ version 2.10.7:
 	  --with-dynamic-prpls arguments. (Michael Fiedler) (#15316)
 
 	libpurple:
+	* Fix a crash when receiving UPnP responses with abnormally long values.
+	  (CVE-2013-0274)
 	* Don't link directly to libgcrypt when building with GnuTLS support.
 	  (Bartosz Brachaczek) (#15329)
 	* Fix UPnP mappings on routers that return empty <URLBase/> elements
@@ -24,10 +34,10 @@ version 2.10.7:
 
 	Gadu-Gadu:
 	* Fix a crash at startup with large contact list. Avatar support for
-	  buddies will be disabled till 3.0.0. (#15226, #14305)
+	  buddies will be disabled until 3.0.0. (#15226, #14305)
 
 	IRC:
-	* Support for SASL authentication.  (Thijs Alkemade, Andy Spencer)
+	* Support for SASL authentication. (Thijs Alkemade, Andy Spencer)
 	  (#13270)
 	* Print topic setter information at channel join. (#13317)
 
@@ -37,6 +47,11 @@ version 2.10.7:
 	  Barfield) (#15217)
 
 	MXit:
+	* Fix two bugs where a remote MXit user could possibly specify a local
+	  file path to be written to. (CVE-2013-0271)
+	* Fix a bug where the MXit server or a man-in-the-middle could
+	  potentially send specially crafted data that could overflow a buffer
+	  and lead to a crash or remote code execution. (CVE-2013-0272)
 	* Display farewell messages in a different colour to distinguish
 	  them from normal messages.
 	* Add support for typing notification.
@@ -47,6 +62,12 @@ version 2.10.7:
 	* The buddy's name was not centered vertically in the buddy-list if they
 	  did not have a status-message or mood set.
 	* Fix decoding of font-size changes in the markup of received messages.
+	* Increase the maximum file size that can be transferred to 1 MB.
+	* When setting an avatar image, no longer downscale it to 96x96.
+
+	Sametime:
+	* Fix a crash in Sametime when a malicious server sends us an abnormally
+	  long user ID. (CVE-2013-0273)
 
 	Yahoo!:
 	* Fix a double-free in profile/picture loading code. (Mihai Serban)
@@ -62,11 +83,14 @@ version 2.10.7:
 	  such as MacPorts' +no_x11 variant.
 
 	Windows-Specific Changes:
-	* Compile with secure flags (#15290)
+	* Compile with secure flags (Jurre van Bergen) (#15290)
 	* Installer downloads GTK+ Runtime and Debug Symbols more securely.
-	  (#15277)
+	  Thanks goes to Jacob Appelbaum of the Tor Project for identifying
+	  this issue and suggesting solutions. (#15277)
 	* Updates to a number of dependencies, some of which have security
-	  related fixes. (#14571, #15285, #15286)
+	  related fixes. Thanks again to Jacob Appelbaum and Jurre van Bergen
+	  for identifying the vulnerable libraries and to Dieter Verfaillie 
+	  for helping getting the libraries updated. (#14571, #15285, #15286)
 		* ATK 1.32.0-2
 		* Cyrus SASL 2.1.25
 		* expat 2.1.0-1
diff --git a/ChangeLog.API b/ChangeLog.API
--- a/ChangeLog.API
+++ b/ChangeLog.API
@@ -1,5 +1,8 @@
 Pidgin and Finch: The Pimpin' Penguin IM Clients That're Good for the Soul
 
+version 2.10.8:
+	* No changes
+
 version 2.10.7:
 	* No changes
 
diff --git a/Makefile.mingw b/Makefile.mingw
--- a/Makefile.mingw
+++ b/Makefile.mingw
@@ -38,14 +38,14 @@ authenticode_sign = $(MONO_SIGNCODE) \
 		    -a sha1 -$$ commercial \
 		    -n "$(2)" -i "https://pidgin.im" \
 		    -t "http://timestamp.verisign.com/scripts/timstamp.dll" -tr 10 \
-		    $(1)
+		    $(1) && rm -f $(1).bak
 
 gpg_sign = $(GPG_SIGN) -ab $(1) && $(GPG_SIGN) --verify $(1).asc
 
 STRIPPED_RELEASE_DIR = $(PIDGIN_TREE_TOP)/pidgin-$(PIDGIN_VERSION)-win32bin
 DEBUG_SYMBOLS_DIR = $(PIDGIN_TREE_TOP)/pidgin-$(PIDGIN_VERSION)-dbgsym
 
-PIDGIN_INST_DEP_DIR="$(WIN32_DEV_TOP)/pidgin-inst-deps-20120910"
+PIDGIN_INST_DEP_DIR="$(WIN32_DEV_TOP)/pidgin-inst-deps-20130214"
 
 # Any *.dll or *.exe files included in win32-install-dir that we don't compile
 # should be included in this list so they don't get stripped
@@ -109,7 +109,7 @@ endif
 	cp $(ENCHANT_TOP)/bin/libenchant.dll $(PIDGIN_INSTALL_DIR)/spellcheck
 	cp -R $(ENCHANT_TOP)/lib/enchant/*.dll $(PIDGIN_INSTALL_DIR)/spellcheck/lib/enchant
 	cp $(PIDGIN_INST_DEP_DIR)/exchndl.dll $(PIDGIN_INSTALL_DIR)
-	cp $(GCC_SSP_TOP)/bin/libssp-0.dll $(PIDGIN_INSTALL_DIR)
+	cp $(GCC_SSP_TOP)/libssp-0.dll $(PIDGIN_INSTALL_DIR)
 
 gtk_runtime_zip:
 	pidgin/win32/nsis/generate_gtk_zip.sh "`pwd`" "$(GPG_SIGN)"
diff --git a/configure.ac b/configure.ac
--- a/configure.ac
+++ b/configure.ac
@@ -46,7 +46,7 @@ AC_PREREQ([2.50])
 m4_define([purple_lt_current], [10])
 m4_define([purple_major_version], [2])
 m4_define([purple_minor_version], [10])
-m4_define([purple_micro_version], [7])
+m4_define([purple_micro_version], [8])
 m4_define([purple_version_suffix], [devel])
 m4_define([purple_version],
           [purple_major_version.purple_minor_version.purple_micro_version])
@@ -55,7 +55,7 @@ m4_define([purple_display_version], purp
 m4_define([gnt_lt_current], [8])
 m4_define([gnt_major_version], [2])
 m4_define([gnt_minor_version], [8])
-m4_define([gnt_micro_version], [9])
+m4_define([gnt_micro_version], [10])
 m4_define([gnt_version_suffix], [devel])
 m4_define([gnt_version],
           [gnt_major_version.gnt_minor_version.gnt_micro_version])
@@ -2301,12 +2301,12 @@ fi
 AC_SUBST(PLUGINS_DEFINE)
 
 dnl #######################################################################
-dnl # Check for Cyrus-SASL (for Jabber)
+dnl # Check for Cyrus-SASL (for xmpp/irc)
 dnl #######################################################################
 dnl AC_CHECK_SIZEOF(short)
 AC_CHECK_FUNCS(snprintf connect)
 AC_SUBST(SASL_LIBS)
-AC_ARG_ENABLE(cyrus-sasl, AC_HELP_STRING([--enable-cyrus-sasl], [enable Cyrus SASL support for jabberd]), enable_cyrus_sasl=$enableval, enable_cyrus_sasl=no)
+AC_ARG_ENABLE(cyrus-sasl, AC_HELP_STRING([--enable-cyrus-sasl], [enable Cyrus SASL support for xmpp/irc]), enable_cyrus_sasl=$enableval, enable_cyrus_sasl=no)
 if test "x$enable_cyrus_sasl" = "xyes" ; then
 	AC_CHECK_LIB(sasl2, sasl_client_init, [
 			AM_CONDITIONAL(USE_CYRUS_SASL, true)
diff --git a/finch/gntlog.c b/finch/gntlog.c
--- a/finch/gntlog.c
+++ b/finch/gntlog.c
@@ -248,7 +248,7 @@ static void populate_log_tree(FinchLogVi
 									NULL);
 			gnt_tree_set_expanded(GNT_TREE(lv->tree), month, FALSE);
 
-			strncpy(prev_top_month, month, sizeof(prev_top_month));
+			g_strlcpy(prev_top_month, month, sizeof(prev_top_month));
 		}
 
 		/* sub */
diff --git a/finch/gntpounce.c b/finch/gntpounce.c
--- a/finch/gntpounce.c
+++ b/finch/gntpounce.c
@@ -801,10 +801,8 @@ pounce_cb(PurplePounce *pounce, PurplePo
 
 	if (purple_pounce_action_is_enabled(pounce, "open-window"))
 	{
-		conv = purple_find_conversation_with_account(PURPLE_CONV_TYPE_IM, pouncee, account);
-
-		if (conv == NULL)
-			conv = purple_conversation_new(PURPLE_CONV_TYPE_IM, account, pouncee);
+		if (!purple_find_conversation_with_account(PURPLE_CONV_TYPE_IM, pouncee, account))
+			purple_conversation_new(PURPLE_CONV_TYPE_IM, account, pouncee);
 	}
 
 	if (purple_pounce_action_is_enabled(pounce, "popup-notify"))
diff --git a/finch/libgnt/gntwm.c b/finch/libgnt/gntwm.c
--- a/finch/libgnt/gntwm.c
+++ b/finch/libgnt/gntwm.c
@@ -1252,7 +1252,11 @@ ignore_keys_start(GntBindable *bindable,
 static gboolean
 ignore_keys_end(GntBindable *bindable, GList *n)
 {
-	return ignore_keys ? !(ignore_keys = FALSE) : FALSE;
+	if (ignore_keys) {
+		ignore_keys = FALSE;
+		return TRUE;
+	}
+	return FALSE;
 }
 
 static gboolean
diff --git a/libpurple/account.c b/libpurple/account.c
--- a/libpurple/account.c
+++ b/libpurple/account.c
@@ -1550,7 +1550,7 @@ purple_account_request_change_password(P
 	field = purple_request_field_string_new("password", _("Original password"),
 										  NULL, FALSE);
 	purple_request_field_string_set_masked(field, TRUE);
-	if (!(prpl_info && (prpl_info->options | OPT_PROTO_PASSWORD_OPTIONAL)))
+	if (!prpl_info || !(prpl_info->options & OPT_PROTO_PASSWORD_OPTIONAL))
 		purple_request_field_set_required(field, TRUE);
 	purple_request_field_group_add_field(group, field);
 
@@ -1558,7 +1558,7 @@ purple_account_request_change_password(P
 										  _("New password"),
 										  NULL, FALSE);
 	purple_request_field_string_set_masked(field, TRUE);
-	if (!(prpl_info && (prpl_info->options | OPT_PROTO_PASSWORD_OPTIONAL)))
+	if (!prpl_info || !(prpl_info->options & OPT_PROTO_PASSWORD_OPTIONAL))
 		purple_request_field_set_required(field, TRUE);
 	purple_request_field_group_add_field(group, field);
 
@@ -1566,7 +1566,7 @@ purple_account_request_change_password(P
 										  _("New password (again)"),
 										  NULL, FALSE);
 	purple_request_field_string_set_masked(field, TRUE);
-	if (!(prpl_info && (prpl_info->options | OPT_PROTO_PASSWORD_OPTIONAL)))
+	if (!prpl_info || !(prpl_info->options & OPT_PROTO_PASSWORD_OPTIONAL))
 		purple_request_field_set_required(field, TRUE);
 	purple_request_field_group_add_field(group, field);
 
diff --git a/libpurple/buddyicon.c b/libpurple/buddyicon.c
--- a/libpurple/buddyicon.c
+++ b/libpurple/buddyicon.c
@@ -407,7 +407,7 @@ purple_buddy_icon_update(PurpleBuddyIcon
 	icon_to_set = icon->img ? icon : NULL;
 
 	/* Ensure that icon remains valid throughout */
-	if (icon) purple_buddy_icon_ref(icon);
+	purple_buddy_icon_ref(icon);
 
 	buddies = purple_find_buddies(account, username);
 	while (buddies != NULL)
@@ -455,7 +455,7 @@ purple_buddy_icon_update(PurpleBuddyIcon
 		purple_conv_im_set_icon(PURPLE_CONV_IM(conv), icon_to_set);
 
 	/* icon's refcount was incremented above */
-	if (icon) purple_buddy_icon_unref(icon);
+	purple_buddy_icon_unref(icon);
 }
 
 void
diff --git a/libpurple/certificate.c b/libpurple/certificate.c
--- a/libpurple/certificate.c
+++ b/libpurple/certificate.c
@@ -516,8 +516,8 @@ purple_certificate_pool_mkpath(PurpleCer
 	g_return_val_if_fail(pool->name, NULL);
 
 	/* Escape all the elements for filesystem-friendliness */
-	esc_scheme_name = pool ? g_strdup(purple_escape_filename(pool->scheme_name)) : NULL;
-	esc_name = pool ? g_strdup(purple_escape_filename(pool->name)) : NULL;
+	esc_scheme_name = g_strdup(purple_escape_filename(pool->scheme_name));
+	esc_name = g_strdup(purple_escape_filename(pool->name));
 	esc_id = id ? g_strdup(purple_escape_filename(id)) : NULL;
 
 	path = g_build_filename(purple_user_dir(),
diff --git a/libpurple/example/nullclient.c b/libpurple/example/nullclient.c
--- a/libpurple/example/nullclient.c
+++ b/libpurple/example/nullclient.c
@@ -253,7 +253,7 @@ int main(int argc, char *argv[])
 	GList *iter;
 	int i, num;
 	GList *names = NULL;
-	const char *prpl;
+	const char *prpl = NULL;
 	char name[128];
 	char *password;



More information about the Commits mailing list