/pidgin/main: db951baf06ac: Merge the release-2.x.y branch from ...

Mark Doliner mark at kingant.net
Wed Oct 22 10:20:29 EDT 2014 

Changeset: db951baf06ac796493dea48fc7dbe987cc379ec4
Author:	 Mark Doliner <mark at kingant.net>
Date:	 2014-10-09 20:56 -0700
Branch:	 release-2.x.y
URL: https://hg.pidgin.im/pidgin/main/rev/db951baf06ac

Description:

Merge the release-2.x.y branch from the main pidgin/main repo
into the release-2.x.y branch in our private repo.

diffstat:

 ChangeLog                       |   8 ++++-
 Makefile.mingw                  |   9 +++++++
 libpurple/plugins/ssl/ssl-nss.c |  32 +++++++++++++++++++++++++
 libpurple/win32/global.mak      |   2 +-
 po/de.po                        |  51 +++++++++++++++++++++++++---------------
 5 files changed, 80 insertions(+), 22 deletions(-)

diffs (197 lines):

diff --git a/ChangeLog b/ChangeLog
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,10 @@
 Pidgin and Finch: The Pimpin' Penguin IM Clients That're Good for the Soul
 
 version 2.10.10 (?/?/?):
+	General:
+	* Allow and prefer TLS 1.2 and 1.1 when using libnss. (Elrond and
+	  Ashish Gupta) (#15909)
+
 	libpurple3 compatibility:
 	* Encrypted account passwords are preserved until the new one is set.
 	* Fix loading Google Talk and Facebook XMPP accounts.
@@ -10,7 +14,7 @@ version 2.10.10 (?/?/?):
 	  user installs a smiley theme via drag-and-drop. (Discovered by Yves
 	  Younan of Sourcefire VRT)
 	* Updates to dependencies:
-		* NSS 3.16 and NSPR 4.10.4
+		* NSS 3.17.1 and NSPR 4.10.7
 
 	Finch:
 	* Fix build against Python 3. (Ed Catmur) (#15969)
@@ -247,7 +251,7 @@ version 2.10.7 (02/13/2013):
 	  this issue and suggesting solutions. (#15277)
 	* Updates to a number of dependencies, some of which have security
 	  related fixes. Thanks again to Jacob Appelbaum and Jurre van Bergen
-	  for identifying the vulnerable libraries and to Dieter Verfaillie 
+	  for identifying the vulnerable libraries and to Dieter Verfaillie
 	  for helping getting the libraries updated. (#14571, #15285, #15286)
 		* ATK 1.32.0-2
 		* Cyrus SASL 2.1.25
diff --git a/Makefile.mingw b/Makefile.mingw
--- a/Makefile.mingw
+++ b/Makefile.mingw
@@ -33,12 +33,21 @@ awk 'BEGIN {FS="."} { \
 
 GTK_INSTALL_VERSION = 2.16.6.2
 
+ifdef SIGNTOOL
+authenticode_sign = $(SIGNTOOL) sign \
+		    /fd SHA256 \
+		    /f "$(SIGNTOOL_PFX)" /p "$(SIGNTOOL_PASSWORD)" \
+		    /d $(2) /du "https://pidgin.im" \
+		    /tr "http://timestamp.comodoca.com/rfc3161" /td SHA256 \
+		    $(1)
+else
 authenticode_sign = $(MONO_SIGNCODE) \
 		    -spc "$(SIGNCODE_SPC)" -v "$(SIGNCODE_PVK)" \
 		    -a sha1 -$$ commercial \
 		    -n "$(2)" -i "https://pidgin.im" \
 		    -t "http://timestamp.verisign.com/scripts/timstamp.dll" -tr 10 \
 		    $(1) && rm -f $(1).bak
+endif
 
 gpg_sign = $(GPG_SIGN) -ab $(1) && $(GPG_SIGN) --verify $(1).asc
 
diff --git a/libpurple/plugins/ssl/ssl-nss.c b/libpurple/plugins/ssl/ssl-nss.c
--- a/libpurple/plugins/ssl/ssl-nss.c
+++ b/libpurple/plugins/ssl/ssl-nss.c
@@ -32,6 +32,9 @@
 #ifdef _WIN32
 # ifndef HAVE_LONG_LONG
 #define HAVE_LONG_LONG
+/* WINDDK_BUILD is defined because the checks around usage of
+ * intrisic functions are wrong in nspr */
+#define WINDDK_BUILD
 # endif
 #else
 /* TODO: Why is this done?
@@ -133,6 +136,10 @@ static gchar *get_error_text(void)
 static void
 ssl_nss_init_nss(void)
 {
+#if NSS_VMAJOR > 3 || ( NSS_VMAJOR == 3 && NSS_VMINOR >= 14 )
+	SSLVersionRange supported, enabled;
+#endif /* NSS >= 3.14 */
+
 	PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
 	NSS_NoDB_Init(".");
 	NSS_SetDomesticPolicy();
@@ -150,6 +157,31 @@ ssl_nss_init_nss(void)
 	SSL_CipherPrefSetDefault(SSL_DHE_RSA_WITH_DES_CBC_SHA, 1);
 	SSL_CipherPrefSetDefault(SSL_DHE_DSS_WITH_DES_CBC_SHA, 1);
 
+#if NSS_VMAJOR > 3 || ( NSS_VMAJOR == 3 && NSS_VMINOR >= 14 )
+	/* Get the ranges of supported and enabled SSL versions */
+	if ((SSL_VersionRangeGetSupported(ssl_variant_stream, &supported) == SECSuccess) &&
+			(SSL_VersionRangeGetDefault(ssl_variant_stream, &enabled) == SECSuccess)) {
+		purple_debug_info("nss", "TLS supported versions: "
+				"0x%04hx through 0x%04hx\n", supported.min, supported.max);
+		purple_debug_info("nss", "TLS versions allowed by default: "
+				"0x%04hx through 0x%04hx\n", enabled.min, enabled.max);
+
+		/* Make sure all versions of TLS supported by the local library are
+		   enabled. (For some reason NSS doesn't enable newer versions of TLS
+		   by default -- more context in ticket #15909.) */
+		if (supported.max > enabled.max) {
+			enabled.max = supported.max;
+			if (SSL_VersionRangeSetDefault(ssl_variant_stream, &enabled) == SECSuccess) {
+				purple_debug_info("nss", "Changed allowed TLS versions to "
+						"0x%04hx through 0x%04hx\n", enabled.min, enabled.max);
+			} else {
+				purple_debug_error("nss", "Error setting allowed TLS versions to "
+						"0x%04hx through 0x%04hx\n", enabled.min, enabled.max);
+			}
+		}
+	}
+#endif /* NSS >= 3.14 */
+
 	_identity = PR_GetUniqueIdentity("Purple");
 	_nss_methods = PR_GetDefaultIOMethods();
 }
diff --git a/libpurple/win32/global.mak b/libpurple/win32/global.mak
--- a/libpurple/win32/global.mak
+++ b/libpurple/win32/global.mak
@@ -17,7 +17,7 @@ GTK_BIN ?= $(GTK_TOP)/bin
 BONJOUR_TOP ?= $(WIN32_DEV_TOP)/Bonjour_SDK
 LIBXML2_TOP ?= $(WIN32_DEV_TOP)/libxml2-2.9.0
 MEANWHILE_TOP ?= $(WIN32_DEV_TOP)/meanwhile-1.0.2_daa3
-NSS_TOP ?= $(WIN32_DEV_TOP)/nss-3.16-nspr-4.10.4
+NSS_TOP ?= $(WIN32_DEV_TOP)/nss-3.17.1-nspr-4.10.7
 PERL_LIB_TOP ?= $(WIN32_DEV_TOP)/perl-5.10.0
 SILC_TOOLKIT ?= $(WIN32_DEV_TOP)/silc-toolkit-1.1.10
 TCL_LIB_TOP ?= $(WIN32_DEV_TOP)/tcl-8.4.5
diff --git a/po/de.po b/po/de.po
--- a/po/de.po
+++ b/po/de.po
@@ -12,8 +12,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: de\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2014-06-20 18:24+0200\n"
-"PO-Revision-Date: 2014-06-20 18:23+0200\n"
+"POT-Creation-Date: 2014-07-12 10:20+0200\n"
+"PO-Revision-Date: 2014-07-12 10:19+0200\n"
 "Last-Translator: Björn Voigt <bjoern at cs.tu-berlin.de>\n"
 "Language-Team: German <de at li.org>\n"
 "Language: de\n"
@@ -1804,27 +1804,40 @@ msgstr ""
 "dass Sie tatsächlich nicht mit dem Dienst verbunden sind, mit dem Sie "
 "glauben verbunden zu sein."
 
-#. Make messages
-#, c-format
-msgid ""
-"Common name: %s\n"
-"\n"
-"Fingerprint (SHA1): %s\n"
-"\n"
-"Activation date: %s\n"
-"Expiration date: %s\n"
-msgstr ""
-"Allgemeiner Name (Common name): %s\n"
-"\n"
-"Fingerabdruck (SHA1): %s\n"
-"\n"
-"Aktivierungsdatum: %s\n"
-"Ablaufdatum: %s\n"
-
 #. TODO: Find what the handle ought to be
 msgid "Certificate Information"
 msgstr "Zertifikat-Information"
 
+msgid "Unable to find Issuer Certificate"
+msgstr "Kann das Ausstellerzertifikat nicht finden"
+
+#. Make messages
+#, c-format
+msgid ""
+"Common name: %s\n"
+"\n"
+"Issued By: %s\n"
+"\n"
+"Fingerprint (SHA1): %s\n"
+"\n"
+"Activation date: %s\n"
+"Expiration date: %s\n"
+msgstr ""
+"Allgemeiner Name (Common name): %s\n"
+"\n"
+"Herausgegeben von: %s\n"
+"\n"
+"Fingerabdruck (SHA1): %s\n"
+"\n"
+"Aktivierungsdatum: %s\n"
+"Ablaufdatum: %s\n"
+
+msgid "(self-signed)"
+msgstr "(selbstsigniert)"
+
+msgid "View Issuer Certificate"
+msgstr "Zeige Ausstellerzertifikat"
+
 #. show error to user
 msgid "Registration Error"
 msgstr "Registrierungsfehler"

More information about the Commits mailing list