/pidgin/main: c3e87cb60c02: Fairly easy manual merge of release-...
Mark Doliner
mark at kingant.net
Sun Sep 28 22:12:35 EDT 2014
Changeset: c3e87cb60c02a878c4344596f838e827d83170f6
Author: Mark Doliner <mark at kingant.net>
Date: 2014-09-28 19:12 -0700
Branch: default
URL: https://hg.pidgin.im/pidgin/main/rev/c3e87cb60c02
Description:
Fairly easy manual merge of release-2.x.y into master.
Conflicts were in libpurple/plugins/ssl/ssl-nss.c and
libpurple/win32/global.mak
diffstat:
ChangeLog | 2 +-
Makefile.mingw | 9 +++
libpurple/plugins/ssl/ssl-nss.c | 110 ++++++++++++++++++++++-----------------
libpurple/win32/global.mak | 34 +-----------
4 files changed, 75 insertions(+), 80 deletions(-)
diffs (270 lines):
diff --git a/ChangeLog b/ChangeLog
--- a/ChangeLog
+++ b/ChangeLog
@@ -86,7 +86,7 @@ version 2.10.10 (?/?/?):
Windows-Specific Changes:
* Updates to dependencies:
- * NSS 3.16 and NSPR 4.10.4
+ * NSS 3.17.1 and NSPR 4.10.7
Finch:
* Fix build against Python 3. (Ed Catmur) (#15969)
diff --git a/Makefile.mingw b/Makefile.mingw
--- a/Makefile.mingw
+++ b/Makefile.mingw
@@ -33,12 +33,21 @@ awk 'BEGIN {FS="."} { \
GTK_INSTALL_VERSION = 2.24.18.0
+ifdef SIGNTOOL
+authenticode_sign = $(SIGNTOOL) sign \
+ /fd SHA256 \
+ /f "$(SIGNTOOL_PFX)" /p "$(SIGNTOOL_PASSWORD)" \
+ /d $(2) /du "https://pidgin.im" \
+ /tr "http://timestamp.comodoca.com/rfc3161" /td SHA256 \
+ $(1)
+else
authenticode_sign = $(MONO_SIGNCODE) \
-spc "$(SIGNCODE_SPC)" -v "$(SIGNCODE_PVK)" \
-a sha1 -$$ commercial \
-n "$(2)" -i "https://pidgin.im" \
-t "http://timestamp.verisign.com/scripts/timstamp.dll" -tr 10 \
$(1) && rm -f $(1).bak
+endif
gpg_sign = $(GPG_SIGN) -ab $(1) && $(GPG_SIGN) --verify $(1).asc
diff --git a/libpurple/plugins/ssl/ssl-nss.c b/libpurple/plugins/ssl/ssl-nss.c
--- a/libpurple/plugins/ssl/ssl-nss.c
+++ b/libpurple/plugins/ssl/ssl-nss.c
@@ -133,8 +133,6 @@ static gchar *get_error_text(void)
static void
ssl_nss_init_nss(void)
{
- SSLVersionRange supported, enabled;
-
PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
NSS_NoDB_Init(".");
NSS_SetDomesticPolicy();
@@ -152,27 +150,31 @@ ssl_nss_init_nss(void)
SSL_CipherPrefSetDefault(SSL_DHE_RSA_WITH_DES_CBC_SHA, 1);
SSL_CipherPrefSetDefault(SSL_DHE_DSS_WITH_DES_CBC_SHA, 1);
- /* Get the ranges of supported and enabled SSL versions */
- if ((SSL_VersionRangeGetSupported(ssl_variant_stream, &supported) == SECSuccess) &&
- (SSL_VersionRangeGetDefault(ssl_variant_stream, &enabled) == SECSuccess)) {
- purple_debug_info("nss", "TLS supported versions: "
- "0x%04hx through 0x%04hx\n", supported.min, supported.max);
- purple_debug_info("nss", "TLS versions allowed by default: "
- "0x%04hx through 0x%04hx\n", enabled.min, enabled.max);
+ if (NSS_VersionCheck("3.14")) {
+ SSLVersionRange supported, enabled;
- /* Make sure SSL 3.0 is disabled (it's old and everyone should be
- using at least TLS 1.0 by now), and make sure all versions of TLS
- supported by the local library are enabled (for some reason NSS
- doesn't enable newer versions of TLS by default -- more context in
- ticket #15909). */
- if (enabled.min != SSL_LIBRARY_VERSION_TLS_1_0 || supported.max > enabled.max) {
- enabled.max = supported.max;
- if (SSL_VersionRangeSetDefault(ssl_variant_stream, &enabled) == SECSuccess) {
- purple_debug_info("nss", "Changed allowed TLS versions to "
- "0x%04hx through 0x%04hx\n", enabled.min, enabled.max);
- } else {
- purple_debug_error("nss", "Error setting allowed TLS versions to "
- "0x%04hx through 0x%04hx\n", enabled.min, enabled.max);
+ /* Get the ranges of supported and enabled SSL versions */
+ if ((SSL_VersionRangeGetSupported(ssl_variant_stream, &supported) == SECSuccess) &&
+ (SSL_VersionRangeGetDefault(ssl_variant_stream, &enabled) == SECSuccess)) {
+ purple_debug_info("nss", "TLS supported versions: "
+ "0x%04hx through 0x%04hx\n", supported.min, supported.max);
+ purple_debug_info("nss", "TLS versions allowed by default: "
+ "0x%04hx through 0x%04hx\n", enabled.min, enabled.max);
+
+ /* Make sure SSL 3.0 is disabled (it's old and everyone should be
+ using at least TLS 1.0 by now), and make sure all versions of TLS
+ supported by the local library are enabled (for some reason NSS
+ doesn't enable newer versions of TLS by default -- more context in
+ ticket #15909). */
+ if (enabled.min != SSL_LIBRARY_VERSION_TLS_1_0 || supported.max > enabled.max) {
+ enabled.max = supported.max;
+ if (SSL_VersionRangeSetDefault(ssl_variant_stream, &enabled) == SECSuccess) {
+ purple_debug_info("nss", "Changed allowed TLS versions to "
+ "0x%04hx through 0x%04hx\n", enabled.min, enabled.max);
+ } else {
+ purple_debug_error("nss", "Error setting allowed TLS versions to "
+ "0x%04hx through 0x%04hx\n", enabled.min, enabled.max);
+ }
}
}
}
@@ -916,7 +918,7 @@ x509_check_name (PurpleCertificate *crt,
}
static gboolean
-x509_times (PurpleCertificate *crt, gint64 *activation, gint64 *expiration)
+x509_times (PurpleCertificate *crt, time_t *activation, time_t *expiration)
{
CERTCertificate *crt_dat;
PRTime nss_activ, nss_expir;
@@ -942,37 +944,49 @@ x509_times (PurpleCertificate *crt, gint
if (activation) {
*activation = nss_activ;
+#if SIZEOF_TIME_T == 4
+ /** Hack to deal with dates past the 32-bit barrier.
+ Handling is different for signed vs unsigned 32-bit types.
+ */
+ if (*activation != nss_activ) {
+ if (nss_activ < 0) {
+ purple_debug_warning("nss",
+ "Setting Activation Date to epoch to handle pre-epoch value\n");
+ *activation = 0;
+ } else {
+ purple_debug_error("nss",
+ "Activation date past 32-bit barrier, forcing invalidity\n");
+ return FALSE;
+ }
+ }
+#endif
}
if (expiration) {
*expiration = nss_expir;
+#if SIZEOF_TIME_T == 4
+ if (*expiration != nss_expir) {
+ if (*expiration < nss_expir) {
+ if (*expiration < 0) {
+ purple_debug_warning("nss",
+ "Setting Expiration Date to 32-bit signed max\n");
+ *expiration = PR_INT32_MAX;
+ } else {
+ purple_debug_warning("nss",
+ "Setting Expiration Date to 32-bit unsigned max\n");
+ *expiration = PR_UINT32_MAX;
+ }
+ } else {
+ purple_debug_error("nss",
+ "Expiration date prior to unix epoch, forcing invalidity\n");
+ return FALSE;
+ }
+ }
+#endif
}
return TRUE;
}
-static GByteArray *
-x509_get_der_data(PurpleCertificate *crt)
-{
- CERTCertificate *crt_dat;
- SECItem *dercrt;
- GByteArray *data;
-
- crt_dat = X509_NSS_DATA(crt);
- g_return_val_if_fail(crt_dat, NULL);
-
- dercrt = SEC_ASN1EncodeItem(NULL, NULL, crt_dat,
- SEC_ASN1_GET(SEC_SignedCertificateTemplate));
- g_return_val_if_fail(dercrt != NULL, FALSE);
-
- data = g_byte_array_sized_new(dercrt->len);
- memcpy(data->data, dercrt->data, dercrt->len);
- data->len = dercrt->len;
-
- SECITEM_FreeItem(dercrt, PR_TRUE);
-
- return data;
-}
-
static PurpleCertificateScheme x509_nss = {
"x509", /* Scheme name */
N_("X.509 Certificates"), /* User-visible scheme name */
@@ -988,8 +1002,9 @@ static PurpleCertificateScheme x509_nss
x509_check_name, /* Check subject name */
x509_times, /* Activation/Expiration time */
x509_importcerts_from_file, /* Multiple certificate import function */
- x509_get_der_data, /* Binary DER data */
+ NULL,
+ NULL,
NULL
};
@@ -1006,7 +1021,6 @@ static PurpleSslOps ssl_ops =
/* padding */
NULL,
NULL,
- NULL,
NULL
};
diff --git a/libpurple/win32/global.mak b/libpurple/win32/global.mak
--- a/libpurple/win32/global.mak
+++ b/libpurple/win32/global.mak
@@ -25,7 +25,7 @@ BONJOUR_TOP ?= $(WIN32_DEV_TOP)/bonjour-
JSON_GLIB_TOP ?= $(WIN32_DEV_TOP)/json-glib-0.14
LIBXML2_TOP ?= $(WIN32_DEV_TOP)/libxml2-2.9
MEANWHILE_TOP ?= $(WIN32_DEV_TOP)/meanwhile-1.0
-NSS_TOP ?= $(WIN32_DEV_TOP)/nss-3.14
+NSS_TOP ?= $(WIN32_DEV_TOP)/nss-3.17.1-nspr-4.10.7
PERL_LIB_TOP ?= $(WIN32_DEV_TOP)/perl-5.10
SILC_TOOLKIT ?= $(WIN32_DEV_TOP)/silc-toolkit-1.1
TCL_LIB_TOP ?= $(WIN32_DEV_TOP)/tcl-8.5
@@ -75,7 +75,6 @@ GCCWARNINGS ?= -Waggregate-return -Wcast
CC_HARDENING_OPTIONS ?= -Wstack-protector -fwrapv -fno-strict-overflow -Wno-missing-field-initializers -Wformat-security -fstack-protector-all --param ssp-buffer-size=1
LD_HARDENING_OPTIONS ?= -Wl,--dynamicbase -Wl,--nxcompat
-TAG := @$(PURPLE_TOP)/tag.sh
# parse the version number from the configure.ac file if it is newer
#m4_define([purple_major_version], [2])
@@ -117,45 +116,18 @@ DLL_LD_FLAGS += -Wl,--enable-auto-image-
ifeq "$(origin CC)" "default"
CC := gcc.exe
endif
-# comment out the next line to make output more verbose
-CC := $(TAG) "auto" $(CC)
-
-GMSGFMT ?= $(GETTEXT_TOP)/bin/msgfmt
+GMSGFMT ?= $(WIN32_DEV_TOP)/gettext-0.17/bin/msgfmt
MAKENSIS ?= makensis.exe
PERL ?= perl
WINDRES ?= windres
STRIP ?= strip
-INTLTOOL_MERGE ?= $(INTLTOOL_TOP)/bin/intltool-merge
+INTLTOOL_MERGE ?= $(WIN32_DEV_TOP)/intltool_0.40.4-1_win32/bin/intltool-merge
MONO_SIGNCODE ?= signcode
GPG_SIGN ?= gpg
-GLIB_GENMARSHAL ?= $(GTK_BIN)/glib-genmarshal
-GLIB_MKENUMS ?= $(GTK_BIN)/glib-mkenums
PIDGIN_COMMON_RULES := $(PURPLE_TOP)/win32/rules.mak
PIDGIN_COMMON_TARGETS := $(PURPLE_TOP)/win32/targets.mak
MINGW_MAKEFILE := Makefile.mingw
-MAKE_at := @
-
-USE_VV ?= 1
-
-ifeq "$(USE_VV)" "1"
-VV_LIBS := \
- -lgstreamer-0.10 \
- -lgstvideo-0.10 \
- -lgstinterfaces-0.10 \
- -lfarstream-0.1
-VV_INCLUDE_PATHS := \
- -I$(GSTREAMER_TOP)/include/gstreamer-0.10 \
- -I$(GSTREAMER_TOP)/include/farstream-0.1 \
- -I$(LIBXML2_TOP)/include/libxml2
-VV_LIB_PATHS := \
- -L$(GSTREAMER_TOP)/lib
-DEFINES += -DUSE_GSTREAMER -DUSE_VV
-else
-VV_LIBS :=
-VV_INCLUDE_PATHS :=
-VV_LIB_PATHS :=
-endif
INSTALL_PIXMAPS ?= 1
INSTALL_SSL_CERTIFICATES ?= 1
More information about the Commits
mailing list