/pidgin/main: c3e87cb60c02: Fairly easy manual merge of release-...

Mark Doliner mark at kingant.net
Sun Sep 28 22:12:35 EDT 2014


Changeset: c3e87cb60c02a878c4344596f838e827d83170f6
Author:	 Mark Doliner <mark at kingant.net>
Date:	 2014-09-28 19:12 -0700
Branch:	 default
URL: https://hg.pidgin.im/pidgin/main/rev/c3e87cb60c02

Description:

Fairly easy manual merge of release-2.x.y into master.

Conflicts were in libpurple/plugins/ssl/ssl-nss.c and
libpurple/win32/global.mak

diffstat:

 ChangeLog                       |    2 +-
 Makefile.mingw                  |    9 +++
 libpurple/plugins/ssl/ssl-nss.c |  110 ++++++++++++++++++++++-----------------
 libpurple/win32/global.mak      |   34 +-----------
 4 files changed, 75 insertions(+), 80 deletions(-)

diffs (270 lines):

diff --git a/ChangeLog b/ChangeLog
--- a/ChangeLog
+++ b/ChangeLog
@@ -86,7 +86,7 @@ version 2.10.10 (?/?/?):
 
 	Windows-Specific Changes:
 	* Updates to dependencies:
-		* NSS 3.16 and NSPR 4.10.4
+		* NSS 3.17.1 and NSPR 4.10.7
 
 	Finch:
 	* Fix build against Python 3. (Ed Catmur) (#15969)
diff --git a/Makefile.mingw b/Makefile.mingw
--- a/Makefile.mingw
+++ b/Makefile.mingw
@@ -33,12 +33,21 @@ awk 'BEGIN {FS="."} { \
 
 GTK_INSTALL_VERSION = 2.24.18.0
 
+ifdef SIGNTOOL
+authenticode_sign = $(SIGNTOOL) sign \
+		    /fd SHA256 \
+		    /f "$(SIGNTOOL_PFX)" /p "$(SIGNTOOL_PASSWORD)" \
+		    /d $(2) /du "https://pidgin.im" \
+		    /tr "http://timestamp.comodoca.com/rfc3161" /td SHA256 \
+		    $(1)
+else
 authenticode_sign = $(MONO_SIGNCODE) \
 		    -spc "$(SIGNCODE_SPC)" -v "$(SIGNCODE_PVK)" \
 		    -a sha1 -$$ commercial \
 		    -n "$(2)" -i "https://pidgin.im" \
 		    -t "http://timestamp.verisign.com/scripts/timstamp.dll" -tr 10 \
 		    $(1) && rm -f $(1).bak
+endif
 
 gpg_sign = $(GPG_SIGN) -ab $(1) && $(GPG_SIGN) --verify $(1).asc
 
diff --git a/libpurple/plugins/ssl/ssl-nss.c b/libpurple/plugins/ssl/ssl-nss.c
--- a/libpurple/plugins/ssl/ssl-nss.c
+++ b/libpurple/plugins/ssl/ssl-nss.c
@@ -133,8 +133,6 @@ static gchar *get_error_text(void)
 static void
 ssl_nss_init_nss(void)
 {
-	SSLVersionRange supported, enabled;
-
 	PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
 	NSS_NoDB_Init(".");
 	NSS_SetDomesticPolicy();
@@ -152,27 +150,31 @@ ssl_nss_init_nss(void)
 	SSL_CipherPrefSetDefault(SSL_DHE_RSA_WITH_DES_CBC_SHA, 1);
 	SSL_CipherPrefSetDefault(SSL_DHE_DSS_WITH_DES_CBC_SHA, 1);
 
-	/* Get the ranges of supported and enabled SSL versions */
-	if ((SSL_VersionRangeGetSupported(ssl_variant_stream, &supported) == SECSuccess) &&
-			(SSL_VersionRangeGetDefault(ssl_variant_stream, &enabled) == SECSuccess)) {
-		purple_debug_info("nss", "TLS supported versions: "
-				"0x%04hx through 0x%04hx\n", supported.min, supported.max);
-		purple_debug_info("nss", "TLS versions allowed by default: "
-				"0x%04hx through 0x%04hx\n", enabled.min, enabled.max);
+    if (NSS_VersionCheck("3.14")) {
+		SSLVersionRange supported, enabled;
 
-		/* Make sure SSL 3.0 is disabled (it's old and everyone should be
-		   using at least TLS 1.0 by now), and make sure all versions of TLS
-		   supported by the local library are enabled (for some reason NSS
-		   doesn't enable newer versions of TLS by default -- more context in
-		   ticket #15909). */
-		if (enabled.min != SSL_LIBRARY_VERSION_TLS_1_0 || supported.max > enabled.max) {
-			enabled.max = supported.max;
-			if (SSL_VersionRangeSetDefault(ssl_variant_stream, &enabled) == SECSuccess) {
-				purple_debug_info("nss", "Changed allowed TLS versions to "
-						"0x%04hx through 0x%04hx\n", enabled.min, enabled.max);
-			} else {
-				purple_debug_error("nss", "Error setting allowed TLS versions to "
-						"0x%04hx through 0x%04hx\n", enabled.min, enabled.max);
+		/* Get the ranges of supported and enabled SSL versions */
+		if ((SSL_VersionRangeGetSupported(ssl_variant_stream, &supported) == SECSuccess) &&
+				(SSL_VersionRangeGetDefault(ssl_variant_stream, &enabled) == SECSuccess)) {
+			purple_debug_info("nss", "TLS supported versions: "
+					"0x%04hx through 0x%04hx\n", supported.min, supported.max);
+			purple_debug_info("nss", "TLS versions allowed by default: "
+					"0x%04hx through 0x%04hx\n", enabled.min, enabled.max);
+
+			/* Make sure SSL 3.0 is disabled (it's old and everyone should be
+			   using at least TLS 1.0 by now), and make sure all versions of TLS
+			   supported by the local library are enabled (for some reason NSS
+			   doesn't enable newer versions of TLS by default -- more context in
+			   ticket #15909). */
+			if (enabled.min != SSL_LIBRARY_VERSION_TLS_1_0 || supported.max > enabled.max) {
+				enabled.max = supported.max;
+				if (SSL_VersionRangeSetDefault(ssl_variant_stream, &enabled) == SECSuccess) {
+					purple_debug_info("nss", "Changed allowed TLS versions to "
+							"0x%04hx through 0x%04hx\n", enabled.min, enabled.max);
+				} else {
+					purple_debug_error("nss", "Error setting allowed TLS versions to "
+							"0x%04hx through 0x%04hx\n", enabled.min, enabled.max);
+				}
 			}
 		}
 	}
@@ -916,7 +918,7 @@ x509_check_name (PurpleCertificate *crt,
 }
 
 static gboolean
-x509_times (PurpleCertificate *crt, gint64 *activation, gint64 *expiration)
+x509_times (PurpleCertificate *crt, time_t *activation, time_t *expiration)
 {
 	CERTCertificate *crt_dat;
 	PRTime nss_activ, nss_expir;
@@ -942,37 +944,49 @@ x509_times (PurpleCertificate *crt, gint
 
 	if (activation) {
 		*activation = nss_activ;
+#if SIZEOF_TIME_T == 4
+		/** Hack to deal with dates past the 32-bit barrier.
+		    Handling is different for signed vs unsigned 32-bit types.
+		 */
+		if (*activation != nss_activ) {
+		       	if (nss_activ < 0) {
+				purple_debug_warning("nss",
+					"Setting Activation Date to epoch to handle pre-epoch value\n");
+				*activation = 0;
+			} else {
+				purple_debug_error("nss",
+					"Activation date past 32-bit barrier, forcing invalidity\n");
+				return FALSE;
+			}
+		}
+#endif
 	}
 	if (expiration) {
 		*expiration = nss_expir;
+#if SIZEOF_TIME_T == 4
+		if (*expiration != nss_expir) {
+			if (*expiration < nss_expir) {
+				if (*expiration < 0) {
+					purple_debug_warning("nss",
+						"Setting Expiration Date to 32-bit signed max\n");
+					*expiration = PR_INT32_MAX;
+				} else {
+					purple_debug_warning("nss",
+						"Setting Expiration Date to 32-bit unsigned max\n");
+					*expiration = PR_UINT32_MAX;
+				}
+			} else {
+				purple_debug_error("nss",
+					"Expiration date prior to unix epoch, forcing invalidity\n");
+				return FALSE;
+			}
+		}
+#endif
 	}
 
 	return TRUE;
 }
 
-static GByteArray *
-x509_get_der_data(PurpleCertificate *crt)
-{
-	CERTCertificate *crt_dat;
-	SECItem *dercrt;
-	GByteArray *data;
-
-	crt_dat = X509_NSS_DATA(crt);
-	g_return_val_if_fail(crt_dat, NULL);
-
-	dercrt = SEC_ASN1EncodeItem(NULL, NULL, crt_dat,
-	                            SEC_ASN1_GET(SEC_SignedCertificateTemplate));
-	g_return_val_if_fail(dercrt != NULL, FALSE);
-
-	data = g_byte_array_sized_new(dercrt->len);
-	memcpy(data->data, dercrt->data, dercrt->len);
-	data->len = dercrt->len;
-
-	SECITEM_FreeItem(dercrt, PR_TRUE);
-
-	return data;
-}
-
 static PurpleCertificateScheme x509_nss = {
 	"x509",                          /* Scheme name */
 	N_("X.509 Certificates"),        /* User-visible scheme name */
@@ -988,8 +1002,9 @@ static PurpleCertificateScheme x509_nss 
 	x509_check_name,                 /* Check subject name */
 	x509_times,                      /* Activation/Expiration time */
 	x509_importcerts_from_file,      /* Multiple certificate import function */
-	x509_get_der_data,               /* Binary DER data */
 
+	NULL,
+	NULL,
 	NULL
 };
 
@@ -1006,7 +1021,6 @@ static PurpleSslOps ssl_ops =
 	/* padding */
 	NULL,
 	NULL,
-	NULL,
 	NULL
 };
 
diff --git a/libpurple/win32/global.mak b/libpurple/win32/global.mak
--- a/libpurple/win32/global.mak
+++ b/libpurple/win32/global.mak
@@ -25,7 +25,7 @@ BONJOUR_TOP ?= $(WIN32_DEV_TOP)/bonjour-
 JSON_GLIB_TOP ?= $(WIN32_DEV_TOP)/json-glib-0.14
 LIBXML2_TOP ?= $(WIN32_DEV_TOP)/libxml2-2.9
 MEANWHILE_TOP ?= $(WIN32_DEV_TOP)/meanwhile-1.0
-NSS_TOP ?= $(WIN32_DEV_TOP)/nss-3.14
+NSS_TOP ?= $(WIN32_DEV_TOP)/nss-3.17.1-nspr-4.10.7
 PERL_LIB_TOP ?= $(WIN32_DEV_TOP)/perl-5.10
 SILC_TOOLKIT ?= $(WIN32_DEV_TOP)/silc-toolkit-1.1
 TCL_LIB_TOP ?= $(WIN32_DEV_TOP)/tcl-8.5
@@ -75,7 +75,6 @@ GCCWARNINGS ?= -Waggregate-return -Wcast
 CC_HARDENING_OPTIONS ?= -Wstack-protector -fwrapv -fno-strict-overflow -Wno-missing-field-initializers -Wformat-security -fstack-protector-all --param ssp-buffer-size=1
 LD_HARDENING_OPTIONS ?= -Wl,--dynamicbase -Wl,--nxcompat
 
-TAG := @$(PURPLE_TOP)/tag.sh
 
 # parse the version number from the configure.ac file if it is newer
 #m4_define([purple_major_version], [2])
@@ -117,45 +116,18 @@ DLL_LD_FLAGS += -Wl,--enable-auto-image-
 ifeq "$(origin CC)" "default"
   CC := gcc.exe
 endif
-# comment out the next line to make output more verbose
-CC := $(TAG) "auto" $(CC)
-
-GMSGFMT ?= $(GETTEXT_TOP)/bin/msgfmt
+GMSGFMT ?= $(WIN32_DEV_TOP)/gettext-0.17/bin/msgfmt
 MAKENSIS ?= makensis.exe
 PERL ?= perl
 WINDRES ?= windres
 STRIP ?= strip
-INTLTOOL_MERGE ?= $(INTLTOOL_TOP)/bin/intltool-merge
+INTLTOOL_MERGE ?= $(WIN32_DEV_TOP)/intltool_0.40.4-1_win32/bin/intltool-merge
 MONO_SIGNCODE ?= signcode
 GPG_SIGN ?= gpg
-GLIB_GENMARSHAL ?= $(GTK_BIN)/glib-genmarshal
-GLIB_MKENUMS ?= $(GTK_BIN)/glib-mkenums
 
 PIDGIN_COMMON_RULES := $(PURPLE_TOP)/win32/rules.mak
 PIDGIN_COMMON_TARGETS := $(PURPLE_TOP)/win32/targets.mak
 MINGW_MAKEFILE := Makefile.mingw
-MAKE_at := @
-
-USE_VV ?= 1
-
-ifeq "$(USE_VV)" "1"
-VV_LIBS := \
-	-lgstreamer-0.10 \
-	-lgstvideo-0.10 \
-	-lgstinterfaces-0.10 \
-	-lfarstream-0.1
-VV_INCLUDE_PATHS := \
-	-I$(GSTREAMER_TOP)/include/gstreamer-0.10 \
-	-I$(GSTREAMER_TOP)/include/farstream-0.1 \
-	-I$(LIBXML2_TOP)/include/libxml2
-VV_LIB_PATHS := \
-	-L$(GSTREAMER_TOP)/lib
-DEFINES += -DUSE_GSTREAMER -DUSE_VV
-else
-VV_LIBS :=
-VV_INCLUDE_PATHS :=
-VV_LIB_PATHS :=
-endif
 
 INSTALL_PIXMAPS ?= 1
 INSTALL_SSL_CERTIFICATES ?= 1



More information about the Commits mailing list