[Pidgin] #15286: Master bug for old libraries in Windows Pidgin build

Pidgin trac at pidgin.im
Sun Aug 26 00:47:31 EDT 2012

#15286: Master bug for old libraries in Windows Pidgin build
 Reporter:  ioerror   |        Owner:  datallah       
     Type:  defect    |       Status:  new            
Milestone:            |    Component:  winpidgin (gtk)
  Version:  2.10.6    |   Resolution:                 
 Keywords:  security  |  

Comment(by ioerror):

 Replying to [comment:5 datallah]:
 > Replying to [comment:4 ioerror]:
 > > exchndl.dll appears to be the Crash Reporting Library (
 I think the source for that dll is from
 http://pidgin.im/~datallah/exchndl.c - is that the code for the exception
 handler/Crash Reporter? If so, is it actually free software? Either way -
 according to the author of MSJExceptionHandler, it was replaced by
 WheatyExceptionReport ( http://www.wheaty.net/Columns.htm ) in 2002 (
 ). Furthermore, it appears that it is pretty unsafe in general:
 > > {{{
 > > exchndl.dll
 > > }}}
 > Yes, that's the crash report generator.
 > It isn't actually MSJExceptionHandler, but I guess that was an
 inspiration or something.

 Ok but is the code http://pidgin.im/~datallah/exchndl.c or something else?
 doesn't appear to have any source code beyond
 drmingw-0.4.4/samples/test.c, which is an example:
  % unzip drmingw-0.4.4.zip
 Archive:  drmingw-0.4.4.zip
   inflating: drmingw-0.4.4/COPYING
   inflating: drmingw-0.4.4/COPYING.LIB
   inflating: drmingw-0.4.4/drmingw.exe
   inflating: drmingw-0.4.4/doc/drmingw.html
   inflating: drmingw-0.4.4/doc/drmingw.reg
   inflating: drmingw-0.4.4/doc/exception-nt.gif
   inflating: drmingw-0.4.4/doc/install.gif
   inflating: drmingw-0.4.4/doc/sample.gif
   inflating: drmingw-0.4.4/samples/test.c
   inflating: drmingw-0.4.4/samples/test.exe
   inflating: drmingw-0.4.4/samples/testcpp.cxx
   inflating: drmingw-0.4.4/samples/testcpp.exe

 > It is LGPL - it's from http://code.google.com/p/jrfonseca/ - it's part
 of drmingw.
 > It's been modified somewhat to suite our needs.

 I looked and found this:

 Is that the actual code used? And if so... Is the patch exchndl_daa4.diff
 from pidgin-inst-deps-20100315.tar.gz what is applied on top of it?

 > What are your specific complaints about it being unsafe?
 > > The following are Pidgin/libpurple code (including '''plugins/*''')
 and not thought to be covered by any CVEs - though I guess I'll wait for
 explicit confirmation from the pidgin team, as they're the authority on
 these dlls:
 > > {{{
 > > libjabber.dll
 > > liboscar.dll
 > > libpurple.dll
 > > libymsg.dll
 > > pidgin.dll
 > > }}}
 > These are all part of the libpurple and pidgin codebase and are built
 from the pidgin codebase during each release.

 That's what I thought. I assume these are up to date and have no
 outstanding security issues. Is that correct?

Ticket URL: <http://developer.pidgin.im/ticket/15286#comment:6>
Pidgin <http://pidgin.im>

More information about the Tracker mailing list