rpms/pidgin/devel pidgin-2.6.2-aim-buddy-status-grab.patch, NONE, 1.1 pidgin-2.6.2-crash-validate-jid.patch, NONE, 1.1 pidgin-2.6.2-yahoo-buddy-idle-time.patch, NONE, 1.1 pidgin-2.6.2-yahoo-status-change-away.patch, NONE, 1.1 pidgin.spec, 1.96, 1.97

Wed Sep 9 20:52:47 UTC 2009

Author: wtogami

Update of /cvs/pkgs/rpms/pidgin/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv17626

Modified Files:
	pidgin.spec 
Added Files:
	pidgin-2.6.2-aim-buddy-status-grab.patch 
	pidgin-2.6.2-crash-validate-jid.patch 
	pidgin-2.6.2-yahoo-buddy-idle-time.patch 
	pidgin-2.6.2-yahoo-status-change-away.patch 
Log Message:
- Upstream backports:
    97e003ed2bc2bafbb993693c9ae9c6d667731cc1 aim-buddy-status-grab
    37aa00d044431100d37466517568640cb082680c yahoo-buddy-idle-time
    40005b889ee276fbcd0a4e886a68d8a8cce45698 yahoo-status-change-away
    cb46b045aa6e927a3814d9053c2b1c0f08d6fa62 crash-validate-jid


pidgin-2.6.2-aim-buddy-status-grab.patch:
 oscar.c |   28 +++++++++++++++++-----------
 1 file changed, 17 insertions(+), 11 deletions(-)

--- NEW FILE pidgin-2.6.2-aim-buddy-status-grab.patch ---
http://developer.pidgin.im/viewmtn/revision/info/97e003ed2bc2bafbb993693c9ae9c6d667731cc1
If an oscar buddy on our buddy list is away and we have not yet
fetched their HTML info, then fallback to using their plaintext
status message when fetching the buddies status text.
Fixes #9843

#
#
# patch "libpurple/protocols/oscar/oscar.c"
#  from [e8d20222205b810c91ebed0d7193d2004cc2777f]
#    to [c0ac247833af9a49df59ca3c58ceab5ce6263366]
#
============================================================
--- libpurple/protocols/oscar/oscar.c	e8d20222205b810c91ebed0d7193d2004cc2777f
+++ libpurple/protocols/oscar/oscar.c	c0ac247833af9a49df59ca3c58ceab5ce6263366
@@ -829,19 +829,25 @@ static void oscar_user_info_append_statu
 	   the "message" attribute of the status contains only the plaintext
 	   message. */
 	if (userinfo) {
-		if ((userinfo->flags & AIM_FLAG_AWAY)) {
-			/* Away message? */
-			if ((userinfo->flags & AIM_FLAG_AWAY) && (userinfo->away_len > 0) && (userinfo->away != NULL) && (userinfo->away_encoding != NULL)) {
-				tmp = oscar_encoding_extract(userinfo->away_encoding);
-				message = oscar_encoding_to_utf8(account, tmp, userinfo->away,
-												   userinfo->away_len);
-				g_free(tmp);
-			}
+		if ((userinfo->flags & AIM_FLAG_AWAY)
+				&& userinfo->away_len > 0
+				&& userinfo->away != NULL
+				&& userinfo->away_encoding != NULL)
+		{
+			/* Away message */
+			tmp = oscar_encoding_extract(userinfo->away_encoding);
+			message = oscar_encoding_to_utf8(account,
+					tmp, userinfo->away, userinfo->away_len);
+			g_free(tmp);
 		} else {
-			/* Available message? */
+			/*
+			 * Available message or non-HTML away message (because that's
+			 * all we have right now.
+			 */
 			if ((userinfo->status != NULL) && userinfo->status[0] != '\0') {
-				message = oscar_encoding_to_utf8(account, userinfo->status_encoding,
-											 userinfo->status, userinfo->status_len);
+				message = oscar_encoding_to_utf8(account,
+						userinfo->status_encoding, userinfo->status,
+						userinfo->status_len);
 			}
 #if defined (_WIN32) || defined (__APPLE__)
 			if (userinfo->itmsurl && (userinfo->itmsurl[0] != '\0'))

pidgin-2.6.2-crash-validate-jid.patch:
 ChangeLog                           |    4 ++++
 libpurple/protocols/jabber/jutil.c  |    7 +++----
 libpurple/tests/test_jabber_jutil.c |    1 +
 3 files changed, 8 insertions(+), 4 deletions(-)

--- NEW FILE pidgin-2.6.2-crash-validate-jid.patch ---
http://developer.pidgin.im/ticket/10259
http://developer.pidgin.im/viewmtn/revision/info/cb46b045aa6e927a3814d9053c2b1c0f08d6fa62
Fix a crash when attempting to validate a JID with an invalid resource.

#
#
# patch "ChangeLog"
#  from [959824a520d41286c4d89d8899a8e12b684e5ad8]
#    to [6e78b15060f29fe30ae1b695f61248014b305d49]
# 
# patch "libpurple/protocols/jabber/jutil.c"
#  from [9047c2dfd575de6ec516dd8377bce70df42d5063]
#    to [603120abe6629d5e8f9e79d5198134bb252b0875]
# 
# patch "libpurple/tests/test_jabber_jutil.c"
#  from [38e36ccd4fbf2682828c201fe178cd637217fc25]
#    to [42bdbb36f39b7d894d5f6f68e1b02f4c1ce4973a]
#
============================================================
--- ChangeLog	959824a520d41286c4d89d8899a8e12b684e5ad8
+++ ChangeLog	6e78b15060f29fe30ae1b695f61248014b305d49
@@ -1,5 +1,9 @@ Pidgin and Finch: The Pimpin' Penguin IM
 Pidgin and Finch: The Pimpin' Penguin IM Clients That're Good for the Soul
 
+version 2.6.3 (??/??/20??):
+	XMPP:
+	* Fix a crash when attempting to validate an invalid JID.
+
 version 2.6.2 (09/05/2009):
 	libpurple:
 	* Fix --disable-avahi to actually disable it in configure, as opposed
============================================================
--- libpurple/protocols/jabber/jutil.c	9047c2dfd575de6ec516dd8377bce70df42d5063
+++ libpurple/protocols/jabber/jutil.c	603120abe6629d5e8f9e79d5198134bb252b0875
@@ -153,10 +153,9 @@ jabber_idn_validate(const char *str, con
 		if (!jabber_resourceprep(idn_buffer, sizeof(idn_buffer))) {
 			jabber_id_free(jid);
 			jid = NULL;
-			/* goto out; */
-		}
-
-		jid->resource = g_strdup(idn_buffer);
+			goto out;
+		} else
+			jid->resource = g_strdup(idn_buffer);
 	}
 
 out:
============================================================
--- libpurple/tests/test_jabber_jutil.c	38e36ccd4fbf2682828c201fe178cd637217fc25
+++ libpurple/tests/test_jabber_jutil.c	42bdbb36f39b7d894d5f6f68e1b02f4c1ce4973a
@@ -132,6 +132,7 @@ START_TEST(test_jabber_id_new)
 	assert_invalid_jid("mark.doliner at gmail\\stuff.org");
 	assert_invalid_jid("paul@[::1]124");
 	assert_invalid_jid("paul at 2[::1]124/as");
+	assert_invalid_jid("paul@まつ.おおかみ/\x01");
 
 	/* Ensure that jabber_id_new is properly lowercasing node and domains */
 	assert_jid_parts("paul", "darkrain42.org", "PaUL at darkrain42.org");

pidgin-2.6.2-yahoo-buddy-idle-time.patch:
 libymsg.c |   18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

--- NEW FILE pidgin-2.6.2-yahoo-buddy-idle-time.patch ---
http://developer.pidgin.im/viewmtn/revision/info/40005b889ee276fbcd0a4e886a68d8a8cce45698
Better, accurate handling of idle time for a yahoo buddy. Fixes #10099

#
#
# patch "libpurple/protocols/yahoo/libymsg.c"
#  from [87ad7ef7612ac888772e8afa7bcb20743f1b3d9c]
#    to [9f4d92c3fc86e7a91514246a63ebbd3b9c5c6f05]
#
============================================================
--- libpurple/protocols/yahoo/libymsg.c	87ad7ef7612ac888772e8afa7bcb20743f1b3d9c
+++ libpurple/protocols/yahoo/libymsg.c	9f4d92c3fc86e7a91514246a63ebbd3b9c5c6f05
@@ -220,7 +220,12 @@ static void yahoo_process_status(PurpleC
 			if (f->status == YAHOO_STATUS_IDLE) {
 				/* Idle may have already been set in a more precise way in case 137 */
 				if (f->idle == 0)
-					f->idle = time(NULL);
+				{
+					if(pkt->service == YAHOO_SERVICE_STATUS_15)
+						f->idle = -1;
+					else
+						f->idle = time(NULL);
+				}
 			} else
 				f->idle = 0;
 
@@ -253,15 +258,20 @@ static void yahoo_process_status(PurpleC
 			if (f->away == 2) {
 				/* Idle may have already been set in a more precise way in case 137 */
 				if (f->idle == 0)
-					f->idle = time(NULL);
+				{
+					if(pkt->service == YAHOO_SERVICE_STATUS_15)
+						f->idle = -1;
+					else
+						f->idle = time(NULL);
+				}
 			}
 
 			break;
-		case 138: /* either we're not idle, or we are but won't say how long */
+		case 138: /* when value is 1, either we're not idle, or we are but won't say how long */
 			if (!f)
 				break;
 
-			if (f->idle)
+			if( (strtol(pair->value, NULL, 10) == 1) && (f->idle) )
 				f->idle = -1;
 			break;
 		case 137: /* usually idle time in seconds, sometimes login time */

pidgin-2.6.2-yahoo-status-change-away.patch:
 libymsg.c |    6 ++++++
 1 file changed, 6 insertions(+)

--- NEW FILE pidgin-2.6.2-yahoo-status-change-away.patch ---
http://developer.pidgin.im/ticket/10224
http://developer.pidgin.im/viewmtn/revision/info/37aa00d044431100d37466517568640cb082680c

#
#
# patch "libpurple/protocols/yahoo/libymsg.c"
#  from [2e325ac513bc39fb2cb3964c664edcef344c7f14]
#    to [87ad7ef7612ac888772e8afa7bcb20743f1b3d9c]
#
============================================================
--- libpurple/protocols/yahoo/libymsg.c	2e325ac513bc39fb2cb3964c664edcef344c7f14
+++ libpurple/protocols/yahoo/libymsg.c	87ad7ef7612ac888772e8afa7bcb20743f1b3d9c
@@ -4500,6 +4500,12 @@ void yahoo_set_status(PurpleAccount *acc
 
 	if (purple_presence_is_idle(presence))
 		yahoo_packet_hash_str(pkt, 47, "2");
+	else	{
+		if (!purple_status_is_available(status))
+			yahoo_packet_hash_str(pkt, 47, "1");
+		else
+			yahoo_packet_hash_str(pkt, 47, "0");
+	}
 
 	yahoo_packet_send_and_free(pkt, yd);
 


Index: pidgin.spec
===================================================================
RCS file: /cvs/pkgs/rpms/pidgin/devel/pidgin.spec,v
retrieving revision 1.96
retrieving revision 1.97
diff -u -p -r1.96 -r1.97
--- pidgin.spec	6 Sep 2009 02:05:16 -0000	1.96
+++ pidgin.spec	9 Sep 2009 20:52:46 -0000	1.97
@@ -82,7 +82,7 @@
 
 Name:		pidgin
 Version:	2.6.2
-Release:	1%{?dist}
+Release:	2%{?dist}
 License:        GPLv2+ and GPLv2 and MIT
 # GPLv2+ - libpurple, gnt, finch, pidgin, most prpls
 # GPLv2 - silc & novell prpls
@@ -116,6 +116,10 @@ Source2:        one_time_password.c
 Patch0: pidgin-NOT-UPSTREAM-2.5.2-rhel4-sound-migration.patch
 
 ## Patches 100+: To be Included in Future Upstream
+Patch100: pidgin-2.6.2-aim-buddy-status-grab.patch
+Patch101: pidgin-2.6.2-yahoo-buddy-idle-time.patch
+Patch102: pidgin-2.6.2-yahoo-status-change-away.patch
+Patch103: pidgin-2.6.2-crash-validate-jid.patch
 
 BuildRoot:	%{_tmppath}/%{name}-%{version}-root
 Summary:	A Gtk+ based multiprotocol instant messaging client
@@ -373,6 +377,10 @@ echo "FEDORA=%{fedora} RHEL=%{rhel}"
 %endif
 
 ## Patches 100+: To be Included in Future Upstream
+%patch100 -p0 -b .aim-buddy-status-grab
+%patch101 -p0 -b .yahoo-buddy-idle-time
+%patch102 -p0 -b .yahoo-status-change-away
+%patch103 -p0 -b .pidgin-2.6.2-crash-validate-jid
 
 # Our preferences
 cp %{SOURCE1} prefs.xml
@@ -617,11 +625,19 @@ rm -rf $RPM_BUILD_ROOT
 %endif
 
 %changelog
+* Wed Sep 09 2009 Warren Togami <wtogami at redhat.com> 2.6.2-2
+- Upstream backports:
+    97e003ed2bc2bafbb993693c9ae9c6d667731cc1 aim-buddy-status-grab
+    37aa00d044431100d37466517568640cb082680c yahoo-buddy-idle-time
+    40005b889ee276fbcd0a4e886a68d8a8cce45698 yahoo-status-change-away
+    cb46b045aa6e927a3814d9053c2b1c0f08d6fa62 crash-validate-jid
+
 * Sun Sep 06 2009 Stu Tomlinson <stu at nosnilmot.com> 2.6.2-1.1
 - VV support needs to be explicitly disabled on F10
 
 * Sun Sep 06 2009 Stu Tomlinson <stu at nosnilmot.com> 2.6.2-1
 - 2.6.2 Fixes a number of crashes
+- CVE-2009-2703, CVE-2009-3083, CVE-2009-3084, CVE-2009-3085
 
 * Wed Aug 19 2009 Warren Togami <wtogami at redhat.com> 2.6.1-1
 - 2.6.1: Fix a crash when some users send you a link in a Yahoo IM


