Mercurial > pidgin.yaz

view Makefile.am @ 30702:6829b27ee4c8

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
This patch attempts to fix four bugs in the oscar protocol plugin that were introduced with the X-Status code in Pidgin 2.7.0. Problem #1 (the remotely-triggerable crash): The crash happens when a buddy sets an xstatus message containing <desc> but no closing </desc>, or <title> but no closing </title>. The fix is to check the result of strstr(closing_tag_name) and do nothing if it is NULL. This is CVE-2010-2528. Problem #2: Fixes potential incorrect parsing of the xstatus string that could result in an incorrect message being displayed to the libpurple user. Happens if an xstatus message contains </desc> before <desc>, or </title> before <title>. The fix is to start looking for the closing tag at the end of the beginning tag rather than at the beginning of the xstatus xml. Probably not a security problem, but definitely a bug. Problem #3: Fixes potential incorrect parsing of the xstatus string that could result in the title not being shown to the libpurple user. Happens if the close title tag appears after the desc tag in the xstatus xml, because we add a null character at the beginning of the close title tag, so strstr() for the desc tag would stop searching there. Probably not a security problem, but definitely a bug. Problem #4: Fixes potential incorrect display of the xstatus string that could result in an incorrect message being displayed to the libpurple user. Happens because we reusing the 'xml' string when preparing the string for the user, but we copy values from xml to xml. If those values overlap with themselves or with each other then an incorrect value could be displayed. Probably not a security problem, but definitely a bug.
author Mark Doliner <mark@kingant.net>
date Wed, 21 Jul 2010 02:49:23 +0000
parents a14c2e81fcf0
children a7cf3dbaba02 3b4e12c42d3c
line wrap: on
line source

EXTRA_DIST = \
		COPYRIGHT \
		ChangeLog.API \
		ChangeLog.win32 \
		Doxyfile.in \
		HACKING \
		Makefile.mingw \
		PLUGIN_HOWTO \
		README.MTN \
		README.mingw \
		config.h.mingw \
		doxy2devhelp.xsl \
		fix-casts.sh \
		gaim.pc.in \
		gaim-uninstalled.pc.in \
		intltool-extract.in \
		intltool-merge.in \
		intltool-update.in \
		package_revision.h \
		pidgin.apspec.in \
		pidgin.spec.in \
		pidgin.desktop.in \
		po/Makefile.mingw \
		valgrind-suppressions

noinst_HEADERS = config.h package_revision.h

dist-hook: pidgin.spec
	cp pidgin.spec $(distdir)
	rm $(distdir)/config.h

distcheck-hook: libpurple/plugins/perl/common/Purple.pm pidgin/plugins/perl/common/Pidgin.pm
#	cp libpurple/plugins/perl/common/Gaim.pm $(distdir)/libpurple/plugins/perl/common

commit-check:
	(cd po ; intltool-update -m 2>&1 | grep -v '^mismatched quotes.*\.py$$' | sed "s|current directory|po directory|" | grep . ; if [ $$? = 0 ] ; then exit 1 ; else exit 0 ; fi)
	LC_ALL=C sort -c -t/ -u po/POTFILES.in
	LC_ALL=C sort -c -t/ -u po/POTFILES.skip
	iconv -f utf8 -t utf8 COPYRIGHT | cmp COPYRIGHT -

version-check: commit-check
# We don't want to release development versions.
	test x`echo $(PACKAGE_VERSION) | grep dev` = x

# Make sure there is a NEWS entry for this version
	head NEWS | grep "^$(PACKAGE_VERSION) (`date +%m/%d/%Y`):$$" > /dev/null

# Ensure NEWS has no spaces at the start of a line.
# Using spaces instead of tabs there is a common mistake.
	test x`grep "^ " NEWS` = x

# When doing a new minor (or major) release (X.Y.0), there must be a section in
# ChangeLog.API.
	echo $(PACKAGE_VERSION) | grep -v "^[0-9]\+\.[0-9]\+\.0$$" >/dev/null || head ChangeLog.API | grep "^version $(PACKAGE_VERSION) (`date +%m/%d/%Y`):$$" >/dev/null

# For all releases, check the ChangeLogs.
	head ChangeLog | grep "^version $(PACKAGE_VERSION) (`date +%m/%d/%Y`):$$" >/dev/null
	head ChangeLog.win32 | grep "^version $(PACKAGE_VERSION) (`date +%m/%d/%Y`):$$" >/dev/null
	head po/ChangeLog | grep "^version $(PACKAGE_VERSION)$$" >/dev/null

# Ensure we're working from a tag...
	test x`mtn automate select t:v$(PACKAGE_VERSION)` = x`mtn automate get_base_revision_id`
# ... and have no changes in the working copy.
	test "x`mtn diff | grep -v '^#'`" = x

release: version-check distcheck packages

packages:
	gpg -ab pidgin-$(PACKAGE_VERSION).tar.gz
	gpg -ab pidgin-$(PACKAGE_VERSION).tar.bz2
	gpg --verify pidgin-$(PACKAGE_VERSION).tar.gz.asc pidgin-$(PACKAGE_VERSION).tar.gz
	gpg --verify pidgin-$(PACKAGE_VERSION).tar.bz2.asc pidgin-$(PACKAGE_VERSION).tar.bz2

if INSTALL_I18N
PO_DIR=po
DESKTOP_FILE=pidgin.desktop

if ENABLE_GTK
appsdir = $(datadir)/applications
apps_in_files = pidgin.desktop.in
apps_DATA = $(apps_in_files:.desktop.in=.desktop)
@INTLTOOL_DESKTOP_RULE@
endif #ENABLE_GTK

endif #INSTALL_I18N

if ENABLE_GTK
GTK_DIR=pidgin
endif

if ENABLE_GNT
GNT_DIR=finch
endif

# This is phony, so that we always try to rebuild it.  If it succeeds
# in calculating changes, it produces its target; otherwise, its
# target does not exist.
.PHONY: package_revision_raw.txt
# if both attempts fail, then we need to remove the empty file that >
# creates, and also make sure that the shell command exits
# successfully; the rm -f ensures both
package_revision_raw.txt:
	$(AM_V_GEN)REAL_BLDDIR=$$PWD/$(top_builddir); \
	(cd $(srcdir) && $$REAL_BLDDIR/mtn --root=. automate get_base_revision_id) 2>/dev/null >$@ \
	|| (cd $(srcdir) && mtn --root=. automate get_base_revision_id) 2>/dev/null >$@ \
	|| rm -f $@
package_revision.h: package_revision_raw.txt
	$(AM_V_GEN)if test -f $<; then \
	  echo "#define REVISION \"`cat $<`\"" > $@; \
	fi
	$(AM_V_at)if test ! -f $@ -a -f $(srcdir)/$@; then \
	  cp $(srcdir)/$@ $@; \
	fi
	$(AM_V_at)test -f $@ || echo "#define REVISION \"unknown\"" > $@

# This is a magic directive copy-and-pasted, then modified, from the
# automake 1.9 manual, section 13.4, "Checking the distribution".
# Normally, 'distcheck' does a clean build, and then afterwards runs
# 'distclean', and 'distclean' is supposed to remove everything that
# the build created.  However, we have some targets (package_revision.txt)
# that we distribute, but then always attempt to rebuild optimistically, and
# then if that fails fall back on the distributed versions.  This
# means that 'distclean' should _not_ remove those files, since they
# are distributed, yet building the package will generate those files,
# thus automake thinks that 'distclean' _should_ remove those files,
# and 'distcheck' gets cranky if we don't.  So basically what this
# line does is tell 'distcheck' to shut up and ignore those two files.
distcleancheck_listfiles = find . -type f -a ! -name package_revision.h

SUBDIRS = . libpurple doc $(GNT_DIR) $(GTK_DIR) m4macros $(PO_DIR) share/ca-certs share/sounds

docs: Doxyfile
if HAVE_DOXYGEN
	@echo "Running doxygen..."
	@doxygen
if HAVE_XSLTPROC
	@echo "Generating devhelp index..."
	@xsltproc $(top_srcdir)/doxy2devhelp.xsl doc/xml/index.xml > doc/html/pidgin.devhelp
	@echo "(Symlink $$(pwd)/doc/html to ~/.local/share/gtk-doc/html/pidgin to make devhelp see the documentation)"
else
	@echo "Not generating devhelp index: xsltproc was not found by configure"
endif
else
	@echo "doxygen was not found during configure.  Unable to build documentation."
	@echo;
endif

# perl's MakeMaker uninstall foo doesn't work well with DESTDIR set, which
# breaks "make distcheck" unless we ignore perl things

distuninstallcheck_listfiles = \
	find . -type f -print | grep -v perl | grep -v Purple.3pm

DISTCLEANFILES= $(DESKTOP_FILE) libpurple/gconf/purple.schemas intltool-extract \
			intltool-merge intltool-update