# HG changeset patch # User Ethan Blanton # Date 1319207915 0 # Node ID 5aca97a40e53823456ee02284766cee64d1a718a # Parent 14787acaf9d79759174261a8f4cf72410df70a57# Parent 9c4fec824cb3a0b72033d19f94e2b3fe4749aa23 merge of 'c8c73eea7431e6f940916315ace40a41c8da3faa' and 'd6a48850118c6a7c8c5f0d05b89334bc2a53d3ef' diff -r 14787acaf9d7 -r 5aca97a40e53 ChangeLog --- a/ChangeLog Fri Oct 21 14:36:06 2011 +0000 +++ b/ChangeLog Fri Oct 21 14:38:35 2011 +0000 @@ -1,5 +1,25 @@ Pidgin and Finch: The Pimpin' Penguin IM Clients That're Good for the Soul +version 2.10.1 (10/11/2011): + Gadu-Gadu: + * Fix problems linking against GnuTLS. (#14544) + + Sametime: + * Separate "username" and "server" when adding new Sametime accounts. + (#14608) + * Fix compilation in Visual C++. (#14608) + + SILC: + * Fix CVE-2011-3594, by UTF-8 validating incoming messages before + passing them to glib or libpurple. Identified by Diego Bauche + Madero from IOActive. (#14636) + + Yahoo!: + * Fetch buddy icons in some cases where we previously weren't. (#13050) + + Windows-Specific Changes: + * Fix compilation + version 2.10.0 (08/18/2011): Pidgin: * Make the max size of incoming smileys a pref instead of hardcoding it. diff -r 14787acaf9d7 -r 5aca97a40e53 Makefile.am --- a/Makefile.am Fri Oct 21 14:36:06 2011 +0000 +++ b/Makefile.am Fri Oct 21 14:38:35 2011 +0000 @@ -42,13 +42,6 @@ # We don't want to release development versions. test x`echo $(PACKAGE_VERSION) | grep dev` = x -# Make sure there is a NEWS entry for this version - head NEWS | grep "^$(PACKAGE_VERSION) (`date +%m/%d/%Y`):$$" > /dev/null - -# Ensure NEWS has no spaces at the start of a line. -# Using spaces instead of tabs there is a common mistake. - test x`grep "^ " NEWS` = x - # When doing a new minor (or major) release (X.Y.0), there must be a section in # ChangeLog.API. echo $(PACKAGE_VERSION) | grep -v "^[0-9]\+\.[0-9]\+\.0$$" >/dev/null || head ChangeLog.API | grep "^version $(PACKAGE_VERSION) (`date +%m/%d/%Y`):$$" >/dev/null diff -r 14787acaf9d7 -r 5aca97a40e53 libpurple/protocols/gg/Makefile.am --- a/libpurple/protocols/gg/Makefile.am Fri Oct 21 14:36:06 2011 +0000 +++ b/libpurple/protocols/gg/Makefile.am Fri Oct 21 14:38:35 2011 +0000 @@ -61,11 +61,11 @@ lib/sha1.c INTGG_CFLAGS = -I$(top_srcdir)/libpurple/protocols/gg/lib -DGG_IGNORE_DEPRECATED -DUSE_INTERNAL_LIBGADU +endif if USE_GNUTLS GADU_LIBS += $(GNUTLS_LIBS) -endif - +GADU_CFLAGS += $(GNUTLS_CFLAGS) endif GGSOURCES = \ diff -r 14787acaf9d7 -r 5aca97a40e53 libpurple/protocols/irc/parse.c --- a/libpurple/protocols/irc/parse.c Fri Oct 21 14:36:06 2011 +0000 +++ b/libpurple/protocols/irc/parse.c Fri Oct 21 14:38:35 2011 +0000 @@ -708,7 +708,14 @@ switch (fmt[i]) { case 'v': if (!(end = strchr(cur, ' '))) end = cur + strlen(cur); - args[i] = g_strndup(cur, end - cur); + /* This is a string of unknown encoding which we do not + * want to transcode, but it may or may not be valid + * UTF-8, so we'll salvage it. If a nick/channel/target + * field has inadvertently been marked verbatim, this + * could cause weirdness. */ + tmp = g_strndup(cur, end - cur); + args[i] = purple_utf8_salvage(tmp); + g_free(tmp); cur += end - cur; break; case 't': @@ -726,7 +733,9 @@ cur = cur + strlen(cur); break; case '*': - args[i] = g_strdup(cur); + /* Ditto 'v' above; we're going to salvage this in case + * it leaks past the IRC prpl */ + args[i] = purple_utf8_salvage(cur); cur = cur + strlen(cur); break; default: diff -r 14787acaf9d7 -r 5aca97a40e53 libpurple/protocols/jabber/win32/posix.uname.c --- a/libpurple/protocols/jabber/win32/posix.uname.c Fri Oct 21 14:36:06 2011 +0000 +++ b/libpurple/protocols/jabber/win32/posix.uname.c Fri Oct 21 14:38:35 2011 +0000 @@ -28,6 +28,8 @@ #include #include +#include + /* ANONYMOUS unions and structs are used from the windows header definitions. These need to be defined for them to work correctly with gcc2.95.2-mingw. */ /*#define _ANONYMOUS_STRUCT*/ diff -r 14787acaf9d7 -r 5aca97a40e53 libpurple/protocols/sametime/sametime.c --- a/libpurple/protocols/sametime/sametime.c Fri Oct 21 14:36:06 2011 +0000 +++ b/libpurple/protocols/sametime/sametime.c Fri Oct 21 14:38:35 2011 +0000 @@ -171,10 +171,10 @@ /* debugging output */ -#define DEBUG_ERROR(a...) purple_debug_error(G_LOG_DOMAIN, a) -#define DEBUG_INFO(a...) purple_debug_info(G_LOG_DOMAIN, a) -#define DEBUG_MISC(a...) purple_debug_misc(G_LOG_DOMAIN, a) -#define DEBUG_WARN(a...) purple_debug_warning(G_LOG_DOMAIN, a) +#define DEBUG_ERROR(...) purple_debug_error(G_LOG_DOMAIN, __VA_ARGS__) +#define DEBUG_INFO(...) purple_debug_info(G_LOG_DOMAIN, __VA_ARGS__) +#define DEBUG_MISC(...) purple_debug_misc(G_LOG_DOMAIN, __VA_ARGS__) +#define DEBUG_WARN(...) purple_debug_warning(G_LOG_DOMAIN, __VA_ARGS__) /** ensure non-null strings */ @@ -927,6 +927,11 @@ return NULL; } + if (!name) { + DEBUG_WARN("Can't ensure a null group\n"); + return NULL; + } + DEBUG_INFO("attempting to ensure group %s, called %s\n", NSTR(name), NSTR(alias)); @@ -2219,7 +2224,7 @@ static void ft_send(struct mwFileTransfer *ft, FILE *fp) { guchar buf[MW_FT_LEN]; - struct mwOpaque o = { .data = buf, .len = MW_FT_LEN }; + struct mwOpaque o = { MW_FT_LEN, buf }; guint32 rem; PurpleXfer *xfer; @@ -3689,49 +3694,6 @@ static void mw_prpl_login(PurpleAccount *acct); -static void prompt_host_cancel_cb(PurpleConnection *gc) { - const char *msg = _("No Sametime Community Server specified"); - purple_connection_error_reason(gc, - PURPLE_CONNECTION_ERROR_INVALID_SETTINGS, - msg); -} - - -static void prompt_host_ok_cb(PurpleConnection *gc, const char *host) { - if(host && *host) { - PurpleAccount *acct = purple_connection_get_account(gc); - purple_account_set_string(acct, MW_KEY_HOST, host); - mw_prpl_login(acct); - - } else { - prompt_host_cancel_cb(gc); - } -} - - -static void prompt_host(PurpleConnection *gc) { - PurpleAccount *acct; - const char *msgA; - char *msg; - - acct = purple_connection_get_account(gc); - msgA = _("No host or IP address has been configured for the" - " Meanwhile account %s. Please enter one below to" - " continue logging in."); - msg = g_strdup_printf(msgA, NSTR(purple_account_get_username(acct))); - - purple_request_input(gc, _("Meanwhile Connection Setup"), - _("No Sametime Community Server Specified"), msg, - MW_PLUGIN_DEFAULT_HOST, FALSE, FALSE, NULL, - _("Connect"), G_CALLBACK(prompt_host_ok_cb), - _("Cancel"), G_CALLBACK(prompt_host_cancel_cb), - acct, NULL, NULL, - gc); - - g_free(msg); -} - - static void mw_prpl_login(PurpleAccount *account) { PurpleConnection *gc; struct mwPurplePluginData *pd; @@ -3763,7 +3725,9 @@ /* somehow, we don't have a host to connect to. Well, we need one to actually continue, so let's ask the user directly. */ g_free(user); - prompt_host(gc); + purple_connection_error_reason(gc, + PURPLE_CONNECTION_ERROR_INVALID_SETTINGS, + _("A server is required to connect this account")); return; } @@ -5155,67 +5119,80 @@ static PurplePluginProtocolInfo mw_prpl_info = { - .options = OPT_PROTO_IM_IMAGE, - .user_splits = NULL, /*< set in mw_plugin_init */ - .protocol_options = NULL, /*< set in mw_plugin_init */ - .icon_spec = NO_BUDDY_ICONS, - .list_icon = mw_prpl_list_icon, - .list_emblem = mw_prpl_list_emblem, - .status_text = mw_prpl_status_text, - .tooltip_text = mw_prpl_tooltip_text, - .status_types = mw_prpl_status_types, - .blist_node_menu = mw_prpl_blist_node_menu, - .chat_info = mw_prpl_chat_info, - .chat_info_defaults = mw_prpl_chat_info_defaults, - .login = mw_prpl_login, - .close = mw_prpl_close, - .send_im = mw_prpl_send_im, - .set_info = NULL, - .send_typing = mw_prpl_send_typing, - .get_info = mw_prpl_get_info, - .set_status = mw_prpl_set_status, - .set_idle = mw_prpl_set_idle, - .change_passwd = NULL, - .add_buddy = mw_prpl_add_buddy, - .add_buddies = mw_prpl_add_buddies, - .remove_buddy = mw_prpl_remove_buddy, - .remove_buddies = NULL, - .add_permit = mw_prpl_add_permit, - .add_deny = mw_prpl_add_deny, - .rem_permit = mw_prpl_rem_permit, - .rem_deny = mw_prpl_rem_deny, - .set_permit_deny = mw_prpl_set_permit_deny, - .join_chat = mw_prpl_join_chat, - .reject_chat = mw_prpl_reject_chat, - .get_chat_name = mw_prpl_get_chat_name, - .chat_invite = mw_prpl_chat_invite, - .chat_leave = mw_prpl_chat_leave, - .chat_whisper = mw_prpl_chat_whisper, - .chat_send = mw_prpl_chat_send, - .keepalive = mw_prpl_keepalive, - .register_user = NULL, - .get_cb_info = NULL, - .get_cb_away = NULL, - .alias_buddy = mw_prpl_alias_buddy, - .group_buddy = mw_prpl_group_buddy, - .rename_group = mw_prpl_rename_group, - .buddy_free = mw_prpl_buddy_free, - .convo_closed = mw_prpl_convo_closed, - .normalize = mw_prpl_normalize, - .set_buddy_icon = NULL, - .remove_group = mw_prpl_remove_group, - .get_cb_real_name = NULL, - .set_chat_topic = NULL, - .find_blist_chat = NULL, - .roomlist_get_list = NULL, - .roomlist_expand_category = NULL, - .can_receive_file = mw_prpl_can_receive_file, - .send_file = mw_prpl_send_file, - .new_xfer = mw_prpl_new_xfer, - .offline_message = NULL, - .whiteboard_prpl_ops = NULL, - .send_raw = NULL, - .struct_size = sizeof(PurplePluginProtocolInfo) + OPT_PROTO_IM_IMAGE, + NULL, /*< set in mw_plugin_init */ + NULL, /*< set in mw_plugin_init */ + NO_BUDDY_ICONS, + mw_prpl_list_icon, + mw_prpl_list_emblem, + mw_prpl_status_text, + mw_prpl_tooltip_text, + mw_prpl_status_types, + mw_prpl_blist_node_menu, + mw_prpl_chat_info, + mw_prpl_chat_info_defaults, + mw_prpl_login, + mw_prpl_close, + mw_prpl_send_im, + NULL, + mw_prpl_send_typing, + mw_prpl_get_info, + mw_prpl_set_status, + mw_prpl_set_idle, + NULL, + mw_prpl_add_buddy, + mw_prpl_add_buddies, + mw_prpl_remove_buddy, + NULL, + mw_prpl_add_permit, + mw_prpl_add_deny, + mw_prpl_rem_permit, + mw_prpl_rem_deny, + mw_prpl_set_permit_deny, + mw_prpl_join_chat, + mw_prpl_reject_chat, + mw_prpl_get_chat_name, + mw_prpl_chat_invite, + mw_prpl_chat_leave, + mw_prpl_chat_whisper, + mw_prpl_chat_send, + mw_prpl_keepalive, + NULL, + NULL, + NULL, + mw_prpl_alias_buddy, + mw_prpl_group_buddy, + mw_prpl_rename_group, + mw_prpl_buddy_free, + mw_prpl_convo_closed, + mw_prpl_normalize, + NULL, + mw_prpl_remove_group, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + mw_prpl_can_receive_file, + mw_prpl_send_file, + mw_prpl_new_xfer, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + sizeof(PurplePluginProtocolInfo), + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL }; @@ -5792,6 +5769,7 @@ static void mw_plugin_init(PurplePlugin *plugin) { + PurpleAccountUserSplit *split; PurpleAccountOption *opt; GList *l = NULL; @@ -5802,15 +5780,15 @@ purple_prefs_add_none(MW_PRPL_OPT_BASE); purple_prefs_add_int(MW_PRPL_OPT_BLIST_ACTION, BLIST_CHOICE_DEFAULT); + /* set up account ID as user:server */ + split = purple_account_user_split_new(_("Server"), + MW_PLUGIN_DEFAULT_HOST, ':'); + mw_prpl_info.user_splits = g_list_append(mw_prpl_info.user_splits, split); + /* remove dead preferences */ purple_prefs_remove(MW_PRPL_OPT_PSYCHIC); purple_prefs_remove(MW_PRPL_OPT_SAVE_DYNAMIC); - /* host to connect to */ - opt = purple_account_option_string_new(_("Server"), MW_KEY_HOST, - MW_PLUGIN_DEFAULT_HOST); - l = g_list_append(l, opt); - /* port to connect to */ opt = purple_account_option_int_new(_("Port"), MW_KEY_PORT, MW_PLUGIN_DEFAULT_PORT); diff -r 14787acaf9d7 -r 5aca97a40e53 libpurple/protocols/silc/ops.c --- a/libpurple/protocols/silc/ops.c Fri Oct 21 14:36:06 2011 +0000 +++ b/libpurple/protocols/silc/ops.c Fri Oct 21 14:38:35 2011 +0000 @@ -408,9 +408,16 @@ } if (flags & SILC_MESSAGE_FLAG_UTF8) { - tmp = g_markup_escape_text((const char *)message, -1); + const char *msg = (const char *)message; + char *salvaged = NULL; + if (!g_utf8_validate((const char *)message, -1, NULL)) { + salvaged = purple_utf8_salvage((const char *)message); + msg = salvaged; + } + tmp = g_markup_escape_text(msg, -1); /* Send to Purple */ serv_got_im(gc, sender->nickname, tmp, 0, time(NULL)); + g_free(salvaged); g_free(tmp); } } diff -r 14787acaf9d7 -r 5aca97a40e53 libpurple/protocols/yahoo/yahoo_picture.c --- a/libpurple/protocols/yahoo/yahoo_picture.c Fri Oct 21 14:36:06 2011 +0000 +++ b/libpurple/protocols/yahoo/yahoo_picture.c Fri Oct 21 14:38:35 2011 +0000 @@ -123,16 +123,9 @@ /* TODO: make this work p2p, try p2p before the url */ PurpleUtilFetchUrlData *url_data; struct yahoo_fetch_picture_data *data; - PurpleBuddy *b = purple_find_buddy(gc->account, who); - const char *locksum = NULL; /* use whole URL if using HTTP Proxy */ gboolean use_whole_url = yahoo_account_use_http_proxy(gc); - /* FIXME: Cleanup this strtol() stuff if possible. */ - if (b && (locksum = purple_buddy_icons_get_checksum_for_user(b)) != NULL && - (checksum == strtol(locksum, NULL, 10))) - return; - data = g_new0(struct yahoo_fetch_picture_data, 1); data->gc = gc; data->who = g_strdup(who); diff -r 14787acaf9d7 -r 5aca97a40e53 pidgin/gtkutils.c --- a/pidgin/gtkutils.c Fri Oct 21 14:36:06 2011 +0000 +++ b/pidgin/gtkutils.c Fri Oct 21 14:38:35 2011 +0000 @@ -3286,9 +3286,9 @@ { gchar *escaped = g_shell_quote(uri); gchar *param = g_strconcat("/select,\"", uri, "\"", NULL); - gchar *wc_param = g_utf8_to_utf16(param, -1, NULL, NULL, NULL); - - code = (int)ShellExecuteW(NULL, "OPEN", L"explorer.exe", wc_param, NULL, SW_NORMAL); + wchar_t *wc_param = g_utf8_to_utf16(param, -1, NULL, NULL, NULL); + + code = (int)ShellExecuteW(NULL, L"OPEN", L"explorer.exe", wc_param, NULL, SW_NORMAL); g_free(wc_param); g_free(param);