Mercurial > pidgin

view Makefile.mingw @ 30273:6829b27ee4c8

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
This patch attempts to fix four bugs in the oscar protocol plugin that were introduced with the X-Status code in Pidgin 2.7.0. Problem #1 (the remotely-triggerable crash): The crash happens when a buddy sets an xstatus message containing <desc> but no closing </desc>, or <title> but no closing </title>. The fix is to check the result of strstr(closing_tag_name) and do nothing if it is NULL. This is CVE-2010-2528. Problem #2: Fixes potential incorrect parsing of the xstatus string that could result in an incorrect message being displayed to the libpurple user. Happens if an xstatus message contains </desc> before <desc>, or </title> before <title>. The fix is to start looking for the closing tag at the end of the beginning tag rather than at the beginning of the xstatus xml. Probably not a security problem, but definitely a bug. Problem #3: Fixes potential incorrect parsing of the xstatus string that could result in the title not being shown to the libpurple user. Happens if the close title tag appears after the desc tag in the xstatus xml, because we add a null character at the beginning of the close title tag, so strstr() for the desc tag would stop searching there. Probably not a security problem, but definitely a bug. Problem #4: Fixes potential incorrect display of the xstatus string that could result in an incorrect message being displayed to the libpurple user. Happens because we reusing the 'xml' string when preparing the string for the user, but we copy values from xml to xml. If those values overlap with themselves or with each other then an incorrect value could be displayed. Probably not a security problem, but definitely a bug.
author Mark Doliner <mark@kingant.net>
date Wed, 21 Jul 2010 02:49:23 +0000
parents c43570e34d81
children 200a6032d8ec
line wrap: on
line source

# Makefile.mingw
#
# Author: hermanator12002@yahoo.com
# Date 9/11/02
# Description: Top Makefile for win32 (mingw) port of Pidgin and libpurple
#

PIDGIN_TREE_TOP := .
include $(PIDGIN_TREE_TOP)/libpurple/win32/global.mak

# Generate a X.X.X.X version for the installer file versioning header
# The last digit will be 99 for a final release, 0 for dev or unknown, or the beta number
PIDGIN_PRODUCT_VERSION = $(shell \
awk 'BEGIN {FS="."} { \
    if (int($$3) == $$3) { \
        $$4 = "99"; \
    } else { \
        $$5 = $$3; \
        sub(int($$3), "", $$5); \
        if ($$5 == "dev") { \
            $$4 = "0"; \
        } else { \
            if (sub("beta", "", $$5) > 0) { \
                $$4 = $$5; \
            } else { \
                $$4 = "0"; \
            } \
        } \
    } \
    printf("%s.%s.%s.%s", $$1, $$2, int($$3), $$4); \
    exit; \
}' VERSION)

GTK_INSTALL_VERSION = 2.16.6.0

STRIPPED_RELEASE_DIR = $(PIDGIN_TREE_TOP)/pidgin-$(PIDGIN_VERSION)-win32bin
DEBUG_SYMBOLS_DIR = $(PIDGIN_TREE_TOP)/pidgin-$(PIDGIN_VERSION)-dbgsym


# Any *.dll or *.exe files included in win32-install-dir that we don't compile
# should be included in this list so they don't get stripped
EXTERNAL_DLLS = \
	comerr32.dll \
	exchndl.dll \
	freebl3.dll \
	gssapi32.dll \
	k5sprt32.dll \
	krb5_32.dll \
	libenchant.dll \
	libenchant_ispell.dll \
	libenchant_myspell.dll \
	libgtkspell-0.dll \
	libmeanwhile-1.dll \
	libnspr4.dll \
	libplc4.dll \
	libplds4.dll \
	libsasl.dll \
	libxml2-2.dll \
	nss3.dll \
	nssckbi.dll \
	nssutil3.dll \
	saslANONYMOUS.dll \
	saslCRAMMD5.dll \
	saslDIGESTMD5.dll \
	saslGSSAPI.dll \
	saslLOGIN.dll \
	saslPLAIN.dll \
	libsilc-1-1-2.dll \
	libsilcclient-1-1-2.dll \
	smime3.dll \
	softokn3.dll \
	sqlite3.dll \
	ssl3.dll

#build an expression for `find` to use to ignore the above files
EXTERNAL_DLLS_FIND_EXP = $(patsubst %,-o -name %,$(EXTERNAL_DLLS))

include $(PIDGIN_COMMON_RULES)

.PHONY: all docs install installer installer_offline installer_zip debug_symbols_zip installers clean uninstall create_release_install_dir generate_installer_includes $(PIDGIN_REVISION_H) $(PIDGIN_REVISION_RAW_TXT)

all: $(PIDGIN_CONFIG_H) $(PIDGIN_REVISION_H)
	$(MAKE) -C $(PURPLE_TOP) -f $(MINGW_MAKEFILE)
	$(MAKE) -C $(PIDGIN_TOP) -f $(MINGW_MAKEFILE)
ifndef DISABLE_NLS
	$(MAKE) -C $(PURPLE_PO_TOP) -f $(MINGW_MAKEFILE)
endif

install: all $(PIDGIN_INSTALL_DIR)
	$(MAKE) -C $(PURPLE_TOP) -f $(MINGW_MAKEFILE) install
	$(MAKE) -C $(PIDGIN_TOP) -f $(MINGW_MAKEFILE) install
ifndef DISABLE_NLS
	$(MAKE) -C $(PURPLE_PO_TOP) -f $(MINGW_MAKEFILE) install
endif
	$(MAKE) -C share/ca-certs -f $(MINGW_MAKEFILE) install
	$(MAKE) -C share/sounds -f $(MINGW_MAKEFILE) install
	mkdir -p $(PIDGIN_INSTALL_DIR)/spellcheck
	cp $(GTKSPELL_TOP)/bin/libgtkspell-0.dll $(PIDGIN_INSTALL_DIR)/spellcheck
	cp $(ENCHANT_TOP)/bin/libenchant.dll $(PIDGIN_INSTALL_DIR)/spellcheck
	cp -R $(ENCHANT_TOP)/lib $(PIDGIN_INSTALL_DIR)/spellcheck
	cp $(WIN32_DEV_TOP)/pidgin-inst-deps-20100315/exchndl.dll $(PIDGIN_INSTALL_DIR)

pidgin/win32/nsis/gtk-runtime-$(GTK_BUNDLE_VERSION).zip:
	pidgin/win32/nsis/generate_gtk_zip.sh `pwd`

generate_installer_includes: create_release_install_dir pidgin/win32/nsis/gtk-runtime-$(GTK_BUNDLE_VERSION).zip debug_symbols_zip $(PIDGIN_TREE_TOP)/pidgin/win32/nsis/nsis_translations.desktop
	rm -f pidgin/win32/nsis/pidgin-translations.nsh pidgin/win32/nsis/pidgin-spellcheck.nsh pidgin/win32/nsis/pidgin-spellcheck-preselect.nsh
	find $(STRIPPED_RELEASE_DIR)/locale -maxdepth 1 -mindepth 1 \
	 -exec basename {} ';' \
	 | LC_ALL=C sort | sed -e s/^/\!insertmacro\ LANG_SECTION\ \"/ -e s/$$/\"/ \
	 > pidgin/win32/nsis/pidgin-translations.nsh
	#Convert the available.lst lines to "!insertmacro SPELLCHECK_SECTION lang lang_name lang_file"
	sed -e "/^#/d" -e "s/^[^,]\{1,\},[^,]\{1,\},/\"/" \
	 -e "s/,/\"\ \"/" -e "s/,/\"\ \"/" -e "s/[\ \t]*$$/\"/" \
	 -e "s/^/\!insertmacro\ SPELLCHECK_SECTION\ /" \
         pidgin/win32/nsis/available.lst \
         > pidgin/win32/nsis/pidgin-spellcheck.nsh
	#Convert the lines to "!insertmacro CHECK_SPELLCHECK_SECTION lang"
	iconv -f latin1 -t utf-8 pidgin/win32/nsis/pidgin-spellcheck.nsh | \
	 sed -e "s/SPELLCHECK_SECTION/CHECK_SPELLCHECK_SECTION/" \
	 -e "s/ \"[^\"]*\"\ \"[^\"]*\"[\t\ ]*$$//" | \
         iconv -f utf-8 -t latin1 \
        > pidgin/win32/nsis/pidgin-spellcheck-preselect.nsh
	#Generate the Installer translations
	echo "!define GCOMPRIS_NSIS_INCLUDE_PATH \".\"" > $(PIDGIN_TREE_TOP)/pidgin/win32/nsis/langmacros.nsh
	echo "@INSERT_TRANSLATIONS@" >> $(PIDGIN_TREE_TOP)/pidgin/win32/nsis/langmacros.nsh
	$(PERL) $(PIDGIN_TREE_TOP)/pidgin/win32/nsis/create_nsis_translations.pl \
		$(PIDGIN_TREE_TOP)/pidgin/win32/nsis/nsis_translations.desktop \
		$(PIDGIN_TREE_TOP)/pidgin/win32/nsis/langmacros.nsh \
		$(PIDGIN_TREE_TOP)/pidgin/win32/nsis/translations

create_release_install_dir: install
	rm -rf $(STRIPPED_RELEASE_DIR)
	mkdir $(STRIPPED_RELEASE_DIR)
	tar -cf - $(PIDGIN_INSTALL_DIR) --exclude=Gtk --exclude=spellcheck/share \
	 | tar --strip 2 -xC $(STRIPPED_RELEASE_DIR) -f -
	find $(STRIPPED_RELEASE_DIR) \( -name '*.dll' -o -name '*.exe' \) \
	 -not \( -false $(EXTERNAL_DLLS_FIND_EXP) \) \
	 -exec $(STRIP) --strip-unneeded {} ';'

installer: generate_installer_includes
	$(MAKENSIS) $(MAKENSISOPT)V3 $(MAKENSISOPT)DPIDGIN_VERSION="$(PIDGIN_VERSION)" $(MAKENSISOPT)DPIDGIN_PRODUCT_VERSION="$(PIDGIN_PRODUCT_VERSION)" $(MAKENSISOPT)DPIDGIN_INSTALL_DIR="$(STRIPPED_RELEASE_DIR)" $(MAKENSISOPT)DGTK_INSTALL_VERSION="$(GTK_INSTALL_VERSION)" pidgin/win32/nsis/pidgin-installer.nsi
	mv pidgin/win32/nsis/pidgin-$(PIDGIN_VERSION).exe ./

installer_offline: generate_installer_includes
	$(MAKENSIS) $(MAKENSISOPT)V3 $(MAKENSISOPT)DPIDGIN_VERSION="$(PIDGIN_VERSION)" $(MAKENSISOPT)DPIDGIN_PRODUCT_VERSION="$(PIDGIN_PRODUCT_VERSION)" $(MAKENSISOPT)DOFFLINE_INSTALLER $(MAKENSISOPT)DPIDGIN_INSTALL_DIR="$(STRIPPED_RELEASE_DIR)" $(MAKENSISOPT)DGTK_INSTALL_VERSION="$(GTK_INSTALL_VERSION)" pidgin/win32/nsis/pidgin-installer.nsi
	mv pidgin/win32/nsis/pidgin-$(PIDGIN_VERSION)-offline.exe ./

installer_zip: create_release_install_dir
	rm -f pidgin-$(PIDGIN_VERSION)-win32-bin.zip
	zip -9 -r pidgin-$(PIDGIN_VERSION)-win32-bin.zip $(STRIPPED_RELEASE_DIR)

debug_symbols_zip: install
	rm -rf $(DEBUG_SYMBOLS_DIR) $(DEBUG_SYMBOLS_DIR).zip
	mkdir $(DEBUG_SYMBOLS_DIR)
	tar -cf - `find $(PIDGIN_INSTALL_DIR) \( -name '*.dll' -o -name '*.exe' \) \
	 -not \( -false $(EXTERNAL_DLLS_FIND_EXP) \) -print` \
	 | tar --strip 2 --xform s/$$/.dbgsym/ -xC $(DEBUG_SYMBOLS_DIR) -f -
	zip -9 -r $(DEBUG_SYMBOLS_DIR).zip $(DEBUG_SYMBOLS_DIR) 

installers: installer installer_offline debug_symbols_zip installer_zip

Doxyfile.mingw: Doxyfile.in
	sed -e "s/@PACKAGE@/pidgin/" -e "s/@VERSION@/$(PIDGIN_VERSION)/" -e "s/@top_srcdir@/$(PIDGIN_TREE_TOP)/g" -e "s/@enable_dot@/NO/" $< > $@

docs: Doxyfile.mingw
	@echo "Running doxygen..."
	@doxygen Doxyfile.mingw

clean:
	$(MAKE) -C $(PURPLE_PO_TOP) -f $(MINGW_MAKEFILE) clean
	$(MAKE) -C $(PIDGIN_TOP) -f $(MINGW_MAKEFILE) clean
	$(MAKE) -C $(PURPLE_TOP) -f $(MINGW_MAKEFILE) clean
	$(MAKE) -C share/ca-certs -f $(MINGW_MAKEFILE) clean
	rm -f $(PIDGIN_CONFIG_H) $(PIDGIN_REVISION_H) $(PIDGIN_REVISION_RAW_TXT) ./VERSION pidgin-$(PIDGIN_VERSION)*.exe pidgin-$(PIDGIN_VERSION)-win32-bin.zip $(DEBUG_SYMBOLS_DIR).zip
	rm -rf doc/html Doxyfile.mingw

uninstall:
	rm -rf $(PURPLE_INSTALL_PERL_DIR) $(PIDGIN_INSTALL_PLUGINS_DIR) $(PURPLE_INSTALL_PO_DIR) $(PIDGIN_INSTALL_DIR) $(STRIPPED_RELEASE_DIR) $(DEBUG_SYMBOLS_DIR)
	rm -f ./VERSION

include $(PIDGIN_COMMON_TARGETS)