Hello community, here is the log from the commit of package pidgin for openSUSE:11.3 checked in at Mon Nov 28 18:21:56 CET 2011.
-------- --- old-versions/11.3/UPDATES/all/pidgin/pidgin.changes 2011-01-04 16:13:01.000000000 +0100 +++ 11.3/pidgin/pidgin.changes 2011-11-09 08:34:58.000000000 +0100 @@ -1,0 +2,6 @@ +Wed Nov 9 07:33:10 UTC 2011 - [email protected] + +- bnc#722199,CVE-2011-3594, +- fix libpurple vulnerability in SILC protocol handling + +------------------------------------------------------------------- calling whatdependson for 11.3-i586 New: ---- silc-fixutf8-securitybug.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pidgin.spec ++++++ --- /var/tmp/diff_new_pack.DJYbGm/_old 2011-11-28 18:17:39.000000000 +0100 +++ /var/tmp/diff_new_pack.DJYbGm/_new 2011-11-28 18:17:39.000000000 +0100 @@ -1,5 +1,5 @@ # -# spec file for package pidgin (Version 2.7.9) +# spec file for package pidgin # # Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -26,7 +26,7 @@ Name: pidgin Summary: GTK+-Based Multiprotocol Instant Messaging Client Version: 2.7.9 -Release: 1.<RELEASE1> +Release: 1.<RELEASE4> # FIXME: check resolution of bnc#659001 to decide what to do about ownership of mhr directories in -lang (last checked: 2012-12-21) License: GPLv2+ Group: Productivity/Networking/Instant Messenger @@ -41,6 +41,8 @@ Patch12: pidgin-dbus-invalid-gpointer.patch # PATCH-FIX-UPSTREAM pidgin-mono-buildfix.patch http://developer.pidgin.im/ticket/12506 [email protected] -- Fix build with mono plugin loader; missing include statements. Patch14: pidgin-mono-buildfix.patch +Patch15: silc-fixutf8-securitybug.patch + # Can use external libzephyr BuildRequires: cyrus-sasl-devel BuildRequires: dbus-1-devel @@ -328,6 +330,8 @@ %patch5 -p1 %patch12 %patch14 -p1 +%patch15 -p1 + # Change Myanmar/Myanmar to Myanmar: rename my_MM my po/my_MM.* %{__sed} -i "/ALL_LINGUAS/s/ my_MM / my /" configure.ac ++++++ silc-fixutf8-securitybug.patch ++++++ Index: pidgin-2.6.6/libpurple/protocols/silc/ops.c =================================================================== --- pidgin-2.6.6.orig/libpurple/protocols/silc/ops.c +++ pidgin-2.6.6/libpurple/protocols/silc/ops.c @@ -332,10 +332,17 @@ silc_channel_message(SilcClient client, } if (flags & SILC_MESSAGE_FLAG_UTF8) { - tmp = g_markup_escape_text((const char *)message, -1); + const char *msg = (const char *)message; + char *salvaged = NULL; + if (!g_utf8_validate((const char *)message, -1, NULL)) { + salvaged = purple_utf8_salvage((const char *)message); + msg = salvaged; + } + tmp = g_markup_escape_text(msg, -1); /* Send to Purple */ serv_got_chat_in(gc, purple_conv_chat_get_id(PURPLE_CONV_CHAT(convo)), sender->nickname, 0, tmp, time(NULL)); + g_free(salvaged); g_free(tmp); } } continue with "q"... Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
