Hi all, it seems inevitable that CenterIM will hit also our repositories and possibly obsolete the CenterICQ package. With that in mind I decided to package it.
CenterICQ had a long time with dead upstream so a fair amount of patches accumulated in distro-specific packages. Trying to assure that our fixes don't get lost I based the package on the CenterICQ package. I was happy to find out 9 of the centericq package patches were already included CenterIM and only 6 didn't. This means that effort you put into CenterIM is worth and the results are obvious -- thanks for doing that! Before I import the package I'll wait for a new stable release and there's a couple of things that I would like to have solved till then. Here are the patches that are not yet in CenterIM (or at least in 20070625 tarball, I didn't check all of them against git): [1] [1] http://people.redhat.com/lkundrak/patches/centerim/ 1.) The centerim-4.22.1-overflows.patch worries me the most. It is a fix for CVE-2007-3713 [2]. At least us and Debian shipped this fix, not sure about others, but it is crucial for essential centerim security. [2] http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3713 2.) centerim-4.22.1-quitask.patch is a feature enhancement, simply adds configurable dialog window that asks before quit. Not critical, but nice. As it was shipped with our CenterICQ package for some time, our users might be used to it and therefore I would appreciate if it did hit usptream :) 3.) centerim-4.22.1-ljtypo.patch seems like an obvious functionality fix. 4.) centerim-4.22.1-ljtags.patch is probably a functionality enhancement, adds support for lj tags. 5.) centerim-4.22.1-libyahoo.patch just removes some unnecessary code. 6.) The last patch that was in our CenterICQ package is replacement of bundled libmsn-0.1 with libmsn-3.2 [3]. I am not sure, why was it done, but I didn't add it to my current centerim package, as the libmsn there is a bit modified compared to centericq and I didn't want to overwrite the possible fixes. How about CenterIM, would it switch to a newer libmsn? [3] http://libmsn.bdash.net.nz/ If you want to try the package, apart from the sources [4], binary builds for i386 variants of Fedora Core 6 [5] and Fedora 7 [6] are available, as well as debugging symbols. [4] http://people.redhat.com/lkundrak/repository/source/centerim-20070625-1.fc7.src.rpm [5] http://people.redhat.com/lkundrak/repository/6-i386/centerim-20070625-1.fc6.i386.rpm [6] http://people.redhat.com/lkundrak/repository/7-i386/centerim-20070625-1.fc7.i386.rpm Thanks for all the effort, -- Lubomir Kundrak (Red Hat Security Response Team) _______________________________________________ Centerim-devel mailing list [email protected] http://centerim.org/mailman/listinfo/centerim-devel
