-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey Lubomir,
Please feel free to check out our git repository and add the patches which are security related to the mob branch. The feature patches should be included aswell but in my opinion you should leave the "confirmation on quit" patch a distribution specific. regards Boris "transacid" Petersen -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (GNU/Linux) iD8DBQFHA30lVuR7z8RJ4EwRAvPRAJ9y/JwW22QxU4yUdzxHERYJSuJBSwCfQ+s2 3sA0xw6B/8hqPVDQBvhScQI= =5vbQ -----END PGP SIGNATURE----- 2007/10/3, Lubomir Kundrak <[EMAIL PROTECTED]>: > Hi all, > > it seems inevitable that CenterIM will hit also our repositories and > possibly obsolete the CenterICQ package. With that in mind I decided to > package it. > > CenterICQ had a long time with dead upstream so a fair amount of patches > accumulated in distro-specific packages. Trying to assure that our fixes > don't get lost I based the package on the CenterICQ package. I was happy > to find out 9 of the centericq package patches were already included > CenterIM and only 6 didn't. This means that effort you put into CenterIM > is worth and the results are obvious -- thanks for doing that! > > Before I import the package I'll wait for a new stable release and > there's a couple of things that I would like to have solved till then. > Here are the patches that are not yet in CenterIM (or at least in > 20070625 tarball, I didn't check all of them against git): [1] > > [1] http://people.redhat.com/lkundrak/patches/centerim/ > > 1.) The centerim-4.22.1-overflows.patch worries me the most. It is a fix > for CVE-2007-3713 [2]. At least us and Debian shipped this fix, not sure > about others, but it is crucial for essential centerim security. > > [2] http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3713 > > 2.) centerim-4.22.1-quitask.patch is a feature enhancement, simply adds > configurable dialog window that asks before quit. Not critical, but > nice. As it was shipped with our CenterICQ package for some time, our > users might be used to it and therefore I would appreciate if it did hit > usptream :) > > 3.) centerim-4.22.1-ljtypo.patch seems like an obvious functionality > fix. > > 4.) centerim-4.22.1-ljtags.patch is probably a functionality > enhancement, adds support for lj tags. > > 5.) centerim-4.22.1-libyahoo.patch just removes some unnecessary code. > > 6.) The last patch that was in our CenterICQ package is replacement of > bundled libmsn-0.1 with libmsn-3.2 [3]. I am not sure, why was it done, > but I didn't add it to my current centerim package, as the libmsn there > is a bit modified compared to centericq and I didn't want to overwrite > the possible fixes. How about CenterIM, would it switch to a newer > libmsn? > > [3] http://libmsn.bdash.net.nz/ > > If you want to try the package, apart from the sources [4], binary > builds for i386 variants of Fedora Core 6 [5] and Fedora 7 [6] are > available, as well as debugging symbols. > > [4] > http://people.redhat.com/lkundrak/repository/source/centerim-20070625-1.fc7.src.rpm > [5] > http://people.redhat.com/lkundrak/repository/6-i386/centerim-20070625-1.fc6.i386.rpm > [6] > http://people.redhat.com/lkundrak/repository/7-i386/centerim-20070625-1.fc7.i386.rpm > > Thanks for all the effort, > -- > Lubomir Kundrak (Red Hat Security Response Team) > > > _______________________________________________ > Centerim-devel mailing list > [email protected] > http://centerim.org/mailman/listinfo/centerim-devel > -- ICQ# 112069988 jabber: [EMAIL PROTECTED] pgp-public-key: 0xC449E04C Fingerprint: B10C 7BAF 1B6B 22F4 C9BF 15C1 56E4 7BCF C449 E04C hp: http://transacid.de/ blog: https://blog.transacid.de/ IRC: foobar.i7c.org:6667 #welcome (ssl port 6697) _______________________________________________ Centerim-devel mailing list [email protected] http://centerim.org/mailman/listinfo/centerim-devel
