Hi. I'm the Centerim Debian mantainer.
If you want I can upload the patches to mod branch tonight. Indeed, I had to reaqdy to upload the centerim-4.22.1-overflows.patch, but I can upload all. Regards., On 10/3/07, Lubomir Kundrak <[EMAIL PROTECTED]> wrote: > Hi all, > > it seems inevitable that CenterIM will hit also our repositories and > possibly obsolete the CenterICQ package. With that in mind I decided to > package it. > > CenterICQ had a long time with dead upstream so a fair amount of patches > accumulated in distro-specific packages. Trying to assure that our fixes > don't get lost I based the package on the CenterICQ package. I was happy > to find out 9 of the centericq package patches were already included > CenterIM and only 6 didn't. This means that effort you put into CenterIM > is worth and the results are obvious -- thanks for doing that! > > Before I import the package I'll wait for a new stable release and > there's a couple of things that I would like to have solved till then. > Here are the patches that are not yet in CenterIM (or at least in > 20070625 tarball, I didn't check all of them against git): [1] > > [1] http://people.redhat.com/lkundrak/patches/centerim/ > > 1.) The centerim-4.22.1-overflows.patch worries me the most. It is a fix > for CVE-2007-3713 [2]. At least us and Debian shipped this fix, not sure > about others, but it is crucial for essential centerim security. > > [2] http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3713 > > 2.) centerim-4.22.1-quitask.patch is a feature enhancement, simply adds > configurable dialog window that asks before quit. Not critical, but > nice. As it was shipped with our CenterICQ package for some time, our > users might be used to it and therefore I would appreciate if it did hit > usptream :) > > 3.) centerim-4.22.1-ljtypo.patch seems like an obvious functionality > fix. > > 4.) centerim-4.22.1-ljtags.patch is probably a functionality > enhancement, adds support for lj tags. > > 5.) centerim-4.22.1-libyahoo.patch just removes some unnecessary code. > > 6.) The last patch that was in our CenterICQ package is replacement of > bundled libmsn-0.1 with libmsn-3.2 [3]. I am not sure, why was it done, > but I didn't add it to my current centerim package, as the libmsn there > is a bit modified compared to centericq and I didn't want to overwrite > the possible fixes. How about CenterIM, would it switch to a newer > libmsn? > > [3] http://libmsn.bdash.net.nz/ > > If you want to try the package, apart from the sources [4], binary > builds for i386 variants of Fedora Core 6 [5] and Fedora 7 [6] are > available, as well as debugging symbols. > > [4] > http://people.redhat.com/lkundrak/repository/source/centerim-20070625-1.fc7.src.rpm > [5] > http://people.redhat.com/lkundrak/repository/6-i386/centerim-20070625-1.fc6.i386.rpm > [6] > http://people.redhat.com/lkundrak/repository/7-i386/centerim-20070625-1.fc7.i386.rpm > > Thanks for all the effort, > -- > Lubomir Kundrak (Red Hat Security Response Team) > > > _______________________________________________ > Centerim-devel mailing list > [email protected] > http://centerim.org/mailman/listinfo/centerim-devel > -- Anibal Avelar (FixXxeR) http://fixxxer.cc GPG: 83B64656 - C143 4AD8 B017 53FA B742 D6AA CEEA F9F3 83B6 4656 _______________________________________________ Centerim-devel mailing list [email protected] http://centerim.org/mailman/listinfo/centerim-devel
