Hello community,
here is the log from the commit of package empathy for openSUSE:11.3
checked in at Fri Oct 28 13:33:59 CEST 2011.
--- old-versions/11.3/all/empathy/empathy.changes 2010-06-04
16:38:44.0 +0200
+++ 11.3/empathy/empathy.changes2011-10-28 10:38:20.0 +0200
@@ -1,0 +2,6 @@
+Fri Oct 28 08:37:02 UTC 2011 - dims...@opensuse.org
+
+- Add empathy-cve-2011-3635.patch: escape aliased before displaying
+ it in theme_adium_append_message. CVE-2011-3635, bnc#727003.
+
+---
Package does not exist at destination yet. Using Fallback
old-versions/11.3/all/empathy
Destination is old-versions/11.3/UPDATES/all/empathy
calling whatdependson for 11.3-i586
New:
empathy-cve-2011-3635.patch
Other differences:
--
++ empathy.spec ++
--- /var/tmp/diff_new_pack.5F1EYp/_old 2011-10-28 13:33:07.0 +0200
+++ /var/tmp/diff_new_pack.5F1EYp/_new 2011-10-28 13:33:07.0 +0200
@@ -1,7 +1,7 @@
#
-# spec file for package empathy (Version 2.30.1)
+# spec file for package empathy
#
-# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -21,7 +21,7 @@
Name: empathy
Url:http://live.gnome.org/Empathy
Version:2.30.1
-Release:2
+Release:3.
# FIXME: 2.29.3 fails a parallel build, but a newer tarball should work since
the bug got fixed in gnome-doc-utils
License:GPLv2+
Summary:Instant Messenger Client for GNOME, based on Telepathy
@@ -30,6 +30,8 @@
Source99: %{name}-rpmlintrc
# PATCH-FIX-UPSTREAM empathy-clutter-gtk-0.90.patch vu...@opensuse.org -- Use
clutter-gtk-0.90, will be fixed upstream once upstream does the switch too
Patch0: empathy-clutter-gtk-0.90.patch
+# PATCH-FIX-UPSTREAM empathy-cve-2011-3635.patch bnc#727003 bgo#662035
cve-2011-3635 dims...@opensuse.org -- theme_adium_append_message: escape alias
before displaying it.
+Patch1: empathy-cve-2011-3635.patch
BuildRequires: NetworkManager-devel
BuildRequires: enchant-devel
BuildRequires: evolution-data-server-devel
@@ -93,6 +95,7 @@
%setup -q
translation-update-upstream
%patch0 -p1
+%patch1 -p1
%build
%configure --disable-static \
++ empathy-cve-2011-3635.patch ++
Index: empathy-2.30.1/libempathy-gtk/empathy-theme-adium.c
===
--- empathy-2.30.1.orig/libempathy-gtk/empathy-theme-adium.c
+++ empathy-2.30.1/libempathy-gtk/empathy-theme-adium.c
@@ -431,7 +431,7 @@ theme_adium_append_message (EmpathyChatV
EmpathyThemeAdiumPriv *priv = GET_PRIV (theme);
EmpathyContact*sender;
TpAccount *account;
- gchar *body_escaped;
+ gchar *body_escaped, *name_escaped;
const gchar *body;
const gchar *name;
const gchar *contact_id;
@@ -594,8 +594,10 @@ theme_adium_append_message (EmpathyChatV
}
if (html != NULL) {
+ name_escaped = g_markup_escape_text (name, -1);
+
theme_adium_append_html (theme, func, html, len, body_escaped,
-avatar_filename, name, contact_id,
+avatar_filename, name_escaped,
contact_id,
service_name, message_classes->str,
timestamp);
} else {
@@ -611,6 +613,7 @@ theme_adium_append_message (EmpathyChatV
priv->last_is_backlog = is_backlog;
g_free (body_escaped);
+ g_free (name_escaped);
g_string_free (message_classes, TRUE);
}
continue with "q"...
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
