commit empathy for openSUSE:11.4
Hello community,
here is the log from the commit of package empathy for openSUSE:11.4
checked in at Fri Nov 4 15:08:27 CET 2011.
--- old-versions/11.4/UPDATES/all/empathy/empathy.changes 2011-10-28
10:42:24.0 +0200
+++ 11.4/empathy/empathy.changes2011-11-01 05:27:41.0 +0100
@@ -1,0 +2,6 @@
+Tue Nov 1 04:23:29 UTC 2011 - sree...@suse.com
+
+- Update empathy-cve-2011-3635.patch to use escaped name
+ everywhere in theme_adium_append_message
+
+---
calling whatdependson for 11.4-i586
Other differences:
--
++ empathy.spec ++
--- /var/tmp/diff_new_pack.OTjHOE/_old 2011-11-04 15:05:49.0 +0100
+++ /var/tmp/diff_new_pack.OTjHOE/_new 2011-11-04 15:05:49.0 +0100
@@ -19,7 +19,7 @@
Name: empathy
Version:2.32.2
-Release:7.RELEASE8
+Release:7.RELEASE10
License:GPLv2+
Summary:Instant Messenger Client for GNOME, based on Telepathy
Url:http://live.gnome.org/Empathy
++ empathy-cve-2011-3635.patch ++
--- /var/tmp/diff_new_pack.OTjHOE/_old 2011-11-04 15:05:49.0 +0100
+++ /var/tmp/diff_new_pack.OTjHOE/_new 2011-11-04 15:05:49.0 +0100
@@ -11,19 +11,31 @@
const gchar *body;
const gchar *name;
const gchar *contact_id;
-@@ -599,8 +599,10 @@ theme_adium_append_message (EmpathyChatV
- }
+@@ -469,12 +469,13 @@ theme_adium_append_message (EmpathyChatV
+ body_escaped = theme_adium_parse_body (body);
+ name = empathy_contact_get_alias (sender);
+ contact_id = empathy_contact_get_id (sender);
++ name_escaped = g_markup_escape_text (name, -1);
+
+ /* If this is a /me, append an event */
+ if (empathy_message_get_tptype (msg) ==
TP_CHANNEL_TEXT_MESSAGE_TYPE_ACTION) {
+ gchar *str;
+
+- str = g_strdup_printf (%s %s, name, body_escaped);
++ str = g_strdup_printf (%s %s, name_escaped, body_escaped);
+ theme_adium_append_event_escaped (view, str);
+
+ g_free (str);
+@@ -600,7 +601,7 @@ theme_adium_append_message (EmpathyChatV
if (html != NULL) {
-+ name_escaped = g_markup_escape_text (name, -1);
-+
theme_adium_append_html (theme, func, html, len, body_escaped,
- avatar_filename, name, contact_id,
+ avatar_filename, name_escaped,
contact_id,
service_name, message_classes-str,
timestamp, is_backlog);
} else {
-@@ -616,6 +618,7 @@ theme_adium_append_message (EmpathyChatV
+@@ -616,6 +617,7 @@ theme_adium_append_message (EmpathyChatV
priv-last_is_backlog = is_backlog;
g_free (body_escaped);
continue with q...
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit empathy for openSUSE:11.4
Hello community,
here is the log from the commit of package empathy for openSUSE:11.4
checked in at Fri Oct 28 13:56:34 CEST 2011.
--- old-versions/11.4/all/empathy/empathy.changes 2011-02-13
17:21:48.0 +0100
+++ 11.4/empathy/empathy.changes2011-10-28 10:42:24.0 +0200
@@ -1,0 +2,6 @@
+Fri Oct 28 08:38:58 UTC 2011 - dims...@opensuse.org
+
+- Add empathy-cve-2011-3635.patch: escape aliased before displaying
+ it in theme_adium_append_message. CVE-2011-3635, bnc#727003.
+
+---
Package does not exist at destination yet. Using Fallback
old-versions/11.4/all/empathy
Destination is old-versions/11.4/UPDATES/all/empathy
calling whatdependson for 11.4-i586
New:
empathy-cve-2011-3635.patch
Other differences:
--
++ empathy.spec ++
--- /var/tmp/diff_new_pack.DDOz71/_old 2011-10-28 13:34:10.0 +0200
+++ /var/tmp/diff_new_pack.DDOz71/_new 2011-10-28 13:34:10.0 +0200
@@ -19,13 +19,15 @@
Name: empathy
Version:2.32.2
-Release:3
+Release:7.RELEASE8
License:GPLv2+
Summary:Instant Messenger Client for GNOME, based on Telepathy
Url:http://live.gnome.org/Empathy
Group: Productivity/Networking/Instant Messenger
Source: %{name}-%{version}.tar.bz2
Source99: %{name}-rpmlintrc
+# PATCH-FIX-UPSTREAM empathy-cve-2011-3635.patch bnc#727003 bgo#662035
cve-2011-3635 dims...@opensuse.org -- theme_adium_append_message: escape alias
before displaying it.
+Patch0: empathy-cve-2011-3635.patch
BuildRequires: NetworkManager-devel
BuildRequires: enchant-devel
BuildRequires: evolution-data-server-devel
@@ -93,6 +95,7 @@
%prep
%setup -q
translation-update-upstream
+%patch0 -p1
%build
%configure --disable-static \
++ empathy-cve-2011-3635.patch ++
Index: empathy-2.32.2/libempathy-gtk/empathy-theme-adium.c
===
--- empathy-2.32.2.orig/libempathy-gtk/empathy-theme-adium.c
+++ empathy-2.32.2/libempathy-gtk/empathy-theme-adium.c
@@ -436,7 +436,7 @@ theme_adium_append_message (EmpathyChatV
EmpathyThemeAdiumPriv *priv = GET_PRIV (theme);
EmpathyContact*sender;
TpAccount *account;
- gchar *body_escaped;
+ gchar *body_escaped, *name_escaped;
const gchar *body;
const gchar *name;
const gchar *contact_id;
@@ -599,8 +599,10 @@ theme_adium_append_message (EmpathyChatV
}
if (html != NULL) {
+ name_escaped = g_markup_escape_text (name, -1);
+
theme_adium_append_html (theme, func, html, len, body_escaped,
-avatar_filename, name, contact_id,
+avatar_filename, name_escaped,
contact_id,
service_name, message_classes-str,
timestamp, is_backlog);
} else {
@@ -616,6 +618,7 @@ theme_adium_append_message (EmpathyChatV
priv-last_is_backlog = is_backlog;
g_free (body_escaped);
+ g_free (name_escaped);
g_string_free (message_classes, TRUE);
}
continue with q...
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
