summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOlivier Crête <tester@gentoo.org>2009-08-31 16:09:30 +0000
committerOlivier Crête <tester@gentoo.org>2009-08-31 16:09:30 +0000
commitf04ecaec2cf72e6da93937e26aec853742487765 (patch)
tree458dce365bc54d12fdef7ef1cf81f04d3ce616fe
parentVersion bump, removes several deprecated functions. Besides that, mostly bug ... (diff)
downloadgentoo-2-f04ecaec2cf72e6da93937e26aec853742487765.tar.gz
gentoo-2-f04ecaec2cf72e6da93937e26aec853742487765.tar.bz2
gentoo-2-f04ecaec2cf72e6da93937e26aec853742487765.zip
Fix security bug #283324, importing patch from 2.6.1. Remove old version
(Portage version: 2.1.6.13/cvs/Linux x86_64)
-rw-r--r--net-im/pidgin/ChangeLog8
-rw-r--r--net-im/pidgin/files/pidgin-2.5.9-xmpp-old-ssl.patch21
-rw-r--r--net-im/pidgin/pidgin-2.5.9-r1.ebuild (renamed from net-im/pidgin/pidgin-2.5.8.ebuild)8
3 files changed, 34 insertions, 3 deletions
diff --git a/net-im/pidgin/ChangeLog b/net-im/pidgin/ChangeLog
index 5884828561c6..5fa23e6ad0fb 100644
--- a/net-im/pidgin/ChangeLog
+++ b/net-im/pidgin/ChangeLog
@@ -1,6 +1,12 @@
# ChangeLog for net-im/pidgin
# Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-im/pidgin/ChangeLog,v 1.124 2009/08/30 23:33:15 ranger Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-im/pidgin/ChangeLog,v 1.125 2009/08/31 16:09:30 tester Exp $
+
+*pidgin-2.5.9-r1 (31 Aug 2009)
+
+ 31 Aug 2009; Olivier Crête <tester@gentoo.org> -pidgin-2.5.8.ebuild,
+ +pidgin-2.5.9-r1.ebuild, +files/pidgin-2.5.9-xmpp-old-ssl.patch:
+ Fix security bug #283324, importing patch from 2.6.1. Remove old version
30 Aug 2009; Brent Baude <ranger@gentoo.org> pidgin-2.5.9.ebuild:
Marking pidgin-2.5.9 ppc64 for bug 281545
diff --git a/net-im/pidgin/files/pidgin-2.5.9-xmpp-old-ssl.patch b/net-im/pidgin/files/pidgin-2.5.9-xmpp-old-ssl.patch
new file mode 100644
index 000000000000..ac3db77c26a8
--- /dev/null
+++ b/net-im/pidgin/files/pidgin-2.5.9-xmpp-old-ssl.patch
@@ -0,0 +1,21 @@
+--- libpurple/protocols/jabber/auth.c.orig 2009-06-25 19:25:47.000000000 -0400
++++ libpurple/protocols/jabber/auth.c 2009-08-31 12:01:12.000000000 -0400
+@@ -691,6 +691,18 @@
+ JabberIq *iq;
+ xmlnode *query, *username;
+
++ /* We can end up here without encryption if the server doesn't support
++ * <stream:features/> and we're not using old-style SSL. If the user
++ * is requiring SSL/TLS, we need to enforce it.
++ */
++ if (!js->gsc &&
++ purple_account_get_bool(purple_connection_get_account(js->gc), "require_tls", FALSE)) {
++ purple_connection_error_reason (js->gc,
++ PURPLE_CONNECTION_ERROR_ENCRYPTION_ERROR,
++ _("You require encryption, but it is not available on this server."));
++ return;
++ }
++
+ #ifdef HAVE_CYRUS_SASL
+ /* If we have Cyrus SASL, then passwords will have been set
+ * to OPTIONAL for this protocol. So, we need to do our own
diff --git a/net-im/pidgin/pidgin-2.5.8.ebuild b/net-im/pidgin/pidgin-2.5.9-r1.ebuild
index 69c93f875e8f..6cc63823b513 100644
--- a/net-im/pidgin/pidgin-2.5.8.ebuild
+++ b/net-im/pidgin/pidgin-2.5.9-r1.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2009 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-im/pidgin/pidgin-2.5.8.ebuild,v 1.9 2009/08/21 21:45:22 tester Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-im/pidgin/pidgin-2.5.9-r1.ebuild,v 1.1 2009/08/31 16:09:30 tester Exp $
EAPI=2
@@ -12,7 +12,7 @@ SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2"
LICENSE="GPL-2"
SLOT="0"
-KEYWORDS="alpha amd64 hppa ia64 ppc ppc64 sparc x86 ~x86-fbsd"
+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
IUSE="bonjour dbus debug doc eds gadu gnutls +gstreamer meanwhile"
IUSE="${IUSE} networkmanager nls perl silc tcl tk spell qq gadu"
IUSE="${IUSE} +gtk sasl ncurses groupwise prediction zephyr" # mono"
@@ -84,6 +84,10 @@ pkg_setup() {
fi
}
+src_prepare() {
+ epatch "${FILESDIR}/pidgin-2.5.9-xmpp-old-ssl.patch"
+}
+
src_configure() {
# Stabilize things, for your own good
strip-flags