Hello community, here is the log from the commit of package pidgin for openSUSE:11.4 checked in at Mon Nov 28 19:03:11 CET 2011. -------- --- old-versions/11.4/all/pidgin/pidgin.changes 2011-02-13 12:06:59.000000000 +0100 +++ 11.4/pidgin/pidgin.changes 2011-11-24 06:58:08.000000000 +0100 @@ -1,0 +2,5 @@ +Thu Nov 24 05:55:58 UTC 2011 - dmzhang@suse.com + +- bnc#722199,CVE-2011-3594,libpurple vulnerability in SILC protocol handling + +------------------------------------------------------------------- Package does not exist at destination yet. Using Fallback old-versions/11.4/all/pidgin Destination is old-versions/11.4/UPDATES/all/pidgin calling whatdependson for 11.4-i586 New: ---- silc-fixutf8-securitybug.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pidgin.spec ++++++ --- /var/tmp/diff_new_pack.9vC8ZI/_old 2011-11-28 18:57:24.000000000 +0100 +++ /var/tmp/diff_new_pack.9vC8ZI/_new 2011-11-28 18:57:24.000000000 +0100 @@ -26,7 +26,7 @@ Name: pidgin Summary: GTK+-Based Multiprotocol Instant Messaging Client Version: 2.7.10 -Release: 1 +Release: 4.<RELEASE5> # FIXME: check resolution of bnc#659001 to decide what to do about ownership of mhr directories in -lang (last checked: 2012-12-21) License: GPLv2+ Group: Productivity/Networking/Instant Messenger @@ -42,6 +42,8 @@ Patch14: pidgin-mono-buildfix.patch # PATCH-FIX-OPENSUSE pidgin-fix-perl-build.patch vuntz@opensuse.org -- Revert http://developer.pidgin.im/viewmtn/revision/info/f32151852a00fb5abd3fdccdd8d... as it breaks the build Patch15: pidgin-fix-perl-build.patch +Patch16: silc-fixutf8-securitybug.patch + # Can use external libzephyr BuildRequires: cyrus-sasl-devel BuildRequires: dbus-1-devel @@ -329,6 +331,8 @@ %patch5 -p1 %patch14 -p1 %patch15 -p1 +%patch16 -p1 + # Change Myanmar/Myanmar to Myanmar: rename my_MM my po/my_MM.* %{__sed} -i "/ALL_LINGUAS/s/ my_MM / my /" configure.ac ++++++ silc-fixutf8-securitybug.patch ++++++ Index: pidgin-2.6.6/libpurple/protocols/silc/ops.c =================================================================== --- pidgin-2.6.6.orig/libpurple/protocols/silc/ops.c +++ pidgin-2.6.6/libpurple/protocols/silc/ops.c @@ -332,10 +332,17 @@ silc_channel_message(SilcClient client, } if (flags & SILC_MESSAGE_FLAG_UTF8) { - tmp = g_markup_escape_text((const char *)message, -1); + const char *msg = (const char *)message; + char *salvaged = NULL; + if (!g_utf8_validate((const char *)message, -1, NULL)) { + salvaged = purple_utf8_salvage((const char *)message); + msg = salvaged; + } + tmp = g_markup_escape_text(msg, -1); /* Send to Purple */ serv_got_chat_in(gc, purple_conv_chat_get_id(PURPLE_CONV_CHAT(convo)), sender->nickname, 0, tmp, time(NULL)); + g_free(salvaged); g_free(tmp); } } continue with "q"... Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org