summaryrefslogtreecommitdiff
path: root/nonprism/pidgin-nonprism
diff options
context:
space:
mode:
Diffstat (limited to 'nonprism/pidgin-nonprism')
-rw-r--r--nonprism/pidgin-nonprism/PKGBUILD31
-rw-r--r--nonprism/pidgin-nonprism/pidgin-2.10.7-link-libirc-to-libsasl2.patch12
-rw-r--r--nonprism/pidgin-nonprism/pidgin-2.10.8-fix-login-issues-with-certain-xmpp-servers.patch145
3 files changed, 161 insertions, 27 deletions
diff --git a/nonprism/pidgin-nonprism/PKGBUILD b/nonprism/pidgin-nonprism/PKGBUILD
index 50bf3d05d..9f80eb57a 100644
--- a/nonprism/pidgin-nonprism/PKGBUILD
+++ b/nonprism/pidgin-nonprism/PKGBUILD
@@ -1,4 +1,4 @@
-# $Id: PKGBUILD 185869 2013-05-19 16:42:53Z foutrelis $
+# $Id: PKGBUILD 204921 2014-01-31 12:35:03Z foutrelis $
# Maintainer: Evangelos Foutras <evangelos@foutrelis.com>
# Contributor: Ionut Biru <ibiru@archlinux.org>
# Contributor: Andrea Scarpino <andrea@archlinux.org>
@@ -7,40 +7,41 @@
_pkgname=pidgin
pkgname=('pidgin-nonprism' 'libpurple-nonprism' 'finch-nonprism')
-pkgver=2.10.7
-pkgrel=4
+pkgver=2.10.8
+pkgrel=2
arch=('i686' 'x86_64' 'mips64el')
url="http://pidgin.im/"
license=('GPL')
makedepends=('startup-notification' 'gtkspell' 'libxss' 'nss' 'libsasl' 'libsm'
'libidn' 'python2' 'hicolor-icon-theme' 'farstream-0.1' 'avahi'
'tk' 'ca-certificates' 'intltool' 'networkmanager')
-options=('!libtool')
-source=(http://downloads.sourceforge.net/$_pkgname/$_pkgname-$pkgver.tar.bz2
- pidgin-2.10.7-link-libirc-to-libsasl2.patch nonprism.patch)
-sha256sums=('eba32994eca20d1cf24a4261b059b2de71a1ec2dd0926e904074b0db49f7f192'
- '063723d5dc5726c43137b4b383c9d07c2c008391f6a626faaf6cedd31a2f1e8f'
+source=(http://downloads.sourceforge.net/$_pkgname/$_pkgname-$pkgver.tar.bz2{,.asc}
+ pidgin-2.10.8-fix-login-issues-with-certain-xmpp-servers.patch
+ nonprism.patch)
+sha256sums=('b633367e3588ff3e615d68e812302dfdbe32e73693cbe42a0d827b7aed7a8227'
+ 'SKIP'
+ '4b4cc2d0816bbc7de83d34de6880935163007193a36dcc13afc89fc1ffacc5d2'
'f7acfb852cdecfed16e8b116546b643cad1c44d28b56f28ff5485f92af68e9e2')
prepare() {
cd "$srcdir/$_pkgname-$pkgver"
+
msg 'remove Google Talk and Facebook protocols'
patch -Np1 -i "$srcdir/nonprism.patch"
msg 'remove wrong OS term'
sed -i 's|on Linux|on GNU/Linux|' libpurple/valgrind.h
sed -i 's|On Linux|On GNU/Linux|' libpurple/connection.h
-}
-
-build() {
- cd "$srcdir/$_pkgname-$pkgver"
- # https://developer.pidgin.im/ticket/15517
- patch -Np1 -i "$srcdir/pidgin-2.10.7-link-libirc-to-libsasl2.patch"
- autoreconf -vi
+ # https://developer.pidgin.im/ticket/15879
+ patch -Np1 -i "$srcdir/pidgin-2.10.8-fix-login-issues-with-certain-xmpp-servers.patch"
# Use Python 2
sed -i 's/env python$/&2/' */plugins/*.py \
libpurple/purple-{remote,notifications-example,url-handler}
+}
+
+build() {
+ cd "$srcdir/$_pkgname-$pkgver"
./configure \
--prefix=/usr \
diff --git a/nonprism/pidgin-nonprism/pidgin-2.10.7-link-libirc-to-libsasl2.patch b/nonprism/pidgin-nonprism/pidgin-2.10.7-link-libirc-to-libsasl2.patch
deleted file mode 100644
index abffa20b8..000000000
--- a/nonprism/pidgin-nonprism/pidgin-2.10.7-link-libirc-to-libsasl2.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -upr pidgin-2.10.7.orig/libpurple/protocols/irc/Makefile.am pidgin-2.10.7/libpurple/protocols/irc/Makefile.am
---- pidgin-2.10.7.orig/libpurple/protocols/irc/Makefile.am 2013-02-14 02:44:47.000000000 +0200
-+++ pidgin-2.10.7/libpurple/protocols/irc/Makefile.am 2013-02-14 02:49:58.000000000 +0200
-@@ -27,7 +27,7 @@ else
- st =
- pkg_LTLIBRARIES = libirc.la
- libirc_la_SOURCES = $(IRCSOURCES)
--libirc_la_LIBADD = $(GLIB_LIBS)
-+libirc_la_LIBADD = $(GLIB_LIBS) $(SASL_LIBS)
-
- endif
-
diff --git a/nonprism/pidgin-nonprism/pidgin-2.10.8-fix-login-issues-with-certain-xmpp-servers.patch b/nonprism/pidgin-nonprism/pidgin-2.10.8-fix-login-issues-with-certain-xmpp-servers.patch
new file mode 100644
index 000000000..32f28aa25
--- /dev/null
+++ b/nonprism/pidgin-nonprism/pidgin-2.10.8-fix-login-issues-with-certain-xmpp-servers.patch
@@ -0,0 +1,145 @@
+
+# HG changeset patch
+# User Mark Doliner <mark@kingant.net>
+# Date 1391153359 28800
+# Node ID b8e2a5fbffd3052ccba7160b56eac70f8e19c49a
+# Parent e733020a9d3840275ffa931a9aeefe4d8befc08e
+Fix problems logging into some servers including jabber.org and
+chat.facebook.com.
+
+See my length comment in iq.c for details.
+
+diff --git a/libpurple/protocols/jabber/iq.c b/libpurple/protocols/jabber/iq.c
+--- a/libpurple/protocols/jabber/iq.c
++++ b/libpurple/protocols/jabber/iq.c
+@@ -283,6 +283,52 @@
+ g_hash_table_remove(js->iq_callbacks, id);
+ }
+
++/**
++ * Verify that the 'from' attribute of an IQ reply is a valid match for
++ * a given IQ request. The expected behavior is outlined in section
++ * 8.1.2.1 of the XMPP CORE spec (RFC 6120). We consider the reply to
++ * be a valid match if any of the following is true:
++ * - Request 'to' matches reply 'from' (including the case where
++ * neither are set).
++ * - Request 'to' was empty and reply 'from' is server JID.
++ * - Request 'to' was empty and reply 'from' is my JID. The spec says
++ * we should only allow bare JID, but we also allow full JID for
++ * compatibility with some servers.
++ *
++ * These rules should allow valid IQ replies while preventing spoofed
++ * ones.
++ *
++ * For more discussion see the "Spoofing of iq ids and misbehaving
++ * servers" email thread from January 2014 on the jdev and security
++ * mailing lists.
++ *
++ * @return TRUE if this reply is valid for the given request.
++ */
++static gboolean does_reply_from_match_request_to(JabberStream *js, JabberID *to, JabberID *from)
++{
++ if (jabber_id_equal(to, from)) {
++ /* Request 'to' matches reply 'from' */
++ return TRUE;
++ }
++
++ if (!to && purple_strequal(from->domain, js->user->domain)) {
++ /* Request 'to' is empty and reply 'from' domain matches our domain */
++
++ if (!from->node && !from->resource) {
++ /* Reply 'from' is server bare JID */
++ return TRUE;
++ }
++
++ if (purple_strequal(from->node, js->user->node)
++ && (!from->resource || purple_strequal(from->resource, js->user->resource))) {
++ /* Reply 'from' is my full or bare JID */
++ return TRUE;
++ }
++ }
++
++ return FALSE;
++}
++
+ void jabber_iq_parse(JabberStream *js, xmlnode *packet)
+ {
+ JabberIqCallbackData *jcd;
+@@ -377,8 +423,9 @@
+
+ /* First, lets see if a special callback got registered */
+ if(type == JABBER_IQ_RESULT || type == JABBER_IQ_ERROR) {
+- if((jcd = g_hash_table_lookup(js->iq_callbacks, id))) {
+- if(jabber_id_equal(js, jcd->to, from_id)) {
++ jcd = g_hash_table_lookup(js->iq_callbacks, id);
++ if (jcd) {
++ if (does_reply_from_match_request_to(js, jcd->to, from_id)) {
+ jcd->callback(js, from, type, id, packet, jcd->data);
+ jabber_iq_remove_callback_by_id(js, id);
+ jabber_id_free(from_id);
+diff --git a/libpurple/protocols/jabber/jutil.c b/libpurple/protocols/jabber/jutil.c
+--- a/libpurple/protocols/jabber/jutil.c
++++ b/libpurple/protocols/jabber/jutil.c
+@@ -510,30 +510,21 @@
+
+
+ gboolean
+-jabber_id_equal(JabberStream *js, const JabberID *jid1, const JabberID *jid2)
++jabber_id_equal(const JabberID *jid1, const JabberID *jid2)
+ {
+- const JabberID *j1, *j2;
+- JabberID *bare_user_jid;
+- gboolean equal;
++ if (!jid1 && !jid2) {
++ /* Both are null therefore equal */
++ return TRUE;
++ }
+
+- /* If an outgoing stanza has no 'to', or an incoming has no 'from',
+- * then those are "the server acting as my account". This function will
+- * handle that correctly.
+- */
+- if (!jid1 && !jid2)
+- return TRUE;
++ if (!jid1 || !jid2) {
++ /* One is null, other is non-null, therefore not equal */
++ return FALSE;
++ }
+
+- bare_user_jid = jabber_id_to_bare_jid(js->user);
+- j1 = jid1 ? jid1 : bare_user_jid;
+- j2 = jid2 ? jid2 : bare_user_jid;
+-
+- equal = purple_strequal(j1->node, j2->node) &&
+- purple_strequal(j1->domain, j2->domain) &&
+- purple_strequal(j1->resource, j2->resource);
+-
+- jabber_id_free(bare_user_jid);
+-
+- return equal;
++ return purple_strequal(jid1->node, jid2->node) &&
++ purple_strequal(jid1->domain, jid2->domain) &&
++ purple_strequal(jid1->resource, jid2->resource);
+ }
+
+ char *jabber_get_domain(const char *in)
+diff --git a/libpurple/protocols/jabber/jutil.h b/libpurple/protocols/jabber/jutil.h
+--- a/libpurple/protocols/jabber/jutil.h
++++ b/libpurple/protocols/jabber/jutil.h
+@@ -46,12 +46,10 @@
+ JabberID* jabber_id_new(const char *str);
+
+ /**
+- * Compare two JIDs for equality.
+- *
+- * Warning: If either JID is NULL then this function uses the user's
+- * bare JID, instead!
++ * Compare two JIDs for equality. In addition to the node and domain,
++ * the resources of the two JIDs must also be equal (or both absent).
+ */
+-gboolean jabber_id_equal(JabberStream *js, const JabberID *jid1, const JabberID *jid2);
++gboolean jabber_id_equal(const JabberID *jid1, const JabberID *jid2);
+
+ void jabber_id_free(JabberID *jid);
+
+