# ChangeLog for net-im/empathy
# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-im/empathy/ChangeLog,v 1.90 2011/08/18 06:22:13 nirbheek Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-im/empathy/ChangeLog,v 1.91 2011/10/24 18:33:23 pacho Exp $
+
+*empathy-2.34.0-r2 (24 Oct 2011)
+
+ 24 Oct 2011; Pacho Ramos <pacho@gentoo.org> +empathy-2.34.0-r2.ebuild,
+ +files/empathy-2.34.0-CVE-2011-3635.patch,
+ +files/empathy-2.34.0-missing-include.patch:
+ Fix script injection vulnerability (CVE-2011-3635), bug #388051 (backported
+ patch by Tetromino); fix compilation error due missing header, bug #388203 by
+ My Th. Readd dropped keywords after masking offending map USE flag for them,
+ that arches shouldn't stick with old 2.32.x versions.
*empathy-3.0.2 (18 Aug 2011)
Hash: SHA1
AUX empathy-2.32.2-libnotify-0.7.patch 1644 RMD160 87941e9933ec4fb83f45a0e052af77273a6aa250 SHA1 8696716fd49d0a0bce7eeb7044db66b7591e0d82 SHA256 8f7280c95fb67a2f91dc38984523f8ae4be95643e7404ea672d88d6541987ca8
+AUX empathy-2.34.0-CVE-2011-3635.patch 2451 RMD160 74947ef5803899f2882fd80186329673303c84d2 SHA1 36b1e435df44238ad8ec457148198c6f33e402c8 SHA256 7b82ba0d9e002ba78975caff45ec08eb7b176feb513ba72c0c312f0a2a8ccd54
AUX empathy-2.34.0-auth-dialog-crash-fix.patch 976 RMD160 97ea8bb28e5673baaca8d437158202d9b40019d1 SHA1 ab18d8759a46da7e34b0f2261c7c3b802688663a SHA256 cad7bc8885b94cfe777223bd167006f5fd5e57dcff87ba861260d08e961c22f3
+AUX empathy-2.34.0-missing-include.patch 379 RMD160 c0284cfd166c731b8214f849c0503e646eb4bf7b SHA1 e01c5f0dfc57550e7933b85f0d4c61d29e58b061 SHA256 4e0db8f73a72c5adfd331f53d291f600f83a01832a22121a4b946306f8bc23b6
DIST empathy-2.32.2.tar.bz2 2936340 RMD160 36d42e08343e49c1963405caeb35e76400bab209 SHA1 b956af129aaecc54491c7bc01892bb29c33c1d32 SHA256 f90a45955205fd8bd783a55acae4603197caab4f16a880106f8639cbbbe5e861
DIST empathy-2.34.0.tar.bz2 3361496 RMD160 a76e9633d88dbd48c5d494d3393566a88a5b35c4 SHA1 cc82c871fb1d3dbc428b851c59ad44184f064d10 SHA256 6efa0ae3ac3580ac9600f889c92497f36983e22da79d547a65030a14691369d1
DIST empathy-3.0.2.tar.bz2 3319921 RMD160 52e8356b7d6e7aa21b72f0c3b217f8d85ec1d1f3 SHA1 593eb0db1a221fdd1466bb6ecc96e0f69d23d287 SHA256 8074f6ce951fb95b1e13c546497e22d487bca9a87d88f1ebb903cdd2fd48bdc2
EBUILD empathy-2.32.2.ebuild 3129 RMD160 432ea4a9ea354ff8c031a6e91b77f460f853f568 SHA1 02c8374d7368e1485f992df349441b316b12fcc9 SHA256 8c784893206ce642837dec44e29cfbbaa7ca6a57b55a65d847d02b5883fdbdad
EBUILD empathy-2.34.0-r1.ebuild 3133 RMD160 bf5ee1044300b8bf62b7923e4b9a22dc6fa64d5f SHA1 1a16c403650342e09ad97581c44d6c9ee55955ab SHA256 99278f352cc03328909b0463719117d3d0979e111827c1266f5ca1d4527f55d7
+EBUILD empathy-2.34.0-r2.ebuild 3301 RMD160 c633930aae0953c7b2ef11e537f113bf6c64eff1 SHA1 517a77802425642420039f60524613c7230bce82 SHA256 c3bc4a0d13027e9f60ee483f9f095d839d3acab0ee1e5ac79142b231572cc190
EBUILD empathy-3.0.2.ebuild 3147 RMD160 eb64ad778aa75120fb9c467de8fd6d5417a0d774 SHA1 617d0289039b842425bdff2a4bd4676a35798fca SHA256 9a3dd7a0ba15f18002e2c7bc61fe41d691bf609814241488b3afbb06601902d5
-MISC ChangeLog 15487 RMD160 98a7fb11abf7f3268417cd856e45ef55fed1b358 SHA1 a29e336d5170429efb2f5972a5440ed57e14f566 SHA256 60adfc57cfceea51555888f35378d6118cac0a49c0b1ff4f7daa2f5e868e644e
+MISC ChangeLog 15977 RMD160 1aee16ddfff0a4f16bfe00a5f1e1dc7aab09568a SHA1 25dc3c70f1985df260381ab32144b1e149630bbe SHA256 512dd45134184f55e3c41d5271ae93923ec93c44f201fdc71587c457fb5a5059
MISC metadata.xml 1153 RMD160 f6baad498121aff0cc361fc11a9446469d701039 SHA1 bdb24dbb700b86545343c8448b83ec42243fe2c1 SHA256 ffaffc06bc4e5417d9c7c4a41db312506f1aa1a0d54501c7f776124817b08919
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
-iQIcBAEBAgAGBQJOTK+bAAoJEO/kOhxWD91kGrwP/1rUNu4lzadTrYaoj5ZlIe76
-IYHWZi6Nhi2JYSiieMC487cak2AmyruVAaIP1UeO1GNc2msked1rCGuz2BbM6pi9
-+BfUQhH/QtRXkvK0toxzrTwTUfMRmI1kCyqEGY0cWJ3BubEb1DiI+jj7prjPKcpN
-hWtrY6tNwhN5iVXMRBcMLODooU0XDvwB8ppAs+MRShMdmBQBGwc15rRmqAjkeuY2
-23nCa7gnfDfH//Wj4EIzJZbgXEsb91pPyfvA42lnF4HeaEYOvShX9dn+cu0BZHOm
-qYQGgDF14/nvE5snCl2J3mGKTHYZp2ibgbbnLSqTbnzAL//UlXgpxs6WTAIHn7dP
-awFYJl6l4fpcxXELPGgQgZ2KjnwusS82ZnAyh66OXJ/aX37GJ85xJ7TJFisgN2UB
-7a/xNFLd/Ro4zKwPAr/3M4T2YVfhSf2swX5GkTQE1E8HtjH+YoAYAsccCIgEcJAy
-4lfN0JiMMhd9mMifcVkH9IndSEh55Fj8RVnIOmHlrTiQAHDZUJWNd3lPJTSfYTX1
-fzHVYAqblKhUjVQogmuknLGBUeZfU6Ioxcs4TfSGyIZSilxWf/I2nOfmas2hHnGU
-uJD8jKSBLKmWRJQe8gb+17J9eylpMz0OHFhx0XxPWXKcvL8EBIJNQ9fWLhnLw2jL
-A+e9mj+bA9S2VJylEV7x
-=x90U
+iEYEARECAAYFAk6lr3kACgkQCaWpQKGI+9QLTQCfbOmwhVq06OZK1w/xKNnMcUSq
+x38AnjCK1mQurUYeyCwb4MRWCZABRQTX
+=Jso1
-----END PGP SIGNATURE-----
--- /dev/null
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-im/empathy/empathy-2.34.0-r2.ebuild,v 1.1 2011/10/24 18:33:23 pacho Exp $
+
+EAPI="4"
+GCONF_DEBUG="yes"
+GNOME2_LA_PUNT="yes"
+GNOME_TARBALL_SUFFIX="bz2"
+PYTHON_DEPEND="2:2.4"
+
+inherit eutils gnome2 multilib python
+
+DESCRIPTION="Telepathy client and library using GTK+"
+HOMEPAGE="http://live.gnome.org/Empathy"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~ia64 ~ppc ~sparc ~x86 ~x86-linux"
+# FIXME: Add location support once geoclue stops being idiotic with automagic deps
+IUSE="eds map nautilus networkmanager spell test webkit"
+
+# FIXME: libnotify & libcanberra hard deps
+# gst-plugins-bad is required for the valve plugin. This should move to good
+# eventually at which point the dep can be dropped
+RDEPEND=">=dev-libs/glib-2.27.2:2
+ >=x11-libs/gtk+-2.22:2
+ >=dev-libs/dbus-glib-0.51
+ >=net-libs/telepathy-glib-0.14.1
+ >=media-libs/libcanberra-0.4[gtk]
+ >=x11-libs/libnotify-0.7
+ >=gnome-base/gnome-keyring-2.26
+ >=net-libs/gnutls-2.8.5
+ >=dev-libs/folks-0.4
+
+ >=dev-libs/libunique-1.1.6:1
+ net-libs/farsight2
+ >=media-libs/gstreamer-0.10.32:0.10
+ >=media-libs/gst-plugins-base-0.10.32:0.10
+ media-libs/gst-plugins-bad
+ media-plugins/gst-plugins-gconf
+ >=net-libs/telepathy-farsight-0.0.14
+ dev-libs/libxml2
+ x11-libs/libX11
+ net-voip/telepathy-connection-managers
+ >=net-im/telepathy-logger-0.2.0
+
+ eds? ( >=gnome-extra/evolution-data-server-1.2 )
+ map? (
+ >=media-libs/libchamplain-0.7.1:0.8[gtk]
+ >=media-libs/clutter-gtk-0.10:0.10 )
+ nautilus? ( >=gnome-extra/nautilus-sendto-2.31.7 )
+ networkmanager? ( >=net-misc/networkmanager-0.7 )
+ spell? (
+ >=app-text/enchant-1.2
+ >=app-text/iso-codes-0.35 )
+ webkit? ( >=net-libs/webkit-gtk-1.1.15:2 )
+"
+DEPEND="${RDEPEND}
+ app-text/scrollkeeper
+ >=app-text/gnome-doc-utils-0.17.3
+ >=dev-util/intltool-0.35.0
+ >=dev-util/pkgconfig-0.16
+ test? (
+ sys-apps/grep
+ >=dev-libs/check-0.9.4 )
+ dev-libs/libxslt
+"
+PDEPEND=">=net-im/telepathy-mission-control-5.7.6"
+
+pkg_setup() {
+ DOCS="CONTRIBUTORS AUTHORS ChangeLog NEWS README"
+
+ # call support needs unreleased telepathy-farstream
+ G2CONF="${G2CONF}
+ --enable-silent-rules
+ --disable-coding-style-checks
+ --disable-schemas-compile
+ --disable-static
+ --disable-call
+ --disable-location
+ --disable-control-center-embedding
+ --disable-Werror
+ $(use_enable debug)
+ $(use_with eds)
+ $(use_enable map)
+ $(use_enable nautilus nautilus-sendto)
+ $(use_with networkmanager connectivity nm)
+ $(use_enable spell)
+ $(use_enable webkit)"
+
+ # Build time python tools needs python2
+ python_set_active_version 2
+ python_pkg_setup
+}
+
+src_prepare() {
+ gnome2_src_prepare
+
+ epatch "${FILESDIR}"/${P}-auth-dialog-crash-fix.patch
+
+ # Fix script injection vulnerability (CVE-2011-3635), bug #388051
+ epatch "${FILESDIR}"/${P}-CVE-2011-3635.patch
+
+ # Fix compilation error due missing header, bug #388203
+ epatch "${FILESDIR}"/${P}-missing-include.patch
+
+ python_convert_shebangs -r 2 .
+}
+
+src_test() {
+ unset DBUS_SESSION_BUS_ADDRESS
+ emake check
+}
+
+pkg_postinst() {
+ gnome2_pkg_postinst
+ elog "Empathy needs telepathy's connection managers to use any IM protocol."
+ elog "See the USE flags on net-voip/telepathy-connection-managers"
+ elog "to install them."
+}
--- /dev/null
+From 192ce4dacc108f1b62e8ef752eeb5a2bee3d337f Mon Sep 17 00:00:00 2001
+From: Guillaume Desmottes <guillaume.desmottes@collabora.co.uk>
+Date: Tue, 18 Oct 2011 18:32:52 +0200
+Subject: [PATCH] theme_adium_append_message: escape alias before displaying
+ it
+
+Not doing so can lead to nasty HTML injection from hostile users.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=662035
+
+[Alexandre Rostovtsev <tetromino@gentoo.org>: backport to 2.32, and for
+ good measure, escape alias on /me-type events too]
+---
+ libempathy-gtk/empathy-theme-adium.c | 9 ++++++---
+ 1 files changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/libempathy-gtk/empathy-theme-adium.c b/libempathy-gtk/empathy-theme-adium.c
+index 8c6301e..08f79b4 100644
+--- a/libempathy-gtk/empathy-theme-adium.c
++++ b/libempathy-gtk/empathy-theme-adium.c
+@@ -436,7 +436,7 @@ theme_adium_append_message (EmpathyChatView *view,
+ EmpathyThemeAdiumPriv *priv = GET_PRIV (theme);
+ EmpathyContact *sender;
+ TpAccount *account;
+- gchar *body_escaped;
++ gchar *body_escaped, *name_escaped;
+ const gchar *body;
+ const gchar *name;
+ const gchar *contact_id;
+@@ -468,17 +468,19 @@ theme_adium_append_message (EmpathyChatView *view,
+ body = empathy_message_get_body (msg);
+ body_escaped = theme_adium_parse_body (body);
+ name = empathy_contact_get_alias (sender);
++ name_escaped = g_markup_escape_text (name, -1);
+ contact_id = empathy_contact_get_id (sender);
+
+ /* If this is a /me, append an event */
+ if (empathy_message_get_tptype (msg) == TP_CHANNEL_TEXT_MESSAGE_TYPE_ACTION) {
+ gchar *str;
+
+- str = g_strdup_printf ("%s %s", name, body_escaped);
++ str = g_strdup_printf ("%s %s", name_escaped, body_escaped);
+ theme_adium_append_event_escaped (view, str);
+
+ g_free (str);
+ g_free (body_escaped);
++ g_free (name_escaped);
+ return;
+ }
+
+@@ -600,7 +602,7 @@ theme_adium_append_message (EmpathyChatView *view,
+
+ if (html != NULL) {
+ theme_adium_append_html (theme, func, html, len, body_escaped,
+- avatar_filename, name, contact_id,
++ avatar_filename, name_escaped, contact_id,
+ service_name, message_classes->str,
+ timestamp, is_backlog);
+ } else {
+@@ -616,6 +618,7 @@ theme_adium_append_message (EmpathyChatView *view,
+ priv->last_is_backlog = is_backlog;
+
+ g_free (body_escaped);
++ g_free (name_escaped);
+ g_string_free (message_classes, TRUE);
+ }
+
+--
+1.7.7
+
--- /dev/null
+--- libempathy/empathy-auth-factory.c 2011-10-22 00:53:39.480665258 +0300
++++ libempathy/empathy-auth-factory.c 2011-10-22 00:55:22.726535188 +0300
+@@ -20,6 +20,7 @@
+
+ #include "empathy-auth-factory.h"
+
++#include <telepathy-glib/channel-dispatch-operation.h>
+ #include <telepathy-glib/interfaces.h>
+ #include <telepathy-glib/simple-handler.h>
+ #include <telepathy-glib/util.h>
projects / gentoo.git / commitdiff