[gentoo-commits] proj/gnome:master commit in: net-im/empathy/files/, net-im/empathy/

public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed

* [gentoo-commits] proj/gnome:master commit in: net-im/empathy/files/, net-im/empathy/
@ 2011-10-21 22:47 Alexandre Restovtsev
  0 siblings, 0 replies; 2+ messages in thread
From: Alexandre Restovtsev @ 2011-10-21 22:47 UTC (permalink / raw
  To: gentoo-commits

commit:     86179bb08859b53ae475c23a8e9b988b00b6022c
Author:     Alexandre Rostovtsev <tetromino <AT> gentoo <DOT> org>
AuthorDate: Fri Oct 21 22:30:58 2011 +0000
Commit:     Alexandre Restovtsev <tetromino <AT> gmail <DOT> com>
CommitDate: Fri Oct 21 22:30:58 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/gnome.git;a=commit;h=86179bb0

net-im/empathy: fix security vuln (bug #388051, CVE-2011-3635)

Fix HTML injection in empathy-theme-adium (CVE-2011-3635). Thanks to
Sean Amoss <failedtosync <AT> gmail.com> for reporting in bug #388051.

---
 ...mpathy-3.2.1.ebuild => empathy-3.2.1-r1.ebuild} |    3 +
 ...1-theme_adium_append_message-escape-alias.patch |   44 ++++++++++++++++++++
 2 files changed, 47 insertions(+), 0 deletions(-)

diff --git a/net-im/empathy/empathy-3.2.1.ebuild b/net-im/empathy/empathy-3.2.1-r1.ebuild
similarity index 96%
rename from net-im/empathy/empathy-3.2.1.ebuild
rename to net-im/empathy/empathy-3.2.1-r1.ebuild
index 4a160b1..3d39411 100644
--- a/net-im/empathy/empathy-3.2.1.ebuild
+++ b/net-im/empathy/empathy-3.2.1-r1.ebuild
@@ -118,6 +118,9 @@ pkg_setup() {
 src_prepare() {
 	gnome2_src_prepare
 
+	# bug #388051, CVE-2011-3635; fixed in git master
+	epatch "${FILESDIR}/${P}-theme_adium_append_message-escape-alias.patch"
+
 	python_convert_shebangs -r 2 tools
 }
 

diff --git a/net-im/empathy/files/empathy-3.2.1-theme_adium_append_message-escape-alias.patch b/net-im/empathy/files/empathy-3.2.1-theme_adium_append_message-escape-alias.patch
new file mode 100644
index 0000000..cbb5300
--- /dev/null
+++ b/net-im/empathy/files/empathy-3.2.1-theme_adium_append_message-escape-alias.patch
@@ -0,0 +1,44 @@
+From 739aca418457de752be13721218aaebc74bd9d36 Mon Sep 17 00:00:00 2001
+From: Guillaume Desmottes <guillaume.desmottes@collabora.co.uk>
+Date: Tue, 18 Oct 2011 16:32:52 +0000
+Subject: theme_adium_append_message: escape alias before displaying it
+
+Not doing so can lead to nasty HTML injection from hostile users.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=662035
+---
+diff --git a/libempathy-gtk/empathy-theme-adium.c b/libempathy-gtk/empathy-theme-adium.c
+index 42c0914..66b0320 100644
+--- a/libempathy-gtk/empathy-theme-adium.c
++++ b/libempathy-gtk/empathy-theme-adium.c
+@@ -782,7 +782,7 @@ theme_adium_append_message (EmpathyChatView *view,
+ 	EmpathyContact        *sender;
+ 	TpMessage             *tp_msg;
+ 	TpAccount             *account;
+-	gchar                 *body_escaped;
++	gchar                 *body_escaped, *name_escaped;
+ 	const gchar           *name;
+ 	const gchar           *contact_id;
+ 	EmpathyAvatar         *avatar;
+@@ -947,8 +947,10 @@ theme_adium_append_message (EmpathyChatView *view,
+ 		}
+ 	}
+ 
++	name_escaped = g_markup_escape_text (name, -1);
++
+ 	theme_adium_append_html (theme, func, html, body_escaped,
+-				 avatar_filename, name, contact_id,
++				 avatar_filename, name_escaped, contact_id,
+ 				 service_name, message_classes->str,
+ 				 timestamp, is_backlog, empathy_contact_is_user (sender));
+ 
+@@ -961,6 +963,7 @@ theme_adium_append_message (EmpathyChatView *view,
+ 	priv->last_is_backlog = is_backlog;
+ 
+ 	g_free (body_escaped);
++	g_free (name_escaped);
+ 	g_string_free (message_classes, TRUE);
+ }
+ 
+--
+cgit v0.9.0.2



^ permalink raw reply related	[flat|nested] 2+ messages in thread

* [gentoo-commits] proj/gnome:master commit in: net-im/empathy/files/, net-im/empathy/
@ 2011-10-24 16:08 Alexandre Restovtsev
  0 siblings, 0 replies; 2+ messages in thread
From: Alexandre Restovtsev @ 2011-10-24 16:08 UTC (permalink / raw
  To: gentoo-commits

commit:     c5e7106bcbda1454a7aa2f7e2723fadaf5e4c22d
Author:     Alexandre Rostovtsev <tetromino <AT> gentoo <DOT> org>
AuthorDate: Mon Oct 24 16:06:12 2011 +0000
Commit:     Alexandre Restovtsev <tetromino <AT> gmail <DOT> com>
CommitDate: Mon Oct 24 16:06:12 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/gnome.git;a=commit;h=c5e7106b

net-im/empathy: 3.2.1-r1 → 3.2.1.1

Bump; includes a more complete patch for the HTML injection vuln
(CVE-2011-3635) and fixes a crash in the contact list.

---
 ...athy-3.2.1-r1.ebuild => empathy-3.2.1.1.ebuild} |    3 -
 ...1-theme_adium_append_message-escape-alias.patch |   44 --------------------
 2 files changed, 0 insertions(+), 47 deletions(-)

diff --git a/net-im/empathy/empathy-3.2.1-r1.ebuild b/net-im/empathy/empathy-3.2.1.1.ebuild
similarity index 96%
rename from net-im/empathy/empathy-3.2.1-r1.ebuild
rename to net-im/empathy/empathy-3.2.1.1.ebuild
index 3d39411..4a160b1 100644
--- a/net-im/empathy/empathy-3.2.1-r1.ebuild
+++ b/net-im/empathy/empathy-3.2.1.1.ebuild
@@ -118,9 +118,6 @@ pkg_setup() {
 src_prepare() {
 	gnome2_src_prepare
 
-	# bug #388051, CVE-2011-3635; fixed in git master
-	epatch "${FILESDIR}/${P}-theme_adium_append_message-escape-alias.patch"
-
 	python_convert_shebangs -r 2 tools
 }
 

diff --git a/net-im/empathy/files/empathy-3.2.1-theme_adium_append_message-escape-alias.patch b/net-im/empathy/files/empathy-3.2.1-theme_adium_append_message-escape-alias.patch
deleted file mode 100644
index cbb5300..0000000
--- a/net-im/empathy/files/empathy-3.2.1-theme_adium_append_message-escape-alias.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 739aca418457de752be13721218aaebc74bd9d36 Mon Sep 17 00:00:00 2001
-From: Guillaume Desmottes <guillaume.desmottes@collabora.co.uk>
-Date: Tue, 18 Oct 2011 16:32:52 +0000
-Subject: theme_adium_append_message: escape alias before displaying it
-
-Not doing so can lead to nasty HTML injection from hostile users.
-
-https://bugzilla.gnome.org/show_bug.cgi?id=662035
----
-diff --git a/libempathy-gtk/empathy-theme-adium.c b/libempathy-gtk/empathy-theme-adium.c
-index 42c0914..66b0320 100644
---- a/libempathy-gtk/empathy-theme-adium.c
-+++ b/libempathy-gtk/empathy-theme-adium.c
-@@ -782,7 +782,7 @@ theme_adium_append_message (EmpathyChatView *view,
- 	EmpathyContact        *sender;
- 	TpMessage             *tp_msg;
- 	TpAccount             *account;
--	gchar                 *body_escaped;
-+	gchar                 *body_escaped, *name_escaped;
- 	const gchar           *name;
- 	const gchar           *contact_id;
- 	EmpathyAvatar         *avatar;
-@@ -947,8 +947,10 @@ theme_adium_append_message (EmpathyChatView *view,
- 		}
- 	}
- 
-+	name_escaped = g_markup_escape_text (name, -1);
-+
- 	theme_adium_append_html (theme, func, html, body_escaped,
--				 avatar_filename, name, contact_id,
-+				 avatar_filename, name_escaped, contact_id,
- 				 service_name, message_classes->str,
- 				 timestamp, is_backlog, empathy_contact_is_user (sender));
- 
-@@ -961,6 +963,7 @@ theme_adium_append_message (EmpathyChatView *view,
- 	priv->last_is_backlog = is_backlog;
- 
- 	g_free (body_escaped);
-+	g_free (name_escaped);
- 	g_string_free (message_classes, TRUE);
- }
- 
---
-cgit v0.9.0.2



^ permalink raw reply related	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2011-10-24 16:08 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-10-24 16:08 [gentoo-commits] proj/gnome:master commit in: net-im/empathy/files/, net-im/empathy/ Alexandre Restovtsev
  -- strict thread matches above, loose matches on Subject: below --
2011-10-21 22:47 Alexandre Restovtsev

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox