Closed
Bug 955042
Opened 11 years ago
Closed 11 years ago
Update libpurple up to 2.10.7
Categories
(Chat Core :: General, enhancement)
Chat Core
General
Tracking
(Not tracked)
RESOLVED
FIXED
1.4
People
(Reporter: clokep, Assigned: clokep)
References
()
Details
(Whiteboard: [1.4-wanted])
Attachments
(4 files)
|
57.43 KB,
patch
|
florian
:
review+
|
Details | Diff | Splinter Review |
|
808.02 KB,
patch
|
Details | Diff | Splinter Review | |
|
976.97 KB,
patch
|
Details | Diff | Splinter Review | |
|
7.39 KB,
patch
|
Details | Diff | Splinter Review |
*** Original post on bio 1612 at 2012-08-02 10:32:00 UTC ***
+++ This bug was initially created as a clone of Bug #954770 (bio 1337) +++
libpurple 2.10.6 is available now:
version 2.10.6 (07/06/2012)
Pidgin:
Fix a bug that requires a triple-click to open a conversation window from the buddy list. (#15199)
version 2.10.5 (07/05/2012)
libpurple:
Add support for GNOME3 proxy settings. (Mihai Serban) (#15054)
Pidgin:
Fix a crash that may occur when trying to ignore a user who is not in the current chat room. (#15139)
MSN:
Fix building with MSVC on Windows (broken in 2.10.4). (Florian Queze)
MXit:
Fix a buffer overflow vulnerability when parsing incoming messages containing inline images. Thanks to Ulf Härnhammar for reporting this! (CVE-2012-3374)
Seems to be a pretty small set of changes, we don't have MXit, the MSN change is already in Instantbird with the 2.10.4 upgrade and Pidgin changes shouldn't affect us.
|
Assignee | |
Updated•11 years ago
|
Whiteboard: [1.4-wanted]
|
|
Assignee | |
Comment 1•11 years ago
|
||
*** Original post on bio 1612 at 2013-02-13 15:50:26 UTC ***
>version 2.10.7 (02/13/2012)
> libpurple
> Fix a crash when receiving UPnP responses with abnormally long values. (CVE-2013-0274)
> Don't link directly to libgcrypt when building with GnuTLS support. (Bartosz Brachaczek) (#15329)
> Fix UPnP mappings on routers that return empty <URLBase/> elements in their response. (Ferdinand Stehle) (#15373)
> Tcl plugin uses saner, race-free plugin loading.
> Fix the Tcl signals-test plugin for savedstatus-changed. (Andrew Shadura) (#15443)
>
> Gadu-Gadu
> Fix a crash at startup with large contact list. Avatar support for buddies will be disabled until 3.0.0. (#15226, #14305)
>
> MSN
> Fix SSL certificate issue when signing into MSN for some users.
> Fix a crash when removing a user before its icon is loaded. (Mark Barfield) (#15217)
>
> Sametime
> Fix a crash in Sametime when a malicious server sends us an abnormally long user ID. (CVE-2013-0273)
>
> Yahoo
> Fix a double-free in profile/picture loading code. (Mihai Serban) (#15053)
> Fix retrieving server-side buddy aliases. (Catalin Salgu) (#15381)
>
> Windows-Specific Changes
> Compile with secure flags (Jurre van Bergen) (#15290)
> Updates to a number of dependencies, some of which have security related fixes. Thanks again to Jacob Appelbaum and Jurre van Bergen for identifying the vulnerable libraries and to Dieter Verfaillie for helping getting the libraries updated. (#14571, #15285, #15286)
> ATK 1.32.0-2
> Cyrus SASL 2.1.25
> expat 2.1.0-1
> freetype 2.4.10-1
> gettext 0.18.1.1-2
> Glib 2.28.8-1
> libpng 1.4.12-1
> libxml2 2.9.0-1
> NSS 3.13.6 and NSPR 4.9.2
> Pango 1.29.4-1
> SILC 1.1.10
> zlib 1.2.5-2
> Patch libmeanwhile (sametime library) to fix crash. (Jonathan Rice) (#12637)
Looks like we'll want to take these changes, there are a lot of crash fixes in this release.
This also updates GLib, libxml2, I wonder if we should do the same?
Summary: Update libpurple up to 2.10.6 → Update libpurple up to 2.10.7
|
|
Assignee | |
Comment 2•11 years ago
|
||
*** Original post on bio 1612 as attmnt 2233 at 2013-02-16 03:43:00 UTC ***
This compiles fine on Windows.
This (obviously) doesn't include the translations or or updating purple-prefs.js. How are those done?
Attachment #8353996 -
Flags: review?(florian)
|
|
Assignee | |
Updated•11 years ago
|
Assignee: nobody → clokep
Status: NEW → ASSIGNED
|
||
Comment 3•11 years ago
|
||
*** Original post on bio 1612 at 2013-02-18 22:50:16 UTC ***
(In reply to comment #2)
> This (obviously) doesn't include the translations or or updating
> purple-prefs.js. How are those done?
To regenerate purple-prefs.js, the solution is to compile a debug build with the newer libpurple code and without the existing purple-prefs.js
When compiled with #define DEBUG, the code in purpleInit.cpp will printf the preferences that libpurple's initialization creates.
That's a bit tedious, so I typically use a shortcut to just update the file: All preferences are created by libpurple with calls to purple_prefs_add_* functions, so grepping purple_prefs_add in the diff of the libpurple update lets me know which changes are needed to the default preferences. In the case of the patch attached here, no change is needed.
To generate the translation files, the solution is to move the "po" folder of Pidgin's source tarball to tools/l10n/ in the Instantbird source tree and then to execute the convert-purple-po-files-to-properties-files.py script. I think it will generate all the translation files in a result/ subfolder.
I kept meaning to improve purple/upgrade-libpurple.sh to handle these 2 steps mostly automatically, but I guess we didn't update libpurple frequently enough to make this painful enough that I would fully script it.
Hope this helps!
|
|
Assignee | |
Comment 4•11 years ago
|
||
*** Original post on bio 1612 as attmnt 2237 at 2013-02-19 00:27:00 UTC ***
After a bit of work I got this to work. Thanks!
|
|
Assignee | |
Comment 5•11 years ago
|
||
*** Original post on bio 1612 as attmnt 2238 at 2013-02-19 00:28:00 UTC was without comment, so any subsequent comment numbers will be shifted ***
|
|
||
Comment 6•11 years ago
|
||
*** Original post on bio 1612 as attmnt 2350 at 2013-04-12 21:46:00 UTC ***
The content of this attachment is what I've actually reviewed.
Here is what I did to create it:
1. cd purple/ && DIFFCURRENTONLY=1 bash ./upgrade-libpurple.sh
2. apply attachment 8353996 [details] [diff] [review] (bio-attmnt 2233)
3. Do 1. again.
4. Use sed to get rid of "pidgin-2.10.4", "pidgin-2.10.7" and the patch dates in the 2 diffs.
5. diff -u diff-current-to-2.10.{4,7}.patch
|
|
||
Comment 7•11 years ago
|
||
Comment on attachment 8353996 [details] [diff] [review]
Patch v1
*** Original change on bio 1612 attmnt 2233 at 2013-04-12 21:53:32 UTC ***
Thanks! :-)
Attachment #8353996 -
Flags: review?(florian) → review+
|
|
||
Comment 8•11 years ago
|
||
*** Original post on bio 1612 at 2013-04-12 21:59:28 UTC ***
Attachment 8354000 [details] [diff] (bio-attmnt 2237) and attachment 8354001 [details] [diff] [review] (bio-attmnt 2238) look like they are just fixing bug 955172 (bio 1741) + moving a few strings around for most locales. Moving strings around without purpose isn't really nice but on the other hand it seems there are some real changes in some locales, so I'm not really sure of what to do here.
|
|
||
Comment 9•11 years ago
|
||
*** Original post on bio 1612 at 2013-04-12 22:10:55 UTC ***
(In reply to comment #8)
> Attachment 8354000 [details] [diff] (bio-attmnt 2237) [details] and attachment 8354001 [details] [diff] [review] (bio-attmnt 2238) [details] look like they are just fixing bug 955172 (bio 1741) +
> moving a few strings around for most locales. Moving strings around without
> purpose isn't really nice but on the other hand it seems there are some real
> changes in some locales, so I'm not really sure of what to do here.
Ok, I've decided to just checkin these two attachments. We've lived with strings moving around before, so no reason to block on it today.
|
|
||
Comment 10•11 years ago
|
||
*** Original post on bio 1612 at 2013-04-12 22:12:21 UTC ***
http://hg.instantbird.org/instantbird/rev/2e098b8e271f
http://hg.instantbird.org/l10n/libpurple/rev/0bb8fedc74a6
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → 1.4
|
|
Assignee | |
Comment 11•11 years ago
|
||
*** Original post on bio 1612 at 2013-04-13 14:45:17 UTC ***
(In reply to comment #6)
> Here is what I did to create it:
> 1. cd purple/ && DIFFCURRENTONLY=1 bash ./upgrade-libpurple.sh
> 2. apply attachment 8353996 [details] [diff] [review] (bio-attmnt 2233) [details]
> 3. Do 1. again.
> 4. Use sed to get rid of "pidgin-2.10.4", "pidgin-2.10.7" and the patch dates
> in the 2 diffs.
> 5. diff -u diff-current-to-2.10.{4,7}.patch
I wonder if this could be added to the upgrade-libpurple.sh script? Maybe steps 4 - 5 at least.
|
|
||
Comment 12•11 years ago
|
||
*** Original post on bio 1612 at 2013-04-13 20:58:18 UTC ***
(In reply to comment #11)
> I wonder if this could be added to the upgrade-libpurple.sh script?
There are other things we would need to add before: I was considering creating a second script that finishes the update automatically once the merge conflicts are fixed by hand. Currently we just print to stdout the commands that the developer need to run to finish the update.
You need to log in
before you can comment on or make changes to this bug.
Description
•