From 17f6f96f5cb792ff5410a2b24c6b058a99fff0bd5944be03d06e195df997c8b7 Mon Sep 17 00:00:00 2001
From: OBS User unknown <null@suse.de>
Date: Wed, 16 Jul 2008 21:21:13 +0000
Subject: [PATCH] OBS-URL:
 https://build.opensuse.org/package/show/openSUSE:Factory/pidgin?expand=0&rev=25

---
 pidgin-2.4.2.tar.bz2       |  3 ---
 pidgin-2.4.3.tar.bz2       |  3 +++
 pidgin-msn-xfer-fail.patch | 42 ++++++++++++++++++++++++++++++++++++++
 pidgin.changes             | 20 ++++++++++++++++++
 pidgin.spec                | 25 +++++++++++++++++++++--
 5 files changed, 88 insertions(+), 5 deletions(-)
 delete mode 100644 pidgin-2.4.2.tar.bz2
 create mode 100644 pidgin-2.4.3.tar.bz2
 create mode 100644 pidgin-msn-xfer-fail.patch

diff --git a/pidgin-2.4.2.tar.bz2 b/pidgin-2.4.2.tar.bz2
deleted file mode 100644
index 3707f5f..0000000
--- a/pidgin-2.4.2.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:3f09878883c6980083e7774371ec57d8bdc320a325342965afb120d52780d15f
-size 9376721
diff --git a/pidgin-2.4.3.tar.bz2 b/pidgin-2.4.3.tar.bz2
new file mode 100644
index 0000000..c45e5e9
--- /dev/null
+++ b/pidgin-2.4.3.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:8bb5d452fa3239c703647cf2dc28a5dfb849d7df7b89da0018271a337af053a6
+size 9382967
diff --git a/pidgin-msn-xfer-fail.patch b/pidgin-msn-xfer-fail.patch
new file mode 100644
index 0000000..8c8a923
--- /dev/null
+++ b/pidgin-msn-xfer-fail.patch
@@ -0,0 +1,42 @@
+--- libpurple/protocols/msn/slplink.c
++++ libpurple/protocols/msn/slplink.c
+@@ -556,13 +556,15 @@
+ 					PurpleXfer *xfer;
+ 
+ 					xfer = slpmsg->slpcall->xfer;
+-
+ 					if (xfer != NULL)
+ 					{
+ 						purple_xfer_start(slpmsg->slpcall->xfer,
+ 							0, NULL, 0);
+-						slpmsg->fp = ((PurpleXfer *)slpmsg->slpcall->xfer)->dest_fp;
+-						xfer->dest_fp = NULL; /* Disable double fclose() */
++						if (slpmsg->slpcall->xfer)
++						{
++							slpmsg->fp = ((PurpleXfer *)slpmsg->slpcall->xfer)->dest_fp;
++							xfer->dest_fp = NULL; /* Disable double fclose() */
++						}
+ 					}
+ 				}
+ 			}
+--- libpurple/protocols/msnp9/slplink.c
++++ libpurple/protocols/msnp9/slplink.c
+@@ -555,13 +555,15 @@
+ 					PurpleXfer *xfer;
+ 
+ 					xfer = slpmsg->slpcall->xfer;
+-
+ 					if (xfer != NULL)
+ 					{
+ 						purple_xfer_start(slpmsg->slpcall->xfer,
+ 							0, NULL, 0);
+-						slpmsg->fp = ((PurpleXfer *)slpmsg->slpcall->xfer)->dest_fp;
+-						xfer->dest_fp = NULL; /* Disable double fclose() */
++						if (slpmsg->slpcall->xfer)
++						{
++							slpmsg->fp = ((PurpleXfer *)slpmsg->slpcall->xfer)->dest_fp;
++							xfer->dest_fp = NULL; /* Disable double fclose() */
++						}
+ 					}
+ 				}
+ 			}
diff --git a/pidgin.changes b/pidgin.changes
index d247b15..337b644 100644
--- a/pidgin.changes
+++ b/pidgin.changes
@@ -1,3 +1,23 @@
+-------------------------------------------------------------------
+Tue Jul 15 13:54:12 CEST 2008 - sbrabec@suse.cz
+
+- Update to version 2.4.3:
+  * Setting your buddy icon once again works for Yahoo! accounts.
+  * Fixes in the Yahoo! protocol to prevent a double free, crashes
+    on aliases, and alias functionality.
+  * Fix crashes in the bonjour protocol.
+  * Always use UTF-8 for Yahoo! (needed for Yahoo! Japan)
+  * Fix a crash when the given jabber id is invalid.
+  * Make the IRC "unknown message" debugging messages UTF-8 safe.
+  * Fix connecting to ICQ.
+  * Fix a memleak when handling jabber xforms.
+  * Various memory leak fixes.
+  * Fix MSN malformed SLP message integer overflow (bnc#406416,
+    CVE-2008-2927, RedHat#453764)
+- Fix of MSN file transfer failed receiver file open DoS
+  (bnc#404163, pidgin#6246, CVE-2008-2955, BUGTRAQ:20080626 Pidgin
+  2.4.1 Vulnerability, FRSIRT:ADV-2008-1947, SECUNIA:30881)
+
 -------------------------------------------------------------------
 Mon Jun 30 20:32:10 CEST 2008 - maw@suse.de
 
diff --git a/pidgin.spec b/pidgin.spec
index b9ae715..08ff7de 100644
--- a/pidgin.spec
+++ b/pidgin.spec
@@ -1,5 +1,5 @@
 #
-# spec file for package pidgin (Version 2.4.2)
+# spec file for package pidgin (Version 2.4.3)
 #
 # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
 # This file and all modifications and additions to the pristine
@@ -13,7 +13,7 @@
 
 Name:           pidgin
 Summary:        GTK+-Based Multiprotocol Instant Messaging Client
-Version:        2.4.2
+Version:        2.4.3
 Release:        1
 License:        GPL v2 or later
 Group:          Productivity/Networking/Instant Messenger
@@ -32,6 +32,7 @@ Patch10:        pidgin-64bit-buildhack.patch
 # PATCH-FIX-UPSTREAM: pidgin-directconn-argfix.patch
 Patch11:        pidgin-directconn-argfix.patch
 Patch12:        pidgin-dbus-invalid-gpointer.patch
+Patch13:        pidgin-msn-xfer-fail.patch
 # Can use external libzephyr
 BuildRequires:  cyrus-sasl-devel dbus-1-devel doxygen evolution-data-server-devel gnome-keyring-devel graphviz gtk-doc gtkspell-devel intltool libao-devel libbonobo-devel libgadu-devel libstdc++-devel libxml2-devel libxslt meanwhile-devel mono-devel mozilla-nspr-devel mozilla-nss-devel ncurses-devel perl-XML-Parser python sqlite-devel startup-notification-devel tk-devel update-desktop-files
 # Product specific lines
@@ -710,6 +711,9 @@ Authors:
 %patch9 -p1
 %patch11 -p1
 %patch12
+# PATCH-FIX-UPSTREAM pidgin-msn-xfer-fail.patch bnc404163 sbrabec@suse.cz -- Fix MSN file transfer DoS
+# http://developer.pidgin.im/ticket/6246
+%patch13
 # Change Myanmar/Myanmar to Myanmar:
 rename my_MM my po/my_MM.*
 sed -i "/^ALL_LINGUAS/s/ my_MM / my /" configure.ac
@@ -880,6 +884,23 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/pkgconfig/gnt.pc
 
 %changelog
+* Tue Jul 15 2008 sbrabec@suse.cz
+- Update to version 2.4.3:
+  * Setting your buddy icon once again works for Yahoo! accounts.
+  * Fixes in the Yahoo! protocol to prevent a double free, crashes
+  on aliases, and alias functionality.
+  * Fix crashes in the bonjour protocol.
+  * Always use UTF-8 for Yahoo! (needed for Yahoo! Japan)
+  * Fix a crash when the given jabber id is invalid.
+  * Make the IRC "unknown message" debugging messages UTF-8 safe.
+  * Fix connecting to ICQ.
+  * Fix a memleak when handling jabber xforms.
+  * Various memory leak fixes.
+  * Fix MSN malformed SLP message integer overflow (bnc#406416,
+  CVE-2008-2927, RedHat#453764)
+- Fix of MSN file transfer failed receiver file open DoS
+  (bnc#404163, pidgin#6246, CVE-2008-2955, BUGTRAQ:20080626 Pidgin
+  2.4.1 Vulnerability, FRSIRT:ADV-2008-1947, SECUNIA:30881)
 * Mon Jun 30 2008 maw@suse.de
 - Update to version 2.4.2:
   + Usability imprvements in typing notification, buddy icon, and