moved patches from sec team

pidgin-CVE-2012-2214.patch

@@ -0,0 +1,75 @@
+#
+#
+# patch "libpurple/proxy.c"
+#  from [2a1922d6f3744bc61c81543909324d38d741948f]
+#    to [df78b061b3bc73de02f1a4ad29357497322aaf89]
+#
+============================================================
+--- libpurple/proxy.c	2a1922d6f3744bc61c81543909324d38d741948f
++++ libpurple/proxy.c	df78b061b3bc73de02f1a4ad29357497322aaf89
+@@ -59,6 +59,8 @@ struct _PurpleProxyConnectData {
+ 	 */
+ 	GSList *hosts;
+
++	PurpleProxyConnectData *child;
++
+ 	/*
+ 	 * All of the following variables are used when establishing a
+ 	 * connection through a proxy.
+@@ -559,6 +561,12 @@ purple_proxy_connect_data_disconnect(Pur
+ static void
+ purple_proxy_connect_data_disconnect(PurpleProxyConnectData *connect_data, const gchar *error_message)
+ {
++	if (connect_data->child != NULL)
++	{
++		purple_proxy_connect_cancel(connect_data->child);
++		connect_data->child = NULL;
++	}
++
+ 	if (connect_data->inpa > 0)
+ 	{
+ 		purple_input_remove(connect_data->inpa);
+@@ -2417,13 +2425,20 @@ static void socks5_connected_to_proxy(gp
+ 	/* This is the PurpleProxyConnectData for the overall SOCKS5 connection */
+ 	PurpleProxyConnectData *connect_data = data;
+
++	purple_debug_error("proxy", "Connect Data is %p\n", connect_data);
++
+ 	/* Check that the overall SOCKS5 connection wasn't cancelled while we were
+ 	 * connecting to it (we don't have a way of associating the process of
+ 	 * connecting to the SOCKS5 server to the overall PurpleProxyConnectData)
+ 	 */
+-	if (!PURPLE_PROXY_CONNECT_DATA_IS_VALID(connect_data))
++	if (!PURPLE_PROXY_CONNECT_DATA_IS_VALID(connect_data)) {
++		purple_debug_error("proxy", "Data had gone out of scope :(\n");
+ 		return;
++	}
+
++	/* Break the link between the two PurpleProxyConnectDatas  */
++	connect_data->child = NULL;
++
+ 	if (error_message != NULL) {
+ 		purple_debug_error("proxy", "Unable to connect to SOCKS5 host.\n");
+ 		connect_data->connect_cb(connect_data->data, source, error_message);
+@@ -2486,10 +2501,7 @@ purple_proxy_connect_socks5_account(void
+ 		return NULL;
+ 	}
+
+-	/* The API doesn't really provide us with a way to cancel the specific
+-	 * proxy connection attempt (account_proxy_conn_data) when the overall
+-	 * SOCKS5 connection (connect_data) attempt is cancelled :(
+-	 */
++	connect_data->child = account_proxy_conn_data;
+
+ 	handles = g_slist_prepend(handles, connect_data);
+
+@@ -2499,6 +2511,8 @@ purple_proxy_connect_cancel(PurpleProxyC
+ void
+ purple_proxy_connect_cancel(PurpleProxyConnectData *connect_data)
+ {
++	g_return_if_fail(connect_data != NULL);
++
+ 	purple_proxy_connect_data_disconnect(connect_data, NULL);
+ 	purple_proxy_connect_data_destroy(connect_data);
+ }
+

pidgin-CVE-2012-2318.patch

@@ -0,0 +1,64 @@
+#
+#
+# patch "libpurple/protocols/msn/msg.c"
+#  from [94fe3963ccab9a56f0311277c241efbc0242a4d6]
+#    to [417ae5cb2f85d578b7e00fcb9c450dad1171c499]
+#
+============================================================
+--- libpurple/protocols/msn/msg.c	94fe3963ccab9a56f0311277c241efbc0242a4d6
++++ libpurple/protocols/msn/msg.c	417ae5cb2f85d578b7e00fcb9c450dad1171c499
+@@ -257,13 +257,47 @@ msn_message_parse_payload(MsnMessage *ms
+ 		msg->body[msg->body_len] = '\0';
+ 	}
+
+-	if ((!content_type || !strcmp(content_type, "text/plain"))
+-			&& msg->charset == NULL) {
+-		char *body = g_convert(msg->body, msg->body_len, "UTF-8",
+-				"ISO-8859-1", NULL, &msg->body_len, NULL);
+-		g_free(msg->body);
+-		msg->body = body;
+-		msg->charset = g_strdup("UTF-8");
++	if (msg->body && content_type && purple_str_has_prefix(content_type, "text/")) {
++		char *body = NULL;
++
++		if (msg->charset == NULL || g_str_equal(msg->charset, "UTF-8")) {
++			/* Charset is UTF-8 */
++			if (!g_utf8_validate(msg->body, msg->body_len, NULL)) {
++				purple_debug_warning("msn", "Message contains invalid "
++						"UTF-8. Attempting to salvage.\n");
++				body = purple_utf8_salvage(msg->body);
++				payload_len = strlen(body);
++			}
++		} else {
++			/* Charset is something other than UTF-8 */
++			GError *err = NULL;
++			body = g_convert(msg->body, msg->body_len, "UTF-8",
++					msg->charset, NULL, &payload_len, &err);
++			if (!body || err) {
++				purple_debug_warning("msn", "Unable to convert message from "
++						"%s to UTF-8: %s\n", msg->charset,
++						err ? err->message : "Unknown error");
++				if (err)
++					g_error_free(err);
++
++				/* Fallback to ISO-8859-1 */
++				g_free(body);
++				body = g_convert(msg->body, msg->body_len, "UTF-8",
++						"ISO-8859-1", NULL, &payload_len, NULL);
++				if (!body) {
++					g_free(msg->body);
++					msg->body = NULL;
++					msg->body_len = 0;
++				}
++			}
++		}
++
++		if (body) {
++			g_free(msg->body);
++			msg->body = body;
++			msg->body_len = payload_len;
++			msn_message_set_charset(msg, "UTF-8");
++		}
+ 	}
+
+ 	g_free(tmp_base);

pidgin.spec

@@ -1,9 +1,9 @@
 %if %mandriva_branch == Cooker
 # Cooker
-%define release %mkrel 1
+%define release %mkrel 2
 %else
 # Old distros
-%define subrel 1
+%define subrel 2
 %define release %mkrel 0
 %endif
 
@@ -69,6 +69,9 @@ Patch6:		pidgin-2.7.0-mono-build.patch
 Patch111:	%{name}-2.8.0-reread-resolvconf.patch
 Patch115:	%{name}-2.10.0-gg-search-by-uin.patch
 Patch116:	%{name}-2.8.0-gg-disconnect.patch
+
+Patch200:	%{name}-CVE-2012-2214.patch
+Patch201:	%{name}-CVE-2012-2318.patch
 BuildRequires:	automake
 BuildRequires:	intltool
 BuildRequires:	autoconf
@@ -326,6 +329,8 @@ This package contains translation files for Pidgin/Finch.
 %patch111 -p1 -b .reread-resolvconf
 %patch115 -p1 -b .gg-search
 %patch116 -p1
+%patch200 -p0
+%patch201 -p0
 
 %build
 autoreconf -fi -Im4macros
@@ -556,6 +561,9 @@ rm -rf %{buildroot}
 
 
 %changelog
+* Wed May 30 2012 Danil Leontiev  <danila.leontiev@rosalab.ru> 2.10.2-0.2
+- Added patches for CVE-2012-2214, CVE-2012-2318
+
 * Thu Mar 15 2012 Oden Eriksson <oeriksson@mandriva.com> 2.10.2-0.1
 - 2.10.2