May we have a freeze exception for telepathy-haze 0.2.0-2, once it's had its
10 days in unstable? The package has priority:optional, and this upload fixes
two bugs of severity:important.
The diff since 0.2.0-1 (in lenny) is that I've added backported patches
supplied by the upstream author to fix two important-severity bugs:
* #495199: haze sometimes accesses already-freed memory and crashes after a
connection error, most commonly a wrong password
* #495201: haze causes an assertion failure in libpurple if the 'server'
parameter is empty or contains a space
(I also added myself to Uploaders to do the upload - I'm a member of the
maintenance team, I just hadn't uploaded this particular package before.)
Thanks,
Simon
pkg-telepathy
diffstat for telepathy-haze_0.2.0-1 telepathy-haze_0.2.0-2
debian/patches/01-495199-fix-segfault-on-connection-error.diff | 88 ++++++++++
debian/patches/02-495201-fix-crash-on-empty-server-string.diff | 59 ++++++
telepathy-haze-0.2.0/debian/changelog | 11 +
telepathy-haze-0.2.0/debian/control | 2
4 files changed, 159 insertions(+), 1 deletion(-)
diff -u telepathy-haze-0.2.0/debian/changelog telepathy-haze-0.2.0/debian/changelog
--- telepathy-haze-0.2.0/debian/changelog
+++ telepathy-haze-0.2.0/debian/changelog
@@ -1,3 +1,14 @@
+telepathy-haze (0.2.0-2) unstable; urgency=low
+
+ * Add patch from upstream to fix potential crash after a connection
+ error (e.g. bad password) (closes: #495199, severity important)
+ * Add patch from upstream to avoid assertion failure in libpurple if the
+ user supplies an empty server parameter or one containing spaces
+ (closes: #495201, severity important)
+ * Add myself to Uploaders
+
+ -- Simon McVittie <smcv@debian.org> Mon, 18 Aug 2008 19:00:55 +0100
+
telepathy-haze (0.2.0-1) unstable; urgency=low
* New upstream release
diff -u telepathy-haze-0.2.0/debian/control telepathy-haze-0.2.0/debian/control
--- telepathy-haze-0.2.0/debian/control
+++ telepathy-haze-0.2.0/debian/control
@@ -2,7 +2,7 @@
Section: net
Priority: optional
Maintainer: Debian Telepathy maintainers <pkg-telepathy-maintainers@lists.alioth.debian.org>
-Uploaders: Laurent Bigonville <bigon@bigon.be>
+Uploaders: Laurent Bigonville <bigon@bigon.be>, Simon McVittie <smcv@debian.org>
Build-Depends: cdbs,
debhelper (>= 5),
pkg-config (>= 0.9.0),
only in patch2:
unchanged:
--- telepathy-haze-0.2.0.orig/debian/patches/02-495201-fix-crash-on-empty-server-string.diff
+++ telepathy-haze-0.2.0/debian/patches/02-495201-fix-crash-on-empty-server-string.diff
@@ -0,0 +1,59 @@
+commit 53835d7664c07173a444996d9fe47a6a2306de88
+Author: Will Thompson <will.thompson@collabora.co.uk>
+Date: Sun Feb 17 12:40:14 2008 +0000
+
+ Reject server parameters which are blank or contain spaces
+
+
+ 20080217124014-9f02e-844ab52f25f64993d1603863c356f07b2b4e2a1f.gz
+---
+ src/connection-manager.c | 29 +++++++++++++++++++++++++++++
+ 1 files changed, 29 insertions(+), 0 deletions(-)
+
+diff --git a/src/connection-manager.c b/src/connection-manager.c
+index 3072b50..c240db2 100644
+--- a/src/connection-manager.c
++++ b/src/connection-manager.c
+@@ -104,6 +104,32 @@ _haze_cm_set_param (const TpCMParamSpec *paramspec,
+ g_hash_table_insert (params, prpl_param_name, value_copy);
+ }
+
++static gboolean
++_param_filter_no_blanks (const TpCMParamSpec *paramspec,
++ GValue *value,
++ GError **error)
++{
++ const gchar *str = g_value_get_string (value);
++
++ if (*str == '\0')
++ {
++ g_set_error (error, TP_ERRORS, TP_ERROR_INVALID_ARGUMENT,
++ "Account parameter '%s' must not be empty",
++ paramspec->name);
++ return FALSE;
++ }
++
++ if (strstr (str, " ") != NULL)
++ {
++ g_set_error (error, TP_ERRORS, TP_ERROR_INVALID_ARGUMENT,
++ "Account parameter '%s' may not contain spaces",
++ paramspec->name);
++ return FALSE;
++ }
++
++ return TRUE;
++}
++
+ /* Populates a TpCMParamSpec from a PurpleAccountOption, possibly renaming the
+ * parameter as specified in parameter_map. paramspec is assumed to be zeroed out.
+ * Returns TRUE on success, and FALSE if paramspec could not be populated (and
+@@ -179,6 +205,9 @@ _translate_protocol_option (PurpleAccountOption *option,
+ return FALSE;
+ }
+
++ if (g_str_equal (paramspec->name, "server"))
++ paramspec->filter = _param_filter_no_blanks;
++
+ return TRUE;
+ }
+
only in patch2:
unchanged:
--- telepathy-haze-0.2.0.orig/debian/patches/01-495199-fix-segfault-on-connection-error.diff
+++ telepathy-haze-0.2.0/debian/patches/01-495199-fix-segfault-on-connection-error.diff
@@ -0,0 +1,88 @@
+commit 41a82cc4e33b646630203223c204ace8ae1d9f49
+Author: Will Thompson <will.thompson@collabora.co.uk>
+Date: Thu Aug 14 11:37:38 2008 +0100
+
+ Keep track of whether purple_account_disconnect needs to be called.
+
+ This fixes #14933. When libpurple reports a connection error, it
+ schedules an idle callback for purple_account_disconnect. Haze's
+ implementation of TpBaseConnection->shut_down checked
+ PurpleAccount->disconnecting before calling purple_account_disconnect,
+ but that flag is only set once purple_account_disconnect is actually
+ called. So purple_account_disconnect would be called twice, and if you
+ got unlucky the account have been freed before the second call, causing
+ catastrophe.
+---
+ src/connection.c | 24 +++++++++++++++++++++++-
+ 1 files changed, 23 insertions(+), 1 deletions(-)
+
+diff --git a/src/connection.c b/src/connection.c
+index 14a1051..c0863e1 100644
+--- a/src/connection.c
++++ b/src/connection.c
+@@ -63,6 +63,11 @@ typedef struct _HazeConnectionPrivate
+
+ HazeProtocolInfo *protocol_info;
+
++ /* Set if purple_account_disconnect has been called or is scheduled to be
++ * called, so should not be called again.
++ */
++ gboolean disconnecting;
++
+ gboolean dispose_has_run;
+ } HazeConnectionPrivate;
+
+@@ -115,10 +120,17 @@ haze_report_disconnect_reason (PurpleConnection *gc,
+ const char *text)
+ {
+ PurpleAccount *account = purple_connection_get_account (gc);
++ HazeConnection *conn = ACCOUNT_GET_HAZE_CONNECTION (account);
++ HazeConnectionPrivate *priv = HAZE_CONNECTION_GET_PRIVATE (conn);
+ TpBaseConnection *base_conn = ACCOUNT_GET_TP_BASE_CONNECTION (account);
+
+ TpConnectionStatusReason tp_reason;
+
++ /* When a connection error is reported by libpurple, an idle callback to
++ * purple_account_disconnect is added.
++ */
++ priv->disconnecting = TRUE;
++
+ switch (reason)
+ {
+ case PURPLE_CONNECTION_ERROR_NETWORK_ERROR:
+@@ -196,8 +208,12 @@ void
+ disconnected_cb (PurpleConnection *pc)
+ {
+ PurpleAccount *account = purple_connection_get_account (pc);
++ HazeConnection *conn = ACCOUNT_GET_HAZE_CONNECTION (account);
++ HazeConnectionPrivate *priv = HAZE_CONNECTION_GET_PRIVATE (conn);
+ TpBaseConnection *base_conn = ACCOUNT_GET_TP_BASE_CONNECTION (account);
+
++ priv->disconnecting = TRUE;
++
+ if(base_conn->status != TP_CONNECTION_STATUS_DISCONNECTED)
+ {
+ tp_base_connection_change_status (base_conn,
+@@ -326,8 +342,12 @@ static void
+ _haze_connection_shut_down (TpBaseConnection *base)
+ {
+ HazeConnection *self = HAZE_CONNECTION(base);
+- if(!self->account->disconnecting)
++ HazeConnectionPrivate *priv = HAZE_CONNECTION_GET_PRIVATE (self);
++ if(!priv->disconnecting)
++ {
++ priv->disconnecting = TRUE;
+ purple_account_disconnect(self->account);
++ }
+ }
+
+ /* Must be in the same order as HazeListHandle in connection.h */
+@@ -452,6 +472,8 @@ haze_connection_constructor (GType type,
+
+ priv->dispose_has_run = FALSE;
+
++ priv->disconnecting = FALSE;
++
+ _create_account (self);
+
+ return (GObject *)self;
Attachment:
signature.asc
Description: Digital signature