May we have a freeze exception for telepathy-haze 0.2.0-2, once it's had its 10 days in unstable? The package has priority:optional, and this upload fixes two bugs of severity:important. The diff since 0.2.0-1 (in lenny) is that I've added backported patches supplied by the upstream author to fix two important-severity bugs: * #495199: haze sometimes accesses already-freed memory and crashes after a connection error, most commonly a wrong password * #495201: haze causes an assertion failure in libpurple if the 'server' parameter is empty or contains a space (I also added myself to Uploaders to do the upload - I'm a member of the maintenance team, I just hadn't uploaded this particular package before.) Thanks, Simon pkg-telepathy diffstat for telepathy-haze_0.2.0-1 telepathy-haze_0.2.0-2 debian/patches/01-495199-fix-segfault-on-connection-error.diff | 88 ++++++++++ debian/patches/02-495201-fix-crash-on-empty-server-string.diff | 59 ++++++ telepathy-haze-0.2.0/debian/changelog | 11 + telepathy-haze-0.2.0/debian/control | 2 4 files changed, 159 insertions(+), 1 deletion(-) diff -u telepathy-haze-0.2.0/debian/changelog telepathy-haze-0.2.0/debian/changelog --- telepathy-haze-0.2.0/debian/changelog +++ telepathy-haze-0.2.0/debian/changelog @@ -1,3 +1,14 @@ +telepathy-haze (0.2.0-2) unstable; urgency=low + + * Add patch from upstream to fix potential crash after a connection + error (e.g. bad password) (closes: #495199, severity important) + * Add patch from upstream to avoid assertion failure in libpurple if the + user supplies an empty server parameter or one containing spaces + (closes: #495201, severity important) + * Add myself to Uploaders + + -- Simon McVittie <smcv@debian.org> Mon, 18 Aug 2008 19:00:55 +0100 + telepathy-haze (0.2.0-1) unstable; urgency=low * New upstream release diff -u telepathy-haze-0.2.0/debian/control telepathy-haze-0.2.0/debian/control --- telepathy-haze-0.2.0/debian/control +++ telepathy-haze-0.2.0/debian/control @@ -2,7 +2,7 @@ Section: net Priority: optional Maintainer: Debian Telepathy maintainers <pkg-telepathy-maintainers@lists.alioth.debian.org> -Uploaders: Laurent Bigonville <bigon@bigon.be> +Uploaders: Laurent Bigonville <bigon@bigon.be>, Simon McVittie <smcv@debian.org> Build-Depends: cdbs, debhelper (>= 5), pkg-config (>= 0.9.0), only in patch2: unchanged: --- telepathy-haze-0.2.0.orig/debian/patches/02-495201-fix-crash-on-empty-server-string.diff +++ telepathy-haze-0.2.0/debian/patches/02-495201-fix-crash-on-empty-server-string.diff @@ -0,0 +1,59 @@ +commit 53835d7664c07173a444996d9fe47a6a2306de88 +Author: Will Thompson <will.thompson@collabora.co.uk> +Date: Sun Feb 17 12:40:14 2008 +0000 + + Reject server parameters which are blank or contain spaces + + + 20080217124014-9f02e-844ab52f25f64993d1603863c356f07b2b4e2a1f.gz +--- + src/connection-manager.c | 29 +++++++++++++++++++++++++++++ + 1 files changed, 29 insertions(+), 0 deletions(-) + +diff --git a/src/connection-manager.c b/src/connection-manager.c +index 3072b50..c240db2 100644 +--- a/src/connection-manager.c ++++ b/src/connection-manager.c +@@ -104,6 +104,32 @@ _haze_cm_set_param (const TpCMParamSpec *paramspec, + g_hash_table_insert (params, prpl_param_name, value_copy); + } + ++static gboolean ++_param_filter_no_blanks (const TpCMParamSpec *paramspec, ++ GValue *value, ++ GError **error) ++{ ++ const gchar *str = g_value_get_string (value); ++ ++ if (*str == '\0') ++ { ++ g_set_error (error, TP_ERRORS, TP_ERROR_INVALID_ARGUMENT, ++ "Account parameter '%s' must not be empty", ++ paramspec->name); ++ return FALSE; ++ } ++ ++ if (strstr (str, " ") != NULL) ++ { ++ g_set_error (error, TP_ERRORS, TP_ERROR_INVALID_ARGUMENT, ++ "Account parameter '%s' may not contain spaces", ++ paramspec->name); ++ return FALSE; ++ } ++ ++ return TRUE; ++} ++ + /* Populates a TpCMParamSpec from a PurpleAccountOption, possibly renaming the + * parameter as specified in parameter_map. paramspec is assumed to be zeroed out. + * Returns TRUE on success, and FALSE if paramspec could not be populated (and +@@ -179,6 +205,9 @@ _translate_protocol_option (PurpleAccountOption *option, + return FALSE; + } + ++ if (g_str_equal (paramspec->name, "server")) ++ paramspec->filter = _param_filter_no_blanks; ++ + return TRUE; + } + only in patch2: unchanged: --- telepathy-haze-0.2.0.orig/debian/patches/01-495199-fix-segfault-on-connection-error.diff +++ telepathy-haze-0.2.0/debian/patches/01-495199-fix-segfault-on-connection-error.diff @@ -0,0 +1,88 @@ +commit 41a82cc4e33b646630203223c204ace8ae1d9f49 +Author: Will Thompson <will.thompson@collabora.co.uk> +Date: Thu Aug 14 11:37:38 2008 +0100 + + Keep track of whether purple_account_disconnect needs to be called. + + This fixes #14933. When libpurple reports a connection error, it + schedules an idle callback for purple_account_disconnect. Haze's + implementation of TpBaseConnection->shut_down checked + PurpleAccount->disconnecting before calling purple_account_disconnect, + but that flag is only set once purple_account_disconnect is actually + called. So purple_account_disconnect would be called twice, and if you + got unlucky the account have been freed before the second call, causing + catastrophe. +--- + src/connection.c | 24 +++++++++++++++++++++++- + 1 files changed, 23 insertions(+), 1 deletions(-) + +diff --git a/src/connection.c b/src/connection.c +index 14a1051..c0863e1 100644 +--- a/src/connection.c ++++ b/src/connection.c +@@ -63,6 +63,11 @@ typedef struct _HazeConnectionPrivate + + HazeProtocolInfo *protocol_info; + ++ /* Set if purple_account_disconnect has been called or is scheduled to be ++ * called, so should not be called again. ++ */ ++ gboolean disconnecting; ++ + gboolean dispose_has_run; + } HazeConnectionPrivate; + +@@ -115,10 +120,17 @@ haze_report_disconnect_reason (PurpleConnection *gc, + const char *text) + { + PurpleAccount *account = purple_connection_get_account (gc); ++ HazeConnection *conn = ACCOUNT_GET_HAZE_CONNECTION (account); ++ HazeConnectionPrivate *priv = HAZE_CONNECTION_GET_PRIVATE (conn); + TpBaseConnection *base_conn = ACCOUNT_GET_TP_BASE_CONNECTION (account); + + TpConnectionStatusReason tp_reason; + ++ /* When a connection error is reported by libpurple, an idle callback to ++ * purple_account_disconnect is added. ++ */ ++ priv->disconnecting = TRUE; ++ + switch (reason) + { + case PURPLE_CONNECTION_ERROR_NETWORK_ERROR: +@@ -196,8 +208,12 @@ void + disconnected_cb (PurpleConnection *pc) + { + PurpleAccount *account = purple_connection_get_account (pc); ++ HazeConnection *conn = ACCOUNT_GET_HAZE_CONNECTION (account); ++ HazeConnectionPrivate *priv = HAZE_CONNECTION_GET_PRIVATE (conn); + TpBaseConnection *base_conn = ACCOUNT_GET_TP_BASE_CONNECTION (account); + ++ priv->disconnecting = TRUE; ++ + if(base_conn->status != TP_CONNECTION_STATUS_DISCONNECTED) + { + tp_base_connection_change_status (base_conn, +@@ -326,8 +342,12 @@ static void + _haze_connection_shut_down (TpBaseConnection *base) + { + HazeConnection *self = HAZE_CONNECTION(base); +- if(!self->account->disconnecting) ++ HazeConnectionPrivate *priv = HAZE_CONNECTION_GET_PRIVATE (self); ++ if(!priv->disconnecting) ++ { ++ priv->disconnecting = TRUE; + purple_account_disconnect(self->account); ++ } + } + + /* Must be in the same order as HazeListHandle in connection.h */ +@@ -452,6 +472,8 @@ haze_connection_constructor (GType type, + + priv->dispose_has_run = FALSE; + ++ priv->disconnecting = FALSE; ++ + _create_account (self); + + return (GObject *)self;
Attachment:
signature.asc
Description: Digital signature