pidgin/pidgin

certificate: Use SHA256 fingerprints instead of SHA1
release-2.x.y
2017-03-06, dx
b3d0ba7c75f6
certificate: Use SHA256 fingerprints instead of SHA1

This meant adding a get_fingerprint_sha256 function to the certificate scheme
structs, which meant adding a struct_size member because we ran out of reserved
members there.

The API-facing purple_certificate_get_fingerprint_sha256() has a fallback
parameter to use sha1 if the SSL plugin doesn't implement this function
(probably an outdated installation, or a third party SSL plugin). When using
the function for display purposes, the fallback is disabled and it returns
NULL, but when using it to compare certificates it's better to have at least
the SHA1.

In functions like purple_certificate_display_x509(), some slight changes to
translatable strings would have been required. Since we're in a string freeze
right now, I avoided those by concatenating a language-neutral "SHA256: %s" at
the end of those messages. The SHA1 line used the word "fingerprint" but we
can't reuse that translation. This should be cleaned up after the release.
# Makefile.mingw
#
# Author: hermanator12002@yahoo.com
# Date 9/11/02
# Description: Top Makefile for win32 (mingw) port of Pidgin and libpurple
#
PIDGIN_TREE_TOP := .
include $(PIDGIN_TREE_TOP)/libpurple/win32/global.mak
# Generate a X.X.X.X version for the installer file versioning header
# The last digit will be 99 for a final release, 0 for dev or unknown, or the beta number
PIDGIN_PRODUCT_VERSION = $(shell \
awk 'BEGIN {FS="."} { \
if (int($$3) == $$3) { \
$$4 = "99"; \
} else { \
$$5 = $$3; \
sub(int($$3), "", $$5); \
if ($$5 == "dev") { \
$$4 = "0"; \
} else { \
if (sub("beta", "", $$5) > 0) { \
$$4 = $$5; \
} else { \
$$4 = "0"; \
} \
} \
} \
printf("%s.%s.%s.%s", $$1, $$2, int($$3), $$4); \
exit; \
}' VERSION)
GTK_INSTALL_VERSION = 2.16.6.3
ifdef SIGNTOOL
authenticode_sign = $(SIGNTOOL) sign \
/fd SHA256 \
/f "$(SIGNTOOL_PFX)" /p "$(SIGNTOOL_PASSWORD)" \
/d $(2) /du "https://pidgin.im" \
/tr "http://timestamp.comodoca.com/rfc3161" /td SHA256 \
$(1)
else
authenticode_sign = $(MONO_SIGNCODE) \
-spc "$(SIGNCODE_SPC)" -v "$(SIGNCODE_PVK)" \
-a sha1 -$$ commercial \
-n "$(2)" -i "https://pidgin.im" \
-t "http://timestamp.verisign.com/scripts/timstamp.dll" -tr 10 \
$(1) && rm -f $(1).bak
endif
gpg_sign = $(GPG_SIGN) -ab $(1) && $(GPG_SIGN) --verify $(1).asc
STRIPPED_RELEASE_DIR = $(PIDGIN_TREE_TOP)/pidgin-$(PIDGIN_VERSION)-win32bin
DEBUG_SYMBOLS_DIR = $(PIDGIN_TREE_TOP)/pidgin-$(PIDGIN_VERSION)-dbgsym
PIDGIN_INST_DEP_DIR="$(WIN32_DEV_TOP)/pidgin-inst-deps-20130214"
# Any *.dll or *.exe files included in win32-install-dir that we don't compile
# should be included in this list so they don't get stripped
EXTERNAL_DLLS = \
exchndl.dll \
freebl3.dll \
libenchant.dll \
libenchant_ispell.dll \
libenchant_myspell.dll \
libgtkspell-0.dll \
libmeanwhile-1.dll \
libnspr4.dll \
libplc4.dll \
libplds4.dll \
libssp-0.dll \
nss3.dll \
nssutil3.dll \
smime3.dll \
softokn3.dll \
sqlite3.dll \
ssl3.dll
#build an expression for `find` to use to ignore the above files
EXTERNAL_DLLS_FIND_EXP = $(patsubst %,-o -name %,$(EXTERNAL_DLLS))
include $(PIDGIN_COMMON_RULES)
.PHONY: all docs install installer installer_offline installer_zip debug_symbols_zip installers clean uninstall create_release_install_dir generate_installer_includes $(PIDGIN_REVISION_H) $(PIDGIN_REVISION_RAW_TXT) gtk_runtime_zip
all: $(PIDGIN_CONFIG_H) $(PIDGIN_REVISION_H)
$(MAKE) -C $(PURPLE_TOP) -f $(MINGW_MAKEFILE)
$(MAKE) -C $(PIDGIN_TOP) -f $(MINGW_MAKEFILE)
ifndef DISABLE_NLS
$(MAKE) -C $(PURPLE_PO_TOP) -f $(MINGW_MAKEFILE)
endif
install: all $(PIDGIN_INSTALL_DIR)
$(MAKE) -C $(PURPLE_TOP) -f $(MINGW_MAKEFILE) install
$(MAKE) -C $(PIDGIN_TOP) -f $(MINGW_MAKEFILE) install
ifndef DISABLE_NLS
$(MAKE) -C $(PURPLE_PO_TOP) -f $(MINGW_MAKEFILE) install
endif
$(MAKE) -C share/ca-certs -f $(MINGW_MAKEFILE) install
$(MAKE) -C share/sounds -f $(MINGW_MAKEFILE) install
mkdir -p $(PIDGIN_INSTALL_DIR)/spellcheck/lib/enchant
cp $(GTKSPELL_TOP)/bin/libgtkspell-0.dll $(PIDGIN_INSTALL_DIR)/spellcheck
cp $(ENCHANT_TOP)/bin/libenchant.dll $(PIDGIN_INSTALL_DIR)/spellcheck
cp -R $(ENCHANT_TOP)/lib/enchant/*.dll $(PIDGIN_INSTALL_DIR)/spellcheck/lib/enchant
cp $(PIDGIN_INST_DEP_DIR)/exchndl.dll $(PIDGIN_INSTALL_DIR)
cp $(GCC_SSP_TOP)/libssp-0.dll $(PIDGIN_INSTALL_DIR)
gtk_runtime_zip:
pidgin/win32/nsis/generate_gtk_zip.sh "`pwd`" "$(GPG_SIGN)"
generate_installer_includes: create_release_install_dir gtk_runtime_zip debug_symbols_zip $(PIDGIN_TREE_TOP)/pidgin/win32/nsis/nsis_translations.desktop
rm -f pidgin/win32/nsis/pidgin-translations.nsh pidgin/win32/nsis/pidgin-spellcheck.nsh pidgin/win32/nsis/pidgin-spellcheck-preselect.nsh
find $(STRIPPED_RELEASE_DIR)/locale -maxdepth 1 -mindepth 1 \
-exec basename {} ';' \
| LC_ALL=C sort | sed -e s/^/\!insertmacro\ LANG_SECTION\ \"/ -e s/$$/\"/ \
> pidgin/win32/nsis/pidgin-translations.nsh
#Convert the available.lst lines to "!insertmacro SPELLCHECK_SECTION lang lang_name lang_file"
sed -e "/^#/d" -e "s/^[^,]\{1,\},[^,]\{1,\},/\"/" \
-e "s/,/\"\ \"/" -e "s/,/\"\ \"/" -e "s/[\ \t]*$$/\"/" \
-e "s/^/\!insertmacro\ SPELLCHECK_SECTION\ /" \
pidgin/win32/nsis/available.lst \
> pidgin/win32/nsis/pidgin-spellcheck.nsh
#Convert the lines to "!insertmacro CHECK_SPELLCHECK_SECTION lang"
iconv -f latin1 -t utf-8 pidgin/win32/nsis/pidgin-spellcheck.nsh | \
sed -e "s/SPELLCHECK_SECTION/CHECK_SPELLCHECK_SECTION/" \
-e "s/ \"[^\"]*\"\ \"[^\"]*\"[\t\ ]*$$//" | \
iconv -f utf-8 -t latin1 \
> pidgin/win32/nsis/pidgin-spellcheck-preselect.nsh
#Generate the Installer translations
echo "!define GCOMPRIS_NSIS_INCLUDE_PATH \".\"" > $(PIDGIN_TREE_TOP)/pidgin/win32/nsis/langmacros.nsh
echo "@INSERT_TRANSLATIONS@" >> $(PIDGIN_TREE_TOP)/pidgin/win32/nsis/langmacros.nsh
$(PERL) $(PIDGIN_TREE_TOP)/pidgin/win32/nsis/create_nsis_translations.pl \
$(PIDGIN_TREE_TOP)/pidgin/win32/nsis/nsis_translations.desktop \
$(PIDGIN_TREE_TOP)/pidgin/win32/nsis/langmacros.nsh \
$(PIDGIN_TREE_TOP)/pidgin/win32/nsis/translations
create_release_install_dir: install
rm -rf $(STRIPPED_RELEASE_DIR)
mkdir $(STRIPPED_RELEASE_DIR)
tar -cf - $(PIDGIN_INSTALL_DIR) --exclude=Gtk --exclude=spellcheck/share \
| tar --strip 2 -xC $(STRIPPED_RELEASE_DIR) -f -
find $(STRIPPED_RELEASE_DIR) \( -name '*.dll' -o -name '*.exe' \) \
-not \( -false $(EXTERNAL_DLLS_FIND_EXP) \) \
-exec $(STRIP) --strip-unneeded {} ';'
$(call authenticode_sign, $(STRIPPED_RELEASE_DIR)/pidgin.exe, "Pidgin $(PIDGIN_VERSION)")
installer: generate_installer_includes
$(eval $@_DEBUG_SYMBOLS_SHA1SUM := $(shell sha1sum $(DEBUG_SYMBOLS_DIR).zip | sed -e "s/\ .*$$//"))
$(eval $@_GTK_SHA1SUM := $(shell sha1sum pidgin/win32/nsis/gtk-runtime-$(GTK_INSTALL_VERSION).zip | sed -e "s/\ .*$$//"))
$(MAKENSIS) -V3 -DPIDGIN_VERSION="$(PIDGIN_VERSION)" -DPIDGIN_PRODUCT_VERSION="$(PIDGIN_PRODUCT_VERSION)" \
-DPIDGIN_INSTALL_DIR="$(STRIPPED_RELEASE_DIR)" -DGTK_INSTALL_VERSION="$(GTK_INSTALL_VERSION)" \
-DDEBUG_SYMBOLS_SHA1SUM="$($@_DEBUG_SYMBOLS_SHA1SUM)" -DGTK_SHA1SUM="$($@_GTK_SHA1SUM)"\
pidgin/win32/nsis/pidgin-installer.nsi
$(call authenticode_sign, pidgin/win32/nsis/pidgin-$(PIDGIN_VERSION).exe, "Pidgin Installer")
mv pidgin/win32/nsis/pidgin-$(PIDGIN_VERSION).exe ./
$(call gpg_sign, pidgin-$(PIDGIN_VERSION).exe)
installer_offline: generate_installer_includes
$(MAKENSIS) -V3 -DPIDGIN_VERSION="$(PIDGIN_VERSION)" -DPIDGIN_PRODUCT_VERSION="$(PIDGIN_PRODUCT_VERSION)" \
-DPIDGIN_INSTALL_DIR="$(STRIPPED_RELEASE_DIR)" -DGTK_INSTALL_VERSION="$(GTK_INSTALL_VERSION)" \
-DOFFLINE_INSTALLER \
pidgin/win32/nsis/pidgin-installer.nsi
$(call authenticode_sign, pidgin/win32/nsis/pidgin-$(PIDGIN_VERSION)-offline.exe, "Pidgin Installer")
mv pidgin/win32/nsis/pidgin-$(PIDGIN_VERSION)-offline.exe ./
$(call gpg_sign, pidgin-$(PIDGIN_VERSION)-offline.exe)
installer_zip: create_release_install_dir
rm -f pidgin-$(PIDGIN_VERSION)-win32-bin.zip
zip -9 -r pidgin-$(PIDGIN_VERSION)-win32-bin.zip $(STRIPPED_RELEASE_DIR)
$(call gpg_sign, pidgin-$(PIDGIN_VERSION)-win32-bin.zip)
debug_symbols_zip: install
rm -rf $(DEBUG_SYMBOLS_DIR) $(DEBUG_SYMBOLS_DIR).zip
mkdir $(DEBUG_SYMBOLS_DIR)
tar -cf - `find $(PIDGIN_INSTALL_DIR) \( -name '*.dll' -o -name '*.exe' \) \
-not \( -false $(EXTERNAL_DLLS_FIND_EXP) \) -print` \
| tar --strip 2 --xform s/$$/.dbgsym/ -xC $(DEBUG_SYMBOLS_DIR) -f -
cp $(MEANWHILE_TOP)/bin/libmeanwhile-1.dll.unstripped $(DEBUG_SYMBOLS_DIR)/libmeanwhile-1.dll.dbgsym
zip -9 -r $(DEBUG_SYMBOLS_DIR).zip $(DEBUG_SYMBOLS_DIR)
$(call gpg_sign, $(DEBUG_SYMBOLS_DIR).zip)
installers: installer installer_offline debug_symbols_zip installer_zip
Doxyfile.mingw: Doxyfile.in
sed -e "s/@PACKAGE@/pidgin/" -e "s/@VERSION@/$(PIDGIN_VERSION)/" -e "s/@top_srcdir@/$(PIDGIN_TREE_TOP)/g" -e "s/@enable_dot@/NO/" $< > $@
docs: Doxyfile.mingw
@echo "Running doxygen..."
@doxygen Doxyfile.mingw
clean:
$(MAKE) -C $(PURPLE_PO_TOP) -f $(MINGW_MAKEFILE) clean
$(MAKE) -C $(PIDGIN_TOP) -f $(MINGW_MAKEFILE) clean
$(MAKE) -C $(PURPLE_TOP) -f $(MINGW_MAKEFILE) clean
$(MAKE) -C share/ca-certs -f $(MINGW_MAKEFILE) clean
rm -f $(PIDGIN_CONFIG_H) $(PIDGIN_REVISION_H) $(PIDGIN_REVISION_RAW_TXT) ./VERSION pidgin-$(PIDGIN_VERSION)*.exe pidgin-$(PIDGIN_VERSION)-win32-bin.zip $(DEBUG_SYMBOLS_DIR).zip
rm -rf doc/html Doxyfile.mingw
uninstall:
rm -rf $(PURPLE_INSTALL_PERL_DIR) $(PIDGIN_INSTALL_PLUGINS_DIR) $(PURPLE_INSTALL_PO_DIR) $(PIDGIN_INSTALL_DIR) $(STRIPPED_RELEASE_DIR) $(DEBUG_SYMBOLS_DIR)
rm -f ./VERSION
include $(PIDGIN_COMMON_TARGETS)