--- a/finch/finch.c Tue Feb 28 22:48:04 2017 -0600
+++ b/finch/finch.c Mon Mar 06 20:44:31 2017 -0600
@@ -70,16 +70,11 @@
g_hash_table_insert(ui_info, "client_type", "console");
- * This is the client key for "Finch." It is owned by the AIM- * account "markdoliner." Please don't use this key for other- * applications. You can either not specify a client key, in- * which case the default "libpurple" key will be used, or you- * can try to register your own at the AIM or ICQ web sites- * (although this functionality was removed at some point, it's- * possible it has been re-added). AOL's old key management- * page is http://developer.aim.com/manageKeys.jsp+ * This is the client key for "Finch." Please don't use this + * key for other applications. You can not specify a client + * key, in which case the default "libpurple" key will be used - g_hash_table_insert(ui_info, "prpl-aim-clientkey", "ma19sqWV9ymU6UYc");+ g_hash_table_insert(ui_info, "prpl-aim-clientkey", "ma18nmEklXMR7Cj_"); * This is the client key for "Pidgin." It is owned by the AIM
@@ -102,7 +97,7 @@
* don't use this for other applications. You can just not
* specify a distid and libpurple will use a default.
- g_hash_table_insert(ui_info, "prpl-aim-distid", GINT_TO_POINTER(1552));+ g_hash_table_insert(ui_info, "prpl-aim-distid", GINT_TO_POINTER(1718)); g_hash_table_insert(ui_info, "prpl-icq-distid", GINT_TO_POINTER(1552));
--- a/libpurple/buddyicon.c Tue Feb 28 22:48:04 2017 -0600
+++ b/libpurple/buddyicon.c Mon Mar 06 20:44:31 2017 -0600
@@ -1264,8 +1264,8 @@
pointer_icon_cache = g_hash_table_new(g_direct_hash, g_direct_equal);
- cache_dir = g_build_filename(purple_user_dir(), "icons", NULL);+ cache_dir = g_build_filename(purple_user_dir(), "icons", NULL); purple_signal_connect(purple_imgstore_get_handle(), "image-deleting",
purple_buddy_icons_get_handle(),
--- a/libpurple/certificate.c Tue Feb 28 22:48:04 2017 -0600
+++ b/libpurple/certificate.c Mon Mar 06 20:44:31 2017 -0600
@@ -84,6 +84,29 @@
+get_ascii_fingerprints (PurpleCertificate *crt, gchar **sha1, gchar **sha256) + sha_bin = purple_certificate_get_fingerprint_sha1(crt); + *sha1 = purple_base16_encode_chunked(sha_bin->data, sha_bin->len); + g_byte_array_free(sha_bin, TRUE); + sha_bin = purple_certificate_get_fingerprint_sha256(crt, FALSE); + *sha256 = (sha_bin == NULL) ? g_strdup("(null)") : + purple_base16_encode_chunked(sha_bin->data, sha_bin->len); + g_byte_array_free(sha_bin, TRUE); purple_certificate_verify (PurpleCertificateVerifier *verifier,
const gchar *subject_name, GList *cert_chain,
@@ -388,6 +411,30 @@
+purple_certificate_get_fingerprint_sha256(PurpleCertificate *crt, gboolean sha1_fallback) + PurpleCertificateScheme *scheme; + GByteArray *fpr = NULL; + g_return_val_if_fail(crt, NULL); + g_return_val_if_fail(crt->scheme, NULL); + if (!PURPLE_CERTIFICATE_SCHEME_HAS_FUNC(scheme, get_fingerprint_sha256)) { + /* outdated ssl module? fallback to sha1 and print a warning */ + fpr = purple_certificate_get_fingerprint_sha1(crt); + g_return_val_if_reached(fpr); + fpr = (scheme->get_fingerprint_sha256)(crt); purple_certificate_get_unique_id(PurpleCertificate *crt)
@@ -630,18 +677,13 @@
x509_singleuse_start_verify (PurpleCertificateVerificationRequest *vrq)
+ gchar *sha1_asc, *sha256_asc; - gchar *primary, *secondary;+ gchar *primary, *secondary, *secondary_extra; PurpleCertificate *crt = (PurpleCertificate *) vrq->cert_chain->data;
- /* Pull out the SHA1 checksum */- sha_bin = purple_certificate_get_fingerprint_sha1(crt);- /* Now decode it for display */- sha_asc = purple_base16_encode_chunked(sha_bin->data,+ get_ascii_fingerprints(crt, &sha1_asc, &sha256_asc); /* Get the cert Common Name */
cn = purple_certificate_get_subject_name(crt);
@@ -655,14 +697,17 @@
primary = g_strdup_printf(_("%s has presented the following certificate for just-this-once use:"), vrq->subject_name);
- secondary = g_strdup_printf(_("Common name: %s %s\nFingerprint (SHA1): %s"), cn, cn_match, sha_asc);+ secondary = g_strdup_printf(_("Common name: %s %s\nFingerprint (SHA1): %s"), cn, cn_match, sha1_asc); + /* TODO: make this part of the translatable string above */ + secondary_extra = g_strdup_printf("%s\nSHA256: %s", secondary, sha256_asc); /* Make a semi-pretty display */
purple_request_accept_cancel(
vrq->cb_data, /* TODO: Find what the handle ought to be */
_("Single-use Certificate Verification"),
0, /* Accept by default */
NULL, /* No other user */
@@ -675,8 +720,9 @@
- g_byte_array_free(sha_bin, TRUE);+ g_free(secondary_extra); @@ -1506,10 +1552,10 @@
- /* Now get SHA1 sums for both and compare them */+ /* Now get SHA256 sums for both and compare them */ /* TODO: This is not an elegant way to compare certs */
- peer_fpr = purple_certificate_get_fingerprint_sha1(peer_crt);- cached_fpr = purple_certificate_get_fingerprint_sha1(cached_crt);+ peer_fpr = purple_certificate_get_fingerprint_sha256(peer_crt, TRUE); + cached_fpr = purple_certificate_get_fingerprint_sha256(cached_crt, TRUE); if (!memcmp(peer_fpr->data, cached_fpr->data, peer_fpr->len)) {
purple_debug_info("certificate/x509/tls_cached",
"Peer cert matched cached\n");
@@ -1616,8 +1662,8 @@
- failing_fpr = purple_certificate_get_fingerprint_sha1(failing_crt);- ca_fpr = purple_certificate_get_fingerprint_sha1(ca_crt);+ failing_fpr = purple_certificate_get_fingerprint_sha256(failing_crt, TRUE); + ca_fpr = purple_certificate_get_fingerprint_sha256(ca_crt, TRUE); if (byte_arrays_equal(failing_fpr, ca_fpr)) {
purple_debug_info("certificate/x509/tls_cached",
"Full chain verification failed (probably a bad "
@@ -1699,10 +1745,10 @@
* If the fingerprints don't match, we'll fall back to checking the
- last_fpr = purple_certificate_get_fingerprint_sha1(end_crt);+ last_fpr = purple_certificate_get_fingerprint_sha256(end_crt, TRUE); for (cur = ca_crts; cur; cur = cur->next) {
- ca_fpr = purple_certificate_get_fingerprint_sha1(ca_crt);+ ca_fpr = purple_certificate_get_fingerprint_sha256(ca_crt, TRUE); if ( byte_arrays_equal(last_fpr, ca_fpr) ||
purple_certificate_signed_by(end_crt, ca_crt) )
@@ -2152,19 +2198,14 @@
purple_certificate_display_x509(PurpleCertificate *crt)
+ gchar *sha1_asc, *sha256_asc; time_t activation, expiration;
gchar *activ_str, *expir_str;
+ gchar *secondary, *secondary_extra; - /* Pull out the SHA1 checksum */- sha_bin = purple_certificate_get_fingerprint_sha1(crt);- /* Now decode it for display */- sha_asc = purple_base16_encode_chunked(sha_bin->data,+ get_ascii_fingerprints(crt, &sha1_asc, &sha256_asc); /* Get the cert Common Name */
/* TODO: Will break on CA certs */
@@ -2193,20 +2234,23 @@
"Expiration date: %s\n"),
self_signed ? _("(self-signed)") : (issuer_id ? issuer_id : "(null)"),
- sha_asc ? sha_asc : "(null)",+ sha1_asc ? sha1_asc : "(null)", activ_str ? activ_str : "(null)",
expir_str ? expir_str : "(null)");
+ /* TODO: make this part of the translatable string above */ + secondary_extra = g_strdup_printf("%sSHA256: %s", secondary, sha256_asc); /* Make a semi-pretty display */
purple_notify_info(NULL, /* TODO: Find what the handle ought to be */
_("Certificate Information"),
purple_request_action(NULL, /* TODO: Find what the handle ought to be */
_("Certificate Information"), _("Certificate Information"),
- secondary, 2, NULL, NULL, NULL, + secondary_extra, 2, NULL, NULL, NULL, _("View Issuer Certificate"), PURPLE_CALLBACK(display_x509_issuer),
_("Close"), PURPLE_CALLBACK(g_free));
@@ -2219,10 +2263,11 @@
+ g_free(secondary_extra); - g_byte_array_free(sha_bin, TRUE); void purple_certificate_add_ca_search_path(const char *path)
--- a/libpurple/certificate.h Tue Feb 28 22:48:04 2017 -0600
+++ b/libpurple/certificate.h Mon Mar 06 20:44:31 2017 -0600
@@ -315,9 +315,31 @@
void (* verify_cert)(PurpleCertificateVerificationRequest *vrq, PurpleCertificateInvalidityFlags *flags);
- void (*_purple_reserved3)(void);+ * The size of the PurpleCertificateScheme. This should always be sizeof(PurpleCertificateScheme). + * This allows adding more functions to this struct without requiring a major version bump. + * PURPLE_CERTIFICATE_SCHEME_HAS_FUNC() should be used for functions after this point. + unsigned long struct_size; + * Retrieves the certificate public key fingerprint using SHA256 + * @param crt Certificate instance + * @return Binary representation of SHA256 hash - must be freed using + GByteArray * (* get_fingerprint_sha256)(PurpleCertificate *crt); +#define PURPLE_CERTIFICATE_SCHEME_HAS_FUNC(obj, member) \ + (((G_STRUCT_OFFSET(PurpleCertificateScheme, member) < G_STRUCT_OFFSET(PurpleCertificateScheme, struct_size)) \ + || (G_STRUCT_OFFSET(PurpleCertificateScheme, member) < obj->struct_size)) && \ /** A set of operations used to provide logic for verifying a Certificate's
@@ -578,12 +600,26 @@
* Retrieves the certificate public key fingerprint using SHA1.
* @param crt Certificate instance
- * @return Binary representation of the hash. You are responsible for free()ing+ * @return Binary representation of the hash. You are responsible for freeing + * this with g_byte_array_free(). + * @see purple_base16_encode_chunked() + * @see purple_certificate_get_fingerprint_sha256() +purple_certificate_get_fingerprint_sha1(PurpleCertificate *crt); + * Retrieves the certificate public key fingerprint using SHA256. + * @param crt Certificate instance + * @param sha1_fallback If true, return SHA1 if the SSL module doesn't + * implement SHA256. Otherwise, return NULL. + * @return Binary representation of the hash. You are responsible for freeing + * this with g_byte_array_free(). * @see purple_base16_encode_chunked()
-purple_certificate_get_fingerprint_sha1(PurpleCertificate *crt);+purple_certificate_get_fingerprint_sha256(PurpleCertificate *crt, gboolean sha1_fallback); * Get a unique identifier for the certificate
--- a/libpurple/plugins/ssl/ssl-gnutls.c Tue Feb 28 22:48:04 2017 -0600
+++ b/libpurple/plugins/ssl/ssl-gnutls.c Mon Mar 06 20:44:31 2017 -0600
@@ -1037,9 +1037,9 @@
-x509_sha1sum(PurpleCertificate *crt)+x509_shasum(PurpleCertificate *crt, gnutls_digest_algorithm_t algo) - size_t hashlen = 20; /* SHA1 hashes are 20 bytes */+ size_t hashlen = (algo == GNUTLS_DIG_SHA1) ? 20 : 32; size_t tmpsz = hashlen; /* Throw-away variable for GnuTLS to stomp on*/
gnutls_x509_crt_t crt_dat;
GByteArray *hash; /**< Final hash container */
@@ -1051,7 +1051,7 @@
/* Extract the fingerprint */
- 0 == gnutls_x509_crt_get_fingerprint(crt_dat, GNUTLS_DIG_SHA,+ 0 == gnutls_x509_crt_get_fingerprint(crt_dat, algo, @@ -1065,6 +1065,18 @@
+x509_sha1sum(PurpleCertificate *crt) + return x509_shasum(crt, GNUTLS_DIG_SHA1); +x509_sha256sum(PurpleCertificate *crt) + return x509_shasum(crt, GNUTLS_DIG_SHA256); x509_cert_dn (PurpleCertificate *crt)
@@ -1239,8 +1251,8 @@
+ sizeof(PurpleCertificateScheme), /* struct_size */ + x509_sha256sum, /* SHA256 fingerprint */ static PurpleSslOps ssl_ops =
--- a/libpurple/plugins/ssl/ssl-nss.c Tue Feb 28 22:48:04 2017 -0600
+++ b/libpurple/plugins/ssl/ssl-nss.c Mon Mar 06 20:44:31 2017 -0600
@@ -881,11 +881,11 @@
-x509_sha1sum(PurpleCertificate *crt)+x509_shasum(PurpleCertificate *crt, SECOidTag algo) CERTCertificate *crt_dat;
- size_t hashlen = 20; /* Size of an sha1sum */+ size_t hashlen = (algo == SEC_OID_SHA1) ? 20 : 32; SECItem *derCert; /* DER representation of the cert */
@@ -899,22 +899,34 @@
derCert = &(crt_dat->derCert);
- sha1sum = g_byte_array_sized_new(hashlen);+ hash = g_byte_array_sized_new(hashlen); /* glib leaves the size as 0 by default */
- sha1sum->len = hashlen;- st = PK11_HashBuf(SEC_OID_SHA1, sha1sum->data,+ st = PK11_HashBuf(algo, hash->data, derCert->data, derCert->len);
- g_byte_array_free(sha1sum, TRUE);+ g_byte_array_free(hash, TRUE); purple_debug_error("nss/x509",
"Error: hashing failed!\n");
+x509_sha1sum(PurpleCertificate *crt) + return x509_shasum(crt, SEC_OID_SHA1); +x509_sha256sum(PurpleCertificate *crt) + return x509_shasum(crt, SEC_OID_SHA256); @@ -1211,7 +1223,8 @@
x509_importcerts_from_file, /* Multiple certificate import function */
x509_register_trusted_tls_cert, /* Register a certificate as trusted for TLS */
x509_verify_cert, /* Verify that the specified cert chain is trusted */
+ sizeof(PurpleCertificateScheme), /* struct_size */ + x509_sha256sum, /* SHA256 fingerprint */ static PurpleSslOps ssl_ops =
--- a/libpurple/protocols/irc/msgs.c Tue Feb 28 22:48:04 2017 -0600
+++ b/libpurple/protocols/irc/msgs.c Mon Mar 06 20:44:31 2017 -0600
@@ -1574,6 +1574,8 @@
PurpleConnection *gc = purple_account_get_connection(irc->account);
const char *mech_list = NULL;
if (strncmp(args[2], "sasl ", 6))
@@ -1637,6 +1639,15 @@
irc->sasl_mechs = g_string_new(mech_list);
+ /* Drop EXTERNAL mechanism since we don't support it */ + if ((pos = strstr(irc->sasl_mechs->str, "EXTERNAL"))) { + index = pos - irc->sasl_mechs->str; + g_string_erase(irc->sasl_mechs, index, strlen("EXTERNAL")); + /* Remove space which separated this mech from the next */ + if ((irc->sasl_mechs->str)[index] == ' ') { + g_string_erase(irc->sasl_mechs, index, 1); irc_auth_start_cyrus(irc);
--- a/libpurple/protocols/novell/nmrtf.c Tue Feb 28 22:48:04 2017 -0600
+++ b/libpurple/protocols/novell/nmrtf.c Mon Mar 06 20:44:31 2017 -0600
@@ -474,23 +474,23 @@
rtf_pop_state(NMRtfContext *ctx)
- NMRtfStateSave *save_old;+ NMRtfStateSave *save_old; - if (ctx->saved == NULL)- return NMRTF_STACK_UNDERFLOW;+ if (ctx->saved == NULL) + return NMRTF_STACK_UNDERFLOW; save_old = ctx->saved->data;
- ctx->chp = save_old->chp;- ctx->rds = save_old->rds;- ctx->ris = save_old->ris;+ ctx->chp = save_old->chp; + ctx->rds = save_old->rds; + ctx->ris = save_old->ris;
ctx->saved = g_slist_remove_link(ctx->saved, link_old);
g_slist_free_1(link_old);
@@ -671,13 +671,13 @@
rtf_apply_property(NMRtfContext *ctx, NMRtfProperty prop, int val)
- if (ctx->rds == NMRTF_STATE_SKIP) /* If we're skipping text, */- return NMRTF_OK; /* don't do anything. */+ if (ctx->rds == NMRTF_STATE_SKIP) /* If we're skipping text, */ + return NMRTF_OK; /* don't do anything. */ /* Need to flush any temporary data before a property change*/
case NMRTF_PROP_FONT_IDX:
@@ -686,9 +686,9 @@
--- a/libpurple/protocols/oscar/clientlogin.c Tue Feb 28 22:48:04 2017 -0600
+++ b/libpurple/protocols/oscar/clientlogin.c Mon Mar 06 20:44:31 2017 -0600
@@ -73,21 +73,11 @@
return start_oscar_session_urls[od->icq ? 1 : 0];
- * Using clientLogin requires a developer ID. This key is for libpurple.- * It is the default key for all libpurple-based clients. AOL encourages- * UIs (especially ones with lots of users) to override this with their- * own key. This key is owned by the AIM account "markdoliner"- * Keys can be managed at http://developer.aim.com/manageKeys.jsp-#define DEFAULT_CLIENT_KEY "ma15d7JTxbmVG-RP" static const char *get_client_key(OscarData *od)
return oscar_get_ui_info_string(
od->icq ? "prpl-icq-clientkey" : "prpl-aim-clientkey",
+ od->icq ? ICQ_DEFAULT_CLIENT_KEY : AIM_DEFAULT_CLIENT_KEY); static gchar *generate_error_message(xmlnode *resp, const char *url)
@@ -362,8 +352,7 @@
const gchar *encryption_type = purple_account_get_string(account, "encryption", OSCAR_DEFAULT_ENCRYPTION);
- * Construct the GET parameters. 0x00000611 is the distid given to- * us by AOL for use as the default libpurple distid.+ * Construct the GET parameters. query_string = g_strdup_printf("a=%s"
@@ -372,7 +361,8 @@
"&ts=%" PURPLE_TIME_T_MODIFIER
purple_url_encode(token),
- oscar_get_ui_info_int(od->icq ? "prpl-icq-distid" : "prpl-aim-distid", 0x00000611),+ oscar_get_ui_info_int(od->icq ? "prpl-icq-distid" : "prpl-aim-distid", + od->icq ? ICQ_DEFAULT_DIST_ID : AIM_DEFAULT_DIST_ID), strcmp(encryption_type, OSCAR_NO_ENCRYPTION) != 0 ? 1 : 0);
--- a/libpurple/protocols/oscar/oscarcommon.h Tue Feb 28 22:48:04 2017 -0600
+++ b/libpurple/protocols/oscar/oscarcommon.h Mon Mar 06 20:44:31 2017 -0600
@@ -41,6 +41,17 @@
#define AIM_DEFAULT_KDC_SERVER "kdc.uas.aol.com"
#define AIM_DEFAULT_KDC_PORT 443
+ * Using clientLogin requires a developer ID. This key is for libpurple. + * It is the default key for all libpurple-based clients. AOL encourages + * UIs (especially ones with lots of users) to override this with their +#define ICQ_DEFAULT_DIST_ID 1553 +#define ICQ_DEFAULT_CLIENT_KEY "ma15d7JTxbmVG-RP" +#define AIM_DEFAULT_DIST_ID 1717 +#define AIM_DEFAULT_CLIENT_KEY "ma19CwYN9i9Mw5nY" #define OSCAR_DEFAULT_LOGIN_PORT 5190
#define OSCAR_OPPORTUNISTIC_ENCRYPTION "opportunistic_encryption"
--- a/libpurple/sslconn.c Tue Feb 28 22:48:04 2017 -0600
+++ b/libpurple/sslconn.c Mon Mar 06 20:44:31 2017 -0600
@@ -190,7 +190,7 @@
PurpleSslErrorFunction error_func,
- return purple_ssl_connect_with_host_fd(account, fd, func, error_func, NULL, data);+ return purple_ssl_connect_with_host_fd(account, fd, func, error_func, NULL, data); @@ -219,8 +219,9 @@
gsc->error_cb = error_func;
- gsc->host = g_strdup(host);+ gsc->host = g_strdup(host); /* TODO: Move this elsewhere */
gsc->verifier = purple_certificate_find_verifier("x509","tls_cached");
