--- a/ChangeLog Sun Nov 02 10:44:14 2014 -0800
+++ b/ChangeLog Sun Nov 02 11:06:07 2014 -0800
@@ -75,6 +75,11 @@
* The Offline Message Emulation plugin now adds a note that the message
was an offline message. (Flavius Anton) (#2497)
+version 2.10.11 (?/?/?): + * Fix handling of Self-Signed SSL/TLS Certificates when using the NSS version 2.10.10 (10/22/14):
* Check the basic constraints extension when validating SSL/TLS
@@ -1550,7 +1555,7 @@
* The TinyURL plugin now creates shorter URLs for long non-conversation
URLs, e.g. URLs to open Inbox in Yahoo/MSN protocols, or the Yahoo
- CAPTCHA when joining chat rooms.+ Captcha when joining chat rooms. * Fix displaying umlauts etc. in non-utf8 locale (fix in libgnt).
--- a/libpurple/plugins/ssl/ssl-nss.c Sun Nov 02 10:44:14 2014 -0800
+++ b/libpurple/plugins/ssl/ssl-nss.c Sun Nov 02 11:06:07 2014 -0800
@@ -139,6 +139,37 @@
+static void ssl_nss_log_ciphers(void) { + const PRUint16 *cipher; + for (cipher = SSL_GetImplementedCiphers(); *cipher != 0; ++cipher) { + const PRUint16 suite = *cipher; + SSLCipherSuiteInfo info; + rv = SSL_CipherPrefGetDefault(suite, &enabled); + if (rv != SECSuccess) { + purple_debug_warning("nss", + "SSL_CipherPrefGetDefault didn't like value 0x%04x: %s\n", + suite, PORT_ErrorToString(err)); + rv = SSL_GetCipherSuiteInfo(suite, &info, (int)(sizeof info)); + if (rv != SECSuccess) { + purple_debug_warning("nss", + "SSL_GetCipherSuiteInfo didn't like value 0x%04x: %s\n", + suite, PORT_ErrorToString(err)); + purple_debug_info("nss", "Cipher - %s: %s\n", + enabled ? "Enabled" : "Disabled"); @@ -148,7 +179,9 @@
PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
+#if (NSS_VMAJOR == 3 && (NSS_VMINOR < 15 || (NSS_VMINOR == 15 && NSS_VMICRO < 2))) +#endif /* NSS < 3.15.2 */ SSL_CipherPrefSetDefault(TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 1);
SSL_CipherPrefSetDefault(TLS_DHE_DSS_WITH_AES_256_CBC_SHA, 1);
@@ -195,6 +228,8 @@
_identity = PR_GetUniqueIdentity("Purple");
_nss_methods = PR_GetDefaultIOMethods();
@@ -1034,9 +1069,10 @@
CERTCertDBHandle *certdb = CERT_GetDefaultCertDB();
CERTCertificate *crt_dat;
PurpleCertificate *first_cert = vrq->cert_chain->data;
+ gboolean self_signed = FALSE; crt_dat = X509_NSS_DATA(first_cert);
@@ -1049,6 +1085,14 @@
CERTVerifyLogNode *node = NULL;
unsigned int depth = (unsigned int)-1;
+ *flags |= PURPLE_CERTIFICATE_SELF_SIGNED; + /* Handling of untrusted, etc. modeled after + * source/security/manager/ssl/src/TransportSecurityInfo.cpp in Firefox for (node = log.head; node; node = node->next) {
if (depth != node->depth) {
@@ -1065,14 +1109,20 @@
case SEC_ERROR_REVOKED_CERTIFICATE:
*flags |= PURPLE_CERTIFICATE_REVOKED;
+ case SEC_ERROR_UNKNOWN_ISSUER: case SEC_ERROR_UNTRUSTED_ISSUER:
- *flags |= PURPLE_CERTIFICATE_SELF_SIGNED; *flags |= PURPLE_CERTIFICATE_CA_UNKNOWN;
+ case SEC_ERROR_CA_CERT_INVALID: + case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: + case SEC_ERROR_UNTRUSTED_CERT: case SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED:
+ *flags |= PURPLE_CERTIFICATE_INVALID_CHAIN; case SEC_ERROR_BAD_SIGNATURE:
*flags |= PURPLE_CERTIFICATE_INVALID_CHAIN;
@@ -1080,12 +1130,12 @@
CERT_DestroyCertificate(node->cert);
- rv = CERT_VerifyCertName(crt_dat, vrq->subject_name);- if (rv != SECSuccess) {- purple_debug_error("nss", "Cert chain valid, but name not verified\n");- *flags |= PURPLE_CERTIFICATE_NAME_MISMATCH;+ rv = CERT_VerifyCertName(crt_dat, vrq->subject_name); + if (rv != SECSuccess) { + purple_debug_error("nss", "subject name not verified\n"); + *flags |= PURPLE_CERTIFICATE_NAME_MISMATCH; PORT_FreeArena(log.arena, PR_FALSE);
--- a/pidgin/gtkplugin.c Sun Nov 02 10:44:14 2014 -0800
+++ b/pidgin/gtkplugin.c Sun Nov 02 11:06:07 2014 -0800
@@ -248,8 +248,12 @@
g_signal_connect(G_OBJECT(dialog), "response",
G_CALLBACK(pref_dialog_response_cb), plugin);
gtk_container_add(GTK_CONTAINER(
- gtk_dialog_get_content_area(GTK_DIALOG(dialog))), box);+ gtk_dialog_get_content_area(GTK_DIALOG(dialog))), + pidgin_make_scrollable(box, GTK_POLICY_AUTOMATIC, + GTK_POLICY_AUTOMATIC, GTK_SHADOW_IN, 400, 400)); gtk_window_set_role(GTK_WINDOW(dialog), "plugin_config");
gtk_window_set_title(GTK_WINDOW(dialog),
_(purple_plugin_get_name(plugin)));
@@ -880,7 +884,7 @@
gtk_tree_view_column_set_sort_column_id(col, 1);
g_object_unref(G_OBJECT(ls));
gtk_box_pack_start(GTK_BOX(gtk_dialog_get_content_area(GTK_DIALOG(plugin_dialog))),
- pidgin_make_scrollable(event_view, GTK_POLICY_AUTOMATIC, GTK_POLICY_AUTOMATIC, GTK_SHADOW_IN, -1, -1), + pidgin_make_scrollable(event_view, GTK_POLICY_AUTOMATIC, GTK_POLICY_AUTOMATIC, GTK_SHADOW_IN, -1, -1), gtk_tree_view_set_search_column(GTK_TREE_VIEW(event_view), 1);
gtk_tree_view_set_search_equal_func(GTK_TREE_VIEW(event_view),
--- a/pidgin/plugins/spellchk.c Sun Nov 02 10:44:14 2014 -0800
+++ b/pidgin/plugins/spellchk.c Sun Nov 02 11:06:07 2014 -0800
@@ -1786,7 +1786,7 @@
gboolean case_sensitive = FALSE;
buf = g_build_filename(purple_user_dir(), "dict", NULL);
- if (g_file_get_contents(buf, &ibuf, &size, NULL) && ibuf) {+ if (!(g_file_get_contents(buf, &ibuf, &size, NULL) && ibuf)) { ibuf = g_strdup(defaultconf);
size = strlen(defaultconf);
--- a/pidgin/win32/nsis/create_nsis_translations.pl Sun Nov 02 10:44:14 2014 -0800
+++ b/pidgin/win32/nsis/create_nsis_translations.pl Sun Nov 02 11:06:07 2014 -0800
@@ -175,19 +175,29 @@
open (MYFILE, $translations);
- if ($_ =~ /Encoding=UTF-8/)+ if ($_ =~ /^Encoding=UTF-8/ || $_ =~ /^\s*$/ || $_ =~ /^\[Desktop Entry\]/ || $_ =~ /^#/)
elsif ($_ =~ /^(\w+)=(.*)/)
- my $line = "!define $1 \"$2\"\n";- $result{"en"}{"$1"} = $line;+ $value =~ s/["]/\$\\"/g; + $result{"$lang"}{"$key"} = "!define $key \"$value\"\n"; - elsif ($_ =~ /^(\w+)\[(\w+)\]=(.*)/)+ elsif ($_ =~ /^(\w+)\[([\w@]+)\]=(.*)/) - my $line = "!define $1 \"$3\"\n";- $result{"$2"}{"$1"} = $line;+ $value =~ s/["]/\$\\"/g; + $result{"$lang"}{"$key"} = "!define $key \"$value\"\n"; + print "Found unrecognized line: '$_'\n"; 