|
 |
abdd45 |
diff -up pidgin-2.10.7/libpurple/conversation.c.CVE-2013-6477 pidgin-2.10.7/libpurple/conversation.c
|
|
|
abdd45 |
--- pidgin-2.10.7/libpurple/conversation.c.CVE-2013-6477 2013-02-11 04:16:51.000000000 -0500
|
|
|
abdd45 |
+++ pidgin-2.10.7/libpurple/conversation.c 2014-01-29 20:17:16.584055979 -0500
|
|
|
abdd45 |
@@ -1551,6 +1551,14 @@ purple_conv_chat_write(PurpleConvChat *c
|
|
|
abdd45 |
if (purple_conv_chat_is_user_ignored(chat, who))
|
|
|
abdd45 |
return;
|
|
|
abdd45 |
|
|
|
abdd45 |
+ if (mtime < 0) {
|
|
|
abdd45 |
+ purple_debug_error("conversation",
|
|
|
abdd45 |
+ "purple_conv_chat_write ignoring negative timestamp\n");
|
|
|
abdd45 |
+ /* TODO: Would be more appropriate to use a value that indicates
|
|
|
abdd45 |
+ that the timestamp is unknown, and surface that in the UI. */
|
|
|
abdd45 |
+ mtime = time(NULL);
|
|
|
abdd45 |
+ }
|
|
|
abdd45 |
+
|
|
|
abdd45 |
if (!(flags & PURPLE_MESSAGE_WHISPER)) {
|
|
|
abdd45 |
const char *str;
|
|
|
abdd45 |
|
|
|
abdd45 |
diff -up pidgin-2.10.7/libpurple/log.c.CVE-2013-6477 pidgin-2.10.7/libpurple/log.c
|
|
|
abdd45 |
--- pidgin-2.10.7/libpurple/log.c.CVE-2013-6477 2013-02-11 04:16:51.000000000 -0500
|
|
|
abdd45 |
+++ pidgin-2.10.7/libpurple/log.c 2014-01-29 20:17:16.584055979 -0500
|
|
|
abdd45 |
@@ -753,7 +753,7 @@ static char *log_get_timestamp(PurpleLog
|
|
|
abdd45 |
{
|
|
|
abdd45 |
gboolean show_date;
|
|
|
abdd45 |
char *date;
|
|
|
abdd45 |
- struct tm tm;
|
|
|
abdd45 |
+ struct tm *tm;
|
|
|
abdd45 |
|
|
|
abdd45 |
show_date = (log->type == PURPLE_LOG_SYSTEM) || (time(NULL) > when + 20*60);
|
|
|
abdd45 |
|
|
|
abdd45 |
@@ -763,11 +763,11 @@ static char *log_get_timestamp(PurpleLog
|
|
|
abdd45 |
if (date != NULL)
|
|
|
abdd45 |
return date;
|
|
|
abdd45 |
|
|
|
abdd45 |
- tm = *(localtime(&when));
|
|
|
abdd45 |
+ tm = localtime(&when);
|
|
|
abdd45 |
if (show_date)
|
|
|
abdd45 |
- return g_strdup(purple_date_format_long(&tm));
|
|
|
abdd45 |
+ return g_strdup(purple_date_format_long(tm));
|
|
|
abdd45 |
else
|
|
|
abdd45 |
- return g_strdup(purple_time_format(&tm));
|
|
|
abdd45 |
+ return g_strdup(purple_time_format(tm));
|
|
|
abdd45 |
}
|
|
|
abdd45 |
|
|
|
abdd45 |
/* NOTE: This can return msg (which you may or may not want to g_free())
|
|
|
abdd45 |
diff -up pidgin-2.10.7/libpurple/server.c.CVE-2013-6477 pidgin-2.10.7/libpurple/server.c
|
|
|
abdd45 |
--- pidgin-2.10.7/libpurple/server.c.CVE-2013-6477 2013-02-11 04:16:53.000000000 -0500
|
|
|
abdd45 |
+++ pidgin-2.10.7/libpurple/server.c 2014-01-29 20:17:16.585055993 -0500
|
|
|
abdd45 |
@@ -567,6 +567,14 @@ void serv_got_im(PurpleConnection *gc, c
|
|
|
abdd45 |
|
|
|
abdd45 |
account = purple_connection_get_account(gc);
|
|
|
abdd45 |
|
|
|
abdd45 |
+ if (mtime < 0) {
|
|
|
abdd45 |
+ purple_debug_error("server",
|
|
|
abdd45 |
+ "serv_got_im ignoring negative timestamp\n");
|
|
|
abdd45 |
+ /* TODO: Would be more appropriate to use a value that indicates
|
|
|
abdd45 |
+ that the timestamp is unknown, and surface that in the UI. */
|
|
|
abdd45 |
+ mtime = time(NULL);
|
|
|
abdd45 |
+ }
|
|
|
abdd45 |
+
|
|
|
abdd45 |
/*
|
|
|
abdd45 |
* XXX: Should we be setting this here, or relying on prpls to set it?
|
|
|
abdd45 |
*/
|
|
|
abdd45 |
@@ -905,6 +913,14 @@ void serv_got_chat_in(PurpleConnection *
|
|
|
abdd45 |
g_return_if_fail(who != NULL);
|
|
|
abdd45 |
g_return_if_fail(message != NULL);
|
|
|
abdd45 |
|
|
|
abdd45 |
+ if (mtime < 0) {
|
|
|
abdd45 |
+ purple_debug_error("server",
|
|
|
abdd45 |
+ "serv_got_chat_in ignoring negative timestamp\n");
|
|
|
abdd45 |
+ /* TODO: Would be more appropriate to use a value that indicates
|
|
|
abdd45 |
+ that the timestamp is unknown, and surface that in the UI. */
|
|
|
abdd45 |
+ mtime = time(NULL);
|
|
|
abdd45 |
+ }
|
|
|
abdd45 |
+
|
|
|
abdd45 |
for (bcs = g->buddy_chats; bcs != NULL; bcs = bcs->next) {
|
|
|
abdd45 |
conv = (PurpleConversation *)bcs->data;
|
|
|
abdd45 |
|