Bug 152662

Summary: CAN-2004-0006 CAN-2004-0008 affect gaim in 7.2-8.0
Product: [Retired] Fedora Legacy Reporter: Jesse Keating <jkeating>
Component: Package requestAssignee: Fedora Legacy Bugs <bugs>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: botsch, s.j.thompson, stu
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: LEGACY, rh73, rh90
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description David Lawrence 2005-03-30 23:23:08 UTC
Stefan Esser has found multiple problems with the Gaim program. Many of the
issues discovered do not affect the version contained in Red Hat Linux 7.2,
7.3, and 8.0.

Issue CAN-2004-0006 fixes a buffer overflow discovered in the Gaim HTTP
proxy module. No known exploit exists for this problem and it is likely
that the problem could be exploited for an attacker to gain access to the
Gaim client machine.

Issue CAN-2004-0008 fixes an integer overflow discovered in the AIM/Oscar
protocol module. No known exploit exists for this problem. It is unknown
whether this problem is exploitable.



------- Additional Comments From jonny.strom 2004-01-26 12:37:58 ----

I have made a backport of gaim-0.75 from the RH 9 security uppdate to RH 7.3.
The notifytray patch is commented out becouse it requires gtk2.2 and also
startup-notification-devel is removed as build reqierments then gaim-0.75
compiles on RH 7.3 and from my testing so dose gaim-0.75 work as expected.

I suggest that we use gaim-0.75 in RH 7.2, 7.3 and 8.0 becouse it should not
break or conflict with other programs plus so dose some services work again that
did not work anymore with the gaim version that is in old RH relases.

Here are the rpm's for RH 7.3:

http://213.250.83.8/~johnny/fedora_legacy/rh73/gaim-0.75-0.9.1.i386.rpm
8798ea53b7fda6dc9bb6ab24d7619a72
http://213.250.83.8/~johnny/fedora_legacy/rh73/gaim-0.75-0.9.1.src.rpm
0f3056d47f5cccd69eb2e57fb37fc4c3



------- Additional Comments From dawson 2004-01-27 05:45:05 ----

I am currently not in a position to test the packages, but I did want to comment
to say that I agree that Gaim should be one of those packages that goes to the
latest release when it needs to be patched.  It is one of those rare packages
that  actually looses functionality if it isn't updated because the various
Messaging servers keep changing.
I should have a chance to have tested this patch in two days.



------- Additional Comments From jkeating 2004-02-04 18:50:49 ----

Snag.  This gaim depends on gtk2-devel, which doesn't exist in 7.2.  Looking for
alternatives.



------- Additional Comments From dawson 2004-02-06 05:05:22 ----

What if we just take the 7.5 gaim from gaim.sourceforge.com and apply the patch
that they say fixes the problem.  It is a debian patch, but it should work.
As a side bonus, we seem to get more smiley icons that redhat takes out.
I have compiled thier source rpm's, without the patch, I'll see if it works with
the patch.
Or ... we could wait for 0.7.6 to come out.



------- Additional Comments From dawson 2004-02-06 05:12:59 ----

Nevermind, I hadn't looked at the spec file again before I said that.  It has
the same dependancy problem.



------- Additional Comments From dawson 2004-02-06 06:28:00 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

All testing was on a 7.3 machine
I have installed an ran binary from above gaim-0.75-0.9.1.i386.rpm.  It
installed and ran without any unexpected problems.  (The only problem was
connecting to yahoo which seemed to have changed something this week)
I have looked at the spec and patches.  To my eye I do not see any problems and
it seems to patch the holes.
I have recompiled the source rpm, and installed the resulting rpm (after
removing the gaim already installed).  It installed and ran without any
unexpected problems.
I give this a thumbs up for release for RedHat 7.3.

On a related note.  I notice that RedHat has not released a fix for this problem
for their Enterprise 2.1.  I suspect it is because of the same problem we are
having with ours, the gtk2 problem.  I vote that we release this for 7.3 and 8,
and worry about 7.2 later.
Troy Dawson

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFAI8Ji2mrQCIL9F7IRApr1AJ9iUHelVeZpI2ZiqXtZ9GE4mXwRuACgh/74
NSpnnegZCW7pLbW88uWfn9Q=
=hPXY
-----END PGP SIGNATURE-----




------- Additional Comments From warren 2004-02-23 21:23:33 ----

https://rhn.redhat.com/errata/RHSA-2004-045.html
RHEL2.1 gaim-0.59 patched
I suppose Legacy could just use this.  The old client sucks, but at least it
still works with AIM.



------- Additional Comments From stu 2004-02-25 06:57:38 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

$ cat /etc/redhat-release
Red Hat Linux release 7.2 (Enigma)

Original Advisory
http://security.e-matters.de/advisories/012004.html

Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause
a denial of service and possibly execute arbitrary code via (1) octal
encoding in yahoo_decode that causes a null byte to be written beyond
the buffer, (2) octal encoding in yahoo_decode that causes a pointer to
reference memory beyond the terminating null byte, (3) a quoted
printable string to the gaim_quotedp_decode MIME decoder that causes a
null byte to be written beyond the buffer, and (4) quoted printable
encoding in gaim_quotedp_decode that causes a pointer to reference
memory beyond the terminating null byte. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0005
to these issues.

Multiple  buffer overflows that affect versions of Gaim 0.75 and earlier.
1) When parsing cookies in a Yahoo web connection, 2) YMSG protocol
overflows parsing the Yahoo login webpage, 3) a YMSG packet overflow, 4)
flaws in the URL parser, and 5) flaws in HTTP Proxy connect. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0006 to these issues.

A buffer overflow in Gaim 0.74 and earlier in the Extract Info
Field Function used for MSN and YMSG protocol handlers. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0007 to this issue.

An integer overflow in Gaim 0.74 and earlier, when allocating memory for a
directIM packet for AIM/Oscar, results in heap overflow. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0008 to this issue.


Relevance and fixes are described below by the numbers given in the original
advisory:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0005
Issues 01, 02, 08 & 09 (none relevant to Gaim 0.59.9)

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0006
Issues 03, 04, 05, 06, 10, 12 (10 & 12 only relevant to Gaim 0.59.9)

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0007
Issue 11 (not relevant to Gaim 0.59.9)

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0008
Issue 07

01 - yahoo_decode function only in Gaim 0.75
02 - yahoo_decode function only in Gaim 0.75
03 - Yahoo Web Messenger authentication method (Gaim >= 0.71 only)
04 - Yahoo Web Messenger authentication method (Gaim >= 0.71 only)
05 - Yahoo Web Messenger authentication method (Gaim >= 0.71 only)
06 - fixed by gaim-0.59.9-buffer2.patch, relevant part taken from patch for
     debian stable:
     http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.4.diff.gz
07 - fixed by gaim-0.59.1-buffer.patch, taken from Red Hat AS 2.1 update SRPM:
     http://masl.to/?E2F453367
08 - Quoted printable functions (Gaim 0.75 only)
09 - Quoted printable functions (Gaim 0.75 only)
10 - gaim_url_parse in util.c replaced parse_url in html.c in Gaim 0.71
     fixes from patch done by FreeBSD security team backported to parse_url in
     gaim-0.59.9-buffer3.patch
     http://security.e-matters.de/patches/gaim-0.75-fix.diff
11 - UTF8 String functions (Gaim >= 0.71 only)
12 - fixed by gaim-0.59.1-buffer.patch, taken from Red Hat AS 2.1 update SRPM
     http://masl.to/?E2F453367

rpm changelog:
* Wed Feb 11 2004 Stu Tomlinson <stu> 0.59.9-0.7.2.0.legacy
- - Update to 0.59.9
- - Apply fixes for relevant vulnerabilities reported in
  http://security.e-matters.de/advisories/012004.html

packages and md5sum:
http://www.uidzero.co.uk/rpms/rh72/gaim-0.59.9-0.72.0.legacy.src.rpm
http://www.uidzero.co.uk/rpms/rh72/gaim-0.59.9-0.72.0.legacy.i386.rpm
http://www.uidzero.co.uk/rpms/rh72/gaim-0.59.9-0.72.0.legacy-md5sum.asc

0ad86f6e5a4ebb4e42978083094e51c9  gaim-0.59.9-0.7.2.0.legacy.i386.rpm
ddcd93a67e7672ece744615c7208d60e  gaim-0.59.9-0.7.2.0.legacy.src.rpm
 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFAK/34g5j4BKlGSqkRAiL4AJ0bUzS6H/up5CkDiMmME9bmZ4t46wCfXWCc
WB1oTks7mEzToWVrO701r6Q=
=sJBR
-----END PGP SIGNATURE-----




------- Additional Comments From jkeating 2004-02-25 07:02:59 ----

Stu, how do your packages compare to those released by Red Hat for AS 2.1?  Do
we include all of their patches, plus some more of your own?



------- Additional Comments From stu 2004-02-25 07:42:27 ----

Yes, this package includes the 2 fixes from RH AS 2.1 (Issues 7 & 12), 1 fix
lifted from the debian stable erratum (Issue 6), and one additional fix from me
(backported from the FreeBSD patch, Issue 10)



------- Additional Comments From dwb7.edu 2004-05-04 04:52:35 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Redhat 7.3, I have recompiled the gaim-0.75 srpm posted here. It compiled
jsut fine and the resulting binary rpm installed just fine.

A quick glance shows that the holes do indeed seem to be patched.

I'm happy with it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFAl63ZSY7s7uPf/IURAviqAJ4g0NALMkmW0Qs5oC+3hFP1Pu8/pACeITOe
M3X3HkskxjcPLJ+CwpOzDA8=
=2bQ0
-----END PGP SIGNATURE-----




------- Additional Comments From dwb7.edu 2004-05-04 06:24:45 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

md5sum of the SRPM I rebuilt:

0f3056d47f5cccd69eb2e57fb37fc4c3  gaim-0.75-0.9.1.src.rpm


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFAl8PCSY7s7uPf/IURAusZAJ9RrF0ox3Sifo3/RXq/66lgsIrX0gCfdP9I
OdAhOw0GZHuEGSH9tUOLSSs=
=ShkZ
-----END PGP SIGNATURE-----




------- Additional Comments From dwb7.edu 2004-05-05 11:15:51 ----


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

PUBLISH gaim-0.75-0.9.1.src.rpm

- -DWB
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFAmVljSY7s7uPf/IURAtvPAJ9MP2eShdEghS4jestbEpUmCsozawCfXueC
UyMIrlt9zjILBmbkKKZzhbU=
=sGou
-----END PGP SIGNATURE-----




------- Additional Comments From jkeating 2004-05-18 17:39:30 ----

Stu, do your patches/vulns effect the package that Johnny provides for RHL 7.3,
8.0 and 9?  Please let me know.



------- Additional Comments From stu 2004-05-19 00:20:27 ----

Jesse,

None of the issues I found when backporting to Gaim 0.59.x are relevant to
Johnny's packages.

There is a corner-case crash-bug in Yahoo introduced by the buffers patch that
Red Hat used (because it was based on the patch with the original advisory,
which was later updated, but didn't get caught by Red Hat it seems). This is
even less serious because you can't sign on to Yahoo most of the time with Gaim
< 0.76 anyway.

But for completeness, I'll attach a patch-to-a-patch if you want to use it.

See the IRC snippet here : http://www.nosnilmot.com/gaim/yahoo.txt

PS. There are also some typo's in the spec file changelog. s/bild/build/ ;
s/requierment/requirement/



------- Additional Comments From stu 2004-05-19 00:21:42 ----

Created an attachment (id=673)
buffers.patch patch

Patch mentioned in my previous comment



------- Additional Comments From marcdeslauriers 2004-06-12 07:07:30 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here are packages for 7.3:

I added the patch from RHAS2.1, and the two patches from Stu
to the latest 7.3 gaim release.

Ideally, we would have upgraded to gaim 0.78, but this would
mean upgrading gaim in rh9 also, which has no security
vulnerabilities right now. Also, upgrading to 0.78 means
losing the applet functionality in 7.3, although this is
probably better than having the older version with broken
protocols.

Next time there are patches to apply to both 7.3 and 9, we
should consider upgrading to the latest version I guess.

Changelog:
* Sat Jun 12 2004 Marc Deslauriers <marcdeslauriers>
0.59.1-0.7.3.1.legacy
- - Security update CAN-2004-0006, CAN-2004-0008 (FL#1237)

9c2e428f02c76ad1e0166d1d75c5077a110d90d8  gaim-0.59.1-0.7.3.1.legacy.i386.rpm
19454ce074776ddd29fa71695573109fee9157af  gaim-0.59.1-0.7.3.1.legacy.src.rpm

http://www.infostrategique.com/linuxrpms/legacy/7.3/gaim-0.59.1-0.7.3.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/7.3/gaim-0.59.1-0.7.3.1.legacy.src.rpm


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAyzhGLMAs/0C4zNoRAhHhAKCD+qAnjZG8O25DKAbxwxPyXiwiuACgo3nh
yYmfYZC4HXGoagd6T/rX8eU=
=6JKR
-----END PGP SIGNATURE-----




------- Additional Comments From marcdeslauriers 2004-06-12 11:59:04 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

OK, I've changed my mind. I think the best way to do this
is to upgrade both 7.3 and 9 to gaim 0.78. This way, gaim
is at the latest version and all the protocols will work.

I modified the gaim 0.78 update from FC1 to work on rh7.3
and rh9.

Changelog 7.3:
* Sat Jun 12 2004 Marc Deslauriers <marcdeslauriers> 0.78-0.73.1.legacy
- - Rebuilt as Fedora Legacy update for rh73 (FL#1237)
- - Disabled some requirements not available on rh73
- - Removed Fedora specific config file and patches
- - Created a desktop file for rh73
- - Removed docklet.so plugin as it doesn't work in rh73

Changelog 9:
* Sat Jun 12 2004 Marc Deslauriers <marcdeslauriers> 0.78-0.90.1.legacy
- - Rebuilt as Fedora Legacy update for rh9 (FL#1237)
- - Disabled some requirements not available on rh9

7.3:
8a657052e0f8599d475227d15b78fb2ddea1ebb5  gaim-0.78-0.73.1.legacy.i386.rpm
2d56b633e24b638daeedff16048779511ebe8360  gaim-0.78-0.73.1.legacy.src.rpm

9:
e0b6df356563106c2f0f43672f3a87d8bdcbc810  gaim-0.78-0.90.1.legacy.i386.rpm
6c28dca842b626ab44a2f50f16f4f98a540749af  gaim-0.78-0.90.1.legacy.src.rpm


http://www.infostrategique.com/linuxrpms/legacy/7.3/gaim-0.78-0.73.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/7.3/gaim-0.78-0.73.1.legacy.src.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/gaim-0.78-0.90.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/gaim-0.78-0.90.1.legacy.src.rpm

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAy3yNLMAs/0C4zNoRAj6nAJ9b8b4UV4eJVy8ymXAzBe7i94OZsgCgv6H7
VQJUgJFMmz43tT5vv+TdVTc=
=rxQJ
-----END PGP SIGNATURE-----




------- Additional Comments From marcdeslauriers 2004-09-01 16:10:56 ----

These packages are no longer secure, as new advisories are out:

http://gaim.sourceforge.net/security/index.php




------- Additional Comments From marcdeslauriers 2004-09-07 13:54:30 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here are new gaim packages to QA fo 7.3 and 9.
They fix all current vulnerabilities.

Changelog:
* Sun Sep 05 2004 Marc Deslauriers <marcdeslauriers>
0.82.1-0.73.1.legacy
- - Updated to 0.82.1

7.3:
66dd00a79f4c7595a81c0d1aed35745c250fb093  gaim-0.82.1-0.73.1.legacy.i386.rpm
76fe6496bdc7472e0f40ba054f0ce817659e4b8b  gaim-0.82.1-0.73.1.legacy.src.rpm

9:
0fae2db5f859695e52d6ad81435a6541147dc3aa  gaim-0.82.1-0.90.1.legacy.i386.rpm
1f95b7a1deef35938a4e39ee267c6feab0e8fc9e  gaim-0.82.1-0.90.1.legacy.src.rpm


http://www.infostrategique.com/linuxrpms/legacy/7.3/gaim-0.82.1-0.73.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/7.3/gaim-0.82.1-0.73.1.legacy.src.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/gaim-0.82.1-0.90.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/gaim-0.82.1-0.90.1.legacy.src.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBPkopLMAs/0C4zNoRAs3fAKClOcqOSvh3DchHHJ9oNv4F8zoAFwCgs6Oz
04rZBjcsrxWfiPJehC5+kBw=
=5JG7
-----END PGP SIGNATURE-----




------- Additional Comments From ckelley 2004-09-09 06:32:13 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
66dd00a79f4c7595a81c0d1aed35745c250fb093  gaim-0.82.1-0.73.1.legacy.i386.rpm
76fe6496bdc7472e0f40ba054f0ce817659e4b8b  gaim-0.82.1-0.73.1.legacy.src.rpm
 
SRPM builds just fine
The specfile looks good; the updated version to 0.82 is very welcome.
 
PUBLISH
 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
 
iD8DBQFBQIV/yQ+yTHz+jJkRAujrAJ48QKVwo7QDfdiJkBwP+56yKxzR2ACdGCWO
NQ6LF/5m8qAJmwjLCqZ0XuU=
=yIPv
-----END PGP SIGNATURE-----




------- Additional Comments From mule 2004-09-09 11:04:08 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
0fae2db5f859695e52d6ad81435a6541147dc3aa 
/home/mule/gaim-0.82.1-0.90.1.legacy.i386.rpm
1f95b7a1deef35938a4e39ee267c6feab0e8fc9e 
/home/mule/gaim-0.82.1-0.90.1.legacy.src.rpm
 
For Red Hat 9:
* builds from source
* installs
* dependencies look to be in order
 
PUBLISH
 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
 
iD8DBQFBQMUXTsaUa9pp4VIRAvZqAKDBb7YNRKwyxnfTbr30q7uPsccbagCgvmXO
yV1KTD+r3r7S3/TbutzoI0g=
=GuFO
-----END PGP SIGNATURE-----




------- Additional Comments From dwb7.edu 2004-09-10 04:55:51 ----

Do we still need: Patch0: gaim-0.76-xinput.patch since we are using gaim-0.82-1?
 Patch is not in the SRPM available from gaim.sf.net and is not applied in the
FC1 rpm for gaim-0.81 either.



------- Additional Comments From dwb7.edu 2004-09-10 06:20:10 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Built new packages for RH7.3: (removed the old patch)

sha1sum -b *.rpm
75e5d77e41833bb55b702336996f615f1c98ce8e *gaim-0.82.1-0.73.2.legacy.i386.rpm
04fdee60c0ede06d1fd330fe10d1d57381c48278 *gaim-0.82.1-0.73.2.legacy.src.rpm

download from 
http://cf.ccmr.cornell.edu/publicdownloads/fedoralegacy-testing/gaim

- -DWB
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBQdPnSY7s7uPf/IURAtM5AJ93KjNAwd/A9GOiRvPB0PvsW7NKPACfethY
KMFqEH3SI1OSVWS1W5wLLyg=
=DCQo
-----END PGP SIGNATURE-----




------- Additional Comments From stu 2004-09-10 06:32:51 ----

You should continue to include "Patch0: gaim-0.76-xinput.patch" if you want to
maintain similar behavior to old Red Hat and current Fedora Core Gaim builds.
The patch is one which was rejected by upstream, which alters the XIM behavior,
and is still included in all FC builds.



------- Additional Comments From marcdeslauriers 2004-09-10 06:59:23 ----

The patch is included in the latest FC rpms. Please leave it in.




------- Additional Comments From dom 2004-09-10 07:08:35 ----

Looks like we are good to go with 

76fe6496bdc7472e0f40ba054f0ce817659e4b8b  gaim-0.82.1-0.73.1.legacy.src.rpm
1f95b7a1deef35938a4e39ee267c6feab0e8fc9e  gaim-0.82.1-0.90.1.legacy.src.rpm

then.

Resolving.



------- Additional Comments From dwb7.edu 2004-09-10 08:13:15 ----

Ok. It was not applied in the 0.81 FC1 build (tho seems to be in the 0.82 FC1
build which is missing from the local mirror - *sigh*)



------- Additional Comments From marcdeslauriers 2004-09-17 11:31:30 ----

Created an attachment (id=847)
Advisory draft

Here is draft text for the advisory.



------- Additional Comments From warren 2004-09-19 21:23:00 ----

> Do we still need: Patch0: gaim-0.76-xinput.patch since we are using 
> gaim-0.82-1?  Patch is not in the SRPM available from gaim.sf.net and 
> is not applied in the FC1 rpm for gaim-0.81 either.

I accidentally unpatched it in a few gaim updates a while back.  That broke XIM
and IIIMF input, which made many CJK people very angry at me.  Do not remove
that patch.



------- Additional Comments From marcdeslauriers 2004-09-27 15:29:40 ----

New packages have been built and will be pushed to updates-testing.



------- Additional Comments From marcdeslauriers 2004-09-28 01:47:17 ----

Pushed to updates-testing




------- Additional Comments From ckelley 2004-09-28 05:07:05 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
cda084b78e263bb725ad92fdef0fc4b329b705d5  gaim-0.82.1-0.73.2.legacy.i386.rpm
e28d0c278324c7a508af7a30565cc5741b7ec4f0  gaim-0.82.1-0.73.2.legacy.src.rpm
 
Binary packages installs fine, gaim tests good against AOL, Jabber,
Yahoo and IRC.  Source package builds fine and SHA1 sums match the
release:
 
17ff51025220135f350c473ba9f6033e2bbacf1f  ./gaim
17ff51025220135f350c473ba9f6033e2bbacf1f  /usr/bin/gaim
 
+VERIFY
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
 
iD8DBQFBWX0cyQ+yTHz+jJkRAsNgAJ0TDDZML+l0xJ4tH4W50bU+gc4YGgCghS1b
XYWW9dXySifSeYvYMEYgD+0=
=U9XA
-----END PGP SIGNATURE-----



------- Additional Comments From S.J.Thompson.ac.uk 2004-10-15 03:52:11 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Packages:
 
958a8c9d2077ae068af20c282e69e64ec8f1a4e7  gaim-0.82.1-0.90.3.legacy.i386.rpm
211c4e944d0b1178e53f0f1dd8bd303eeee1a6cf  gaim-0.82.1-0.90.3.legacy.src.rpm
 
Signatures look ok.
Package installs ok.
SRPM rebuilds ok.
 
Seems to work correctly signing into Yahoo Messenger.
 
I did find a problem with using HTTP proxies (e.g. using MSN messenger you
should be able to use an HTTP proxy to login and tunnel chat traffic, this
doesn't work with Gaim). This is however an upstream problem by the look of it
(just downloaded and tried the 1.0.1 RH9 RPMS straight from gaim.sf.net).
 
As this isn't actually a fl-legacy problem, I'll go with a ...
 
+VERIFY
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
                                                                                
iD8DBQFBb9W76PpxfDLZ0SgRAkAzAJ9j3c1bJourTn9GsqWWmuL0TVMbZgCcCOOD
Of8u8lGCLvSoo2Ke7YoB2Gk=
=mGXJ
-----END PGP SIGNATURE-----




------- Additional Comments From marcdeslauriers 2004-10-16 08:09:41 ----

These packages were pushed to official updates.



------- Bug moved to this database by dkl 2005-03-30 18:23 -------

This bug previously known as bug 1237 at https://bugzilla.fedora.us/
https://bugzilla.fedora.us/show_bug.cgi?id=1237
Originally filed under the Fedora Legacy product and Package request component.
Bug blocks bug(s) 775.

Attachments:
buffers.patch patch
https://bugzilla.fedora.us/attachment.cgi?action=view&id=673
Advisory draft
https://bugzilla.fedora.us/attachment.cgi?action=view&id=847

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.