--- pidgin-otr-3.2.0.orig/otr-plugin.c +++ pidgin-otr-3.2.0/otr-plugin.c @@ -155,6 +155,9 @@ const char *protocol) { OtrgDialogWaitHandle waithandle; +#ifndef WIN32 + mode_t mask; +#endif /* WIN32 */ FILE *privf; gchar *privkeyfile = g_build_filename(purple_user_dir(), PRIVKEYFNAME, NULL); @@ -162,7 +165,13 @@ fprintf(stderr, _("Out of memory building filenames!\n")); return; } +#ifndef WIN32 + mask = umask (0077); +#endif /* WIN32 */ privf = g_fopen(privkeyfile, "w+b"); +#ifndef WIN32 + umask (mask); +#endif /* WIN32 */ g_free(privkeyfile); if (!privf) { fprintf(stderr, _("Could not write private key file\n")); @@ -619,9 +628,18 @@ /* Write the fingerprints to disk. */ void otrg_plugin_write_fingerprints(void) { +#ifndef WIN32 + mode_t mask; +#endif /* WIN32 */ FILE *storef; gchar *storefile = g_build_filename(purple_user_dir(), STOREFNAME, NULL); +#ifndef WIN32 + mask = umask (0077); +#endif /* WIN32 */ storef = g_fopen(storefile, "wb"); +#ifndef WIN32 + umask (mask); +#endif /* WIN32 */ g_free(storefile); if (!storef) return; otrl_privkey_write_fingerprints_FILEp(otrg_plugin_userstate, storef); @@ -972,6 +990,12 @@ otrg_dialog_set_ui_ops(otrg_gtk_dialog_get_ui_ops()); #endif +#ifndef WIN32 + /* Make key generation use /dev/urandom instead of /dev/random */ + gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); + gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0); +#endif + /* Initialize the OTR library */ OTRL_INIT; --- pidgin-otr-3.2.0.orig/gtk-dialog.c +++ pidgin-otr-3.2.0/gtk-dialog.c @@ -71,6 +71,8 @@ static int img_id_private = 0; static int img_id_finished = 0; +static GtkLabel * fingerprint_label = 0; + typedef struct { ConnContext *context; /* The context used to fire library code */ @@ -643,11 +645,12 @@ label = gtk_label_new(NULL); gtk_label_set_markup(GTK_LABEL(label), label_text); - gtk_label_set_selectable(GTK_LABEL(label), FALSE); + gtk_label_set_selectable(GTK_LABEL(label), TRUE); g_free(label_text); gtk_label_set_line_wrap(GTK_LABEL(label), TRUE); gtk_misc_set_alignment(GTK_MISC(label), 0, 0); gtk_box_pack_start(GTK_BOX(vbox), label, FALSE, FALSE, 0); + fingerprint_label = label; add_vrfy_fingerprint(vbox, vfd); g_signal_connect(G_OBJECT(vbox), "destroy", @@ -677,6 +680,8 @@ auth_data->smppair->entry = NULL; gtk_notebook_set_current_page (GTK_NOTEBOOK(notebook), 2); auth_data->smppair->smp_type = -1; + // workaround to prevent the text from always being selected + gtk_label_select_region(GTK_LABEL(fingerprint_label), 0, 0); } } --- pidgin-otr-3.2.0.orig/debian/watch +++ pidgin-otr-3.2.0/debian/watch @@ -0,0 +1,6 @@ +# Example watch control file for uscan +# Rename this file to "watch" and then you can run the "uscan" command +# to check for upstream updates and more. +# Site Directory Pattern Version Script +version=2 +http://www.cypherpunks.ca/otr/ pidgin-otr-(.*)\.t(?:ar\.)?gz debian uupdate --- pidgin-otr-3.2.0.orig/debian/dirs +++ pidgin-otr-3.2.0/debian/dirs @@ -0,0 +1 @@ +/usr/lib/pidgin --- pidgin-otr-3.2.0.orig/debian/changelog +++ pidgin-otr-3.2.0/debian/changelog @@ -0,0 +1,50 @@ +pidgin-otr (3.2.0-4ubuntu1) karmic; urgency=low + + * otr-plugin.c: Fix: key generation doesn't use /dev/urandom with more recent + libgcrypt versions (LP: #240640) + * gtk-dialog.c: Allow to copy the fingerprints from the authentication dialog + (LP: #310769) + + -- Felix Geyer Mon, 28 Sep 2009 21:21:55 +0200 + +pidgin-otr (3.2.0-4) unstable; urgency=low + + * update pot at build time, patch from Sebastien Bacher (Closes: #518466) + + -- Thibaut VARENE Mon, 23 Mar 2009 13:29:18 +0100 + +pidgin-otr (3.2.0-3) unstable; urgency=low + + * Ship translation files with the package + + -- Thibaut VARENE Sun, 15 Feb 2009 04:00:23 +0100 + +pidgin-otr (3.2.0-2) unstable; urgency=high + + * Make key generation use /dev/urandom (Closes: #489523) + + -- Thibaut VARENE Thu, 10 Jul 2008 17:34:32 +0200 + +pidgin-otr (3.2.0-1) unstable; urgency=low + + * New upstream release (Closes: #486639) + * Use gender neutral pronouns in strings (Closes: #425315) + * Move icon to the menu bar (Closes: #425318) + * Security patch from Caspar Clemens Mierau + (http://otr.cvs.sourceforge.net/otr/gaim-otr/otr-plugin.c?revision=1.19&view=markup) + + -- Thibaut VARENE Sun, 22 Jun 2008 23:24:49 +0200 + +pidgin-otr (3.1.0-1) unstable; urgency=low + + * New upstream release (closes: #435055, #435836) + * Build depend on newer libotr (closes: #430349) + + -- Thibaut VARENE Mon, 20 Aug 2007 21:49:14 +0200 + +pidgin-otr (3.0.0+cvs20070508-1) unstable; urgency=low + + * Initial release of the newly renamed gaim-otr plugin (closes: #422834) + + -- Thibaut VARENE Tue, 08 May 2007 17:21:54 +0200 + --- pidgin-otr-3.2.0.orig/debian/docs +++ pidgin-otr-3.2.0/debian/docs @@ -0,0 +1 @@ +README --- pidgin-otr-3.2.0.orig/debian/copyright +++ pidgin-otr-3.2.0/debian/copyright @@ -0,0 +1,27 @@ +This package was debianized by OTR Dev Team on +Wed, 1 Dec 2004 17:02:12 -0500. + +It was downloaded from http://www.cypherpunks.ca/otr/ + +Copyright (C) 2004-2007 by Nikita Borisov and Ian Goldberg + +Upstream Authors: OTR Dev Team + +License: + + This package is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 dated June, 1991. + + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this package; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + 02110-1301, USA. + +On Debian systems, the complete text of the GNU General +Public License can be found in `/usr/share/common-licenses/GPL-2'. --- pidgin-otr-3.2.0.orig/debian/compat +++ pidgin-otr-3.2.0/debian/compat @@ -0,0 +1 @@ +7 --- pidgin-otr-3.2.0.orig/debian/install +++ pidgin-otr-3.2.0/debian/install @@ -0,0 +1,2 @@ +debian/tmp/usr/lib/pidgin/pidgin-otr.so /usr/lib/pidgin +debian/tmp/usr/share/locale/*/LC_MESSAGES/pidgin-otr.mo --- pidgin-otr-3.2.0.orig/debian/rules +++ pidgin-otr-3.2.0/debian/rules @@ -0,0 +1,106 @@ +#!/usr/bin/make -f +# -*- makefile -*- +# Sample debian/rules that uses debhelper. +# This file was originally written by Joey Hess and Craig Small. +# As a special exception, when this file is copied by dh-make into a +# dh-make output file, you may use that output file without restriction. +# This special exception was added by Craig Small in version 0.37 of dh-make. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + + + + +CFLAGS = -Wall -g + +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS += -O0 +else + CFLAGS += -O2 +endif + +configure: configure-stamp +configure-stamp: + dh_testdir + # Add here commands to configure the package. + ./configure --host=$(DEB_HOST_GNU_TYPE)\ + --build=$(DEB_BUILD_GNU_TYPE)\ + --prefix=/usr\ + --mandir=\$${prefix}/share/man\ + --infodir=\$${prefix}/share/info \ + + touch configure-stamp + + +build: build-stamp + +build-stamp: configure-stamp + dh_testdir + + # Add here commands to compile the package. + $(MAKE) + #docbook-to-man debian/pidgin-otr.sgml > pidgin-otr.1 + + cd po; intltool-update --verbose --pot + + touch build-stamp + +clean: + dh_testdir + dh_testroot + rm -f build-stamp configure-stamp + + # Add here commands to clean up after the build process. + [ ! -f Makefile ] || $(MAKE) distclean + + dh_clean + +install: build + dh_testdir + dh_testroot + dh_prep + dh_installdirs + + # Add here commands to install the package into debian/pidgin-otr. + $(MAKE) install DESTDIR=$(CURDIR)/debian/tmp + + +# Build architecture-independent files here. +binary-indep: build install +# We have nothing to do by default. + +# Build architecture-dependent files here. +binary-arch: build install + dh_testdir + dh_testroot + dh_installchangelogs ChangeLog + dh_installdocs +# dh_installexamples + dh_install +# dh_installmenu +# dh_installdebconf +# dh_installlogrotate +# dh_installemacsen +# dh_installpam +# dh_installmime +# dh_installinit +# dh_installcron +# dh_installinfo +# dh_installman +# dh_link + dh_strip + dh_compress + dh_fixperms +# dh_perl +# dh_python +# dh_makeshlibs + dh_installdeb + dh_shlibdeps + dh_pidgin + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install configure --- pidgin-otr-3.2.0.orig/debian/control +++ pidgin-otr-3.2.0/debian/control @@ -0,0 +1,31 @@ +Source: pidgin-otr +Section: net +Priority: optional +Maintainer: Ubuntu MOTU Developers +XSBC-Original-Maintainer: Thibaut VARENE +Build-Depends: debhelper (>= 7), libgpg-error-dev (>= 1.0), libgcrypt11-dev (>= 1.2.0), libglib2.0-dev (>= 2.4), libgtk2.0-dev (>= 2.4), pidgin-dev, libotr2-dev (>= 3.1.0), libxml-parser-perl, intltool +Standards-Version: 3.8.1 + +Package: pidgin-otr +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: Off-the-Record Messaging plugin for pidgin + Off-the-Record (OTR) Messaging plugin for pidgin + . + OTR allows you to have private conversations over IM by providing: + - Encryption + - No one else can read your instant messages. + - Authentication + - You are assured the correspondent is who you think it is. + - Deniability + - The messages you send do _not_ have digital signatures that are + checkable by a third party. Anyone can forge messages after a + conversation to make them look like they came from you. However, + _during_ a conversation, your correspondent is assured the messages + he sees are authentic and unmodified. + - Perfect forward secrecy + - If you lose control of your private keys, no previous conversation + is compromised. + . + This is a pidgin plugin which implements Off-the-Record (OTR) Messaging. +