pidgin: apply CVE-2022-26491 fix not available upstream.

helpers/DATA/pidgin/cve/001_fix_CVE-2022-26491.patch

@@ -0,0 +1,77 @@
+Remove _xmppconnect support
+
+It has always been vulnerable to MITM attacks when it is not used with DNSSEC,
+and has been removed from XEP-0156 because of that. We have been issued
+CVE-2022-26491 for this issue.
+
+More discussion can be found at
+https://mail.jabber.org/pipermail/standards/2022-February/038759.html.
+
+Testing Done:
+Compiled
+
+Reviewed at https://reviews.imfreedom.org/r/1357/
+
+--- a/libpurple/protocols/jabber/jabber.c	Sat Apr 23 05:05:54 2022 -0500
++++ b/libpurple/protocols/jabber/jabber.c	Wed Apr 27 23:41:06 2022 -0500
+@@ -798,48 +798,6 @@
+ }
+ 
+ static void
+-txt_resolved_cb(GList *responses, gpointer data)
+-{
+-	JabberStream *js = data;
+-	gboolean found = FALSE;
+-
+-	js->srv_query_data = NULL;
+-
+-	while (responses) {
+-		PurpleTxtResponse *resp = responses->data;
+-		gchar **token;
+-		token = g_strsplit(purple_txt_response_get_content(resp), "=", 2);
+-		if (purple_strequal(token[0], "_xmpp-client-xbosh")) {
+-			purple_debug_info("jabber","Found alternative connection method using %s at %s.\n", token[0], token[1]);
+-			js->bosh = jabber_bosh_connection_init(js, token[1]);
+-			g_strfreev(token);
+-			break;
+-		}
+-		g_strfreev(token);
+-		purple_txt_response_destroy(resp);
+-		responses = g_list_delete_link(responses, responses);
+-	}
+-
+-	if (js->bosh) {
+-		found = TRUE;
+-		jabber_bosh_connection_connect(js->bosh);
+-	}
+-
+-	if (!found) {
+-		purple_debug_warning("jabber", "Unable to find alternative XMPP connection "
+-				  "methods after failing to connect directly.\n");
+-		purple_connection_error_reason(js->gc,
+-				PURPLE_CONNECTION_ERROR_NETWORK_ERROR,
+-				_("Unable to connect"));
+-		return;
+-	}
+-
+-	if (responses) {
+-		g_list_free_full(responses, (GDestroyNotify)purple_txt_response_destroy);
+-	}
+-}
+-
+-static void
+ jabber_login_callback(gpointer data, gint source, const gchar *error)
+ {
+ 	PurpleConnection *gc = data;
+@@ -849,11 +807,6 @@
+ 		if (js->srv_rec != NULL) {
+ 			purple_debug_error("jabber", "Unable to connect to server: %s.  Trying next SRV record or connecting directly.\n", error);
+ 			try_srv_connect(js);
+-		} else {
+-			purple_debug_info("jabber","Couldn't connect directly to %s.  Trying to find alternative connection methods, like BOSH.\n", js->user->domain);
+-			js->srv_query_data = purple_txt_resolve_account(
+-					purple_connection_get_account(gc), "_xmppconnect",
+-					js->user->domain, txt_resolved_cb, js);
+ 		}
+ 		return;
+ 	}

helpers/make-pidgin

@@ -17,7 +17,7 @@
 #    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA
 #
 
-VERSION=1
+VERSION=2
 COMPONENT=main
 
 . ./config
@@ -30,6 +30,13 @@ done
 
 sed '/PIDGIN_PREFS_ROOT.*conv_focus/s/TRUE/FALSE/' -i pidgin/gtksound.c
 
+# apply upstream pidgin security fixes / patches not yet in ubuntu.
+for patch in $(ls -v ${DATA}/cve/*.patch)
+do
+    echo "Applying $patch"
+    patch --no-backup-if-mismatch -Np1 < $patch
+done
+
 changelog "Compiled for Trisquel"
 
 package