Discussion:
New Adium release for continued AIM support – updated certificate needed
Robert Vehse
2017-03-20 20:28:16 UTC
Permalink
Hi everyone,

Eric managed so get updated IDs from an AOL representative for continued AIM support. For anyone who's missed this episode, here's some context: https://arstechnica.com/business/2017/02/aol-will-cut-off-third-party-app-access-to-aim/ (Yes, the Ars Technica title is misleading.)

So now we're looking to get a new Adium release out with the updated IDs. This release should also address a recent security issue (https://pidgin.im/news/security/?id=109) which was mentioned a few days ago in an email to this list.

On top of that of that, we'd like to update Adium's codesigning signature to a version trusted by Gatekeeper on 10.9.5+ (https://trac.adium.im/ticket/16983). In September, Evan updated the "Muscovy" build machine to OS X 10.11. Provided Xcode has also been updated on Muscovy, the only thing we are missing now is an updated certificate. Would someone be able to obtain it?

Regards,
Robbie
Evan Schoenberg
2017-03-21 00:17:54 UTC
Permalink
Content preview: I can try to help. It looks like next release should be 1.5.11.
Is https://hg.adium.im/adium/rev/307f53385811 the tip of that? I don’t
see a libpurple commit yet. Is that still pending? [...]

Content analysis details: (0.7 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: arstechnica.com]
0.0 T_SPF_HELO_TEMPERROR SPF: test of HELO record failed (temperror)
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(tekjew[at]gmail.com)
0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
[score: 0.5000]
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Spam-Flag: NO
X-BeenThere: ***@adium.im
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Adium Development List <devel.adium.im>
List-Unsubscribe: <http://adium.im/mailman/options/devel_adium.im>,
<mailto:devel-***@adium.im?subject=unsubscribe>
List-Archive: <http://adium.im/pipermail/devel_adium.im/>
List-Post: <mailto:***@adium.im>
List-Help: <mailto:devel-***@adium.im?subject=help>
List-Subscribe: <http://adium.im/mailman/listinfo/devel_adium.im>,
<mailto:devel-***@adium.im?subject=subscribe>
Reply-To: Adium Development List <***@adium.im>
Errors-To: devel-***@adium.im
Sender: "devel" <devel-***@adium.im>
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - duck
X-AntiAbuse: Original Domain - ml-in.narkive.net
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - adium.im
X-Get-Message-Sender-Via: duck: acl_c_authenticated_local_user: mailman/mailman
X-Authenticated-Sender: duck: ***@adium.im
X-Source:
X-Source-Args:
X-Source-Dir:

I can try to help.

It looks like next release should be 1.5.11. Is https://hg.adium.im/adium/rev/307f53385811 the tip of that?

I don’t see a libpurple commit yet. Is that still pending?

-Evan
Post by Robert Vehse
Hi everyone,
Eric managed so get updated IDs from an AOL representative for continued AIM support. For anyone who's missed this episode, here's some context: https://arstechnica.com/business/2017/02/aol-will-cut-off-third-party-app-access-to-aim/ (Yes, the Ars Technica title is misleading.)
So now we're looking to get a new Adium release out with the updated IDs. This release should also address a recent security issue (https://pidgin.im/news/security/?id=109) which was mentioned a few days ago in an email to this list.
On top of that of that, we'd like to update Adium's codesigning signature to a version trusted by Gatekeeper on 10.9.5+ (https://trac.adium.im/ticket/16983). In September, Evan updated the "Muscovy" build machine to OS X 10.11. Provided Xcode has also been updated on Muscovy, the only thing we are missing now is an updated certificate. Would someone be able to obtain it?
Regards,
Robbie
Robert Vehse
2017-03-21 01:08:30 UTC
Permalink
Post by Evan Schoenberg
I can try to help.
Thanks. :-)
Post by Evan Schoenberg
It looks like next release should be 1.5.11. Is https://hg.adium.im/adium/rev/307f53385811 the tip of that?
The branch 1.5.11 has unfixed issues, I believe. Thijs confirmed to me that we should branch off 1.5.10.2 (https://hg.adium.im/adium/rev/a23057ce854d, I think).
Post by Evan Schoenberg
I don’t see a libpurple commit yet. Is that still pending?
Yep.

Regards,
Robbie
Robert Vehse
2017-03-21 22:38:21 UTC
Permalink
Hi folks,

A quick update: Thijs put in a shift earlier and we're almost there: https://hg.adium.im/adium/

Next, we need the certificate. Evan? :-)

Cheers,
Robbie
Evan Schoenberg
2017-03-22 00:59:55 UTC
Permalink
0. I have renewed our Apple Developer Membership. Once processed I should be able to generate new signing certificates.

1. Pulling adium-1.510.3, I couldn’t compile because of a failure to link to libcrypto. Oddly, I note that while https://hg.adium.im/adium/rev/0a0f0222bdd4 supposedly switches to 10.7, I’m still seeing 10.6 as the Adium target’s deployment target on a clean checkout.

I -removed- the dependency on libcrypto and was still able to both build and connect via Bonjour (which I know from https://hg.adium.im/adium/rev/297f01718b75 is using common crypto).

I ’m confused by this and loathe to commit the seemingly strange change of removing the libcrypto link.

2. I see numerous “error” warnings in the Console at run time like:
2017-03-21 20:33:47.677001 Adium[92832:12697875] [error] warning: dynamic accessors failed to find @property implementation for 'uniqueId' for entity ABCDContact while resolving selector 'uniqueId' on class 'ABCDContact'. Did you remember to declare it @dynamic or @synthesized in the @implementation ?

A quick search on this suggests is may be related to sandboxing, and that Contacts integration may not work if this is shown. Does anyone know anything about it?

-Evan
Post by Robert Vehse
Hi folks,
A quick update: Thijs put in a shift earlier and we're almost there: https://hg.adium.im/adium/
Next, we need the certificate. Evan? :-)
Cheers,
Robbie
Thijs Alkemade
2017-03-22 06:15:42 UTC
Permalink
Content preview: Hi Evan, Thanks for helping out with the certificate. 1. The
build works correctly for me, but that may be because I’m still on 10.10.
I noticed the “Adium” target indeed still had a deployment target of
10.6, that seems to have been set directly instead of in the xcconfig. I have
now fixed that in 4d835b161777. [...]

Content analysis details: (0.7 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: adium.im]
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 SPF_PASS SPF: sender matches SPF record
0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
[score: 0.5000]
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
X-Spam-Flag: NO
X-BeenThere: ***@adium.im
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Adium Development List <devel.adium.im>
List-Unsubscribe: <http://adium.im/mailman/options/devel_adium.im>,
<mailto:devel-***@adium.im?subject=unsubscribe>
List-Archive: <http://adium.im/pipermail/devel_adium.im/>
List-Post: <mailto:***@adium.im>
List-Help: <mailto:devel-***@adium.im?subject=help>
List-Subscribe: <http://adium.im/mailman/listinfo/devel_adium.im>,
<mailto:devel-***@adium.im?subject=subscribe>
Reply-To: Adium Development List <***@adium.im>
Errors-To: devel-***@adium.im
Sender: "devel" <devel-***@adium.im>
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - duck
X-AntiAbuse: Original Domain - ml-in.narkive.net
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - adium.im
X-Get-Message-Sender-Via: duck: acl_c_authenticated_local_user: mailman/mailman
X-Authenticated-Sender: duck: ***@adium.im
X-Source:
X-Source-Args:
X-Source-Dir:

Hi Evan,

Thanks for helping out with the certificate.

1. The build works correctly for me, but that may be because I’m still on 10.10. I noticed the “Adium” target indeed still had a deployment target of 10.6, that seems to have been set directly instead of in the xcconfig. I have now fixed that in 4d835b161777.

I also can’t find libcrypto in the project navigator anywhere nor any includes, so I can’t tell how it’s failing for you. Removing it does sound fine to me, I don’t think we have ever depended heavily on OpenSSL.

2. I have no idea. Does the address book integration work correctly?

Thijs
Post by Evan Schoenberg
0. I have renewed our Apple Developer Membership. Once processed I should be able to generate new signing certificates.
1. Pulling adium-1.510.3, I couldn’t compile because of a failure to link to libcrypto. Oddly, I note that while https://hg.adium.im/adium/rev/0a0f0222bdd4 supposedly switches to 10.7, I’m still seeing 10.6 as the Adium target’s deployment target on a clean checkout.
I -removed- the dependency on libcrypto and was still able to both build and connect via Bonjour (which I know from https://hg.adium.im/adium/rev/297f01718b75 is using common crypto).
I ’m confused by this and loathe to commit the seemingly strange change of removing the libcrypto link.
A quick search on this suggests is may be related to sandboxing, and that Contacts integration may not work if this is shown. Does anyone know anything about it?
-Evan
Post by Robert Vehse
Hi folks,
A quick update: Thijs put in a shift earlier and we're almost there: https://hg.adium.im/adium/
Next, we need the certificate. Evan? :-)
Cheers,
Robbie
Robert Vehse
2017-03-22 23:04:55 UTC
Permalink
Hi everyone,

Here's a tentative changelog for 1.5.10.3: https://hg.adium.im/adium/file/a80d051c4014/ChangeLogs/Changes.txt

We have removed Facebook Chat, MSN; Yahoo!, and MySpaceIM which means they show up nowhere in the UI. However, associated data such as passwords in the OS X Keychain, contact list, transcripts and the like remain if I'm not mistaken. I intend to explain this in a blog post. Do you think that would suffice?

By the way, has anyone tried to build tip? I'm having trouble figuring out how to build Adium as a whole and not just frameworks, heh. :-D

-Robbie
Robert Vehse
2017-03-23 00:38:27 UTC
Permalink
Post by Robert Vehse
By the way, has anyone tried to build tip? I'm having trouble figuring out how to build Adium as a whole and not just frameworks, heh. :-D
I went ahead and ran "make latest" from Terminal. The build failed due to Twitter missing JSONKit which I removed earlier with the Facebook Chat code.

Should we re-add JSONKit? Reports on Trac suggest Twitter no longer works in Adium so maybe we should disable Twitter or even scrap it altogether?

-Robbie
Thijs Alkemade
2017-03-23 05:29:07 UTC
Permalink
Post by Robert Vehse
Post by Robert Vehse
By the way, has anyone tried to build tip? I'm having trouble figuring out how to build Adium as a whole and not just frameworks, heh. :-D
I went ahead and ran "make latest" from Terminal. The build failed due to Twitter missing JSONKit which I removed earlier with the Facebook Chat code.
Should we re-add JSONKit? Reports on Trac suggest Twitter no longer works in Adium so maybe we should disable Twitter or even scrap it altogether?
-Robbie
Twitter works fine for me, so I guess we should rollback the removal of JSONKit.

Thijs
Robert Vehse
2017-03-23 08:56:50 UTC
Permalink
JSONKit's back in.

-Robbie
Evan Schoenberg
2017-03-23 17:08:07 UTC
Permalink
Had a little time this morning. I have generated the new cert. I'm fighting with our frameworks now (signing now has to include each contained bundle, but as-is frameworks were failing to sign).

Separately, I can compile on my 10.12 machine but not on Muscovy... it is throwing errors about deprecated objC functions, odd since if anything I should be on a newer compiler.

-Evan

--
Evan D. Schoenberg, M.D.
CEO, Regular Rate and Rhythm Software
http://www.regularrateandrhythm.com
Post by Robert Vehse
JSONKit's back in.
-Robbie
Chris Forsythe
2017-03-23 17:49:20 UTC
Permalink
Are all settings between the two the same?
Post by Evan Schoenberg
Had a little time this morning. I have generated the new cert. I'm fighting with our frameworks now (signing now has to include each contained bundle, but as-is frameworks were failing to sign).
Separately, I can compile on my 10.12 machine but not on Muscovy... it is throwing errors about deprecated objC functions, odd since if anything I should be on a newer compiler.
-Evan
--
Evan D. Schoenberg, M.D.
CEO, Regular Rate and Rhythm Software
http://www.regularrateandrhythm.com
Post by Robert Vehse
JSONKit's back in.
-Robbie
Evan Schoenberg
2017-03-23 19:32:21 UTC
Permalink
Post by Chris Forsythe
Are all settings between the two the same?
They seemed to be. After doing a clean repository checkout, it seems to be resolved. It was an odd error.

-Evan

Thijs Alkemade
2017-03-23 19:09:28 UTC
Permalink
Content preview: Hi Evan, I’ve figured out the problem with codesigning
the frameworks: the Info.plist files are missing a CFBundleExecutable key
(which needs to be set to the binary inside the framework). We may also need
to sign the frameworks one by one. [...]

Content analysis details: (0.7 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: fastmail.fm]
-0.0 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 SPF_PASS SPF: sender matches SPF record
0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
[score: 0.5000]
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
X-Spam-Flag: NO
X-BeenThere: ***@adium.im
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Adium Development List <devel.adium.im>
List-Unsubscribe: <http://adium.im/mailman/options/devel_adium.im>,
<mailto:devel-***@adium.im?subject=unsubscribe>
List-Archive: <http://adium.im/pipermail/devel_adium.im/>
List-Post: <mailto:***@adium.im>
List-Help: <mailto:devel-***@adium.im?subject=help>
List-Subscribe: <http://adium.im/mailman/listinfo/devel_adium.im>,
<mailto:devel-***@adium.im?subject=subscribe>
Reply-To: Adium Development List <***@adium.im>
Errors-To: devel-***@adium.im
Sender: "devel" <devel-***@adium.im>
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - duck
X-AntiAbuse: Original Domain - ml-in.narkive.net
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - adium.im
X-Get-Message-Sender-Via: duck: acl_c_authenticated_local_user: mailman/mailman
X-Authenticated-Sender: duck: ***@adium.im
X-Source:
X-Source-Args:
X-Source-Dir:

Hi Evan,

I’ve figured out the problem with codesigning the frameworks: the Info.plist files are missing a CFBundleExecutable key (which needs to be set to the binary inside the framework). We may also need to sign the frameworks one by one.

Thijs
Post by Evan Schoenberg
Had a little time this morning. I have generated the new cert. I'm fighting with our frameworks now (signing now has to include each contained bundle, but as-is frameworks were failing to sign).
Separately, I can compile on my 10.12 machine but not on Muscovy... it is throwing errors about deprecated objC functions, odd since if anything I should be on a newer compiler.
-Evan
--
Evan D. Schoenberg, M.D.
CEO, Regular Rate and Rhythm Software
http://www.regularrateandrhythm.com
Post by Robert Vehse
JSONKit's back in.
-Robbie
Evan Schoenberg
2017-03-23 19:16:55 UTC
Permalink
Content preview: Agreed - I’ve got all that locally too. Makefile is updated
and I’m doing some final testing before pushing it. -Evan > On Mar 23,
Post by Thijs Alkemade
I’ve figured out the problem with codesigning the frameworks: the Info.plist
files are missing a CFBundleExecutable key (which needs to be set to the
binary inside the framework). We may also need to sign the frameworks one
by one. > > Thijs > > >> On 23 mrt. 2017, at 18:08, Evan Schoenberg <***@gmail.com>
wrote: >> >> Had a little time this morning. I have generated the new cert.
I'm fighting with our frameworks now (signing now has to include each contained
bundle, but as-is frameworks were failing to sign). >> >> Separately, I can
compile on my 10.12 machine but not on Muscovy... it is throwing errors about
deprecated objC functions, odd since if anything I should be on a newer compiler.
Post by Thijs Alkemade
Post by Evan Schoenberg
Post by Robert Vehse
-Evan >> >> -- >> Evan D. Schoenberg, M.D. >> CEO, Regular Rate and
Rhythm Software >> http://www.regularrateandrhythm.com >> >> On Mar 23, 2017,
4:57 AM -0400, Robert Vehse <***@fastmail.fm>, wrote: >>> JSONKit's
back in. >>> >>> -Robbie >>> > > [...]

Content analysis details: (1.5 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: regularrateandrhythm.com]
0.5 RCVD_IN_SORBS_SPAM RBL: SORBS: sender is a spam source
[209.85.161.173 listed in dnsbl.sorbs.net]
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
domains are different
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(tekjew[at]gmail.com)
-0.0 SPF_PASS SPF: sender matches SPF record
0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
[score: 0.5000]
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom
freemail headers are different
X-Spam-Flag: NO
X-BeenThere: ***@adium.im
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Adium Development List <devel.adium.im>
List-Unsubscribe: <http://adium.im/mailman/options/devel_adium.im>,
<mailto:devel-***@adium.im?subject=unsubscribe>
List-Archive: <http://adium.im/pipermail/devel_adium.im/>
List-Post: <mailto:***@adium.im>
List-Help: <mailto:devel-***@adium.im?subject=help>
List-Subscribe: <http://adium.im/mailman/listinfo/devel_adium.im>,
<mailto:devel-***@adium.im?subject=subscribe>
Reply-To: Adium Development List <***@adium.im>
Errors-To: devel-***@adium.im
Sender: "devel" <devel-***@adium.im>
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - duck
X-AntiAbuse: Original Domain - ml-in.narkive.net
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - adium.im
X-Get-Message-Sender-Via: duck: acl_c_authenticated_local_user: mailman/mailman
X-Authenticated-Sender: duck: ***@adium.im
X-Source:
X-Source-Args:
X-Source-Dir:

Agreed - I’ve got all that locally too. Makefile is updated and I’m doing some final testing before pushing it.

-Evan
Post by Thijs Alkemade
Hi Evan,
I’ve figured out the problem with codesigning the frameworks: the Info.plist files are missing a CFBundleExecutable key (which needs to be set to the binary inside the framework). We may also need to sign the frameworks one by one.
Thijs
Post by Evan Schoenberg
Had a little time this morning. I have generated the new cert. I'm fighting with our frameworks now (signing now has to include each contained bundle, but as-is frameworks were failing to sign).
Separately, I can compile on my 10.12 machine but not on Muscovy... it is throwing errors about deprecated objC functions, odd since if anything I should be on a newer compiler.
-Evan
--
Evan D. Schoenberg, M.D.
CEO, Regular Rate and Rhythm Software
http://www.regularrateandrhythm.com
Post by Robert Vehse
JSONKit's back in.
-Robbie
Loading...