From 7843a1e244d151a020d3590bcce434a24a30b21508a9fbc3707f71c445934b6e Mon Sep 17 00:00:00 2001 From: Stephan Kulow Date: Sun, 2 Feb 2014 06:37:01 +0000 Subject: [PATCH] Accepting request 220556 from GNOME:Apps Update to ver 2.10.8 (forwarded request 220401 from RBrownCCB) OBS-URL: https://build.opensuse.org/request/show/220556 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pidgin?expand=0&rev=100 --- pidgin-2.10.7.tar.bz2 | 3 -- pidgin-2.10.8.tar.bz2 | 3 ++ pidgin-irc-sasl.patch | 12 ------ pidgin.changes | 93 +++++++++++++++++++++++++++++++++++++++++++ pidgin.spec | 7 +--- 5 files changed, 98 insertions(+), 20 deletions(-) delete mode 100644 pidgin-2.10.7.tar.bz2 create mode 100644 pidgin-2.10.8.tar.bz2 delete mode 100644 pidgin-irc-sasl.patch diff --git a/pidgin-2.10.7.tar.bz2 b/pidgin-2.10.7.tar.bz2 deleted file mode 100644 index ec69ae4..0000000 --- a/pidgin-2.10.7.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:eba32994eca20d1cf24a4261b059b2de71a1ec2dd0926e904074b0db49f7f192 -size 10069279 diff --git a/pidgin-2.10.8.tar.bz2 b/pidgin-2.10.8.tar.bz2 new file mode 100644 index 0000000..57d565c --- /dev/null +++ b/pidgin-2.10.8.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b633367e3588ff3e615d68e812302dfdbe32e73693cbe42a0d827b7aed7a8227 +size 10050465 diff --git a/pidgin-irc-sasl.patch b/pidgin-irc-sasl.patch deleted file mode 100644 index 091b69a..0000000 --- a/pidgin-irc-sasl.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -upr pidgin-2.10.7.orig/libpurple/protocols/irc/Makefile.am pidgin-2.10.7/libpurple/protocols/irc/Makefile.am ---- pidgin-2.10.7.orig/libpurple/protocols/irc/Makefile.am 2013-02-14 02:44:47.000000000 +0200 -+++ pidgin-2.10.7/libpurple/protocols/irc/Makefile.am 2013-02-14 02:49:58.000000000 +0200 -@@ -27,7 +27,7 @@ else - st = - pkg_LTLIBRARIES = libirc.la - libirc_la_SOURCES = $(IRCSOURCES) --libirc_la_LIBADD = $(GLIB_LIBS) -+libirc_la_LIBADD = $(GLIB_LIBS) $(SASL_LIBS) - - endif - diff --git a/pidgin.changes b/pidgin.changes index 36f6bc8..cf088d5 100644 --- a/pidgin.changes +++ b/pidgin.changes @@ -1,3 +1,96 @@ +------------------------------------------------------------------- +Wed Jan 29 20:55:39 UTC 2014 - zaitor@opensuse.org + +- Update to version 2.10.8: + + General: Python build scripts and example plugins are now + compatible with Python 3 (pidgin.im#15624). + + libpurple: + - Fix potential crash if libpurple gets an error attempting to + read a reply from a STUN server (CVE-2013-6484). + - Fix potential crash parsing a malformed HTTP response + (CVE-2013-6479). + - Fix buffer overflow when parsing a malformed HTTP response + with chunked Transfer-Encoding (CVE-2013-6485). + - Better handling of HTTP proxy responses with negative + Content-Lengths. + - Fix handling of SSL certificates without subjects when + using libnss. + - Fix handling of SSL certificates with timestamps in the + distant future when using libnss (pidgin.im#15586). + - Impose maximum download size for all HTTP fetches. + + Pidgin: + - Fix crash displaying tooltip of long URLs (CVE-2013-6478). + - Better handling of URLs longer than 1000 letters. + - Fix handling of multibyte UTF-8 characters in smiley themes + (pidgin.im#15756). + + AIM: Fix untrusted certificate error. + + AIM and ICQ: Fix a possible crash when receiving a malformed + message in a Direct IM session. + + Gadu-Gadu: + - Fix buffer overflow with remote code execution potential. + Only triggerable by a Gadu-Gadu server or a + man-in-the-middle (CVE-2013-6487). + - Disabled buddy list import/export from/to server. + - Disabled new account registration and password change + options. + + IRC: + - Fix bug where a malicious server or man-in-the-middle + could trigger a crash by not sending enough arguments with + various messages (CVE-2014-0020). + - Fix bug where initial IRC status would not be set correctly. + - Fix bug where IRC wasn't available when libpurple was + compiled with Cyrus SASL support (pidgin.im#15517). + + MSN: + - Fix NULL pointer dereference parsing headers in MSN + (CVE-2013-6482). + - Fix NULL pointer dereference parsing OIM data in MSN + (CVE-2013-6482). + - Fix NULL pointer dereference parsing SOAP data in MSN + (CVE-2013-6482). + - Fix possible crash when sending very long messages. Not + remotely-triggerable. + + MXit: + - Fix buffer overflow with remote code execution potential + (CVE-2013-6487). + - Fix sporadic crashes that can happen after user is + disconnected. + - Fix crash when attempting to add a contact via search + results. + - Show error message if file transfer fails. + - Fix compiling with InstantBird. + - Fix display of some custom emoticons. + + SILC: Correctly set whiteboard dimensions in whiteboard + sessions. + + SIMPLE: Fix buffer overflow with remote code execution + potential (CVE-2013-6487). + + XMPP: + - Prevent spoofing of iq replies by verifying that the + 'from' address matches the 'to' address of the iq request + (CVE-2013-6483). + - Fix crash on some systems when receiving fake delay + timestamps with extreme values (CVE-2013-6477). + - Fix possible crash or other erratic behavior when selecting a + very small file for your own buddy icon. + - Fix crash if the user tries to initiate a voice/video session + with a resourceless JID. + - Fix login errors when the first two available auth mechanisms + fail but a subsequent mechanism would otherwise work when + using Cyrus SASL (pidgin.im#15524). + - Fix dropping incoming stanzas on BOSH connections when we + receive multiple HTTP responses at once (pidgin.im#15684). + + Yahoo!: + - Fix possible crashes handling incoming strings that are not + UTF-8 (CVE-2012-6152). + - Fix a bug reading a peer to peer message where a remote user + could trigger a crash (CVE-2013-6481). + + Plugins: + - Fix crash in contact availability plugin. + - Fix perl function Purple::Network::ip_atoi. + - Add Unity integration plugin. + + Windows specific fixes: (CVE-2013-6486, pidgin.im#15520, + pidgin.im#15521, bgo#668154). +- Drop pidgin-irc-sasl.patch, fixed upstream. + ------------------------------------------------------------------- Fri Jan 24 12:56:48 UTC 2014 - dimstar@opensuse.org diff --git a/pidgin.spec b/pidgin.spec index 238c3f4..d8d3534 100644 --- a/pidgin.spec +++ b/pidgin.spec @@ -28,11 +28,11 @@ Name: pidgin Summary: Multiprotocol Instant Messaging Client License: GPL-2.0+ Group: Productivity/Networking/Instant Messenger -Version: 2.10.7 +Version: 2.10.8 Release: 0 # FIXME: Remove unconditional --disable-vv parameter from configure once pidgin is ported to farstream 0.2 Url: http://www.pidgin.im/ -Source: http://downloads.sourceforge.net/project/pidgin/Pidgin/%{version}/%{name}-%{version}.tar.bz2 +Source: http://downloads.sourceforge.net/project/pidgin/Pidgin/2.10.8/%{name}-%{version}.tar.bz2 Source1: pidgin-NLD-smiley-theme.tar.bz2 Source2: pidgin-Tango-smiley-theme.tar.bz2 Source3: pidgin-prefs.xml @@ -44,8 +44,6 @@ Patch5: pidgin-nonblock-common2.patch Patch14: pidgin-mono-buildfix.patch # PATCH-FIX-OPENSUSE pidgin-fix-perl-build.patch vuntz@opensuse.org -- Revert http://developer.pidgin.im/viewmtn/revision/info/f32151852a00fb5abd3fdccdd8df2419031666de as it breaks the build Patch15: pidgin-fix-perl-build.patch -# PATCH-FIX-UPSTREAM pidgin-irc-sasl.patch https://developer.pidgin.im/ticket/15517 bnc#806975 dimstar@opensuse.org -- Link IRC module to sasl -Patch16: pidgin-irc-sasl.patch # PATCH-FEATURE-UPSTREAM pidgin-gstreamer1.patch https://developer.pidgin.im/ticket/15386 dimstar@opensuse.org -- Port to GStreamer 1.0 Patch17: pidgin-gstreamer1.patch # Can use external libzephyr @@ -402,7 +400,6 @@ translation-update-upstream %patch5 -p1 %patch14 -p1 %patch15 -p1 -%patch16 -p1 %if 0%{?suse_version} >= 1310 %patch17 -p1 %endif