rpm/pidgin
SHA256
1
0
Fork 0
forked from pool/pidgin
Code Pull Requests Activity

Accepting request 220556 from GNOME:Apps

Browse Source 
Update to ver 2.10.8 (forwarded request 220401 from RBrownCCB)

OBS-URL: https://build.opensuse.org/request/show/220556
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pidgin?expand=0&rev=100
This commit is contained in:
Stephan Kulow 2014-02-02 06:37:01 +00:00 committed by Git OBS Bridge
parent 27b48d70ba
commit 7843a1e244
5 changed files with 98 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
pidgin-2.10.7.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:eba32994eca20d1cf24a4261b059b2de71a1ec2dd0926e904074b0db49f7f192
size 10069279

3
pidgin-2.10.8.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b633367e3588ff3e615d68e812302dfdbe32e73693cbe42a0d827b7aed7a8227
size 10050465

12
pidgin-irc-sasl.patch
View File

@ -1,12 +0,0 @@
diff -upr pidgin-2.10.7.orig/libpurple/protocols/irc/Makefile.am pidgin-2.10.7/libpurple/protocols/irc/Makefile.am
--- pidgin-2.10.7.orig/libpurple/protocols/irc/Makefile.am 2013-02-14 02:44:47.000000000 +0200
+++ pidgin-2.10.7/libpurple/protocols/irc/Makefile.am 2013-02-14 02:49:58.000000000 +0200
@@ -27,7 +27,7 @@ else
st =
pkg_LTLIBRARIES = libirc.la
libirc_la_SOURCES = $(IRCSOURCES)
-libirc_la_LIBADD = $(GLIB_LIBS)
+libirc_la_LIBADD = $(GLIB_LIBS) $(SASL_LIBS)
endif

93
pidgin.changes
View File

@ -1,3 +1,96 @@
-------------------------------------------------------------------
Wed Jan 29 20:55:39 UTC 2014 - zaitor@opensuse.org
- Update to version 2.10.8:
+ General: Python build scripts and example plugins are now
compatible with Python 3 (pidgin.im#15624).
+ libpurple:
- Fix potential crash if libpurple gets an error attempting to
read a reply from a STUN server (CVE-2013-6484).
- Fix potential crash parsing a malformed HTTP response
(CVE-2013-6479).
- Fix buffer overflow when parsing a malformed HTTP response
with chunked Transfer-Encoding (CVE-2013-6485).
- Better handling of HTTP proxy responses with negative
Content-Lengths.
- Fix handling of SSL certificates without subjects when
using libnss.
- Fix handling of SSL certificates with timestamps in the
distant future when using libnss (pidgin.im#15586).
- Impose maximum download size for all HTTP fetches.
+ Pidgin:
- Fix crash displaying tooltip of long URLs (CVE-2013-6478).
- Better handling of URLs longer than 1000 letters.
- Fix handling of multibyte UTF-8 characters in smiley themes
(pidgin.im#15756).
+ AIM: Fix untrusted certificate error.
+ AIM and ICQ: Fix a possible crash when receiving a malformed
message in a Direct IM session.
+ Gadu-Gadu:
- Fix buffer overflow with remote code execution potential.
Only triggerable by a Gadu-Gadu server or a
man-in-the-middle (CVE-2013-6487).
- Disabled buddy list import/export from/to server.
- Disabled new account registration and password change
options.
+ IRC:
- Fix bug where a malicious server or man-in-the-middle
could trigger a crash by not sending enough arguments with
various messages (CVE-2014-0020).
- Fix bug where initial IRC status would not be set correctly.
- Fix bug where IRC wasn't available when libpurple was
compiled with Cyrus SASL support (pidgin.im#15517).
+ MSN:
- Fix NULL pointer dereference parsing headers in MSN
(CVE-2013-6482).
- Fix NULL pointer dereference parsing OIM data in MSN
(CVE-2013-6482).
- Fix NULL pointer dereference parsing SOAP data in MSN
(CVE-2013-6482).
- Fix possible crash when sending very long messages. Not
remotely-triggerable.
+ MXit:
- Fix buffer overflow with remote code execution potential
(CVE-2013-6487).
- Fix sporadic crashes that can happen after user is
disconnected.
- Fix crash when attempting to add a contact via search
results.
- Show error message if file transfer fails.
- Fix compiling with InstantBird.
- Fix display of some custom emoticons.
+ SILC: Correctly set whiteboard dimensions in whiteboard
sessions.
+ SIMPLE: Fix buffer overflow with remote code execution
potential (CVE-2013-6487).
+ XMPP:
- Prevent spoofing of iq replies by verifying that the
'from' address matches the 'to' address of the iq request
(CVE-2013-6483).
- Fix crash on some systems when receiving fake delay
timestamps with extreme values (CVE-2013-6477).
- Fix possible crash or other erratic behavior when selecting a
very small file for your own buddy icon.
- Fix crash if the user tries to initiate a voice/video session
with a resourceless JID.
- Fix login errors when the first two available auth mechanisms
fail but a subsequent mechanism would otherwise work when
using Cyrus SASL (pidgin.im#15524).
- Fix dropping incoming stanzas on BOSH connections when we
receive multiple HTTP responses at once (pidgin.im#15684).
+ Yahoo!:
- Fix possible crashes handling incoming strings that are not
UTF-8 (CVE-2012-6152).
- Fix a bug reading a peer to peer message where a remote user
could trigger a crash (CVE-2013-6481).
+ Plugins:
- Fix crash in contact availability plugin.
- Fix perl function Purple::Network::ip_atoi.
- Add Unity integration plugin.
+ Windows specific fixes: (CVE-2013-6486, pidgin.im#15520,
pidgin.im#15521, bgo#668154).
- Drop pidgin-irc-sasl.patch, fixed upstream.
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Jan 24 12:56:48 UTC 2014 - dimstar@opensuse.org Fri Jan 24 12:56:48 UTC 2014 - dimstar@opensuse.org

7
pidgin.spec
View File

@ -28,11 +28,11 @@ Name: pidgin
Summary: Multiprotocol Instant Messaging Client Summary: Multiprotocol Instant Messaging Client
License: GPL-2.0+ License: GPL-2.0+
Group: Productivity/Networking/Instant Messenger Group: Productivity/Networking/Instant Messenger
Version: 2.10.7 Version: 2.10.8
Release: 0 Release: 0
# FIXME: Remove unconditional --disable-vv parameter from configure once pidgin is ported to farstream 0.2 # FIXME: Remove unconditional --disable-vv parameter from configure once pidgin is ported to farstream 0.2
Url: http://www.pidgin.im/ Url: http://www.pidgin.im/
Source: http://downloads.sourceforge.net/project/pidgin/Pidgin/%{version}/%{name}-%{version}.tar.bz2 Source: http://downloads.sourceforge.net/project/pidgin/Pidgin/2.10.8/%{name}-%{version}.tar.bz2
Source1: pidgin-NLD-smiley-theme.tar.bz2 Source1: pidgin-NLD-smiley-theme.tar.bz2
Source2: pidgin-Tango-smiley-theme.tar.bz2 Source2: pidgin-Tango-smiley-theme.tar.bz2
Source3: pidgin-prefs.xml Source3: pidgin-prefs.xml
@ -44,8 +44,6 @@ Patch5: pidgin-nonblock-common2.patch
Patch14: pidgin-mono-buildfix.patch Patch14: pidgin-mono-buildfix.patch
# PATCH-FIX-OPENSUSE pidgin-fix-perl-build.patch vuntz@opensuse.org -- Revert http://developer.pidgin.im/viewmtn/revision/info/f32151852a00fb5abd3fdccdd8df2419031666de as it breaks the build # PATCH-FIX-OPENSUSE pidgin-fix-perl-build.patch vuntz@opensuse.org -- Revert http://developer.pidgin.im/viewmtn/revision/info/f32151852a00fb5abd3fdccdd8df2419031666de as it breaks the build
Patch15: pidgin-fix-perl-build.patch Patch15: pidgin-fix-perl-build.patch
# PATCH-FIX-UPSTREAM pidgin-irc-sasl.patch https://developer.pidgin.im/ticket/15517 bnc#806975 dimstar@opensuse.org -- Link IRC module to sasl
Patch16: pidgin-irc-sasl.patch
# PATCH-FEATURE-UPSTREAM pidgin-gstreamer1.patch https://developer.pidgin.im/ticket/15386 dimstar@opensuse.org -- Port to GStreamer 1.0 # PATCH-FEATURE-UPSTREAM pidgin-gstreamer1.patch https://developer.pidgin.im/ticket/15386 dimstar@opensuse.org -- Port to GStreamer 1.0
Patch17: pidgin-gstreamer1.patch Patch17: pidgin-gstreamer1.patch
# Can use external libzephyr # Can use external libzephyr
@ -402,7 +400,6 @@ translation-update-upstream
%patch5 -p1 %patch5 -p1
%patch14 -p1 %patch14 -p1
%patch15 -p1 %patch15 -p1
%patch16 -p1
%if 0%{?suse_version} >= 1310 %if 0%{?suse_version} >= 1310
%patch17 -p1 %patch17 -p1
%endif %endif