Accepting request 220556 from GNOME:Apps

Update to ver 2.10.8 (forwarded request 220401 from RBrownCCB) OBS-URL: https://build.opensuse.org/request/show/220556 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pidgin?expand=0&rev=100
2014-02-02 06:37:01 +00:00 · 2014-02-02 06:37:01 +00:00 · 7843a1e244
commit 7843a1e244
parent 27b48d70ba
5 changed files with 98 additions and 20 deletions
--- a/pidgin-2.10.7.tar.bz2
+++ b/pidgin-2.10.7.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:eba32994eca20d1cf24a4261b059b2de71a1ec2dd0926e904074b0db49f7f192
-size 10069279
--- a/pidgin-2.10.8.tar.bz2
+++ b/pidgin-2.10.8.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b633367e3588ff3e615d68e812302dfdbe32e73693cbe42a0d827b7aed7a8227
+size 10050465
--- a/pidgin-irc-sasl.patch
+++ b/pidgin-irc-sasl.patch
@ -1,12 +0,0 @@
-diff -upr pidgin-2.10.7.orig/libpurple/protocols/irc/Makefile.am pidgin-2.10.7/libpurple/protocols/irc/Makefile.am
--- pidgin-2.10.7.orig/libpurple/protocols/irc/Makefile.am	2013-02-14 02:44:47.000000000 +0200
-+++ pidgin-2.10.7/libpurple/protocols/irc/Makefile.am	2013-02-14 02:49:58.000000000 +0200
-@@ -27,7 +27,7 @@ else
- st =
- pkg_LTLIBRARIES   = libirc.la
- libirc_la_SOURCES = $(IRCSOURCES)
-libirc_la_LIBADD  = $(GLIB_LIBS)
-+libirc_la_LIBADD  = $(GLIB_LIBS) $(SASL_LIBS)
- 
- endif
- 
--- a/pidgin.changes
+++ b/pidgin.changes
@ -1,3 +1,96 @@
+-------------------------------------------------------------------
+Wed Jan 29 20:55:39 UTC 2014 - zaitor@opensuse.org
+
+- Update to version 2.10.8:
+  + General: Python build scripts and example plugins are now
+    compatible with Python 3 (pidgin.im#15624).
+  + libpurple:
+    - Fix potential crash if libpurple gets an error attempting to
+      read a reply from a STUN server (CVE-2013-6484).
+    - Fix potential crash parsing a malformed HTTP response
+      (CVE-2013-6479).
+    - Fix buffer overflow when parsing a malformed HTTP response
+      with chunked Transfer-Encoding (CVE-2013-6485).
+    - Better handling of HTTP proxy responses with negative
+      Content-Lengths.
+    - Fix handling of SSL certificates without subjects when
+      using libnss.
+    - Fix handling of SSL certificates with timestamps in the
+      distant future when using libnss (pidgin.im#15586).
+    - Impose maximum download size for all HTTP fetches.
+  + Pidgin:
+    - Fix crash displaying tooltip of long URLs (CVE-2013-6478).
+    - Better handling of URLs longer than 1000 letters.
+    - Fix handling of multibyte UTF-8 characters in smiley themes
+      (pidgin.im#15756).
+  + AIM: Fix untrusted certificate error.
+  + AIM and ICQ: Fix a possible crash when receiving a malformed
+    message in a Direct IM session.
+  + Gadu-Gadu:
+    - Fix buffer overflow with remote code execution potential.
+      Only triggerable by a Gadu-Gadu server or a
+      man-in-the-middle (CVE-2013-6487).
+    - Disabled buddy list import/export from/to server.
+    - Disabled new account registration and password change
+      options.
+  + IRC:
+    - Fix bug where a malicious server or man-in-the-middle
+      could trigger a crash by not sending enough arguments with
+      various messages (CVE-2014-0020).
+    - Fix bug where initial IRC status would not be set correctly.
+    - Fix bug where IRC wasn't available when libpurple was
+      compiled with Cyrus SASL support (pidgin.im#15517).
+  + MSN:
+    - Fix NULL pointer dereference parsing headers in MSN
+      (CVE-2013-6482).
+    - Fix NULL pointer dereference parsing OIM data in MSN
+      (CVE-2013-6482).
+    - Fix NULL pointer dereference parsing SOAP data in MSN
+      (CVE-2013-6482).
+    - Fix possible crash when sending very long messages. Not
+      remotely-triggerable.
+  + MXit:
+    - Fix buffer overflow with remote code execution potential
+      (CVE-2013-6487).
+    - Fix sporadic crashes that can happen after user is
+      disconnected.
+    - Fix crash when attempting to add a contact via search
+      results.
+    - Show error message if file transfer fails.
+    - Fix compiling with InstantBird.
+    - Fix display of some custom emoticons.
+  + SILC: Correctly set whiteboard dimensions in whiteboard
+    sessions.
+  + SIMPLE: Fix buffer overflow with remote code execution
+    potential (CVE-2013-6487).
+  + XMPP:
+    - Prevent spoofing of iq replies by verifying that the
+      'from' address matches the 'to' address of the iq request
+      (CVE-2013-6483).
+    - Fix crash on some systems when receiving fake delay
+      timestamps with extreme values (CVE-2013-6477).
+    - Fix possible crash or other erratic behavior when selecting a
+      very small file for your own buddy icon.
+    - Fix crash if the user tries to initiate a voice/video session
+      with a resourceless JID.
+    - Fix login errors when the first two available auth mechanisms
+      fail but a subsequent mechanism would otherwise work when
+      using Cyrus SASL (pidgin.im#15524).
+    - Fix dropping incoming stanzas on BOSH connections when we
+      receive multiple HTTP responses at once (pidgin.im#15684).
+  + Yahoo!:
+    - Fix possible crashes handling incoming strings that are not
+      UTF-8 (CVE-2012-6152).
+    - Fix a bug reading a peer to peer message where a remote user
+      could trigger a crash (CVE-2013-6481).
+  + Plugins:
+    - Fix crash in contact availability plugin.
+    - Fix perl function Purple::Network::ip_atoi.
+    - Add Unity integration plugin.
+  + Windows specific fixes: (CVE-2013-6486, pidgin.im#15520,
+    pidgin.im#15521, bgo#668154).
+- Drop pidgin-irc-sasl.patch, fixed upstream.
+
 -------------------------------------------------------------------
 Fri Jan 24 12:56:48 UTC 2014 - dimstar@opensuse.org

--- a/pidgin.spec
+++ b/pidgin.spec
@ -28,11 +28,11 @@ Name:           pidgin
 Summary:        Multiprotocol Instant Messaging Client
 License:        GPL-2.0+
 Group:          Productivity/Networking/Instant Messenger
-Version:        2.10.7
+Version:        2.10.8
 Release:        0
 # FIXME: Remove unconditional --disable-vv parameter from configure once pidgin is ported to farstream 0.2
 Url:            http://www.pidgin.im/
-Source:         http://downloads.sourceforge.net/project/pidgin/Pidgin/%{version}/%{name}-%{version}.tar.bz2
+Source:         http://downloads.sourceforge.net/project/pidgin/Pidgin/2.10.8/%{name}-%{version}.tar.bz2
 Source1:        pidgin-NLD-smiley-theme.tar.bz2
 Source2:        pidgin-Tango-smiley-theme.tar.bz2
 Source3:        pidgin-prefs.xml
@ -44,8 +44,6 @@ Patch5:         pidgin-nonblock-common2.patch
 Patch14:        pidgin-mono-buildfix.patch
 # PATCH-FIX-OPENSUSE pidgin-fix-perl-build.patch vuntz@opensuse.org -- Revert http://developer.pidgin.im/viewmtn/revision/info/f32151852a00fb5abd3fdccdd8df2419031666de as it breaks the build
 Patch15:        pidgin-fix-perl-build.patch
-# PATCH-FIX-UPSTREAM pidgin-irc-sasl.patch https://developer.pidgin.im/ticket/15517 bnc#806975 dimstar@opensuse.org -- Link IRC module to sasl
-Patch16:        pidgin-irc-sasl.patch
 # PATCH-FEATURE-UPSTREAM pidgin-gstreamer1.patch https://developer.pidgin.im/ticket/15386 dimstar@opensuse.org -- Port to GStreamer 1.0
 Patch17:        pidgin-gstreamer1.patch
 # Can use external libzephyr
@ -402,7 +400,6 @@ translation-update-upstream
 %patch5 -p1
 %patch14 -p1
 %patch15 -p1
-%patch16 -p1
 %if 0%{?suse_version} >= 1310
 %patch17 -p1
 %endif