pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/chat Update pidin to 2.10.8.



details:   https://anonhg.NetBSD.org/pkgsrc/rev/862f8913dc28
branches:  trunk
changeset: 629897:862f8913dc28
user:      obache <obache%pkgsrc.org@localhost>
date:      Fri Jan 31 06:32:16 2014 +0000

description:
Update pidin to 2.10.8.

version 2.10.8 (1/28/2014):
        General:
        * Python build scripts and example plugins are now compatible with
          Python 3. (Ashish Gupta) (#15624)

        libpurple:
        * Fix potential crash if libpurple gets an error attempting to read a
          reply from a STUN server. (Discovered by Coverity static analysis)
          (CVE-2013-6484)
        * Fix potential crash parsing a malformed HTTP response. (Discovered by
          Jacob Appelbaum of the Tor Project) (CVE-2013-6479)
        * Fix buffer overflow when parsing a malformed HTTP response with
          chunked Transfer-Encoding. (Discovered by Matt Jones, Volvent)
          (CVE-2013-6485)
        * Better handling of HTTP proxy responses with negative Content-Lengths.
          (Discovered by Matt Jones, Volvent)
        * Fix handling of SSL certificates without subjects when using libnss.
        * Fix handling of SSL certificates with timestamps in the distant future
          when using libnss. (#15586)
        * Impose maximum download size for all HTTP fetches.

        Pidgin:
        * Fix crash displaying tooltip of long URLs. (CVE-2013-6478)
        * Better handling of URLs longer than 1000 letters.
        * Fix handling of multibyte UTF-8 characters in smiley themes. (#15756)

        Windows-Specific Changes:
        * When clicking file:// links, show the file in Explorer rather than
          attempting to run the file. This reduces the chances of a user
          clicking on a link and mistakenly running a malicious file.
          (Originally discovered by James Burton, Insomnia Security. Rediscovered
          by Yves Younan of Sourcefire VRT.) (CVE-2013-6486)
        * Fix Tcl scripts. (#15520)
        * Fix crash-on-startup when ASLR is always on. (#15521)
        * Updates to dependencies:
                * NSS 3.15.4 and NSPR 4.10.2
                * Pango 1.29.4-1daa
                        Patched for https://bugzilla.gnome.org/show_bug.cgi?id=668154

        AIM:
        * Fix untrusted certificate error.

        AIM and ICQ:
        * Fix a possible crash when receiving a malformed message in a Direct IM
          session.

        Gadu-Gadu:
        * Fix buffer overflow with remote code execution potential. Only
          triggerable by a Gadu-Gadu server or a man-in-the-middle.
          (Discovered by Yves Younan and Ryan Pentney of Sourcefire VRT)
          (CVE-2013-6487)
        * Disabled buddy list import/export from/to server (it didn't work
          anymore). Buddy list synchronization will be implemented in 3.0.0.
        * Disabled new account registration and password change options, as it
          didn't work either. Account registration also caused a crash. Both
          functions are available using official Gadu-Gadu website.

        IRC:
        * Fix bug where a malicious server or man-in-the-middle could trigger
          a crash by not sending enough arguments with various messages.
          (Discovered by Daniel Atallah) (CVE-2014-0020)
        * Fix bug where initial IRC status would not be set correctly.
        * Fix bug where IRC wasn't available when libpurple was compiled with
          Cyrus SASL support. (#15517)

        MSN:
        * Fix NULL pointer dereference parsing headers in MSN.
          (Discovered by Fabian Yamaguchi and Christian Wressnegger of the
          University of Goettingen) (CVE-2013-6482)
        * Fix NULL pointer dereference parsing OIM data in MSN.
          (Discovered by Fabian Yamaguchi and Christian Wressnegger of the
          University of Goettingen) (CVE-2013-6482)
        * Fix NULL pointer dereference parsing SOAP data in MSN.
          (Discovered by Fabian Yamaguchi and Christian Wressnegger of the
          University of Goettingen) (CVE-2013-6482)
        * Fix possible crash when sending very long messages. Not
          remotely-triggerable. (Discovered by Matt Jones, Volvent)

        MXit:
        * Fix buffer overflow with remote code execution potential.
          (Discovered by Yves Younan and Pawel Janic of Sourcefire VRT)
          (CVE-2013-6487)
        * Fix sporadic crashes that can happen after user is disconnected.
        * Fix crash when attempting to add a contact via search results.
        * Show error message if file transfer fails.
        * Fix compiling with InstantBird.
        * Fix display of some custom emoticons.

        SILC:
        * Correctly set whiteboard dimensions in whiteboard sessions.

        SIMPLE:
        * Fix buffer overflow with remote code execution potential.
          (Discovered by Yves Younan of Sourcefire VRT) (CVE-2013-6487)

        XMPP:
        * Prevent spoofing of iq replies by verifying that the 'from' address
          matches the 'to' address of the iq request. (Discovered by Fabian
          Yamaguchi and Christian Wressnegger of the University of Goettingen)
          (CVE-2013-6483)
        * Fix crash on some systems when receiving fake delay timestamps with
          extreme values. (Discovered by Jaime Breva Ribes) (CVE-2013-6477)
        * Fix possible crash or other erratic behavior when selecting a very
          small file for your own buddy icon.
        * Fix crash if the user tries to initiate a voice/video session with a
          resourceless JID.
        * Fix login errors when the first two available auth mechanisms fail but
          a subsequent mechanism would otherwise work when using Cyrus SASL.
          (#15524)
        * Fix dropping incoming stanzas on BOSH connections when we receive
          multiple HTTP responses at once. (Issa Gorissen) (#15684)

        Yahoo!:
        * Fix possible crashes handling incoming strings that are not UTF-8.
          (Discovered by Thijs Alkemade and Robert Vehse) (CVE-2012-6152)
        * Fix a bug reading a peer to peer message where a remote user could
          trigger a crash. (CVE-2013-6481)

        Plugins:
        * Fix crash in contact availability plugin.
        * Fix perl function Purple::Network::ip_atoi
        * Add Unity integration plugin.

diffstat:

 chat/finch/Makefile            |  5 +----
 chat/libpurple/Makefile        |  3 +--
 chat/libpurple/Makefile.common |  4 ++--
 chat/libpurple/PLIST           |  9 ++++-----
 chat/libpurple/distinfo        |  8 ++++----
 chat/pidgin-sametime/Makefile  |  3 +--
 chat/pidgin-silc/Makefile      |  3 +--
 chat/pidgin/Makefile           |  5 +----
 8 files changed, 15 insertions(+), 25 deletions(-)

diffs (148 lines):

diff -r 331293c371e1 -r 862f8913dc28 chat/finch/Makefile
--- a/chat/finch/Makefile       Fri Jan 31 05:49:25 2014 +0000
+++ b/chat/finch/Makefile       Fri Jan 31 06:32:16 2014 +0000
@@ -1,12 +1,9 @@
-# $NetBSD: Makefile,v 1.55 2014/01/30 22:12:05 wiz Exp $
+# $NetBSD: Makefile,v 1.56 2014/01/31 06:32:16 obache Exp $
 
 PKGNAME=       finch-${PIDGIN_VERSION}
-PKGREVISION=   1
 
 COMMENT=       Multi-protocol Instant Messaging client console frontend
 
-PYTHON_VERSIONS_INCOMPATIBLE=  33 # not yet ported as of 2.10.7
-
 .include               "../../chat/libpurple/Makefile.common"
 
 USE_TOOLS+=    intltool msgfmt perl
diff -r 331293c371e1 -r 862f8913dc28 chat/libpurple/Makefile
--- a/chat/libpurple/Makefile   Fri Jan 31 05:49:25 2014 +0000
+++ b/chat/libpurple/Makefile   Fri Jan 31 06:32:16 2014 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.63 2014/01/11 14:42:02 adam Exp $
+# $NetBSD: Makefile,v 1.64 2014/01/31 06:32:16 obache Exp $
 
 PKGNAME=       libpurple-${PIDGIN_VERSION}
-PKGREVISION=   8
 
 COMMENT=       Multi-protocol Instant Messaging client backend
 
diff -r 331293c371e1 -r 862f8913dc28 chat/libpurple/Makefile.common
--- a/chat/libpurple/Makefile.common    Fri Jan 31 05:49:25 2014 +0000
+++ b/chat/libpurple/Makefile.common    Fri Jan 31 06:32:16 2014 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.40 2013/03/03 07:17:24 obache Exp $
+# $NetBSD: Makefile.common,v 1.41 2014/01/31 06:32:16 obache Exp $
 #
 # used by chat/finch/Makefile
 # used by chat/libpurple/Makefile
@@ -6,7 +6,7 @@
 # used by chat/pidgin-sametime/Makefile
 # used by chat/pidgin-silc/Makefile
 
-PIDGIN_VERSION=        2.10.7
+PIDGIN_VERSION=        2.10.8
 DISTNAME=      pidgin-${PIDGIN_VERSION}
 CATEGORIES=    chat
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=pidgin/}
diff -r 331293c371e1 -r 862f8913dc28 chat/libpurple/PLIST
--- a/chat/libpurple/PLIST      Fri Jan 31 05:49:25 2014 +0000
+++ b/chat/libpurple/PLIST      Fri Jan 31 06:32:16 2014 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.27 2013/03/03 07:17:24 obache Exp $
+@comment $NetBSD: PLIST,v 1.28 2014/01/31 06:32:16 obache Exp $
 include/libpurple/account.h
 include/libpurple/accountopt.h
 include/libpurple/blist.h
@@ -101,6 +101,7 @@
 share/locale/af/LC_MESSAGES/pidgin.mo
 share/locale/am/LC_MESSAGES/pidgin.mo
 share/locale/ar/LC_MESSAGES/pidgin.mo
+share/locale/ast/LC_MESSAGES/pidgin.mo
 share/locale/az/LC_MESSAGES/pidgin.mo
 share/locale/be@latin/LC_MESSAGES/pidgin.mo
 share/locale/bg/LC_MESSAGES/pidgin.mo
@@ -189,17 +190,16 @@
 share/purple/ca-certs/CAcert_Root.pem
 share/purple/ca-certs/Deutsche_Telekom_Root_CA_2.pem
 share/purple/ca-certs/DigiCertHighAssuranceCA-3.pem
+share/purple/ca-certs/DigiCertHighAssuranceEVRootCA.pem
+share/purple/ca-certs/Entrust.net_2048.pem
 share/purple/ca-certs/Entrust.net_Secure_Server_CA.pem
 share/purple/ca-certs/Equifax_Secure_CA.pem
 share/purple/ca-certs/Equifax_Secure_Global_eBusiness_CA-1.pem
 share/purple/ca-certs/GTE_CyberTrust_Global_Root.pem
 share/purple/ca-certs/Go_Daddy_Class_2_CA.pem
-share/purple/ca-certs/Microsoft_Internet_Authority.pem
 share/purple/ca-certs/Microsoft_Internet_Authority_2010.pem
-share/purple/ca-certs/Microsoft_Secure_Server_Authority.pem
 share/purple/ca-certs/Microsoft_Secure_Server_Authority_2010.pem
 share/purple/ca-certs/StartCom_Certification_Authority.pem
-share/purple/ca-certs/StartCom_Free_SSL_CA.pem
 share/purple/ca-certs/Thawte_Premium_Server_CA.pem
 share/purple/ca-certs/Thawte_Primary_Root_CA.pem
 share/purple/ca-certs/ValiCert_Class_2_VA.pem
@@ -209,7 +209,6 @@
 share/purple/ca-certs/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5_2.pem
 share/purple/ca-certs/VeriSign_International_Server_Class_3_CA.pem
 share/purple/ca-certs/Verisign_Class3_Primary_CA.pem
-share/purple/ca-certs/Verisign_RSA_Secure_Server_CA.pem
 share/sounds/purple/alert.wav
 share/sounds/purple/login.wav
 share/sounds/purple/logout.wav
diff -r 331293c371e1 -r 862f8913dc28 chat/libpurple/distinfo
--- a/chat/libpurple/distinfo   Fri Jan 31 05:49:25 2014 +0000
+++ b/chat/libpurple/distinfo   Fri Jan 31 06:32:16 2014 +0000
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.39 2013/07/17 09:41:06 fhajny Exp $
+$NetBSD: distinfo,v 1.40 2014/01/31 06:32:16 obache Exp $
 
-SHA1 (pidgin-2.10.7.tar.bz2) = 01bc06e3a5712dded3ad4a4913ada12a3cd01e15
-RMD160 (pidgin-2.10.7.tar.bz2) = 51827270c7b55ae134d4b70fc5a5845681d9c1d1
-Size (pidgin-2.10.7.tar.bz2) = 10069279 bytes
+SHA1 (pidgin-2.10.8.tar.bz2) = c8279082419eecba86c54312259e964eb2bc12e0
+RMD160 (pidgin-2.10.8.tar.bz2) = 91e09fe202b9146f11d3195a82817a8f2783b273
+Size (pidgin-2.10.8.tar.bz2) = 10050465 bytes
 SHA1 (patch-libpurple_plugins_perl_common_Makefile.PL.in) = 40326826000ed42e7570486f89f3196b58093d48
 SHA1 (patch-libpurple_protocols_gg_lib_libgadu.h) = 5756134e17ae2ce28d3555cd40354245e22a5bd6
diff -r 331293c371e1 -r 862f8913dc28 chat/pidgin-sametime/Makefile
--- a/chat/pidgin-sametime/Makefile     Fri Jan 31 05:49:25 2014 +0000
+++ b/chat/pidgin-sametime/Makefile     Fri Jan 31 06:32:16 2014 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.41 2013/05/31 12:39:41 wiz Exp $
+# $NetBSD: Makefile,v 1.42 2014/01/31 06:32:16 obache Exp $
 
 PKGNAME=       pidgin-sametime-${PIDGIN_VERSION}
-PKGREVISION=   1
 
 COMMENT=       Lotus Sametime plugin for the Pidgin instant messenger
 
diff -r 331293c371e1 -r 862f8913dc28 chat/pidgin-silc/Makefile
--- a/chat/pidgin-silc/Makefile Fri Jan 31 05:49:25 2014 +0000
+++ b/chat/pidgin-silc/Makefile Fri Jan 31 06:32:16 2014 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.44 2013/05/31 12:39:41 wiz Exp $
+# $NetBSD: Makefile,v 1.45 2014/01/31 06:32:16 obache Exp $
 
 PKGNAME=       pidgin-silc-${PIDGIN_VERSION}
-PKGREVISION=   1
 
 COMMENT=       SILC plugin for the Pidgin instant messenger
 
diff -r 331293c371e1 -r 862f8913dc28 chat/pidgin/Makefile
--- a/chat/pidgin/Makefile      Fri Jan 31 05:49:25 2014 +0000
+++ b/chat/pidgin/Makefile      Fri Jan 31 06:32:16 2014 +0000
@@ -1,12 +1,9 @@
-# $NetBSD: Makefile,v 1.58 2014/01/30 22:12:05 wiz Exp $
+# $NetBSD: Makefile,v 1.59 2014/01/31 06:32:16 obache Exp $
 
 COMMENT=               Multi-protocol Instant Messaging client GTK frontend
 
-PYTHON_VERSIONS_INCOMPATIBLE=  33 # not yet ported as of 2.10.7
-
 .include               "../../chat/libpurple/Makefile.common"
 
-PKGREVISION=           5
 USE_TOOLS+=            msgfmt intltool
 
 PKGCONFIG_OVERRIDE+=   gaim.pc.in



Home | Main Index | Thread Index | Old Index