CVS commit: pkgsrc/chat

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/chat
From: "OBATA Akio" <obache%netbsd.org@localhost>
Date: Sun, 7 Dec 2014 08:45:59 +0000

Module Name:    pkgsrc
Committed By:   obache
Date:           Sun Dec  7 08:45:59 UTC 2014

Modified Files:
        pkgsrc/chat/finch: Makefile
        pkgsrc/chat/libpurple: Makefile Makefile.common PLIST distinfo
            options.mk
        pkgsrc/chat/pidgin: Makefile PLIST
        pkgsrc/chat/pidgin-sametime: Makefile
        pkgsrc/chat/pidgin-silc: Makefile
Added Files:
        pkgsrc/chat/libpurple/patches: patch-libpurple_protocols_mxit_profile.c
Removed Files:
        pkgsrc/chat/libpurple/patches:
            patch-libpurple_protocols_gg_lib_libgadu.h

Log Message:
Update pidgin to 2.10.11.

version 2.10.11 (11/23/14):
        General:
        * Fix handling of Self-Signed SSL/TLS Certificates when using the NSS
          plugin (#16412)
        * Improve default cipher suites used with the NSS plugin (#16262)
        * Add NSS Preferences plugin which allows the SSL/TLS Versions and
          cipher suites to be configured (#8061)

        Gadu-Gadu:
        * Fix a bug that prevented plugin to load when compiled without GnuTLS.
          (mancha) (#16431)
        * Fix build for platforms without AF_LOCAL definition. (#16404)

        MSN:
        * Fix broken login due to server change (dx, TReKiE). (#16451, #16455)
        * Fail early when buddy list is unavailable instead of wasting bandwidth
          endlessly re-trying.

version 2.10.10 (10/22/14):
        General:
        * Check the basic constraints extension when validating SSL/TLS
          certificates. This fixes a security hole that allowed a malicious
          man-in-the-middle to impersonate an IM server or any other https
          endpoint. This affected both the NSS and GnuTLS plugins. (Discovered
          by an anonymous person and Jacob Appelbaum of the Tor Project, with
          thanks to Moxie Marlinspike for first publishing about this type of
          vulnerability. Thanks to Kai Engert for guidance and for some of the
          NSS changes) (CVE-2014-3694)
        * Allow and prefer TLS 1.2 and 1.1 when using the NSS plugin for SSL.
          (Elrond and Ashish Gupta) (#15909)

        libpurple3 compatibility:
        * Encrypted account passwords are preserved until the new one is set.
        * Fix loading Google Talk and Facebook XMPP accounts.

        Windows-Specific Changes:
        * Don't allow overwriting arbitrary files on the file system when the
          user installs a smiley theme via drag-and-drop. (Discovered by Yves
          Younan of Cisco Talos) (CVE-2014-3697)
        * Updates to dependencies:
                * NSS 3.17.1 and NSPR 4.10.7

        Finch:
        * Fix build against Python 3. (Ed Catmur) (#15969)

        Gadu-Gadu:
        * Updated internal libgadu to version 1.12.0.

        Groupwise:
        * Fix potential remote crash parsing server message that indicates that
          a large amount of memory should be allocated. (Discovered by Yves Younan
          and Richard Johnson of Cisco Talos) (CVE-2014-3696)

        IRC:
        * Fix a possible leak of unencrypted data when using /me command
          with OTR. (Thijs Alkemade) (#15750)

        MXit:
        * Fix potential remote crash parsing a malformed emoticon response.
          (Discovered by Yves Younan and Richard Johnson of Cisco Talos)
          (CVE-2014-3695)

        XMPP:
        * Fix potential information leak where a malicious XMPP server and
          possibly even a malicious remote user could create a carefully crafted
          XMPP message that causes libpurple to send an XMPP message containing
          arbitrary memory. (Discovered and fixed by Thijs Alkemade and Paul
          Aurich) (CVE-2014-3698)
        * Fix Facebook XMPP roster quirks. (#15041, #15957)

        Yahoo:
        * Fix login when using the GnuTLS library for TLS connections. (#16172)


To generate a diff of this commit:
cvs rdiff -u -r1.59 -r1.60 pkgsrc/chat/finch/Makefile
cvs rdiff -u -r1.67 -r1.68 pkgsrc/chat/libpurple/Makefile
cvs rdiff -u -r1.42 -r1.43 pkgsrc/chat/libpurple/Makefile.common
cvs rdiff -u -r1.29 -r1.30 pkgsrc/chat/libpurple/PLIST
cvs rdiff -u -r1.41 -r1.42 pkgsrc/chat/libpurple/distinfo
cvs rdiff -u -r1.27 -r1.28 pkgsrc/chat/libpurple/options.mk
cvs rdiff -u -r1.1 -r0 \
    pkgsrc/chat/libpurple/patches/patch-libpurple_protocols_gg_lib_libgadu.h
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/chat/libpurple/patches/patch-libpurple_protocols_mxit_profile.c
cvs rdiff -u -r1.62 -r1.63 pkgsrc/chat/pidgin/Makefile
cvs rdiff -u -r1.21 -r1.22 pkgsrc/chat/pidgin/PLIST
cvs rdiff -u -r1.43 -r1.44 pkgsrc/chat/pidgin-sametime/Makefile
cvs rdiff -u -r1.46 -r1.47 pkgsrc/chat/pidgin-silc/Makefile

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/chat/libpurple
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/chat/libpurple
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index