Hello community, here is the log from the commit of package pidgin for openSUSE:Factory checked in at 2014-02-02 07:37:01 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/pidgin (Old) and /work/SRC/openSUSE:Factory/.pidgin.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pidgin" Changes: -------- --- /work/SRC/openSUSE:Factory/pidgin/pidgin.changes 2014-01-28 12:03:43.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.pidgin.new/pidgin.changes 2014-02-02 07:37:02.000000000 +0100 @@ -1,0 +2,93 @@ +Wed Jan 29 20:55:39 UTC 2014 - [email protected] + +- Update to version 2.10.8: + + General: Python build scripts and example plugins are now + compatible with Python 3 (pidgin.im#15624). + + libpurple: + - Fix potential crash if libpurple gets an error attempting to + read a reply from a STUN server (CVE-2013-6484). + - Fix potential crash parsing a malformed HTTP response + (CVE-2013-6479). + - Fix buffer overflow when parsing a malformed HTTP response + with chunked Transfer-Encoding (CVE-2013-6485). + - Better handling of HTTP proxy responses with negative + Content-Lengths. + - Fix handling of SSL certificates without subjects when + using libnss. + - Fix handling of SSL certificates with timestamps in the + distant future when using libnss (pidgin.im#15586). + - Impose maximum download size for all HTTP fetches. + + Pidgin: + - Fix crash displaying tooltip of long URLs (CVE-2013-6478). + - Better handling of URLs longer than 1000 letters. + - Fix handling of multibyte UTF-8 characters in smiley themes + (pidgin.im#15756). + + AIM: Fix untrusted certificate error. + + AIM and ICQ: Fix a possible crash when receiving a malformed + message in a Direct IM session. + + Gadu-Gadu: + - Fix buffer overflow with remote code execution potential. + Only triggerable by a Gadu-Gadu server or a + man-in-the-middle (CVE-2013-6487). + - Disabled buddy list import/export from/to server. + - Disabled new account registration and password change + options. + + IRC: + - Fix bug where a malicious server or man-in-the-middle + could trigger a crash by not sending enough arguments with + various messages (CVE-2014-0020). + - Fix bug where initial IRC status would not be set correctly. + - Fix bug where IRC wasn't available when libpurple was + compiled with Cyrus SASL support (pidgin.im#15517). + + MSN: + - Fix NULL pointer dereference parsing headers in MSN + (CVE-2013-6482). + - Fix NULL pointer dereference parsing OIM data in MSN + (CVE-2013-6482). + - Fix NULL pointer dereference parsing SOAP data in MSN + (CVE-2013-6482). + - Fix possible crash when sending very long messages. Not + remotely-triggerable. + + MXit: + - Fix buffer overflow with remote code execution potential + (CVE-2013-6487). + - Fix sporadic crashes that can happen after user is + disconnected. + - Fix crash when attempting to add a contact via search + results. + - Show error message if file transfer fails. + - Fix compiling with InstantBird. + - Fix display of some custom emoticons. + + SILC: Correctly set whiteboard dimensions in whiteboard + sessions. + + SIMPLE: Fix buffer overflow with remote code execution + potential (CVE-2013-6487). + + XMPP: + - Prevent spoofing of iq replies by verifying that the + 'from' address matches the 'to' address of the iq request + (CVE-2013-6483). + - Fix crash on some systems when receiving fake delay + timestamps with extreme values (CVE-2013-6477). + - Fix possible crash or other erratic behavior when selecting a + very small file for your own buddy icon. + - Fix crash if the user tries to initiate a voice/video session + with a resourceless JID. + - Fix login errors when the first two available auth mechanisms + fail but a subsequent mechanism would otherwise work when + using Cyrus SASL (pidgin.im#15524). + - Fix dropping incoming stanzas on BOSH connections when we + receive multiple HTTP responses at once (pidgin.im#15684). + + Yahoo!: + - Fix possible crashes handling incoming strings that are not + UTF-8 (CVE-2012-6152). + - Fix a bug reading a peer to peer message where a remote user + could trigger a crash (CVE-2013-6481). + + Plugins: + - Fix crash in contact availability plugin. + - Fix perl function Purple::Network::ip_atoi. + - Add Unity integration plugin. + + Windows specific fixes: (CVE-2013-6486, pidgin.im#15520, + pidgin.im#15521, bgo#668154). +- Drop pidgin-irc-sasl.patch, fixed upstream. + +------------------------------------------------------------------- Old: ---- pidgin-2.10.7.tar.bz2 pidgin-irc-sasl.patch New: ---- pidgin-2.10.8.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pidgin.spec ++++++ --- /var/tmp/diff_new_pack.OZbIqw/_old 2014-02-02 07:37:03.000000000 +0100 +++ /var/tmp/diff_new_pack.OZbIqw/_new 2014-02-02 07:37:03.000000000 +0100 @@ -28,11 +28,11 @@ Summary: Multiprotocol Instant Messaging Client License: GPL-2.0+ Group: Productivity/Networking/Instant Messenger -Version: 2.10.7 +Version: 2.10.8 Release: 0 # FIXME: Remove unconditional --disable-vv parameter from configure once pidgin is ported to farstream 0.2 Url: http://www.pidgin.im/ -Source: http://downloads.sourceforge.net/project/pidgin/Pidgin/%{version}/%{name}-%{version}.tar.bz2 +Source: http://downloads.sourceforge.net/project/pidgin/Pidgin/2.10.8/%{name}-%{version}.tar.bz2 Source1: pidgin-NLD-smiley-theme.tar.bz2 Source2: pidgin-Tango-smiley-theme.tar.bz2 Source3: pidgin-prefs.xml @@ -44,8 +44,6 @@ Patch14: pidgin-mono-buildfix.patch # PATCH-FIX-OPENSUSE pidgin-fix-perl-build.patch [email protected] -- Revert http://developer.pidgin.im/viewmtn/revision/info/f32151852a00fb5abd3fdccdd8df2419031666de as it breaks the build Patch15: pidgin-fix-perl-build.patch -# PATCH-FIX-UPSTREAM pidgin-irc-sasl.patch https://developer.pidgin.im/ticket/15517 bnc#806975 [email protected] -- Link IRC module to sasl -Patch16: pidgin-irc-sasl.patch # PATCH-FEATURE-UPSTREAM pidgin-gstreamer1.patch https://developer.pidgin.im/ticket/15386 [email protected] -- Port to GStreamer 1.0 Patch17: pidgin-gstreamer1.patch # Can use external libzephyr @@ -402,7 +400,6 @@ %patch5 -p1 %patch14 -p1 %patch15 -p1 -%patch16 -p1 %if 0%{?suse_version} >= 1310 %patch17 -p1 %endif ++++++ pidgin-2.10.7.tar.bz2 -> pidgin-2.10.8.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/pidgin/pidgin-2.10.7.tar.bz2 /work/SRC/openSUSE:Factory/.pidgin.new/pidgin-2.10.8.tar.bz2 differ: char 11, line 1 -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
