Path to this page:
Next | Query returned 1 messages, browsing 1 to 10 | previous
CVS Commit History:
2017-03-24 00:50:14 by Benny Siegert | Files touched by this commit (11) | |
Log message:
Pullup ticket #5224 - requested by khorben
chat/libpurple: security fix
Revisions pulled up:
- chat/finch/Makefile 1.67
- chat/libpurple/Makefile 1.80
- chat/libpurple/Makefile.common 1.47-1.48
- chat/libpurple/PLIST 1.32-1.33
- chat/libpurple/buildlink3.mk 1.43
- chat/libpurple/distinfo 1.47-1.49
- chat/libpurple/patches/patch-libpurple_protocols_mxit_profile.c deleted
- chat/pidgin-sametime/Makefile 1.48
- chat/pidgin-silc/Makefile 1.51
- chat/pidgin/Makefile 1.70
- chat/pidgin/PLIST 1.23-1.24
---
Module Name: pkgsrc
Committed By: khorben
Date: Sat Mar 11 03:02:40 UTC 2017
Modified Files:
pkgsrc/chat/libpurple: Makefile.common PLIST buildlink3.mk distinfo
pkgsrc/chat/pidgin: PLIST
Log message:
Update chat/{libpurple,pidgin} to version 2.11.0
version 2.11.0 (06/21/2016):
General:
* 2.10.12 was accidentally released with new additions to the API and
should have been released as 2.11.0. Unfortunately, we did not catch
the mistake until after 2.10.12 was released, but we're fixing it now.
See ChangeLog.API for more information.
* Include the Mozilla certificate bundle. This fixes connecting to servers
with certificates from Let's Encrypt.
* Remove all 1024-bit CAs
libpurple:
* media: fix an issue with ximagesink displaying only a corner cut-out of
a larger webcam video (Jakub Adam)
* mediamanager: update output window destruction so that it reflects recent
changes in the media pipeline structure (Jakub Adam)
* Ported Instantbird's CommandUiOps to libpurple (Dequis)
Pidgin:
* Fixed #14962
* Fixed alignment of incoming right-to-left messages in protocols that
don't support rich text
* Fix a potential crash while exiting pidgin
Windows-Specific Changes:
* Use getaddrinfo for DNS to enable IPv6 (#1075)
* Updates to dependencies:
* NSS 3.24 and NSPR 4.12.
AIM:
* Add support for the newer kerberos-based authentication of AIM 8.x
Bonjour
* Fixed building on Mac OSX (Patrick Cloke) (#16883)
ICQ:
* Stop truncating passwords to 8 characters like old ICQ clients did.
(#16692). If you actually needed this, truncate your password
manually by pressing backspace a few times.
IRC:
* Base64-decode SASL messages before passing to libsasl (#16268)
MXit
* Fixed a buffer overflow. Discovered by Yves Younan of Cisco Talos.
(TALOS-CAN-0120)
* Fixed a remote out-of-bounds read. Discovered by Yves Younan of Cisco
Talos. (TALOS-CAN-0140)
* Fixed a remote out-of-band read. Discovered by Yves Younan of Cisco
Talos. (TALOS-CAN-0138, TALOS-CAN-0135)
* Fixed an invalid read. Discovered by Yves Younan of Cisco Talos
(TALOS-CAN-0118)
* Fixed a remote buffer overflow vulnerability. Discovered by Yves
Younan of Cisco Talos. (TALOS-CAN-0119)
* Fixed an out-of-bounds read discovered by Yves Younan of Cisco Talos.
(TALOS-CAN-0123)
* Fixed a directory traversal issue. Discovered by Yves Younan of Cisco
Talos (TALOS-CAN-0128)
* Fixed a remote denial of service vulnerability that could result in
a null pointer dereference. Discovered by Yves Younan of Cisco Talos.
(TALOS-CAN-0133)
* Fixed a remote denial of service that could result in an out-of-bounds
read. Discovered by Yves Younan of Cisco Talos (TALOS-CAN-0134)
* Fixed multiple remote buffer overflows. Discovered by Yves Younan of
Cisco Talos. (TALOS-CAN-0136)
* Fixed a remote NULL pointer dereference. Discovered by Yves Younan of
Cisco Talos (TALOS-CAN-0137)
* Fixed a remote code execution issue discovered by Yves Younan of Cisco
Talos. (TALOS-CAN-0142)
* Fixed a remote denial of service vulnerability in contact mood
handling. Discovered by Yves Younan of Cisco Talos (TALOS-CAN-0141)
* Fixed a remote out-of-bounds write vulnerability. Discovered by Yves
Younan of Cisco Talos. (TALOS-CAN-0139)
* Fix a remote out-of-bounds read. Discovered by Yves Younan of Cisco
Talos. (TALOS-CAN-0143)
---
Module Name: pkgsrc
Committed By: wiz
Date: Sat Mar 11 07:15:25 UTC 2017
Modified Files:
pkgsrc/chat/finch: Makefile
pkgsrc/chat/libpurple: Makefile
pkgsrc/chat/pidgin: Makefile
pkgsrc/chat/pidgin-sametime: Makefile
pkgsrc/chat/pidgin-silc: Makefile
Log message:
Reset PKGREVISION after update.
---
Module Name: pkgsrc
Committed By: khorben
Date: Mon Mar 20 18:42:51 UTC 2017
Modified Files:
pkgsrc/chat/libpurple: Makefile.common PLIST distinfo
pkgsrc/chat/pidgin: PLIST
Removed Files:
pkgsrc/chat/libpurple/patches: patch-libpurple_protocols_mxit_profile.c
Log message:
Update chat/{libpurple,pidgin} to version 2.12.0
version 2.12.0 (03/09/2017):
libpurple:
* Fix an out of bounds memory read in purple_markup_unescape_entity.
CVE-2017-2640
* Fix use of uninitialised memory if running non-debug-enabled versions
of glib
* Updated AIM dev and dist ID's to new ones that were assigned by AOL.
* TLS certificate verification now uses SHA-256 checksums.
* Fixed SASL external auth for Freenode.
* Removed the MSN protocol plugin. It has been unusable and dormant for
some
time. MSNP18 has been discontinued and the protocol plugin would
require a
large update to start working again. See: http://ismsndeadyet.com/ The
third-party Pidgin SkypeWeb plugin, however, should provide enough
functionality as a replacement if people still want to use MSN:
https://github.com/EionRobb/skype4pidgin/tree/master/skypeweb
* Removed Mxit protocol plugin. The service was closed at the end of
September 2016. See
https://pidgin.im/pipermail/devel/2016-September/024078.htm
* Removed the MySpaceIM protocol plugin. The service has been defunct for a
long time. (#15356)
* Remove the Yahoo! protocol plugin. Yahoo has completely
reimplemented their protocol, so this version is no longer operable as
of August 5th, 2016:
https://yahoo.tumblr.com/post/145715934739/q2-2016-progress-report-on-our-product
A new protocol plugin has been written to support the new protocol.
It can be found here: https://github.com/EionRobb/funyahoo-plusplus
This also removes support for Yahoo! Japan. According to
http://messenger.yahoo.co.jp/ the service ended March 26th, 2014.
* Remove the Facebook (XMPP) account option. According to
https://developers.facebook.com/docs/chat the XMPP Chat API service
ended April 30th, 2015. A new protocol plugin has been written,
using a different method, to support Facebook. It can be found at
https://github.com/dequis/purple-facebook/wiki
* Fixed gnutls certificate validation errors that mainly affected
google (Dequis)
General
* Replaced instances of d.pidgin.im with developer.pidgin.im and
updated the
urls to use https. (#17036)
IRC
* Fixed issue of messages being silently cut off at 500 characters. Large
messages are now split into parts and sent one by one. (#4753)
---
Module Name: pkgsrc
Committed By: joerg
Date: Wed Mar 22 09:46:11 UTC 2017
Modified Files:
pkgsrc/chat/libpurple: distinfo
Log message:
Regenerate to match actual patches.
|
Next | Query returned 1 messages, browsing 1 to 10 | previous