Next | Query returned 93 messages, browsing 31 to 40 | Previous

History of commit frequency

CVS Commit History:


   2016-01-13 23:25:38 by Thomas Klausner | Files touched by this commit (14)
Log message:
Update pidgin/finch/libpurple to 2.10.12.

gstreamer is not an option any longer.

 version 2.10.12 (MM/DD/YY):

Windows-Specific Changes:

* Updates to dependencies:

* Cyrus SASL 2.1.26

* libxml2 2.9.2

* NSS 3.17.3 and NSPR 4.10.7

* Perl 5.20.1

* SILC 1.1.12

* Remove support for Tcl plugins

Gadu-Gadu:

* Updated internal libgadu to version 1.12.1.
   2015-06-12 12:52:19 by Thomas Klausner | Files touched by this commit (3152)
Log message:
Recursive PKGREVISION bump for all packages mentioning 'perl',
having a PKGNAME of p5-*, or depending such a package,
for perl-5.22.0.
   2014-12-07 09:45:59 by OBATA Akio | Files touched by this commit (12)
Log message:
Update pidgin to 2.10.11.

version 2.10.11 (11/23/14):
	General:
	* Fix handling of Self-Signed SSL/TLS Certificates when using the NSS
	  plugin (#16412)
	* Improve default cipher suites used with the NSS plugin (#16262)
	* Add NSS Preferences plugin which allows the SSL/TLS Versions and
	  cipher suites to be configured (#8061)

	Gadu-Gadu:
	* Fix a bug that prevented plugin to load when compiled without GnuTLS.
	  (mancha) (#16431)
	* Fix build for platforms without AF_LOCAL definition. (#16404)

	MSN:
	* Fix broken login due to server change (dx, TReKiE). (#16451, #16455)
	* Fail early when buddy list is unavailable instead of wasting bandwidth
	  endlessly re-trying.

version 2.10.10 (10/22/14):
	General:
	* Check the basic constraints extension when validating SSL/TLS
	  certificates. This fixes a security hole that allowed a malicious
	  man-in-the-middle to impersonate an IM server or any other https
	  endpoint. This affected both the NSS and GnuTLS plugins. (Discovered
	  by an anonymous person and Jacob Appelbaum of the Tor Project, with
	  thanks to Moxie Marlinspike for first publishing about this type of
	  vulnerability. Thanks to Kai Engert for guidance and for some of the
	  NSS changes) (CVE-2014-3694)
	* Allow and prefer TLS 1.2 and 1.1 when using the NSS plugin for SSL.
	  (Elrond and Ashish Gupta) (#15909)

	libpurple3 compatibility:
	* Encrypted account passwords are preserved until the new one is set.
	* Fix loading Google Talk and Facebook XMPP accounts.

	Windows-Specific Changes:
	* Don't allow overwriting arbitrary files on the file system when the
	  user installs a smiley theme via drag-and-drop. (Discovered by Yves
	  Younan of Cisco Talos) (CVE-2014-3697)
	* Updates to dependencies:
		* NSS 3.17.1 and NSPR 4.10.7

	Finch:
	* Fix build against Python 3. (Ed Catmur) (#15969)

	Gadu-Gadu:
	* Updated internal libgadu to version 1.12.0.

	Groupwise:
	* Fix potential remote crash parsing server message that indicates that
	  a large amount of memory should be allocated. (Discovered by Yves Younan
	  and Richard Johnson of Cisco Talos) (CVE-2014-3696)

	IRC:
	* Fix a possible leak of unencrypted data when using /me command
	  with OTR. (Thijs Alkemade) (#15750)

	MXit:
	* Fix potential remote crash parsing a malformed emoticon response.
	  (Discovered by Yves Younan and Richard Johnson of Cisco Talos)
	  (CVE-2014-3695)

	XMPP:
	* Fix potential information leak where a malicious XMPP server and
	  possibly even a malicious remote user could create a carefully crafted
	  XMPP message that causes libpurple to send an XMPP message containing
	  arbitrary memory. (Discovered and fixed by Thijs Alkemade and Paul
	  Aurich) (CVE-2014-3698)
	* Fix Facebook XMPP roster quirks. (#15041, #15957)

	Yahoo:
	* Fix login when using the GnuTLS library for TLS connections. (#16172)
   2014-05-30 01:38:20 by Thomas Klausner | Files touched by this commit (3049)
Log message:
Bump for perl-5.20.0.
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
   2014-01-31 07:32:16 by OBATA Akio | Files touched by this commit (8)
Log message:
Update pidin to 2.10.8.

version 2.10.8 (1/28/2014):
	General:
	* Python build scripts and example plugins are now compatible with
	  Python 3. (Ashish Gupta) (#15624)

	libpurple:
	* Fix potential crash if libpurple gets an error attempting to read a
	  reply from a STUN server. (Discovered by Coverity static analysis)
	  (CVE-2013-6484)
	* Fix potential crash parsing a malformed HTTP response. (Discovered by
	  Jacob Appelbaum of the Tor Project) (CVE-2013-6479)
	* Fix buffer overflow when parsing a malformed HTTP response with
	  chunked Transfer-Encoding. (Discovered by Matt Jones, Volvent)
	  (CVE-2013-6485)
	* Better handling of HTTP proxy responses with negative Content-Lengths.
	  (Discovered by Matt Jones, Volvent)
	* Fix handling of SSL certificates without subjects when using libnss.
	* Fix handling of SSL certificates with timestamps in the distant future
	  when using libnss. (#15586)
	* Impose maximum download size for all HTTP fetches.

	Pidgin:
	* Fix crash displaying tooltip of long URLs. (CVE-2013-6478)
	* Better handling of URLs longer than 1000 letters.
	* Fix handling of multibyte UTF-8 characters in smiley themes. (#15756)

	Windows-Specific Changes:
	* When clicking file:// links, show the file in Explorer rather than
	  attempting to run the file. This reduces the chances of a user
	  clicking on a link and mistakenly running a malicious file.
	  (Originally discovered by James Burton, Insomnia Security. Rediscovered
	  by Yves Younan of Sourcefire VRT.) (CVE-2013-6486)
	* Fix Tcl scripts. (#15520)
	* Fix crash-on-startup when ASLR is always on. (#15521)
	* Updates to dependencies:
		* NSS 3.15.4 and NSPR 4.10.2
		* Pango 1.29.4-1daa
			Patched for https://bugzilla.gnome.org/show_bug.cgi?id=668154

	AIM:
	* Fix untrusted certificate error.

	AIM and ICQ:
	* Fix a possible crash when receiving a malformed message in a Direct IM
	  session.

	Gadu-Gadu:
	* Fix buffer overflow with remote code execution potential. Only
	  triggerable by a Gadu-Gadu server or a man-in-the-middle.
	  (Discovered by Yves Younan and Ryan Pentney of Sourcefire VRT)
	  (CVE-2013-6487)
	* Disabled buddy list import/export from/to server (it didn't work
	  anymore). Buddy list synchronization will be implemented in 3.0.0.
	* Disabled new account registration and password change options, as it
	  didn't work either. Account registration also caused a crash. Both
	  functions are available using official Gadu-Gadu website.

	IRC:
	* Fix bug where a malicious server or man-in-the-middle could trigger
	  a crash by not sending enough arguments with various messages.
	  (Discovered by Daniel Atallah) (CVE-2014-0020)
	* Fix bug where initial IRC status would not be set correctly.
	* Fix bug where IRC wasn't available when libpurple was compiled with
	  Cyrus SASL support. (#15517)

	MSN:
	* Fix NULL pointer dereference parsing headers in MSN.
	  (Discovered by Fabian Yamaguchi and Christian Wressnegger of the
	  University of Goettingen) (CVE-2013-6482)
	* Fix NULL pointer dereference parsing OIM data in MSN.
	  (Discovered by Fabian Yamaguchi and Christian Wressnegger of the
	  University of Goettingen) (CVE-2013-6482)
	* Fix NULL pointer dereference parsing SOAP data in MSN.
	  (Discovered by Fabian Yamaguchi and Christian Wressnegger of the
	  University of Goettingen) (CVE-2013-6482)
	* Fix possible crash when sending very long messages. Not
	  remotely-triggerable. (Discovered by Matt Jones, Volvent)

	MXit:
	* Fix buffer overflow with remote code execution potential.
	  (Discovered by Yves Younan and Pawel Janic of Sourcefire VRT)
	  (CVE-2013-6487)
	* Fix sporadic crashes that can happen after user is disconnected.
	* Fix crash when attempting to add a contact via search results.
	* Show error message if file transfer fails.
	* Fix compiling with InstantBird.
	* Fix display of some custom emoticons.

	SILC:
	* Correctly set whiteboard dimensions in whiteboard sessions.

	SIMPLE:
	* Fix buffer overflow with remote code execution potential.
	  (Discovered by Yves Younan of Sourcefire VRT) (CVE-2013-6487)

	XMPP:
	* Prevent spoofing of iq replies by verifying that the 'from' address
	  matches the 'to' address of the iq request. (Discovered by Fabian
	  Yamaguchi and Christian Wressnegger of the University of Goettingen)
	  (CVE-2013-6483)
	* Fix crash on some systems when receiving fake delay timestamps with
	  extreme values. (Discovered by Jaime Breva Ribes) (CVE-2013-6477)
	* Fix possible crash or other erratic behavior when selecting a very
	  small file for your own buddy icon.
	* Fix crash if the user tries to initiate a voice/video session with a
	  resourceless JID.
	* Fix login errors when the first two available auth mechanisms fail but
	  a subsequent mechanism would otherwise work when using Cyrus SASL.
	  (#15524)
	* Fix dropping incoming stanzas on BOSH connections when we receive
	  multiple HTTP responses at once. (Issa Gorissen) (#15684)

	Yahoo!:
	* Fix possible crashes handling incoming strings that are not UTF-8.
	  (Discovered by Thijs Alkemade and Robert Vehse) (CVE-2012-6152)
	* Fix a bug reading a peer to peer message where a remote user could
	  trigger a crash. (CVE-2013-6481)

	Plugins:
	* Fix crash in contact availability plugin.
	* Fix perl function Purple::Network::ip_atoi
	* Add Unity integration plugin.
   2013-05-31 14:42:58 by Thomas Klausner | Files touched by this commit (2880)
Log message:
Bump all packages for perl-5.18, that
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package

Like last time, where this caused no complaints.
   2013-03-03 08:17:25 by OBATA Akio | Files touched by this commit (8)
Log message:
Update pidgin to 2.10.7.

version 2.10.7 (02/13/2013):
	Alien hatchery:
	* No changes

	General:
	* The configure script will now exit with status 1 when specifying
	  invalid protocol plugins using the --with-static-prpls and
	  --with-dynamic-prpls arguments. (Michael Fiedler) (#15316)

	libpurple:
	* Fix a crash when receiving UPnP responses with abnormally long values.
	  (CVE-2013-0274)
	* Don't link directly to libgcrypt when building with GnuTLS support.
	  (Bartosz Brachaczek) (#15329)
	* Fix UPnP mappings on routers that return empty <URLBase/> elements
	  in their response. (Ferdinand Stehle) (#15373)
	* Tcl plugin uses saner, race-free plugin loading.
	* Fix the Tcl signals-test plugin for savedstatus-changed.
	  (Andrew Shadura) (#15443)

	Pidgin:
	* Make Pidgin more friendly to non-X11 GTK+, such as MacPorts' +no_x11
	  variant.

	Gadu-Gadu:
	* Fix a crash at startup with large contact list. Avatar support for
	  buddies will be disabled until 3.0.0. (#15226, #14305)

	IRC:
	* Support for SASL authentication. (Thijs Alkemade, Andy Spencer)
	  (#13270)
	* Print topic setter information at channel join. (#13317)

	MSN:
	* Fix SSL certificate issue when signing into MSN for some users.
	* Fix a crash when removing a user before its icon is loaded. (Mark
	  Barfield) (#15217)

	MXit:
	* Fix a bug where a remote MXit user could possibly specify a local
	  file path to be written to. (CVE-2013-0271)
	* Fix a bug where the MXit server or a man-in-the-middle could
	  potentially send specially crafted data that could overflow a buffer
	  and lead to a crash or remote code execution. (CVE-2013-0272)
	* Display farewell messages in a different colour to distinguish
	  them from normal messages.
	* Add support for typing notification.
	* Add support for the Relationship Status profile attribute.
	* Remove all reference to Hidden Number.
	* Ignore new invites to join a GroupChat if you're already joined, or
	  still have a pending invite.
	* The buddy's name was not centered vertically in the buddy-list if they
	  did not have a status-message or mood set.
	* Fix decoding of font-size changes in the markup of received messages.
	* Increase the maximum file size that can be transferred to 1 MB.
	* When setting an avatar image, no longer downscale it to 96x96.

	Sametime:
	* Fix a crash in Sametime when a malicious server sends us an abnormally
	  long user ID. (CVE-2013-0273)

	Yahoo!:
	* Fix a double-free in profile/picture loading code. (Mihai Serban)
	  (#15053)
	* Fix retrieving server-side buddy aliases. (Catalin Salgu) (#15381)

	Plugins:
	* The Voice/Video Settings plugin supports using the sndio GStreamer
	  backends. (Brad Smith) (#14414)
	* Fix a crash in the Contact Availability Detection plugin. (Mark)
	  (#15327)
	* Make the Message Notification plugin more friendly to non-X11 GTK+,
	  such as MacPorts' +no_x11 variant.
   2013-02-16 12:25:34 by Thomas Klausner | Files touched by this commit (1885)
Log message:
Recursive bump for png-1.6.
   2013-01-26 22:39:22 by Adam Ciarcinski | Files touched by this commit (1280)
Log message:
Revbump after graphics/jpeg and textproc/icu
   2012-12-15 11:36:35 by Ryo ONODERA | Files touched by this commit (80)
Log message:
Bump PKGREVISION from devel/nss 3.14.0.

Next | Query returned 93 messages, browsing 31 to 40 | Previous