Subject: CVS commit: [pkgsrc-2016Q4] pkgsrc/chat
From: Benny Siegert
Date: 2017-03-24 00:50:14
Message id: 20170323235015.251F8FBE4@cvs.NetBSD.org

Log Message:
Pullup ticket #5224 - requested by khorben
chat/libpurple: security fix

Revisions pulled up:
- chat/finch/Makefile                                           1.67
- chat/libpurple/Makefile                                       1.80
- chat/libpurple/Makefile.common                                1.47-1.48
- chat/libpurple/PLIST                                          1.32-1.33
- chat/libpurple/buildlink3.mk                                  1.43
- chat/libpurple/distinfo                                       1.47-1.49
- chat/libpurple/patches/patch-libpurple_protocols_mxit_profile.c deleted
- chat/pidgin-sametime/Makefile                                 1.48
- chat/pidgin-silc/Makefile                                     1.51
- chat/pidgin/Makefile                                          1.70
- chat/pidgin/PLIST                                             1.23-1.24

---
   Module Name:	pkgsrc
   Committed By:	khorben
   Date:		Sat Mar 11 03:02:40 UTC 2017

   Modified Files:
   	pkgsrc/chat/libpurple: Makefile.common PLIST buildlink3.mk distinfo
   	pkgsrc/chat/pidgin: PLIST

   Log Message:
   Update chat/{libpurple,pidgin} to version 2.11.0

   version 2.11.0 (06/21/2016):
   	General:
   	* 2.10.12 was accidentally released with new additions to the API and
   	  should have been released as 2.11.0.  Unfortunately, we did not catch
   	  the mistake until after 2.10.12 was released, but we're fixing it now.
   	  See ChangeLog.API for more information.
   	* Include the Mozilla certificate bundle. This fixes connecting to servers
   	  with certificates from Let's Encrypt.
   	* Remove all 1024-bit CAs

   	libpurple:
   	* media: fix an issue with ximagesink displaying only a corner cut-out of
   	  a larger webcam video (Jakub Adam)
   	* mediamanager: update output window destruction so that it reflects recent
   	  changes in the media pipeline structure (Jakub Adam)
   	* Ported Instantbird's CommandUiOps to libpurple (Dequis)

   	Pidgin:
   	* Fixed #14962
   	* Fixed alignment of incoming right-to-left messages in protocols that
   	  don't support rich text
   	* Fix a potential crash while exiting pidgin

   	Windows-Specific Changes:
   	* Use getaddrinfo for DNS to enable IPv6 (#1075)
   	* Updates to dependencies:
   		* NSS 3.24 and NSPR 4.12.

   	AIM:
   	* Add support for the newer kerberos-based authentication of AIM 8.x

   	Bonjour
   	* Fixed building on Mac OSX (Patrick Cloke) (#16883)

   	ICQ:
   	* Stop truncating passwords to 8 characters like old ICQ clients did.
   	  (#16692). If you actually needed this, truncate your password
   	  manually by pressing backspace a few times.

   	IRC:
   	* Base64-decode SASL messages before passing to libsasl (#16268)

   	MXit
   	* Fixed a buffer overflow.  Discovered by Yves Younan of Cisco Talos.
   	  (TALOS-CAN-0120)
   	* Fixed a remote out-of-bounds read.  Discovered by Yves Younan of Cisco
   	  Talos.  (TALOS-CAN-0140)
   	* Fixed a remote out-of-band read.  Discovered by Yves Younan of Cisco
   	  Talos.  (TALOS-CAN-0138, TALOS-CAN-0135)
   	* Fixed an invalid read.  Discovered by Yves Younan of Cisco Talos
   	  (TALOS-CAN-0118)
   	* Fixed a remote buffer overflow vulnerability.  Discovered by Yves
   	  Younan of Cisco Talos.  (TALOS-CAN-0119)
   	* Fixed an out-of-bounds read discovered by Yves Younan of Cisco Talos.
   	  (TALOS-CAN-0123)
   	* Fixed a directory traversal issue.  Discovered by Yves Younan of Cisco
   	  Talos (TALOS-CAN-0128)
   	* Fixed a remote denial of service vulnerability that could result in
   	  a null pointer dereference.  Discovered by Yves Younan of Cisco Talos.
   	  (TALOS-CAN-0133)
   	* Fixed a remote denial of service that could result in an out-of-bounds
   	  read.  Discovered by Yves Younan of Cisco Talos (TALOS-CAN-0134)
   	* Fixed multiple remote buffer overflows.  Discovered by Yves Younan of
   	  Cisco Talos.  (TALOS-CAN-0136)
   	* Fixed a remote NULL pointer dereference.  Discovered by Yves Younan of
   	  Cisco Talos (TALOS-CAN-0137)
   	* Fixed a remote code execution issue discovered by Yves Younan of Cisco
   	  Talos.  (TALOS-CAN-0142)
   	* Fixed a remote denial of service vulnerability in contact mood
   	  handling.  Discovered by Yves Younan of Cisco Talos (TALOS-CAN-0141)
   	* Fixed a remote out-of-bounds write vulnerability.  Discovered by Yves
   	  Younan of Cisco Talos. (TALOS-CAN-0139)
   	* Fix a remote out-of-bounds read.  Discovered by Yves Younan of Cisco
   	  Talos.  (TALOS-CAN-0143)

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Sat Mar 11 07:15:25 UTC 2017

   Modified Files:
   	pkgsrc/chat/finch: Makefile
   	pkgsrc/chat/libpurple: Makefile
   	pkgsrc/chat/pidgin: Makefile
   	pkgsrc/chat/pidgin-sametime: Makefile
   	pkgsrc/chat/pidgin-silc: Makefile

   Log Message:
   Reset PKGREVISION after update.

---
   Module Name:	pkgsrc
   Committed By:	khorben
   Date:		Mon Mar 20 18:42:51 UTC 2017

   Modified Files:
   	pkgsrc/chat/libpurple: Makefile.common PLIST distinfo
   	pkgsrc/chat/pidgin: PLIST
   Removed Files:
   	pkgsrc/chat/libpurple/patches: patch-libpurple_protocols_mxit_profile.c

   Log Message:
   Update chat/{libpurple,pidgin} to version 2.12.0

   version 2.12.0 (03/09/2017):
   	libpurple:
   	* Fix an out of bounds memory read in purple_markup_unescape_entity.
   	  CVE-2017-2640
   	* Fix use of uninitialised memory if running non-debug-enabled versions
   of glib
   	* Updated AIM dev and dist ID's to new ones that were assigned by AOL.
   	* TLS certificate verification now uses SHA-256 checksums.
   	* Fixed SASL external auth for Freenode.
   	* Removed the MSN protocol plugin. It has been unusable and dormant for
   some
   	  time. MSNP18 has been discontinued and the protocol plugin would
   require a
   	  large update to start working again. See: http://ismsndeadyet.com/ The
   	  third-party Pidgin SkypeWeb plugin, however, should provide enough
   	  functionality as a replacement if people still want to use MSN:
   	  https://github.com/EionRobb/skype4pidgin/tree/master/skypeweb
   	* Removed Mxit protocol plugin. The service was closed at the end of
   	  September 2016. See
   	  https://pidgin.im/pipermail/devel/2016-September/024078.htm
   	* Removed the MySpaceIM protocol plugin. The service has been defunct for a
   	  long time. (#15356)
   	* Remove the Yahoo! protocol plugin. Yahoo has completely
   	  reimplemented their protocol, so this version is no longer operable as
   	  of August 5th, 2016:

   https://yahoo.tumblr.com/post/145715934739/q2-2016-progress-report-on-our-product
   	  A new protocol plugin has been written to support the new protocol.
   	  It can be found here: https://github.com/EionRobb/funyahoo-plusplus
   	  This also removes support for Yahoo! Japan. According to
   	  http://messenger.yahoo.co.jp/ the service ended March 26th, 2014.
   	* Remove the Facebook (XMPP) account option. According to
   	  https://developers.facebook.com/docs/chat the XMPP Chat API service
   	  ended April 30th, 2015. A new protocol plugin has been written,
   	  using a different method, to support Facebook. It can be found at
   	  https://github.com/dequis/purple-facebook/wiki
   	* Fixed gnutls certificate validation errors that mainly affected
   google (Dequis)

   	General
   	* Replaced instances of d.pidgin.im with developer.pidgin.im and
   updated the
   	  urls to use https. (#17036)

   	IRC
   	* Fixed issue of messages being silently cut off at 500 characters. Large
   	  messages are now split into parts and sent one by one. (#4753)

---
   Module Name:	pkgsrc
   Committed By:	joerg
   Date:		Wed Mar 22 09:46:11 UTC 2017

   Modified Files:
   	pkgsrc/chat/libpurple: distinfo

   Log Message:
   Regenerate to match actual patches.

Files:
RevisionActionfile
1.66.2.1modifypkgsrc/chat/finch/Makefile
1.77.4.1modifypkgsrc/chat/libpurple/Makefile
1.46.8.1modifypkgsrc/chat/libpurple/Makefile.common
1.31.8.1modifypkgsrc/chat/libpurple/PLIST
1.42.8.1modifypkgsrc/chat/libpurple/buildlink3.mk
1.46.4.1modifypkgsrc/chat/libpurple/distinfo
1.67.4.1modifypkgsrc/chat/pidgin/Makefile
1.22.18.1modifypkgsrc/chat/pidgin/PLIST
1.47.4.1modifypkgsrc/chat/pidgin-sametime/Makefile
1.50.4.1modifypkgsrc/chat/pidgin-silc/Makefile
1.2removepkgsrc/chat/libpurple/patches/patch-libpurple_protocols_mxit_profile.c