Subject: CVS commit: [pkgsrc-2022Q2] pkgsrc/chat
From: S.P.Zeidler
Date: 2022-07-27 21:05:37
Message id: 20220727190537.B6332FB1A@cvs.NetBSD.org

Log Message:
Pullup ticket #6659 - requested by khorben
chat/libpurple: security update
chat/finch: security update
chat/pidgin: security update
chat/pidgin-sametime: security update
chat/pidgin-silc: security update

Revisions pulled up:
- chat/finch/Makefile                                           1.87
- chat/libpurple/Makefile                                       1.117
- chat/libpurple/Makefile.common                                1.56
- chat/libpurple/distinfo                                       1.56
- chat/pidgin-sametime/Makefile                                 1.67
- chat/pidgin-silc/Makefile                                     1.70
- chat/pidgin/Makefile                                          1.97
- chat/pidgin/PLIST                                             1.27

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   khorben
   Date:           Wed Jul 20 02:14:13 UTC 2022

   Modified Files:
           pkgsrc/chat/finch: Makefile
           pkgsrc/chat/libpurple: Makefile Makefile.common distinfo
           pkgsrc/chat/pidgin: Makefile PLIST
           pkgsrc/chat/pidgin-sametime: Makefile
           pkgsrc/chat/pidgin-silc: Makefile

   Log Message:
   libpurple, finch, pidgin: update to 2.14.10

   This notably fixes security issues (CVE-2012-1257, CVE-2022-26491).

   Tested on NetBSD/amd64.

   XXX pull-up to the pkgsrc-2022Q2 branch

   The complete changelog for the new versions is reproduced here:

   version 2.14.10 (06/02/2022):
    General:
    * Audit and correct the COPYRIGHT file. (RR 1425) (Richard Laager)
    * Fix a spelling error in a debug message for proxies. (RR 1426) (Richard
      Laager)
    * Install some emojis already in the theme but not being installed.
      (RR 1428) (Richard Laager)
    * Drop the QQ smileys as we don't ship QQ anymore. (PIDGIN-14385) (RR 1429)
      (Richard Laager)
    * Modernize the desktop file. (RR 1433) (Richard Laager)
    * Modernize the appdata file. (RR 1431) (Richard Laager)
    * Make privacy settings persist. (PIDGIN-17137) (RR 1463) (Belgin Știrbu)

    Pidgin:
    * Fix a use after free that was introduced in 2.14.9. (RR 1488) (ivanhoe)

    IRC:
    * Fix a crash if the server sends a short form JOIN message. (PIDGIN-17375)
      (RR 1484) (Belgin Știrbu)

    XMPP:
    * Fix a regression from 2.14.9 where XMPP accounts state would get lost
      after failing to connect. (PIDGIN-17621) (RR 1455) (Belgin Știrbu)
    * Fix a crash when requesting your own info in an XMPP conference. (RR 1465)
      (Belgin Știrbu)
    * Fix hang when completing a file transfer over XMPP. (RR 1466) (Belgin
      Știrbu)
    * Fix updating custom smileys. (PIDGIN-17153) (RR 1477) (Belgin Știrbu)
    * Fix unblocking users. (PIDGIN-16414) (RR 1479) (Belgin Știrbu)
    * Fix a crash when cancelling a file transfer. (PIDGIN-17189) (RR 1485)
      (Belgin Știrbu)

   version 2.14.9 (04/28/2022):
    Security:
    * Remove _xmppconnect support. (RR 1357) (CVE-2022-26491) (Gary Kramlich)

    libpurple:
    * Fix a GLib CRITICAL message with typing time outs. (RR 1123) (Mohammed
      Sadiq)
    * Fix an issue where the unit tests for purple_str_to_time would fail.
      (GENTOO-819774) (RR 1238) (Gary Kramlich)

    Pidgin:
    * Fix a memory leak in pidgin_conversations_set_tab_colors. (RR 1244)
      (ivanhoe)
    * Fixed the majority of the infinite resizing issues in the input box.
      (PIDGIN-16753, PIDGIN-16999, PIDGIN-17287, PIDGIN-17413, PIDGIN-17430,
      PIDGIN-17568, PIDGIN-17602) (RR 1342) (Belgin Știrbu)
    * Add transient-buddy back which is used to show some context menus and
      other things. (PIDGIN-17523) (RR 1381) (Belgin Știrbu)

    Windows:
    * Fix the download of dictionaries in the Windows installer. (PIDGIN-14618,
      PIDGIN-15648, PIDGIN-15540, PIDGIN-14612, PIDGIN-14893) (RR 1303) (Gary
      Kramlich)

    Translations:
    * Fix a typo in the German translations. (PIDGIN-17575) (RR 1242) (ivanhoe)
    * Synced all of the translations with Transifex.

    IRC:
    * Fix IRC file transfers on Windows. (PIDGIN-17175) (RR 1382) (Belgin
      Știrbu)
    * Fix file transfers failing at 99% on IRC. (PIDGIN-15893) (RR 1385) (Belgin
      Știrbu)
    * Default realname and ident name in IRC to the username (nickname) of the
      account. (PIDGIN-17610) (RR 1386) (Belgin Știrbu)
    * Add an advanced account option to IRC accounts for explicitly setting the
      SASL login name. (PIDGIN-15451) (RR 1388) (Belgin Știrbu)
    * Added a rate limiter that should make it impossible to excess flood.
      (RR 1391) (Gary Kramlich)

    SIMPLE:
    * Fix an issue with the CSeq numbers in SIMPLE. (PIDGIN-9675) (RR 1379)
      (dohmniq)

    XMPP:
    * Fix XMPP attention messages being sent to incorrect JIDs. (PIDGIN-14714)
      (RR 1387) (itsnotabigtruck, Belgin Știrbu)

   To generate a diff of this commit:
   cvs rdiff -u -r1.86 -r1.87 pkgsrc/chat/finch/Makefile
   cvs rdiff -u -r1.116 -r1.117 pkgsrc/chat/libpurple/Makefile
   cvs rdiff -u -r1.55 -r1.56 pkgsrc/chat/libpurple/Makefile.common \
       pkgsrc/chat/libpurple/distinfo
   cvs rdiff -u -r1.96 -r1.97 pkgsrc/chat/pidgin/Makefile
   cvs rdiff -u -r1.26 -r1.27 pkgsrc/chat/pidgin/PLIST
   cvs rdiff -u -r1.66 -r1.67 pkgsrc/chat/pidgin-sametime/Makefile
   cvs rdiff -u -r1.69 -r1.70 pkgsrc/chat/pidgin-silc/Makefile

Files:
RevisionActionfile
1.85.2.1modifypkgsrc/chat/finch/Makefile
1.115.2.1modifypkgsrc/chat/libpurple/Makefile
1.55.4.1modifypkgsrc/chat/libpurple/Makefile.common
1.55.4.1modifypkgsrc/chat/libpurple/distinfo
1.96.2.1modifypkgsrc/chat/pidgin/Makefile
1.26.10.1modifypkgsrc/chat/pidgin/PLIST
1.65.2.1modifypkgsrc/chat/pidgin-sametime/Makefile
1.68.2.1modifypkgsrc/chat/pidgin-silc/Makefile