summaryrefslogtreecommitdiff
path: root/chat/finch
AgeCommit message (Collapse)AuthorFilesLines
2014-12-07Update pidgin to 2.10.11.obache1-13/+1
version 2.10.11 (11/23/14): General: * Fix handling of Self-Signed SSL/TLS Certificates when using the NSS plugin (#16412) * Improve default cipher suites used with the NSS plugin (#16262) * Add NSS Preferences plugin which allows the SSL/TLS Versions and cipher suites to be configured (#8061) Gadu-Gadu: * Fix a bug that prevented plugin to load when compiled without GnuTLS. (mancha) (#16431) * Fix build for platforms without AF_LOCAL definition. (#16404) MSN: * Fix broken login due to server change (dx, TReKiE). (#16451, #16455) * Fail early when buddy list is unavailable instead of wasting bandwidth endlessly re-trying. version 2.10.10 (10/22/14): General: * Check the basic constraints extension when validating SSL/TLS certificates. This fixes a security hole that allowed a malicious man-in-the-middle to impersonate an IM server or any other https endpoint. This affected both the NSS and GnuTLS plugins. (Discovered by an anonymous person and Jacob Appelbaum of the Tor Project, with thanks to Moxie Marlinspike for first publishing about this type of vulnerability. Thanks to Kai Engert for guidance and for some of the NSS changes) (CVE-2014-3694) * Allow and prefer TLS 1.2 and 1.1 when using the NSS plugin for SSL. (Elrond and Ashish Gupta) (#15909) libpurple3 compatibility: * Encrypted account passwords are preserved until the new one is set. * Fix loading Google Talk and Facebook XMPP accounts. Windows-Specific Changes: * Don't allow overwriting arbitrary files on the file system when the user installs a smiley theme via drag-and-drop. (Discovered by Yves Younan of Cisco Talos) (CVE-2014-3697) * Updates to dependencies: * NSS 3.17.1 and NSPR 4.10.7 Finch: * Fix build against Python 3. (Ed Catmur) (#15969) Gadu-Gadu: * Updated internal libgadu to version 1.12.0. Groupwise: * Fix potential remote crash parsing server message that indicates that a large amount of memory should be allocated. (Discovered by Yves Younan and Richard Johnson of Cisco Talos) (CVE-2014-3696) IRC: * Fix a possible leak of unencrypted data when using /me command with OTR. (Thijs Alkemade) (#15750) MXit: * Fix potential remote crash parsing a malformed emoticon response. (Discovered by Yves Younan and Richard Johnson of Cisco Talos) (CVE-2014-3695) XMPP: * Fix potential information leak where a malicious XMPP server and possibly even a malicious remote user could create a carefully crafted XMPP message that causes libpurple to send an XMPP message containing arbitrary memory. (Discovered and fixed by Thijs Alkemade and Paul Aurich) (CVE-2014-3698) * Fix Facebook XMPP roster quirks. (#15041, #15957) Yahoo: * Fix login when using the GnuTLS library for TLS connections. (#16172)
2014-05-29Bump for perl-5.20.0.wiz1-1/+2
Do it for all packages that * mention perl, or * have a directory name starting with p5-*, or * depend on a package starting with p5- like last time, for 5.18, where this didn't lead to complaints. Let me know if you have any this time.
2014-05-09Mark packages that are not ready for python-3.3 also not ready for 3.4,wiz1-2/+2
until proven otherwise.
2014-02-03Mark as not ready for python-3.x.wiz1-1/+6
finch does not compile with python-3.3. Since libpurple is not versioned and finch pulls it in, we have to mark libpurple too, and then pidgin because of libpurple. It's all one codebase anyway...
2014-01-31Update pidin to 2.10.8.obache1-4/+1
version 2.10.8 (1/28/2014): General: * Python build scripts and example plugins are now compatible with Python 3. (Ashish Gupta) (#15624) libpurple: * Fix potential crash if libpurple gets an error attempting to read a reply from a STUN server. (Discovered by Coverity static analysis) (CVE-2013-6484) * Fix potential crash parsing a malformed HTTP response. (Discovered by Jacob Appelbaum of the Tor Project) (CVE-2013-6479) * Fix buffer overflow when parsing a malformed HTTP response with chunked Transfer-Encoding. (Discovered by Matt Jones, Volvent) (CVE-2013-6485) * Better handling of HTTP proxy responses with negative Content-Lengths. (Discovered by Matt Jones, Volvent) * Fix handling of SSL certificates without subjects when using libnss. * Fix handling of SSL certificates with timestamps in the distant future when using libnss. (#15586) * Impose maximum download size for all HTTP fetches. Pidgin: * Fix crash displaying tooltip of long URLs. (CVE-2013-6478) * Better handling of URLs longer than 1000 letters. * Fix handling of multibyte UTF-8 characters in smiley themes. (#15756) Windows-Specific Changes: * When clicking file:// links, show the file in Explorer rather than attempting to run the file. This reduces the chances of a user clicking on a link and mistakenly running a malicious file. (Originally discovered by James Burton, Insomnia Security. Rediscovered by Yves Younan of Sourcefire VRT.) (CVE-2013-6486) * Fix Tcl scripts. (#15520) * Fix crash-on-startup when ASLR is always on. (#15521) * Updates to dependencies: * NSS 3.15.4 and NSPR 4.10.2 * Pango 1.29.4-1daa Patched for https://bugzilla.gnome.org/show_bug.cgi?id=668154 AIM: * Fix untrusted certificate error. AIM and ICQ: * Fix a possible crash when receiving a malformed message in a Direct IM session. Gadu-Gadu: * Fix buffer overflow with remote code execution potential. Only triggerable by a Gadu-Gadu server or a man-in-the-middle. (Discovered by Yves Younan and Ryan Pentney of Sourcefire VRT) (CVE-2013-6487) * Disabled buddy list import/export from/to server (it didn't work anymore). Buddy list synchronization will be implemented in 3.0.0. * Disabled new account registration and password change options, as it didn't work either. Account registration also caused a crash. Both functions are available using official Gadu-Gadu website. IRC: * Fix bug where a malicious server or man-in-the-middle could trigger a crash by not sending enough arguments with various messages. (Discovered by Daniel Atallah) (CVE-2014-0020) * Fix bug where initial IRC status would not be set correctly. * Fix bug where IRC wasn't available when libpurple was compiled with Cyrus SASL support. (#15517) MSN: * Fix NULL pointer dereference parsing headers in MSN. (Discovered by Fabian Yamaguchi and Christian Wressnegger of the University of Goettingen) (CVE-2013-6482) * Fix NULL pointer dereference parsing OIM data in MSN. (Discovered by Fabian Yamaguchi and Christian Wressnegger of the University of Goettingen) (CVE-2013-6482) * Fix NULL pointer dereference parsing SOAP data in MSN. (Discovered by Fabian Yamaguchi and Christian Wressnegger of the University of Goettingen) (CVE-2013-6482) * Fix possible crash when sending very long messages. Not remotely-triggerable. (Discovered by Matt Jones, Volvent) MXit: * Fix buffer overflow with remote code execution potential. (Discovered by Yves Younan and Pawel Janic of Sourcefire VRT) (CVE-2013-6487) * Fix sporadic crashes that can happen after user is disconnected. * Fix crash when attempting to add a contact via search results. * Show error message if file transfer fails. * Fix compiling with InstantBird. * Fix display of some custom emoticons. SILC: * Correctly set whiteboard dimensions in whiteboard sessions. SIMPLE: * Fix buffer overflow with remote code execution potential. (Discovered by Yves Younan of Sourcefire VRT) (CVE-2013-6487) XMPP: * Prevent spoofing of iq replies by verifying that the 'from' address matches the 'to' address of the iq request. (Discovered by Fabian Yamaguchi and Christian Wressnegger of the University of Goettingen) (CVE-2013-6483) * Fix crash on some systems when receiving fake delay timestamps with extreme values. (Discovered by Jaime Breva Ribes) (CVE-2013-6477) * Fix possible crash or other erratic behavior when selecting a very small file for your own buddy icon. * Fix crash if the user tries to initiate a voice/video session with a resourceless JID. * Fix login errors when the first two available auth mechanisms fail but a subsequent mechanism would otherwise work when using Cyrus SASL. (#15524) * Fix dropping incoming stanzas on BOSH connections when we receive multiple HTTP responses at once. (Issa Gorissen) (#15684) Yahoo!: * Fix possible crashes handling incoming strings that are not UTF-8. (Discovered by Thijs Alkemade and Robert Vehse) (CVE-2012-6152) * Fix a bug reading a peer to peer message where a remote user could trigger a crash. (CVE-2013-6481) Plugins: * Fix crash in contact availability plugin. * Fix perl function Purple::Network::ip_atoi * Add Unity integration plugin.
2014-01-30Mark as not yet ready for python-3.x.wiz1-1/+3
2013-05-31Bump all packages for perl-5.18, thatwiz1-1/+2
a) refer 'perl' in their Makefile, or b) have a directory name of p5-*, or c) have any dependency on any p5-* package Like last time, where this caused no complaints.
2013-03-03Update pidgin to 2.10.7.obache1-2/+1
version 2.10.7 (02/13/2013): Alien hatchery: * No changes General: * The configure script will now exit with status 1 when specifying invalid protocol plugins using the --with-static-prpls and --with-dynamic-prpls arguments. (Michael Fiedler) (#15316) libpurple: * Fix a crash when receiving UPnP responses with abnormally long values. (CVE-2013-0274) * Don't link directly to libgcrypt when building with GnuTLS support. (Bartosz Brachaczek) (#15329) * Fix UPnP mappings on routers that return empty <URLBase/> elements in their response. (Ferdinand Stehle) (#15373) * Tcl plugin uses saner, race-free plugin loading. * Fix the Tcl signals-test plugin for savedstatus-changed. (Andrew Shadura) (#15443) Pidgin: * Make Pidgin more friendly to non-X11 GTK+, such as MacPorts' +no_x11 variant. Gadu-Gadu: * Fix a crash at startup with large contact list. Avatar support for buddies will be disabled until 3.0.0. (#15226, #14305) IRC: * Support for SASL authentication. (Thijs Alkemade, Andy Spencer) (#13270) * Print topic setter information at channel join. (#13317) MSN: * Fix SSL certificate issue when signing into MSN for some users. * Fix a crash when removing a user before its icon is loaded. (Mark Barfield) (#15217) MXit: * Fix a bug where a remote MXit user could possibly specify a local file path to be written to. (CVE-2013-0271) * Fix a bug where the MXit server or a man-in-the-middle could potentially send specially crafted data that could overflow a buffer and lead to a crash or remote code execution. (CVE-2013-0272) * Display farewell messages in a different colour to distinguish them from normal messages. * Add support for typing notification. * Add support for the Relationship Status profile attribute. * Remove all reference to Hidden Number. * Ignore new invites to join a GroupChat if you're already joined, or still have a pending invite. * The buddy's name was not centered vertically in the buddy-list if they did not have a status-message or mood set. * Fix decoding of font-size changes in the markup of received messages. * Increase the maximum file size that can be transferred to 1 MB. * When setting an avatar image, no longer downscale it to 96x96. Sametime: * Fix a crash in Sametime when a malicious server sends us an abnormally long user ID. (CVE-2013-0273) Yahoo!: * Fix a double-free in profile/picture loading code. (Mihai Serban) (#15053) * Fix retrieving server-side buddy aliases. (Catalin Salgu) (#15381) Plugins: * The Voice/Video Settings plugin supports using the sndio GStreamer backends. (Brad Smith) (#14414) * Fix a crash in the Contact Availability Detection plugin. (Mark) (#15327) * Make the Message Notification plugin more friendly to non-X11 GTK+, such as MacPorts' +no_x11 variant.
2013-02-16Recursive bump for png-1.6.wiz1-2/+2
2013-01-26Revbump after graphics/jpeg and textproc/icuadam1-2/+2
2012-12-15Bump PKGREVISION from devel/nss 3.14.0.ryoon1-2/+2
2012-10-08Revbump after updating graphics/pangoadam1-2/+2
2012-10-06Recursive bump from net/gssdp.ryoon1-2/+2
2012-10-03Bump all packages that use perl, or depend on a p5-* package, orwiz1-2/+2
are called p5-*. I hope that's all of them.
2012-10-03Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.asau1-3/+1
2012-10-02Mass recursive bump after the dependence fix of the "cairo" packagetron1-2/+2
requested by Thomas Klausner.
2012-09-15recursive bump from libffi shlib major bumpobache1-1/+2
(additionaly, reset PKGREVISION of qt4-* sub packages from base qt4 update)
2012-08-01reset PKGREV for base pkg updatedrochner1-2/+1
2012-06-14Recursive PKGREVISION bump for libxml2 buildlink addition.sbd1-1/+2
2012-05-15Update pidgin to 2.10.4.obache1-2/+1
version 2.10.4 (05/06/2012): General: * Support building against Farstream in addition to Farsight. (Olivier Crete) (#14936) IRC: * Disable periodic WHO timer. IRC channel user lists will no longer automatically display away status, but libpurple will be much kinder to the network. * Print unknown numerics to channel windows if we can associate them. Thanks to Marien Zwart. (#15090) MSN: * Fix a possible crash when receiving messages with certain characters or character encodings. Thanks to Fabian Yamaguchi for reporting this! XMPP: * Fix a possible crash when receiving a series of specially crafted file transfer requests. Thanks to José Valentín Gutiérrez for reporting this! (CVE-2012-2214) Windows-Specific Changes: * Words added to spell check dictionaries are saved across restarts of Pidgin (#11886)
2012-04-27Recursive bump from icu shlib major bumped to 49.obache1-1/+2
2012-04-04Update pidgin to 2.10.3.obache1-6/+2
(fixes CVE-2011-3594, CVE-2011-4601, CVE-2011-4602, CVE-2011-4603, CVE-2011-4939 and CVE-2012-1178) version 2.10.3 (03/26/2012): * Fix buddies not going offline. version 2.10.2 (03/14/2012): General: * Fix compilation when using binutils 2.22 and new GDK pixbuf. (#14799) * Fix compilation of the MXit protocol plugin with GLib 2.31. (#14773) Pidgin: * Add support for the GNOME3 Network dialog. (#13882) * Fix rare crash. (#14392) * Add support for the GNOME3 Default Application dialog for configuring the Browser. libpurple: * Support new connection states and signals for NetworkManager 0.9+. (Dan Williams) (#13859) AIM and ICQ: * Fix a possible crash when receiving an unexpected message from the server. (Thijs Alkemade) (#14983) * Allow signing on with usernames containing periods and underscores. (#13500) * Allow adding buddies containing periods and underscores. (#13500) * Don't try to format ICQ usernames entered as email addresses. Gets rid of an "Unable to format username" error at login. (#13883) MSN: * Fix possible crashes caused by not validating incoming messages as UTF-8. (Thijs Alkemade) (#14884) * Support new protocol version MSNP18. (#14753) * Fix messages to offline contacts. (#14302) Windows-Specific Changes: * Fix the installer downloading of spell-checking dictionaries (#14612) * Fix compilation of the Bonjour protocol plugin. (#14802) Plugins: * The autoaccept plugin will no longer reset the preference for unknown buddies to "Auto Reject" in certain cases. (#14964) version 2.10.1 (12/06/2011): Finch: * Fix compilation on OpenBSD. AIM and ICQ: * Fix remotely-triggerable crashes by validating strings in a few messages related to buddy list management. Thanks to Evgeny Boger for reporting this! (#14682) Bonjour: * IPv6 fixes (Linus Lüssing) Gadu-Gadu: * Fix problems linking against GnuTLS. (#14544) IRC: * Fix a memory leak when admitting UTF-8 text with a non-UTF-8 primary encoding. (#14700) Jabber: * Fix crashes and memory leaks when receiving malformed voice and video requests. Thanks to Thijs Alkemade for reporting this! Sametime: * Separate "username" and "server" when adding new Sametime accounts. (#14608) * Fix compilation in Visual C++. (#14608) SILC: * Fix CVE-2011-3594, by UTF-8 validating incoming messages before passing them to glib or libpurple. Identified by Diego Bauche Madero from IOActive. (#14636) Yahoo!: * Fetch buddy icons in some cases where we previously weren't. (#13050) Windows-Specific Changes: * Fix compilation
2012-03-09Bump PKGREVISION for python default version change to 2.7.wiz1-2/+2
py-* not affected, since it built different versions depending on the setting already.
2012-03-06Recursive PKGREVISION bump for xulrunner, nss, and nspr.ryoon1-2/+2
2012-03-03Recursive bump for pcre-8.30* (shlib major change)wiz1-2/+2
2012-02-06Revbump forwiz1-2/+2
a) tiff update to 4.0 (shlib major change) b) glib2 update 2.30.2 (adds libffi dependency to buildlink3.mk) Enjoy.
2011-11-01Recursive bump for graphics/freetype2 buildlink addition.sbd1-1/+2
2011-08-26Update piding 2.10.0, contains security fixes for CVE-2011-2943 and ↵obache1-3/+1
CVE-2011-3184. While here, better fix for PR#45190. chat/finch itself does not depend on devel/nspr. chat/libpurple without gnutls option, libpurple is linked with nspr, so it must be handle in libpurple/buildlink3.mk. version 2.10.0 (08/18/2011): Pidgin: * Make the max size of incoming smileys a pref instead of hardcoding it. (Quentin Brandon) (#5231) * Added a plugin information dialog to show information for plugins that aren't otherwise visible in the plugins dialog. * Fix building with GTK+ earlier than 2.14.0 (GTK+ 2.10 is still the minimum supported) (#14261) libpurple: * Fix a potential crash in the Log Reader plugin when reading QIP logs. * Fix a large number of strcpy() and strcat() invocations to use strlcpy() and strlcat(), etc., forestalling an entire class of string buffer overrun bugs. (The Electronic Frontier Foundation, Dan Auerbach, Chris Palmer, Jacob Appelbaum) * Change some filename manipulations in filectl.c to use MAXPATHLEN instead of arbitrary length constants. (The Electronic Frontier Foundation, Dan Auerbach, Chris Palmer, Jacob Appelbaum) * Fix endianness-related crash in NTLM authentication (Jon Goldberg) (#14163) Gadu-Gadu: * Fixed searching for buddies in public directory. (Tomasz Wasilczyk) (#5242) * Better status message handling. (Tomasz Wasilczyk) (#14314) * Merged two buddy blocking methods. (Tomasz Wasilczyk) (#5303) * Fix building of the bundled libgadu library with older versions of GnuTLS. (patch plucked from upstream) (#14365) ICQ: * Fix crash selecting Tools->Set Mood when you're online with an ICQ account that is configured as an AIM account. (#14437) IRC: * Fix a crash when remote users have certain characters in their nicknames. (Discovered by Djego Ibanez) (#14341) * Fix the handling of formatting following mIRC ^O (#14436) * Fix crash when NAMES is empty. (James McLaughlin) (#14518) MSN: * Fix incorrect handling of HTTP 100 responses when using the HTTP connection method. This can lead to a crash. (Discovered by Marius Wachtler) * Fix seemingly random crashing. (#14307) * Fix a crash when the account is disconnected at the time we are doing a SB request. (Hanzz, ported by shlomif) (#12431) XMPP: * Do not generate malformed XML ("</>") when setting an empty mood. (#14342) * Fix the /join <room> behavior. (Broken when adding support for <room>@<server>) (#14205) Yahoo!/Yahoo! JAPAN: * Fix coming out of idle while in an unavailable state * Fix logging into Yahoo! JAPAN. (#14259) Windows-Specific Changes: * Open an explorer.exe window at the location of the file when clicking on a file link instead of executing the file, because executing a file can be potentially dangerous. (Discovered by James Burton of Insomnia Security) (Fixed by Eion Robb)
2011-07-30Finch requires devel/nspr to build. Fixes PR pkg/45190 from Bartosz Kuzma.gls1-1/+3
PKGREV++
2011-06-30Update pidgin to 2.9.0, for security fix (CVE-2011-2485).obache1-2/+1
version 2.9.0 (06/23/2011): Pidgin: * Fix a potential remote denial-of-service bug related to displaying buddy icons. * Significantly improved performance of larger IRC channels (regression introduced in 2.8.0). * Fix Conversation->Add on AIM and MSN. * Entries in the chat user list are sorted properly again. This was inadvertenly broken in 2.8.0. Finch: * Fix logging in to ICQ. libpurple: * media: Actually use the specified TCP port from the TURN configuration to create a TCP relay candidate. AIM and ICQ: * Fix crashes on some non-mainstream OSes when attempting to printf("%s", NULL). (Clemens Huebner) (#14297) Plugins: * The Evolution Integration plugin compiles again. version 2.8.0 (06/07/2011): General: * Implement simple silence suppression for voice calls, preventing wasted bandwidth for silent periods during a call. (Jakub Adam) (half of #13180) * Added the DigiCert High Assurance CA-3 intermediate CA, needed for validation of the Facebook XMPP interface's certificate. * Removed the QQ protocol plugin. It hasn't worked in a long time and isn't being maintained, therefore we no longer want it. Pidgin: * Duplicate code cleanup. (Gabriel Schulhof) (#10599) * Voice/Video call window adapts correctly to adding or removing streams on the fly. (Jakub Adam) (half of #13535) * Don't cancel an ongoing call when rejecting the addition of a stream to the existing call. (Jakub Adam) (#13537) * Pidgin plugins can now override tab completion and detect clicks on usernames in the chat userlist. (kawaii.neko) (#12599) * Fix the tooltip being destroyed when it is full of information and cover the mouse (dliang) (#10510) libpurple: * media: Allow obtaining active local and remote candidates. (Jakub Adam) (#11830) * media: Allow getting/setting video capabilities. (Jakub Adam) (half of #13095) * Simple Silence Suppression is optional per-account. (Jakub Adam) (half of #13180) * Fix purple-url-handler being unable to find an account. * media: Allow adding/removing streams on the fly. (Jakub Adam) (half of #13535) * Support new connection states in NetworkManager 0.9. (Dan Williams) (#13505) * When removing a buddy, delete the pounces associated with it. (Kartik Mohta) (#1131) * media: Allow libpurple and plugins to set SDES properties for RTP conferences. (Jakub Adam) (#12981) * proxy: Add new "Tor/Privacy" proxy type that can be used to restrict operations that could leak potentially sensitive data (e.g. DNS queries). (#11110, #13928) * media: Add support for using TCP relaying with TURN (will only work with libnice 0.1.0 and later). AIM: * Fix setting icons with dimensions greater than 64x64 pixels by scaling them down to at most 64x64. (#12874, #13165) Gadu-Gadu: * Allow showing your status only to buddies. (Mateusz Piękos) (#13358) * Updated internal libgadu to version 1.10.1. (Robert Matusewicz, Krzysztof Klinikowski) (#13525) * Updated internal libgadu to version 1.11.0. (Tomasz Wasilczyk) (#14248) * Suppress blank messages that happen when receiving inline images. (Tomasz Wasilczyk) (#13554) * Fix sending inline images to remote users, don't crash when trying to send large (> 256kB) images. (Tomasz Wasilczyk) (#13580) * Support typing notifications. (Jan Zachorowski, Tomasz Wasilczyk, Krzysztof Klinikowski) (#13362, #13590) * Require libgadu 1.11.0 to avoid using internal libgadu. * Optional SSL connection support for GNUTLS users (not on Windows yet!). (Tomasz Wasilczyk) (#13613, #13894) * Don't count received messages or statuses when determining whether to send a keepalive packet. (Jan Zachorowski) (#13699) * Fix a crash when receiving images on Windows or an incorrect timestamp in the log when receiving images on Linux. (Tomasz Wasilczyk) (#10268) * Support XML events, resulting in immediate update of other users' buddy icons. (Tomasz Wasilczyk) (#13739) * Accept poorly formatted URLs from other third-party clients in the same manner as the official client. (Tomasz Wasilczyk) (#13886) ICQ: * Fix setting icons with dimensions greater than 64x64 pixels by scaling them down to at most 64x64. (#12874, #13165) * Fix unsetting your mood when "None" is selected. (Dustin Gathmann) (#11895) * Ignore Daylight Saving Time when performing calculations related to birthdays. (Dustin Gathmann) (#13533) * It is now possible to specify multiple encodings on the Advanced tab of an ICQ account's settings by using a comma-delimited list. (Dmitry Utkin) (#13496) IRC: * Add "authserv" service command. (tomos) (#13337) MSN: * Fix a hard-to-exploit crash in the MSN protocol when using the HTTP connection method (Reported by Marius Wachtler). MXit: * Support for an Invite Message when adding a buddy. * Fixed bug in splitting-up of messages that contain a lot of links. * Fixed crash caused by timer not being disabled on disconnect. (introduced in 2.7.11) * Clearing of the conversation window now works. * When receiving an invite you can display the sender's profile information, avatar image, invite message. * The Change PIN option was moved into separate action. * New profile attributes added and shown. * Update to protocol v6.3. * Added the ability to view and invite your Suggested Friends, and to search for contacts. * Also display the Status Message of offline contacts in their profile information. XMPP: * Remember the previously entered user directory when searching. (Keith Moyer) (#12451) * Correctly handle a buddy's unsetting his/her vCard-based avatar. (Matthew W.S. Bell) (#13370) * Squash one more situation that resulted in duplicate entries in the roster (this one where the server reports the buddy as being in the same (empty) group. (Reported by Danny Mayer) Plugins: * The Voice/Video Settings plugin now includes the ability to test microphone settings. (Jakub Adam) (#13182) * Fix a crash when handling some saved settings in the Voice/Video Settings plugin. (Pat Erley) (13290, #13774) Windows-Specific Changes: * Fix building libpurple with Visual C++ .NET 2005. This was accidentally broken in 2.7.11. (Florian Quèze) * Build internal libgadu using packed structs, fixing several long-standing Gadu-Gadu issues. (#11958, #6297)
2011-06-10recursive bump from textproc/icu shlib major bump.obache1-2/+2
2011-04-22recursive bump from gettext-lib shlib bump.obache1-1/+2
2011-03-14Changes 2.7.11:adam1-2/+1
General: * Our bundled libgadu should now build on HP-UX. * Fix some instances of file transfers never completing. Pidgin: * Sort by Status no longer causes buddies to move around when you click them. * Fix embedding in the system tray on older GTK+ releases (such as on CentOS 5.5 and older Fedora). * No longer require libstartup-notification for startup notification support. GTK+ has included support for years, so use it instead. AIM: * Fix a bug where some buddies from your buddy list might not show up. Affected non-English ICQ users the most. * Send keepalives for all types of network connections. Will hopefully make chat rooms more reliable. MSN: * Fix bug that prevented added buddies to your buddy list in certain circumstances. MXit: * MXit plugin and reported client version now follow the libpurple version. * Don't try to request profile information for non-user contacts. * Allow Re-Invite for contacts in Deleted or Rejected state. * Ensure we don't send packets too fast to the MXit server and trigger its flood-detection mechanism. Also increased the internal packet queue to 32 packets. XMPP: * Fix building on platforms with an older glib (inadvertantly broken in 2.7.10). * Don't treat the on-join status storms as 'new arrivals'. * Extend the /join command to support room JIDs, enabling you to join a room on any server. * Add support for receiving a limited amount of history when joining a room (not currently supported by Pidgin and Finch). Yahoo!/Yahoo! JAPAN: * Fix CVE-2011-1091, denials of service caused by NULL pointer dereferences due to improper handling of malformed YMSG packets.
2011-02-21Bump depends and PKGREVISION for libnice shlib major change.wiz1-1/+2
2011-02-02Changes 2.7.9:adam1-2/+1
John: Just a quick release for a security fix here. Elliott has not yet had a chance to work on the MSN breakage that's been present in the last couple releases, but we hope he can do it before 2.7.10! Changes 2.7.8: Elliott: OK, so I know a few things broke with the last release, and it's too bad we had to rush it for that silly certificate thing that the MSN people can't configure properly. I've certainly done a lot of small fixes this time, but it's too bad we haven't been able to get the transfers with the official client fixed yet. I promise it'll be in the next release (barring any quick security issues). John: So, it's been about a month since we last released. Again, we've assembled a bugfix release for your enjoyment. While a few commonly reported bugs remain, particularly in MSN, we're working on it for the next release. In the meantime, Merry Christmas and enjoy! Changes 2.7.7: John: Well, this time around, we should finally have the certificate issue really and fully fixed for all of you MSN users. Also, we have a few AIM-related fixes in this release, most notably the fix for the new "SSL Handshake Failure" message some of you got after upgrading. That one was an oversight on our part. Enjoy the fixes!
2011-01-13png shlib name changed for png>=1.5.0, so bump PKGREVISIONs.wiz1-2/+2
2010-11-15PKGREVISION bumps for changes to gtk2, librsvg, libbonobo and libgnomeabs1-2/+2
2010-09-14Bump dependency on pixman to 0.18.4 because cairo-1.10 needs thatwiz1-1/+2
version, and bump all depends. Per discussion on pkgsrc-changes.
2010-08-30Changes 2.7.3:adam1-5/+3
* Lots of little incremental bug fixes and enhancements in this release. * Finally got some fixes out there for you Yahoo users behind some particularly annoying firewalls and proxies, among other fixes. Enjoy! Changes 2.7.2: * We discovered a security issue in Pidgin 2.7.0 and 2.7.1 and decided to release a patched version quickly. This release contains the fix for that crash, and a few other minor fixes.
2010-06-13Bump PKGREVISION for libpng shlib name change.wiz1-2/+2
Also add some patches to remove use of deprecated symbols and fix other problems when looking for or compiling against libpng-1.4.x.
2010-01-20Bump PKGREVISION for gupnp/gssdp API changes.wiz1-1/+2
2009-12-14Also create .libs directory for the faked libpurple.la, otherwisejoerg1-2/+3
libtool 2.2 will bail out during relink.
2009-12-08Update to 2.6.2, based on patches provided by Joachim Kuebart in PR 42005.wiz1-2/+2
Additional changes: Fix farsight handling in libpurple. Set LICENSE. 2.6.2 (09/05/2009): Mark: Woo boy it's been a busy two weeks. There was a lot of new code in 2.6.0, and with new code comes new bugs. The cadre of relentless developers responsible for Pidgin have been hard at work, and I believe they have fixed all the major bugs that cropped up. My thanks to all those names listed as Current Developers in Pidgin's 'About' window. Elliott: Well now, just as Mark said, there was a lot of new stuff that probably came up with tons of bugs. So I can't say I wrote anything super-awesome, but I definitely fixed quite a few of those itty-bitty why-didn't-this-work-this-way sort of bugs.
2009-09-06PR 41978 from Joachim Kuebartabs2-2/+6
Update: chat/finch to 2.6.1 chat/libpurple to 2.6.1 chat/pidgin to 2.6.1 chat/pidgin-sametime to 2.6.1 chat/pidgin-silc to 2.6.1 major changes: o addition of farsight support for voice/video chats (untested, new option on by default) o addition of dependency on devel/libidn o addition of gstreamer option for libpurple (on by default)
2009-06-14Remove @dirrm entries from PLISTsjoerg1-5/+1
2009-02-04Needs intltool, add it to tools.wiz1-2/+2
2008-12-22Update libpurple, pidgin, pidgin-sametime, pidgin-silc, finch tojmcneill1-2/+2
version 2.5.3; Version 2.5.3 (12/20/2008) * libpurple o The Buddy State Notification plugin no longer prints duplicate notifications when the same buddy is in multiple groups. (Florian Quèze) o The Buddy State Notification plugin no longer turns JID's, MSN Passport ID's, etc. into links. (Florian Quèze) o purple-remote now has a "getstatusmessage" command to retrieve the text of the current status message. o Various fixes to the nullprpl. (Paul Aurich) o Fix a crash when accessing the roomlist for an account that's not connected. (Paul Aurich) o Fix a crash in purple_accounts_delete that happens when this function is called before the buddy list is initialized. (Florian Quèze) o Fix use of av_len in perl bindings to fix some off-by-one bugs. (Paul Aurich) o On ICQ, advertise the ICQ 6 typing capability. This should fix the reports of typing notifications not working with third-party clients. (Jaromír Karmazín) o Many QQ fixes and improvements, including the ability to connect using QQ2008 protocol and sending/receiving of long messages. The recommended version to use is still QQ2005. o Fix a crash with DNS SRV lookups. (Florian Quèze) o Fix a crash caused by authorization requests. (Florian Quèze) * Gadu-Gadu o Add support for IM images. (Tomasz Sałaciński, Adam Strzelecki) o Gadu-Gadu now checks that UID's are valid. (Adam Strzelecki) o Gadu-Gadu now does proper charset translations where needed. (Adam Strzelecki) * MSN o Fix an error with offline messages by shipping the new "Microsoft Secure Server Authority" and the "Microsoft Internet Authority" certificates. These are now always installed even when using --with-system-ssl-certs because most systems don't ship those intermediate certificates. o The Games and Office media can now be set and displayed (in addition to the previous Music media). The Media status text now shows the album, if possible. o Messages sent from a mobile device while you were offline are now correctly received. o Server transfers after you've been connected for a long time should now be handled correctly. o Many improvements to handling of "federated" buddies, such as those on the Yahoo network. o Several known crashes have been resolved. o Many other fixes and code cleanup. * MySpace o Respect your privacy settings set using the official MySpace client. o Add support for blocking buddies. o Fix a bug where buddies didn't appear in their correct groups the first time you sign into your account. o Properly disconnect and sign out of the service when logging off. o Support for foreground and background font colors in outgoing IMs. o Support for background font colors in incoming IMs. o Many other fixes and code cleanup. * Sametime o Fix insanely long idle times for Sametime 7.5 buddies by assuming 0 idle time if the idle timestamp is in the future. (Laurent Montaron) o Fix a crash that can occur on login. (Raiko Nitzsche) * SIMPLE o Fix a crash when a malformed message is received. o Don't allow connecting accounts if no server name has been specified. (Florian Quèze) * XMPP o Fix the namespace URL we look for in PEP reply stanzas to match the URL used in the 'get' requests (Paul Aurich) o Resources can be set to the local machine's hostname by using __HOSTNAME__ as the resource string. (Jonathan Sailor) o Resources can now be left blank, causing the server to generate a resource for us where supported. (Jonathan Sailor) o Resources now default to no value, but "Home" is used if the server refuses to provide a resource. o Quit trying to get user info for MUC's. (Paul Aurich) o Send "client-accepts-full-bind-result" attribute during SASL login. This will fix Google Talk login failures if the user configures the wrong domain for his/her account. o Support new <metadata/> element to indicate no XEP-0084 User Avatar. (Paul Aurich) o Fix SHA1 avatar checksum errors that occur when one of the bytes in a checksum begins with 0. (Paul Aurich) o Fix a problem with duplicate buddies. (Paul Aurich) * Yahoo o Corrected maximum message lengths for Yahoo! o Fix file transfers with older Yahoo protocol versions. * Zephyr o Enable auto-reply, to emulate 'zaway.' (Toby Schaffer) o Fix a crash when an account is configured to use tzc but tzc is not installed or the configured tzc command is invalid. (Michael Terry) o Fix a 10 second delay waiting on tzc if it is not installed or the configured command is invalid. (Michael Terry) * Pidgin o On GTK+ 2.14 and higher, we're using the gtk-tooltip-delay setting instead of our own (hidden) tooltip_delay pref. If you had previously changed that pref, add a line like this to ~/.purple/gtkrc-2.0 (where 500 is the timeout (in ms) you want): gtk-tooltip-timeout = 500 To completely disable tooltips (e.g. if you had an old tooltip_delay of zero), add this to ~/.purple/gtkrc-2.0: gtk-enable-tooltips = 0 o Moved the release notification dialog to a mini-dialog in the buddylist. (Casey Ho) o Fix a crash when closing an authorization minidialog with the X then immediately going offline. (Paul Aurich) o Fix a crash cleaning up custom smileys when Pidgin is closed. o Fix adding a custom smiley using the context menu in a conversation if no custom smilies have previously been added using the smiley manager. o Improved support for some message formatting in conversations. o Allow focusing the coversation history or userlist with F6. o Fixed the Send Button plugin to avoid duplicate buttons in a single conversation. o Double-clicking a saved status will now activate it and close the saved status manager, rather than edit the status. * Finch o Allow binding meta+arrow keys for actions. o Added default meta+erase binding for delete previous word. o Added "Show When Offline" to buddy menus, so a plugin is no longer needed. Version 2.5.2 (10/19/2008) * libpurple o Fixed a crash on removing a custom buddy icon on a buddy. o Fixed a crash caused by certain self-signed SSL certificates. o Enable a number of strong ciphers which were previously disabled when using NSS. (Thanks to Marcus Trautwig.) * Pidgin o The status selector now saves your message when changing status. o Fix a case where a conversation window could close unexpectedly. o A mute sounds option has been added to the preferences window to help with discoverability. CTRL+S is no longer bound to mute. o Added ability to change the color of visited links (using the theme control plugin, or setting the color in ~/.gtkrc-2.0) o Fix a crash occuring when a custom smiley is deleted and re-added and used in an open conversation after being re-added. * Finch o A new 'Nested Grouping' option in the 'Grouping' plugin. Group hierarchies are defined by the '/' character in the group names. o A bug was fixed where some key-bindings wouldn't work with some TERMs (e.g. xterm-color, screen-linux etc.) * MSN o Operations (such as moving to a new group) on contacts that were added in the same session should now complete correctly, and not cause synchronization errors at next login. o Minor fixes to login process during a server transfer. o Restored the "Has You" feature to the MSN protocol tooltips. o ADL 205/214/etc errors should no longer prevent login. * XMPP o Sending and receiving custom smileys using the specification in XEP-0231 (bits of binary) and XHTML-IM * Yahoo o Only send a Ping once every hour. This prevents the account from being disconnected from the server periodically.
2008-11-02Avoid to detect python interpreter.obache1-1/+2
Fixes PR 39716.
2008-07-11Update pidgin and friends to 2.4.3. Done during pkgsrc freeze because of:tnn1-1/+2
i) CVE-2008-2927 fix ii) the previous version was being rejected from the ICQ network. version 2.4.3 (07/01/2008): libpurple: * Yahoo! Japan now uses UTF-8, matching the behavior of official clients and restoring compatibility with the web messenger (Yusuke Odate) * Setting your buddy icon once again works for Yahoo! accounts. * Fixes in the Yahoo! protocol to prevent a double free, crashes on aliases, and alias functionality * Fix crashes in the bonjour protocol * Always use UTF-8 for Yahoo! (#5973) * Fix a crash when the given jabber id is invalid. * Make the IRC "unknown message" debugging messages UTF-8 safe. * Fix connecting to ICQ * Fix a memleak when handling jabber xforms. Pidgin: * Include the send button plugin in the win32 build * Various memory leak fixes
2008-05-18Update to finch-2.4.2.tnn2-10/+2
* New default binding ctrl+x to open context menus. * Menu triggers and other bindings will no longer conflict. * Middle click pastes the internal clipboard (when mouse support is enabled).