| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
|
|
until proven otherwise.
|
|
Fix PR pkg/48777
|
|
from being able to log into Yahoo Messenger.
|
|
|
|
version 2.10.9 (2/2/2014):
XMPP:
* Fix problems logging into some servers including jabber.org and
chat.facebook.com. (#15879)
|
|
Fixes reversed condition change at the previous commit.
Build may fine with python-3.x, but installed scripts are incompatible.
|
|
finch does not compile with python-3.3. Since libpurple is not versioned
and finch pulls it in, we have to mark libpurple too, and then pidgin
because of libpurple. It's all one codebase anyway...
|
|
version 2.10.8 (1/28/2014):
General:
* Python build scripts and example plugins are now compatible with
Python 3. (Ashish Gupta) (#15624)
libpurple:
* Fix potential crash if libpurple gets an error attempting to read a
reply from a STUN server. (Discovered by Coverity static analysis)
(CVE-2013-6484)
* Fix potential crash parsing a malformed HTTP response. (Discovered by
Jacob Appelbaum of the Tor Project) (CVE-2013-6479)
* Fix buffer overflow when parsing a malformed HTTP response with
chunked Transfer-Encoding. (Discovered by Matt Jones, Volvent)
(CVE-2013-6485)
* Better handling of HTTP proxy responses with negative Content-Lengths.
(Discovered by Matt Jones, Volvent)
* Fix handling of SSL certificates without subjects when using libnss.
* Fix handling of SSL certificates with timestamps in the distant future
when using libnss. (#15586)
* Impose maximum download size for all HTTP fetches.
Pidgin:
* Fix crash displaying tooltip of long URLs. (CVE-2013-6478)
* Better handling of URLs longer than 1000 letters.
* Fix handling of multibyte UTF-8 characters in smiley themes. (#15756)
Windows-Specific Changes:
* When clicking file:// links, show the file in Explorer rather than
attempting to run the file. This reduces the chances of a user
clicking on a link and mistakenly running a malicious file.
(Originally discovered by James Burton, Insomnia Security. Rediscovered
by Yves Younan of Sourcefire VRT.) (CVE-2013-6486)
* Fix Tcl scripts. (#15520)
* Fix crash-on-startup when ASLR is always on. (#15521)
* Updates to dependencies:
* NSS 3.15.4 and NSPR 4.10.2
* Pango 1.29.4-1daa
Patched for https://bugzilla.gnome.org/show_bug.cgi?id=668154
AIM:
* Fix untrusted certificate error.
AIM and ICQ:
* Fix a possible crash when receiving a malformed message in a Direct IM
session.
Gadu-Gadu:
* Fix buffer overflow with remote code execution potential. Only
triggerable by a Gadu-Gadu server or a man-in-the-middle.
(Discovered by Yves Younan and Ryan Pentney of Sourcefire VRT)
(CVE-2013-6487)
* Disabled buddy list import/export from/to server (it didn't work
anymore). Buddy list synchronization will be implemented in 3.0.0.
* Disabled new account registration and password change options, as it
didn't work either. Account registration also caused a crash. Both
functions are available using official Gadu-Gadu website.
IRC:
* Fix bug where a malicious server or man-in-the-middle could trigger
a crash by not sending enough arguments with various messages.
(Discovered by Daniel Atallah) (CVE-2014-0020)
* Fix bug where initial IRC status would not be set correctly.
* Fix bug where IRC wasn't available when libpurple was compiled with
Cyrus SASL support. (#15517)
MSN:
* Fix NULL pointer dereference parsing headers in MSN.
(Discovered by Fabian Yamaguchi and Christian Wressnegger of the
University of Goettingen) (CVE-2013-6482)
* Fix NULL pointer dereference parsing OIM data in MSN.
(Discovered by Fabian Yamaguchi and Christian Wressnegger of the
University of Goettingen) (CVE-2013-6482)
* Fix NULL pointer dereference parsing SOAP data in MSN.
(Discovered by Fabian Yamaguchi and Christian Wressnegger of the
University of Goettingen) (CVE-2013-6482)
* Fix possible crash when sending very long messages. Not
remotely-triggerable. (Discovered by Matt Jones, Volvent)
MXit:
* Fix buffer overflow with remote code execution potential.
(Discovered by Yves Younan and Pawel Janic of Sourcefire VRT)
(CVE-2013-6487)
* Fix sporadic crashes that can happen after user is disconnected.
* Fix crash when attempting to add a contact via search results.
* Show error message if file transfer fails.
* Fix compiling with InstantBird.
* Fix display of some custom emoticons.
SILC:
* Correctly set whiteboard dimensions in whiteboard sessions.
SIMPLE:
* Fix buffer overflow with remote code execution potential.
(Discovered by Yves Younan of Sourcefire VRT) (CVE-2013-6487)
XMPP:
* Prevent spoofing of iq replies by verifying that the 'from' address
matches the 'to' address of the iq request. (Discovered by Fabian
Yamaguchi and Christian Wressnegger of the University of Goettingen)
(CVE-2013-6483)
* Fix crash on some systems when receiving fake delay timestamps with
extreme values. (Discovered by Jaime Breva Ribes) (CVE-2013-6477)
* Fix possible crash or other erratic behavior when selecting a very
small file for your own buddy icon.
* Fix crash if the user tries to initiate a voice/video session with a
resourceless JID.
* Fix login errors when the first two available auth mechanisms fail but
a subsequent mechanism would otherwise work when using Cyrus SASL.
(#15524)
* Fix dropping incoming stanzas on BOSH connections when we receive
multiple HTTP responses at once. (Issa Gorissen) (#15684)
Yahoo!:
* Fix possible crashes handling incoming strings that are not UTF-8.
(Discovered by Thijs Alkemade and Robert Vehse) (CVE-2012-6152)
* Fix a bug reading a peer to peer message where a remote user could
trigger a crash. (CVE-2013-6481)
Plugins:
* Fix crash in contact availability plugin.
* Fix perl function Purple::Network::ip_atoi
* Add Unity integration plugin.
|
|
either because they themselves are not ready or because a
dependency isn't. This is annotated by
PYTHON_VERSIONS_INCOMPATIBLE= 33 # not yet ported as of x.y.z
or
PYTHON_VERSIONS_INCOMPATIBLE= 33 # py-foo, py-bar
respectively, please use the same style for other packages,
and check during updates.
Use versioned_dependencies.mk where applicable.
Use REPLACE_PYTHON instead of handcoded alternatives, where applicable.
Reorder Makefile sections into standard order, where applicable.
Remove PYTHON_VERSIONS_INCLUDE_3X lines since that will be default
with the next commit.
Whitespace cleanups and other nits corrected, where necessary.
|
|
|
|
|
|
|
|
|
|
|
|
NetBSD 6, requested by tron.
|
|
Recursively bump package revisions again after the "freetype2" and
"fontconfig" handling was fixed.
|
|
to address issues with NetBSD-6(and earlier)'s fontconfig not being
new enough for pango.
While doing that, also bump freetype2 dependency to current pkgsrc
version.
Suggested by tron in PR 47882
|
|
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package
Like last time, where this caused no complaints.
|
|
|
|
|
|
version 2.10.7 (02/13/2013):
Alien hatchery:
* No changes
General:
* The configure script will now exit with status 1 when specifying
invalid protocol plugins using the --with-static-prpls and
--with-dynamic-prpls arguments. (Michael Fiedler) (#15316)
libpurple:
* Fix a crash when receiving UPnP responses with abnormally long values.
(CVE-2013-0274)
* Don't link directly to libgcrypt when building with GnuTLS support.
(Bartosz Brachaczek) (#15329)
* Fix UPnP mappings on routers that return empty <URLBase/> elements
in their response. (Ferdinand Stehle) (#15373)
* Tcl plugin uses saner, race-free plugin loading.
* Fix the Tcl signals-test plugin for savedstatus-changed.
(Andrew Shadura) (#15443)
Pidgin:
* Make Pidgin more friendly to non-X11 GTK+, such as MacPorts' +no_x11
variant.
Gadu-Gadu:
* Fix a crash at startup with large contact list. Avatar support for
buddies will be disabled until 3.0.0. (#15226, #14305)
IRC:
* Support for SASL authentication. (Thijs Alkemade, Andy Spencer)
(#13270)
* Print topic setter information at channel join. (#13317)
MSN:
* Fix SSL certificate issue when signing into MSN for some users.
* Fix a crash when removing a user before its icon is loaded. (Mark
Barfield) (#15217)
MXit:
* Fix a bug where a remote MXit user could possibly specify a local
file path to be written to. (CVE-2013-0271)
* Fix a bug where the MXit server or a man-in-the-middle could
potentially send specially crafted data that could overflow a buffer
and lead to a crash or remote code execution. (CVE-2013-0272)
* Display farewell messages in a different colour to distinguish
them from normal messages.
* Add support for typing notification.
* Add support for the Relationship Status profile attribute.
* Remove all reference to Hidden Number.
* Ignore new invites to join a GroupChat if you're already joined, or
still have a pending invite.
* The buddy's name was not centered vertically in the buddy-list if they
did not have a status-message or mood set.
* Fix decoding of font-size changes in the markup of received messages.
* Increase the maximum file size that can be transferred to 1 MB.
* When setting an avatar image, no longer downscale it to 96x96.
Sametime:
* Fix a crash in Sametime when a malicious server sends us an abnormally
long user ID. (CVE-2013-0273)
Yahoo!:
* Fix a double-free in profile/picture loading code. (Mihai Serban)
(#15053)
* Fix retrieving server-side buddy aliases. (Catalin Salgu) (#15381)
Plugins:
* The Voice/Video Settings plugin supports using the sndio GStreamer
backends. (Brad Smith) (#14414)
* Fix a crash in the Contact Availability Detection plugin. (Mark)
(#15327)
* Make the Message Notification plugin more friendly to non-X11 GTK+,
such as MacPorts' +no_x11 variant.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
are called p5-*.
I hope that's all of them.
|
|
|
|
requested by Thomas Klausner.
|
|
(additionaly, reset PKGREVISION of qt4-* sub packages from base qt4 update)
|
|
|
|
change: fix for buffer overflow in MXit protocol (CVE-2012-3374)
|
|
|
|
version 2.10.4 (05/06/2012):
General:
* Support building against Farstream in addition to Farsight.
(Olivier Crete) (#14936)
IRC:
* Disable periodic WHO timer. IRC channel user lists will no
longer automatically display away status, but libpurple will be
much kinder to the network.
* Print unknown numerics to channel windows if we can associate
them. Thanks to Marien Zwart. (#15090)
MSN:
* Fix a possible crash when receiving messages with certain characters
or character encodings. Thanks to Fabian Yamaguchi for reporting
this!
XMPP:
* Fix a possible crash when receiving a series of specially crafted
file transfer requests. Thanks to José Valentín Gutiérrez for
reporting this! (CVE-2012-2214)
Windows-Specific Changes:
* Words added to spell check dictionaries are saved across restarts of
Pidgin (#11886)
|
|
|
|
|
|
(fixes CVE-2011-3594, CVE-2011-4601, CVE-2011-4602, CVE-2011-4603, CVE-2011-4939
and CVE-2012-1178)
version 2.10.3 (03/26/2012):
* Fix buddies not going offline.
version 2.10.2 (03/14/2012):
General:
* Fix compilation when using binutils 2.22 and new GDK pixbuf. (#14799)
* Fix compilation of the MXit protocol plugin with GLib 2.31. (#14773)
Pidgin:
* Add support for the GNOME3 Network dialog. (#13882)
* Fix rare crash. (#14392)
* Add support for the GNOME3 Default Application dialog for configuring
the Browser.
libpurple:
* Support new connection states and signals for NetworkManager 0.9+.
(Dan Williams) (#13859)
AIM and ICQ:
* Fix a possible crash when receiving an unexpected message
from the server. (Thijs Alkemade) (#14983)
* Allow signing on with usernames containing periods and
underscores. (#13500)
* Allow adding buddies containing periods and underscores. (#13500)
* Don't try to format ICQ usernames entered as email addresses.
Gets rid of an "Unable to format username" error at login. (#13883)
MSN:
* Fix possible crashes caused by not validating incoming messages as
UTF-8. (Thijs Alkemade) (#14884)
* Support new protocol version MSNP18. (#14753)
* Fix messages to offline contacts. (#14302)
Windows-Specific Changes:
* Fix the installer downloading of spell-checking dictionaries (#14612)
* Fix compilation of the Bonjour protocol plugin. (#14802)
Plugins:
* The autoaccept plugin will no longer reset the preference for unknown
buddies to "Auto Reject" in certain cases. (#14964)
version 2.10.1 (12/06/2011):
Finch:
* Fix compilation on OpenBSD.
AIM and ICQ:
* Fix remotely-triggerable crashes by validating strings in a few
messages related to buddy list management. Thanks to Evgeny Boger
for reporting this! (#14682)
Bonjour:
* IPv6 fixes (Linus Lüssing)
Gadu-Gadu:
* Fix problems linking against GnuTLS. (#14544)
IRC:
* Fix a memory leak when admitting UTF-8 text with a non-UTF-8 primary
encoding. (#14700)
Jabber:
* Fix crashes and memory leaks when receiving malformed voice
and video requests. Thanks to Thijs Alkemade for reporting this!
Sametime:
* Separate "username" and "server" when adding new Sametime accounts.
(#14608)
* Fix compilation in Visual C++. (#14608)
SILC:
* Fix CVE-2011-3594, by UTF-8 validating incoming messages before
passing them to glib or libpurple. Identified by Diego Bauche
Madero from IOActive. (#14636)
Yahoo!:
* Fetch buddy icons in some cases where we previously weren't. (#13050)
Windows-Specific Changes:
* Fix compilation
|
|
py-* not affected, since it built different versions depending on the
setting already.
|
|
|
|
|
|
|
|
|
|
a) tiff update to 4.0 (shlib major change)
b) glib2 update 2.30.2 (adds libffi dependency to buildlink3.mk)
Enjoy.
|
|
|
|
|
|
|
|
CVE-2011-3184.
While here, better fix for PR#45190.
chat/finch itself does not depend on devel/nspr.
chat/libpurple without gnutls option, libpurple is linked with nspr,
so it must be handle in libpurple/buildlink3.mk.
version 2.10.0 (08/18/2011):
Pidgin:
* Make the max size of incoming smileys a pref instead of hardcoding it.
(Quentin Brandon) (#5231)
* Added a plugin information dialog to show information for plugins
that aren't otherwise visible in the plugins dialog.
* Fix building with GTK+ earlier than 2.14.0 (GTK+ 2.10 is still the
minimum supported) (#14261)
libpurple:
* Fix a potential crash in the Log Reader plugin when reading QIP logs.
* Fix a large number of strcpy() and strcat() invocations to use
strlcpy() and strlcat(), etc., forestalling an entire class of
string buffer overrun bugs.
(The Electronic Frontier Foundation, Dan Auerbach, Chris Palmer,
Jacob Appelbaum)
* Change some filename manipulations in filectl.c to use MAXPATHLEN
instead of arbitrary length constants. (The Electronic Frontier
Foundation, Dan Auerbach, Chris Palmer, Jacob Appelbaum)
* Fix endianness-related crash in NTLM authentication (Jon Goldberg)
(#14163)
Gadu-Gadu:
* Fixed searching for buddies in public directory. (Tomasz Wasilczyk)
(#5242)
* Better status message handling. (Tomasz Wasilczyk) (#14314)
* Merged two buddy blocking methods. (Tomasz Wasilczyk) (#5303)
* Fix building of the bundled libgadu library with older versions
of GnuTLS. (patch plucked from upstream) (#14365)
ICQ:
* Fix crash selecting Tools->Set Mood when you're online with an
ICQ account that is configured as an AIM account. (#14437)
IRC:
* Fix a crash when remote users have certain characters in their
nicknames. (Discovered by Djego Ibanez) (#14341)
* Fix the handling of formatting following mIRC ^O (#14436)
* Fix crash when NAMES is empty. (James McLaughlin) (#14518)
MSN:
* Fix incorrect handling of HTTP 100 responses when using the HTTP
connection method. This can lead to a crash. (Discovered by Marius
Wachtler)
* Fix seemingly random crashing. (#14307)
* Fix a crash when the account is disconnected at the time we are doing a
SB request. (Hanzz, ported by shlomif) (#12431)
XMPP:
* Do not generate malformed XML ("</>") when setting an empty mood.
(#14342)
* Fix the /join <room> behavior. (Broken when adding support for
<room>@<server>) (#14205)
Yahoo!/Yahoo! JAPAN:
* Fix coming out of idle while in an unavailable state
* Fix logging into Yahoo! JAPAN. (#14259)
Windows-Specific Changes:
* Open an explorer.exe window at the location of the file when clicking
on a file link instead of executing the file, because executing a file
can be potentially dangerous. (Discovered by James Burton of
Insomnia Security) (Fixed by Eion Robb)
|
|
|
