ubuntu/+source/pidgin:ubuntu/gutsy-security

Last commit made on 2008-11-24
Get this branch:
git clone -b ubuntu/gutsy-security https://git.launchpad.net/ubuntu/+source/pidgin
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/gutsy-security
Repository:
lp:ubuntu/+source/pidgin

Recent commits

2f37ca0... by Marc Deslauriers on 2008-11-20

Import patches-unapplied version 1:2.2.1-1ubuntu4.3 to ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: 2abaf7b75e3f3275f77111ac1e9f84e06b2dd34d

New changelog entries:
  * SECURITY UPDATE: code execution via integer overflow in the MSN protocol
    handler (LP: #245770)
    - debian/patches/99_SECURITY_CVE-2008-2927.patch: fix
      msn_slplink_process_msg() in src/protocols/msn/slplink.c by checking
      against maximum size G_MAXSIZE.
    - CVE-2008-2927
  * SECURITY UPDATE: denial of service via specially formulated long
    filename (LP: #245769)
    - debian/patches/99_SECURITY_CVE-2008-2955.patch: change
      src/protocols/msn/[slplink.c,slpcall.*] to make sure xfer structure still
      exists before putting dest_fp in it.
    - CVE-2008-2955
  * SECURITY UPDATE: denial of service via resource exhaustion from arbitrary
    URL in UPnP functionality (LP: #245769)
    - debian/patches/99_SECURITY_CVE-2008-2957.patch: modified
      libpurple/[upnp.c,util.*] to add purple_util_fetch_url_request_len() in
      order to limit http downloads to 128k.
    - CVE-2008-2957
  * SECURITY UPDATE: man in the middle attack from lack of certificate
    validation in nss plugin (LP: #251304)
    - debian/patches/99_SECURITY_CVE-2008-3532.patch: modified
      libpurple/plugins/ssl/ssl-nss.c to add certificate validation code.
    - CVE-2008-3532

2abaf7b... by Iain Lane on 2008-07-02

Import patches-unapplied version 1:2.2.1-1ubuntu4.2 to ubuntu/gutsy-proposed

Imported using git-ubuntu import.

Changelog parent: a9ebe8326c938c1c8e4817952b0173e570913cb1

New changelog entries:
  * Apply patch from upstream to fix issue where ICQ would not connect
    (LP: #244591)

a9ebe83... by Stephan Ruegamer on 2007-11-26

Import patches-unapplied version 1:2.2.1-1ubuntu4.1 to ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: 7cda5891c40bff3e7cfc723608f96b76e724b3b7

New changelog entries:
  * SECURITY UPDATE: (LP: #158400)
    + CVE-2007-4999: libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML
      logging, allows remote attackers to cause a denial of service (NULL
      dereference and application crash) via a message that contains invalid HTML
      data, a different vector than CVE-2007-4996.
  * debian/patches/99_CVE-2007-4999.patch:
    - Applied patch by upstream
    - Link: http://developer.pidgin.im/viewmtn/revision/diff/0810c68ce97a8213a5edbf5ffe7c1418915d3dfe/with/aff089bc73ecc6fe8ebbeac670db8be13511fcf4
  * References:
    CVE-2007-4999
    http://developer.pidgin.im/ticket/3436

7cda589... by Sebastien Bacher on 2007-10-10

Import patches-unapplied version 1:2.2.1-1ubuntu4 to ubuntu/gutsy

Imported using git-ubuntu import.

Changelog parent: 986b01f62d3a1637b82674f70077b7e66c8f68ef

New changelog entries:
  * debian/patches/80_from_upstream_fix_irc_formatting_issue.patch:
    - patch from upstream, fix an IRC formatting issue
      (LP: #141201)

986b01f... by Sebastien Bacher on 2007-10-03

Import patches-unapplied version 1:2.2.1-1ubuntu3 to ubuntu/gutsy

Imported using git-ubuntu import.

Changelog parent: fa8fc8193a135bd995cbe8fced4cb28a8adeac48

New changelog entries:
  * debian/control:
    - Build-Depends on libsqlite3-dev (LP: #112720)

fa8fc81... by Sebastien Bacher on 2007-10-02

Import patches-unapplied version 1:2.2.1-1ubuntu2 to ubuntu/gutsy

Imported using git-ubuntu import.

Changelog parent: 423fa774e9498b76d3e7e595c8de0c799c7e9294

New changelog entries:
  * debian/prefs.xml:
    - changes from "Whoopie", don't load docklet.so and use
      "pathlist" rather than "stringlist", fix plugins selections (LP: #144122)

423fa77... by Sebastien Bacher on 2007-10-01

Import patches-unapplied version 1:2.2.1-1ubuntu1 to ubuntu/gutsy

Imported using git-ubuntu import.

Changelog parent: 4890846fcf02fa571063b465d4dd2697de7b75ab

New changelog entries:
  * Sync with Debian
  * New upstream release
    - Fixes remote DoS (crash) in the MSN protocol (CVE-2007-4996)
    - Fixes wrong file transfer size shown on MSN (Closes: #443447)
  * Remove circular dependencies on libpurple0/-bin (Closes: #444148)

4890846... by Sebastien Bacher on 2007-09-19

Import patches-unapplied version 1:2.2.0-1ubuntu1 to ubuntu/gutsy

Imported using git-ubuntu import.

Changelog parent: a2e8d88ce096469f7c97f24ca621566b6ae94c1c

New changelog entries:
  * Sync with Debian (LP: #139686)
  * debian/control:
    - Build-Depends on liblaunchpad-integration-dev, intltool, libnm-glib-dev
    - don't Build-Depends on libsilc-1.1-2-dev | libsilc-dev (>= 1.1.1),
      the library is in universe
    - changed the transition version to use the ubuntu epoch number
    - list gaim transitionnal package for updates
    - pidgin-data Replaces gaim-data
    - updated the maintainer for Ubuntu
  * debian/copyright:
    - build in the source, that's a soyuz requirement to accept the upload
  * debian/gaim.links:
    - gaim compatibility symlinks
  * debian/patches/01_lpi.patch:
    - launchpad integration patch.
  * debian/patches/02_autoconf.patch:
    - configure update
  * debian/patches/04_let_crasher_for_apport.patch:
    - don't catch crashes, apport does that.
    - fixes apport having broken backtraces for gaim
  * debian/patches/14_xulrunner_nss.patch:
    - removed for Ubuntu, firefox nss is used
  * debian/patches/99_default_to_irc_ubuntu_com.patch:
    - set default irc server to irc.ubuntu.com
  * debian/pidgin-dbg.preinst, debian/pidgin-dev.preinst, debian/pidgin.preinst:
    - use the correct transition version
  * debian/prefs.xml:
    - set the notify by default (Ubuntu: #13389)
  * debian/rules:
    - add translation domain and update template
    - build with network-manager and without libsilc
    - don't remove the copyright on clean
  * New upstream version
    - Fixes tabbed window preference (Closes: #440260)
    - Fixes crash in music messaging plugin when sending message to offline
      buddy (Closes: #441852)
    - Adds option to show protocol icons in buddy list (Closes: #432077)
  * pidgin-dev and finch-dev should depend on libpurple-dev (Closes: #441191)
  * Make finch conflict & replace old versions of gaim (closes: #440351)
  [ Laurent Bigonville ]
  * Bump Standards-Version
  * Split finch out of the pidgin package (Closes: #428678)
  * Split libpurple out of the pidgin package (Closes: #421282)
  * Add override file to quiet lintian a bit
  * Remove symlinks for /usr/share/doc/pidgin{,-dev,-dbg} and really install
    them instead
  [ Ari Pollak ]
  * Move gconf schema into pidgin, so only pidgin needs to depend on gconf
  * Make dh_pidgin add a versioned misc:Conflict on the next major version
    of pidgin, in preparation for getting rid of the pidgin (<< 3.0)
    dependency, and adding dh_purple/dh_finch.
  * New upstream version
  * Update new SVN repository information in debian/control
  * Install Finch's window managers correctly (Closes: #438536)
  * New upstream version
    - Fixes a spelling mistake in MSN (Closes: #427170)
    - Fixes a tray icon scaling problem on vertical panels (Closes: #433909)
  * Make package binNMU-safe (Closes: #430101)
  * Add Depends: python
  * New upstream version (Closes: #429222)
  * Enable SILC support (Closes: #260420)
  * 21_purple-remote_syntax.patch:
    - Fix syntax error in purple-remote script (Closes: #429623)
  * New upstream release
    - Should fix some buddy list synchronization crashes (Closes: #424062)
  * Fix gevolution dependency exclusion
  * Add appropriate Conflicts in addition to Replaces
  * Fix dh_pidgin warning due to current lack of package epoch
  * Remove bashism in debian/rules
  * Make pidgin-dev Replaces: gaim-dev (Closes: #422724)

a2e8d88... by Ari Pollak on 2007-05-08

Import patches-unapplied version 2.0.0+dfsg.1-3 to ubuntu/gutsy

Imported using git-ubuntu import.