ubuntu/+source/pidgin:ubuntu/hardy-proposed

Last commit made on 2009-10-30
Get this branch:
git clone -b ubuntu/hardy-proposed https://git.launchpad.net/ubuntu/+source/pidgin
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/hardy-proposed
Repository:
lp:ubuntu/+source/pidgin

Recent commits

faeb939... by Chris Coulson on 2009-10-30

Import patches-unapplied version 1:2.4.1-1ubuntu2.7 to ubuntu/hardy-proposed

Imported using git-ubuntu import.

Changelog parent: dd3cab1f8ec8d9f80893b202e9bd8f22af3337ee

New changelog entries:
  * debian/patches/86_yahoo_protocol_fix.patch:
    - Backport upstream changes to use version 16 of the Yahoo!
      Messenger Protocol. The old authentication mechanism was
      disabled, meaning that it can no longer be used for signing in
      to Yahoo! services (LP: #389322)

dd3cab1... by Marc Deslauriers on 2009-08-19

Import patches-unapplied version 1:2.4.1-1ubuntu2.6 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: a32b16d6fc4dd07c2b3e2cf635bd2dfb75d6a683

New changelog entries:
  * SECURITY UPDATE: arbitrary code execution via crafted MSNSLP packet
     (LP: #415863)
    - debian/patches/85_security_CVE-2009-2694.patch: properly destroy
      slpmsg in libpurple/protocols/{msn,msnp9}/slplink.c.
    - CVE-2009-2694

a32b16d... by Marc Deslauriers on 2009-07-03

Import patches-unapplied version 1:2.4.1-1ubuntu2.5 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 4785d7871cb9c58abd8061309b8f214fa5bce20a

New changelog entries:
  * SECURITY UPDATE: denial of service via ICQWebMessage message type in
    OSCAR protocol. (LP: #393736)
    - debian/patches/84_security_CVE-2009-1889.patch: make the check better
      in libpurple/protocols/oscar/oscar.c, only allocate memory if len is
      valid in libpurple/protocols/oscar/bstream.c.
    - CVE-2009-1889

4785d78... by Marc Deslauriers on 2009-05-25

Import patches-unapplied version 1:2.4.1-1ubuntu2.4 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 855e7b11fd1908cbb43bb4094d580bebbbb2119a

New changelog entries:
  * SECURITY UPDATE: denial of service or possible code execution in XMPP
    file transfer
    - debian/patches/81_security_CVE-2009-1373.patch: calculate lengths
      correctly in libpurple/protocols/jabber/si.c.
    - CVE-2009-1373
  * SECURITY UPDATE: denial of service in PurpleCircBuffer object expansion
    - debian/patches/82_security_CVE-2009-1375.patch: add an additional
      check in libpurple/circbuffer.c.
    - CVE-2009-1375
  * SECURITY UPDATE: arbitrary code execution via crafted MSN message
    - debian/patches/83_security_CVE-2009-1376.patch: switch offset
      variable to guint64 in libpurple/protocols/msn/slplink.c.
    - CVE-2009-1376

855e7b1... by Didier Roche on 2009-03-10

Import patches-unapplied version 1:2.4.1-1ubuntu2.3 to ubuntu/hardy-proposed

Imported using git-ubuntu import.

Changelog parent: 2a74ca509d3c168bf6a1fcfc5e7d7c6cad2a56a0

New changelog entries:
  * Apply upstream patch to fix connexion issue with new ICQ
    protocol: debian/patches/80_fix_ICQ_new_protocol.patch (LP: #340151)

2a74ca5... by Marc Deslauriers on 2008-11-21

Import patches-unapplied version 1:2.4.1-1ubuntu2.2 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: f6c0f129eb5a16fd4765ac8aab4c550bd0271bc3

New changelog entries:
  * SECURITY UPDATE: code execution via integer overflow in the MSN protocol
    handler (LP: #245770)
    - debian/patches/71_SECURITY_CVE-2008-2927.patch: fix
      msn_slplink_process_msg() in src/protocols/msn/slplink.c and src/
      protocols/msnp9/slplink.c by checking against maximum size G_MAXSIZE.
    - CVE-2008-2927
  * SECURITY UPDATE: denial of service via specially formulated long
    filename (LP: #245769)
    - debian/patches/72_SECURITY_CVE-2008-2955.patch: change
      src/protocols/msn/[slplink.c,slpcall.*] to make sure xfer structure still
      exists before putting dest_fp in it.
    - CVE-2008-2955
  * SECURITY UPDATE: denial of service via resource exhaustion from arbitrary
    URL in UPnP functionality (LP: #245769)
    - debian/patches/73_SECURITY_CVE-2008-2957.patch: modified
      libpurple/[upnp.c,util.*] to add purple_util_fetch_url_request_len() in
      order to limit http downloads to 128k.
    - CVE-2008-2957
  * SECURITY UPDATE: man in the middle attack from lack of certificate
    validation in nss plugin (LP: #251304)
    - debian/patches/74_SECURITY_CVE-2008-3532.patch: modified
      libpurple/plugins/ssl/ssl-nss.c to add certificate validation code.
    - CVE-2008-3532

f6c0f12... by Iain Lane on 2008-07-02

Import patches-unapplied version 1:2.4.1-1ubuntu2.1 to ubuntu/hardy-proposed

Imported using git-ubuntu import.

Changelog parent: eebeca352a16e1bfd9d3736d37b8a5231abf43a2

New changelog entries:
  * Apply patch from upstream to fix issue where ICQ would not connect
    (LP: #244591)

eebeca3... by Sebastien Bacher on 2008-04-09

Import patches-unapplied version 1:2.4.1-1ubuntu2 to ubuntu/hardy

Imported using git-ubuntu import.

Changelog parent: 3cc61c90a1f7ce5760b68a983d75108152d1b19c

New changelog entries:
  * rebuild due to liblaunchpad-integration soname change

3cc61c9... by Pedro Fragoso on 2008-04-04

Import patches-unapplied version 1:2.4.1-1ubuntu1 to ubuntu/hardy

Imported using git-ubuntu import.

Changelog parent: a2e8d88ce096469f7c97f24ca621566b6ae94c1c

New changelog entries:
  * Sync with Debian, remaining Ubuntu changes; (LP: #211769)
    - debian/control:
      + Set Maintainer to Ubuntu Core Developers.
      + Add build-deps on liblaunchpad-integration-dev, intltool,
        libnm-glib-dev (for --enable-nm)
      + Drop build-deps on libsilc-1.1-2-dev | libsilc-dev (>= 1.1.1) as
        this library is in universe.
      + Drop the libpurple0 recommends on libpurple-bin.
      + Add a gaim transitionnal package for upgrades.
      + Moved finch's libx11-6 dependency to Suggests
    - Ship compatibility symlinks via debian/gaim.links
    - debian/rules:
      + Pass --enable-nm to configure to enable NetworkManager support
      + Pass --disable-silc to configure to disable silc support even if
        it's installed in the build environment.
      + Add X-Ubuntu-Gettext-Domain to the desktop file and update the
        translation templates in common-install-impl::.
      + Added necessary arguments to dh_shlibdeps for finch
    - Update debian/prefs.xml to set the notify plugin prefs
      /plugins/gtk/X11/notify/* and set /pidgin/plugins/loaded to load
      the notify plugin
    - debian/patches:
      + 02_lpi for LP integration
      + 04_let_crasher_for_apport to stop catching the SIGSEGV signal
        and let apport handle it
      + 05_default_to_irc_ubuntu_com to set the default IRC
        server to irc.ubuntu.com.
      + 70_autoconf patch
  * New upstream release
    - Fixes crash in XMPP if network connection goes down after resume
      (Closes: #472057)
  * Add finch.pc to finch-dev
  * debian/patches/22_zephyr-crash.patch:
    - Add patch from upstream to prevent crash in Zephyr when reading
      accounts.xml file (Closes: #470947)
  * debian/patches/23_empty-edit.patch:
    - Add patch from upstream to prevent an invisible edit box in
      message windows (Closes: #471365)
  * debian/patches/24_debian-gconf.patch:
    - Fix an earlier screwup where we set /pidgin/browsers/command in
      prefs.xml as a string when it should've been a path, so it was never
      recognized properly and prevented people from using a custom browser if
      they had run 2.3.1-1. (Closes: #472929)
  * New upstream release
  * Install manpages into their appropriate packages, not pidgin-data
    (Closes: #459908)
  * Seed libpurple0.symbols file
  * Build with -fstack-protector
  * Add ${perl:Depends} to libpurple0 and pidgin to get the proper perlapi
    versioning (Closes: #463143)
  * Fix syntax problem in pidgin manpage (Closes: #463021)
  * Make libpurple0 shlibs slightly looser by making it
    >= MAJOR.MINOR.0 instead of >= VERSION.
  * Change browser command in /etc/purple/prefs.xml to be of type
    'path' instead of 'string', to match what is set by pidgin.
    Thanks to Will Thompson for the fix. (Closes: #456441)
  * Fix FTBFS when doing a "make docs" by adding an appropriate $(top_srcdir)
    before the path to an included file. (Closes: #454549)
  * New upstream release
    - Fixes problems logging into MSN (Closes: #454592)
    - Fixes MSN display name randomly changing (Closes: #454490)
  * New upstream release
    - Fixes Jabber crash in non-UTF-8 locale (Closes: #436236)
    - Fixes problem entering password manually into Jabber (Closes: #446365)
  * 21_zephyr-external.patch
    - Apply patch from Klee Dienes to fix the Zephyr protocol when
      compiled against the system library, as we do (Closes: #451165)
  * Build the Contact Availability Prediction plugin, and make sqlite optional
    (Closes: #448096)
  * Remove 14_xulrunner_nss patch and bump build-depends for libnss3-dev
    (Closes: #450402)
  * New upstream version
    - Fixes a possible crash when parsing invalid HTML (CVE-2007-4999)
  * 00_debian-ca-certs.patch:
    - Make the X.509 certificate authority code look in /etc/ssl/certs and
      make libpurple0 Recommend: ca-certificates. As far as I know
      this is not used in any protocols yet.
  * Fix dpkg-shlibdeps warning when trying to resolve plugin dependencies
    (by making an shlibs.local with empty libjabber and liboscar entries),
    since this will be a failure in the experimental version of dpkg
  * New upstream release
    - Fixes remote DoS (crash) in the MSN protocol (CVE-2007-4996)
    - Fixes wrong file transfer size shown on MSN (Closes: #443447)
  * Remove circular dependencies on libpurple0/-bin (Closes: #444148)
  * New upstream version
    - Fixes tabbed window preference (Closes: #440260)
    - Fixes crash in music messaging plugin when sending message to offline
      buddy (Closes: #441852)
    - Adds option to show protocol icons in buddy list (Closes: #432077)
  * pidgin-dev and finch-dev should depend on libpurple-dev (Closes: #441191)
  * Make finch conflict & replace old versions of gaim (closes: #440351)
  [ Laurent Bigonville ]
  * Bump Standards-Version
  * Split finch out of the pidgin package (Closes: #428678)
  * Split libpurple out of the pidgin package (Closes: #421282)
  * Add override file to quiet lintian a bit
  * Remove symlinks for /usr/share/doc/pidgin{,-dev,-dbg} and really install
    them instead
  [ Ari Pollak ]
  * Move gconf schema into pidgin, so only pidgin needs to depend on gconf
  * Make dh_pidgin add a versioned misc:Conflict on the next major version
    of pidgin, in preparation for getting rid of the pidgin (<< 3.0)
    dependency, and adding dh_purple/dh_finch.
  * New upstream version
  * Update new SVN repository information in debian/control
  * Install Finch's window managers correctly (Closes: #438536)
  * New upstream version
    - Fixes a spelling mistake in MSN (Closes: #427170)
    - Fixes a tray icon scaling problem on vertical panels (Closes: #433909)
  * Make package binNMU-safe (Closes: #430101)
  * Add Depends: python
  * New upstream version (Closes: #429222)
  * Enable SILC support (Closes: #260420)
  * 21_purple-remote_syntax.patch:
    - Fix syntax error in purple-remote script (Closes: #429623)
  * New upstream release
    - Should fix some buddy list synchronization crashes (Closes: #424062)
  * Fix gevolution dependency exclusion
  * Add appropriate Conflicts in addition to Replaces
  * Fix dh_pidgin warning due to current lack of package epoch
  * Remove bashism in debian/rules
  * Make pidgin-dev Replaces: gaim-dev (Closes: #422724)

a2e8d88... by Ari Pollak on 2007-05-08

Import patches-unapplied version 2.0.0+dfsg.1-3 to ubuntu/gutsy

Imported using git-ubuntu import.