ubuntu/+source/pidgin:ubuntu/jaunty-devel

Last commit made on 2010-02-22
Get this branch:
git clone -b ubuntu/jaunty-devel https://git.launchpad.net/ubuntu/+source/pidgin
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/jaunty-devel
Repository:
lp:ubuntu/+source/pidgin

Recent commits

ca715f0... by Marc Deslauriers on 2010-02-18

Import patches-unapplied version 1:2.5.5-1ubuntu8.6 to ubuntu/jaunty-security

Imported using git-ubuntu import.

Changelog parent: baf18c933dc975091bd97c3b0cfd29b6a7d66dca

New changelog entries:
  * SECURITY UPDATE: denial of service via malformed SLP message
    - debian/patches/85_security_CVE-2010-0277.patch: validate input in
      libpurple/protocols/msn/{slp.c,slpcall.c,slplink.c,slpmsg.h}.
    - CVE-2010-0277
  * SECURITY UPDATE: denial of service via certain nicknames in Finch
    - debian/patches/86_security_CVE-2010-0420.patch: properly unescape
      text in finch/libgnt/gnttree.c, libpurple/protocols/bonjour/parser.c,
      libpurple/protocols/jabber/parser.c, libpurple/xmlnode.c.
    - CVE-2010-0420
  * SECURITY UPDATE: denial of service via large number of smileys
    - debian/patches/87_security_CVE-2010-0423.patch: limit the number of
      smileys in pidgin/gtkimhtml.c.
    - CVE-2010-0423

baf18c9... by Marc Deslauriers on 2010-01-14

Import patches-unapplied version 1:2.5.5-1ubuntu8.5 to ubuntu/jaunty-security

Imported using git-ubuntu import.

Changelog parent: 375e3de6fc0e195388e8f8e4602924383c5fd2ae

New changelog entries:
  * SECURITY UPDATE: denial of service via TOPIC message
    - debian/patches/79_security_CVE-2009-2703.patch: validate args in
      libpurple/protocols/irc/msgs.c.
    - CVE-2009-2703
  * SECURITY UPDATE: information disclosure via incorrect jabber TLS
    handling
    - debian/patches/80_security_CVE-2009-3026.patch: bail out if
      encryption is not available in libpurple/protocols/jabber/auth.c.
    - CVE-2009-3026
  * SECURITY UPDATE: denial of service via malformed SLP invite message
    - debian/patches/81_security_CVE-2009-3083.patch: validate branch,
      content_type and content in libpurple/protocols/msn/slp.c.
    - CVE-2009-3083
  * SECURITY UPDATE: denial of service via XHTML-IM content with cid: images
    - debian/patches/82_security_CVE-2009-3085.patch: validate raw_data in
      libpurple/protocols/jabber/data.c.
    - CVE-2009-3085
  * SECURITY UPDATE: denial of service via crafted contact list data
    - debian/patches/83_security_CVE-2009-3615.patch: validate contact
      list structure in libpurple/protocols/oscar/oscar.c.
    - CVE-2009-3615
  * SECURITY UPDATE: directory traversal via custom smiley request
    (LP: #501089)
    - debian/patches/84_security_CVE-2010-0013.patch: ignore request for
      smileys that don't exist in the image store in
      libpurple/protocols/msn/slp.c, backport purple_strequal in
      libpurple/util.{c,h}.
    - CVE-2010-0013

375e3de... by Marc Deslauriers on 2009-08-19

Import patches-unapplied version 1:2.5.5-1ubuntu8.4 to ubuntu/jaunty-security

Imported using git-ubuntu import.

Changelog parent: 0727c238b05daeebb362b16554da33b12adf6bd0

New changelog entries:
  * SECURITY UPDATE: arbitrary code execution via crafted MSNSLP packet
    (LP: #415863)
    - debian/patches/78_security_CVE-2009-2694.patch: properly destroy
      slpmsg in libpurple/protocols/{msn,msnp9}/slplink.c.
    - CVE-2009-2694

0727c23... by Marc Deslauriers on 2009-07-03

Import patches-unapplied version 1:2.5.5-1ubuntu8.3 to ubuntu/jaunty-security

Imported using git-ubuntu import.

Changelog parent: ccb89420dae9b8431b2706812820739139d54116

New changelog entries:
  * SECURITY UPDATE: denial of service via ICQWebMessage message type in
    OSCAR protocol. (LP: #393736)
    - debian/patches/77_security_CVE-2009-1889.patch: make the check better
      in libpurple/protocols/oscar/oscar.c, only allocate memory if len is
      valid in libpurple/protocols/oscar/bstream.c.
    - CVE-2009-1889

ccb8942... by Iain Lane on 2009-06-25

Import patches-unapplied version 1:2.5.5-1ubuntu8.2 to ubuntu/jaunty-proposed

Imported using git-ubuntu import.

Changelog parent: 589abef10b6014706971c8610e03cc466e82d7a2

New changelog entries:
  * debian/patches/50_yahoo_16_auth.patch: Add patch backported from upstream
    version 2.5.7 to fix connection problems connection to Yahoo! instant
    messenger. Previous versions of pidgin were using an old authentication
    method which was disabled by Yahoo!. This patch switches to using the new
    authentication method, version 16. (LP: #389322) References:
    - http://theflamingbanker.blogspot.com/2009/06/some-clarification-on-yahoo-issues.html
    - http://developer.pidgin.im/ticket/8853

589abef... by Marc Deslauriers on 2009-05-25

Import patches-unapplied version 1:2.5.5-1ubuntu8.1 to ubuntu/jaunty-security

Imported using git-ubuntu import.

Changelog parent: 6084ad29890de7051ab80fcfd64c620d75528ca0

New changelog entries:
  * SECURITY UPDATE: denial of service or possible code execution in XMPP
    file transfer
    - debian/patches/73_security_CVE-2009-1373.patch: calculate lengths
      correctly in libpurple/protocols/jabber/si.c.
    - CVE-2009-1373
  * SECURITY UPDATE: denial of service in the QQ protocol decryption
    handler
    - debian/patches/74_security_CVE-2009-1374.patch: make sure count64
      hasn't reached zero in libpurple/protocols/qq/qq_crypt.c.
    - CVE-2009-1374
  * SECURITY UPDATE: denial of service in PurpleCircBuffer object expansion
    - debian/patches/75_security_CVE-2009-1375.patch: add an additional
      check in libpurple/circbuffer.c.
    - CVE-2009-1375
  * SECURITY UPDATE: arbitrary code execution via crafted MSN message
    - debian/patches/76_security_CVE-2009-1376.patch: switch offset
      variable to guint64 in libpurple/protocols/msn/slplink.c.
    - CVE-2009-1376

6084ad2... by Sebastien Bacher on 2009-04-09

Import patches-unapplied version 1:2.5.5-1ubuntu8 to ubuntu/jaunty

Imported using git-ubuntu import.

Changelog parent: 9e5839f501a973346d1a594d5e89be7e0ac34115

New changelog entries:
  * debian/patches/72_upstream_change_fix_jabber_crasher.patch:
    - upstream change to fix crash on jabber when using a custom image
      (lp: #357949)

9e5839f... by Sebastien Bacher on 2009-04-08

Import patches-unapplied version 1:2.5.5-1ubuntu7 to ubuntu/jaunty

Imported using git-ubuntu import.

Changelog parent: 2c4efd73c06e5fccf35379a4bc7ec3285ce0cfd9

New changelog entries:
  * debian/patches/71_upstream_change_fix_ssl_crasher.patch:
    - upstream change to fix a crasher issue which has lot of duplicate
      (lp: #328878, #341434, #354272)

2c4efd7... by Ken VanDine on 2009-04-08

Import patches-unapplied version 1:2.5.5-1ubuntu6 to ubuntu/jaunty

Imported using git-ubuntu import.

Changelog parent: d5ef89117822bc5cb45be8b2d66e52566ef1613e

New changelog entries:
  * debian/patches/62_dbus_fix.patch:
    - The buddy list should be raised when launching a second time, this patch
      from darkrain42 fixes a bug that prevented that behavior (LP: #354298)

d5ef891... by Ken VanDine on 2009-04-01

Import patches-unapplied version 1:2.5.5-1ubuntu5 to ubuntu/jaunty

Imported using git-ubuntu import.

Changelog parent: 05ab58995df530e9a423eb8ae9b49d19d61935c9

New changelog entries:
  * debian/patches/61_crash_on_close_349009.patch
    - Patch from darkrain42 to fix a crasher bug triggered by closing
      the buddy list with chat rooms open (LP: #349009)
  * Adding debian/patches/13_sounds_and_timers.patch which adjusts
    the time out for sounds to be 15 seconds, which helps get
    fewer spurious login notifications on slow connections. Also,
    switches a few long term timers to _add_seconds to get a little
    bit of power savings. (LP: #345494)