ubuntu/+source/pidgin:ubuntu/oneiric-updates

Last commit made on 2013-02-25
Get this branch:
git clone -b ubuntu/oneiric-updates https://git.launchpad.net/ubuntu/+source/pidgin
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/oneiric-updates
Repository:
lp:ubuntu/+source/pidgin

Recent commits

c16f5b3... by Marc Deslauriers on 2013-02-21

Import patches-unapplied version 1:2.10.0-0ubuntu2.2 to ubuntu/oneiric-security

Imported using git-ubuntu import.

Changelog parent: cbe2b8b74d368d9d760ca6aeb492b4b49249cbae

New changelog entries:
  * SECURITY UPDATE: file overwrite via MXit crafted pathname
    - debian/patches/CVE-2013-0271.patch: properly escape filenames in
      libpurple/protocols/mxit/formcmds.c,
      libpurple/protocols/mxit/splashscreen.c.
    - CVE-2013-0271
  * SECURITY UPDATE: arbitrary code execution via long HTTP header in MXit
    - debian/patches/CVE-2013-0272.patch: properly check lengths in
      libpurple/protocols/mxit/http.c.
    - CVE-2013-0272
  * SECURITY UPDATE: denial of service via long user ID in Sametime
    - debian/patches/CVE-2013-0273.patch: use g_strlcpy in
      libpurple/protocols/sametime/sametime.c.
    - CVE-2013-0273
  * SECURITY UPDATE: denial of service via long UPnP responses
    - debian/patches/CVE-2013-0274.patch: use g_strlcpy in libpurple/upnp.c.
    - CVE-2013-0274

cbe2b8b... by Tyler Hicks on 2012-07-08

Import patches-unapplied version 1:2.10.0-0ubuntu2.1 to ubuntu/oneiric-security

Imported using git-ubuntu import.

Changelog parent: 00d765e907ae0258cfa4b3ff59a8119f902102e6

New changelog entries:
  * SECURITY UPDATE: Remote denial of service via specially crafted AIM or ICQ
    messages (LP: #958208)
    - debian/patches/CVE-2011-4601.patch: Validate incoming messages to
      enforce proper UTF-8 encoding. Based on upstream patch.
    - CVE-2011-4601
  * SECURITY UPDATE: Remote denial of service via specially crafted XMPP voice
    and video chat requests (LP: #958208)
    - debian/patches/CVE-2011-4602.patch: Validate fields in incoming voice
      and video chat requests. Based on upstream patch.
    - CVE-2011-4602
  * SECURITY UPDATE: Remote denial of service via specially crafted SILC
    messages (LP: #958208)
    - debian/patches/CVE-2011-4603.patch: Validate incoming messages to
      enforce proper UTF-8 encoding. Based on upstream patch.
    - CVE-2011-4603
  * SECURITY UPDATE: Remote denial of service via nickname changes in XMPP
    chat rooms (LP: #958208)
    - debian/patches/CVE-2011-4939.patch: Ensure pointer is non-NULL prior to
      dereferencing it. Based on upstream patch.
    - CVE-2011-4939
  * SECURITY UPDATE: Remote denial of service via specially crafted MSN
    offline messages (LP: #958208)
    - debian/patches/CVE-2012-1178.patch: Convert incoming offline messages to
      UTF-8 if they are not already UTF-8. Based on upstream patch.
    - CVE-2012-1178
  * SECURITY UPDATE: Remote denial of service via specially crafted XMPP file
    transfer requests (LP: #996691)
    - debian/patches/CVE-2012-2214.patch: Properly tear down SOCKS5
      connection attempts. Based on upstream patch.
    - CVE-2012-2214
  * SECURITY UPDATE: Remote denial of service via specially crafted MSN
    messages (LP: #996691)
    - debian/patches/CVE-2012-2318.patch: Convert incoming messages to UTF-8,
      then validate the messages. Based on upstream patch.
    - CVE-2012-2318
  * SECURITY UPDATE: Remote denial of service via specially crafted MXit
    messages (LP: #1022012)
    - debian/patches/CVE-2012-3374.patch: Use dynamically allocated memory
      instead of a fixed size buffer. Based on upstream patch.
    - CVE-2012-3374

00d765e... by Mathieu Trudel-Lapierre on 2011-09-24

Import patches-unapplied version 1:2.10.0-0ubuntu2 to ubuntu/oneiric

Imported using git-ubuntu import.

Changelog parent: 67b74d04efdcafa482084ab96ba4a2c4120f0b93

New changelog entries:
  * debian/patches/irc_disable_periodic_who.patch: work around spontaneous
    disconnects from IRC due to 'Max SendQ exceeded' errors caused by periodic
    /who checks. (LP: #856631)

67b74d0... by Mathieu Trudel-Lapierre on 2011-08-25

Import patches-unapplied version 1:2.10.0-0ubuntu1 to ubuntu/oneiric

Imported using git-ubuntu import.

Changelog parent: 55f2de10801ee19b663069ba4ab6bc62a9052266

New changelog entries:
  * New upstream release.
  * debian/patches/60_1024x600_gtkprefs.c.patch: refreshed.

55f2de1... by Mathieu Trudel-Lapierre on 2011-07-29

Import patches-unapplied version 1:2.9.0-3ubuntu1 to ubuntu/oneiric

Imported using git-ubuntu import.

Changelog parent: ef9b9040b1411d7fb0b5e638e037044489bb3b9c

New changelog entries:
  * Merge with Debian; remaining changes: (LP: #802374)
    - debian/libpurple0.symbols: update symbols for epoch.
    - debian/patches/02_lpi.patch: add Launchpad integration support.
    - debian/patches/04_let_crasher_for_apport.patch: stop catching the SIGSEGV
      signal and let apport handle it.
    - debian/patches/05_default_to_irc_ubuntu_com.patch: set the default IRC
      server to irc.ubuntu.com.
    - debian/patches/10_docklet_default_off.patch: default behavior to have no
      notification area icon.
    - debian/patches/11_buddy_list_really_show.patch: the buddy list tries
      harder to appear. This fixes some issues with it not appearing.
    - debian/patches/13_sounds_and_timers.patch: mute notification sounds for
      15 seconds at login time.
    - debian/patches/60_1024x600_gtk*.c.patch: add scrollbars into preferences
      and pounce dialogs
    - debian/prefs.xml: ship extra default settings for notifications, add
      the notification plugin by default and turn on logging by default.
    - debian/rules:
      - use autoreconf.
      - add translation domain for desktop file / update translations.
      - add launcher desktop file for indicator-messages.
    - debian/control:
      - add launchpad-integration, libtool, dh-autoreconf to Build-Depends.
      - drop pidgin-data Depends from libpurple0.
      - drop libpurple0 Depends from libpurple-bin.
      - add pidgin-libnotify as Recommends for pidgin binary.

ef9b904... by Ari Pollak on 2011-07-08

Import patches-unapplied version 2.9.0-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: cf56aab23c3f968323415f74af806bcaaa12345a

New changelog entries:
  * Oops, really enable hardening-wrapper

cf56aab... by Ari Pollak on 2011-07-07

Import patches-unapplied version 2.9.0-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: fd8aef13f1e76470a6bbf732503206ce1254c176

New changelog entries:
  * Fix missing epoch in libgadu-dev build-depends (Closes: #630654 again)
  * Build-depend on fixed version of libgadu-dev that depends on libgnutls-dev
    (Closes: #631979)
  * Use hardening-wrapper (Closes: #632515)

fd8aef1... by Ari Pollak on 2011-06-24

Import patches-unapplied version 2.9.0-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: d7a81e012877df186bdd509c45382ccf98b5b0f5

New changelog entries:
  * Imported Upstream version 2.9.0
    - Fixes denial-of-service vulnerability in buddy icon handling
      (CVE-2011-2485)
  * Re-enable GG and update libgadu-dev version
  * Explicitly disable GG protocol since we don't have libgadu-dev 1.11.0 in
    Debian yet (Closes: #630654)

d7a81e0... by Ari Pollak on 2011-06-14

Import patches-unapplied version 2.8.0-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 38278e3446860aadfe7d670385fdd713b5ce4355

New changelog entries:
  * Imported Upstream version 2.8.0 (Closes: #630124)
  * Remove SILC support since the library will be orphaned (Closes: #629222)
  * Fix typo in libpurple-bin description (Closes: #625462)

38278e3... by Ari Pollak on 2011-05-08

Import patches-unapplied version 2.7.11-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 44c13bbb808630a2fa6ae7d01921aa231b258108

New changelog entries:
  * Add Build-Depends: gconf2, which used to be pulled in by something else
    (Closes: #621940)