Hello community, here is the log from the commit of package pidgin for openSUSE:Factory checked in at 2014-11-01 08:13:48 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/pidgin (Old) and /work/SRC/openSUSE:Factory/.pidgin.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "pidgin" Changes: -------- --- /work/SRC/openSUSE:Factory/pidgin/pidgin.changes 2014-08-11 12:30:21.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.pidgin.new/pidgin.changes 2014-11-01 08:13:55.000000000 +0100 @@ -1,0 +2,42 @@ +Fri Oct 24 10:07:47 UTC 2014 - dimstar@opensuse.org + +- Update to version 2.10.10: + + General: + - Check the basic constraints extension when validating + SSL/TLS certificates. This fixes a security hole that allowed + a malicious man-in-the-middle to impersonate an IM server or + any other https endpoint. This affected both the NSS and + GnuTLS plugins (CVE-2014-3694, boo#902495). + - Allow and prefer TLS 1.2 and 1.1 when using the NSS plugin + for SSL (im#15909). + + libpurple3 compatibility: + - Encrypted account passwords are preserved until the new one + is set. + - Fix loading Google Talk and Facebook XMPP accounts. + + Windows-Specific Changes: Don't allow overwriting arbitrary + files on the file system when the user installs a smiley theme + via drag-and-drop (CVE-2014-3697). + + Finch: Fix build against Python 3 (im#15969). + + Gadu-Gadu: Updated internal libgadu to version 1.12.0. + + Groupwise: Fix potential remote crash parsing server message + that indicates that a large amount of memory should be + allocated (CVE-2014-3696, boo#902410). + + IRC: Fix a possible leak of unencrypted data when using /me + command with OTR (im#15750). + + MXit: Fix potential remote crash parsing a malformed emoticon + response (CVE-2014-3695, boo#902409). + + XMPP: + - Fix potential information leak where a malicious XMPP server + and possibly even a malicious remote user could create a + carefully crafted XMPP message that causes libpurple to send + an XMPP message containing arbitrary memory (CVE-2014-3698, + boo#902408). + - Fix Facebook XMPP roster quirks (im#15041, im#15957). + + Yahoo: Fix login when using the GnuTLS library for TLS + connections (im#16172, boo#874606). +- Drop pidgin-gstreamer1.patch: causes crashes and Video still does + not work (boo#853038). Drop BuildRequires conditions switching to + GStreamer 1.0. +- Rebase pidgin-crash-missing-gst-registry.patch. + +------------------------------------------------------------------- Old: ---- pidgin-2.10.9.tar.bz2 pidgin-gstreamer1.patch New: ---- pidgin-2.10.10.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pidgin.spec ++++++ --- /var/tmp/diff_new_pack.mYtXS3/_old 2014-11-01 08:13:56.000000000 +0100 +++ /var/tmp/diff_new_pack.mYtXS3/_new 2014-11-01 08:13:56.000000000 +0100 @@ -28,11 +28,11 @@ Summary: Multiprotocol Instant Messaging Client License: GPL-2.0+ Group: Productivity/Networking/Instant Messenger -Version: 2.10.9 +Version: 2.10.10 Release: 0 # FIXME: Remove unconditional --disable-vv parameter from configure once pidgin is ported to farstream 0.2 Url: http://www.pidgin.im/ -Source: http://downloads.sourceforge.net/project/pidgin/Pidgin/2.10.9/%{name}-%{version}.tar.bz2 +Source: http://downloads.sourceforge.net/project/pidgin/Pidgin/%{version}/%{name}-%{version}.tar.bz2 Source1: pidgin-NLD-smiley-theme.tar.bz2 Source2: pidgin-Tango-smiley-theme.tar.bz2 Source3: pidgin-prefs.xml @@ -44,8 +44,6 @@ Patch14: pidgin-mono-buildfix.patch # PATCH-FIX-OPENSUSE pidgin-fix-perl-build.patch vuntz@opensuse.org -- Revert http://developer.pidgin.im/viewmtn/revision/info/f32151852a00fb5abd3fdccdd8d... as it breaks the build Patch15: pidgin-fix-perl-build.patch -# PATCH-FEATURE-UPSTREAM pidgin-gstreamer1.patch https://developer.pidgin.im/ticket/15386 dimstar@opensuse.org -- Port to GStreamer 1.0 -Patch17: pidgin-gstreamer1.patch # PATCH-FIX-UPSTREAM pidgin-ssl-cache.patch pidgin.im#11568 tbehrens@suse.com -- Disable caching the SSL Session keys, as some (broken) IRC servers are not willing to re-use them upon a disconnect. Patch18: pidgin-ssl-cache.patch # PATCH-FIX-UPSTREAM pidgin-crash-missing-gst-registry.patch bnc#866455 pidgin.im#16224 cxiong@suse.com -- fix crash when GST registry cache file is missing. @@ -133,19 +131,9 @@ BuildRequires: translation-update-upstream %endif BuildRequires: NetworkManager-devel -BuildRequires: update-desktop-files -%if %suse_version > 1230 -BuildRequires: gstreamer-devel -BuildRequires: gstreamer-plugins-base-devel -%else -%if %suse_version > 1030 BuildRequires: gstreamer-0_10-devel BuildRequires: gstreamer-0_10-plugins-base-devel -%else -BuildRequires: gstreamer010-devel -BuildRequires: gstreamer010-plugins-base-devel -%endif -%endif +BuildRequires: update-desktop-files %if %suse_version > 1020 BuildRequires: dbus-1-glib-devel BuildRequires: silc-toolkit-devel @@ -417,7 +405,6 @@ %patch14 -p1 %patch15 -p1 %if 0%{?suse_version} >= 1310 -%patch17 -p1 %patch18 -p0 %patch19 -p1 %endif ++++++ pidgin-2.10.9.tar.bz2 -> pidgin-2.10.10.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/pidgin/pidgin-2.10.9.tar.bz2 /work/SRC/openSUSE:Factory/.pidgin.new/pidgin-2.10.10.tar.bz2 differ: char 11, line 1 ++++++ pidgin-crash-missing-gst-registry.patch ++++++ --- /var/tmp/diff_new_pack.mYtXS3/_old 2014-11-01 08:13:56.000000000 +0100 +++ /var/tmp/diff_new_pack.mYtXS3/_new 2014-11-01 08:13:56.000000000 +0100 @@ -1,7 +1,7 @@ -diff --git a/pidgin/gtkmain.c b/pidgin/gtkmain.c -index 6e828fc..e690d58 100644 ---- a/pidgin/gtkmain.c -+++ b/pidgin/gtkmain.c +Index: pidgin-2.10.10/pidgin/gtkmain.c +=================================================================== +--- pidgin-2.10.10.orig/pidgin/gtkmain.c ++++ pidgin-2.10.10/pidgin/gtkmain.c @@ -75,7 +75,7 @@ #endif @@ -11,19 +11,12 @@ #ifdef HAVE_SIGNAL_H -@@ -523,7 +523,15 @@ int main(int argc, char *argv[]) - #endif - - /* Initialize GThread before calling any Glib or GTK+ functions. */ -+#if !GLIB_CHECK_VERSION(2, 32, 0) -+ /* GLib threading system is automaticaly initialized since 2.32. -+ * For earlier versions, it have to be initialized before calling any -+ * Glib or GTK+ functions. -+ */ +@@ -528,6 +528,8 @@ int main(int argc, char *argv[]) + */ g_thread_init(NULL); -+#endif -+ /* make sure Gst is initialized before any other Glib/Gst calls (see Gst docs) */ -+ gst_init(NULL, NULL); + #endif ++ /* make sure Gst is initialized before any other Glib/Gst calls (see Gst docs) */ ++ gst_init(NULL, NULL); g_set_prgname("Pidgin"); -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org