Changelog for
libpurple-lang-2.7.10-4.53.1.noarch.rpm :
Fri Mar 1 13:00:00 2013 lijewski.stefanAATTgmail.com
- bnc#804742 patches: pidgin-CVE-2013-0272.patch,
pidgin-CVE-2013-0273.patch, pidgin-CVE-2013-0274.patch
- Fix a crash when receiving UPnP responses with abnormally long
values. (CVE-2013-0274)
- Fix a crash in Sametime when a malicious server sends us an
abnormally long user ID. (CVE-2013-0273)
- Fix a bug where the MXit server or a man-in-the-middle could
potentially send specially crafted data that could overflow a buffer
and lead to a crash or remote code execution.(CVE-2013-0272)
Mon Jul 16 14:00:00 2012 dmzhangAATTsuse.com
- bnc#752275, CVE-2012-1178, Pidgin fails to verify the text\'s utf-8 encoding
Tue Jul 3 14:00:00 2012 dmzhangAATTsuse.com
- bnc#761155, CVE-2012-2318, remote crash via specially-crafted
MSN notification message
Fri Dec 16 13:00:00 2011 dmzhangAATTsuse.com
- add pidgin-2.7.10.tar.bz2 to package, prevent from downloading from upstream when building
- bnc#736147, CVE-2011-4601, crash in oscar protocol
- bnc#736161, CVE-2011-4603, SILC remote crash on channel messages
- bnc#736162, CVE-2011-4602, Multiple NULL pointer deference flaws in the XMPP
- bnc#736189, CVE-2011-1091, multiple NULL pointer dereference flaws in Yahoo protocol plug-in
Thu Nov 24 13:00:00 2011 dmzhangAATTsuse.com
- bnc#722199,CVE-2011-3594,libpurple vulnerability in SILC protocol handling
Sun Feb 13 13:00:00 2011 vuntzAATTopensuse.org
- Add pidgin-fix-perl-build.patch to fix the build: some change
upstream was apparently wrong, and we\'ll need to investigate this
later.
Sat Feb 12 13:00:00 2011 vuntzAATTopensuse.org
- Call relevant macros in %post/%postun:
+ %desktop_database_post/postun because the package ships at
least one desktop file.
+ %icon_theme_cache_post/postun because the package ships themed
icons.
- Pass %{?no_lang_C} to %find_lang so that english documentation
can be packaged with the program, and not in the lang subpackage.
- Change Requires of lang subpackage to Recommends, since the
english documentation is not there anymore.
Wed Feb 2 13:00:00 2011 christoph.miebachAATTweb.de
- Update to version 2.7.10
+ General:
- Force video sources to all have the same capabilities. This
reduces the number of times video must be scaled down, saving
CPU time.
- Starting multiple video calls and ending one no longer causes
the other calls to stop sending audio and video.
- Perl bindings now respect LDFLAGS.
- Added AddTrust External Root CA.
- Resolve some issues validating X.509 certificates signed off
the CAcert Class 3 intermediate cert when using the GnuTLS
SSL/TLS plugin.
+ Gadu-Gadu:
- Don\'t drop whole messages when text is colored.
+ Groupwise:
- Don\'t show two windows when using \"Get Info\" on a buddy.
+ IRC:
- Don\'t send ISON messages longer than 512 bytes.
+ libpurple:
- Stop sending audio when placing a call on hold.
- Stop translating gpointers to ints in the dbus API. This
removes functions from the dbus API.
- Fix D-Bus introspection calls that omit the interface
parameter.
- Fixed bugs in purple_str_to_time() that caused the most
recent \'make check\' failures.
- Correct an issue that caused some UIs other than Pidgin or
Finch to leave a buddy in the \"is typing\" state.
- Fix potential information disclosure issues in the Cipher
code.
+ Pidgin:
- Support using the Page Up and Page Down keys on the numeric
keypad in the conversation window.
- Fix a few memory leaks.
- Support rendering strikethrough when received as in-line CSS.
- Editable comboboxes are now more friendly to some GTK+
themes.
+ Plugins:
- The Voice/Video Settings plugin no longer resets selected
devices to defaults.
- The Voice/Video Settings plugin no longer crashes when a
stored device name is not found in the list of available
devices.
- The Autoaccept plugin now allows disabling filename escaping.
- The Autoaccept plugin now allows choosing Reject/Ask/Accept
for non-buddies.
+ QQ:
- QQ2008 is now the default protocol version.
+ XMPP:
- Don\'t crash when receiving an unexpected/invalid jingle
transport type.
- Handle Connection: Close headers for BOSH, when the server
does not terminate the connection itself.
- Improved parsing for DIGEST-MD5, which should resolve issues
connecting to some jabberd2 servers. This corrects an issue
parsing one-character or empty elements.
+ Yahoo!/Yahoo! JAPAN:
- Fix a crash when an account disconnects before a p2p session
is completely set up.
- Drop pidgin-dbus-invalid-gpointer.patch: fixed upstream.
Mon Dec 27 13:00:00 2010 dimstarAATTopensuse.org
- Update to version 2.7.9:
+ MSN:
- Fix a crash when receiving short packets related to P2Pv2.
Mon Dec 20 13:00:00 2010 vuntzAATTopensuse.org
- Update to version 2.7.8:
+ General:
- Fix the exceptions in purple-remote on Python 2.6+.
+ Pidgin:
- When a conversation has reached the maximum limit on the
number of smileys, display the text representation of the
smiley properly when it contains HTML-escapable characters
(e.g. \"<3\" was previously displayed as \"<3\").
- Drop dependency on GdkGC and use Cairo instead.
- New UI hack to assist in first-time setup of Facebook
accounts.
- Don\'t hide the buddy list if there is no notification area in
which to put the icon.
+ libpurple:
- Fix multipart parsing when \'=\' is included in the boundary
for purple_mime_document_parse.
+ AIM and ICQ:
- Buddies who unset their status message will now be correctly
shown without a message in your buddy list.
+ Gadu-Gadu:
- Updated our bundled libgadu and minimum requirement for
external libgadu to 1.9.0.
+ MSN:
- Stop showing ourselves in the list of endpoints that can be
disconnected.
- Allow full-size display names, by not escaping (most)
non-English characters.
- Fix receiving messages from users on Yahoo and other
federated services.
- Correctly remove old endpoints from the list when they sign
out.
- Add option to disable connections from multiple locations.
- Correctly update your own display name in the buddy list.
- Correctly show ourselves as offline in the buddy list when
going invisible.
- Correctly update your own icon in the buddy list.
- Remove struct packing for better portability.
+ XMPP:
- Terminate Jingle sessions with unsupported content types.
- Own the directories for the mhr locale, until bnc#659001 is
resolved.
Tue Nov 30 13:00:00 2010 dimstarAATTopensuse.org
- Drop pidgin-nonblock-aim.patch: Does not apply and seems
obsoleted. Part of bnc#569271.
Thu Nov 25 13:00:00 2010 christoph.miebachAATTweb.de
- Update to version 2.7.7:
+ General:
- Allow multiple CA certificates to share the same
Distinguished Name (DN). Partially fixes remaining MSN
issues.
- The GNUTLS SSL plugin now discards any certificate (and all
subsequent certificates) in a chain if it did not sign the
previous certificate. Partially fixes remaining MSN issues.
- Open requests related to a file transfer are now closed when
the request is cancelled locally.
+ AIM and ICQ:
- AIM should now connect if \"Use clientLogin\" is turned off and
the \"Server\" field is set to anything other than
\"login.oscar.aol.com\" or \"slogin.oscar.aol.com\".
- Fix a crash on connection loss.
Tue Nov 23 13:00:00 2010 lchiquittoAATTnovell.com
- Update to version 2.7.6:
+ General:
- Included Microsoft Internet Authority 2010 and Microsoft
Secure Server Authority 2010 intermediate CA certificates to
our bundle. This fixes the \"Unable to validate certificate\"
error for omega.contacts.msn.com (bnc#655477).
+ Pidgin:
- Avoid a use-after-free race condition in the media code
(when there\'s an error reported by GStreamer).
+ AIM and ICQ:
- SSL option has been changed to a tri-state menu with choices
for \"Don\'t Use Encryption\", \"Use Encryption if Available\",
and \"Require Encryption\".
- Fix some possible clientLogin URL issues introduced in
version 2.7.5.
- Don\'t show a \"
: Ok\" connection error when using
clientLogin.
- Cleaned up some debug output for improved readability.
+ MSN:
- Added support for MSNP16, including Multiple Points of
Presence (MPOP) which allows multiple simultaneous sign-ins.
- Added extended capabilities support (none implemented).
- Merged the work done on the Google SoC (major rewrite of SLP
code)
- Reworked the data transfer architecture.
(http://developer.pidgin.im/wiki/SlpArchitecture)
- Lots of little changes.
- Don\'t process zero-length DC messages.
- Fixed a bunch of memory leaks.
- Prevent a use-after-free condition.
+ XMPP:
- Avoid a double-free in the Google Relay (V/V) code.
- Avoid double error message when failing a file transfer.
- Password-related information is printed out for SASL
authentication when the PURPLE_UNSAFE_DEBUG environment
variable is set.
- Authentication mechanisms can now be added by UI\'s or other
plugins with some work. This is outside the API/ABI rules!
- Fixed a few printf(\"%s\", NULL) crashes for broken OSes.
+ Windows-Specific Changes:
- Build the Pidgin Theme Editor plugin (finally).
- Untarring (for themes) now works for non-ASCII destination
paths.
Wed Nov 10 13:00:00 2010 christoph.miebachAATTweb.de
- Update to version 2.7.5:
+ General:
- Added Verisign Class 3 Public CA - G2 root CA.
+ Pidgin:
- Properly differentiate between bn and bn_IN in the
Translation Information dialog.
+ AIM and/or ICQ:
- Display the \"Authorize buddy?\" mini dialog when the requester
has an empty nickname.
- New ICQ accounts default to proper ICQ servers. Old
accounts using one of the old default servers will be
silently migrated to use the proper servers.
- ICQ accounts using clientLogin now use the correct ICQ
servers. This is separate from the server settings
mentioned above.
- \'<\' should no longer cause ICQ status messages to be
truncated in some locations.
- Fix sending messages to chat rooms.
+ Bonjour:
- Don\'t crash when attempting to log into a Bonjour account
and init failed.
+ Windows-Specific Changes:
- Quote the path stored in the registry when the
\"run at startup\" option in the Windows Pidgin Options plugin
is used.
- Disable mono plugins on openSUSE 11.4. It does not work and is
unmaintained by upstream (they are surprised it builds).
Fri Oct 22 14:00:00 2010 dimstarAATTopensuse.org
- Update to version 2.7.4:
+ General:
- Fix search path for Tk when compiling on Debian Squeeze.
- purple-remote now expects and produces UTF-8.
- Add Deutsche Telekom, Thawte Primary, and Go Daddy Class 2
root CAs
- Fix CVE-2010-3711 by properly validating return values from
the purple_base64_decode() function before using them.
- Fix two local crash bugs by properly validating return values
from the purple_base16_decode() function before using them.
+ libpurple:
- Fall back to an ordinary request if a UI does not support
showing a request with an icon. Fixes receiving MSN file
transfer requests including a thumbnail in Finch.
- Fix an invalid memory access when removing UPnP mappings that
could cause sporadic crashes, most notably when MSN Direct
Connections are enabled.
- Add a sentence to the certificate warning for expired
certificates suggesting the user check their computer\'s date
and time.
+ Pidgin:
- Add support for the Gadu-Gadu protocol in the gevolution
plugin to provide Evolution integration with contacts with
Gadu-Gadu IDs.
- Remap the \"Set User Mood\" shortcut to Control-D, which does
not conflict with the previous shortcut for Get Buddy Info on
the selected buddy.
- Add a plugin action menu (under Tools) for the Voice and
Video Settings plugin.
- Use GRegex for the debug window where available. This brings
regex filtering to the debug window on Windows.
- Add Google Chrome and Chromium to the list of possible
browsers on non-Windows systems.
- The \"Manual\" browser option is now stored as a string. It is
no longer necessary to specify a full path to the browser
command.
- The Send To menu can now be used if the active account in the
conversation becomes disabled or inactive.
- xdg-open is now the default browser for new users on
non-Windows platforms.
+ XMPP:
- Unify the connection security-related settings into one
dropdown.
- Fix a crash when multiple accounts are simultaneously
performing SASL authentication when built with Cyrus SASL
support.
- Restore the ability to connect to XMPP servers that do not
offer Stream ID.
- Added support for using Google\'s relay servers when making
voice and video calls to Google clients.
- Fix detecting file transfer proxies advertised by the server.
- Advertise support for Google Talk\'s JID Domain Discovery
extension in all cases again (changed in 2.7.0), not just
when the domain is \"gmail.com\" or \"googlemail.com\"
- Improved handling of adding oneself to your buddy list when
using Non-SASL (legacy) authentication.
- Generate a connection error instead of just stalling when
the _xmppconnect TXT record returns results, but none of them
result in a valid BOSH URI.
+ Yahoo/Yahoo JAPAN:
- Stop doing unnecessary lookups of certain alias information.
This solves deadlocks when a given Yahoo account has a
ridiculously large (>500 buddies) list and may improve login
speed for those on slow connections.
- Fix sending SMS messages. The lookup host changed on us.
- Improvements for some file transfer scenarios, but not all.
- Drop pidgin-browser-default.patch: fixed upstream.
Sun Aug 15 14:00:00 2010 dimstarAATTopensuse.org
- Update to version 2.7.3:
+ For a complete overview of changes, see NEWS file. Here are
some highlights (excluding many bug fixes).
+ Pidgin:
- Re-arrange media window to make it more netbook-friendly.
+ Finch:
- Rebindable \'suggest-next-page\' and \'suggest-prev-page\'
actions for textboxes.
- Rebindable \'dropdown\' action for comboboxes.
+ MSN:
- Support for web-based buddy icons.
+ MXit:
- Many improvements.
+ Yahoo/Yahoo JAPAN:
- Proxy handling improvements.
- Fix file transfers that get stuck with \"Waiting for transfer
to begin\".
- Changes from version 2.7.2:
+ Fix crashes, including CVE-2010-2528.
- Changes from version 2.7.1:
+ Pidgin:
- Restore the tray icon\'s blinking functionality.
+ MSN:
- Support for direct connections, enabling faster file
transfers, smiley and buddy icon loading.
+ MXit:
- Add the standard MXit emoticons.
- Increment protocol version to v6.0.
- Changes from version 2.7.0:
+ Pidgin:
- Add UI for sending attentions (buzz, nudge) on supporting
protocols.
- Make the search dialog unobtrusive in the conversation
window.
- The Recent Log Activity sort method for the Buddy List now
distinguishes between no activity and a small amount of
activity in the distant past.
- Add a menu set mood globally for all mood-supporting
accounts.
- Default binding of Ctrl+Shift+v to \'Paste as Plain Text\' in
conversation windows.
- The \'Message Timestamp Formats\' plugin allows changing the
timestamp format from the timestamps\' context menu in
conversation log, and allows forcing 12-hour timestamps.
- Show file transfer thumbnails for images on supporting
protocols (MSN).
+ Bonjour: Add support for IPv6.
+ AIM and ICQ:
- X-Status (Custom ICQ status icon) support.
- Support sending and receiving HTML-formatted messages for
ICQ.
+ MSN:
- Support for version 9 of the MSN protocol has been removed.
- Support file transfer thumbnails (previews) for images.
- Fix CVE-2010-1624.
+ Finch:
- New action \'history-search\', with default binding ctrl+r, to
search the entered string in the input history.
- Drop upstream included patches:
+ pidgin-directconn-argfix.patch
+ pidgin-oscar-clientlogin.patch
+ pidgin-oscar-portability.patch
+ pidgin-bnc550170-qq-2008only.patch (bnc#569271)
+ includes.patch (bnc#569271#6)
- Add pidgin-mono-buildfix.patch: fix build of mono plugin loader.
- Remove the conditional checks for openSUSE 10.2 and 10.3,
simplifying the spec file a lot.
- Pass --enable-gevolution to configure to actually activate the
plugin
- Split out pidgin-evolution package containing the evo plugin.
Tue Mar 30 14:00:00 2010 dimstarAATTopensuse.org
- Add pidgin-oscar-clientlogin.patch to fix connection issues
to OSCAR networks (ICQ). Patch from upstream commit
0e3079d15adeb12c1e57ceaf5bf037f9b71c8abd.
Tue Mar 2 13:00:00 2010 dimstarAATTopensuse.org
- Add pidgin-oscar-portability.patch to fix build / portability
issues. Reported upstream at
http://developer.pidgin.im/ticket/11484.
Wed Feb 17 13:00:00 2010 pgajdosAATTsuse.cz
- Updated to version 2.6.6:
+ libpurple:
- Fix a quirk in purple_markup_html_to_xhtml that caused some
messages to be improperly converted to XHTML.
- Set \"controlling-mode\" correctly when initializing a media
session. Fixes receiving voice calls from Psi.
- When looking up DNS records, use the type of record returned
by the server (instead of the type we asked for) to determine
how to process the record.
- Fix an issue with parsing XML attributes that contain
\"<br>\". See ChangeLog.API for more details.
+ General:
- Correctly disable all missing dependencies when using the
- -disable-missing-dependencies option.
+ Gadu-Gadu:
- Fix display of avatars after a server-side change.
+ AIM:
- Allow setting and displaying icons between 1x1 and 100x100
pixels. Previously only icons between 48x48 and 50x50 were
allowed.
+ MSN:
- Fix CVE-2010-0277, a possible remote crash when parsing an
incoming SLP message.
- File transfer requests will no longer cause a crash if you
delete the file before the other side accepts.
- Received files will no longer hold an extra lock after
completion, meaning they can be moved or deleted without
complaints from your OS.
- Buddies who sign in from a second location will no longer
cause an unnecessary chat window to open.
- Support setting an animated GIF as a buddy icon.
- Numerous code cleanups and memory savings.
+ MySpace:
- Fix a leak and crash when retrieving buddy icons.
+ XMPP:
- Less likely to send messages to a contact\'s idle/inactive
resource. Previously, if a message was received from a
specific resource, responses would be sent to that resource
until either it went offline or a message is received from
another resource. Now, messages are sent to the bare JID upon
receipt of any presence change from the contact.
- Added support for the SCRAM-SHA-1 SASL mechanism. This is
only available when built without Cyrus SASL support.
- When getting info on a domain-only (server) JID, show uptime
(when given by the result of the \"last query\") and don\'t show
status as offline.
- Fix getting info on your own JID.
- Wrap XHTML messages in , as described in XEP-0071, for
compatibility with some clients.
- Don\'t do an SRV lookup for a STUN server associated with the
account if one is already set globally in prefs.
- Don\'t send custom smileys larger than the recommended maximum
object size specified in the BoB XEP. This prevents a client
from being disconnected by servers that dislike overly-large
stanzas.
- Fix receiving messages without markup over an Openfire BOSH
connection (forcibly put the stanzas in the jabber:client
namespace).
- The default value for the file transfer proxies is
automatically updated when an account connects, if it is
still the old (broken) default (from \'proxy.jabber.org\' to
\'proxy.eu.jabber.org\').
- Fix an issue where libpurple created duplicate buddies if the
roster contains a buddy in two groups that differ only by
case (e.g. \"XMPP\" and \"xmpp\") (or not at all).
+ Yahoo:
- Don\'t send and tags.
- Support PingBox. PingBoxes will appear as pbx/PingBoxName.
+ Pidgin:
- Fix CVE-2010-0423, a denial of service attack due to the
parsing of large numbers of smileys.
- Correctly size conversation and status box entries when the
interior-focus style property is diabled.
- Correctly handle a multiline text field being required in a
request form.
- Search friends by email-addresses in the buddy list.
- Allow dropping an image on Custom Smiley window to add a new
one.
- Prompt for confirmation when clearing a whiteboard (doodle)
session.
- Use the \"hand\" cursor when hovering over usernames in chat
history to indicate that the username is an actionable item.
- Double-clicking usernames in chat history will open an IM
with that user.
- Put an icon on the \"Filter\" button in the debug window.
- Don\'t treat \"/messages/like/this \" as commands.
- Explicitly mark user interaction when inserting smilies from
the toolbar so \"Undo\" correctly removes these smilies.
- Clicking \"New\" or \"Saved\" in the status selector menu while
typing a status message no longer keeps the status entry area
stuck in \"typing\" mode forever.
- Show tooltips for ellipsized conversation tabs. On older
systems, tooltips will show for all tabs.
- The File Transfers and Debug Window windows are no longer
created as dialogs. These windows should now have minimize
buttons in many environments in which they were previously
missing (including Windows).
- Smiley themes with Windows line endings no longer cause theme
descriptions not to be displayed in the theme selector.
+ Finch:
- Fix CVE-2010-0420, a possible remote crash when handling chat
room buddy names.
- Rebindable \'move-first\' and \'move-last\' actions for tree
widgets. So it is possible to jump to the first or last entry
in the buddy list (and other such lists) by pressing home or
end key (defaults)
Thu Jan 14 13:00:00 2010 sbrabecAATTsuse.cz
- Updated to version 2.6.5:
+ libpurple:
- TLS certificates are actually stored to the local cache once
again (accepting a name mismatch on a certificate should now
be remembered)
+ General:
+ Build-time fixes for Solaris.
+ AIM and ICQ:
- Messages from some mobile clients are no longer displayed as
Chinese characters (broken in 2.6.4)
+ MSN:
- Fix an issue allowing a remote user to download arbitrary
files from a libpurple client. (CVE-2010-0013, bnc#567799)
+ XMPP:
- Do not crash when attempting to register for a new account on
Windows.
- Fix file transfer with clients that do not support Entity
Capabilities (e.g. Spark)
- Disabled GNOME keyring integration for openSUSE (bnc#566286).
Mon Jan 4 13:00:00 2010 vuntzAATTopensuse.org
- Change gnome-keyring-devel BuildRequires to
libgnome-keyring-devel on 11.3 and later, following the module
split upstream.
Wed Dec 16 13:00:00 2009 vuntzAATTopensuse.org
- Fix build in Factory by not owning /usr/share/locale/ms_MY which
is now owned by the filesystem package.
Sun Dec 6 13:00:00 2009 vuntzAATTopensuse.org
- Update to version 2.6.4:
+ libpurple:
- Actually emit the hold signal for media calls.
- Fix building the GnuTLS plugin with older versions of GnuTLS.
- Fix DNS TXT query resolution.
- Don\'t send Proxy-Authorization headers to HTTP proxy servers
until we\'ve received a \"407 Proxy Authentication Required\"
response from the server.
- Added \"MXit\" protocol plugin, supported and maintained by the
MXit folks themselves.
+ General:
- New \'plugins\' sub-command to \'debug\' command (i.e. \'/debug
plugins\') to announce the list of loaded plugins.
- Always rejoin open chats after an account reconnects.
+ AIM and ICQ:
- Better rate limit calculations and other improvements.
- More detailed error messages when messages fail to send.
- The simultaneous login account option is respected when using
the clientLogin authentication method.
- Fix offline message retrieval (broken in 2.6.3)
- Fix handling of markup on some messages (broken in 2.6.2)
- Fix SSL when clientLogin is enabled.
- Fix sending and receiving Unicode characters in a Direct IM
+ MSN:
- Fix various crashes.
- Don\'t forget display names for buddies.
- Fix more FQY 240 connection errors.
- Cache our own friendly name as the server no longer does that
for us.
+ XMPP:
- Fix some crashes.
- Users connecting to Google Talk now have an \"Initiate Chat\"
context menu option for their buddies.
- Resolve an issue when connecting to iChat Server when no
resource is specified.
- Try to automatically find a STUN server by using an SRV
lookup on the account\'s domain, if no prefs is set for this.
- Only show the \"send a file\" option if the buddy supports one
of the file transfer methods supported by libpurple.
- Keep the avatar on the server if one is not set locally.
+ Yahoo:
- Fix sending /buzz.
- Fix blocking behavior for federated (MSN/OCS/Sametime)
service users.
- Add support for adding OCS and Sametime buddies. OCS users
are added as \"ocs/userAATTdomain.tld\" and Sametime users are
added as \"ibm/sametime_id\".
+ Finch:
- The TinyURL plugin now creates shorter URLs for long
non-conversation URLs, e.g. URLs to open Inbox in Yahoo/MSN
protocols, or the Yahoo Captcha when joining chat rooms.
- Fix displaying umlauts etc. in non-utf8 locale.
+ Pidgin:
- The userlist in a multiuser chat can be styled via gtkrc.
- Add a hold button to the media window.
- Fix a bug where the conversation backlog stops scrolling in a
very busy chat room.
- In the Conversation \"Send To\" menu, offline buddies appear
grayed out (but are still selectable).
+ Pidgin Preference and Preference Window Changes:
- General reorganization of the preference window.
- Removed the \"Use font from theme\" and \"Conversation Font\"
preferences. This can be controlled from the Pidgin GTK+
Theme Control plugin.
- The Browser and Proxy tabs show appropriate GNOME-specific
messages and allow launching the correct applications to
change the relevant GNOME preferences if found.
- Do not use the Tango and NLD icon themes for 11.2 and later. This
was discussed with Jakub Steiner.
Fri Dec 4 13:00:00 2009 sbrabecAATTsuse.cz
- Fixed openssl-certs dependency problem in SLE10.
Thu Nov 26 13:00:00 2009 sbrabecAATTsuse.cz
- Single spec for all SUSE products in all build systems.
- Updated to Pidgin 2.6.3:
* Fix a crash when performing DNS queries on Unixes that use the
blocking DNS lookups.
* Fixed incorrect Oscar memory access by a specially crafted SIM
IM client contacts message (bnc#548072, pidgin#10481,
CVE-2009-3615).
* Fix blocking and other privacy list problems.
- Migrate all QQ accounts to QQ2008 (bnc#550170).
- Update may include these security fixes:
- Fixed XMPP crash when receiving a message with a custom smiley
from a client that doesn\'t actually support custom smileys.
(bnc#536602, CVE-2009-3085)
http://www.pidgin.im/news/security/index.php?id=37
- Fixed MSN remote denial of service via handwritten Ink message
(bnc#536602, pidgin#10159, CVE-2009-3084)
http://www.pidgin.im/news/security/index.php?id=38
- Fixed MSN remote denial of service via an SLP invite message that
lacks certain required fields (bnc#536602, pidgin#10048,
CVE-2009-3083)
http://www.pidgin.im/news/security/index.php?id=39
- Fixed IRC TOPIC message DoS (bnc#537214, IS-2009-001,
CVE-2009-2703, Bugtraq#36277).
http://www.pidgin.im/news/security/index.php?id=40
- Fixed incorrect Oscar memory access by a specially crafted SIM IM
client contacts message (bnc#548072, pidgin#10481,
CVE-2009-3615).
http://www.pidgin.im/news/security/index.php?id=41
- Re-added NLD artwork by Hans Petter Jansson (hpjAATTnovell.com).
Tue Oct 20 14:00:00 2009 dimstarAATTopensuse.org
- Add pidgin-bnc548072.patch, fixes crash with oscar (ICQ) protocol
bnc#548072.
Wed Sep 23 14:00:00 2009 ajAATTsuse.de
- Cleanup BuildRequires.
Wed Sep 9 14:00:00 2009 vuntzAATTopensuse.org
- Remove Tango and NLD themes: the upstream theme is following the
tango guidelines now.
Mon Sep 7 14:00:00 2009 riggwelterAATTopensuse.org
- Update to version 2.6.2
+ libpurple
- Fix --disable-avahi to actually disable it in configure, as
opposed to just making the warning non-fatal.
- Fix using GNOME proxy settings properly.
+ IRC:
- Fix parsing of invalid TOPIC messages. (CVE-2009-2703)
+ MSN:
- Sending custom smileys in chats is now supported.
- Ink messages are now saved when using the HTML logger.
- Fix a crash when receiving some handwritten messages.
- Fix a crash when receiving certain SLP invite messages.
- Chats with multiple people should no longer spontaneously
disconnect.
+ XMPP:
- Prompt the user before cancelling a presence subscription.
- Escape status messages that have HTML entities in the Get
Info dialog.
- Fix connecting to XMPP domains with no SRV records from
Pidgin on Windows.
- Fix typing notifications with Pidgin 2.5.9 or earlier.
- Fix connecting using BOSH and legacy authentication (XEP-0078).
- Adding buddies of the form \"romeoAATT.../Resource\" are handled
properly. In addition, it is no longer possible to add
buddies of the form \"roomAATT.../User\", where roomAATT... is a MUC.
- Don\'t crash when receiving \"smileyfied\" XHTML-IM from clients
that don\'t support bits of binary (ie. when getting an empty
in return)
- Fix bug where SSL/TLS was not required even though the
\"require SSL/TLS\" preference checked when connecting to
servers that use the older iq-based authentication.
(CVE-2009-3026)
+ Yahoo!:
- Accounts now have \"Use account proxy for SSL connections\"
option.
+ Finch
- Properly detect libpanel on OpenBSD.
- Remove IO watches in gnt_quit.
+ Pidgin
- Fix the auto-personize functionality in the Buddy List.
- Set the window icon for the media window to an icon
corresponding to the type of call (headphone or webcam).
- Customized sound files are no longer reset whenever opening
the Preferences dialog.
- The buddy list should now immediately refresh upon changing
the icon theme.
Tue Aug 25 14:00:00 2009 sbrabecAATTsuse.cz
- Updated to version 2.6.1:
* Voice and Video support.
* Theme support.
* Yahoo: Separate plugin for Yahoo Japan, SMS support.
* XMPP: voice and video support, service discovery, support for
BOSH, idle time reporting, attention support, in-band bytestreams
file transfer as, custom smiley support, updated support for buddy
icons.
* Support for IDN.
* Several security fixes (CORE-2009-0727, CVE-2009-2694,
bnc#527100).
Fri Aug 7 14:00:00 2009 vuntzAATTnovell.com
- Split the support for tcl plugins in libpurple-tcl, to not force
installation of tcl.
Wed Jul 1 14:00:00 2009 sbrabecAATTsuse.cz
- Updated to version 2.5.8:
* ICQ:
+ Fix misparsing a web message as an SMS message.
* MSN:
+ Increase NS command history size to prevent crashes on buddy
lists that have a lot of buddies on other networks like
Yahoo!
* MySpace:
+ Accounts with empty buddy lists are now properly marked as
connected.
+ Fix receiving messages from users of MySpace IM\'s web client.
* Yahoo:
+ Fixed phantom online buddies. They should now properly
disappear when signing out.
+ Fixed the crashes some users were seeing with
cn.scs.msg.yahoo.com in 2.5.7.
+ Fixed compiling on systems with glib 2.4.x or older.
+ Fixed an issue with file transfers. This may not resolve all
issues, but it should resolve at least some of the most
common ones.
+ The pager server will automatically update to
scsa.msg.yahoo.com if the user empties the field or if it is
scs.msg.yahoo.com. This should ease the pain of transition
to the new login method.
* XMPP:
+ Fix an incompatibility betweeen Prosody and libpurple
clients.
Mon Jun 22 14:00:00 2009 claes.backstromAATTfsfe.org
- Add pidgin-fix-installation.patch to fix build with automake 1.11
Sun Jun 21 14:00:00 2009 claes.backstromAATTfsfe.org
- Update to version 2.5.7:
+ Yahoo Protocol 16 support, including new HTTPS login method;
this should fix a number of login problems that have recently
cropped up.
+ Only display the AIM \"Unable to Retrieve Buddy List\" message
once per connection.
+ Blocking MSN users not on your buddy list no longer disconnects
you.
+ When performing operations on MSN, assume users are on the
MSN/Passport network if we don\'t get network ID\'s for them.
Wed May 20 14:00:00 2009 vuntzAATTnovell.com
- Update to version 2.5.6:
+ libpurple:
- Improve sleep behavior by aggregation of longer timeouts on
second boundaries to allow better power saving.
- Fix various crashes on exit.
- Make XML parsing more resilient to interactions with other
libraries. This, along with the fix for libxml2 bgo#564217,
fixes the crashes on connect in XMPP with recent
gst-plugins-bad.
- Many security related fixes.
+ IRC:
- Correctly handle WHOIS for users who are joined to a large
number of channels.
- Notify the user if a /nick command fails, rather than trying
fallback nicks.
+ MSN:
- Fix a race condition causing occasional Pidgin crashes.
- Fix some errors about the friendly name changing too fast
caused by MSN/Yahoo integration buddies.
+ XMPP:
- Less likely to pop up a new conversation window in disregard
of the \"Hide new IM conversations\" preference.
+ Yahoo:
- Fix a crash when sending very long messages.
- Fix a bug where UTF-8 status messages get garbled when going
idle.
Mon Apr 6 14:00:00 2009 vuntzAATTnovell.com
- Respin pidgin-gnome-keyring.patch that doesn\'t apply with new
patch package.
Mon Mar 16 13:00:00 2009 sbrabecAATTsuse.cz
- Added support for translation-update-upstream (FATE#301344).
Thu Mar 12 13:00:00 2009 sbrabecAATTsuse.cz
- Updated to version 2.5.5:
libpurple:
* Fix a crash when removing an account with an unknown protocol id.
* Beta support for SSL connections for AIM and ICQ accounts. To
enable, check the \"Use SSL\" option from the Advanced tab when
editing your AIM or ICQ account. (Paul Aurich)
* Fix a memory leak in SILC. (Luke Petre)
* Fix some string handling in the SIMPLE prpl, which fixes some buddy name
handling and other issues. (Paul Aurich, Marcus Sundberg)
* Implement support for resolving DNS via the SOCKS4 proxy (SOCKS4a).
ICQ:
* Fix retrieval of status messages from users of ICQ 6.x, Miranda, and
other libpurple clients. (Daniel Ljungborg)
* Change client ID to match ICQ Basic 14.34.3096. This fixes publishing
of buddy icons and available messages.
* Properly publish status messages for statuses other than Available.
ICQ 6.x users can now see these status messages. (Daniel Ljungborg)
* Fix receipt of messages from the mobile client Slick. (David Jedelsky)
MSN:
* Fix transfer of buddy icons, custom smileys, and files from the
latest Windows Live Messenger 9 official client. (Thomas
Gibson-Robinson)
* Large (multi-part) messages are now correctly re-combined.
* Federated/Yahoo! buddies should now stop creating sync issues at
every signin. You may need to remove duplicates in the Address
Book. See the FAQ for more information. Thanks to Jason Lingohr
for lots of debugging and testing.
* Messages from Yahoo! buddies are no longer silently dropped.
* We now save and use the CacheKey for ABCH SOAP requests.
* Don\'t try to parse Personal Status Messages or Current Media if they
don\'t exist.
* Convert from ISO-8859-1 encoding to UTF-8 when no charset is specified
on incoming messages. This should fix some issues with messages from
older clients.
* Force sending the font \"Segoe UI\" if outgoing formatting doesn\'t specify
a font already.
* Queue callbacks when token updates are in progress to prevent two token
update attempts from trampling each other.
* Fixed a crash on Windows when removing a buddy\'s alias.
* Update the Address Book when buddies\' friendly names change. This
prevents seeing an outdated alias or not seeing an alias at all for
buddies who are offline when you sign in.
* Update tokens for FindMembership and ABFindAll SOAP requests.
* We no longer try to send empty messages. This could happen when a
message contained only formatting and that formatting was not supported
on MSN.
* Buddies on both the Allow and Block list are now automatically
removed from the Allow list. Users with this problem will now no
longer receive an ADL 241 error. The problematic buddy should now
appear on the buddy list and can be removed or unblocked as desired.
XMPP:
* Resources using __HOSTNAME__ substitution will now grab only the short
hostname instead of the FQDN on systems which put the FQDN in the
hostname. (Matěj Cepl)
* No longer send a \'to\' attribute on an outgoing stanza when we haven\'t
received one. This fixes a registration bug as described in ticket
pidgin#6635.
Pidgin:
* Tooltip windows now appear below the mouse cursor. (Kosta Arvanitis)
* Tooltip windows now disappear on keypress events. (Kosta Arvanitis)
* Tooltip windows no longer linger when scrolling the buddy list. (Kosta
Arvanitis)
Finch:
* Allow rebinding keys to change the focused widget (details in the
man-page, look for GntBox::binding)
