Commit 3f7dfec3 authored by Natanael Copa's avatar Natanael Copa
Browse files

main/pidgin: security upgrade to 2.10.9 (various CVEs)

fixes #2681

CVE-2014-0020 Remotely triggerable crash in IRC argument parsing
CVE-2013-6490 Buffer overflow in SIMPLE header parsing
CVE-2013-6489 Buffer overflow in MXit emoticon parsing
CVE-2013-6487 Buffer overflow in Gadu-Gadu HTTP parsing
CVE-2013-6486 Pidgin uses clickable links to untrusted executables
CVE-2013-6485 Buffer overflow parsing chunked HTTP responses
CVE-2013-6484 Crash reading response from STUN server
CVE-2013-6483 XMPP doesn't verify 'from' on some iq replies
CVE-2013-6482 NULL pointer dereference parsing SOAP data in MSN
CVE-2013-6482 NULL pointer dereference parsing OIM data in MSN
CVE-2013-6482 NULL pointer dereference parsing headers in MSN
CVE-2013-6481 Remote crash reading Yahoo! P2P message
CVE-2013-6479 Remote crash parsing HTTP responses
CVE-2013-6478 Crash when hovering pointer over a long URL
CVE-2013-6477 Crash handling bad XMPP timestamp
CVE-2012-6152 Yahoo! remote crash from incorrect character encoding
parent 928ff7ee
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=pidgin
pkgver=2.10.7
pkgrel=1
pkgver=2.10.9
pkgrel=0
pkgdesc="graphical multi-protocol instant messaging client for X"
url="http://pidgin.im/"
arch="all"
......@@ -14,7 +14,6 @@ makedepends="gtk+-dev intltool libsm-dev startup-notification-dev gtkspell-dev
subpackages="$pkgname-dev $pkgname-doc finch libpurple $pkgname-lang"
source="http://downloads.sourceforge.net/pidgin/pidgin-$pkgver.tar.bz2
pidgin-underlinking.patch
irc-underlinking.patch
"
_builddir="$srcdir"/$pkgname-$pkgver
......@@ -71,12 +70,9 @@ libpurple() {
mv "$pkgdir"/usr/share/purple "$pkgdir"/usr/share/sounds \
"$subpkgdir"/usr/share/
}
md5sums="ea88976b9952e80b702b030489f94393 pidgin-2.10.7.tar.bz2
9e7f42f8bc4284009dff50e8128bf4f9 pidgin-underlinking.patch
cdbce1effbc9beb7f4cf583f083785df irc-underlinking.patch"
sha256sums="eba32994eca20d1cf24a4261b059b2de71a1ec2dd0926e904074b0db49f7f192 pidgin-2.10.7.tar.bz2
3f086cb668806f3b69af4c7decd6618a16dbfdcd120df984713adafc5bc0aa09 pidgin-underlinking.patch
a75625c8d1eb1d758f15cedaa87e51ed3e3d7ee5f5770ad1882059c590bebc6b irc-underlinking.patch"
sha512sums="0f0d421f91be3b1577527f3609bff164d7c57a94338e18dca5d8b7d911634a98b9c0e8860f3e62026eba09a6afb3112a8cd6770a90c89afdb9fb40f83dd6f3e4 pidgin-2.10.7.tar.bz2
307f284a7d1ad5277b8d198d8ee56806f063a8b72356726f89f31fad67aad3e3cd43c597556e7dce1804d2e8d92b350a968fcc851a11d851f70c7a375ab29559 pidgin-underlinking.patch
75eb7af0e31ac3bbb3ad5c0641b7bdbe9c32b540f2e8902d8480213abed54c4cf438d5a2e59659aa40cc17ceda387928c4a05b320da874ff3e99a3edecf936d3 irc-underlinking.patch"
md5sums="10a4a69d077893f6dd3438cd8af94e81 pidgin-2.10.9.tar.bz2
9e7f42f8bc4284009dff50e8128bf4f9 pidgin-underlinking.patch"
sha256sums="dc362ed8577f623eea4554a79e917073aa726825074fea402f2e515f0f51f319 pidgin-2.10.9.tar.bz2
3f086cb668806f3b69af4c7decd6618a16dbfdcd120df984713adafc5bc0aa09 pidgin-underlinking.patch"
sha512sums="5f85d072997bf0e8c668b5a7dc6c9791f7f1b03504eb7a875472186cc70b45e19c61573d84c002f9653570731ed2119e3eddfb66d7484cc1205d4b1ee696c63b pidgin-2.10.9.tar.bz2
307f284a7d1ad5277b8d198d8ee56806f063a8b72356726f89f31fad67aad3e3cd43c597556e7dce1804d2e8d92b350a968fcc851a11d851f70c7a375ab29559 pidgin-underlinking.patch"
--- ./libpurple/protocols/irc/Makefile.am.orig 2013-09-24 12:35:56.771633963 +0000
+++ ./libpurple/protocols/irc/Makefile.am 2013-09-24 12:36:22.581943787 +0000
@@ -27,7 +27,8 @@
st =
pkg_LTLIBRARIES = libirc.la
libirc_la_SOURCES = $(IRCSOURCES)
-libirc_la_LIBADD = $(GLIB_LIBS)
+libirc_la_LIBADD = $(GLIB_LIBS) \
+ $(SASL_LIBS)
endif
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment