pidgin: 2.10.7 update to fix security issues and bugs

Pidgin was updated to 2.10.7 to fix various security issues and the
bug that IRC did not work at all in 12.3.

Changes:
- Add pidgin-irc-sasl.patch: link irc module to SASL. Allows the
IRC module to be loaded (bnc#806975).

- Update to version 2.10.7 (bnc#804742):
+ Alien hatchery:
- No changes
+ General:
- The configure script will now exit with status 1 when
specifying invalid protocol plugins using the
--with-static-prpls and --with-dynamic-prpls arguments.
(pidgin.im#15316)
+ libpurple:
- Fix a crash when receiving UPnP responses with abnormally
long values. (CVE-2013-0274)
- Don't link directly to libgcrypt when building with GnuTLS
support. (pidgin.im#15329)
- Fix UPnP mappings on routers that return empty
elements in their response. (pidgin.im#15373)
- Tcl plugin uses saner, race-free plugin loading.
- Fix the Tcl signals-test plugin for savedstatus-changed.
(pidgin.im#15443)
+ Pidgin:
- Make Pidgin more friendly to non-X11 GTK+, such as
MacPorts' +no_x11 variant.
+ Gadu-Gadu:
- Fix a crash at startup with large contact list. Avatar
support for buddies will be disabled until 3.0.0.
(pidgin.im#15226, pidgin.im#14305)
+ IRC:
- Support for SASL authentication. (pidgin.im#13270)
- Print topic setter information at channel join.
(pidgin.im#13317)
+ MSN:
- Fix SSL certificate issue when signing into MSN for some
users.
- Fix a crash when removing a user before its icon is loaded.
(pidgin.im#15217)
+ MXit:
- Fix a bug where a remote MXit user could possibly specify a
local file path to be written to. (CVE-2013-0271)
- Fix a bug where the MXit server or a man-in-the-middle could
potentially send specially crafted data that could overflow
a buffer and lead to a crash or remote code execution.
(CVE-2013-0272)
- Display farewell messages in a different colour to
distinguish them from normal messages.
- Add support for typing notification.
- Add support for the Relationship Status profile attribute.
- Remove all reference to Hidden Number.
- Ignore new invites to join a GroupChat if you're already
joined, or still have a pending invite.
- The buddy's name was not centered vertically in the
buddy-list if they did not have a status-message or mood
set.
- Fix decoding of font-size changes in the markup of received
messages.
- Increase the maximum file size that can be transferred to
1 MB.
- When setting an avatar image, no longer downscale it to
96x96.
+ Sametime:
- Fix a crash in Sametime when a malicious server sends us an
abnormally long user ID. (CVE-2013-0273)
+ Yahoo!:
- Fix a double-free in profile/picture loading code.
(pidgin.im#15053)
- Fix retrieving server-side buddy aliases. (pidgin.im#15381)
+ Plugins:
- The Voice/Video Settings plugin supports using the sndio
GStreamer backends. (pidgin.im#14414)
- Fix a crash in the Contact Availability Detection plugin.
(pidgin.im#15327)
- Make the Message Notification plugin more friendly to
non-X11 GTK+, such as MacPorts' +no_x11 variant.
+ Windows-Specific Changes:
- Compile with secure flags (pidgin.im#15290)
- Installer downloads GTK+ Runtime and Debug Symbols more
securely. (pidgin.im#15277)
- Updates to a number of dependencies, some of which have
security related fixes. (pidgin.im#14571, pidgin.im#15285,
pidgin.im#15286)
. ATK 1.32.0-2
. Cyrus SASL 2.1.25
. expat 2.1.0-1
. freetype 2.4.10-1
. gettext 0.18.1.1-2
. Glib 2.28.8-1
. libpng 1.4.12-1
. libxml2 2.9.0-1
. NSS 3.13.6 and NSPR 4.9.2
. Pango 1.29.4-1
. SILC 1.1.10
. zlib 1.2.5-2
- Patch libmeanwhile (sametime library) to fix crash.
(pidgin.im#12637)

Fixed bugs
bnc#806975
No irc in pidgin 2.10.7 from Factory
bnc#804742
VUL-0: pidgin: various security issues
Selected Binaries
openSUSE Build Service is sponsored by