15:06 feld 

security/pidgin-otr: Update to 4.0.2

Changes:

- Fix use-after-free issue during SMP
- Updated Spanish, German, Norwegian Bokmal translations
- New Danish translation
- The Windows binary has been linked with updated versions of libotr,
    libgcrypt, libgpg-error, and other supporting libraries

MFH:		2016Q1
Security:	CVE-2015-8833
Security:	http://www.vuxml.org/freebsd/77e0b631-e6cf-11e5-85be-14dae9d210b8.html

 

07:08 lme 

- Update to 4.0.1
- Add NLS OPTION

 

16:57 tijl 

Convert net-im/libpurple (and slave ports net-im/finch and net-im/pidgin)
to "USES=libtool tar:bzip2".  Bump PORTREVISION on all dependent ports
and modernise them as well (USES, LIB_DEPENDS, staging).

audio/pidgin-musictracker:
- Replace LIBS with LDFLAGS.
- Disable static plugin.

net/online-desktop: Remove obsolete patches.

net-im/mbpurple:
- Drop pkgconf dependency.
- Replace post-patch with MAKE_ARGS.
- Use standard do-build.

net-im/pidgin-audacious-remote: Disable static plugin.

net-im/pidgin-birthday-reminder: Disable static plugin.

net-im/pidgin-fetion: Replace pkg-plist with PLIST_FILES.

net-im/pidgin-guifications:
- Drop USE_GNOME=gnomeprefix.
- Replace LIBS with LDFLAGS.

net-im/pidgin-hotkeys:
- Drop CFLAGS=-fPIC.
- Fix build on systems without gcc.

net-im/pidgin-libnotify:
- Use option helpers.
- Drop references to PTHREAD_CFLAGS and PTHREAD_LIBS.

net-im/pidgin-manualsize: Fix build on systems without gcc.

net-im/pidgin-privacy-please:
- Replace a patch with CPPFLAGS and LDFLAGS.
- Don't use USE_LDCONFIG for a plugin.

net-im/pidgin-sipe:
- Don't use USE_LDCONFIG for a plugin.
- Drop PORTDOCS that don't contain useful documentation.
- Patch configure with s/LDLAGS/LDFLAGS/ so LDFLAGS can replace LIBS.
- Use option helpers and fix Kerberos option.
- Remove obsolete CONFIGURE_ENV.

security/pidgin-encryption:
- Drop references to PTHREAD_CFLAGS and PTHREAD_LIBS.
- Disable static plugin.
- Use option helpers.

security/pidgin-otr:
- Drop redundant comment about PORTREVISION.
- Add USE_GNOME=gtk20.
- Drop references to PTHREAD_CFLAGS and PTHREAD_LIBS.
- Port uses stack protector unconditionally so link with -lssp_nonshared
  when necessary like Mk/bsd.ssp.mk does.

Approved by:	portmgr (PORTREVISION bump on unstaged port)

 

07:03 dougb 

Update libotr and pidgin-otr to 4.0.0

The main new features in 4.0.0:

* Support v3 of the OTR protocol

* The plugin now supports multiple OTR conversations with the same buddy
  who is logged in at multiple locations. In this case, a new OTR menu
  will appear, which allows you to select which session an outgoing
  message is indended for. Note that concurrent SMP authentications with
  the same buddy who is logged in multiple times is not yet supported
  (starting a second authentication will end the first).

* During a private conversation with a buddy, an incoming unencrypted
  message will now trigger the regular incoming message notifications.
  In Pidgin this includes showing the message in the top-right
  notification area, if it is normally configured to do so.

* When a private conversation begins, the plugin will indicate whether
  Pidgin is configured to log the conversation.

* By default, OTR conversations will not be logged by Pidgin.

* New translations.

* libotr API changes:

  - instance tags, to support multiple simultaneous logins

  - support for asynchronous private key generation

  - the ability to provide an "extra" symmetric key to applications
    (with forward secrecy)

  - applications can supply a formation conversion callback if they do
    not natively use XHTML-style UTF8 markup

  - error messages formerly provided by libotr are now handled using
    callbacks to the application, for better i18n support

  - otrl_message_sending now handles message fragmentation internally

 

19:41 dougb 

Versions 3.2.0 and earlier of the pidgin-otr plugin contain
a format string security flaw. This flaw could potentially be
exploited by a remote attacker to cause arbitrary code to be
executed on the user's machine.

The flaw is in pidgin-otr, not in libotr. Other applications
that use libotr are not affected.

06:00 dougb 

Update to version 3.2.0, released June 15th. The configuration and
"OTR button" functionality have been moved to a menu. Also, "Buddy
authentication has been revamped, based on the user study published
in SOUPS 2008." The old authentication methods are still allowed.

This version adds locale files for ar, de, hu, and ru.

Drop the specific library version number for libpurple to
(hopefully) avoid churn down the road.

Assume maintainership, and add my website to MASTER_SITES.

Approved by:    Maintainer timeout

21:21 dougb 

1. Update to 3.1.0
2. Update the MASTER_SITES
3. Add a verify target for the PGP signature, and download the signature
4. Add USE_GMAKE
5. Add an unconditional USE_GETTEXT since there is no way to disable it
6. Update pkg-plist with the *.mo files

Approved by:    maintainer timeout

PR:             ports/115664 (pkg-plist fix)
Submitted by:   Matthias Andree <matthias.andree@gmx.de>

11:07 miwi 

- Update to 3.0.1
- Update pkg-descr
- Update MASTER_SITES
- Connect to build

PR:             112651
Submitted by:   Mike Smith<perlfu@gmail.com>

10:54 miwi 

- Force commit for notes that's a repocopy.
- Project was renamed

Repocopied by:  marcus