Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libpurple-2.13.0-lp150.3.1 RPM for x86_64

From OpenSuSE Leap 15.0 for x86_64

Name: libpurple Distribution: openSUSE Leap 15.0
Version: 2.13.0 Vendor: openSUSE
Release: lp150.3.1 Build date: Mon Apr 23 04:57:14 2018
Group: System/Libraries Build host: cloud112
Size: 3754695 Source RPM: pidgin-2.13.0-lp150.3.1.src.rpm
Summary: GLib-based Instant Messenger Library
libpurple is a library intended to be used by programmers seeking
to write an IM client that connects to many IM networks.

libpurple is compatible with the following chat networks out of the
box: Jabber/XMPP, AIM, ICQ, Bonjour, Gadu-Gadu, IRC, SILC, SIMPLE,
Novell GroupWise Messenger, IBM Sametime, and Zephyr. It can
support many more with plugins.






* Thu Apr 12 2018
  - Add pidgin-enable-sni-gnutls.patch: Enable SNI for gnutls to
    avoid SSL handshake failure, patch written by Tiago Herrmann
    ( (bsc#1086439,
* Thu Mar 15 2018
  - Instead of removing the, symlinks, move
    them to the devel package.
* Fri Mar 09 2018
  - Update to version 2.13.0:
    + libpurple:
    * Unified string comparison.
    * Properlly shell escape URI's when opening them.
    * Fix a one byte buffer overread in function
    * Fix an issue were utf8 was incorrectly truncated which could
      lead to crashes as we were potentially feeding garbage into
    + libgnt:
    * Partially fix building against curses 6.0 with opaque
      structs set (
    * Fix a crash when resizing the window (
    + General:
    * Fix a bashism in autotools (
    + XMPP:
    * Show XEP-0066 OOB URLs in any message, not just headlines.
    * Fix a user after free (
    * Remove pipelining from BOSH connections (
    * Don't try to TLS already secured BOSH connections
    + IRC:
    * Fix "Registration timeout" on SASL auth with InspIRCd
      servers (and possibly others not based on
    * Fix issues with plugins that modify outgoing messages (such
      as the custom PART/QUIT feature of the IRC More plugin).
    * Fix IRC buffer handling (
    * Properly handle AUTHENTICATE as a normal command with server
    * Fix a crash caused by a use after free of the MOTD.
    * Fix an out of bounds read in irc_nick_skip_mode.
    * Fix a write of a single byte before the start of a buffer in
    + Pidgin:
    * Better support for dark themes (
    * Fix IPv6 links by not escaping []'s. (
    * Only write buddy icons to the cache if they're not already
    * Rejoin persistent chats after reconnect (
    * Make the WIN32 Transparency plugin work on all platforms
    * Ensure search results buttons are labelled.
    * Fix matching unicode emoticons (
    * Correctly update mute/unmute status when the remote side
      mutes/unmutes us (
    * Rework the status icon blinking to not use deprecated API
    * Do not allow adding a buddy to protocols that don't have an
      add_buddy callback.
    + Finch:
    * Fix handling of search results (
    + Voice & Video:
    * Port backend-fs to newer api for farstream relay-info
      property (
  - Rebase pidgin-ncurses-6.0-accessors.patch.
  - Remove pidgin-2.10.11-purple-remote-python3.patch: fixed
* Tue Mar 06 2018
  - Add pidgin-2.10.11-purple-remote-python3.patch: port
    purple-remote to python 3 (bsc#1084147).
  - Export PYTHON=python3 in %build.
  - Adjust scripts to invoke python3, not python2.
* Tue Mar 06 2018
  - Drop support for SLE 11 and openSUSE older than 42.x.
  - Remove pidgin-gnome-keyring.patch: was only useful for SLE 11.
* Tue Mar 06 2018
  - Update pidgin-ncurses-6.0-accessors.patch to cope with ncurses
    enabling opaque-panels. Pidgin should not access internal
    structures of ncurses.
* Fri Dec 29 2017
  - Remove pidgin-crash-missing-gst-registry.patch: is useless now
    and is potentially harmful.
  - Merge pidgin-nonblock-common2.patch to
* Tue Nov 21 2017
  - Add purple-import-empathy Recommends for SLE15 (FATE#322984).
* Tue Nov 07 2017
  - Correct the licence to GPL-2.0.
* Thu Nov 02 2017
  - Explicitly require python2
* Sat Jul 22 2017
  - Drop dependency over silc-toolkit-devel as we want to remove
    it from the distribution
* Fri Mar 10 2017
  - Update to version 2.12.0 (FATE#323136):
    + libpurple:
    - Fix an out of bounds memory read in
      purple_markup_unescape_entity (CVE-2017-2640, bsc#1028835).
    - Fix the use of uninitialised memory if running
      non-debug-enabled versions of glib.
    - Update AIM dev and dist ID's to new ones that were assigned
      by AOL.
    - TLS certificate verification now uses SHA-256 checksums.
    - Fix the SASL external auth for Freenode (boo#1009974).
    - Remove the MSN protocol plugin. It has been unusable and
      dormant for some time.
    - Remove the Mxit protocol plugin. The service was closed at
      the end ofSeptember 2016.
    - Remove the MySpaceIM protocol plugin. The service has been
      defunct for a long time (
    - Remove the Yahoo! protocol plugin. Yahoo has completely
      reimplemented their protocol, so this version is no longer
      operable as of August 5th, 2016.
    - Remove the Facebook (XMPP) account option. According to the XMPP Chat API
      service ended April 30th, 2015.
    - Fix gnutls certificate validation errors that mainly
      affected Google.
    + General:
    - Replace instances of with and
      update the urls to use https (
    + IRC:
    - Fix an issue of messages being silently cut off at 500
      characters. Large messages are now split into parts and sent
      one by one (
  - Rebase pidgin-nonblock-common.patch.
  - Remove pidgin-sasl-skip-external.patch.
  - Remove pidgin-NLD-smiley-theme.tar.bz2, deprecated.
  - Remove pidgin-Tango-smiley-theme.tar.bz2, deprecated
* Thu Dec 08 2016
  - Make libpurple require libpurple-branding.
  - Correctly remove *.so files for plugins
    (fixes devel-file-in-non-devel-package).
  - Rename libpurple-meanwhile to libpurple-plugin-sametime.
  - Remove generation of a plugin list to package, simply add it all
    in %files with exclusions.
* Wed Dec 07 2016
  - Build with GStreamer 1.x on SLE 12 SP2.
  - Apply pidgin-use-default-alsa.patch for SLE 12+ only properly.
  - Provide libpurple-branding-upstream for SLE 11 as well.
* Tue Nov 22 2016
  - Add pidgin-sasl-skip-external.patch:
    Backport upstream commit 6106566. Makes Freenode and other
    servers that prefer SASL EXTERNAL fingerprint authentication
    work again (bsc#1009974).
* Fri Jul 22 2016
  - Drop additional pkgconfig require (already implicitly detected),
    but explicitly buildrequire it for /usr/lib/rpm/
* Mon Jul 04 2016
  - Update to GNOME 3.20.2  Fate#318572
    + Drop pidgin-CVE-2014-3695 (bsc#902409): fixed upstream.
    + Drop pidgin-CVE-2014-3696 (bsc#902410): fixed upstream.
    + Drop pidgin-CVE-2014-3698 (bsc#902408): fixed upstream.
* Tue Jun 21 2016
  - Update to version 2.11.0:
    + General:
    - 2.10.12 was accidentally released with new additions to the
      API and should have been released as 2.11.0. Unfortunately,
      we did not catch the mistake until after 2.10.12 was released,
      but we're fixing it now.
      See ChangeLog.API for more information.
    - Include the Mozilla certificate bundle. This fixes connecting
      to servers with certificates from Let's Encrypt.
    - Remove all 1024-bit CAs.
    + libpurple:
    - media: Fix an issue with ximagesink displaying only a corner
      cut-out of a larger webcam video.
    - mediamanager: Update output window destruction so that it
      reflects recent changes in the media pipeline structure.
    - Ported Instantbird's CommandUiOps to libpurple.
    + Pidgin:
    - Fix
    - Fix alignment of incoming right-to-left messages in protocols
      that don't support rich text.
    - Fix a potential crash while exiting Pidgin.
    + AIM: Add support for the newer kerberos-based authentication of
      AIM 8.x.
    + ICQ: Stop truncating passwords to 8 characters like old ICQ
      clients did (
      If you actually needed this, truncate your password manually by
      pressing backspace a few times.
    + IRC: Base64-decode SASL messages before passing to libsasl
    + MXit:
    - Fix a buffer overflow (TALOS-CAN-0120).
    - Fix a remote out-of-bounds read (TALOS-CAN-0123, TALOS-CAN-0140).
    - Fix a remote out-of-band read (TALOS-CAN-0138, TALOS-CAN-0135).
    - Fix an invalid read (TALOS-CAN-0118).
    - Fix a remote buffer overflow vulnerability (TALOS-CAN-0119).
    - Fix a directory traversal issue (TALOS-CAN-0128).
    - Fix a remote denial of service vulnerability that could result
      in a null pointer dereference (TALOS-CAN-0133).
    - Fix a remote denial of service that could result in an
      out-of-bounds read (TALOS-CAN-0134).
    - Fix multiple remote buffer overflows (TALOS-CAN-0136).
    - Fix a remote null pointer dereference (TALOS-CAN-0137).
    - Fix a remote code execution issue discovered (TALOS-CAN-0142).
    - Fix a remote denial of service vulnerability in contact mood
      handling (TALOS-CAN-0141).
    - Fix a remote out-of-bounds write vulnerability
    - Fix a remote out-of-bounds read (TALOS-CAN-0143).
  - Clean pidgin-gnome-keyring.patch up a bit.
* Sat Jan 02 2016
  - Update to 2.10.12:
    + General:
    - purple-url-handler now works with Python 3.x.
    - Fix an issue where transient startup statuses could be
      deleted (
    + Pidgin: The shout smile now matches the default theme.
    + Gadu-Gadu: Update internal libgadu to version 1.12.1.
  - Use tarball signing.
  - Rebase pidgin-gnome-keyring.patch.
  - Remove pidgin-2.10.11-add-dtmf-support.patch,
    pidgin-2.10.11-private-media.patch and
    pidgin-port-to-gst-1.0.patch: added upstream.
* Wed Sep 09 2015
  - Add pidgin-ncurses-6.0-accessors.patch: Fix build with NCurses
    6.0 with WINDOW_OPAQUE set to 1 (
* Fri Aug 28 2015
  - Add pidgin-2.10.11-fix-sound-play-fd-leak.patch: fix a file
    desriptor leak while playing sound files
    (, boo#942818).
  - Remove GConf schemas generation: GConf is considered obsolete.
  - Make perl dependency less strict.
* Mon Aug 17 2015
  - Fix build with earlier openSUSE.
* Tue Aug 11 2015
  - Add a Recommends: gstreamer-plugins-good, this plugin provides
    wav support that pidgin needs.
* Tue Jun 30 2015
  - Re-attempt port to GStreamer 1.0 (based on work by David):
    + Add patches, from upstream:
    - pidgin-port-to-gst-1.0.patch
    - pidgin-2.10.11-gst-references.patch
    - pidgin-2.10.11-add-dtmf-support.patch
    - pidgin-2.10.11-application-media.patch
    - pidgin-2.10.11-init-media-optional.patch
    - pidgin-2.10.11-send-video-enum.patch
    - pidgin-2.10.11-private-media.patch
    + Replace gstreamer-0_10-devel and
      gstreamer-0_10-plugins-base-devel BuildRequires with
      pkgconfig(gstreamer-1.0), pkgconfig(gstreamer-video-1.0) and
    + Switch --disable-vv configure paramter to --enable-vv.
    + Pass --with-gstreamer=1.0 to configure.
* Tue Jan 20 2015
  - Remove pidgin-ssl-cache.patch: testing with the usual suspects in
    irc land suggests this workaround is no longer necessary
* Fri Nov 28 2014
  - Add patches to address CVE issues:
    + pidgin-CVE-2014-3698: bnc#902408: remote information leak via
      crafted XMPP message.
    + pidgin-CVE-2014-3696: bnc#902410: denial of service parsing
      Groupwise server message.
    + pidgin-CVE-2014-3695: bnc#902409: crash in MXit protocol
* Mon Nov 24 2014
  - Update to version 2.10.11:
    + General:
    - Fix handling of Self-Signed SSL/TLS Certificates when using
      the NSS plugin (
    - Improve default cipher suites used with the NSS plugin
    - Add NSS Preferences plugin which allows the SSL/TLS Versions
      and cipher suites to be configured (
    + Gadu-Gadu:
    - Fix a bug that prevented plugin to load when compiled without
      GnuTLS (
    - Fix build for platforms without AF_LOCAL definition
    + MSN:
    - Fix broken login due to server change (,
    - Fail early when buddy list is unavailable instead of wasting
      bandwidth endlessly re-trying.
* Sat Oct 25 2014
  - Remove pidgin-mono-buildfix.patch: Mono bindings are deprecated
    upstream and no plugin exists making use of them.
  - Rebase pidgin-gnome-keyring.patch.
  - Make openSUSE 11.1 (SLE 11) minimal requirement.
  - Remove obsoletions of gaim: incredibly old.
  - Move Tango and NLD emoticons to separate packages.
  - Spec cleanup.
* Fri Oct 24 2014
  - Update to version 2.10.10:
    + General:
    - Check the basic constraints extension when validating
      SSL/TLS certificates. This fixes a security hole that allowed
      a malicious man-in-the-middle to impersonate an IM server or
      any other https endpoint. This affected both the NSS and
      GnuTLS plugins (CVE-2014-3694, boo#902495).
    - Allow and prefer TLS 1.2 and 1.1 when using the NSS plugin
      for SSL (im#15909).
    + libpurple3 compatibility:
    - Encrypted account passwords are preserved until the new one
      is set.
    - Fix loading Google Talk and Facebook XMPP accounts.
    + Windows-Specific Changes: Don't allow overwriting arbitrary
      files on the file system when the user installs a smiley theme
      via drag-and-drop (CVE-2014-3697).
    + Finch: Fix build against Python 3 (im#15969).
    + Gadu-Gadu: Updated internal libgadu to version 1.12.0.
    + Groupwise: Fix potential remote crash parsing server message
      that indicates that a large amount of memory should be
      allocated (CVE-2014-3696, boo#902410).
    + IRC: Fix a possible leak of unencrypted data when using /me
      command with OTR (im#15750).
    + MXit: Fix potential remote crash parsing a malformed emoticon
      response (CVE-2014-3695, boo#902409).
    + XMPP:
    - Fix potential information leak where a malicious XMPP server
      and possibly even a malicious remote user could create a
      carefully crafted XMPP message that causes libpurple to send
      an XMPP message containing arbitrary memory (CVE-2014-3698,
    - Fix Facebook XMPP roster quirks (im#15041, im#15957).
    + Yahoo: Fix login when using the GnuTLS library for TLS
      connections (im#16172, boo#874606).
  - Drop pidgin-gstreamer1.patch: causes crashes and Video still does
    not work (boo#853038). Drop BuildRequires conditions switching to
    GStreamer 1.0.
  - Rebase pidgin-crash-missing-gst-registry.patch.
* Thu Jul 10 2014
  - Add pidgin-use-default-alsa.patch:
    Use ALSA as default for avoiding broken volume control of pa sink
* Sun Jul 06 2014
  - Add pidgin-ssl-cache.patch: Disable caching the SSL Session keys,
    as some (broken) IRC servers are not willing to re-use them upon
    a disconnect.
* Sun Jun 22 2014
  - ca-certificates-mozilla is present since 11.4, but lets use
    12.3 as base.
* Thu Jun 19 2014
  - Replaces (BuildRequires) of openssl-certs with
    ca-certificates-mozilla starting with SLE12 and openSUSE 13.2.
* Fri Mar 28 2014
  - Fix crash when GST registry cache file is missing
    + add pidgin-crash-missing-gst-registry.patch according to the
      GST doc, "gst_init" should be called before any other calls.
      See (bnc#866455). See ( for the upstream bug
* Mon Feb 03 2014
  - Update to version 2.10.9:
    + Fix problems logging into some servers including and (
* Wed Jan 29 2014
  - Update to version 2.10.8:
    + General: Python build scripts and example plugins are now
      compatible with Python 3 (
    + libpurple:
    - Fix potential crash if libpurple gets an error attempting to
      read a reply from a STUN server (CVE-2013-6484).
    - Fix potential crash parsing a malformed HTTP response
    - Fix buffer overflow when parsing a malformed HTTP response
      with chunked Transfer-Encoding (CVE-2013-6485).
    - Better handling of HTTP proxy responses with negative
    - Fix handling of SSL certificates without subjects when
      using libnss.
    - Fix handling of SSL certificates with timestamps in the
      distant future when using libnss (
    - Impose maximum download size for all HTTP fetches.
    + Pidgin:
    - Fix crash displaying tooltip of long URLs (CVE-2013-6478).
    - Better handling of URLs longer than 1000 letters.
    - Fix handling of multibyte UTF-8 characters in smiley themes
    + AIM: Fix untrusted certificate error.
    + AIM and ICQ: Fix a possible crash when receiving a malformed
      message in a Direct IM session.
    + Gadu-Gadu:
    - Fix buffer overflow with remote code execution potential.
      Only triggerable by a Gadu-Gadu server or a
      man-in-the-middle (CVE-2013-6487).
    - Disabled buddy list import/export from/to server.
    - Disabled new account registration and password change
    + IRC:
    - Fix bug where a malicious server or man-in-the-middle
      could trigger a crash by not sending enough arguments with
      various messages (CVE-2014-0020).
    - Fix bug where initial IRC status would not be set correctly.
    - Fix bug where IRC wasn't available when libpurple was
      compiled with Cyrus SASL support (
    + MSN:
    - Fix NULL pointer dereference parsing headers in MSN
    - Fix NULL pointer dereference parsing OIM data in MSN
    - Fix NULL pointer dereference parsing SOAP data in MSN
    - Fix possible crash when sending very long messages. Not
    + MXit:
    - Fix buffer overflow with remote code execution potential
    - Fix sporadic crashes that can happen after user is
    - Fix crash when attempting to add a contact via search
    - Show error message if file transfer fails.
    - Fix compiling with InstantBird.
    - Fix display of some custom emoticons.
    + SILC: Correctly set whiteboard dimensions in whiteboard
    + SIMPLE: Fix buffer overflow with remote code execution
      potential (CVE-2013-6487).
    + XMPP:
    - Prevent spoofing of iq replies by verifying that the
      'from' address matches the 'to' address of the iq request
    - Fix crash on some systems when receiving fake delay
      timestamps with extreme values (CVE-2013-6477).
    - Fix possible crash or other erratic behavior when selecting a
      very small file for your own buddy icon.
    - Fix crash if the user tries to initiate a voice/video session
      with a resourceless JID.
    - Fix login errors when the first two available auth mechanisms
      fail but a subsequent mechanism would otherwise work when
      using Cyrus SASL (
    - Fix dropping incoming stanzas on BOSH connections when we
      receive multiple HTTP responses at once (
    + Yahoo!:
    - Fix possible crashes handling incoming strings that are not
      UTF-8 (CVE-2012-6152).
    - Fix a bug reading a peer to peer message where a remote user
      could trigger a crash (CVE-2013-6481).
    + Plugins:
    - Fix crash in contact availability plugin.
    - Fix perl function Purple::Network::ip_atoi.
    - Add Unity integration plugin.
    + Windows specific fixes: (CVE-2013-6486,,, bgo#668154).
  - Drop pidgin-irc-sasl.patch, fixed upstream.
* Fri Jan 24 2014
  - Obsolete pidgin-facebookchat: the package is no longer maintained
    and pidgin as built-in support for Facebook Chat.
* Thu Jan 09 2014
  - Protect buildrequires for mono-devel with with_mono macro.
* Sun Mar 24 2013
  - Add pidgin-gstreamer1.patch: Port to GStreamer 1.0. Only enabled
    on openSUSE 13.1 and newer.
  - On openSUSE 13.1 and newer, use gstreamer-devel and
    gstreamer-plugins-base-devel BuildRequires.
* Sun Mar 10 2013
  - Add pidgin-irc-sasl.patch: link irc module to SASL. Allows the
    IRC module to be loaded (bnc#806975).
* Fri Feb 15 2013
  - Update to version 2.10.7 (bnc#804742):
    + Alien hatchery:
    - No changes
    + General:
    - The configure script will now exit with status 1 when
      specifying invalid protocol plugins using the
    - -with-static-prpls and --with-dynamic-prpls arguments.
    + libpurple:
    - Fix a crash when receiving UPnP responses with abnormally
      long values. (CVE-2013-0274)
    - Don't link directly to libgcrypt when building with GnuTLS
      support. (
    - Fix UPnP mappings on routers that return empty <URLBase/>
      elements in their response. (
    - Tcl plugin uses saner, race-free plugin loading.
    - Fix the Tcl signals-test plugin for savedstatus-changed.
    + Pidgin:
    - Make Pidgin more friendly to non-X11 GTK+, such as
      MacPorts' +no_x11 variant.
    + Gadu-Gadu:
    - Fix a crash at startup with large contact list. Avatar
      support for buddies will be disabled until 3.0.0.
    + IRC:
    - Support for SASL authentication. (
    - Print topic setter information at channel join.
    + MSN:
    - Fix SSL certificate issue when signing into MSN for some
    - Fix a crash when removing a user before its icon is loaded.
    + MXit:
    - Fix a bug where a remote MXit user could possibly specify a
      local file path to be written to. (CVE-2013-0271)
    - Fix a bug where the MXit server or a man-in-the-middle could
      potentially send specially crafted data that could overflow
      a buffer and lead to a crash or remote code execution.
    - Display farewell messages in a different colour to
      distinguish them from normal messages.
    - Add support for typing notification.
    - Add support for the Relationship Status profile attribute.
    - Remove all reference to Hidden Number.
    - Ignore new invites to join a GroupChat if you're already
      joined, or still have a pending invite.
    - The buddy's name was not centered vertically in the
      buddy-list if they did not have a status-message or mood
    - Fix decoding of font-size changes in the markup of received
    - Increase the maximum file size that can be transferred to
      1 MB.
    - When setting an avatar image, no longer downscale it to
    + Sametime:
    - Fix a crash in Sametime when a malicious server sends us an
      abnormally long user ID. (CVE-2013-0273)
    + Yahoo!:
    - Fix a double-free in profile/picture loading code.
    - Fix retrieving server-side buddy aliases. (
    + Plugins:
    - The Voice/Video Settings plugin supports using the sndio
      GStreamer backends. (
    - Fix a crash in the Contact Availability Detection plugin.
    - Make the Message Notification plugin more friendly to
      non-X11 GTK+, such as MacPorts' +no_x11 variant.
    + Windows-Specific Changes:
    - Compile with secure flags (
    - Installer downloads GTK+ Runtime and Debug Symbols more
      securely. (
    - Updates to a number of dependencies, some of which have
      security related fixes. (,,
      . ATK 1.32.0-2
      . Cyrus SASL 2.1.25
      . expat 2.1.0-1
      . freetype 2.4.10-1
      . gettext
      . Glib 2.28.8-1
      . libpng 1.4.12-1
      . libxml2 2.9.0-1
      . NSS 3.13.6 and NSPR 4.9.2
      . Pango 1.29.4-1
      . SILC 1.1.10
      . zlib 1.2.5-2
    - Patch libmeanwhile (sametime library) to fix crash.
* Fri Oct 12 2012
  - Fix build on openSUSE < 12.2: inverted %if needs some brackets
    if it's a more complex statement.
* Tue Oct 09 2012
  - Introduce with_evolution defines, which enables/disables the
    evolution plugin conditionally (only available on openSUSE<=12.2)
    as pidgin does not yet support GNOME 3.6 (
    + if with_evolution is not defined (false/0):
    - evolution-data-server BuildRequires is being skipped
    - Do not pass --with-gevolution to configure.
    - Do not build the -evolution sub package
    - Obsolete pidgin-evolution from the main package.
  - Pass --disable-vv to configure, as farstream 0.2 support is not
    avaialble yet.
* Sun Jul 08 2012
  - Update to version 2.10.6:
    + Pidgin:
    - Fix a bug that requires a triple-click to open a conversation
      window from the buddy list.
* Fri Jul 06 2012
  - Update to version 2.10.5:
    + libpurple:
    - Add support for GNOME3 proxy settings.
    + Pidgin:
    - Fix a crash that may occur when trying to ignore a user who
      is not in the current chat room.
    + MSN:
    - Fix building with MSVC on Windows (broken in 2.10.4).
    + MXit:
    - Fix a buffer overflow vulnerability when parsing incoming
      messages containing inline images. (CVE-2012-3374)
  - Rebase pidgin-gnome-keyring.patch.
* Mon May 07 2012
  - Update to version 2.10.4:
    + General:
    - Support building against Farstream in addition to Farsight.
    + IRC:
    - Disable periodic WHO timer. IRC channel user lists will no
      longer automatically display away status, but libpurple will
      be much kinder to the network.
    - Print unknown numerics to channel windows if we can associate
    + MSN:
    - Fix a possible crash when receiving messages with certain
      characters or character encodings.
    + XMPP:
    - Fix a possible crash when receiving a series of specially
      crafted file transfer requests. (CVE-2012-2214)
    + Windows-Specific Changes:
    - Words added to spell check dictionaries are saved across
      restarts of Pidgin.
  - Drop pidgin-port-to-farstream.patch: fixed upstream
* Mon Mar 26 2012
  - Update to version 2.10.3:
    + MSN:
    - Fix buddies not going offline.
* Fri Mar 23 2012
  - Finish transition from farsight2 to farstream in 12.2:
    + Update pidgin-port-to-farstream.patch to latest version of the
    + Add farstream-devel BuildRequires on openSUSE > 12.1, now that
      farstream is in Factory.
    + Stop passing --disable-vv to configure on > 12.1.
  - Pass --disable-schemas-install to configure: this should be used
    when packaging applications with gconf schemas.
* Wed Mar 14 2012
  - Update to version 2.10.2:
    + General:
    - Fix compilation when using binutils 2.22 and new GDK pixbuf.
    - Fix compilation of the MXit protocol plugin with GLib 2.31.
    + Pidgin:
    - Add support for the GNOME3 Network dialog.
    - Fix rare crash.
    - Add support for the GNOME3 Default Application dialog for
      configuring the Browser.
    + libpurple:
    - Support new connection states and signals for NetworkManager
    + AIM and ICQ:
    - Fix a possible crash when receiving an unexpected message
      from the server.
    - Allow signing on with usernames containing periods and
    - Allow adding buddies containing periods and underscores.
    - Don't try to format ICQ usernames entered as email addresses.
      This gets rid of an "Unable to format username" error at
    + MSN:
    - Fix possible crashes caused by not validating incoming
      messages as UTF-8.
    - Support new protocol version MSNP18.
    - Fix messages to offline contacts.
    + Plugins:
    - The autoaccept plugin will no longer reset the preference for
      unknown buddies to "Auto Reject" in certain cases.
    + Windows-Specific Changes.
  - Drop pidgin-nm09-more.patch: fixed upstream.
  - Drop pidgin-glib-2.31.patch: fixed upstream.
* Tue Feb 21 2012
  - On 12.2, add explicit libSM-devel, libXScrnSaver-devel,
    libXext-devel, pkgconfig(x11) BuildRequires, to avoid issues
    after the big xorg-x11 packaging change.
  - Get ready for transition from farsight2 to farstream in 12.2:
    + Only use farsight2-devel on <= 12.1 (and > 11.1).
    + Pass --disable-vv to configure on > 12.1 (and < 11.2), to
      disable voice/video support.
    + Add pidgin-port-to-farstream.patch, that we only apply on 12.2
      and later: port pidgin to farstream.
* Sat Dec 10 2011
  - Update to version 2.10.1:
    + AIM and ICQ:
    - Fix remotely-triggerable crashes by validating strings in a
      few messages related to buddy list management.
    + Bonjour:
    - IPv6 fixes
    + Gadu-Gadu:
    - Fix problems linking against GnuTLS.
    + IRC:
    - Fix a memory leak when admitting UTF-8 text with a non-UTF-8
      primary encoding.
    + Jabber:
    - Fix crashes and memory leaks when receiving malformed voice
      and video requests.
    + Sametime:
    - Separate "username" and "server" when adding new Sametime
    - Fix compilation in Visual C++.
    + SILC:
    - Fix CVE-2011-3594, by UTF-8 validating incoming messages
      before passing them to glib or libpurple.
    + Yahoo!:
    - Fetch buddy icons in some cases where we previously weren't.
* Mon Nov 28 2011
  - Add pidgin-glib-2.31.patch: Fix build with glib 2.31.
* Sun Nov 27 2011
  - add libtool as buildrequire to avoid implicit dependency
* Mon Aug 22 2011
  - Update to version 2.10.0:
    + Pidgin:
    - Make the max size of incoming smileys a pref instead of
      hardcoding it.
    - Added a plugin information dialog to show information for
      plugins that aren't otherwise visible in the plugins dialog.
    - Fix building with GTK+ earlier than 2.14.0 (GTK+ 2.10 is
      still the minimum supported)
    + libpurple:
    - Fix a potential crash in the Log Reader plugin when reading
      QIP logs.
    - Fix a large number of strcpy() and strcat() invocations to
      use strlcpy() and strlcat(), etc., forestalling an entire
      class of string buffer overrun bugs.
    - Change some filename manipulations in filectl.c to use
      MAXPATHLEN instead of arbitrary length constants.
    - Fix endianness-related crash in NTLM authentication
    + Gadu-Gadu:
    - Fixed searching for buddies in public directory.
    - Better status message handling.
    - Merged two buddy blocking methods.
    - Fix building of the bundled libgadu library with older
      versions of GnuTLS. (patch plucked from upstream)
    + ICQ:
    - Fix crash selecting Tools->Set Mood when you're online with
      an ICQ account that is configured as an AIM account.
    + IRC:
    - Fix a crash when remote users have certain characters in
      their nicknames.
    - Fix the handling of formatting following mIRC ^O
    - Fix crash when NAMES is empty.
    + MSN:
    - Fix incorrect handling of HTTP 100 responses when using the
      HTTP connection method. This can lead to a crash.
    - Fix seemingly random crashing.
    - Fix a crash when the account is disconnected at the time we
      are doing a SB request.
    + XMPP:
    - Do not generate malformed XML ("</>") when setting an empty
    - Fix the /join <room> behavior.  (Broken when adding support
      for <room>@<server>)
    + Yahoo!/Yahoo! JAPAN:
    - Fix coming out of idle while in an unavailable state
    - Fix logging into Yahoo! JAPAN.
    + Windows-Specific Changes:
    - Open an explorer.exe window at the location of the file when
      clicking on a file link instead of executing the file,
      because executing a file can be potentially dangerous.
  - Drop pidgin-b1dfad7fa45e394c213a97053d7ed5926c69901d.patch
    (multiple display of room members): the patch was taken from
    upstream and as such is included in the current tarball.
* Wed Jul 06 2011
  - Update summary and description of the main package and libpurple.
  - Remove libpurple-lang Recommands from main package, as we know it
    already depend on libpurple, which will bring libpurple-lang.
  - Create a libpurple-branding-upstream package (on 12.1 and later
    + this contains %{_sysconfdir}/purple/prefs.xml, which is the
      pidgin-prefs.xml we ship as source. This only includes
      documentation on how to change the default configuration.
    + this will let people know how to change the default
      configuration of libpurple, and potentially other clients.
    + since there is potentially also pidgin-related content in the
      same file, we also make libpurple-branding-upsream act as
      pidgin-branding-upstream (with Provides, Conflicts, Supplements
      that are usual for a branding package).
  - Make libpurple own %{_sysconfdir}/purple/, which is where the
    default configuration lives.
* Tue Jul 05 2011
  - Add patch to fix "multiple display of room members in MUC", bnc#703584.
  - Export V=1 before make to enable verbose build of all code, not
    only some of the subdirs.
* Fri Jun 24 2011
  - Update to version 2.9.0:
    + Pidgin:
    - Fix a potential remote denial-of-service bug related to
      displaying buddy icons.
    - Significantly improved performance of larger IRC channels
      (regression introduced in 2.8.0).
    - Fix Conversation->Add on AIM and MSN.
    - Entries in the chat user list are sorted properly again. This
      was inadvertenly broken in 2.8.0.
    + Finch:
    - Fix logging in to ICQ.
    + libpurple:
    - media: Actually use the specified TCP port from the TURN
      configuration to create a TCP relay candidate.
    + AIM and ICQ:
    - Fix crashes on some non-mainstream OSes when attempting to
      printf("%s", NULL).
    + Plugins:
    - The Evolution Integration plugin compiles again.
  - Drop pidgin-gevolution-fix-build.patch: the patch was taken from
    upstream and as such is included in the current tarball.
* Fri Jun 17 2011
  - Add pidgin-nm09-more.patch: correctly handle state changes in
    NetworkManager 0.9.
  - Add pidgin-gevolution-fix-build.patch: this fixes the build of
    the evolution integration. So drop all the %build_evo machinery.
  - Stop using source service to download the tarball, as Factory
    will move away from this.
* Tue Jun 07 2011
  - Update to version 2.8.0:
    + General:
    - Implement simple silence suppression for voice calls,
      preventing wasted bandwidth for silent periods during a call.
    - Added the DigiCert High Assurance CA-3 intermediate CA,
      needed for validation of the Facebook XMPP interface's
    - Removed the QQ protocol plugin. It hasn't worked in a long
      time and isn't being maintained.
    + Pidgin:
    - Duplicate code cleanup.
    - Voice/Video call window adapts correctly to adding or
      removing streams on the fly.
    - Don't cancel an ongoing call when rejecting the addition of a
      stream to the existing call.
    - Pidgin plugins can now override tab completion and detect
      clicks on usernames in the chat userlist.
    - Fix the tooltip being destroyed when it is full of
      information and cover the mouse
    + libpurple:
    - media:
      . Allow obtaining active local and remote candidates.
      . Allow getting/setting video capabilities.
      . Allow adding/removing streams on the fly.
      . Allow libpurple and plugins to set SDES properties for RTP
      . Add support for using TCP relaying with TURN
    - Simple Silence Suppression is optional per-account.
    - Fix purple-url-handler being unable to find an account.
    - Support new connection states in NetworkManager 0.9.
    - When removing a buddy, delete the pounces associated with it.
    - proxy: Add new "Tor/Privacy" proxy type that can be used to
      restrict operations that could leak potentially sensitive
      data (e.g. DNS queries).
    + AIM:
    - Fix setting icons with dimensions greater than 64x64 pixels
      by scaling them down to at most 64x64.
    + Gadu-Gadu:
    - Allow showing your status only to buddies.
    - Suppress blank messages that happen when receiving inline
    - Fix sending inline images to remote users, don't crash when
      trying to send large (> 256kB) images.
    - Support typing notifications.
    - Optional SSL connection support for GNUTLS users
    - Don't count received messages or statuses when determining
      whether to send a keepalive packet.
    - Support XML events, resulting in immediate update of other
      users' buddy icons.
    - Accept poorly formatted URLs from other third-party clients
      in the same manner as the official client.
    + ICQ:
    - Fix setting icons with dimensions greater than 64x64 pixels
      by scaling them down to at most 64x64.
    - Fix unsetting your mood when "None" is selected.
    - Ignore Daylight Saving Time when performing calculations
      related to birthdays.
    - It is now possible to specify multiple encodings on the
      Advanced tab of an ICQ account's settings by using a
      comma-delimited list.
    + IRC:
    - Add "authserv" service command.
    + MSN:
    - Fix a hard-to-exploit crash in the MSN protocol when using
      the HTTP connection method.
    + MXit:
    - Support for an Invite Message when adding a buddy.
    - Fixed bug in splitting-up of messages that contain a lot of
    - Fixed crash caused by timer not being disabled on disconnect.
    - Clearing of the conversation window now works.
    - When receiving an invite you can display the sender's profile
      information, avatar image, invite message.
    - The Change PIN option was moved into separate action.
    - New profile attributes added and shown.
    - Added the ability to view and invite your Suggested Friends,
      and to search for contacts.
    - Also display the Status Message of offline contacts in their
      profile information.
    + XMPP:
    - Remember the previously entered user directory when searching
    - Correctly handle a buddy's unsetting his/her vCard-based
    - Squash one more situation that resulted in duplicate entries
      in the roster
    + Plugins:
    - The Voice/Video Settings plugin now includes the ability to
      test microphone settings.
    - Fix a crash when handling some saved settings in the
      Voice/Video Settings plugin.
  - Drop pidgin-nm09.patch: fixed upstream.
  - Disable building of evolution plugin for Factory, with a
    build_evo define. The plugin is currently not compatible with
    evolution 3.1.x.
  - Add explicit gconf2-devel BuildRequires: it was implicitly
    brought before, but it is really needed.
* Fri Apr 22 2011
  - Add pidgin-nm09.patch: fix compatibility with NM 0.9.
* Mon Apr 04 2011
  - bnc#659001: mhr language got added to the base system. Do not own
    folders on openSUSE > 1140.
* Fri Mar 11 2011
  - Update to version 2.7.11
    + General:
    - Our bundled libgadu should now build on HP-UX.
    - Fix some instances of file transfers never completing.
    + Pidgin:
    - Sort by Status no longer causes buddies to move around when
      you click them.
    - Fix embedding in the system tray on older GTK+ releases (such
      as on CentOS 5.5 and older Fedora).
    - No longer require libstartup-notification for startup
      notification support. GTK+ has included support for years, so
      use it instead.
    + AIM:
    - Fix a bug where some buddies from your buddy list might not
      show up. Affected non-English ICQ users the most.
    - Send keepalives for all types of network connections. Will
      hopefully make chat rooms more reliable.
    + MSN:
    - Fix bug that prevented added buddies to your buddy list in
      certain circumstances.
    + XMPP:
    - Fix building on platforms with an older glib (inadvertantly
      broken in 2.7.10).
    - Don't treat the on-join status storms as 'new arrivals'.
    - Extend the /join command to support room JIDs, enabling you
      to join a room on any server.
    - Add support for receiving a limited amount of history when
      joining a room (not currently supported by Pidgin and Finch).
    + Yahoo!/Yahoo! JAPAN:
    - Fix CVE-2011-1091, denials of service caused by NULL pointer
      dereferences due to improper handling of malformed YMSG
* Sun Feb 13 2011
  - Add pidgin-fix-perl-build.patch to fix the build: some change
    upstream was apparently wrong, and we'll need to investigate this
* Sat Feb 12 2011
  - Call relevant macros in %post/%postun:
    + %desktop_database_post/postun because the package ships at
      least one desktop file.
    + %icon_theme_cache_post/postun because the package ships themed
  - Pass %{?no_lang_C} to %find_lang so that english documentation
    can be packaged with the program, and not in the lang subpackage.
  - Change Requires of lang subpackage to Recommends, since the
    english documentation is not there anymore.
* Wed Feb 02 2011
  - Update to version 2.7.10
    + General:
    - Force video sources to all have the same capabilities. This
      reduces the number of times video must be scaled down, saving
      CPU time.
    - Starting multiple video calls and ending one no longer causes
      the other calls to stop sending audio and video.
    - Perl bindings now respect LDFLAGS.
    - Added AddTrust External Root CA.
    - Resolve some issues validating X.509 certificates signed off
      the CAcert Class 3 intermediate cert when using the GnuTLS
      SSL/TLS plugin.
    + Gadu-Gadu:
    - Don't drop whole messages when text is colored.
    + Groupwise:
    - Don't show two windows when using "Get Info" on a buddy.
    + IRC:
    - Don't send ISON messages longer than 512 bytes.
    + libpurple:
    - Stop sending audio when placing a call on hold.
    - Stop translating gpointers to ints in the dbus API. This
      removes functions from the dbus API.
    - Fix D-Bus introspection calls that omit the interface
    - Fixed bugs in purple_str_to_time() that caused the most
      recent 'make check' failures.
    - Correct an issue that caused some UIs other than Pidgin or
      Finch to leave a buddy in the "is typing" state.
    - Fix potential information disclosure issues in the Cipher
    + Pidgin:
    - Support using the Page Up and Page Down keys on the numeric
      keypad in the conversation window.
    - Fix a few memory leaks.
    - Support rendering strikethrough when received as in-line CSS.
    - Editable comboboxes are now more friendly to some GTK+
    + Plugins:
    - The Voice/Video Settings plugin no longer resets selected
      devices to defaults.
    - The Voice/Video Settings plugin no longer crashes when a
      stored device name is not found in the list of available
    - The Autoaccept plugin now allows disabling filename escaping.
    - The Autoaccept plugin now allows choosing Reject/Ask/Accept
      for non-buddies.
    + QQ:
    - QQ2008 is now the default protocol version.
    + XMPP:
    - Don't crash when receiving an unexpected/invalid jingle
      transport type.
    - Handle Connection: Close headers for BOSH, when the server
      does not terminate the connection itself.
    - Improved parsing for DIGEST-MD5, which should resolve issues
      connecting to some jabberd2 servers. This corrects an issue
      parsing one-character or empty elements.
    + Yahoo!/Yahoo! JAPAN:
    - Fix a crash when an account disconnects before a p2p session
      is completely set up.
  - Drop pidgin-dbus-invalid-gpointer.patch: fixed upstream.
* Mon Dec 27 2010
  - Update to version 2.7.9:
    + MSN:
    - Fix a crash when receiving short packets related to P2Pv2.
* Mon Dec 20 2010
  - Update to version 2.7.8:
    + General:
    - Fix the exceptions in purple-remote on Python 2.6+.
    + Pidgin:
    - When a conversation has reached the maximum limit on the
      number of smileys, display the text representation of the
      smiley properly when it contains HTML-escapable characters
      (e.g. "<3" was previously displayed as "&lt;3").
    - Drop dependency on GdkGC and use Cairo instead.
    - New UI hack to assist in first-time setup of Facebook
    - Don't hide the buddy list if there is no notification area in
      which to put the icon.
    + libpurple:
    - Fix multipart parsing when '=' is included in the boundary
      for purple_mime_document_parse.
    + AIM and ICQ:
    - Buddies who unset their status message will now be correctly
      shown without a message in your buddy list.
    + Gadu-Gadu:
    - Updated our bundled libgadu and minimum requirement for
      external libgadu to 1.9.0.
    + MSN:
    - Stop showing ourselves in the list of endpoints that can be
    - Allow full-size display names, by not escaping (most)
      non-English characters.
    - Fix receiving messages from users on Yahoo and other
      federated services.
    - Correctly remove old endpoints from the list when they sign
    - Add option to disable connections from multiple locations.
    - Correctly update your own display name in the buddy list.
    - Correctly show ourselves as offline in the buddy list when
      going invisible.
    - Correctly update your own icon in the buddy list.
    - Remove struct packing for better portability.
    + XMPP:
    - Terminate Jingle sessions with unsupported content types.
  - Own the directories for the mhr locale, until bnc#659001 is
* Tue Nov 30 2010
  - Drop pidgin-nonblock-aim.patch: Does not apply and seems
    obsoleted. Part of bnc#569271.
* Thu Nov 25 2010
  - Update to version 2.7.7:
    + General:
    - Allow multiple CA certificates to share the same
      Distinguished Name (DN). Partially fixes remaining MSN
    - The GNUTLS SSL plugin now discards any certificate (and all
      subsequent certificates) in a chain if it did not sign the
      previous certificate. Partially fixes remaining MSN issues.
    - Open requests related to a file transfer are now closed when
      the request is cancelled locally.
    + AIM and ICQ:
    - AIM should now connect if "Use clientLogin" is turned off and
      the "Server" field is set to anything other than
      "" or "".
    - Fix a crash on connection loss.
* Tue Nov 23 2010
  - Update to version 2.7.6:
    + General:
    - Included Microsoft Internet Authority 2010 and Microsoft
      Secure Server Authority 2010 intermediate CA certificates to
      our bundle.  This fixes the "Unable to validate certificate"
      error for (bnc#655477).
    + Pidgin:
    - Avoid a use-after-free race condition in the media code
      (when there's an error reported by GStreamer).
    + AIM and ICQ:
    - SSL option has been changed to a tri-state menu with choices
      for "Don't Use Encryption", "Use Encryption if Available",
      and "Require Encryption".
    - Fix some possible clientLogin URL issues introduced in
      version 2.7.5.
    - Don't show a "<URL>: Ok" connection error when using
    - Cleaned up some debug output for improved readability.
    + MSN:
    - Added support for MSNP16, including Multiple Points of
      Presence (MPOP) which allows multiple simultaneous sign-ins.
    - Added extended capabilities support (none implemented).
    - Merged the work done on the Google SoC (major rewrite of SLP
    - Reworked the data transfer architecture.
    - Lots of little changes.
    - Don't process zero-length DC messages.
    - Fixed a bunch of memory leaks.
    - Prevent a use-after-free condition.
    + XMPP:
    - Avoid a double-free in the Google Relay (V/V) code.
    - Avoid double error message when failing a file transfer.
    - Password-related information is printed out for SASL
      authentication when the PURPLE_UNSAFE_DEBUG environment
      variable is set.
    - Authentication mechanisms can now be added by UI's or other
      plugins with some work. This is outside the API/ABI rules!
    - Fixed a few printf("%s", NULL) crashes for broken OSes.
    + Windows-Specific Changes:
    - Build the Pidgin Theme Editor plugin (finally).
    - Untarring (for themes) now works for non-ASCII destination
* Wed Nov 10 2010
  - Update to version 2.7.5:
    + General:
    - Added Verisign Class 3 Public CA - G2 root CA.
    + Pidgin:
    - Properly differentiate between bn and bn_IN in the
      Translation Information dialog.
    + AIM and/or ICQ:
    - Display the "Authorize buddy?" mini dialog when the requester
      has an empty nickname.
    - New ICQ accounts default to proper ICQ servers.  Old
      accounts using one of the old default servers will be
      silently migrated to use the proper servers.
    - ICQ accounts using clientLogin now use the correct ICQ
      servers.  This is separate from the server settings
      mentioned above.
    - '<' should no longer cause ICQ status messages to be
      truncated in some locations.
    - Fix sending messages to chat rooms.
    + Bonjour:
    - Don't crash when attempting to log into a Bonjour account
      and init failed.
    + Windows-Specific Changes:
    - Quote the path stored in the registry when the
      "run at startup" option in the Windows Pidgin Options plugin
      is used.
  - Disable mono plugins on openSUSE 11.4. It does not work and is
    unmaintained by upstream (they are surprised it builds).
* Fri Oct 22 2010
  - Update to version 2.7.4:
    + General:
    - Fix search path for Tk when compiling on Debian Squeeze.
    - purple-remote now expects and produces UTF-8.
    - Add Deutsche Telekom, Thawte Primary, and Go Daddy Class 2
      root CAs
    - Fix CVE-2010-3711 by properly validating return values from
      the purple_base64_decode() function before using them.
    - Fix two local crash bugs by properly validating return values
      from the purple_base16_decode() function before using them.
    + libpurple:
    - Fall back to an ordinary request if a UI does not support
      showing a request with an icon. Fixes receiving MSN file
      transfer requests including a thumbnail in Finch.
    - Fix an invalid memory access when removing UPnP mappings that
      could cause sporadic crashes, most notably when MSN Direct
      Connections are enabled.
    - Add a sentence to the certificate warning for expired
      certificates suggesting the user check their computer's date
      and time.
    + Pidgin:
    - Add support for the Gadu-Gadu protocol in the gevolution
      plugin to provide Evolution integration with contacts with
      Gadu-Gadu IDs.
    - Remap the "Set User Mood" shortcut to Control-D, which does
      not conflict with the previous shortcut for Get Buddy Info on
      the selected buddy.
    - Add a plugin action menu (under Tools) for the Voice and
      Video Settings plugin.
    - Use GRegex for the debug window where available. This brings
      regex filtering to the debug window on Windows.
    - Add Google Chrome and Chromium to the list of possible
      browsers on non-Windows systems.
    - The "Manual" browser option is now stored as a string. It is
      no longer necessary to specify a full path to the browser
    - The Send To menu can now be used if the active account in the
      conversation becomes disabled or inactive.
    - xdg-open is now the default browser for new users on
      non-Windows platforms.
    + XMPP:
    - Unify the connection security-related settings into one
    - Fix a crash when multiple accounts are simultaneously
      performing SASL authentication when built with Cyrus SASL
    - Restore the ability to connect to XMPP servers that do not
      offer Stream ID.
    - Added support for using Google's relay servers when making
      voice and video calls to Google clients.
    - Fix detecting file transfer proxies advertised by the server.
    - Advertise support for Google Talk's JID Domain Discovery
      extension in all cases again (changed in 2.7.0), not just
      when the domain is "" or ""
    - Improved handling of adding oneself to your buddy list when
      using Non-SASL (legacy) authentication.
    - Generate a connection error instead of just stalling when
      the _xmppconnect TXT record returns results, but none of them
      result in a valid BOSH URI.
    + Yahoo/Yahoo JAPAN:
    - Stop doing unnecessary lookups of certain alias information.
      This solves deadlocks when a given Yahoo account has a
      ridiculously large (>500 buddies) list and may improve login
      speed for those on slow connections.
    - Fix sending SMS messages. The lookup host changed on us.
    - Improvements for some file transfer scenarios, but not all.
  - Drop pidgin-browser-default.patch: fixed upstream.
* Sun Aug 15 2010
  - Update to version 2.7.3:
    + For a complete overview of changes, see NEWS file. Here are
      some highlights (excluding many bug fixes).
    + Pidgin:
    - Re-arrange media window to make it more netbook-friendly.
    + Finch:
    - Rebindable 'suggest-next-page' and 'suggest-prev-page'
      actions for textboxes.
    - Rebindable 'dropdown' action for comboboxes.
    + MSN:
    - Support for web-based buddy icons.
    + MXit:
    - Many improvements.
    + Yahoo/Yahoo JAPAN:
    - Proxy handling improvements.
    - Fix file transfers that get stuck with "Waiting for transfer
      to begin".
  - Changes from version 2.7.2:
    + Fix crashes, including CVE-2010-2528.
  - Changes from version 2.7.1:
    + Pidgin:
    - Restore the tray icon's blinking functionality.
    + MSN:
    - Support for direct connections, enabling faster file
      transfers, smiley and buddy icon loading.
    + MXit:
    - Add the standard MXit emoticons.
    - Increment protocol version to v6.0.
  - Changes from version 2.7.0:
    + Pidgin:
    - Add UI for sending attentions (buzz, nudge) on supporting
    - Make the search dialog unobtrusive in the conversation
    - The Recent Log Activity sort method for the Buddy List now
      distinguishes between no activity and a small amount of
      activity in the distant past.
    - Add a menu set mood globally for all mood-supporting
    - Default binding of Ctrl+Shift+v to 'Paste as Plain Text' in
      conversation windows.
    - The 'Message Timestamp Formats' plugin allows changing the
      timestamp format from the timestamps' context menu in
      conversation log, and allows forcing 12-hour timestamps.
    - Show file transfer thumbnails for images on supporting
      protocols (MSN).
    + Bonjour: Add support for IPv6.
    + AIM and ICQ:
    - X-Status (Custom ICQ status icon) support.
    - Support sending and receiving HTML-formatted messages for
    + MSN:
    - Support for version 9 of the MSN protocol has been removed.
    - Support file transfer thumbnails (previews) for images.
    - Fix CVE-2010-1624.
    + Finch:
    - New action 'history-search', with default binding ctrl+r, to
      search the entered string in the input history.
  - Drop upstream included patches:
    + pidgin-directconn-argfix.patch
    + pidgin-oscar-clientlogin.patch
    + pidgin-oscar-portability.patch
    + pidgin-bnc550170-qq-2008only.patch (bnc#569271)
    + includes.patch (bnc#569271#6)
  - Add pidgin-mono-buildfix.patch: fix build of mono plugin loader.
  - Remove the conditional checks for openSUSE 10.2 and 10.3,
    simplifying the spec file a lot.
  - Pass --enable-gevolution to configure to actually activate the
  - Split out pidgin-evolution package containing the evo plugin.
* Tue Mar 30 2010
  - Add pidgin-oscar-clientlogin.patch to fix connection issues
    to OSCAR networks (ICQ). Patch from upstream commit
* Tue Mar 02 2010
  - Add pidgin-oscar-portability.patch to fix build / portability
    issues. Reported upstream at
* Wed Feb 17 2010
  - Updated to version 2.6.6:
    + libpurple:
    - Fix a quirk in purple_markup_html_to_xhtml that caused some
      messages to be improperly converted to XHTML.
    - Set "controlling-mode" correctly when initializing a media
      session. Fixes receiving voice calls from Psi.
    - When looking up DNS records, use the type of record returned
      by the server (instead of the type we asked for) to determine
      how to process the record.
    - Fix an issue with parsing XML attributes that contain
      "&lt;br&gt;". See ChangeLog.API for more details.
    + General:
    - Correctly disable all missing dependencies when using the
    - -disable-missing-dependencies option.
    + Gadu-Gadu:
    - Fix display of avatars after a server-side change.
    + AIM:
    - Allow setting and displaying icons between 1x1 and 100x100
      pixels. Previously only icons between 48x48 and 50x50 were
    + MSN:
    - Fix CVE-2010-0277, a possible remote crash when parsing an
      incoming SLP message.
    - File transfer requests will no longer cause a crash if you
      delete the file before the other side accepts.
    - Received files will no longer hold an extra lock after
      completion, meaning they can be moved or deleted without
      complaints from your OS.
    - Buddies who sign in from a second location will no longer
      cause an unnecessary chat window to open.
    - Support setting an animated GIF as a buddy icon.
    - Numerous code cleanups and memory savings.
    + MySpace:
    - Fix a leak and crash when retrieving buddy icons.
    + XMPP:
    - Less likely to send messages to a contact's idle/inactive
      resource. Previously, if a message was received from a
      specific resource, responses would be sent to that resource
      until either it went offline or a message is received from
      another resource. Now, messages are sent to the bare JID upon
      receipt of any presence change from the contact.
    - Added support for the SCRAM-SHA-1 SASL mechanism. This is
      only available when built without Cyrus SASL support.
    - When getting info on a domain-only (server) JID, show uptime
      (when given by the result of the "last query") and don't show
      status as offline.
    - Fix getting info on your own JID.
    - Wrap XHTML messages in <p>, as described in XEP-0071, for
      compatibility with some clients.
    - Don't do an SRV lookup for a STUN server associated with the
      account if one is already set globally in prefs.
    - Don't send custom smileys larger than the recommended maximum
      object size specified in the BoB XEP. This prevents a client
      from being disconnected by servers that dislike overly-large
    - Fix receiving messages without markup over an Openfire BOSH
      connection (forcibly put the stanzas in the jabber:client
    - The default value for the file transfer proxies is
      automatically updated when an account connects, if it is
      still the old (broken) default (from '' to
    - Fix an issue where libpurple created duplicate buddies if the
      roster contains a buddy in two groups that differ only by
      case (e.g. "XMPP" and "xmpp") (or not at all).
    + Yahoo:
    - Don't send <span> and </span> tags.
    - Support PingBox. PingBoxes will appear as pbx/PingBoxName.
    + Pidgin:
    - Fix CVE-2010-0423, a denial of service attack due to the
      parsing of large numbers of smileys.
    - Correctly size conversation and status box entries when the
      interior-focus style property is diabled.
    - Correctly handle a multiline text field being required in a
      request form.
    - Search friends by email-addresses in the buddy list.
    - Allow dropping an image on Custom Smiley window to add a new
    - Prompt for confirmation when clearing a whiteboard (doodle)
    - Use the "hand" cursor when hovering over usernames in chat
      history to indicate that the username is an actionable item.
    - Double-clicking usernames in chat history will open an IM
      with that user.
    - Put an icon on the "Filter" button in the debug window.
    - Don't treat "/messages/like/this " as commands.
    - Explicitly mark user interaction when inserting smilies from
      the toolbar so "Undo" correctly removes these smilies.
    - Clicking "New" or "Saved" in the status selector menu while
      typing a status message no longer keeps the status entry area
      stuck in "typing" mode forever.
    - Show tooltips for ellipsized conversation tabs. On older
      systems, tooltips will show for all tabs.
    - The File Transfers and Debug Window windows are no longer
      created as dialogs. These windows should now have minimize
      buttons in many environments in which they were previously
      missing (including Windows).
    - Smiley themes with Windows line endings no longer cause theme
      descriptions not to be displayed in the theme selector.
    + Finch:
    - Fix CVE-2010-0420, a possible remote crash when handling chat
      room buddy names.
    - Rebindable 'move-first' and 'move-last' actions for tree
      widgets. So it is possible to jump to the first or last entry
      in the buddy list (and other such lists) by pressing home or
      end key (defaults)
* Thu Jan 14 2010
  - Updated to version 2.6.5:
    + libpurple:
    - TLS certificates are actually stored to the local cache once
      again (accepting a name mismatch on a certificate should now
      be remembered)
    + General:
      + Build-time fixes for Solaris.
    + AIM and ICQ:
    - Messages from some mobile clients are no longer displayed as
      Chinese characters (broken in 2.6.4)
    + MSN:
    - Fix an issue allowing a remote user to download arbitrary
      files from a libpurple client. (CVE-2010-0013, bnc#567799)
    + XMPP:
    - Do not crash when attempting to register for a new account on
    - Fix file transfer with clients that do not support Entity
      Capabilities (e.g. Spark)
  - Disabled GNOME keyring integration for openSUSE (bnc#566286).
* Mon Jan 04 2010
  - Change gnome-keyring-devel BuildRequires to
    libgnome-keyring-devel on 11.3 and later, following the module
    split upstream.
* Wed Dec 16 2009
  - Fix build in Factory by not owning /usr/share/locale/ms_MY which
    is now owned by the filesystem package.
* Sun Dec 06 2009
  - Update to version 2.6.4:
    + libpurple:
    - Actually emit the hold signal for media calls.
    - Fix building the GnuTLS plugin with older versions of GnuTLS.
    - Fix DNS TXT query resolution.
    - Don't send Proxy-Authorization headers to HTTP proxy servers
      until we've received a "407 Proxy Authentication Required"
      response from the server.
    - Added "MXit" protocol plugin, supported and maintained by the
      MXit folks themselves.
    + General:
    - New 'plugins' sub-command to 'debug' command (i.e. '/debug
      plugins') to announce the list of loaded plugins.
    - Always rejoin open chats after an account reconnects.
    + AIM and ICQ:
    - Better rate limit calculations and other improvements.
    - More detailed error messages when messages fail to send.
    - The simultaneous login account option is respected when using
      the clientLogin authentication method.
    - Fix offline message retrieval (broken in 2.6.3)
    - Fix handling of markup on some messages (broken in 2.6.2)
    - Fix SSL when clientLogin is enabled.
    - Fix sending and receiving Unicode characters in a Direct IM
    + MSN:
    - Fix various crashes.
    - Don't forget display names for buddies.
    - Fix more FQY 240 connection errors.
    - Cache our own friendly name as the server no longer does that
      for us.
    + XMPP:
    - Fix some crashes.
    - Users connecting to Google Talk now have an "Initiate Chat"
      context menu option for their buddies.
    - Resolve an issue when connecting to iChat Server when no
      resource is specified.
    - Try to automatically find a STUN server by using an SRV
      lookup on the account's domain, if no prefs is set for this.
    - Only show the "send a file" option if the buddy supports one
      of the file transfer methods supported by libpurple.
    - Keep the avatar on the server if one is not set locally.
    + Yahoo:
    - Fix sending /buzz.
    - Fix blocking behavior for federated (MSN/OCS/Sametime)
      service users.
    - Add support for adding OCS and Sametime buddies. OCS users
      are added as "ocs/user@domain.tld" and Sametime users are
      added as "ibm/sametime_id".
    + Finch:
    - The TinyURL plugin now creates shorter URLs for long
      non-conversation URLs, e.g. URLs to open Inbox in Yahoo/MSN
      protocols, or the Yahoo Captcha when joining chat rooms.
    - Fix displaying umlauts etc. in non-utf8 locale.
    + Pidgin:
    - The userlist in a multiuser chat can be styled via gtkrc.
    - Add a hold button to the media window.
    - Fix a bug where the conversation backlog stops scrolling in a
      very busy chat room.
    - In the Conversation "Send To" menu, offline buddies appear
      grayed out (but are still selectable).
    + Pidgin Preference and Preference Window Changes:
    - General reorganization of the preference window.
    - Removed the "Use font from theme" and "Conversation Font"
      preferences. This can be controlled from the Pidgin GTK+
      Theme Control plugin.
    - The Browser and Proxy tabs show appropriate GNOME-specific
      messages and allow launching the correct applications to
      change the relevant GNOME preferences if found.
  - Do not use the Tango and NLD icon themes for 11.2 and later. This
    was discussed with Jakub Steiner.
* Fri Dec 04 2009
  - Fixed openssl-certs dependency problem in SLE10.
* Thu Nov 26 2009
  - Single spec for all SUSE products in all build systems.
  - Updated to Pidgin 2.6.3:
    * Fix a crash when performing DNS queries on Unixes that use the
      blocking DNS lookups.
    * Fixed incorrect Oscar memory access by a specially crafted SIM
      IM client contacts message (bnc#548072, pidgin#10481,
    * Fix blocking and other privacy list problems.
  - Migrate all QQ accounts to QQ2008 (bnc#550170).
  - Update may include these security fixes:
  - Fixed XMPP crash when receiving a message with a custom smiley
    from a client that doesn't actually support custom smileys.
    (bnc#536602, CVE-2009-3085)
  - Fixed MSN remote denial of service via handwritten Ink message
    (bnc#536602, pidgin#10159, CVE-2009-3084)
  - Fixed MSN remote denial of service via an SLP invite message that
    lacks certain required fields (bnc#536602, pidgin#10048,
  - Fixed IRC TOPIC message DoS (bnc#537214, IS-2009-001,
    CVE-2009-2703, Bugtraq#36277).
  - Fixed incorrect Oscar memory access by a specially crafted SIM IM
    client contacts message (bnc#548072, pidgin#10481,
  - Re-added NLD artwork by Hans Petter Jansson (
* Tue Oct 20 2009
  - Add pidgin-bnc548072.patch, fixes crash with oscar (ICQ) protocol
* Wed Sep 23 2009
  - Cleanup BuildRequires.
* Wed Sep 09 2009
  - Remove Tango and NLD themes: the upstream theme is following the
    tango guidelines now.
* Mon Sep 07 2009
  - Update to version 2.6.2
    + libpurple
    - Fix --disable-avahi to actually disable it in configure, as
      opposed to just making the warning non-fatal.
    - Fix using GNOME proxy settings properly.
    + IRC:
    - Fix parsing of invalid TOPIC messages. (CVE-2009-2703)
    + MSN:
    - Sending custom smileys in chats is now supported.
    - Ink messages are now saved when using the HTML logger.
    - Fix a crash when receiving some handwritten messages.
    - Fix a crash when receiving certain SLP invite messages.
    - Chats with multiple people should no longer spontaneously
    + XMPP:
    - Prompt the user before cancelling a presence subscription.
    - Escape status messages that have HTML entities in the Get
      Info dialog.
    - Fix connecting to XMPP domains with no SRV records from
      Pidgin on Windows.
    - Fix typing notifications with Pidgin 2.5.9 or earlier.
    - Fix connecting using BOSH and legacy authentication (XEP-0078).
    - Adding buddies of the form "romeo@.../Resource" are handled
      properly. In addition, it is no longer possible to add
      buddies of the form "room@.../User", where room@... is a MUC.
    - Don't crash when receiving "smileyfied" XHTML-IM from clients
      that don't support bits of binary (ie. when getting an empty
      <data/> in return)
    - Fix bug where SSL/TLS was not required even though the
      "require SSL/TLS" preference checked when connecting to
      servers that use the older iq-based authentication.
    + Yahoo!:
    - Accounts now have "Use account proxy for SSL connections"
    + Finch
    - Properly detect libpanel on OpenBSD.
    - Remove IO watches in gnt_quit.
    + Pidgin
    - Fix the auto-personize functionality in the Buddy List.
    - Set the window icon for the media window to an icon
      corresponding to the type of call (headphone or webcam).
    - Customized sound files are no longer reset whenever opening
      the Preferences dialog.
    - The buddy list should now immediately refresh upon changing
      the icon theme.
* Tue Aug 25 2009
  - Updated to version 2.6.1:
    * Voice and Video support.
    * Theme support.
    * Yahoo: Separate plugin for Yahoo Japan, SMS support.
    * XMPP: voice and video support, service discovery, support for
      BOSH, idle time reporting, attention support, in-band bytestreams
      file transfer as, custom smiley support, updated support for buddy
    * Support for IDN.
    * Several security fixes (CORE-2009-0727, CVE-2009-2694,
* Fri Aug 07 2009
  - Split the support for tcl plugins in libpurple-tcl, to not force
    installation of tcl.
* Wed Jul 01 2009
  - Updated to version 2.5.8:
    * ICQ:
      + Fix misparsing a web message as an SMS message.
    * MSN:
      + Increase NS command history size to prevent crashes on buddy
      lists that have a lot of buddies on other networks like
    * MySpace:
      + Accounts with empty buddy lists are now properly marked as
      + Fix receiving messages from users of MySpace IM's web client.
    * Yahoo:
      + Fixed phantom online buddies.  They should now properly
      disappear when signing out.
      + Fixed the crashes some users were seeing with in 2.5.7.
      + Fixed compiling on systems with glib 2.4.x or older.
      + Fixed an issue with file transfers.  This may not resolve all
      issues, but it should resolve at least some of the most
      common ones.
      + The pager server will automatically update to if the user empties the field or if it is  This should ease the pain of transition
      to the new login method.
    * XMPP:
      + Fix an incompatibility betweeen Prosody and libpurple
* Mon Jun 22 2009
  - Add pidgin-fix-installation.patch to fix build with automake 1.11
* Sun Jun 21 2009
  - Update to version 2.5.7:
    + Yahoo Protocol 16 support, including new HTTPS login method;
      this should fix a number of login problems that have recently
      cropped up.
    + Only display the AIM "Unable to Retrieve Buddy List" message
      once per connection.
    + Blocking MSN users not on your buddy list no longer disconnects
    + When performing operations on MSN, assume users are on the
      MSN/Passport network if we don't get network ID's for them.
* Wed May 20 2009
  - Update to version 2.5.6:
    + libpurple:
    - Improve sleep behavior by aggregation of longer timeouts on
      second boundaries to allow better power saving.
    - Fix various crashes on exit.
    - Make XML parsing more resilient to interactions with other
      libraries. This, along with the fix for libxml2 bgo#564217,
      fixes the crashes on connect in XMPP with recent
    - Many security related fixes.
    + IRC:
    - Correctly handle WHOIS for users who are joined to a large
      number of channels.
    - Notify the user if a /nick command fails, rather than trying
      fallback nicks.
    + MSN:
    - Fix a race condition causing occasional Pidgin crashes.
    - Fix some errors about the friendly name changing too fast
      caused by MSN/Yahoo integration buddies.
    + XMPP:
    - Less likely to pop up a new conversation window in disregard
      of the "Hide new IM conversations" preference.
    + Yahoo:
    - Fix a crash when sending very long messages.
    - Fix a bug where UTF-8 status messages get garbled when going
* Mon Apr 06 2009
  - Respin pidgin-gnome-keyring.patch that doesn't apply with new
    patch package.
* Mon Mar 16 2009
  - Added support for translation-update-upstream (FATE#301344).
* Thu Mar 12 2009
  - Updated to version 2.5.5:
    * Fix a crash when removing an account with an unknown protocol id.
    * Beta support for SSL connections for AIM and ICQ accounts.  To
      enable, check the "Use SSL" option from the Advanced tab when
      editing your AIM or ICQ account. (Paul Aurich)
    * Fix a memory leak in SILC. (Luke Petre)
    * Fix some string handling in the SIMPLE prpl, which fixes some buddy name
      handling and other issues. (Paul Aurich, Marcus Sundberg)
    * Implement support for resolving DNS via the SOCKS4 proxy (SOCKS4a).
    * Fix retrieval of status messages from users of ICQ 6.x, Miranda, and
      other libpurple clients. (Daniel Ljungborg)
    * Change client ID to match ICQ Basic 14.34.3096.  This fixes publishing
      of buddy icons and available messages.
    * Properly publish status messages for statuses other than Available.
      ICQ 6.x users can now see these status messages. (Daniel Ljungborg)
    * Fix receipt of messages from the mobile client Slick. (David Jedelsky)
    * Fix transfer of buddy icons, custom smileys, and files from the
      latest Windows Live Messenger 9 official client. (Thomas
    * Large (multi-part) messages are now correctly re-combined.
    * Federated/Yahoo! buddies should now stop creating sync issues at
      every signin.  You may need to remove duplicates in the Address
      Book.  See the FAQ for more information.  Thanks to Jason Lingohr
      for lots of debugging and testing.
    * Messages from Yahoo! buddies are no longer silently dropped.
    * We now save and use the CacheKey for ABCH SOAP requests.
    * Don't try to parse Personal Status Messages or Current Media if they
      don't exist.
    * Convert from ISO-8859-1 encoding to UTF-8 when no charset is specified
      on incoming messages.  This should fix some issues with messages from
      older clients.
    * Force sending the font "Segoe UI" if outgoing formatting doesn't specify
      a font already.
    * Queue callbacks when token updates are in progress to prevent two token
      update attempts from trampling each other.
    * Fixed a crash on Windows when removing a buddy's alias.
    * Update the Address Book when buddies' friendly names change.  This
      prevents seeing an outdated alias or not seeing an alias at all for
      buddies who are offline when you sign in.
    * Update tokens for FindMembership and ABFindAll SOAP requests.
    * We no longer try to send empty messages.  This could happen when a
      message contained only formatting and that formatting was not supported
      on MSN.
    * Buddies on both the Allow and Block list are now automatically
      removed from the Allow list.  Users with this problem will now no
      longer receive an ADL 241 error.  The problematic buddy should now
      appear on the buddy list and can be removed or unblocked as desired.
    * Resources using __HOSTNAME__ substitution will now grab only the short
      hostname instead of the FQDN on systems which put the FQDN in the
      hostname. (Matěj Cepl)
    * No longer send a 'to' attribute on an outgoing stanza when we haven't
      received one.  This fixes a registration bug as described in ticket
    * Tooltip windows now appear below the mouse cursor. (Kosta Arvanitis)
    * Tooltip windows now disappear on keypress events. (Kosta Arvanitis)
    * Tooltip windows no longer linger when scrolling the buddy list. (Kosta
    * Allow rebinding keys to change the focused widget (details in the
      man-page, look for GntBox::binding)



Generated by rpm2html 1.8.1

Fabrice Bellet, Sat Apr 9 10:08:57 2022