Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 319557 - net-im/pidgin-2.7.0 version bump
Summary: net-im/pidgin-2.7.0 version bump
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: High enhancement (vote)
Assignee: Gentoo Net-im project
URL: http://pidgin.im
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-05-13 15:22 UTC by Dani Soufi
Modified: 2010-05-17 09:36 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dani Soufi 2010-05-13 15:22:47 UTC 
Pidgin version 2.7.0 was released on 05/12/2010. They dropped support for old MSNP9, changed GTK+ minimum version requirement to 2.10.0 and set GLib minimum version requirement to 2.12.0. In addition to security fixes CVE-2010-0423 CVE-2010-0420 CVE-2010-0277. It looks like there is a new security bug in 2.7.0 under CVE-2010-1624 check the link http://pidgin.im/news/security/?id=46 but it looks like disabling custom emoticons will fix the issue. Should we wait for 2.7.1 or release the ebuild?

Reproducible: Always
Comment 1 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2010-05-13 15:35:42 UTC 
There's also the problem that pidgin-2.7.0 doesn't compile when gstreamer isn't installed:

http://developer.pidgin.im/ticket/11850

So I'd say wait for pidgin-2.7.1
Comment 2 Olivier Crete (RETIRED) gentoo-dev 2010-05-13 16:03:52 UTC 
My solution is to force gst on everyone instead... its bumped.
Comment 3 Peter Volkov (RETIRED) gentoo-dev 2010-05-14 08:14:29 UTC 
Olivier, thanks for this bump. But I fell some work is still required here :)

ChangeLog states:

# Using the --disable-nls argument to configure now works properly. You will no longer be forced to have intltool to configure and build. 

Have you tested this? It look like it'll save intoolize/autoreconf run and thus speeds up build...

Also following:

# Minimum requirement for external libgadu is now also 1.9.0-rc2.

It's good idea to bump libgadu to 1.9.0 and test with it, while setting 1.9.0-rc2 in ebuild.

# Fix CVE-2010-1624 (custom emoticon remote crash).  

Security bug should be filled, although I'd like postpone stabilization until gstreamer will be back.

I don't have time to do this right now, so I'll reopen bug in hope someone catches this ;)
Comment 4 Milan Nikolic 2010-05-14 11:50:16 UTC 
Also, solution to force gst is not really a solution, there is a pidgin-2.7.0-fix-build-without-gst.patch at http://developer.pidgin.im/ticket/11850 .
Comment 5 Maximilian Grothusmann 2010-05-14 15:25:05 UTC 
Please note that with --disable-nls, at least the GTK+ frontend is not installed.
Comment 6 lumato 2010-05-16 00:51:01 UTC 
Pidgin compiles fine with USE=-gstreamer and pidgin-2.7.0-fix-build-without-gst.patch; no runtime issues noticed so far.  Suggest adding this patch to the tree.
Comment 7 Olivier Crete (RETIRED) gentoo-dev 2010-05-17 00:59:10 UTC 
the gtk front-end is installed, but not the desktop file. Forced nls for everyone, disabling it is just dumb.
Comment 8 William Throwe 2010-05-17 06:10:24 UTC 
FIXED?  We still don't have the gstreamer patch.
Comment 9 Dani Soufi 2010-05-17 06:11:28 UTC 
CVE-2010-1624 (custom emoticon remote crash) is fixed and I think that it could be also applied by adding a patch into the tree from this revision: http://developer.pidgin.im/viewmtn/revision/diff/884d44222e8c81ecec51c25e07d005e002a5479b/with/894460d22c434e73d60b71ec031611988e687c8b/libpurple/protocols/msn/slp.c
Comment 10 Olliver Schinagl 2010-05-17 08:51:45 UTC 
Forceing gstreamer uppon everybody isn't that nice. I run pidgin on a server via nx and am not really looking forward into having to install, maintain etc all of the gstreamer libs only for pidgin.