See bug 4965 comment 11: the upgrade to Pidgin 2.10.2 introduced a regression where the status of MSN buddies is broken. Per http://developer.pidgin.im/wiki/ChangeLog: "2.10.3 fixes a problem with MSN buddies appearing online when they shouldn't." This happened to me right now where several of my contacts appeared as being still online when they were in fact offline. I had to close and reopen my MSN account to get the right status again. This is a bit annoying. Pidgin has been upgraded to 2.10.3 in Cauldron, but not in Mageia 1.
CC: (none) => luigiwalser, mageia
Assignee: bugsquad => mageia
WIP
Status: NEW => ASSIGNED
Advisory ------------ This pidgin update fixes a bug with MSN buddies appearing online when they are not. I also upgrade to 2.10.3 to allow upgrade from Mandriva 2010.2. http://developer.pidgin.im/ticket/14997 ------------- SRPM: pidgin-2.10.3-1.1.mga1.src.rpm Please test this update request.
Assignee: mageia => qa-bugsSource RPM: pidgin-2.10.2-1.1.mga1 => pidgin-2.10.3-1.1.mga1.src.rpm
Damien, Please ask the sysadmins to delete the RPM you just build and resubmit it. But first, delete the "subrel" line from the SPEC file. The RPM you just built has a newer version than the one in Cauldron because of it. The update for Mageia 1 should not have a subrel.
CC: (none) => qa-bugsAssignee: qa-bugs => mageia
Fixed in Cauldron. Please test this package. :-) FYI, I'm sysadmin too.
That wasn't the "appropriate" fix, but it will do. Assigning back to QA.
CC: qa-bugs => (none)Assignee: mageia => qa-bugs
Testing complete on i586 for the srpm pidgin-2.10.3-1.1.mga1.src.rpm Tested using pidgin and finch.
CC: (none) => davidwhodgins
Please stop testing as I'm backporting a fix for bug #2750.
Depends on: (none) => 2750
Assignee: qa-bugs => mageia
Damien: Pidgin 2.10.4 has been releaed yesterday which fixes both the problem described in bug 2750 and also fixes two security bugs, see http://pidgin.im/news/security/. You could as well package 2.10.4 directly, and skip 2.10.3.
Thanks Frédéric. Damien, please update this for Cauldron also.
Summary: Upgrade Pidgin to 2.10.3 in Mageia 1 to fix a regression introduced in 2.10.2 => Upgrade Pidgin to 2.10.4 to fix CVE-2012-2214
Funda, as you played with it, I let you deal this update request. Please, for future, tell me when working on my packages in order not to loose time on my side...
Assignee: mageia => fundawang
*** Bug 2750 has been marked as a duplicate of this bug. ***
CC: (none) => eeeemail
Packages pushed into mageia 1 core/updates_testing. Please test.
Assignee: fundawang => qa-bugs
Now there's a CVE for both security issues fixed in 2.10.4 Note to QA: this is also in updates_testing for Cauldron and needs to be tested as an update for Mageia 2 as well. Advisory: ======================== Updated pidgin packages fix security vulnerabilities: A series of specially crafted file transfer requests can cause clients to reference invalid memory. The user must have accepted one of the file transfer requests (CVE-2012-2214). Incoming messages with certain characters or character encodings can cause clients to crash (CVE-2012-2318). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2214 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2318 http://pidgin.im/news/security/?id=62 http://pidgin.im/news/security/?id=63 ======================== Updated packages in core/updates_testing: ======================== pidgin-2.10.4-1.mga1 pidgin-plugins-2.10.4-1.mga1 pidgin-perl-2.10.4-1.mga1 pidgin-tcl-2.10.4-1.mga1 pidgin-silc-2.10.4-1.mga1 libpurple-devel-2.10.4-1.mga1 libpurple0-2.10.4-1.mga1 libfinch0-2.10.4-1.mga1 finch-2.10.4-1.mga1 pidgin-bonjour-2.10.4-1.mga1 pidgin-meanwhile-2.10.4-1.mga1 pidgin-client-2.10.4-1.mga1 pidgin-i18n-2.10.4-1.mga1 pidgin-2.10.4-1.mga2 pidgin-plugins-2.10.4-1.mga2 pidgin-perl-2.10.4-1.mga2 pidgin-tcl-2.10.4-1.mga2 pidgin-silc-2.10.4-1.mga2 libpurple-devel-2.10.4-1.mga2 libpurple0-2.10.4-1.mga2 libfinch0-2.10.4-1.mga2 finch-2.10.4-1.mga2 pidgin-bonjour-2.10.4-1.mga2 pidgin-meanwhile-2.10.4-1.mga2 pidgin-client-2.10.4-1.mga2 pidgin-i18n-2.10.4-1.mga2 from SRPMS: pidgin-2.10.4-1.mga1.src.rpm pidgin-2.10.4-1.mga2.src.rpm
As discussed on IRC, QA is not responsible for testing updates in Cauldron. Until Cauldron is branched into final release, testing of updates there should be carried out in the usual manner and updates push requests posted to the dev ML as normal. Thanks.
Thanks for the clarification Claire. Funda and Damien, if either of you can test and confirm this is working in Cauldron, you can submit a freeze push request today or tomorrow.
I asked Funda as he made this. I would never have push pidgin in testing... It's non sense as we are in freeze.
But please, test it for Mageia 1. This bug is for 1, not cauldron. ;-)
Damien, we can't push an update for this in Mageia 1 if it's not in Cauldron. Also, as Manuel just pointed out to me, final Cauldron freeze for security updates (as this is) happens after tomorrow.
(In reply to comment #18) > Damien, we can't push an update for this in Mageia 1 if it's not in Cauldron. > Also, as Manuel just pointed out to me, final Cauldron freeze for security > updates (as this is) happens after tomorrow. As pidgin is not on on the dvd, I don't see a problem pushing the update for Mageia 1, as long as it gets pushed to core updates in Cauldron, as well.
Testing complete on i586 for Mageia 1, for the srpm pidgin-2.10.4-1.mga1.src.rpm Testing using yahoo, gmail, and a hotmail account.
Hardware: i586 => All
Ping? FYI, pidgin is now 2.10.4 in Cauldron.
Tested on i586 in Comment 20, so this needs testing on x86_64 and then it can be pushed.
Works for me too on i586 with Mga 1 using MSN, XMPP, AIM and IRC.
The pidgin update still needs x86-64 testing.
pidgin ok on x86_64 Suggested Advisory: ------------- Updated pidgin packages fix security vulnerabilities: A series of specially crafted file transfer requests can cause clients to reference invalid memory. The user must have accepted one of the file transfer requests (CVE-2012-2214). Incoming messages with certain characters or character encodings can cause clients to crash (CVE-2012-2318). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2214 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2318 http://pidgin.im/news/security/?id=62 http://pidgin.im/news/security/?id=63 https://bugs.mageia.org/show_bug.cgi?id=5624 ------------- SRPM: pidgin-2.10.4-1.mga1.src.rpm Could sysadmin please push from core/updates_testing to core/updates Thankyou!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Update pushed. https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0109
Status: ASSIGNED => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED