pidgin/nest

Add everything for the 2.14.9 release

23 months ago, Gary Kramlich
bddb1b032e08
Parents eb368a232072
Children 951850608cb1
Add everything for the 2.14.9 release

Testing Done:
Ran in a local hugo dev server.

Reviewed at https://reviews.imfreedom.org/r/1405/
--- a/hugo/config.toml Thu Apr 28 04:51:34 2022 -0500
+++ b/hugo/config.toml Thu Apr 28 18:08:00 2022 -0500
@@ -9,7 +9,7 @@
path = "github.com/matcornic/hugo-theme-learn"
[params]
-currentVersion = "2.14.8"
+currentVersion = "2.14.9"
# Disable arrows
disableNextPrev = true
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/about/security/advisories/cve-2022-26491.md Thu Apr 28 18:08:00 2022 -0500
@@ -0,0 +1,20 @@
+---
+title: cve-2022-26491-00
+date: 2022-04-28T10:40:22+00:00
+cveNumber: cve-2022-26491
+summary: MITM when used without DNSSEC
+discoveredBy: moparisthebest
+fixedInRelease: 2.14.9
+type: security
+layout: cve
+---
+
+### Description
+
+If not using DNSSEC it is trivial to perform a man in the middle attack a
+client via DNS spoofing. You can find more discussion in the
+[XMPP Standards Archives](https://mail.jabber.org/pipermail/standards/2022-February/038759.html).
+
+### Mitigation
+
+Removed the code that supported the `_xmppconnect` DNS TXT record.
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hugo/content/post/2.14.9-released.md Thu Apr 28 18:08:00 2022 -0500
@@ -0,0 +1,71 @@
+---
+title: "2.14.9 Released!"
+date: 2022-04-28T05:21:11-05:00
+replaces: []
+---
+
+We've released another bug fix version of Pidgin, version 2.14.9. This
+release has many random bug fixes so be sure to check out the full ChangeLog
+below.
+
+Items to note are that the dictionary downloads in the Windows installer have
+finally been fixed, as well as IRC file transfers on Windows.
+
+There is a minor security fix as well that was fixed by removing our support
+for the `_xmppconnect` DNS TXT record which has been deemed insecure for a very
+long time.
+
+You can find links to the download from our
+[Install page]({{< ref "/install" >}}).
+
+Security:
+* Remove `_xmppconnect` support. ({{% review 1357 %}}) ([CVE-2022-26491]({{< ref "/about/security/advisories/cve-2022-26491" >}}))
+ (Gary Kramlich)
+
+libpurple:
+* Fix a GLib CRITICAL message with typing time outs. ({{% review 1123 %}})
+ (Mohammed Sadiq)
+* Fix an issue where the unit tests for purple_str_to_time would fail.
+ ([GENTOO-819774](https://bugs.gentoo.org/819774)) ({{% review 1238 %}}) (Gary
+ Kramlich)
+
+Pidgin:
+* Fix a memory leak in pidgin_conversations_set_tab_colors.
+ ({{% review 1244 %}}) (ivanhoe)
+* Fixed the majority of the infinite resizing issues in the input box.
+ ({{% issue 16753 %}}, {{% issue 16999 %}}, {{% issue 17287 %}},
+ {{% issue 17413 %}}, {{% issue 17430 %}}, {{% issue 17568 %}},
+ {{% issue 17602 %}}) ({{% review 1342 %}}) (Belgin Știrbu)
+* Add transient-buddy back which is used to show some context menus and
+ other things. ({{% issue 17523 %}}) ({{% review 1381 %}}) (Belgin Știrbu)
+
+Windows:
+* Fix the download of dictionaries in the Windows installer.
+ ({{% issue 14618 %}}, {{% issue 15648 %}}, {{% issue 15540 %}},
+ {{% issue 14612 %}}, {{% issue 14893 %}}) ({{% review 1303 %}}) (Gary
+ Kramlich)
+
+Translations:
+* Fix a typo in the German translations. ({{% issue 17575 %}})
+ ({{% review 1242 %}}) (ivanhoe)
+* Synced all of the translations with Transifex.
+
+IRC:
+* Fix IRC file transfers on Windows. ({{% issue 17175 %}})
+ ({{% review 1382 %}}) (Belgin Știrbu)
+* Fix file transfers failing at 99% on IRC. ({{% issue 15893 %}})
+ ({{% review 1385 %}}) (Belgin Știrbu)
+* Default realname and ident name in IRC to the username (nickname) of the
+ account. ({{% issue 17610 %}}) ({{% review 1386 %}}) (Belgin Știrbu)
+* Add an advanced account option to IRC accounts for explicitly setting the
+ SASL login name. ({{% issue 15451 %}}) ({{% review 1388 %}}) (Belgin Știrbu)
+* Added a rate limiter that should make it impossible to excess flood.
+ ({{% review 1391 %}}) (Gary Kramlich)
+
+SIMPLE:
+* Fix an issue with the CSeq numbers in SIMPLE. ({{% issue 9675 %}})
+ ({{% review 1379 %}}) (dohmniq)
+
+XMPP:
+* Fix XMPP attention messages being sent to incorrect JIDs.
+ ({{% issue 14714 %}}) ({{% review 1387 %}}) (itsnotabigtruck, Belgin Știrbu)