pidgin/pidgin

Manual merge release-2.x.y into master.

2014-09-12, Mark Doliner
bd402b3a86f4
Parents 2fe784e7e985a8b55b63ecbb
Children 63d2b56900d6
Manual merge release-2.x.y into master.

Only conflict was po/de.po. I think we shouldn't merge translations from
one branch to the other, so I didn't update de.po in master.
2 files changed, 30 insertions(+), 1 deletions(-)
  • +5 -1
    ChangeLog
  • +25 -0
    libpurple/plugins/ssl/ssl-nss.c
    • --- a/ChangeLog Thu Sep 11 15:43:53 2014 -0700
    +++ b/ChangeLog Fri Sep 12 11:11:34 2014 -0700
    @@ -74,6 +74,10 @@
    was an offline message. (Flavius Anton) (#2497)
    version 2.10.10 (?/?/?):
    + General:
    + * Allow and prefer TLS 1.2 and 1.1 when using libnss. (Elrond and
    + Ashish Gupta) (#15909)
    +
    libpurple3 compatibility:
    * Encrypted account passwords are preserved until the new one is set.
    * Fix loading Google Talk and Facebook XMPP accounts.
    @@ -307,7 +311,7 @@
    this issue and suggesting solutions. (#15277)
    * Updates to a number of dependencies, some of which have security
    related fixes. Thanks again to Jacob Appelbaum and Jurre van Bergen
    - for identifying the vulnerable libraries and to Dieter Verfaillie
    + for identifying the vulnerable libraries and to Dieter Verfaillie
    for helping getting the libraries updated. (#14571, #15285, #15286)
    * ATK 1.32.0-2
    * Cyrus SASL 2.1.25
    --- a/libpurple/plugins/ssl/ssl-nss.c Thu Sep 11 15:43:53 2014 -0700
    +++ b/libpurple/plugins/ssl/ssl-nss.c Fri Sep 12 11:11:34 2014 -0700
    @@ -133,6 +133,8 @@
    static void
    ssl_nss_init_nss(void)
    {
    + SSLVersionRange supported, enabled;
    +
    PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
    NSS_NoDB_Init(".");
    NSS_SetDomesticPolicy();
    @@ -150,6 +152,29 @@
    SSL_CipherPrefSetDefault(SSL_DHE_RSA_WITH_DES_CBC_SHA, 1);
    SSL_CipherPrefSetDefault(SSL_DHE_DSS_WITH_DES_CBC_SHA, 1);
    + /* Get the ranges of supported and enabled SSL versions */
    + if ((SSL_VersionRangeGetSupported(ssl_variant_stream, &supported) == SECSuccess) &&
    + (SSL_VersionRangeGetDefault(ssl_variant_stream, &enabled) == SECSuccess)) {
    + purple_debug_info("nss", "TLS supported versions: "
    + "0x%04hx through 0x%04hx\n", supported.min, supported.max);
    + purple_debug_info("nss", "TLS versions allowed by default: "
    + "0x%04hx through 0x%04hx\n", enabled.min, enabled.max);
    +
    + /* Make sure all versions of TLS supported by the local library are
    + enabled. (For some reason NSS doesn't enable newer versions of TLS
    + by default -- more context in ticket #15909.) */
    + if (supported.max > enabled.max) {
    + enabled.max = supported.max;
    + if (SSL_VersionRangeSetDefault(ssl_variant_stream, &enabled) == SECSuccess) {
    + purple_debug_info("nss", "Changed allowed TLS versions to "
    + "0x%04hx through 0x%04hx\n", enabled.min, enabled.max);
    + } else {
    + purple_debug_error("nss", "Error setting allowed TLS versions to "
    + "0x%04hx through 0x%04hx\n", enabled.min, enabled.max);
    + }
    + }
    + }
    +
    _identity = PR_GetUniqueIdentity("Purple");
    _nss_methods = PR_GetDefaultIOMethods();
    }