Debian Bug report logs - #542891
libpurple connects without encryption while "require TLS/SSL" is enabled

version graph

Package: pidgin; Maintainer for pidgin is Richard Laager <rlaager@debian.org>; Source for pidgin is src:pidgin (PTS, buildd, popcon).

Reported by: kardan <kardan@brueckenschlaeger.de>

Date: Sat, 22 Aug 2009 02:36:02 UTC

Severity: important

Tags: security

Found in versions 2.5.4-1, 2.4.3-4lenny3

Fixed in versions 2.6.1-1, pidgin/2.4.3-4lenny4

Done: Ari Pollak <ari@debian.org>

Bug is archived. No further changes may be made.

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, security@debian.org, ari@debian.org, Ari Pollak <ari@debian.org>:
Bug#542891; Package pidgin. (Sat, 22 Aug 2009 02:36:05 GMT) (full text, mbox, link).


Acknowledgement sent to kardan <kardan@brueckenschlaeger.de>:
New Bug report received and forwarded. Copy sent to security@debian.org, ari@debian.org, Ari Pollak <ari@debian.org>. (Sat, 22 Aug 2009 02:36:05 GMT) (full text, mbox, link).


Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: kardan <kardan@brueckenschlaeger.de>
To: submit@bugs.debian.org
Subject: libpurple connects without encryption while "require TLS/SSL" is enabled
Date: Sat, 22 Aug 2009 04:28:09 +0200
Package: pidgin
Version: 2.6.0
Severity: important
Tags: security etch lenny squeeze sid
X-Debbugs-CC: security@debian.org, ari@debian.org

"When connecting to a jabberd server on port 5222 with TLS/SSL required
enabled, the TLS/SSL connection fails but libpurple still connects to
the server without encryption." http://developer.pidgin.im/ticket/8131

this issue has been fixed in 2.6.1, which has been packaged for
experimental two days ago.

Solution: Please see the attached patch on the page linked above.

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.29.1-bbox (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages pidgin depends on:
ii  gconf2                       2.26.2-3    GNOME configuration database syste
ii  libatk1.0-0                  1.26.0-1    The ATK accessibility toolkit
ii  libc6                        2.9-23      GNU C Library: Shared libraries
ii  libdbus-1-3                  1.2.16-2    simple interprocess messaging syst
ii  libglib2.0-0                 2.20.1-2    The GLib library of C routines
ii  libgstreamer0.10-0           0.10.23-2   Core GStreamer libraries and eleme
ii  libgtk2.0-0                  2.16.1-2    The GTK+ graphical user interface 
ii  libgtkspell0                 2.0.13-2    a spell-checking addon for GTK's T
ii  libice6                      2:1.0.5-1   X11 Inter-Client Exchange library
ii  libpango1.0-0                1.24.0-3+b1 Layout and rendering of internatio
ii  libpurple0                   2.5.8-1+b2  multi-protocol instant messaging l
ii  libsm6                       2:1.1.0-2   X11 Session Management library
ii  libstartup-notification0     0.10-1      library for program launch feedbac
ii  libx11-6                     2:1.2.2-1   X11 client-side library
ii  libxss1                      1:1.1.3-1   X11 Screen Saver extension library
ii  perl                         5.10.0-24   Larry Wall's Practical Extraction 
ii  perl-base [perlapi-5.10.0]   5.10.0-24   minimal Perl system
ii  pidgin-data                  2.5.8-1     multi-protocol instant messaging c

Versions of packages pidgin recommends:
ii  gstreamer0.10-plugins-base    0.10.23-3  GStreamer plugins from the "base" 
ii  gstreamer0.10-plugins-good    0.10.15-2  GStreamer plugins from the "good" 

Versions of packages pidgin suggests:
ii  evolution-data-server        2.26.3-1+b1 evolution database backend server
ii  gnome-panel                  2.26.2-1    launcher and docking facility for 
ii  libsqlite3-0                 3.6.16-1    SQLite 3 shared library

-- no debconf information




Bug Marked as found in versions 2.5.4-1. Request was from Ari Pollak <ari@debian.org> to control@bugs.debian.org. (Sat, 22 Aug 2009 14:54:09 GMT) (full text, mbox, link).


Bug No longer marked as found in versions 2.6.0. Request was from Ari Pollak <ari@debian.org> to control@bugs.debian.org. (Sat, 22 Aug 2009 14:54:11 GMT) (full text, mbox, link).


Reply sent to Ari Pollak <ari@debian.org>:
You have taken responsibility. (Sat, 22 Aug 2009 15:27:07 GMT) (full text, mbox, link).


Notification sent to kardan <kardan@brueckenschlaeger.de>:
Bug acknowledged by developer. (Sat, 22 Aug 2009 15:27:07 GMT) (full text, mbox, link).


Message #14 received at 542891-done@bugs.debian.org (full text, mbox, reply):

From: Ari Pollak <ari@debian.org>
To: 542891-done@bugs.debian.org
Subject: (no subject)
Date: Sat, 22 Aug 2009 11:17:50 -0400
Version: 2.6.1-1

Fixed in latest version.




Information stored :
Bug#542891; Package pidgin. (Sat, 22 Aug 2009 16:02:55 GMT) (full text, mbox, link).


Acknowledgement sent to Ari Pollak <ari@debian.org>:
Extra info received and filed, but not forwarded. (Sat, 22 Aug 2009 16:02:55 GMT) (full text, mbox, link).


Message #19 received at 542891-quiet@bugs.debian.org (full text, mbox, reply):

From: Ari Pollak <ari@debian.org>
To: kardan <kardan@brueckenschlaeger.de>, 542891-quiet@bugs.debian.org
Subject: Re: Bug#542891: libpurple connects without encryption while "require TLS/SSL" is enabled
Date: Sat, 22 Aug 2009 12:00:03 -0400
kardan wrote:
> What do you how long 2.6.1 will need to come in lenny?

It won't. Lenny is stable, so new upstream versions will only show up in
backports if someone packages it. Have you verified that this bug
affects lenny?




Removed tag(s) squeeze, sid, etch, and lenny. Request was from Ari Pollak <ari@debian.org> to control@bugs.debian.org. (Sat, 22 Aug 2009 16:06:04 GMT) (full text, mbox, link).


Information stored :
Bug#542891; Package pidgin. (Sun, 23 Aug 2009 02:09:03 GMT) (full text, mbox, link).


Acknowledgement sent to <kardan@brueckenschlaeger.de>:
Extra info received and filed, but not forwarded. (Sun, 23 Aug 2009 02:09:03 GMT) (full text, mbox, link).


Message #26 received at 542891-quiet@bugs.debian.org (full text, mbox, reply):

From: <kardan@brueckenschlaeger.de>
To: Ari Pollak <ari@debian.org>, <542891-quiet@bugs.debian.org>
Subject: Re: Bug#542891: libpurple connects without encryption while "require TLS/SSL" is enabled
Date: Sun, 23 Aug 2009 02:06:39 +0000
found #542891 2.4.3

On Sat, 22 Aug 2009 12:00:03 -0400, Ari Pollak <ari@debian.org> wrote:
> kardan wrote:
>> What do you how long 2.6.1 will need to come in lenny?
> 
> It won't. Lenny is stable, so new upstream versions will only show up in
> backports if someone packages it. Have you verified that this bug
> affects lenny?

* source file for tag 2.4.3:
http://developer.pidgin.im/viewmtn/revision/file/ca0056ef37700d4584ae88ce481dd1fe4086e582/libpurple/protocols/jabber/auth.c
* the above patch is not included in
http://packages.debian.org/source/etch-backports/pidgin

steps to reproduce:
* accounts -> Edit -> that account -> advanced shows "Require SSL/TLS"
checked
* try to connect to a server not supporting ssl/tsl, for example
brueckenschlaeger.de port 5222
* are you connected? do you get the welcome message? so this bug is
confirmed

test:
* http://pastebin.ubuntu.com/257835
* http://pastebin.ubuntu.com/257837
* http://pastebin.ubuntu.com/257839/

jonathan@debian:~$ pidgin -v
Pidgin 2.4.3
jonathan@debian:~$ apt-cache policy
Package files:
 100 /var/lib/dpkg/status
     release a=now
  -1 http://http.us.debian.org experimental/main Packages
     release o=Debian,a=experimental,l=Debian,c=main
     origin http.us.debian.org
 500 http://http.us.debian.org lenny/main Packages
     release v=5.0.2,o=Debian,a=stable,l=Debian,c=main
     origin http.us.debian.org
 500 http://volatile.debian.org lenny/volatile/main Packages
     release o=volatile.debian.org,a=stable,l=debian-volatile,c=main
     origin volatile.debian.org
 500 http://security.debian.org lenny/updates/non-free Packages
     release v=5.0,o=Debian,a=stable,l=Debian-Security,c=non-free
     origin security.debian.org
 500 http://security.debian.org lenny/updates/main Packages
     release v=5.0,o=Debian,a=stable,l=Debian-Security,c=main
     origin security.debian.org
 500 http://ftp.us.debian.org lenny/non-free Packages
     release v=5.0.2,o=Debian,a=stable,l=Debian,c=non-free
     origin ftp.us.debian.org
 500 http://ftp.us.debian.org lenny/main Packages
     release v=5.0.2,o=Debian,a=stable,l=Debian,c=main
     origin ftp.us.debian.org
Pinned packages:
     libjs-yui -> (not found)
     webgui -> (not found)
     diatheke -> (not found)

(11:28:40) jabber: Sending: <iq type='get' id='purplec589d097'><ping
xmlns='urn:xmpp:ping'/></iq>
(11:28:40) jabber: Recv (114): <iq type='result' id='purplec589d097'
from='jmarsden@brueckenschlaeger.de/Home'><ping
xmlns='urn:xmpp:ping'/></iq>
(11:28:48) jabber: Recv (219): <message type='chat' id='purple8af7ae81'
to='jmarsden@brueckenschlaeger.de/Home'
from='kardan@brueckenschlaeger.de/Home'><active
xmlns='http://jabber.org/protocol/chatstates'/><body>ok                 
</body></message>
(11:28:48) gstreamer: Could not open audio device for playback.
(11:28:54) jabber: Sending: <message type='chat' id='purplec589d098'
to='kardan@brueckenschlaeger.de/Home'><body>OK, it seems to work now...
will paste debug log.</body><html
xmlns='http://jabber.org/protocol/xhtml-im'><body
xmlns='http://www.w3.org/1999/xhtml'>OK, it seems to work now... will paste
debug log.</body></html></message>

* conclusion: pidgin 2.4.3 in lenny is affected.
* additionally in my opinion it is not enough to schedule the fix to come
in squeeze, but to keep the bug open until 2.6.0 really arrived. please
correct me.




Bug Marked as found in versions 2.4.3-4lenny3. Request was from Ari Pollak <ari@debian.org> to control@bugs.debian.org. (Sun, 23 Aug 2009 02:45:02 GMT) (full text, mbox, link).


Information forwarded to debian-bugs-dist@lists.debian.org, Ari Pollak <ari@debian.org>:
Bug#542891; Package pidgin. (Tue, 25 Aug 2009 11:21:04 GMT) (full text, mbox, link).


Acknowledgement sent to <kardan@brueckenschlaeger.de>:
Extra info received and forwarded to list. Copy sent to Ari Pollak <ari@debian.org>. (Tue, 25 Aug 2009 11:21:04 GMT) (full text, mbox, link).


Message #33 received at 542891@bugs.debian.org (full text, mbox, reply):

From: <kardan@brueckenschlaeger.de>
To: <542891@bugs.debian.org>
Subject: Re: Bug#542891: libpurple connects without encryption while "require TLS/SSL" is enabled
Date: Tue, 25 Aug 2009 11:12:10 +0000
[Message part 1 (text/plain, inline)]
found 542891 2.5.8-1~bpo50+1
found 542891 2.5.9-1~bpo50+1
tags 542891 patch
thank you

I further tested on this issue, that is what I found out:

* All versions prior 2.6.0 show the same behaviour:
1) connecting to a server without ssl succeeds without any message about
not using ssl
2) after applying the patch below, the connections is refused (as
intended): You require encryption, but it is not available on this server.

I checked the pidgin ancestor gaim from oldstable
(gaim_2.0.0+beta5-10etch3). It behaved lik 1), what no bug there as gaim
doesn't offer the option 'require tls/ssl'.

it seems to me as the option 'require ssl' has been implemented to pidgin
without really checking it when the connecting is made.

The attached patch will fix that.
[patch (text/plain, attachment)]

Reply sent to Ari Pollak <ari@debian.org>:
You have taken responsibility. (Wed, 26 Aug 2009 20:49:35 GMT) (full text, mbox, link).


Notification sent to kardan <kardan@brueckenschlaeger.de>:
Bug acknowledged by developer. (Wed, 26 Aug 2009 20:49:36 GMT) (full text, mbox, link).


Message #38 received at 542891-close@bugs.debian.org (full text, mbox, reply):

From: Ari Pollak <ari@debian.org>
To: 542891-close@bugs.debian.org
Subject: Bug#542891: fixed in pidgin 2.4.3-4lenny4
Date: Wed, 26 Aug 2009 19:58:28 +0000
Source: pidgin
Source-Version: 2.4.3-4lenny4

We believe that the bug you reported is fixed in the latest version of
pidgin, which is due to be installed in the Debian FTP archive:

finch-dev_2.4.3-4lenny4_all.deb
  to pool/main/p/pidgin/finch-dev_2.4.3-4lenny4_all.deb
finch_2.4.3-4lenny4_amd64.deb
  to pool/main/p/pidgin/finch_2.4.3-4lenny4_amd64.deb
libpurple-bin_2.4.3-4lenny4_all.deb
  to pool/main/p/pidgin/libpurple-bin_2.4.3-4lenny4_all.deb
libpurple-dev_2.4.3-4lenny4_all.deb
  to pool/main/p/pidgin/libpurple-dev_2.4.3-4lenny4_all.deb
libpurple0_2.4.3-4lenny4_amd64.deb
  to pool/main/p/pidgin/libpurple0_2.4.3-4lenny4_amd64.deb
pidgin-data_2.4.3-4lenny4_all.deb
  to pool/main/p/pidgin/pidgin-data_2.4.3-4lenny4_all.deb
pidgin-dbg_2.4.3-4lenny4_amd64.deb
  to pool/main/p/pidgin/pidgin-dbg_2.4.3-4lenny4_amd64.deb
pidgin-dev_2.4.3-4lenny4_all.deb
  to pool/main/p/pidgin/pidgin-dev_2.4.3-4lenny4_all.deb
pidgin_2.4.3-4lenny4.diff.gz
  to pool/main/p/pidgin/pidgin_2.4.3-4lenny4.diff.gz
pidgin_2.4.3-4lenny4.dsc
  to pool/main/p/pidgin/pidgin_2.4.3-4lenny4.dsc
pidgin_2.4.3-4lenny4_amd64.deb
  to pool/main/p/pidgin/pidgin_2.4.3-4lenny4_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 542891@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ari Pollak <ari@debian.org> (supplier of updated pidgin package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Format: 1.8
Date: Tue, 25 Aug 2009 09:53:14 -0400
Source: pidgin
Binary: libpurple0 pidgin pidgin-data pidgin-dev pidgin-dbg finch finch-dev libpurple-dev libpurple-bin
Architecture: source all amd64
Version: 2.4.3-4lenny4
Distribution: stable
Urgency: medium
Maintainer: Ari Pollak <ari@debian.org>
Changed-By: Ari Pollak <ari@debian.org>
Description: 
 finch      - text-based multi-protocol instant messaging client
 finch-dev  - text-based multi-protocol instant messaging client - development
 libpurple-bin - multi-protocol instant messaging library - extra utilities
 libpurple-dev - multi-protocol instant messaging library - development files
 libpurple0 - multi-protocol instant messaging library
 pidgin     - graphical multi-protocol instant messaging client for X
 pidgin-data - multi-protocol instant messaging client - data files
 pidgin-dbg - Debugging symbols for Pidgin
 pidgin-dev - multi-protocol instant messaging client - development files
Closes: 542891
Changes: 
 pidgin (2.4.3-4lenny4) stable; urgency=medium
 .
   * debian/patches/35_xmpp-require-ssl.patch:
     - Fix XMPP not properly enforcing "Require SSL/TLS" on some older
       servers (Closes: #542891)
Checksums-Sha1: 
 4f8735e9fbf09fd9c06ac0563e5defe1566ac46c 1784 pidgin_2.4.3-4lenny4.dsc
 44e44018a3cf79c7397642016685bbae1b611d25 68510 pidgin_2.4.3-4lenny4.diff.gz
 946d35cb63013f6c5d99fffb3039e852d25a04ab 7018828 pidgin-data_2.4.3-4lenny4_all.deb
 c96b4399f641bdf737b3786deb8daad57dbebcb2 193534 pidgin-dev_2.4.3-4lenny4_all.deb
 9b5904eb98b74689e7b2f381b916850d8d09993f 159478 finch-dev_2.4.3-4lenny4_all.deb
 ff0b2cf751871c0e2459bec9a64dcf8cbc1bb69d 276960 libpurple-dev_2.4.3-4lenny4_all.deb
 f92f20effd1649449e6e7245bf65fb1c82b767e6 133630 libpurple-bin_2.4.3-4lenny4_all.deb
 693921daa0e28e78009a7d19e3587d8d0f14247b 1713270 libpurple0_2.4.3-4lenny4_amd64.deb
 08fcad859334aafdf725a0a294cb2dded907a57f 727298 pidgin_2.4.3-4lenny4_amd64.deb
 7f47d9a59b57b2a62b73241545b01fe47b2251de 5669958 pidgin-dbg_2.4.3-4lenny4_amd64.deb
 a1e880fb20d299776dd76283e0f41b0c083f633a 347810 finch_2.4.3-4lenny4_amd64.deb
Checksums-Sha256: 
 684ffa24f8fd8573bd0c50316049fa9400954841bbe64f5ace1ce299e51c262f 1784 pidgin_2.4.3-4lenny4.dsc
 c72646cc00a486fde32ddd5f57a849846e41ad978990e92dca832a1a84d90c99 68510 pidgin_2.4.3-4lenny4.diff.gz
 1e90a3b9910767dc7c2aa1cf100774368d7008da0ce9b3ce4ccf02de499a28dd 7018828 pidgin-data_2.4.3-4lenny4_all.deb
 77461eb94901d5415c07c888526d2985f137af0bf1471912f316a3daf15919af 193534 pidgin-dev_2.4.3-4lenny4_all.deb
 1d0ab71c15b1c5e0e3170140d1048e8620918d59cd86150b64ac871169272038 159478 finch-dev_2.4.3-4lenny4_all.deb
 e8ea63aa538dd62cfce526bd8ad40c2fcbfb468736034842a7c96cbba0bf1974 276960 libpurple-dev_2.4.3-4lenny4_all.deb
 0830c2027a5fae1431d40feee59c01b606831811791c05f0d63d2d3ffef4d638 133630 libpurple-bin_2.4.3-4lenny4_all.deb
 b3b567afe5f2393ee1fef71b915504b67f63c15ea56466397089e6ef85dd37f6 1713270 libpurple0_2.4.3-4lenny4_amd64.deb
 6bbe79a2561a0853e7b97c0193d2cf532ecab134e602471a50686057a7a02abe 727298 pidgin_2.4.3-4lenny4_amd64.deb
 65ab785f536188372c8754f1af0bb7bbdab898c0bba45a16d138381bcd443147 5669958 pidgin-dbg_2.4.3-4lenny4_amd64.deb
 436c2113dc41e1c05fca98ea39bd185cb8f76e453f8ad2ade3d8a06a107eba00 347810 finch_2.4.3-4lenny4_amd64.deb
Files: 
 230d72c3672df917105b62578453969e 1784 net optional pidgin_2.4.3-4lenny4.dsc
 92db457077a3d2d8898411289a6cbb25 68510 net optional pidgin_2.4.3-4lenny4.diff.gz
 0dacd6daf04c28abc2208d3c14de2df2 7018828 net optional pidgin-data_2.4.3-4lenny4_all.deb
 e57876167cff7277e57ed4052ac95e4f 193534 devel optional pidgin-dev_2.4.3-4lenny4_all.deb
 c88b8107201d3762dcf0445e12f6a361 159478 devel optional finch-dev_2.4.3-4lenny4_all.deb
 5796fe365aa7dbf09296fe75fdf92c1b 276960 libdevel optional libpurple-dev_2.4.3-4lenny4_all.deb
 5f9397e8fad57d0386c9f76b15b1ad4b 133630 net optional libpurple-bin_2.4.3-4lenny4_all.deb
 3f0c8c73a18814c2f5ee13460e78950c 1713270 net optional libpurple0_2.4.3-4lenny4_amd64.deb
 71ca7b16d6838ddb8b1b59aed8d36acd 727298 net optional pidgin_2.4.3-4lenny4_amd64.deb
 a0ecce759a056407eb86004dc8f7c52c 5669958 net extra pidgin-dbg_2.4.3-4lenny4_amd64.deb
 d5971435df138076a62561b7b299af19 347810 net optional finch_2.4.3-4lenny4_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEAREDAAYFAkqVRuoACgkQwO+u47cOQDsGGQCggJTn8k9JEwTJBolpGBVbgUg6
IT4An39VJVH00WihHbjrT8jILdaMjOMN
=gtbv
-----END PGP SIGNATURE-----





Reply sent to Ari Pollak <ari@debian.org>:
You have taken responsibility. (Fri, 04 Sep 2009 19:12:23 GMT) (full text, mbox, link).


Notification sent to kardan <kardan@brueckenschlaeger.de>:
Bug acknowledged by developer. (Fri, 04 Sep 2009 19:12:23 GMT) (full text, mbox, link).


Message #43 received at 542891-close@bugs.debian.org (full text, mbox, reply):

From: Ari Pollak <ari@debian.org>
To: 542891-close@bugs.debian.org
Subject: Bug#542891: fixed in pidgin 2.4.3-4lenny4
Date: Fri, 04 Sep 2009 18:32:41 +0000
Source: pidgin
Source-Version: 2.4.3-4lenny4

We believe that the bug you reported is fixed in the latest version of
pidgin, which is due to be installed in the Debian FTP archive:

finch-dev_2.4.3-4lenny4_all.deb
  to pool/main/p/pidgin/finch-dev_2.4.3-4lenny4_all.deb
finch_2.4.3-4lenny4_amd64.deb
  to pool/main/p/pidgin/finch_2.4.3-4lenny4_amd64.deb
libpurple-bin_2.4.3-4lenny4_all.deb
  to pool/main/p/pidgin/libpurple-bin_2.4.3-4lenny4_all.deb
libpurple-dev_2.4.3-4lenny4_all.deb
  to pool/main/p/pidgin/libpurple-dev_2.4.3-4lenny4_all.deb
libpurple0_2.4.3-4lenny4_amd64.deb
  to pool/main/p/pidgin/libpurple0_2.4.3-4lenny4_amd64.deb
pidgin-data_2.4.3-4lenny4_all.deb
  to pool/main/p/pidgin/pidgin-data_2.4.3-4lenny4_all.deb
pidgin-dbg_2.4.3-4lenny4_amd64.deb
  to pool/main/p/pidgin/pidgin-dbg_2.4.3-4lenny4_amd64.deb
pidgin-dev_2.4.3-4lenny4_all.deb
  to pool/main/p/pidgin/pidgin-dev_2.4.3-4lenny4_all.deb
pidgin_2.4.3-4lenny4.diff.gz
  to pool/main/p/pidgin/pidgin_2.4.3-4lenny4.diff.gz
pidgin_2.4.3-4lenny4.dsc
  to pool/main/p/pidgin/pidgin_2.4.3-4lenny4.dsc
pidgin_2.4.3-4lenny4_amd64.deb
  to pool/main/p/pidgin/pidgin_2.4.3-4lenny4_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 542891@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ari Pollak <ari@debian.org> (supplier of updated pidgin package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Format: 1.8
Date: Tue, 25 Aug 2009 09:53:14 -0400
Source: pidgin
Binary: libpurple0 pidgin pidgin-data pidgin-dev pidgin-dbg finch finch-dev libpurple-dev libpurple-bin
Architecture: source all amd64
Version: 2.4.3-4lenny4
Distribution: stable
Urgency: medium
Maintainer: Ari Pollak <ari@debian.org>
Changed-By: Ari Pollak <ari@debian.org>
Description: 
 finch      - text-based multi-protocol instant messaging client
 finch-dev  - text-based multi-protocol instant messaging client - development
 libpurple-bin - multi-protocol instant messaging library - extra utilities
 libpurple-dev - multi-protocol instant messaging library - development files
 libpurple0 - multi-protocol instant messaging library
 pidgin     - graphical multi-protocol instant messaging client for X
 pidgin-data - multi-protocol instant messaging client - data files
 pidgin-dbg - Debugging symbols for Pidgin
 pidgin-dev - multi-protocol instant messaging client - development files
Closes: 542891
Changes: 
 pidgin (2.4.3-4lenny4) stable; urgency=medium
 .
   * debian/patches/35_xmpp-require-ssl.patch:
     - Fix XMPP not properly enforcing "Require SSL/TLS" on some older
       servers (Closes: #542891)
Checksums-Sha1: 
 4f8735e9fbf09fd9c06ac0563e5defe1566ac46c 1784 pidgin_2.4.3-4lenny4.dsc
 44e44018a3cf79c7397642016685bbae1b611d25 68510 pidgin_2.4.3-4lenny4.diff.gz
 946d35cb63013f6c5d99fffb3039e852d25a04ab 7018828 pidgin-data_2.4.3-4lenny4_all.deb
 c96b4399f641bdf737b3786deb8daad57dbebcb2 193534 pidgin-dev_2.4.3-4lenny4_all.deb
 9b5904eb98b74689e7b2f381b916850d8d09993f 159478 finch-dev_2.4.3-4lenny4_all.deb
 ff0b2cf751871c0e2459bec9a64dcf8cbc1bb69d 276960 libpurple-dev_2.4.3-4lenny4_all.deb
 f92f20effd1649449e6e7245bf65fb1c82b767e6 133630 libpurple-bin_2.4.3-4lenny4_all.deb
 693921daa0e28e78009a7d19e3587d8d0f14247b 1713270 libpurple0_2.4.3-4lenny4_amd64.deb
 08fcad859334aafdf725a0a294cb2dded907a57f 727298 pidgin_2.4.3-4lenny4_amd64.deb
 7f47d9a59b57b2a62b73241545b01fe47b2251de 5669958 pidgin-dbg_2.4.3-4lenny4_amd64.deb
 a1e880fb20d299776dd76283e0f41b0c083f633a 347810 finch_2.4.3-4lenny4_amd64.deb
Checksums-Sha256: 
 684ffa24f8fd8573bd0c50316049fa9400954841bbe64f5ace1ce299e51c262f 1784 pidgin_2.4.3-4lenny4.dsc
 c72646cc00a486fde32ddd5f57a849846e41ad978990e92dca832a1a84d90c99 68510 pidgin_2.4.3-4lenny4.diff.gz
 1e90a3b9910767dc7c2aa1cf100774368d7008da0ce9b3ce4ccf02de499a28dd 7018828 pidgin-data_2.4.3-4lenny4_all.deb
 77461eb94901d5415c07c888526d2985f137af0bf1471912f316a3daf15919af 193534 pidgin-dev_2.4.3-4lenny4_all.deb
 1d0ab71c15b1c5e0e3170140d1048e8620918d59cd86150b64ac871169272038 159478 finch-dev_2.4.3-4lenny4_all.deb
 e8ea63aa538dd62cfce526bd8ad40c2fcbfb468736034842a7c96cbba0bf1974 276960 libpurple-dev_2.4.3-4lenny4_all.deb
 0830c2027a5fae1431d40feee59c01b606831811791c05f0d63d2d3ffef4d638 133630 libpurple-bin_2.4.3-4lenny4_all.deb
 b3b567afe5f2393ee1fef71b915504b67f63c15ea56466397089e6ef85dd37f6 1713270 libpurple0_2.4.3-4lenny4_amd64.deb
 6bbe79a2561a0853e7b97c0193d2cf532ecab134e602471a50686057a7a02abe 727298 pidgin_2.4.3-4lenny4_amd64.deb
 65ab785f536188372c8754f1af0bb7bbdab898c0bba45a16d138381bcd443147 5669958 pidgin-dbg_2.4.3-4lenny4_amd64.deb
 436c2113dc41e1c05fca98ea39bd185cb8f76e453f8ad2ade3d8a06a107eba00 347810 finch_2.4.3-4lenny4_amd64.deb
Files: 
 230d72c3672df917105b62578453969e 1784 net optional pidgin_2.4.3-4lenny4.dsc
 92db457077a3d2d8898411289a6cbb25 68510 net optional pidgin_2.4.3-4lenny4.diff.gz
 0dacd6daf04c28abc2208d3c14de2df2 7018828 net optional pidgin-data_2.4.3-4lenny4_all.deb
 e57876167cff7277e57ed4052ac95e4f 193534 devel optional pidgin-dev_2.4.3-4lenny4_all.deb
 c88b8107201d3762dcf0445e12f6a361 159478 devel optional finch-dev_2.4.3-4lenny4_all.deb
 5796fe365aa7dbf09296fe75fdf92c1b 276960 libdevel optional libpurple-dev_2.4.3-4lenny4_all.deb
 5f9397e8fad57d0386c9f76b15b1ad4b 133630 net optional libpurple-bin_2.4.3-4lenny4_all.deb
 3f0c8c73a18814c2f5ee13460e78950c 1713270 net optional libpurple0_2.4.3-4lenny4_amd64.deb
 71ca7b16d6838ddb8b1b59aed8d36acd 727298 net optional pidgin_2.4.3-4lenny4_amd64.deb
 a0ecce759a056407eb86004dc8f7c52c 5669958 net extra pidgin-dbg_2.4.3-4lenny4_amd64.deb
 d5971435df138076a62561b7b299af19 347810 net optional finch_2.4.3-4lenny4_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEAREDAAYFAkqVRuoACgkQwO+u47cOQDsGGQCggJTn8k9JEwTJBolpGBVbgUg6
IT4An39VJVH00WihHbjrT8jILdaMjOMN
=gtbv
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 04 Oct 2009 07:42:55 GMT) (full text, mbox, link).


Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 05:57:47 2025; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU General Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.