Merge branch 'telepathy-gabble-0.16'

Conflicts: NEWS configure.ac lib/ext/wocky
author: Simon McVittie <simon.mcvittie@collabora.co.uk> 2013-05-30 12:55:31 +0100
committer: Simon McVittie <simon.mcvittie@collabora.co.uk> 2013-05-30 12:55:31 +0100
commit: 880a75bbf354d48a706c56afafd381040a1d9de8 (patch)
tree: d19d27821d7f70646ceeb722cd336f463459d6bc /NEWS
parent: 3157284e58195cab12a404752f7d96e3c4ea650b (diff)
parent: 84a20687c54c84aa61c9f3a606c8eb3bd14a8544 (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index c998f3200..671774356 100644
--- a/NEWS
+++ b/NEWS
@@ -1,11 +1,26 @@
 telepathy-gabble 0.17.4 (UNRELEASED)
 ====================================
 
+This release fixes the same man-in-the-middle attack as 0.16.6.
+
+If you use an unencrypted connection to a "legacy Jabber" (pre-XMPP)
+server, this version of Gabble will not connect until you make
+one of these configuration changes:
+
+• upgrade the server software to something that supports XMPP 1.0; or
+• use an encrypted "old SSL" connection, typically on port 5223 (old-ssl); or
+• turn off "Encryption required (TLS/SSL)" (require-encryption)
+
 Fixes:
 
 • update Wocky:
   · fd.o #61792: fix linking an example program with ld versions that
     default to --no-copy-dt-needed-entries
+  · fd.o #65036 (CVE-2013-1431): update Wocky to respect the tls-required
+    flag on legacy Jabber servers
+
+• fd.o #63119: improve regression tests' isolation from the session bus
+  (Simon)
 
 telepathy-gabble 0.17.3 (2013-03-01)
 ====================================
author	Simon McVittie <simon.mcvittie@collabora.co.uk>	2013-05-30 12:55:31 +0100
committer	Simon McVittie <simon.mcvittie@collabora.co.uk>	2013-05-30 12:55:31 +0100
commit	880a75bbf354d48a706c56afafd381040a1d9de8 (patch)
tree	d19d27821d7f70646ceeb722cd336f463459d6bc /NEWS
parent	3157284e58195cab12a404752f7d96e3c4ea650b (diff)
parent	84a20687c54c84aa61c9f3a606c8eb3bd14a8544 (diff)