ChangeLog: Pidgin and Finch - The Pimpin' Penguin IM Clients That're Good For The Soul!

version 2.10.7 (02/13/2013)

​View all closed tickets for this release. version 2.10.7 (02/13/2013):

• Alien hatchery
  • No changes

• General
  • The configure script will now exit with status 1 when specifying invalid protocol plugins using the --with-static-prpls and --with-dynamic-prpls arguments. (Michael Fiedler) (#15316)

• libpurple
  • Fix a crash when receiving UPnP responses with abnormally long values. (CVE-2013-0274)
  • Don't link directly to libgcrypt when building with GnuTLS support. (Bartosz Brachaczek) (#15329)
  • Fix UPnP mappings on routers that return empty <URLBase/> elements in their response. (Ferdinand Stehle) (#15373)
  • Tcl plugin uses saner, race-free plugin loading.
  • Fix the Tcl signals-test plugin for savedstatus-changed. (Andrew Shadura) (#15443)

• Pidgin
  • Make Pidgin more friendly to non-X11 GTK+, such as MacPorts' +no_x11 variant.

• Gadu-Gadu
  • Fix a crash at startup with large contact list. Avatar support for buddies will be disabled until 3.0.0. (#15226, #14305)

• IRC
  • Support for SASL authentication. (Thijs Alkemade, Andy Spencer) (#13270)
  • Print topic setter information at channel join. (#13317)

• MSN
  • Fix SSL certificate issue when signing into MSN for some users.
  • Fix a crash when removing a user before its icon is loaded. (Mark Barfield) (#15217)

• MXit
  • Fix two bugs where a remote MXit user could possibly specify a local file path to be written to. (CVE-2013-0271)
  • Fix a bug where the MXit server or a man-in-the-middle could potentially send specially crafted data that could overflow a buffer and lead to a crash or remote code execution. (CVE-2013-0272)
  • Display farewell messages in a different colour to distinguish them from normal messages.
  • Add support for typing notification.
  • Add support for the Relationship Status profile attribute.
  • Remove all reference to Hidden Number.
  • Ignore new invites to join a GroupChat if you're already joined, or still have a pending invite.
  • The buddy's name was not centered vertically in the buddy-list if they did not have a status-message or mood set.
  • Fix decoding of font-size changes in the markup of received messages.
  • Increase the maximum file size that can be transferred to 1 MB.
  • When setting an avatar image, no longer downscale it to 96x96.

• Sametime
  • Fix a crash in Sametime when a malicious server sends us an abnormally long user ID. (CVE-2013-0273)

• Yahoo'''
  • Fix a double-free in profile/picture loading code. (Mihai Serban) (#15053)
  • Fix retrieving server-side buddy aliases. (Catalin Salgu) (#15381)

• Plugins
  • The Voice/Video Settings plugin supports using the sndio GStreamer backends. (Brad Smith) (#14414)
  • Fix a crash in the Contact Availability Detection plugin. (Mark) (#15327)
  • Make the Message Notification plugin more friendly to non-X11 GTK+, such as MacPorts?' +no_x11 variant.

• Windows-Specific Changes
  • Compile with secure flags (Jurre van Bergen) (#15290)
  • Installer downloads GTK+ Runtime and Debug Symbols more securely. Thanks goes to Jacob Appelbaum of the Tor Project for identifying this issue and suggesting solutions. (#15277)
  • Updates to a number of dependencies, some of which have security related fixes. Thanks again to Jacob Appelbaum and Jurre van Bergen for identifying the vulnerable libraries and to Dieter Verfaillie for helping getting the libraries updated. (#14571, #15285, #15286)
    • ATK 1.32.0-2
    • Cyrus SASL 2.1.25
    • expat 2.1.0-1
    • freetype 2.4.10-1
    • gettext 0.18.1.1-2
    • Glib 2.28.8-1
    • libpng 1.4.12-1
    • libxml2 2.9.0-1
    • NSS 3.13.6 and NSPR 4.9.2
    • Pango 1.29.4-1
    • SILC 1.1.10
    • zlib 1.2.5-2
  • Patch libmeanwhile (sametime library) to fix crash. (Jonathan Rice) (#12637)

version 2.10.6 (07/06/2012)

​View all closed tickets for this release.

• Pidgin
  • Fix a bug that requires a triple-click to open a conversation window from the buddy list. (#15199)

version 2.10.5 (07/05/2012)

​View all closed tickets for this release.

• libpurple
  • Add support for GNOME3 proxy settings. (Mihai Serban) (#15054)

• Pidgin
  • Fix a crash that may occur when trying to ignore a user who is not in the current chat room. (#15139)

• MSN
  • Fix building with MSVC on Windows (broken in 2.10.4). (Florian Quèze)

• MXit
  • Fix a buffer overflow vulnerability when parsing incoming messages containing inline images. Thanks to Ulf Härnhammar for reporting this! (CVE-2012-3374)

version 2.10.4 (05/06/2012)

​View all closed tickets for this release.

• General
  • Support building against Farstream in addition to Farsight. (Olivier Crete) (#14936)

• IRC
  • Disable periodic WHO timer. IRC channel user lists will no longer automatically display away status, but libpurple will be much kinder to the network.
  • Print unknown numerics to channel windows if we can associate them. Thanks to Marien Zwart. (#15090)

• MSN
  • Fix a possible crash when receiving messages with certain characters or character encodings. Thanks to Fabian Yamaguchi for reporting this!

• XMPP
  • Fix a possible crash when receiving a series of specially crafted file transfer requests. Thanks to José Valentín Gutiérrez for reporting this! (CVE-2012-2214)

• Windows-Specific Changes
  • Words added to spell check dictionaries are saved across restarts of Pidgin (#11886)

---

Older Changes

Changes between 2.0.0 and 2.10.3 may be found in the FullChangeLog

Changes predating 2.0.0 may be found in the ChangeLog and ChangeLog.win32 files in the source distribution.