Version 88 (modified by MarkDoliner, 6 years ago) (diff)

Add entries for 2.10.7

ChangeLog: Pidgin and Finch - The Pimpin' Penguin IM Clients That're Good For The Soul!

version 2.10.7 (02/13/2012)

View all closed tickets for this release. version 2.10.7 (02/13/2013):

  • Alien hatchery:
    • No changes
  • General:
    • The configure script will now exit with status 1 when specifying invalid protocol plugins using the --with-static-prpls and --with-dynamic-prpls arguments. (Michael Fiedler) (#15316)
  • libpurple:
    • Fix a crash when receiving UPnP responses with abnormally long values. (CVE-2013-0274)
    • Don't link directly to libgcrypt when building with GnuTLS support. (Bartosz Brachaczek) (#15329)
    • Fix UPnP mappings on routers that return empty <URLBase/> elements in their response. (Ferdinand Stehle) (#15373)
    • Tcl plugin uses saner, race-free plugin loading.
    • Fix the Tcl signals-test plugin for savedstatus-changed. (Andrew Shadura) (#15443)
  • Pidgin:
    • Make Pidgin more friendly to non-X11 GTK+, such as MacPorts?' +no_x11 variant.
  • Gadu-Gadu:
    • Fix a crash at startup with large contact list. Avatar support for buddies will be disabled until 3.0.0. (#15226, #14305)
  • IRC:
    • Support for SASL authentication. (Thijs Alkemade, Andy Spencer) (#13270)
    • Print topic setter information at channel join. (#13317)
  • MSN:
    • Fix SSL certificate issue when signing into MSN for some users.
    • Fix a crash when removing a user before its icon is loaded. (Mark Barfield) (#15217)
  • MXit:
    • Fix two bugs where a remote MXit user could possibly specify a local file path to be written to. (CVE-2013-0271)
    • Fix a bug where the MXit server or a man-in-the-middle could potentially send specially crafted data that could overflow a buffer and lead to a crash or remote code execution. (CVE-2013-0272)
    • Display farewell messages in a different colour to distinguish them from normal messages.
    • Add support for typing notification.
    • Add support for the Relationship Status profile attribute.
    • Remove all reference to Hidden Number.
    • Ignore new invites to join a GroupChat? if you're already joined, or still have a pending invite.
    • The buddy's name was not centered vertically in the buddy-list if they did not have a status-message or mood set.
    • Fix decoding of font-size changes in the markup of received messages.
    • Increase the maximum file size that can be transferred to 1 MB.
    • When setting an avatar image, no longer downscale it to 96x96.
  • Sametime:
    • Fix a crash in Sametime when a malicious server sends us an abnormally long user ID. (CVE-2013-0273)
  • Yahoo!:
    • Fix a double-free in profile/picture loading code. (Mihai Serban) (#15053)
    • Fix retrieving server-side buddy aliases. (Catalin Salgu) (#15381)
  • Plugins:
    • The Voice/Video? Settings plugin supports using the sndio GStreamer backends. (Brad Smith) (#14414)
    • Fix a crash in the Contact Availability Detection plugin. (Mark) (#15327)
    • Make the Message Notification plugin more friendly to non-X11 GTK+, such as MacPorts?' +no_x11 variant.
  • Windows-Specific Changes:
    • Compile with secure flags (Jurre van Bergen) (#15290)
    • Installer downloads GTK+ Runtime and Debug Symbols more securely. Thanks goes to Jacob Appelbaum of the Tor Project for identifying this issue and suggesting solutions. (#15277)
    • Updates to a number of dependencies, some of which have security related fixes. Thanks again to Jacob Appelbaum and Jurre van Bergen for identifying the vulnerable libraries and to Dieter Verfaillie for helping getting the libraries updated. (#14571, #15285, #15286)
      • ATK 1.32.0-2
      • Cyrus SASL 2.1.25
      • expat 2.1.0-1
      • freetype 2.4.10-1
      • gettext
      • Glib 2.28.8-1
      • libpng 1.4.12-1
      • libxml2 2.9.0-1
      • NSS 3.13.6 and NSPR 4.9.2
      • Pango 1.29.4-1
      • SILC 1.1.10
      • zlib 1.2.5-2
    • Patch libmeanwhile (sametime library) to fix crash. (Jonathan Rice) (#12637)

version 2.10.6 (07/06/2012)

View all closed tickets for this release.

  • Pidgin:
    • Fix a bug that requires a triple-click to open a conversation window from the buddy list. (#15199)

version 2.10.5 (07/05/2012)

View all closed tickets for this release.

  • libpurple:
    • Add support for GNOME3 proxy settings. (Mihai Serban) (#15054)
  • Pidgin:
    • Fix a crash that may occur when trying to ignore a user who is not in the current chat room. (#15139)
  • MSN:
    • Fix building with MSVC on Windows (broken in 2.10.4). (Florian Quèze)
  • MXit:
    • Fix a buffer overflow vulnerability when parsing incoming messages containing inline images. Thanks to Ulf Härnhammar for reporting this! (CVE-2012-3374)

version 2.10.4 (05/06/2012)

View all closed tickets for this release.

  • General:
    • Support building against Farstream in addition to Farsight. (Olivier Crete) (#14936)
  • IRC:
    • Disable periodic WHO timer. IRC channel user lists will no longer automatically display away status, but libpurple will be much kinder to the network.
    • Print unknown numerics to channel windows if we can associate them. Thanks to Marien Zwart. (#15090)
  • MSN:
    • Fix a possible crash when receiving messages with certain characters or character encodings. Thanks to Fabian Yamaguchi for reporting this!
  • XMPP:
    • Fix a possible crash when receiving a series of specially crafted file transfer requests. Thanks to José Valentín Gutiérrez for reporting this! (CVE-2012-2214)
  • Windows-Specific Changes:
    • Words added to spell check dictionaries are saved across restarts of Pidgin (#11886)

version 2.10.3 (03/26/2012)

View all closed tickets for this release.

  • MSN:
    • Fix buddies not going offline. (#14997)

version 2.10.2 (03/14/2012)

View all closed tickets for this release.

  • General:
    • Fix compilation when using binutils 2.22 and new GDK pixbuf. (#14799)
    • Fix compilation of the MXit protocol plugin with GLib 2.31. (#14773)
  • Pidgin:
    • Add support for the GNOME3 Network dialog. (#13882)
    • Fix rare crash. (#14392)
    • Add support for the GNOME3 Default Application dialog for configuring the Browser.
  • libpurple:
  • AIM and ICQ:
    • Fix a possible crash when receiving an unexpected message from the server. (Thijs Alkemade) (#14983)
    • Allow signing on with usernames containing periods and underscores. (#13500)
    • Allow adding buddies containing periods and underscores. (#13500)
    • Don't try to format ICQ usernames entered as email addresses. Gets rid of an "Unable to format username" error at login. (#13883)
  • MSN:
    • Fix possible crashes caused by not validating incoming messages as UTF-8. (Thijs Alkemade) (#14884)
    • Support new protocol version MSNP18. (#14753)
    • Fix messages to offline contacts. (#14302)
  • Windows-Specific Changes:
    • Fix the installer downloading of spell-checking dictionaries (#14612)
    • Fix compilation of the Bonjour protocol plugin. (#14802)
  • Plugins:
    • The autoaccept plugin will no longer reset the preference for unknown buddies to "Auto Reject" in certain cases. (#14964)

version 2.10.1 (12/06/2011)

View all closed tickets for this release.

  • Finch:
    • Fix compilation on OpenBSD.
  • AIM and ICQ:
    • Fix remotely-triggerable crashes by validating strings in a few messages related to buddy list management. Thanks to Evgeny Boger for reporting this! (#14682)
  • Bonjour:
    • IPv6 fixes (Linus Lüssing)
  • Gadu-Gadu:
    • Fix problems linking against GnuTLS. (#14544)
  • IRC:
    • Fix a memory leak when admitting UTF-8 text with a non-UTF-8 primary encoding. (#14700)
  • XMPP:
    • Fix crashes and memory leaks when receiving malformed voice and video requests. Thanks to Thijs Alkemade for reporting this!
  • Sametime:
    • Separate "username" and "server" when adding new Sametime accounts. (#14608)
    • Fix compilation in Visual C++. (#14608)
  • SILC:
    • Fix CVE-2011-3594, by UTF-8 validating incoming messages before passing them to glib or libpurple. Identified by Diego Bauche Madero from IOActive. (#14636)
  • Yahoo!:
    • Fetch buddy icons in some cases where we previously weren't. (#13050)
  • Windows-Specific Changes:
    • Fix compilation

version 2.10.0 (08/20/2011)

View all closed tickets for this release.

  • Pidgin:
    • Make the max size of incoming smileys a pref instead of hardcoding it. (Quentin Brandon) (#5231)
    • Added a plugin information dialog to show information for plugins that aren't otherwise visible in the plugins dialog.
    • Fix building with GTK+ earlier than 2.14.0 (GTK+ 2.10 is still the minimum supported) (#14261)
  • libpurple:
    • Fix a potential crash in the Log Reader plugin when reading QIP logs.
    • Fix a large number of strcpy() and strcat() invocations to use strlcpy() and strlcat(), etc., forestalling an entire class of string buffer overrun bugs. (The Electronic Frontier Foundation, Dan Auerbach, Chris Palmer, Jacob Appelbaum)
    • Change some filename manipulations in filectl.c to use MAXPATHLEN instead of arbitrary length constants. (The Electronic Frontier Foundation, Dan Auerbach, Chris Palmer, Jacob Appelbaum)
    • Fix endianness-related crash in NTLM authentication (Jon Goldberg) (#14163)
  • Gadu-Gadu:
    • Fixed searching for buddies in public directory. (Tomasz Wasilczyk) (#5242)
    • Better status message handling. (Tomasz Wasilczyk) (#14314)
    • Merged two buddy blocking methods. (Tomasz Wasilczyk) (#5303)
    • Fix building of the bundled libgadu library with older versions of GnuTLS. (patch plucked from upstream) (#14365)
  • ICQ:
    • Fix crash selecting Tools->Set Mood when you're online with an ICQ account that is configured as an AIM account. (#14437)
  • IRC:
    • Fix a crash when remote users have certain characters in their nicknames. (Discovered by Djego Ibanez) (#14341)
    • Fix the handling of formatting following mIRC O (#14436)
    • Fix crash when NAMES is empty. (James McLaughlin?) (#14518)
  • MSN:
    • Fix incorrect handling of HTTP 100 responses when using the HTTP connection method. This can lead to a crash. (Discovered by Marius Wachtler)
    • Fix seemingly random crashing. (#14307)
    • Fix a crash when the account is disconnected at the time we are doing a SB request. (Hanzz, ported by shlomif) (#12431)
  • XMPP:
    • Do not generate malformed XML ("</>") when setting an empty mood. (#14342)
    • Fix the /join <room> behavior. (Broken when adding support for <room>@<server>) (#14205)
  • Yahoo!/Yahoo! JAPAN:
    • Fix coming out of idle while in an unavailable state
    • Fix logging into Yahoo! JAPAN. (#14259)
  • Windows-Specific Changes:
    • Open an explorer.exe window at the location of the file when clicking on a file link instead of executing the file, because executing a file can be potentially dangerous. (Discovered by James Burton of Insomnia Security) (Fixed by Eion Robb)

version 2.9.0 (06/23/2011)

View all closed tickets for this release.

  • Pidgin
    • Fix a potential remote denial-of-service bug related to displaying buddy icons.
    • Significantly improved performance of larger IRC channels (regression introduced in 2.8.0).
    • Fix Conversation->Add on AIM and MSN.
    • Entries in the chat user list are sorted properly again. This was inadvertenly broken in 2.8.0.
  • Finch
    • Fix logging in to ICQ.
  • libpurple
    • media: Actually use the specified TCP port from the TURN configuration to create a TCP relay candidate.
  • AIM and ICQ
    • Fix crashes on some non-mainstream OSes when attempting to printf("%s", NULL). (Clemens Huebner) (#14297)
  • Plugins
    • The Evolution Integration plugin compiles again.

version 2.8.0 (06/07/2011)

View all closed tickets for this release.

  • General:
    • Implement simple silence suppression for voice calls, preventing wasted bandwidth for silent periods during a call. (Jakub Adam) (half of #13180)
    • Added the DigiCert? High Assurance CA-3 intermediate CA, needed for validation of the Facebook XMPP interface's certificate.
    • Removed the QQ protocol plugin. It hasn't worked in a long time and isn't being maintained, therefore we no longer want it.
  • Pidgin:
    • Duplicate code cleanup. (Gabriel Schulhof) (#10599)
    • Voice/Video? call window adapts correctly to adding or removing streams on the fly. (Jakub Adam) (half of #13535)
    • Don't cancel an ongoing call when rejecting the addition of a stream to the existing call. (Jakub Adam) (#13537)
    • Pidgin plugins can now override tab completion and detect clicks on usernames in the chat userlist. (kawaii.neko) (#12599)
    • Fix the tooltip being destroyed when it is full of information and cover the mouse (dliang) (#10510)
  • libpurple:
    • media: Allow obtaining active local and remote candidates. (Jakub Adam) (#11830)
    • media: Allow getting/setting video capabilities. (Jakub Adam) (half of #13095)
    • Simple Silence Suppression is optional per-account. (Jakub Adam) (half of #13180)
    • Fix purple-url-handler being unable to find an account.
    • media: Allow adding/removing streams on the fly. (Jakub Adam) (half of #13535)
    • Support new connection states in NetworkManager 0.9. (Dan Williams) (#13505)
    • When removing a buddy, delete the pounces associated with it. (Kartik Mohta) (#1131)
    • media: Allow libpurple and plugins to set SDES properties for RTP conferences. (Jakub Adam) (#12981)
    • proxy: Add new "Tor/Privacy?" proxy type that can be used to restrict operations that could leak potentially sensitive data (e.g. DNS queries). (#11110, #13928)
    • media: Add support for using TCP relaying with TURN (will only work with libnice 0.1.0 and later).
  • AIM:
    • Fix setting icons with dimensions greater than 64x64 pixels by scaling them down to at most 64x64. (#12874, #13165)
  • Gadu-Gadu:
    • Allow showing your status only to buddies. (Mateusz Piękos) (#13358)
    • Updated internal libgadu to version 1.10.1. (Robert Matusewicz, Krzysztof Klinikowski) (#13525)
    • Updated internal libgadu to version 1.11.0. (Tomasz Wasilczyk) (#14248)
    • Suppress blank messages that happen when receiving inline images. (Tomasz Wasilczyk) (#13554)
    • Fix sending inline images to remote users, don't crash when trying to send large (> 256kB) images. (Tomasz Wasilczyk) (#13580)
    • Support typing notifications. (Jan Zachorowski, Tomasz Wasilczyk, Krzysztof Klinikowski) (#13362, #13590)
    • Require libgadu 1.11.0 to avoid using internal libgadu.
    • Optional SSL connection support for GNUTLS users (not on Windows yet!). (Tomasz Wasilczyk) (#13613, #13894)
    • Don't count received messages or statuses when determining whether to send a keepalive packet. (Jan Zachorowski) (#13699)
    • Fix a crash when receiving images on Windows or an incorrect timestamp in the log when receiving images on Linux. (Tomasz Wasilczyk) (#10268)
    • Support XML events, resulting in immediate update of other users' buddy icons. (Tomasz Wasilczyk) (#13739)
    • Accept poorly formatted URLs from other third-party clients in the same manner as the official client. (Tomasz Wasilczyk) (#13886)
  • ICQ:
    • Fix setting icons with dimensions greater than 64x64 pixels by scaling them down to at most 64x64. (#12874, #13165)
    • Fix unsetting your mood when "None" is selected. (Dustin Gathmann) (#11895)
    • Ignore Daylight Saving Time when performing calculations related to birthdays. (Dustin Gathmann) (#13533)
    • It is now possible to specify multiple encodings on the Advanced tab of an ICQ account's settings by using a comma-delimited list. (Dmitry Utkin (#13496))
  • IRC:
    • Add "authserv" service command. (tomos) (#13337)
  • MSN:
    • Fix a hard-to-exploit crash in the MSN protocol when using the HTTP connection method (Reported by Marius Wachtler).
  • MXit:
    • Support for an Invite Message when adding a buddy.
    • Fixed bug in splitting-up of messages that contain a lot of links.
    • Fixed crash caused by timer not being disabled on disconnect. (introduced in 2.7.11)
    • Clearing of the conversation window now works.
    • When receiving an invite you can display the sender's profile information, avatar image, invite message.
    • The Change PIN option was moved into separate action.
    • New profile attributes added and shown.
    • Update to protocol v6.3.
    • Added the ability to view and invite your Suggested Friends, and to search for contacts.
    • Also display the Status Message of offline contacts in their profile information.
  • XMPP:
    • Remember the previously entered user directory when searching. (Keith Moyer) (#12451)
    • Correctly handle a buddy's unsetting his/her vCard-based avatar. (Matthew W.S. Bell) (#13370)
    • Squash one more situation that resulted in duplicate entries in the roster (this one where the server reports the buddy as being in the same (empty) group. (Reported by Danny Mayer)
  • Plugins:
    • The Voice/Video? Settings plugin now includes the ability to test microphone settings. (Jakub Adam) (#13182)
    • Fix a crash when handling some saved settings in the Voice/Video? Settings plugin. (Pat Erley) (13290, #13774)
  • Windows-Specific Changes:
    • Fix building libpurple with Visual C++ .NET 2005. This was accidentally broken in 2.7.11. (Florian Quèze)
    • Build internal libgadu using packed structs, fixing several long-standing Gadu-Gadu issues. (#11958, #6297)

Older Changes

Changes between 2.0.0 and 2.8.0 may be found in the FullChangeLog

Changes predating 2.0.0 may be found in the ChangeLog and ChangeLog.win32 files in the source distribution.

All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!