version 2.14.1 (11/06/2020):
* Fixed issues with Windows installer that always thought Pidgin was
running. (Eion Robb)
* Fixed an issue where the Windows installer was not using Unicode while
doing checksums which made it fail. (Eion Robb)
* Fixed an issue in the released source code that caused the Mercurial
revision in the About box to be "unknown". (Gary Kramlich)
version 2.14.0 (10/06/2020):
General:
* Fixed a memory leak in search results. (#17292 PR #320 David Woodhouse)
* Support SNI with GNUTLS. (#17300 tiagosalem) (PR #659 Mihai Moldovan)
* Add additional error handling to NSS and GNUTLS. (PR #679 Samuel Thibault)
libpurple:
* Add invisible buddy support to support presence/name/photos for non
buddies. (#17295 PR 321 David Woodhouse)
* Make purple-remote compatible with both Python 2 and Python 3. (Jan
Synacek of RedHat)
* Fixed some leaky deprecation warnings. (PR #586 Gary Kramlich)
* Fixed HTML logs which were writing invalid HTML. (#17280 stars PR #312
Daniel Kamil Kozar)
* Fixed a use after free in purple_smiley_set_data_impl. (PR #694 Gary
Kramlich)
* Added the chat_send_file ability to protocol plugins. (PR #701 David
Woodhouse)
Pidgin:
* Treat <p> tags as line breaks when pasting. (PR #678 Colin Xu)
* Reverted Ticket #17232/PR #695. It caused more harm than good and a new
solution needs to be found. (PR #695 Gary Kramlich)
Bonjour:
* Always use port fallback for IPv4 addresses. (PR #382 Michael Osborne)
XMPP:
* Support for XEP-0198 Stream Management (PR #309 defanor)
* Decrease delay for file transfer using streamhosts (PR #464#627 Evert
Mouw)
Voice & Video:
* Improve webcam failure handling. (PR #322 David Woodhouse)
* Show error when creating media pipeline fails. (#17290 PR 322 David
Woodhouse)
* Clip audio level reporting. (#14426 PR #322 David Woodhouse)
* Keep track of devices managed by GstDeviceMonitor. (PR #322 David
Woodhouse)
* Ignore PulseAudio monitors. (PR #322 David Woodhouse)
* Backport native Voice & Video prefs from 3.0. (PR #322 David Woodhouse)
* Fixed building against GStreamer 0.10 (PR #325 David Woodhouse)
* Fixed initial delay on incoming audio (PR #379 David Woodhouse)
* Properly cleanup timeouts. (PR #383 Jakub Adam)
* Added an audio mixer so mixed sources don't cause a pipe failure. (PR #522
Fabrice Bellet)
* Added screen share support for Wayland via XDP Portal. (PR #337 David
Woodhouse)
* Handle unplug and replug events of selected media device. (PR #699 David
Woodhouse)
pkglint -r --network --only "migrate"
As a side-effect of migrating the homepages, pkglint also fixed a few
indentations in unrelated lines. These and the new homepages have been
checked manually.
version 2.13.0 (03/08/2018):
libpurple:
* Unified string comparison. (PR #186) (Arkadiy Illarionov)
* Properlly shell escape URI's when opening them. (PR #271 Daniel Kamil Kozar)
* Fix a one byte buffer overread in function purple_markup_linkify
* Fix an issue were utf8 was incorrectly truncated which could lead to
crashes as we were potentially feeding garbage into glib/gtk.
libgnt:
* Fixed build against curses 6.0 with opaque structs set. (#16764 dimstar)
(PR #268 Daniel Kamil Kozar)
* Fixed a crash when resizing the window. (#16680 marcus) (PR #269 Daniel Kamil Kozar)
General:
* Fixed bashism in autotools. (#16836 lameventanas) (PR #267 Daniel Kamil Kozar)
XMPP:
* Show XEP-0066 OOB URLs in any message, not just headlines
* Fix a user after free (#17200 debarshiray) (PR #266 Ethan Blanton)
* Removed pipelining from BOSH connections (#17025 PR #295 Tom Li)
* Don't try to TLS already secured BOSH connections (#17270 PR #293 Tom Li)
IRC:
* Fix "Registration timeout" on SASL auth with InspIRCd servers
(and possibly others not based on charybdis/ratbox/ircd-seven)
* Fix issues with plugins that modify outgoing messages
(such as the custom PART/QUIT feature of the IRC More plugin)
* Fix IRC buffer handling. (#12562 PR #272 Shivaram Lingamneni)
* Properly handle AUTHENTICATE as a normal command with server prefix.
(PR #316 dx)
* Fix a crash caused by a use after free of the MOTD.
* Fix an out of bounds read in irc_nick_skip_mode.
* Fix a write of a single byte before the start of a buffer in
irc_parse_ctcp.
Pidgin:
* Better support for dark themes. (#12572 Alyssa Rosenzweig and Gary Kramlich)
* Fixed IPv6 links by not escaping []'s. (#16391 cyisfor) (PR #270 Daniel Kamil Kozar)
* Only write buddy icons to the cache if they're not already cached. (PR #276 David Woodhouse)
* Rejoin persistent chats after reconnect. (#15687 PR #285 Christof Meerwald)
* Made the WIN32 Transparency plugin work on all platforms. (#3124 PR #287 Daniel Kamil Kozar)
* Ensure search results buttons are labeled (Backport from de2d88e575ee)
* Fix matching unicode smilies. (#17232 gnubfx PR #262 Daniel Kamil Kozar)
* Correctly update mute/unmute status when the remote side mutes/unmutes us. (#17273 PR #302 David Woodhouse)
* Rework the status icon blinking to not used deprecated API. (#17174 zelch PR #264 Daniel Kamil Kozar)
* Don't allow adding a buddy to protocols that don't have an add_buddy callback. (#4061 Paradox)
Finch:
* Fix handling of search results (#17238 David Woodhouse)
Voice & Video:
* Port backend-fs to newer api for farstream relay-info property (#17274 bellet)
The actual fix as been done by "pkglint -F */*/buildlink3.mk", and was
reviewed manually.
There are some .include lines that still are indented with zero spaces
although the surrounding .if is indented. This is existing practice.
Unsorted entries in PLIST files have generated a pkglint warning for at
least 12 years. Somewhat more recently, pkglint has learned to sort
PLIST files automatically. Since pkglint 5.4.23, the sorting is only
done in obvious, simple cases. These have been applied by running:
pkglint -Cnone,PLIST -Wnone,plist-sort -r -F
version 2.12.0 (03/09/2017):
libpurple:
* Fix an out of bounds memory read in purple_markup_unescape_entity.
CVE-2017-2640
* Fix use of uninitialised memory if running non-debug-enabled versions of glib
* Updated AIM dev and dist ID's to new ones that were assigned by AOL.
* TLS certificate verification now uses SHA-256 checksums.
* Fixed SASL external auth for Freenode.
* Removed the MSN protocol plugin. It has been unusable and dormant for some
time. MSNP18 has been discontinued and the protocol plugin would require a
large update to start working again. See: http://ismsndeadyet.com/ The
third-party Pidgin SkypeWeb plugin, however, should provide enough
functionality as a replacement if people still want to use MSN:
https://github.com/EionRobb/skype4pidgin/tree/master/skypeweb
* Removed Mxit protocol plugin. The service was closed at the end of
September 2016. See
https://pidgin.im/pipermail/devel/2016-September/024078.htm
* Removed the MySpaceIM protocol plugin. The service has been defunct for a
long time. (#15356)
* Remove the Yahoo! protocol plugin. Yahoo has completely
reimplemented their protocol, so this version is no longer operable as
of August 5th, 2016:
https://yahoo.tumblr.com/post/145715934739/q2-2016-progress-report-on-our-product
A new protocol plugin has been written to support the new protocol.
It can be found here: https://github.com/EionRobb/funyahoo-plusplus
This also removes support for Yahoo! Japan. According to
http://messenger.yahoo.co.jp/ the service ended March 26th, 2014.
* Remove the Facebook (XMPP) account option. According to
https://developers.facebook.com/docs/chat the XMPP Chat API service
ended April 30th, 2015. A new protocol plugin has been written,
using a different method, to support Facebook. It can be found at
https://github.com/dequis/purple-facebook/wiki
* Fixed gnutls certificate validation errors that mainly affected google (Dequis)
General
* Replaced instances of d.pidgin.im with developer.pidgin.im and updated the
urls to use https. (#17036)
IRC
* Fixed issue of messages being silently cut off at 500 characters. Large
messages are now split into parts and sent one by one. (#4753)
version 2.11.0 (06/21/2016):
General:
* 2.10.12 was accidentally released with new additions to the API and
should have been released as 2.11.0. Unfortunately, we did not catch
the mistake until after 2.10.12 was released, but we're fixing it now.
See ChangeLog.API for more information.
* Include the Mozilla certificate bundle. This fixes connecting to servers
with certificates from Let's Encrypt.
* Remove all 1024-bit CAs
libpurple:
* media: fix an issue with ximagesink displaying only a corner cut-out of
a larger webcam video (Jakub Adam)
* mediamanager: update output window destruction so that it reflects recent
changes in the media pipeline structure (Jakub Adam)
* Ported Instantbird's CommandUiOps to libpurple (Dequis)
Pidgin:
* Fixed#14962
* Fixed alignment of incoming right-to-left messages in protocols that
don't support rich text
* Fix a potential crash while exiting pidgin
Windows-Specific Changes:
* Use getaddrinfo for DNS to enable IPv6 (#1075)
* Updates to dependencies:
* NSS 3.24 and NSPR 4.12.
AIM:
* Add support for the newer kerberos-based authentication of AIM 8.x
Bonjour
* Fixed building on Mac OSX (Patrick Cloke) (#16883)
ICQ:
* Stop truncating passwords to 8 characters like old ICQ clients did.
(#16692). If you actually needed this, truncate your password
manually by pressing backspace a few times.
IRC:
* Base64-decode SASL messages before passing to libsasl (#16268)
MXit
* Fixed a buffer overflow. Discovered by Yves Younan of Cisco Talos.
(TALOS-CAN-0120)
* Fixed a remote out-of-bounds read. Discovered by Yves Younan of Cisco
Talos. (TALOS-CAN-0140)
* Fixed a remote out-of-band read. Discovered by Yves Younan of Cisco
Talos. (TALOS-CAN-0138, TALOS-CAN-0135)
* Fixed an invalid read. Discovered by Yves Younan of Cisco Talos
(TALOS-CAN-0118)
* Fixed a remote buffer overflow vulnerability. Discovered by Yves
Younan of Cisco Talos. (TALOS-CAN-0119)
* Fixed an out-of-bounds read discovered by Yves Younan of Cisco Talos.
(TALOS-CAN-0123)
* Fixed a directory traversal issue. Discovered by Yves Younan of Cisco
Talos (TALOS-CAN-0128)
* Fixed a remote denial of service vulnerability that could result in
a null pointer dereference. Discovered by Yves Younan of Cisco Talos.
(TALOS-CAN-0133)
* Fixed a remote denial of service that could result in an out-of-bounds
read. Discovered by Yves Younan of Cisco Talos (TALOS-CAN-0134)
* Fixed multiple remote buffer overflows. Discovered by Yves Younan of
Cisco Talos. (TALOS-CAN-0136)
* Fixed a remote NULL pointer dereference. Discovered by Yves Younan of
Cisco Talos (TALOS-CAN-0137)
* Fixed a remote code execution issue discovered by Yves Younan of Cisco
Talos. (TALOS-CAN-0142)
* Fixed a remote denial of service vulnerability in contact mood
handling. Discovered by Yves Younan of Cisco Talos (TALOS-CAN-0141)
* Fixed a remote out-of-bounds write vulnerability. Discovered by Yves
Younan of Cisco Talos. (TALOS-CAN-0139)
* Fix a remote out-of-bounds read. Discovered by Yves Younan of Cisco
Talos. (TALOS-CAN-0143)
