version 2.10.7 (02/13/2013):
Alien hatchery:
* No changes
General:
* The configure script will now exit with status 1 when specifying
invalid protocol plugins using the --with-static-prpls and
--with-dynamic-prpls arguments. (Michael Fiedler) (#15316)
libpurple:
* Fix a crash when receiving UPnP responses with abnormally long values.
(CVE-2013-0274)
* Don't link directly to libgcrypt when building with GnuTLS support.
(Bartosz Brachaczek) (#15329)
* Fix UPnP mappings on routers that return empty <URLBase/> elements
in their response. (Ferdinand Stehle) (#15373)
* Tcl plugin uses saner, race-free plugin loading.
* Fix the Tcl signals-test plugin for savedstatus-changed.
(Andrew Shadura) (#15443)
Pidgin:
* Make Pidgin more friendly to non-X11 GTK+, such as MacPorts' +no_x11
variant.
Gadu-Gadu:
* Fix a crash at startup with large contact list. Avatar support for
buddies will be disabled until 3.0.0. (#15226, #14305)
IRC:
* Support for SASL authentication. (Thijs Alkemade, Andy Spencer)
(#13270)
* Print topic setter information at channel join. (#13317)
MSN:
* Fix SSL certificate issue when signing into MSN for some users.
* Fix a crash when removing a user before its icon is loaded. (Mark
Barfield) (#15217)
MXit:
* Fix a bug where a remote MXit user could possibly specify a local
file path to be written to. (CVE-2013-0271)
* Fix a bug where the MXit server or a man-in-the-middle could
potentially send specially crafted data that could overflow a buffer
and lead to a crash or remote code execution. (CVE-2013-0272)
* Display farewell messages in a different colour to distinguish
them from normal messages.
* Add support for typing notification.
* Add support for the Relationship Status profile attribute.
* Remove all reference to Hidden Number.
* Ignore new invites to join a GroupChat if you're already joined, or
still have a pending invite.
* The buddy's name was not centered vertically in the buddy-list if they
did not have a status-message or mood set.
* Fix decoding of font-size changes in the markup of received messages.
* Increase the maximum file size that can be transferred to 1 MB.
* When setting an avatar image, no longer downscale it to 96x96.
Sametime:
* Fix a crash in Sametime when a malicious server sends us an abnormally
long user ID. (CVE-2013-0273)
Yahoo!:
* Fix a double-free in profile/picture loading code. (Mihai Serban)
(#15053)
* Fix retrieving server-side buddy aliases. (Catalin Salgu) (#15381)
Plugins:
* The Voice/Video Settings plugin supports using the sndio GStreamer
backends. (Brad Smith) (#14414)
* Fix a crash in the Contact Availability Detection plugin. (Mark)
(#15327)
* Make the Message Notification plugin more friendly to non-X11 GTK+,
such as MacPorts' +no_x11 variant.
version 2.10.4 (05/06/2012):
General:
* Support building against Farstream in addition to Farsight.
(Olivier Crete) (#14936)
IRC:
* Disable periodic WHO timer. IRC channel user lists will no
longer automatically display away status, but libpurple will be
much kinder to the network.
* Print unknown numerics to channel windows if we can associate
them. Thanks to Marien Zwart. (#15090)
MSN:
* Fix a possible crash when receiving messages with certain characters
or character encodings. Thanks to Fabian Yamaguchi for reporting
this!
XMPP:
* Fix a possible crash when receiving a series of specially crafted
file transfer requests. Thanks to José Valentín Gutiérrez for
reporting this! (CVE-2012-2214)
Windows-Specific Changes:
* Words added to spell check dictionaries are saved across restarts of
Pidgin (#11886)
(fixes CVE-2011-3594, CVE-2011-4601, CVE-2011-4602, CVE-2011-4603, CVE-2011-4939
and CVE-2012-1178)
version 2.10.3 (03/26/2012):
* Fix buddies not going offline.
version 2.10.2 (03/14/2012):
General:
* Fix compilation when using binutils 2.22 and new GDK pixbuf. (#14799)
* Fix compilation of the MXit protocol plugin with GLib 2.31. (#14773)
Pidgin:
* Add support for the GNOME3 Network dialog. (#13882)
* Fix rare crash. (#14392)
* Add support for the GNOME3 Default Application dialog for configuring
the Browser.
libpurple:
* Support new connection states and signals for NetworkManager 0.9+.
(Dan Williams) (#13859)
AIM and ICQ:
* Fix a possible crash when receiving an unexpected message
from the server. (Thijs Alkemade) (#14983)
* Allow signing on with usernames containing periods and
underscores. (#13500)
* Allow adding buddies containing periods and underscores. (#13500)
* Don't try to format ICQ usernames entered as email addresses.
Gets rid of an "Unable to format username" error at login. (#13883)
MSN:
* Fix possible crashes caused by not validating incoming messages as
UTF-8. (Thijs Alkemade) (#14884)
* Support new protocol version MSNP18. (#14753)
* Fix messages to offline contacts. (#14302)
Windows-Specific Changes:
* Fix the installer downloading of spell-checking dictionaries (#14612)
* Fix compilation of the Bonjour protocol plugin. (#14802)
Plugins:
* The autoaccept plugin will no longer reset the preference for unknown
buddies to "Auto Reject" in certain cases. (#14964)
version 2.10.1 (12/06/2011):
Finch:
* Fix compilation on OpenBSD.
AIM and ICQ:
* Fix remotely-triggerable crashes by validating strings in a few
messages related to buddy list management. Thanks to Evgeny Boger
for reporting this! (#14682)
Bonjour:
* IPv6 fixes (Linus Lüssing)
Gadu-Gadu:
* Fix problems linking against GnuTLS. (#14544)
IRC:
* Fix a memory leak when admitting UTF-8 text with a non-UTF-8 primary
encoding. (#14700)
Jabber:
* Fix crashes and memory leaks when receiving malformed voice
and video requests. Thanks to Thijs Alkemade for reporting this!
Sametime:
* Separate "username" and "server" when adding new Sametime accounts.
(#14608)
* Fix compilation in Visual C++. (#14608)
SILC:
* Fix CVE-2011-3594, by UTF-8 validating incoming messages before
passing them to glib or libpurple. Identified by Diego Bauche
Madero from IOActive. (#14636)
Yahoo!:
* Fetch buddy icons in some cases where we previously weren't. (#13050)
Windows-Specific Changes:
* Fix compilation
While here, better fix for PR#45190.
chat/finch itself does not depend on devel/nspr.
chat/libpurple without gnutls option, libpurple is linked with nspr,
so it must be handle in libpurple/buildlink3.mk.
version 2.10.0 (08/18/2011):
Pidgin:
* Make the max size of incoming smileys a pref instead of hardcoding it.
(Quentin Brandon) (#5231)
* Added a plugin information dialog to show information for plugins
that aren't otherwise visible in the plugins dialog.
* Fix building with GTK+ earlier than 2.14.0 (GTK+ 2.10 is still the
minimum supported) (#14261)
libpurple:
* Fix a potential crash in the Log Reader plugin when reading QIP logs.
* Fix a large number of strcpy() and strcat() invocations to use
strlcpy() and strlcat(), etc., forestalling an entire class of
string buffer overrun bugs.
(The Electronic Frontier Foundation, Dan Auerbach, Chris Palmer,
Jacob Appelbaum)
* Change some filename manipulations in filectl.c to use MAXPATHLEN
instead of arbitrary length constants. (The Electronic Frontier
Foundation, Dan Auerbach, Chris Palmer, Jacob Appelbaum)
* Fix endianness-related crash in NTLM authentication (Jon Goldberg)
(#14163)
Gadu-Gadu:
* Fixed searching for buddies in public directory. (Tomasz Wasilczyk)
(#5242)
* Better status message handling. (Tomasz Wasilczyk) (#14314)
* Merged two buddy blocking methods. (Tomasz Wasilczyk) (#5303)
* Fix building of the bundled libgadu library with older versions
of GnuTLS. (patch plucked from upstream) (#14365)
ICQ:
* Fix crash selecting Tools->Set Mood when you're online with an
ICQ account that is configured as an AIM account. (#14437)
IRC:
* Fix a crash when remote users have certain characters in their
nicknames. (Discovered by Djego Ibanez) (#14341)
* Fix the handling of formatting following mIRC ^O (#14436)
* Fix crash when NAMES is empty. (James McLaughlin) (#14518)
MSN:
* Fix incorrect handling of HTTP 100 responses when using the HTTP
connection method. This can lead to a crash. (Discovered by Marius
Wachtler)
* Fix seemingly random crashing. (#14307)
* Fix a crash when the account is disconnected at the time we are doing a
SB request. (Hanzz, ported by shlomif) (#12431)
XMPP:
* Do not generate malformed XML ("</>") when setting an empty mood.
(#14342)
* Fix the /join <room> behavior. (Broken when adding support for
<room>@<server>) (#14205)
Yahoo!/Yahoo! JAPAN:
* Fix coming out of idle while in an unavailable state
* Fix logging into Yahoo! JAPAN. (#14259)
Windows-Specific Changes:
* Open an explorer.exe window at the location of the file when clicking
on a file link instead of executing the file, because executing a file
can be potentially dangerous. (Discovered by James Burton of
Insomnia Security) (Fixed by Eion Robb)
version 2.9.0 (06/23/2011):
Pidgin:
* Fix a potential remote denial-of-service bug related to displaying
buddy icons.
* Significantly improved performance of larger IRC channels (regression
introduced in 2.8.0).
* Fix Conversation->Add on AIM and MSN.
* Entries in the chat user list are sorted properly again. This was
inadvertenly broken in 2.8.0.
Finch:
* Fix logging in to ICQ.
libpurple:
* media: Actually use the specified TCP port from the TURN configuration to
create a TCP relay candidate.
AIM and ICQ:
* Fix crashes on some non-mainstream OSes when attempting to
printf("%s", NULL). (Clemens Huebner) (#14297)
Plugins:
* The Evolution Integration plugin compiles again.
version 2.8.0 (06/07/2011):
General:
* Implement simple silence suppression for voice calls, preventing
wasted bandwidth for silent periods during a call. (Jakub Adam)
(half of #13180)
* Added the DigiCert High Assurance CA-3 intermediate CA, needed for
validation of the Facebook XMPP interface's certificate.
* Removed the QQ protocol plugin. It hasn't worked in a long time and
isn't being maintained, therefore we no longer want it.
Pidgin:
* Duplicate code cleanup. (Gabriel Schulhof) (#10599)
* Voice/Video call window adapts correctly to adding or removing
streams on the fly. (Jakub Adam) (half of #13535)
* Don't cancel an ongoing call when rejecting the addition of a
stream to the existing call. (Jakub Adam) (#13537)
* Pidgin plugins can now override tab completion and detect clicks on
usernames in the chat userlist. (kawaii.neko) (#12599)
* Fix the tooltip being destroyed when it is full of information and
cover the mouse (dliang) (#10510)
libpurple:
* media: Allow obtaining active local and remote candidates. (Jakub
Adam) (#11830)
* media: Allow getting/setting video capabilities. (Jakub Adam) (half
of #13095)
* Simple Silence Suppression is optional per-account. (Jakub Adam)
(half of #13180)
* Fix purple-url-handler being unable to find an account.
* media: Allow adding/removing streams on the fly. (Jakub Adam)
(half of #13535)
* Support new connection states in NetworkManager 0.9. (Dan Williams)
(#13505)
* When removing a buddy, delete the pounces associated with it.
(Kartik Mohta) (#1131)
* media: Allow libpurple and plugins to set SDES properties for RTP
conferences. (Jakub Adam) (#12981)
* proxy: Add new "Tor/Privacy" proxy type that can be used to
restrict operations that could leak potentially sensitive data
(e.g. DNS queries). (#11110, #13928)
* media: Add support for using TCP relaying with TURN (will only work with
libnice 0.1.0 and later).
AIM:
* Fix setting icons with dimensions greater than 64x64 pixels by scaling
them down to at most 64x64. (#12874, #13165)
Gadu-Gadu:
* Allow showing your status only to buddies. (Mateusz Piękos) (#13358)
* Updated internal libgadu to version 1.10.1. (Robert Matusewicz,
Krzysztof Klinikowski) (#13525)
* Updated internal libgadu to version 1.11.0. (Tomasz Wasilczyk)
(#14248)
* Suppress blank messages that happen when receiving inline
images. (Tomasz Wasilczyk) (#13554)
* Fix sending inline images to remote users, don't crash when
trying to send large (> 256kB) images. (Tomasz Wasilczyk) (#13580)
* Support typing notifications. (Jan Zachorowski, Tomasz Wasilczyk,
Krzysztof Klinikowski) (#13362, #13590)
* Require libgadu 1.11.0 to avoid using internal libgadu.
* Optional SSL connection support for GNUTLS users (not on Windows
yet!). (Tomasz Wasilczyk) (#13613, #13894)
* Don't count received messages or statuses when determining whether
to send a keepalive packet. (Jan Zachorowski) (#13699)
* Fix a crash when receiving images on Windows or an incorrect
timestamp in the log when receiving images on Linux. (Tomasz
Wasilczyk) (#10268)
* Support XML events, resulting in immediate update of other users'
buddy icons. (Tomasz Wasilczyk) (#13739)
* Accept poorly formatted URLs from other third-party clients in
the same manner as the official client. (Tomasz Wasilczyk)
(#13886)
ICQ:
* Fix setting icons with dimensions greater than 64x64 pixels by scaling
them down to at most 64x64. (#12874, #13165)
* Fix unsetting your mood when "None" is selected. (Dustin Gathmann)
(#11895)
* Ignore Daylight Saving Time when performing calculations related to
birthdays. (Dustin Gathmann) (#13533)
* It is now possible to specify multiple encodings on the Advanced
tab of an ICQ account's settings by using a comma-delimited list.
(Dmitry Utkin) (#13496)
IRC:
* Add "authserv" service command. (tomos) (#13337)
MSN:
* Fix a hard-to-exploit crash in the MSN protocol when using the
HTTP connection method (Reported by Marius Wachtler).
MXit:
* Support for an Invite Message when adding a buddy.
* Fixed bug in splitting-up of messages that contain a lot of links.
* Fixed crash caused by timer not being disabled on disconnect.
(introduced in 2.7.11)
* Clearing of the conversation window now works.
* When receiving an invite you can display the sender's profile
information, avatar image, invite message.
* The Change PIN option was moved into separate action.
* New profile attributes added and shown.
* Update to protocol v6.3.
* Added the ability to view and invite your Suggested Friends,
and to search for contacts.
* Also display the Status Message of offline contacts in their
profile information.
XMPP:
* Remember the previously entered user directory when searching.
(Keith Moyer) (#12451)
* Correctly handle a buddy's unsetting his/her vCard-based avatar.
(Matthew W.S. Bell) (#13370)
* Squash one more situation that resulted in duplicate entries in
the roster (this one where the server reports the buddy as being
in the same (empty) group. (Reported by Danny Mayer)
Plugins:
* The Voice/Video Settings plugin now includes the ability to test
microphone settings. (Jakub Adam) (#13182)
* Fix a crash when handling some saved settings in the Voice/Video
Settings plugin. (Pat Erley) (13290, #13774)
Windows-Specific Changes:
* Fix building libpurple with Visual C++ .NET 2005. This was
accidentally broken in 2.7.11. (Florian Quèze)
* Build internal libgadu using packed structs, fixing several
long-standing Gadu-Gadu issues. (#11958, #6297)
General:
* Our bundled libgadu should now build on HP-UX.
* Fix some instances of file transfers never completing.
Pidgin:
* Sort by Status no longer causes buddies to move around when you click them.
* Fix embedding in the system tray on older GTK+ releases (such as on CentOS
5.5 and older Fedora).
* No longer require libstartup-notification for startup notification support.
GTK+ has included support for years, so use it instead.
AIM:
* Fix a bug where some buddies from your buddy list might not show up.
Affected non-English ICQ users the most.
* Send keepalives for all types of network connections. Will hopefully make
chat rooms more reliable.
MSN:
* Fix bug that prevented added buddies to your buddy list in certain
circumstances.
MXit:
* MXit plugin and reported client version now follow the libpurple version.
* Don't try to request profile information for non-user contacts.
* Allow Re-Invite for contacts in Deleted or Rejected state.
* Ensure we don't send packets too fast to the MXit server and trigger its
flood-detection mechanism. Also increased the internal packet queue to 32
packets.
XMPP:
* Fix building on platforms with an older glib (inadvertantly broken in 2.7.10).
* Don't treat the on-join status storms as 'new arrivals'.
* Extend the /join command to support room JIDs, enabling you to join a room on
any server.
* Add support for receiving a limited amount of history when joining a room
(not currently supported by Pidgin and Finch).
Yahoo!/Yahoo! JAPAN:
* Fix CVE-2011-1091, denials of service caused by NULL pointer dereferences due
to improper handling of malformed YMSG packets.
* Force video sources to all have the same capabilities. This reduces the number of times video must be scaled down, saving CPU time.
* Starting multiple video calls and ending one no longer causes the other calls
to stop sending audio and video.
* Perl bindings now respect LDFLAGS.
* Added AddTrust External Root CA.
* Resolve some issues validating X.509 certificates signed off the CAcert Class
3 intermediate cert when using the GnuTLS SSL/TLS plugin.
John: Just a quick release for a security fix here. Elliott has not
yet had a chance to work on the MSN breakage that's been present in
the last couple releases, but we hope he can do it before 2.7.10!
Changes 2.7.8:
Elliott: OK, so I know a few things broke with the last release, and
it's too bad we had to rush it for that silly certificate thing that
the MSN people can't configure properly. I've certainly done a lot of
small fixes this time, but it's too bad we haven't been able to get the
transfers with the official client fixed yet. I promise it'll be in
the next release (barring any quick security issues).
John: So, it's been about a month since we last released. Again, we've
assembled a bugfix release for your enjoyment. While a few commonly
reported bugs remain, particularly in MSN, we're working on it for the
next release. In the meantime, Merry Christmas and enjoy!
Changes 2.7.7:
John: Well, this time around, we should finally have the certificate
issue really and fully fixed for all of you MSN users. Also, we have
a few AIM-related fixes in this release, most notably the fix for the
new "SSL Handshake Failure" message some of you got after upgrading.
That one was an oversight on our part. Enjoy the fixes!
* Lots of little incremental bug fixes and enhancements in this release.
* Finally got some fixes out there for you Yahoo users behind some
particularly annoying firewalls and proxies, among other fixes. Enjoy!
Changes 2.7.2:
* We discovered a security issue in Pidgin 2.7.0 and 2.7.1 and decided to
release a patched version quickly. This release contains the fix for that
crash, and a few other minor fixes.
