version 2.10.7 (02/13/2013):
Alien hatchery:
* No changes
General:
* The configure script will now exit with status 1 when specifying
invalid protocol plugins using the --with-static-prpls and
--with-dynamic-prpls arguments. (Michael Fiedler) (#15316)
libpurple:
* Fix a crash when receiving UPnP responses with abnormally long values.
(CVE-2013-0274)
* Don't link directly to libgcrypt when building with GnuTLS support.
(Bartosz Brachaczek) (#15329)
* Fix UPnP mappings on routers that return empty <URLBase/> elements
in their response. (Ferdinand Stehle) (#15373)
* Tcl plugin uses saner, race-free plugin loading.
* Fix the Tcl signals-test plugin for savedstatus-changed.
(Andrew Shadura) (#15443)
Pidgin:
* Make Pidgin more friendly to non-X11 GTK+, such as MacPorts' +no_x11
variant.
Gadu-Gadu:
* Fix a crash at startup with large contact list. Avatar support for
buddies will be disabled until 3.0.0. (#15226, #14305)
IRC:
* Support for SASL authentication. (Thijs Alkemade, Andy Spencer)
(#13270)
* Print topic setter information at channel join. (#13317)
MSN:
* Fix SSL certificate issue when signing into MSN for some users.
* Fix a crash when removing a user before its icon is loaded. (Mark
Barfield) (#15217)
MXit:
* Fix a bug where a remote MXit user could possibly specify a local
file path to be written to. (CVE-2013-0271)
* Fix a bug where the MXit server or a man-in-the-middle could
potentially send specially crafted data that could overflow a buffer
and lead to a crash or remote code execution. (CVE-2013-0272)
* Display farewell messages in a different colour to distinguish
them from normal messages.
* Add support for typing notification.
* Add support for the Relationship Status profile attribute.
* Remove all reference to Hidden Number.
* Ignore new invites to join a GroupChat if you're already joined, or
still have a pending invite.
* The buddy's name was not centered vertically in the buddy-list if they
did not have a status-message or mood set.
* Fix decoding of font-size changes in the markup of received messages.
* Increase the maximum file size that can be transferred to 1 MB.
* When setting an avatar image, no longer downscale it to 96x96.
Sametime:
* Fix a crash in Sametime when a malicious server sends us an abnormally
long user ID. (CVE-2013-0273)
Yahoo!:
* Fix a double-free in profile/picture loading code. (Mihai Serban)
(#15053)
* Fix retrieving server-side buddy aliases. (Catalin Salgu) (#15381)
Plugins:
* The Voice/Video Settings plugin supports using the sndio GStreamer
backends. (Brad Smith) (#14414)
* Fix a crash in the Contact Availability Detection plugin. (Mark)
(#15327)
* Make the Message Notification plugin more friendly to non-X11 GTK+,
such as MacPorts' +no_x11 variant.
Version 3.2 (released 2013-01-06) hilights:
Updated Twitter module. Support for Twitter API 1.1, streaming API, direct
messages and some other improvements.
Fixed potential connection issue to Google Talk, OpenFire, possibly other
Jabber services.
A bunch of other things.
Version 3.0.6 (released 2012-10-14) hilights:
Updated MSN module, now speaking the MSNP18 protocol. This adds support for
MPOP and also fixes sending off-line messages.
Loads of bugfixes, etc. accumulated over the last half a year.
* handle building with NetBSD 6's 64bit time_t on a 32 bit platform
* reorder src/utf8/checked.h to define the append() function
before using it later on in the same file.
Also updated the MASTER_SITES to reference the new download site.
prior will be migrated to the new format when you run 0.15 for the
first time.
Changes:
- Merge many changes from Psi+.
- New message history browser.
- New, fast contact list window.
- TURN proxying for voice calls.
- Store data in more standardized locations based on the platform.
- No longer dependent on the Qt3Support library.
- Domains ending in .local now always work, whether via DNS server or mdns.
- Windows 64-bit and Mac 64-bit now supported. Mac PPC deprecated.
- Legacy SSL port probe feature removed.
- Various small features and bugfixes.
Since 0.14, this version contains about two years worth of merges
from the Psi+ project. Thanks to Rion and Dealer_WeARE for diligently
keeping the Psi source repo current all this time.
Changes:
Security:
- CVE-2012-5854: Fix buffer overflow when decoding IRC colors in strings
- CVE-2012-5534: Fix untrusted command for function hook_process could lead to
execution of commands, because of shell expansions
Among the new features:
- add plugin "script" (replacement of weeget.py and script.pl)
- add support of SSL in relay plugin
- add color for offline nicks
- add system resource limits for WeeChat process
- add zoom on merged buffer (default key: alt+"x")
- add "Day changed to" in logger backlog
- add command line option "-r" (or "--run-command") to run command(s) after startup of WeeChat
- add option "swap" for command /buffer
- generate alternate IRC nicks dynamically (when all nicks are already in use)
- fix rejoin of password protected IRC channels
- fix freeze in irc and relay plugins with sockets
- fix color of long lines (displayed on more than one line on screen) under FreeBSD
- allow update for some variables of hdata
- add japanese user's guide, scripting guide and tester's guide
- many bugs fixed.
in gcc 4.1.3 (NetBSD 5.*) aka, -pedantic causes build
failures when including gnutls on older versions of gcc.
Should clear up the build issues on NetBSD 5.x
- HTTP service
- Fix ejabberd_http:get_line
- Don't use binary:match to extract lines from binaries
- Parse and encode https header names like native http parser does
- Parse correctly https request split into multiple packets
- Properly handle HEAD request in mod_http_bind (EJAB-1538)
- New option default_host for handling requests with ambiguous Host
(EJAB-1261)
- ODBC
- New ODBC support for mod_announce
- New ODBC support for mod_blocking
- New ODBC support for mod_irc
- New ODBC support for mod_muc
- New ODBC support for mod_shared_roster
- New ODBC support for mod_vcard_xupdate
- Add ODBC exporting function for privacy table
- Work also with some unicode strings in PgSQL (EJAB-1490)
- Replace a single quote with double quotes in an ODBC escape
- SSL
- Make sure that res is initialized in all cases
- Parse correctly https request split into multiple packets (EJAB-1537)
- Added missed tls:recv_data/2
- Don't ignore Length parameter in tls:recv
- Avoid quadratic behavior in reading SSL data
- Dix http_bind webserver TLS fail on Chrome (EJAB-1530)
- Miscelanea
- Assume we have only one CPU when an auto-detection fails (EJAB-1516)
- Auth: Relax digest-uri handling (EJAB-1529)
- Caps: Cache caps timestamp before the IQ-request is done
- IRC: Use of MUC password
- Private: misc errors cases fixes
- Pubsub: return user affiliation for a specified node (EJAB-1294)
- Shared Roster: Foreign items were not pushed (EJAB-1509)
- Shared Roster LDAP: user substitution in ldap_rfilter (EJAB-1555)
- Windows: Fix makefile rules for building DLLs
