Version history for Pidgin (Gaim) Portable

<<Back to software description

Changes for v2.10.3 - v2.10.4

General: ◦Support building against Farstream in addition to Farsight. (Olivier Crete) (#14936)
IRC: ◦Disable periodic WHO timer. IRC channel user lists will no longer automatically display away status, but libpurple will be much kinder to the network.
Print unknown numerics to channel windows if we can associate them. Thanks to Marien Zwart. (#15090)
MSN: ◦Fix a possible crash when receiving messages with certain characters or character encodings. Thanks to Fabian Yamaguchi for reporting this!
XMPP: ◦Fix a possible crash when receiving a series of specially crafted file transfer requests. Thanks to José Valentín Gutiérrez for reporting this! (CVE-2012-2214)
Windows-Specific Changes: ◦Words added to spell check dictionaries are saved across restarts of Pidgin (#11886)

Changes for v2.9.0 - v2.10.1

Finch:
Fix compilation on OpenBSD.
AIM and ICQ:
Fix remotely-triggerable crashes by validating strings in a few messages related to buddy list management. Thanks to Evgeny Boger for reporting this! (#14682)
Bonjour:
IPv6 fixes (Linus Lüssing)
Gadu-Gadu:
Fix problems linking against GnuTLS. (#14544)
IRC:
Fix a memory leak when admitting UTF-8 text with a non-UTF-8 primary encoding. (#14700)
Jabber:
Fix crashes and memory leaks when receiving malformed voice and video requests. Thanks to Thijs Alkemade for reporting this!
Sametime:
Separate "username" and "server" when adding new Sametime accounts. (#14608)
Fix compilation in Visual C++. (#14608)
SILC:
Fix CVE-2011-3594, by UTF-8 validating incoming messages before passing them to glib or libpurple. Identified by Diego Bauche Madero from IOActive. (#14636)
Yahoo!:
Fetch buddy icons in some cases where we previously weren't. (#13050)
Windows-Specific Changes:
Fix compilation

Changes for v2.8.0 - v2.9.0

Pidgin
Fix a potential remote denial-of-service bug related to displaying buddy icons.
Significantly improved performance of larger IRC channels (regression introduced in 2.8.0).
Fix Conversation->Add on AIM and MSN.
Entries in the chat user list are sorted properly again. This was inadvertenly broken in 2.8.0.
Finch
Fix logging in to ICQ.
libpurple
media: Actually use the specified TCP port from the TURN configuration to create a TCP relay candidate.
AIM and ICQ
Fix crashes on some non-mainstream OSes when attempting to printf("%s", NULL). (Clemens Huebner) (#14297)
Plugins
The Evolution Integration plugin compiles again.

Changes for v2.7.10 - v2.8.0

General:
Implement simple silence suppression for voice calls, preventing wasted bandwidth for silent periods during a call. (Jakub Adam) (half of #13180)
Added the DigiCert? High Assurance CA-3 intermediate CA, needed for validation of the Facebook XMPP interface's certificate.
Removed the QQ protocol plugin. It hasn't worked in a long time and isn't being maintained, therefore we no longer want it.
Pidgin:
Duplicate code cleanup. (Gabriel Schulhof) (#10599)
Voice/Video call window adapts correctly to adding or removing streams on the fly. (Jakub Adam) (half of #13535)
Don't cancel an ongoing call when rejecting the addition of a stream to the existing call. (Jakub Adam) (#13537)
Pidgin plugins can now override tab completion and detect clicks on usernames in the chat userlist. (kawaii.neko) (#12599)
Fix the tooltip being destroyed when it is full of information and cover the mouse (dliang) (#10510)
libpurple:
media: Allow obtaining active local and remote candidates. (Jakub Adam) (#11830)
media: Allow getting/setting video capabilities. (Jakub Adam) (half of #13095)
Simple Silence Suppression is optional per-account. (Jakub Adam) (half of #13180)
Fix purple-url-handler being unable to find an account.
media: Allow adding/removing streams on the fly. (Jakub Adam) (half of #13535)
Support new connection states in NetworkManager 0.9. (Dan Williams) (#13505)
When removing a buddy, delete the pounces associated with it. (Kartik Mohta) (#1131)
media: Allow libpurple and plugins to set SDES properties for RTP conferences. (Jakub Adam) (#12981)
proxy: Add new "Tor/Privacy" proxy type that can be used to restrict operations that could leak potentially sensitive data (e.g. DNS queries). (#11110, #13928)
media: Add support for using TCP relaying with TURN (will only work with libnice 0.1.0 and later).
AIM:
Fix setting icons with dimensions greater than 64x64 pixels by scaling them down to at most 64x64. (#12874, #13165)
Gadu-Gadu:
Allow showing your status only to buddies. (Mateusz Piekos) (#13358)
Updated internal libgadu to version 1.10.1. (Robert Matusewicz, Krzysztof Klinikowski) (#13525)
Updated internal libgadu to version 1.11.0. (Tomasz Wasilczyk) (#14248)
Suppress blank messages that happen when receiving inline images. (Tomasz Wasilczyk) (#13554)
Fix sending inline images to remote users, don't crash when trying to send large (> 256kB) images. (Tomasz Wasilczyk) (#13580)
Support typing notifications. (Jan Zachorowski, Tomasz Wasilczyk, Krzysztof Klinikowski) (#13362, #13590)
Require libgadu 1.11.0 to avoid using internal libgadu.
Optional SSL connection support for GNUTLS users (not on Windows yet!). (Tomasz Wasilczyk) (#13613, #13894)
Don't count received messages or statuses when determining whether to send a keepalive packet. (Jan Zachorowski) (#13699)
Fix a crash when receiving images on Windows or an incorrect timestamp in the log when receiving images on Linux. (Tomasz Wasilczyk) (#10268)
Support XML events, resulting in immediate update of other users' buddy icons. (Tomasz Wasilczyk) (#13739)
Accept poorly formatted URLs from other third-party clients in the same manner as the official client. (Tomasz Wasilczyk) (#13886)
ICQ:
Fix setting icons with dimensions greater than 64x64 pixels by scaling them down to at most 64x64. (#12874, #13165)
Fix unsetting your mood when "None" is selected. (Dustin Gathmann) (#11895)
Ignore Daylight Saving Time when performing calculations related to birthdays. (Dustin Gathmann) (#13533)
It is now possible to specify multiple encodings on the Advanced tab of an ICQ account's settings by using a comma-delimited list. (Dmitry Utkin (#13496))
IRC:
Add "authserv" service command. (tomos) (#13337)
MSN:
Fix a hard-to-exploit crash in the MSN protocol when using the HTTP connection method (Reported by Marius Wachtler).
MXit:
Support for an Invite Message when adding a buddy.
Fixed bug in splitting-up of messages that contain a lot of links.
Fixed crash caused by timer not being disabled on disconnect. (introduced in 2.7.11)
Clearing of the conversation window now works.
When receiving an invite you can display the sender's profile information, avatar image, invite message.
The Change PIN option was moved into separate action.
New profile attributes added and shown.
Update to protocol v6.3.
Added the ability to view and invite your Suggested Friends, and to search for contacts.
Also display the Status Message of offline contacts in their profile information.
XMPP:
Remember the previously entered user directory when searching. (Keith Moyer) (#12451)
Correctly handle a buddy's unsetting his/her vCard-based avatar. (Matthew W.S. Bell) (#13370)
Squash one more situation that resulted in duplicate entries in the roster (this one where the server reports the buddy as being in the same (empty) group. (Reported by Danny Mayer)
Plugins:
The Voice/Video Settings plugin now includes the ability to test microphone settings. (Jakub Adam) (#13182)
Fix a crash when handling some saved settings in the Voice/Video Settings plugin. (Pat Erley) (13290, #13774)
Windows-Specific Changes:
Fix building libpurple with Visual C++ .NET 2005. This was accidentally broken in 2.7.11. (Florian Quèze)
Build internal libgadu using packed structs, fixing several long-standing Gadu-Gadu issues. (#11958, #6297)

Changes for v2.7.8 - v2.7.9

Fix a crash when receiving short packets related to P2Pv2. (CVE ID pending)

Changes for v2.7.7 - v2.7.8

General:
Fix the exceptions in purple-remote on Python 2.6+. (Ari Pollak) (#12151)
Pidgin:
When a conversation has reached the maximum limit on the number of smileys, display the text representation of the smiley properly when it contains HTML-escapable characters (e.g. "<3" was previously displayed as "<3").
Drop dependency on GdkGC and use Cairo instead.
New UI hack to assist in first-time setup of Facebook accounts with icon from Jakub Szypulka.
Don't hide the buddy list if there is no notification area in which to put the icon. (#12129)
libpurple:
Fix multipart parsing when '=' is included in the boundary for purple_mime_document_parse. (Jakub Adam) (#11598)
AIM and ICQ:
Buddies who unset their status message will now be correctly shown without a message in your buddy list. (#12988)
Gadu-Gadu:
Updated our bundled libgadu and minimum requirement for external libgadu to 1.9.0. (#12789)
MSN:
Stop showing ourselves in the list of endpoints that can be disconnected.
Allow full-size display names, by not escaping (most) non-English characters. (#8508)
Fix receiving messages from users on Yahoo and other federated services. (#13022)
Correctly remove old endpoints from the list when they sign out.
Add option to disable connections from multiple locations. (#13017)
Correctly update your own display name in the buddy list. (#13064)
Correctly show ourselves as offline in the buddy list when going invisible. (#12945)
Correctly update your own icon in the buddy list. (#12973)
Remove struct packing for better portability. (#12856)
XMPP:
Terminate Jingle sessions with unsupported content types. (#13048)

Changes for v2.7.6 - v2.7.7

General:
Allow multiple CA certificates to share the same Distinguished Name (DN). Partially fixes remaining MSN issues from #12906.
The GNUTLS SSL plugin now discards any certificate (and all subsequent certificates) in a chain if it did not sign the previous certificate. Partially fixes remaining MSN issues from #12906.
Open requests related to a file transfer are now closed when the request is cancelled locally. (#11666)
AIM and ICQ:
AIM should now connect if "Use clientLogin" is turned off and the "Server" field is set to anything other than "login.oscar.aol.com" or "slogin.oscar.aol.com". (#12948)
Fix a crash on connection loss. (#5927)

Changes for v2.7.5 - v2.7.6

General:
Included Microsoft Internet Authority 2010 and Microsoft Secure Server Authority 2010 intermediate CA certificates to our bundle. This fixes the "Unable to validate certificate" error for omega.contacts.msn.com. (#12906)
Pidgin:
Avoid a use-after-free race condition in the media code (when there's an error reported by GStreamer). (#12806, Jakub Adam)
AIM and ICQ:
SSL option has been changed to a tri-state menu with choices for "Don't Use Encryption", "Use Encryption if Available", and "Require Encryption".
Fix some possible clientLogin URL issues introduced in version 2.7.5.
Don't show a ": Ok" connection error when using clientLogin.
Cleaned up some debug output for improved readability.
MSN:
Added support for MSNP16, including Multiple Points of Presence (MPOP) which allows multiple simultaneous sign-ins. (#8247)
Added extended capabilities support (none implemented).
Merged the work done on the Google SoC (major rewrite of SLP code)
Reworked the data transfer architecture. (SlpArchitecture)
Lots of little changes.
Don't process zero-length DC messages. (#12660)
Fixed a bunch of memory leaks.
Prevent a use-after-free condition.
XMPP:
Avoid a double-free in the Google Relay (V/V) code.
Avoid double error message when failing a file transfer. (#12757)
Password-related information is printed out for SASL authentication when the PURPLE_UNSAFE_DEBUG environment variable is set.
Authentication mechanisms can now be added by UI's or other plugins with some work. This is outside the API/ABI rules! (#12715)
Fixed a few printf("%s", NULL) crashes for broken OSes.
Windows-Specific Changes:
Build the Pidgin Theme Editor plugin (finally).
Untarring (for themes) now works for non-ASCII destination paths.

Changes for v2.7.4 - v2.7.5

General:
Added Verisign Class 3 Public CA - G2 root CA.
Pidgin:
Properly differentiate between bn and bn_IN in the Translation Information dialog.
AIM and/or ICQ:
Display the "Authorize buddy?" minidialog when the requestor has an empty nickname. (#12810)
New ICQ accounts default to proper ICQ servers. Old accounts using one of the old default servers will be silently migrated to use the proper servers.
ICQ accounts using clientLogin now use the correct ICQ servers. This is separate from the server settings mentioned above.
'<' should no longer cause ICQ status messages to be truncated in some locations. (#11964, #12593)
Fix sending messages to chat rooms. (#12768)
Bonjour:
Don't crash when attempting to log into a Bonjour account and init failed.
Windows-Specific Changes:
Quote the path stored in the registry when the "run at startup" option in the Windows Pidgin Options plugin is used. (#12781)

Changes for v2.6.5 - v2.6.6

libpurple
Fix 'make check' on OS X. (David Fang)
Fix a quirk in purple_markup_html_to_xhtml that caused some messages to be improperly converted to XHTML.
Set "controlling-mode" correctly when initializing a media session. Fixes receiving voice calls from Psi.
When looking up DNS records, use the type of record returned by the server (instead of the type we asked for) to determine how to process the record.
Fix an issue with parsing XML attributes that contain "<br>". See ChangeLog.API for more details.
General
Correctly disable all missing dependencies when using the --disable-missing-dependencies option. (Gabriel Schulhof)
Gadu-Gadu
Fix display of avatars after a server-side change. (Krzysztof Klinikowski)
AIM
Allow setting and displaying icons between 1x1 and 100x100 pixels. Previously only icons between 48x48 and 50x50 were allowed.
MSN
Fix CVE-2010-0277, a possible remote crash when parsing an incoming SLP message. (Discovered by Fabian Yamaguchi)
File transfer requests will no longer cause a crash if you delete the file before the other side accepts.
Received files will no longer hold an extra lock after completion, meaning they can be moved or deleted without complaints from your OS.
Buddies who sign in from a second location will no longer cause an unnecessary chat window to open.
Support setting an animated GIF as a buddy icon.
Numerous code cleanups and memory savings.
MySpace
Fix a leak and crash when retrieving buddy icons.
XMPP
Less likely to send messages to a contact's idle/inactive resource. Previously, if a message was received from a specific resource, responses would be sent to that resource until either it went offline or a message is received from another resource. Now, messages are sent to the bare JID upon receipt of any presence change from the contact.
Added support for the SCRAM-SHA-1 SASL mechanism. This is only available when built without Cyrus SASL support.
When getting info on a domain-only (server) JID, show uptime (when given by the result of the "last query") and don't show status as offline.
Fix getting info on your own JID.
Wrap XHTML messages in
, as described in XEP-0071, for compatibility with some clients.
Don't do an SRV lookup for a STUN server associated with the account if one is already set globally in prefs.
Don't send custom smileys larger than the recommended maximum object size specified in the BoB XEP. This prevents a client from being disconnected by servers that dislike overly-large stanzas.
Fix receiving messages without markup over an Openfire BOSH connection (forcibly put the stanzas in the jabber:client namespace).
The default value for the file transfer proxies is automatically updated when an account connects, if it is still the old (broken) default (from 'proxy.jabber.org' to 'proxy.eu.jabber.org').
Fix an issue where libpurple created duplicate buddies if the roster contains a buddy in two groups that differ only by case (e.g. "XMPP" and "xmpp") (or not at all).
Yahoo
Don't send and tags. (Fartash Faghri)
Support PingBox. PingBoxes will appear as pbx/PingBoxName. (Kartik Mohta)
Pidgin
Fix CVE-2010-0423, a denial of service attack due to the parsing of large numbers of smileys. (Discovered by Antti Hayrynen)
Correctly size conversation and status box entries when the interior-focus style property is diabled. (Gabriel Schulhof)
Correctly handle a multiline text field being required in a request form. (Thanks to Florian Zeitz for finding this problem)
Search friends by email-addresses in the buddy list. (Luoh Ren-Shan)
Allow dropping an image on Custom Smiley window to add a new one.
Prompt for confirmation when clearing a whiteboard (doodle) session. (Kartik Mohta)
Use the "hand" cursor when hovering over usernames in chat history to indicate that the username is an actionable item.
Double-clicking usernames in chat history will open an IM with that user.
Put an icon on the "Filter" button in the debug window.
Don't treat "/messages/like/this " as commands.
Explicitly mark user interaction when inserting smilies from the toolbar so "Undo" correctly removes these smilies.
Clicking "New" or "Saved" in the status selector menu while typing a status message no longer keeps the status entry area stuck in "typing" mode forever.
Show tooltips for ellipsized conversation tabs. On older systems, tooltips will show for all tabs.
The File Transfers and Debug Window windows are no longer created as dialogs. These windows should now have minimize buttons in many environments in which they were previously missing (including Windows).
Smiley themes with Windows line endings no longer cause theme descriptions not to be displayed in the theme selector.
Finch
Fix CVE-2010-0420, a possible remote crash when handling chat room buddy names.
Rebindable 'move-first' and 'move-last' actions for tree widgets. So it is possible to jump to the first or last entry in the buddy list (and other such lists) by pressing home or end key (defaults) respectively.