Pidgin 2.13.0
更新細節:
Libpurple:
Unified string comparison.
Properlly shell escape URI's when opening them.
Fix a one byte buffer overread in function purple_markup_linkify.
Fix an issue were utf8 was incorrectly truncated which could lead to crashes as we were potentially feeding garbage into glib/gtk.
Libgnt:
Fixed build against curses 6.0 with opaque structs set.
Fixed a crash when resizing the window.
General:
Fixed bashism in autotools.
XMPP:
Show XEP-0066 OOB URLs in any message, not just headlines.
Fix a user after free.
Removed pipelining from BOSH connections.
Don't try to TLS already secured BOSH connections.
IRC:
Fix "Registration timeout" on SASL auth with InspIRCd servers (and possibly others not based on charybdis/ratbox/ircd-seven).
Fix issues with plugins that modify outgoing messages (such as the custom PART/QUIT feature of the IRC More plugin).
Fix IRC buffer handling.
Properly handle AUTHENTICATE as a normal command with server prefix.
Fix a crash caused by a use after free of the MOTD.
Fix an out of bounds read in irc_nick_skip_mode.
Fix a write of a single byte before the start of a buffer in irc_parse_ctcp.
Pidgin:
Better support for dark themes.
Fixed IPv6 links by not escaping []'s.
Only write buddy icons to the cache if they're not already cached.
Rejoin persistent chats after reconnect.
Made the WIN32 Transparency plugin work on all platforms.
Ensure search results buttons are labeled (Backport from de2d88e575ee).
Fix matching unicode smilies.
Correctly update mute/unmute status when the remote side mutes/unmutes us.
Rework the status icon blinking to not used deprecated API.
Don't allow adding a buddy to protocols that don't have an add_buddy callback.
Finch:
Fix handling of search results.
Voice & Video:
Port backend-fs to newer api for farstream relay-info property.
版本下載:Pidgin 2.13.0
GOM Player 2.3.14.5270
更新細節:
Enhanced playback performance:
Supports 24-bit, 32-bit high-quality sound addition.
Support for additional audio codecs for various audio formats.
Support for MusePak 7, Monkey's lossless codec.
Improved external codec stability.
Improvement of function:
Remove GOM Remote popup and Subtitle Search window.
We will provide better function in the future.
Provides tooltip for playback location when mouse over on the GOM Player Touch Skin Controller.
When installing the GOM Player, add the WEBM file icon to the GOM Player.
Change the default setting of the 'Maintain play speed' option from 'Do not keep' to 'Keep'.
Removed 'Uninstall' tap in Preferences.
VOC and Bug Fixes:
Fixed an error related to Sub size in control window in version 2.3.12.
Fixed an play time error-related in MKV file.
Fixed an crash error in list-related in A-B repeat window.
Fixed a problem in GOM Remote, VR 360 guide notation.
Modify the menu to appear when you right-click on the mini-web and the bottom text ad area.
Fixed Layered Windows subtitle guidelines in BorderlessMode.
Fixed BorderlessMode afterimage problem.
Fixed a problem where VSUtil was not deleted when uninstalling.
版本下載:GOM Player 2.3.14.5270
Pidgin 2.12.0
更新細節:
Fix an out of bounds memory read in purple_markup_unescape_entity.
Fix use of uninitialised memory if running non-debug-enabled versions of glib Updated AIM dev and dist ID's to new ones that were assigned by AOL.
TLS certificate verification now uses SHA-256 checksums.
Fixed SASL external auth for Freenode.
Removed the MSN protocol plugin. It has been unusable and dormant for some time. MSNP18 has been discontinued and the protocol plugin would require a large update to start working again. The third-party Pidgin SkypeWeb plugin, however, should provide enough functionality as a replacement if people still want to use MSN:
Removed Mxit protocol plugin. The service was closed at the end of September 2016. See
Removed the MySpaceIM protocol plugin. The service has been defunct for a long time.
Remove the Yahoo! protocol plugin. Yahoo has completely reimplemented their protocol, so this version is no longer operable as of August 5th, 2016: A new protocol plugin has been written to support the new protocol. This also removes support for Yahoo! Japan. According to
Remove the Facebook (XMPP) account option. According to ended April 30th, 2015. A new protocol plugin has been written, using a different method, to support Facebook.
Fixed gnutls certificate validation errors that mainly affected google (Dequis)
General:
Replaced instances of d.pidgin.im with developer.pidgin.im and updated the urls to use https.
IRC:
Fixed issue of messages being silently cut off at 500 characters. Large messages are now split into parts and sent one by one.
版本下載:Pidgin 2.12.0
Pidgin 2.11.0
更新細節:
# General:
* 2.10.12 was accidentally released with new additions to the API and should have been released as 2.11.0. Unfortunately, we did not catch the mistake until after 2.10.12 was released, but we're fixing it now.
* Include the Mozilla certificate bundle. This fixes connecting to servers with certificates from Let's Encrypt.
* Remove all 1024-bit CAs
# libpurple:
* media: fix an issue with ximagesink displaying only a corner cut-out of a larger webcam video
* mediamanager: update output window destruction so that it reflects recent changes in the media pipeline structure
* Ported Instantbird's CommandUiOps to libpurple
# Pidgin:
* Fixed alignment of incoming right-to-left messages in protocols that don't support rich text
* Fix a potential crash while exiting pidgin
# AIM:
* Add support for the newer kerberos-based authentication of AIM 8.x
# Windows-Specific Changes:
* Use getaddrinfo for DNS to enable IPv6
* Updates to dependencies:
* NSS 3.24 and NSPR 4.12.
# Bonjour
* Fixed building on Mac OSX
# ICQ:
* Stop truncating passwords to 8 characters like old ICQ clients did. If you actually needed this, truncate your password manually by pressing backspace a few times.
# IRC:
* Base64-decode SASL messages before passing to libsasl
# MXit
* Fixed a buffer overflow.
* Fixed a remote out-of-bounds read.
* Fixed a remote out-of-band read.
* Fixed an invalid read.
* Fixed a remote buffer overflow vulnerability.
* Fixed an out-of-bounds read
* Fixed a directory traversal issue.
* Fixed a remote denial of service vulnerability that could result in a null pointer dereference.
* Fixed a remote denial of service that could result in an out-of-bounds read.
* Fixed multiple remote buffer overflows.
* Fixed a remote NULL pointer dereference.
* Fixed a remote code execution issue discovered by Yves Younan of Cisco
* Fixed a remote denial of service vulnerability in contact mood
* Fixed a remote out-of-bounds write vulnerability.
* Fix a remote out-of-bounds read.
版本下載:Pidgin 2.11.0
HWiNFO 5.22
Pidgin 2.10.12
更新細節:
# General
- purple-url-handler now works with Python 3.x
- Fixed an issue where transient startup statuses could be deleted
# Pidgin
- The shout smile now matches the default theme
# Windows-Specific Changes
- Updates to dependencies:
* Cyrus SASL 2.1.26
* libxml2 2.9.2
* NSS 3.20.1 and NSPR 4.10.10
* Perl 5.20.1
* SILC 1.1.12
- Remove support for Tcl plugins
# Gadu-Gadu
- Updated internal libgadu to version 1.12.1.
# Voice / Video
- GStreamer 1.0 support
- Bump farstream02 requirement to 0.2.7
- Other VV related changes required for the third-party SIPE plugin
# AIM
- Fix for AIM when using gateway proxies
# Plugins
- Don't render smileys in the History plugin's headers.
版本下載:Pidgin 2.10.12
Pidgin 2.10.11
更新細節:
# General
* Fix handling of Self-Signed SSL/TLS Certificates when using the NSS plugin
* Improve default cipher suites used with the NSS plugin
* Add NSS Preferences plugin which allows the SSL/TLS Versions and cipher suites to be configured
# Gadu-Gadu
* Fix a bug that prevented plugin to load when compiled without GnuTLS.
* Fix build for platforms without AF_LOCAL definition.
# MSN
* Fix broken login due to server change (dx, TReKiE).
* Fail early when buddy list is unavailable instead of wasting bandwidth endlessly re-trying.
版本下載:Pidgin 2.10.11
Pidgin 2.10.10
更新細節:
# General
- Check the basic constraints extension when validating SSL/TLS certificates. This fixes a security hole that allowed a malicious man-in-the-middle to impersonate an IM server or any other https endpoint. This affected both the NSS and GnuTLS plugins. Allow and prefer TLS 1.2 and 1.1 when using the NSS plugin for SSL.
# libpurple3 compatibility
- Encrypted account passwords are preserved until the new one is set.
- Fix loading Google Talk and Facebook XMPP accounts.
# Windows-Specific Changes
- Don't allow overwriting arbitrary files on the file system when the user installs a smiley theme via drag-and-drop.
- Updates to dependencies NSS 3.17.1 and NSPR 4.10.7
# Finch
- Fix build against Python 3.
# Gadu-Gadu
- Updated internal libgadu to version 1.12.0.
# Groupwise
- Fix potential remote crash parsing server message that indicates that a large amount of memory should be allocated.
# IRC
- Fix a possible leak of unencrypted data when using /me command with OTR.
# MXit
- Fix potential remote crash parsing a malformed emoticon response.
版本下載:Pidgin 2.10.10
Pidgin 2.10.9
更新細節:
* XMPP
- Fix problems logging into some servers including jabber.org and chat.facebook.com.
版本下載:Pidgin 2.10.9
Pidgin 2.10.8
更新細節:
* General
- Python build scripts and example plugins are now compatible with Python 3.
* libpurple
- Fix potential crash if libpurple gets an error attempting to read a reply from a STUN server.
- Fix potential crash parsing a malformed HTTP response.
- Fix buffer overflow when parsing a malformed HTTP response with chunked Transfer-Encoding.
- Better handling of HTTP proxy responses with negative Content-Lengths.
- Fix handling of SSL certificates without subjects when using libnss.
- Fix handling of SSL certificates with timestamps in the distant future when using libnss.
- Impose maximum download size for all HTTP fetches.
* Pidgin
- Fix crash displaying tooltip of long URLs.
- Better handling of URLs longer than 1000 letters.
- Fix handling of multibyte UTF-8 characters in smiley themes.
* Windows-Specific Changes
- When clicking file:// links, show the file in Explorer rather than attempting to run the file. This reduces the chances of a user clicking on a link and mistakenly running a malicious file.
- Fix Tcl scripts.
- Fix crash-on-startup when ASLR is always on.
- Updates to dependencies:
> NSS 3.15.4 and NSPR 4.10.2
> Pango 1.29.4-1daa.
* AIM
- Fix untrusted certificate error.
* AIM and ICQ
- Fix a possible crash when receiving a malformed message in a Direct IM session.
* Gadu-Gadu
- Fix buffer overflow with remote code execution potential. Only triggerable by a Gadu-Gadu server or a man-in-the-middle.
- Disabled buddy list import/export from/to server (it didn't work anymore). Buddy list synchronization will be implemented in 3.0.0.
- Disabled new account registration and password change options, as it didn't work either. Account registration also caused a crash. Both functions are available using official Gadu-Gadu website.
* IRC
- Fix bug where a malicious server or man-in-the-middle could trigger a crash by not sending enough arguments with various messages.
- Fix bug where initial IRC status would not be set correctly.
- Fix bug where IRC wasn't available when libpurple was compiled with Cyrus SASL support.
* MSN
- Fix NULL pointer dereference parsing headers in MSN.
- Fix NULL pointer dereference parsing OIM data in MSN.
- Fix NULL pointer dereference parsing SOAP data in MSN.
- Fix possible crash when sending very long messages. Not remotely-triggerable.
* MXit
- Fix buffer overflow with remote code execution potential.
- Fix sporadic crashes that can happen after user is disconnected.
- Fix crash when attempting to add a contact via search results.
- Show error message if file transfer fails.
- Fix compiling with InstantBird.
- Fix display of some custom emoticons.
* SILC
- Correctly set whiteboard dimensions in whiteboard sessions.
* SIMPLE
- Fix buffer overflow with remote code execution potential.
* XMPP
- Prevent spoofing of iq replies by verifying that the 'from' address matches the 'to' address of the iq request.
- Fix crash on some systems when receiving fake delay timestamps with extreme values.
- Fix possible crash or other erratic behavior when selecting a very small file for your own buddy icon.
- Fix crash if the user tries to initiate a voice/video session with a resourceless JID.
- Fix login errors when the first two available auth mechanisms fail but a subsequent mechanism would otherwise work when using Cyrus SASL.
- Fix dropping incoming stanzas on BOSH connections when we receive multiple HTTP responses at once.
* Yahoo!
- Fix possible crashes handling incoming strings that are not UTF-8.
- Fix a bug reading a peer to peer message where a remote user could trigger a crash.
* Plugins
- Fix crash in contact availability plugin.
- Fix perl function Purple::Network::ip_atoi
- Add Ubuntu Unity UI integration plugin.
版本下載:Pidgin 2.10.8
Pidgin 2.10.7
更新細節:
# General
* The configure script will now exit with status 1 when specifying invalid protocol plugins using the --with-static-prpls and --with-dynamic-prpls arguments.
# libpurple
* Fix a crash when receiving UPnP responses with abnormally long values.
* Don't link directly to libgcrypt when building with GnuTLS support.
* Fix UPnP mappings on routers that return empty <URLBase/> elements in their response.
* Tcl plugin uses saner, race-free plugin loading.
* Fix the Tcl signals-test plugin for savedstatus-changed.
# Pidgin
* Make Pidgin more friendly to non-X11 GTK+, such as MacPorts?' +no_x11 variant.
# Gadu-Gadu
* Fix a crash at startup with large contact list. Avatar support for buddies will be disabled until 3.0.0.
# IRC
* Support for SASL authentication.
* Print topic setter information at channel join.
# MSN
* Fix SSL certificate issue when signing into MSN for some users.
* Fix a crash when removing a user before its icon is loaded.
# MXit
* Fix two bugs where a remote MXit user could possibly specify a local file path to be written to.
* Fix a bug where the MXit server or a man-in-the-middle could potentially send specially crafted data that could overflow a buffer and lead to a crash or remote code execution.
* Display farewell messages in a different colour to distinguish them from normal messages.
* Add support for typing notification.
* Add support for the Relationship Status profile attribute.
* Remove all reference to Hidden Number.
* Ignore new invites to join a GroupChat? if you're already joined, or still have a pending invite.
* The buddy's name was not centered vertically in the buddy-list if they did not have a status-message or mood set.
* Fix decoding of font-size changes in the markup of received messages.
* Increase the maximum file size that can be transferred to 1 MB.
* When setting an avatar image, no longer downscale it to 96x96.
# Sametime
* Fix a crash in Sametime when a malicious server sends us an abnormally long user ID.
# Yahoo'''
* Fix a double-free in profile/picture loading code.
* Fix retrieving server-side buddy aliases.
# Plugins
* The Voice/Video? Settings plugin supports using the sndio GStreamer backends.
* Fix a crash in the Contact Availability Detection plugin.
* Make the Message Notification plugin more friendly to non-X11 GTK+, such as MacPorts?' +no_x11 variant.
# Windows-Specific Changes
* Compile with secure flags
* Installer downloads GTK+ Runtime and Debug Symbols more securely.
* Updates to a number of dependencies, some of which have security related fixes.
- ATK 1.32.0-2
- Cyrus SASL 2.1.25
- expat 2.1.0-1
- freetype 2.4.10-1
- gettext 0.18.1.1-2
- Glib 2.28.8-1
- libpng 1.4.12-1
- libxml2 2.9.0-1
- NSS 3.13.6 and NSPR 4.9.2
- Pango 1.29.4-1
- SILC 1.1.10
- zlib 1.2.5-2
* Patch libmeanwhile (sametime library) to fix crash.
版本下載:Pidgin 2.10.7
Pidgin 2.10.6
更新細節:
* Pidgin:
- Fix a bug that requires a triple-click to open a conversation window from the buddy list.
版本下載:Pidgin 2.10.6
Pidgin 2.10.5
更新細節:
* libpurple:
- Add support for GNOME3 proxy settings.
* Pidgin:
- Fix a crash that may occur when trying to ignore a user who is not in the current chat room.
* MSN:
- Fix building with MSVC on Windows (broken in 2.10.4).
* MXit:
- Fix a buffer overflow vulnerability when parsing incoming messages containing inline images.
版本下載:Pidgin 2.10.5
Pidgin 2.10.4
更新細節:
* General:
- Support building against Farstream in addition to Farsight.
* IRC:
- Disable periodic WHO timer. IRC channel user lists will no longer automatically display away status, but libpurple will be much kinder to the network.
- Print unknown numerics to channel windows if we can associate them.
* MSN:
- Fix a possible crash when receiving messages with certain characters or character encodings.
* XMPP:
- Fix a possible crash when receiving a series of specially crafted file transfer requests.
* Windows-Specific Changes:
- Words added to spell check dictionaries are saved across restarts of Pidgin
版本下載:Pidgin 2.10.4