Download Pidgin 2.10.7

Version 2.10.7 of Pidgin has been released. This multi-protocol instant messaging program can handle the networks of AIM, Bonjour, Gadu-Gadu, Google Talk, Groupwise, ICQ, irc, MSN, MySpaceIM, QQ, Silc, Simple, Sametime, XMPP, Yahoo and Zephyr. During installation, you can choose from as many as seventy different languages ​​and add spell check. Binaries are available for Windows, but the source code can be compiled under Linux. The program also integrates well into Gnome and the KDE SC. The OS X port is released under the name Adium. The changelog for this release looks like this:

General

• The configure script will now exit with status 1 when specifying invalid protocol plugins using the –with-static-prpls and –with-dynamic-prpls arguments. (Michael Fiedler) (#15316)

libpurple

• Fix a crash when receiving UPnP responses with abnormally long values. (CVE-2013-0274)
• Don’t link directly to libgcrypt when building with GnuTLS support. (Bartosz Brachaczek) (#15329)
• Fix UPnP mappings on routers that return empty elements in their response. (Ferdinand Stehle) (#15373)
• Tcl plugin uses saner, race-free plugin loading.
• Fix the Tcl signals-test plugin for savedstatus-changed. (Andrew Shadura) (#15443)

Pidgin

• Make Pidgin more friendly to non-X11 GTK+, such as MacPorts?‘ +no_x11 variant.

Gadu-Gadu

• Fix a crash at startup with large contact list. Avatar support for buddies will be disabled until 3.0.0. (#15226, #14305)

IRC

• Support for SASL authentication. (Thijs Alkemade, Andy Spencer) (#13270)
• Print topic setter information at channel join. (#13317)

MSN

• Fix SSL certificate issue when signing into MSN for some users.
• Fix a crash when removing a user before its icon is loaded. (Mark Barfield) (#15217)

MXit

• Fix two bugs where a remote MXit user could possibly specify a local file path to be written to. (CVE-2013-0271)
• Fix a bug where the MXit server or a man-in-the-middle could potentially send specially crafted data that could overflow a buffer and lead to a crash or remote code execution. (CVE-2013-0272)
• Display farewell messages in a different color to distinguish them from normal messages.
• Add support for typing notification.
• Add support for the Relationship Status profile attribute.
• Remove all reference to Hidden Number.
• Ignore new invites to join a Group Chat? if you’re already joined, or still have a pending invite.
• The buddy’s name was not centered vertically in the buddy-list if they did not have a status-message or mood set.
• Fix decoding of font-size changes in the markup of received messages.
• Increase the maximum file size that can be transferred to 1 MB.
• When setting an avatar image, no longer downscale it to 96×96.

same time

• Fix a crash in Sametime when a malicious server sends us an abnormally long user ID. (CVE-2013-0273)

Yahoo”’

• Fix a double free in profile/picture loading code. (Mihai Serban) (#15053)
• Fix retrieving server side buddy aliases. (Catalin Salgu) (#15381)

Plugins

• the Voice/Video? Settings plugin supports using the sndio GStreamer backends. (Brad Smith) (#14414)
• Fix a crash in the Contact Availability Detection plugin. (Mark) (#15327)
• Make the Message Notification plugin more friendly to non-X11 GTK+, such as MacPorts?‘ +no_x11 variant.

Windows-Specific Changes

• Compile with secure flags (Jurre van Bergen) (#15290)
• Installer downloads GTK+ Runtime and Debug Symbols more securely. Thanks goes to Jacob Appelbaum of the Tor Project for identifying this issue and suggesting solutions. (#15277)
• Updates to a number of dependencies, some of which have security related fixes. Thanks again to Jacob Appelbaum and Jurre van Bergen for identifying the vulnerable libraries and to Dieter Verfaillie for helping getting the libraries updated. (#14571, #15285, #15286)
  • ATK 1.32.0-2
  • Cyrus SASL 2.1.25
  • expat 2.1.0-1
  • free type 2.4.10-1
  • gettext 0.18.1.1-2
  • Glib 2.28.8-1
  • libpng 1.4.12-1
  • libxml2 2.9.0-1
  • NSS 3.13.6 and NSPR 4.9.2
  • Pango 1.29.4-1
  • SILC 1.1.10
  • zlib 1.2.5-2
• Patch libmeanwhile (sametime library) to fix crash. (Jonathan Rice) (#12637)