Softpedia >Windows >Portable Software >Internet >Chat >Pidgin Portable >  Changelog

Pidgin Portable Changelog

What's new in Pidgin Portable 2.14.13

Feb 23, 2024
  • Fix compile warning (Wcast-function-type). (RR 2225) (Markus Fischer)
  • Fix memory leak originating in purple_prefs_connect_callback. (RR 2226) (Markus Fisher)
  • Don’t use the Real name as a candidate for the SASL username in IRC. (RR 2535) (Gary Kramlich)
  • Don’t link with libgadu unnecessarily. (RR 2684) (Elliott Sales de Andrade)
  • Make collapsed groups searchable in the buddy list. (PIDGIN-7877) (RR 1494) (Belgin Știrbu)
  • Fix incompatible type conversion errors. (PIDGIN-17850) (RR 2944) (Jaroslav Škarvada, Elliott Sales de Andrade)
  • Stop removing -Wall from CFLAGS. (PIDGIN-16593) (RR 2946) ) (Elliott Sales de Andrade)
  • Updated the spell checking dictionaries on Windows. (Gary Kramlich)
  • Resolved the crash on exit under Windows by reverting to the old toolchain. (PIDGIN-17710) (Gary Kramlich)

New in Pidgin Portable 2.14.12 (Jan 2, 2023)

  • We’ve released another bug fix version of Pidgin, version 2.14.12. This release has many random bug fixes so be sure to check out the full ChangeLog below. You may have noticed we didn’t announce 2.14.11, that’s because this release got spiked as there was an error with a translation with the Windows installer. I tested building the installer before merging translations which was a mistake that I’ll try to avoid in the future.

New in Pidgin Portable 2.14.10 (Jun 7, 2022)

  • General:
  • Audit and correct the COPYRIGHT file. (Review 1425) (Richard Laager)
  • Fix a spelling error in a debug message for proxies. (Review 1426) (Richard Laager)
  • Install some emojis already in the theme but not being installed. (Review 1428) (Richard Laager)
  • Drop the QQ smileys as we don’t ship QQ anymore. (PIDGIN-14385) (Review 1429) (Richard Laager)
  • Modernize the desktop file. (Review 1433) (Richard Laager)
  • Modernize the appdata file. (Review 1431) (Richard Laager)
  • Make privacy settings persist. (PIDGIN-17137) (Review 1463) (Belgin Știrbu)
  • Pidgin:
  • Fix a use after free that was introduced in 2.14.9. (Review 1488) (ivanhoe)
  • IRC:
  • Fix a crash if the server sends a short form JOIN message. (PIDGIN-17375) (Review 1484) (Belgin Știrbu)
  • XMPP:
  • Fix a regression from 2.14.9 where XMPP accounts state would get lost after failing to connect. (PIDGIN-17621) (Review 1455) (Belgin Știrbu)
  • Fix a crash when requesting your own info in an XMPP conference. (Review 1465) (Belgin Știrbu)
  • Fix hang when completing a file transfer over XMPP. (Review 1466) (Belgin Știrbu)
  • Fix updating custom smileys. (PIDGIN-17153) (Review 1477) (Belgin Știrbu)
  • Fix unblocking users. (PIDGIN-16414) (Review 1479) (Belgin Știrbu)
  • Fix a crash when cancelling a file transfer. (PIDGIN-17189) (Review 1485) (Belgin Știrbu)

New in Pidgin Portable 2.14.9 (Apr 30, 2022)

  • Security:
  • Remove _xmppconnect support. (Review 1357) (CVE-2022-26491) (Gary Kramlich)
  • libpurple:
  • Fix a GLib CRITICAL message with typing time outs. (Review 1123) (Mohammed Sadiq)
  • Fix an issue where the unit tests for purple_str_to_time would fail. (GENTOO-819774) (Review 1238) (Gary Kramlich)
  • Pidgin:
  • Fix a memory leak in pidgin_conversations_set_tab_colors. (Review 1244) (ivanhoe)
  • Fixed the majority of the infinite resizing issues in the input box. (PIDGIN-16753, PIDGIN-16999, PIDGIN-17287, PIDGIN-17413, PIDGIN-17430, PIDGIN-17568, PIDGIN-17602) (Review 1342) (Belgin Știrbu)
  • Add transient-buddy back which is used to show some context menus and other things. (PIDGIN-17523) (Review 1381) (Belgin Știrbu)
  • Windows:
  • Fix the download of dictionaries in the Windows installer. (PIDGIN-14618, PIDGIN-15648, PIDGIN-15540, PIDGIN-14612, PIDGIN-14893) (Review 1303) (Gary Kramlich)
  • Translations:
  • Fix a typo in the German translations. (PIDGIN-17575) (Review 1242) (ivanhoe)
  • Synced all of the translations with Transifex.
  • IRC:
  • Fix IRC file transfers on Windows. (PIDGIN-17175) (Review 1382) (Belgin Știrbu)
  • Fix file transfers failing at 99% on IRC. (PIDGIN-15893) (Review 1385) (Belgin Știrbu)
  • Default realname and ident name in IRC to the username (nickname) of the account. (PIDGIN-17610) (Review 1386) (Belgin Știrbu)
  • Add an advanced account option to IRC accounts for explicitly setting the SASL login name. (PIDGIN-15451) (Review 1388) (Belgin Știrbu)
  • Added a rate limiter that should make it impossible to excess flood. (Review 1391) (Gary Kramlich)
  • SIMPLE:
  • Fix an issue with the CSeq numbers in SIMPLE. (PIDGIN-9675) (Review 1379) (dohmniq)
  • XMPP:
  • Fix XMPP attention messages being sent to incorrect JIDs. (PIDGIN-14714) (Review 1387) (itsnotabigtruck, Belgin Știrbu)

New in Pidgin Portable 2.14.8 (Oct 15, 2021)

  • libpurple:
  • Fix a regression in purple_str_to_time. (PIDGIN-17552) (Review 931) (Gary Kramlich)
  • XMPP:
  • Fix a double free in jabber/message.c. (PIDGIN-17547) (Review 932) (Gary Kramlich, pv32768)
  • Pidgin:
  • Fix the link to the support mailing list archive in the About Dialog. (Review 929) (Gary Kramlich)

New in Pidgin Portable 2.12.0 (Mar 12, 2017)

  • GENERAL:
  • purple-url-handler now works with Python 3.x (Daniël van Eeden)
  • Fixed an issue where transient startup statuses could be deleted (Jakub Adam) (#16762)
  • PIDGIN:
  • The shout smile now matches the default theme (Steve Vaught)
  • UPDATES TO DEPENDENCIES:
  • Cyrus SASL 2.1.26
  • libxml2 2.9.2
  • NSS 3.20.1 and NSPR 4.10.10
  • Perl 5.20.1
  • SILC 1.1.12
  • Remove support for Tcl plugins
  • GADU-GADU:
  • Updated internal libgadu to version 1.12.1.
  • VOICE/VIDEO:
  • GStreamer 1.0 support
  • Bump farstream02 requirement to 0.2.7
  • Other VV related changes required for the third-party SIPE plugin (David Woodhouse, Jakub Adam, Youness Alaoui)
  • AIM:
  • Fix for AIM when using gateway proxies (like smarsh) (Youness Alaoui, #14917)
  • PLUGINS:
  • Don't render smileys in the History plugin's headers. (mmcc, #16747)

New in Pidgin Portable 2.11.0 (Jun 23, 2016)

  • General:
  • 1.10.12 was accidentally released with new additions to the API and should have been released as 2.11.0. Unfortunately, we did not catch the mistake until after 2.10.12 was released, but we're fixing it now.
  • Include the Mozilla certificate bundle. This fixes connecting to servers with certificates from Let's Encrypt.
  • Remove all 1024-bit CAs
  • libpurple:
  • media: fix an issue with ximagesink displaying only a corner cut-out of a larger webcam video (Jakub Adam)
  • mediamanager: update output window destruction so that it reflects recent changes in the media pipeline structure (Jakub Adam)
  • Ported Instantbird's CommandUiOps to libpurple (Dequis)
  • Pidgin:
  • Fixed #14962
  • Fixed alignment of incoming right-to-left messages in protocols that don't support rich text
  • Fix a potential crash while exiting pidgin
  • AIM:
  • Add support for the newer kerberos-based authentication of AIM 8.x
  • Windows-Specific Changes:
  • Use getaddrinfo for DNS to enable IPv6
  • Updates to dependencies:
  • NSS 3.24 and NSPR 4.12.
  • ICQ:
  • Stop truncating passwords to 8 characters like old ICQ clients did. (#16692). If you actually needed this, truncate your password manually by pressing backspace a few times.
  • IRC:
  • Base64-decode SASL messages before passing to libsasl
  • MXit
  • Fixed a buffer overflow. Discovered by Yves Younan of Cisco Talos.
  • Fixed a remote out-of-bounds read. Discovered by Yves Younan of Cisco Talos. Fixed a remote out-of-band read. Discovered by Yves Younan of Cisco Talos.
  • Fixed an invalid read. Discovered by Yves Younan of Cisco Talos
  • Fixed a remote buffer overflow vulnerability. Discovered by Yves Younan of Cisco Talos.
  • Fixed an out-of-bounds read discovered by Yves Younan of Cisco Talos.
  • Fixed a directory traversal issue. Discovered by Yves Younan of Cisco Talos
  • Fixed a remote denial of service vulnerability that could result in a null pointer dereference. Discovered by Yves Younan of Cisco Talos.
  • Fixed a remote denial of service that could result in an out-of-bounds read.
  • Fixed multiple remote buffer overflows.
  • Fixed a remote NULL pointer dereference.
  • Fixed a remote code execution issue
  • Fixed a remote denial of service vulnerability in contact mood handling. Discovered by Yves Younan of Cisco Talos (TALOS-CAN-0141)
  • Fixed a remote out-of-bounds write vulnerability.
  • Fix a remote out-of-bounds read.

New in Pidgin Portable 2.10.12 (Jan 4, 2016)

  • General:
  • purple-url-handler now works with Python 3.x
  • Fixed an issue where transient startup statuses could be deleted
  • Pidgin:
  • The shout smile now matches the default theme
  • Updates to dependencies:
  • Cyrus SASL 2.1.26
  • libxml2 2.9.2
  • NSS 3.20.1 and NSPR 4.10.10
  • Perl 5.20.1
  • SILC 1.1.12
  • Remove support for Tcl plugins
  • Gadu-Gadu:
  • Updated internal libgadu to version 1.12.1.
  • Voice / Video:
  • GStreamer 1.0 support
  • Bump farstream02 requirement to 0.2.7
  • Other VV related changes required for the third-party SIPE plugin
  • AIM:
  • Fix for AIM when using gateway proxies
  • Plugins:
  • Don't render smileys in the History plugin's headers.

New in Pidgin Portable 2.10.11 (Nov 25, 2014)

  • General:
  • Fix handling of Self-Signed SSL/TLS Certificates when using the NSS plugin
  • Improve default cipher suites used with the NSS plugin
  • Add NSS Preferences plugin which allows the SSL/TLS Versions and cipher suites to be configured
  • Gadu-Gadu:
  • Fix a bug that prevented plugin to load when compiled without GnuTLS. (
  • Fix build for platforms without AF_LOCAL definition.
  • MSN:
  • Fix broken login due to server change (dx, TReKiE).
  • Fail early when buddy list is unavailable instead of wasting bandwidth endlessly re-trying.

New in Pidgin Portable 2.10.10 (Oct 24, 2014)

  • General:
  • Check the basic constraints extension when validating SSL/TLS certificates. This fixes a security hole that allowed a malicious man-in-the-middle to impersonate an IM server or any other https endpoint. This affected both the NSS and GnuTLS plugins.
  • Allow and prefer TLS 1.2 and 1.1 when using the NSS plugin for SSL.
  • libpurple3 compatibility:
  • Encrypted account passwords are preserved until the new one is set.
  • Fix loading Google Talk and Facebook XMPP accounts.
  • Windows-Specific Changes:
  • Don't allow overwriting arbitrary files on the file system when the user installs a smiley theme via drag-and-drop.
  • Updates to dependencies:
  • NSS 3.17.1 and NSPR 4.10.7
  • Finch:
  • Fix build against Python 3.
  • Gadu-Gadu:
  • Updated internal libgadu to version 1.12.0.
  • Groupwise:
  • Fix potential remote crash parsing server message that indicates that a large amount of memory should be allocated.
  • IRC:
  • Fix a possible leak of unencrypted data when using /me command with OTR.
  • MXit:
  • Fix potential remote crash parsing a malformed emoticon response.
  • XMPP:
  • Fix potential information leak where a malicious XMPP server and possibly even a malicious remote user could create a carefully crafted XMPP message that causes libpurple to send an XMPP message containing arbitrary memory.
  • Fix Facebook XMPP roster quirks.
  • Yahoo:
  • Fix login when using the GnuTLS library for TLS connections.

New in Pidgin Portable 2.10.9 (Oct 24, 2014)

  • XMPP:
  • Fix problems logging into some servers including jabber.org and chat.facebook.com.

New in Pidgin Portable 2.10.8 (Jan 30, 2014)

  • General:
  • Python build scripts and example plugins are now compatible with Python 3. (Ashish Gupta) (#15624)
  • libpurple:
  • Fix potential crash if libpurple gets an error attempting to read a reply from a STUN server. (Discovered by Coverity static analysis) (CVE-2013-6484)
  • Fix potential crash parsing a malformed HTTP response. (Discovered by Jacob Appelbaum of the Tor Project) (CVE-2013-6479)
  • Fix buffer overflow when parsing a malformed HTTP response with chunked Transfer-Encoding. (Discovered by Matt Jones, Volvent) (CVE-2013-6485)
  • Better handling of HTTP proxy responses with negative Content-Lengths. (Discovered by Matt Jones, Volvent)
  • Fix handling of SSL certificates without subjects when using libnss.
  • Fix handling of SSL certificates with timestamps in the distant future when using libnss. (#15586)
  • Impose maximum download size for all HTTP fetches.
  • Pidgin:
  • Fix crash displaying tooltip of long URLs. (CVE-2013-6478)
  • Better handling of URLs longer than 1000 letters.
  • Fix handling of multibyte UTF-8 characters in smiley themes. (#15756)
  • Windows-Specific Changes:
  • When clicking file:// links, show the file in Explorer rather than attempting to run the file. This reduces the chances of a user clicking on a link and mistakenly running a malicious file. (Originally discovered by James Burton, Insomnia Security. Rediscovered by Yves Younan of Sourcefire VRT.) (CVE-2013-6486)
  • Fix Tcl scripts. (#15520)
  • Fix crash-on-startup when ASLR is always on. (#15521)
  • Updates to dependencies:
  • NSS 3.15.4 and NSPR 4.10.2
  • Pango 1.29.4-1daa.
  • AIM:
  • Fix untrusted certificate error.
  • AIM and ICQ:
  • Fix a possible crash when receiving a malformed message in a Direct IM session.
  • Gadu-Gadu:
  • Fix buffer overflow with remote code execution potential. Only triggerable by a Gadu-Gadu server or a man-in-the-middle. (Discovered by Yves Younan and Ryan Pentney of Sourcefire VRT) (CVE-2013-6487)
  • Disabled buddy list import/export from/to server (it didn't work anymore). Buddy list synchronization will be implemented in 3.0.0.
  • Disabled new account registration and password change options, as it didn't work either. Account registration also caused a crash. Both functions are available using official Gadu-Gadu website.
  • IRC:
  • Fix bug where a malicious server or man-in-the-middle could trigger a crash by not sending enough arguments with various messages. (Discovered by Daniel Atallah) (CVE-2014-0020)
  • Fix bug where initial IRC status would not be set correctly.
  • Fix bug where IRC wasn't available when libpurple was compiled with Cyrus SASL support. (#15517)
  • MSN:
  • Fix NULL pointer dereference parsing headers in MSN. (Discovered by Fabian Yamaguchi and Christian Wressnegger of the University of Goettingen) (CVE-2013-6482)
  • Fix NULL pointer dereference parsing OIM data in MSN. (Discovered by Fabian Yamaguchi and Christian Wressnegger of the University of Goettingen) (CVE-2013-6482)
  • Fix NULL pointer dereference parsing SOAP data in MSN. (Discovered by Fabian Yamaguchi and Christian Wressnegger of the University of Goettingen) (CVE-2013-6482)
  • Fix possible crash when sending very long messages. Not remotely-triggerable. (Discovered by Matt Jones, Volvent)
  • MXit:
  • Fix buffer overflow with remote code execution potential. (Discovered by Yves Younan and Pawel Janic of Sourcefire VRT) (CVE-2013-6489)
  • Fix sporadic crashes that can happen after user is disconnected.
  • Fix crash when attempting to add a contact via search results.
  • Show error message if file transfer fails.
  • Fix compiling with InstantBird.
  • Fix display of some custom emoticons.
  • SILC:
  • Correctly set whiteboard dimensions in whiteboard sessions.
  • SIMPLE:
  • Fix buffer overflow with remote code execution potential. (Discovered by Yves Younan of Sourcefire VRT) (CVE-2013-6490)
  • XMPP:
  • Prevent spoofing of iq replies by verifying that the 'from' address matches the 'to' address of the iq request. (Discovered by Fabian Yamaguchi and Christian Wressnegger of the University of Goettingen, fixed by Thijs Alkemade) (CVE-2013-6483)
  • Fix crash on some systems when receiving fake delay timestamps with extreme values. (Discovered by Jaime Breva Ribes) (CVE-2013-6477)
  • Fix possible crash or other erratic behavior when selecting a very small file for your own buddy icon.
  • Fix crash if the user tries to initiate a voice/video session with a resourceless JID.
  • Fix login errors when the first two available auth mechanisms fail but a subsequent mechanism would otherwise work when using Cyrus SASL. (#15524)
  • Fix dropping incoming stanzas on BOSH connections when we receive multiple HTTP responses at once. (Issa Gorissen) (#15684)
  • Yahoo!:
  • Fix possible crashes handling incoming strings that are not UTF-8. (Discovered by Thijs Alkemade and Robert Vehse) (CVE-2012-6152)
  • Fix a bug reading a peer to peer message where a remote user could trigger a crash. (CVE-2013-6481)
  • Plugins:
  • Fix crash in contact availability plugin.
  • Fix perl function Purple::Network::ip_atoi
  • Add Ubuntu Unity UI integration plugin.

New in Pidgin Portable 2.10.7 (Feb 15, 2013)

  • General:
  • The configure script will now exit with status 1 when specifying invalid protocol plugins using the --with-static-prpls and --with-dynamic-prpls arguments
  • libpurple:
  • Fix a crash when receiving UPnP responses with abnormally long values
  • Don't link directly to libgcrypt when building with GnuTLS support
  • Fix UPnP mappings on routers that return empty elements in their response
  • Tcl plugin uses saner, race-free plugin loading
  • Fix the Tcl signals-test plugin for savedstatus-changed
  • Pidgin:
  • Make Pidgin more friendly to non-X11 GTK+, such as MacPorts?' +no_x11 variant
  • Gadu-Gadu:
  • Fix a crash at startup with large contact list. Avatar support for buddies will be disabled until 3.0.0
  • IRC:
  • Support for SASL authentication
  • Print topic setter information at channel join
  • MSN:
  • Fix SSL certificate issue when signing into MSN for some users
  • Fix a crash when removing a user before its icon is loaded
  • MXit:
  • Fix two bugs where a remote MXit user could possibly specify a local file path to be written to
  • Fix a bug where the MXit server or a man-in-the-middle could potentially send specially crafted data that could overflow a buffer and lead to a crash or remote code execution
  • Display farewell messages in a different colour to distinguish them from normal messages
  • Add support for typing notification
  • Add support for the Relationship Status profile attribute
  • Remove all reference to Hidden NumberIgnore new invites to join a GroupChat? if you're already joined, or still have a pending invite.
  • The buddy's name was not centered vertically in the buddy-list if they did not have a status-message or mood set
  • Fix decoding of font-size changes in the markup of received messages
  • Increase the maximum file size that can be transferred to 1 MB
  • When setting an avatar image, no longer downscale it to 96x96
  • Sametime:
  • Fix a crash in Sametime when a malicious server sends us an abnormally long user ID
  • Yahoo:
  • Fix a double-free in profile/picture loading code
  • Fix retrieving server-side buddy aliases
  • Plugins:
  • The Voice/Video? Settings plugin supports using the sndio GStreamer backends
  • Fix a crash in the Contact Availability Detection plugin
  • Make the Message Notification plugin more friendly to non-X11 GTK+, such as MacPorts?' +no_x11 variant
  • Windows-Specific Changes:
  • Compile with secure flags
  • Installer downloads GTK+ Runtime and Debug Symbols more securely. Thanks goes to Jacob Appelbaum of the Tor Project for identifying this issue and suggesting solutions
  • Updates to a number of dependencies, some of which have security related fixes. Thanks again to Jacob Appelbaum and Jurre van Bergen for identifying the vulnerable libraries and to Dieter Verfaillie for helping getting the libraries updated
  • ATK 1.32.0-2
  • Cyrus SASL 2.1.25
  • expat 2.1.0-1
  • freetype 2.4.10-1
  • gettext 0.18.1.1-2
  • Glib 2.28.8-1
  • libpng 1.4.12-1
  • libxml2 2.9.0-1
  • NSS 3.13.6 and NSPR 4.9.2
  • Pango 1.29.4-1
  • SILC 1.1.10
  • zlib 1.2.5-2
  • Patch libmeanwhile (sametime library) to fix crash