2.6.1 adds XMPP Voice and Video support (but not on Windows yet)

Click to view attachment
Pidgin 2.6.0--It's About Time
August 19, 2009

First off, some statistics for this release:

• 99 bullet points in the ChangeLog.
• 221 tickets closed for the release (that is, 221 tickets that we believe are fixed or are patches that we accepted).
• 2 major new features
• More other new features than I care to count

For the new features:
Voice and Video support - Thanks to Mike Ruprecht and his Summer of Code project from 2008, libpurple now has a voice and video framework that can be used to add these features to our protocol plugins. Currently we support these features only on XMPP, but Mike is working on other protocols as I write this and hopes to have more protocols at least partially supported soon. The dependencies are a bit of a mess for the uninitiated, but unfortunately that's unavoidable. I'm hoping most distributions will be able to catch up with this soon and make it completely effortless for users, but this is a headache even for some distributions. The biggest setback thus far is we're currently not able to support these features on Windows--but we're working on it! Please be patient!

Theme support - Another Summer of Code project from 2008, this time by Justin Rodriguez, adds theming support to libpurple and Pidgin. This currently isn't very well documented at all, but themes are now supported for the buddy list, sounds, and status icons.

Yahoo users will notice a few changes. First and foremost, we split the Yahoo protocol plugin into two, one to handle the Yahoo JAPAN network and one to handle the rest of the world's Yahoo network. This has the side effect that if you happen to have the exact same account registered on both networks, you'll finally be able to use both accounts in Pidgin. It's also a lot more obvious to people looking to use their Yahoo JAPAN accounts in Pidgin. Sulabh Mahajan, another Summer of Code student from 2008, implemented a ton of new stuff for Yahoo and Yahoo JAPAN. Among the changes are the addition of SMS support. You can now send SMS messages by sending to "+<country code><phone number>". Sulabh also implemented peer-to-peer file transfers for Yahoo as well as adding MSN buddies to the buddy list of a Yahoo account. Unfortunately, proper support of adding MSN buddies isn't possible to do until 3.0.0 when we can make some major changes to the internal workings, but for now, if you want to add an MSN buddy to a Yahoo account, add them as "msn/foo@bar.tld". The "msn/" is the important part--this tells our Yahoo code to look across the MSN bridge to add the buddy.

On top of all this, our developers, crazy patch writers, and contributors have been pouring a ton of work into our XMPP support. Beyond the voice and video support, we've gained a service discovery ("disco" for those familiar with the term) browser plugin, support for BOSH (Bytestreams Over Synchronous HTTP), idle time reporting (XEP-0256), attention ("buzzing") support (XEP-0224), in-band bytestreams file transfer as a last-resort transfer method (XEP-0047), custom smiley support in small (less than 10 users) MUC's via the "bits of binary" extension, as well as updated support for buddy icons (User Avatar XEP-0084 v1.1). There have also been a ton of bug fixes and other enhancements. All this adds up to 29 bullet points in the changelog for XMPP alone, and even that is surely not 100% complete.

Other notable items include our new (optional) support for GNU libidn, allowing us to support UTF-8 domain names throughout all of libpurple, three new environment variables that can help in debugging (and thus possibly help some plugin authors as well), a new authentication mechanism for AIM implemented at AOL's request, the ability to receive voice clips and handwritten (ink) messages on MSN, and a crapton of fixes and enhancements in Pidgin. Even Finch got some love this time around, gaining a new TinyURL plugin and some important bug fixes.

The security issue fixed for this release, as well as the 2.5.9 release.
CORE Security Technologies found a way to remotely crash a running Pidgin instance that was logged into an MSN account via two specially crafted messages. They were kind and responsible enough to inform us of this privately and provide us with a proof of concept script so we could fix the problem before they made it public. The release of Pidgin 2.5.9 was done in source form only, explicitly to provide distribution packagers with a fixed release in the event they preferred to avoid the behemoth release that is 2.6.0.

We have some issues that we're going to need to follow up on shortly with a 2.6.1.

Downloads;
http://pidgin.im/download/

Pidgin 2.6.2

libpurple

Fix --disable-avahi to actually disable it in configure, as opposed to just making the warning non-fatal.
Fix using GNOME proxy settings properly. (Erik van Pienbroek)

IRC

Fix parsing of invalid TOPIC messages. (CVE-2009-2703)

MSN

Sending custom smileys in chats is now supported.
Ink messages are now saved when using the HTML logger.
Fix a crash when receiving some handwritten messages.
Fix a crash when receiving certain SLP invite messages.
Chats with multiple people should no longer spontaneously disconnect.

XMPP

Prompt the user before cancelling a presence subscription.
Escape status messages that have HTML entities in the Get Info dialog.
Fix connecting to XMPP domains with no SRV records from Pidgin on Windows.
Fix typing notifications with Pidgin 2.5.9 or earlier.
Fix connecting using BOSH and legacy authentication (XEP-0078).
Adding buddies of the form "romeo@…/Resource" are handled properly. In addition, it is no longer possible to add buddies of the form "room@…/User", where room@… is a MUC.
Don't crash when receiving "smileyfied" XHTML-IM from clients that don't support bits of binary (ie. when getting an empty <data/> in return)
Fix bug where SSL/TLS was not required even though the "require SSL/TLS" preference checked when connecting to servers that use the older iq-based authentication. (CVE-2009-3026)

Yahoo!/Yahoo! JAPAN

Accounts now have "Use account proxy for SSL connections" option. This option force-overrides the account specific proxy settings for SSL connections only and instead uses the global proxy configuration.

Finch

Properly detect libpanel on OpenBSD. (Brad Smith)
Remove IO watches in gnt_quit. (Tomasz Mon)

Pidgin

Fix the auto-personize functionality in the Buddy List.
Set the window icon for the media window to an icon corresponding to the type of call (headphone or webcam).
Customized sound files are no longer reset whenever opening the Preferences dialog.
The buddy list should now immediately refresh upon changing the icon theme.

http://pidgin.im/download/

Pidgin 2.6.3

General

Fix a crash when performing DNS queries on Unixes that use the blocking DNS lookups. (Brian Lu)

AIM and ICQ

Fix a crash when some clients send contacts in a format we don't understand.
Fix blocking and other privacy lists. (Thanks to AOL)

http://pidgin.im/download/