Pidgin 2.13.0

Pidgin is a widely-used and featureful instant messenger and chat client. It supports AIM, Bonjour, Gadu-Gadu, Google Talk, Groupwise, ICQ, IRC, MSN, MXit, GroupWise, SILC, SIMPLE, Sametime, XMPP (Jabber), Yahoo!, Zephy. It provides friend lists across chat networks, file transfers, avatars, custom smileys, typing status display, away messages, and many more features (encryption, audio alerts, LED notification, IRC scripting, SMS gateways, sessions, auto-replys) and IM services (Tor, Twitter, WhatsApp, Facebook, QQ) through plugins.

Tags c gtk chat instant-messenger icq xmpp cross-platform
License GNU GPL
State initial

Recent Releases

2.13.007 Apr 2018 07:05 major bugfix: : libpurple: Unified string comparison. (Arkadiy Illarionov). Properlly shell escape URI's when opening them. (PR #271 Daniel Kamil Kozar). a one byte buffer overread in function purple_markup_linkify. an were utf8 was incorrectly truncated which could lead to crashes as we were potentially feeding garbage into glib/gtk. libgnt: build against curses 6.0 with opaque structs set.. (PR #268 Daniel Kamil Kozar). a crash when resizing the window. (PR #269 Daniel Kamil Kozar). General: bashism in autotools. (PR #267 Daniel Kamil Kozar). XMPP: Show XEP-0066 OOB URLs in any message, not just headlines. a user after free (PR #266 Ethan Blanton). Removed pipelining from BOSH connections. Don't try to TLS already secured BOSH connections. IRC: "Registration timeout" on SASL auth with InspIRCd servers. (and possibly others not based on charybdis/ratbox/ircd-seven). with plugins that modify outgoing messages. (such as the custom PART/QUIT feature of the IRC More plugin). IRC buffer handling.. Properly handle AUTHENTICATE as a normal command with server pre. (PR #316 dx). a crash caused by a use after free of the MOTD. an out of bounds read in irc_nick_skip_mode. a write of a single byte before the start of a buffer in irc_parse_ctcp. Pidgin: Better support for dark themes.. IPv6 links by not escaping 's. (PR #270 Daniel Kamil Kozar). Only write buddy icons to the cache if they're not already cached. (PR #276 David Woodhouse). Rejoin persistent chats after reconnect.. Made the WIN32 Transparency plugin work on all platforms.. Ensure search results buttons are labeled. matching unicode smilies.. Correctly update mute/unmute status when the remote side mutes/unmutes us.. Rework the status icon blinking to not used deprecated API.. Don't allow adding a buddy to protocols that don't have an add_buddy callback.. Finch: handling of search results. Voice Video: Port backend-fs to newer api for farstream relay-info property.
2.12.013 Mar 2017 06:45 major bugfix: : Libpurple: an out of bounds memory read in purple_markup_unescape_entity. CVE-2017-2640. Use of uninitialised memory if running non-de-enabled versions of glib. Updated AIM dev and dist ID's to new ones that were assigned by AOL. TLS certificate verification now uses SHA-256 checksums. SASL external auth for Freenode. Removed the MSN protocol plugin. It has been unusable and dormant for some. Time. MSNP18 has been discontinued and the protocol plugin would require a Large update to start working again. See: The Third-party Pidgin SkypeWeb plugin, however, should provide enough Functionality as a replacement if people still want to use MSN: Https:// Removed Mxit protocol plugin. The service was at the end of September 2016. See. Https:// Removed the MySpaceIM protocol plugin. The service has been defunct for a. Long time. Remove the Yahoo! protocol plugin. Yahoo has completely. Reimplemented their protocol, so this version is no longer operable as of August 5th, 2016: Https:// A new protocol plugin has been written to support the new protocol. It can be found here: This also removes support for Yahoo! Japan. According to. Http:// the service ended March 26th, 2014. Remove the Facebook (XMPP) account option. According to. Https:// the XMPP Chat API service Ended April 30th, 2015. A new protocol plugin has been written, Using a different method, to support Facebook. It can be found at Https:// Gnutls certificate validation errors that mainly affected google (Dequis). General. Replaced instances of with and updated the. Urls to use https. IRC. of messages being silently cut off at 500 chara
2.10.1202 Jan 2016 11:25 minor feature: General.. purple-url-handler now works with Python 3.x, an where transient startup statuses could be deleted Pidgin.. The shout smile now matches the default theme. Windows-Specific Changes.. Updates to dependencies: Cyrus SASL 2.1.26. libxml2 2.9.2. NSS 3.20.1 and NSPR 4.10.10. Perl 5.20.1. SILC 1.1.12. Remove support for Tcl plugins. Gadu-Gadu.. Updated internal libgadu to version 1.12.1.
2.10.1124 Nov 2014 03:17 minor feature: General Fix handling of Self-Signed SSL/TLS Certificates when using the NSS plugin , Improve default cipher suites used with the NSS plugin , Add NSS Preferences plugin which allows the SSL/TLS Versions and cipher suites to be configured , Gadu-Gadu Fix a bug that prevented plugin to load when compiled without GnuTLS. Fix build for platforms without AF_LOCAL definition. MSN Fix broken login due to server change , Fail early when buddy list is unavailable instead of wasting bandwidth endlessly re-trying.
2.10.1028 Oct 2014 09:45 security: Check the basic constraints extension when validating SSL/TLS certificates. This fixes a security hole that allowed a malicious man-in-the-middle to impersonate an IM server or any other https endpoint. This affected both the NSS and GnuTLS plugins. (Discovered by an anonymous person and Jacob Appelbaum of the Tor Project, with thanks to Moxie Marlinspike for first publishing about this type of vulnerability. Thanks to Kai Engert for guidance and for some of the NSS changes) (CVE-2014-3694) Allow and prefer TLS 1.2 and 1.1 when using the NSS plugin for SSL. (Elrond and Ashish Gupta)