Slashdot Mirror
Pidgin Adds Google Talk Voice and Video Support (and a Vulnerability)
ottothecow writes "While various attempts at video and voice support have been in the pipeline since long before GAIM became Pidgin, fully functioning support over XMPP is on its way. Lifehacker reports that Pidgin 2.6 adds voice and video support for GChat (and presumably any other XMPP network) for Mac and Linux. Windows still has a few bugs but they are being worked on. Pidgin 2.6.1 is only available as source at the moment (but precompiled versions are available at getdeb)." Less happily, an anonymous reader writes "A remote arbitrary-code-execution vulnerability has been found in Libpurple (used by Pidgin and Adium instant messaging clients, among others), which can be triggered by a remote attacker by sending a specially crafted MSNSLP packet with invalid data to the client through the MSN server. No victim interaction is required, and the attacker is not required to be in the victim's buddy list (under default configuration)."
Are not available yet.... :(
http://pdb.finkproject.org/pdb/package.php/pidgin
2.6.1 is only available as source at the moment?
http://sourceforge.net/projects/pidgin/files/Pidgin/pidgin-2.6.1.exe
So that's magic? If you install that do the terrorists win?
oogly boogly!
I think they released 2.5.9, 2.6.0 and 2.6.1 on the same day. They are really trying hard to look amateurish.
So 2.5.9 is a stability release for distros/maintainers who don't want to upgrade to 2.6.0 for whatever reason. 2.6.0 was released at the same time as 2.5.9 but a bug was immediately found so then they released 2.6.1.
All your base are belong to Wii.
2.5.9 and 2.6.0 were both released Tuesday, August 18th addressing this security issue (CVE-2009-2694). 2.5.9 is 2.5.8 with only CVE-2009-2694 addressed and an unrelated crash bug fix. 2.6.0 contains CVE-2009-2694 in addition to many other bug fixes and the new Voice and Video support.
Unfortunately, another security issue was discovered with sending URL's over the Yahoo protocol and 2.6.1 was released on Wednesday, August 19th. According to the pidgin developers, 2.5.9 was not affected by separate bug.
Note: The Voice and Video support in pidgin-2.6.1 is a bit fragile. You MUST have the latest version of farsight2 and the stack of libraries it requires. You may also need to open ports on your firewall to allow it to connect.
Well, if you enable the Release Notifications plugin it will tell you about updates. I did once post to the mailing list about adding an auto-update feature, but since Pidgin is multiplatform and a built-in autoupdate doesn't make sense on Linux with package managers, the idea was rejected. But really, the Release Notifications plugin is more or less good enough.
All your base are belong to Wii.
Here is a recipie to build a set of 2.6.1 packages for debian lenny based on the packaging ari has done for sid (but not uploaded yet hence the download from svn.debian.org).
wget http://sourceforge.net/projects/pidgin/files/Pidgin/pidgin-2.6.1.tar.bz2
bunzip2 pidgin-2.6.1.tar.bz2
tar -xf pidgin-2.6.1.tar
gzip pidgin-2.6.1.tar
mv pidgin-2.6.1.tar.gz pidgin_2.6.1.orig.tar.gz
cd pidgin-2.6.1
svn export -r 14052 svn://svn.debian.org/svn/collab-maint/deb-maint/pidgin/trunk/debian
sed -i s/tcl8.6-dev/tcl8.5-dev/ debian/control
sed -i s/tk8.6-dev/tk8.5-dev/ debian/control
sed -i 's/libgstfarsight0.10-dev (>= 0.0.9),//' debian/control
sed -i 's/(>= 0.4.53)//' debian/control
sed -i 's/(>= 1.1.1)//' debian/control
sed -i 's/--enable-vv/--disable-vv/' debian/rules
dpkg-buildpackage
if it complains about missing build-depends install them and run dpkg-buildpackage again
note: I had to disable video/voice because libgstfarsight is not available in lenny.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
Easier fix. Don't use MSN.
Trillian is probably your best bet. I've never tried the A/V support, but it's been there for quite a while. Also look into Gizmo.