Pidgin 2.14.7 has been released!

Gary Kramlich grim at
Thu Sep 16 23:46:59 EDT 2021


This release is primarily to address issues that were found by Google's
OSS-Fuzz. However, of the issues it found that we fixed, we are
confident that they are not exploitable. However, it did find some
memory leaks that we did fix, so upgrade is encouraged.

We also fixed an issue when running the unit test, where a test case for
jabber_id_new would fail if libidn was disabled. The test case is now
only used when libidn is available. This should eliminate a patch that
gentoo is carrying, and maybe someone else as well.

At any rate, the rest of the ChangeLog is below.

* Fix leak in purple_markup_find_tag on error. (OSS-FUZZ 35816) (RR 924)
  (Elliott Sales de Andrade)
* Fix an issue where the XMPP utility tests would fail if libidn was
  disabled. (RR 922) (Gary Kramlich)
* Fix an assert in purple_markup_html_to_xhtml (OSS-FUZZ 35029) (RR 921)
  (Elliott Sales de Andrade)
* Fix building on Haiku (RR 916) (Haiku Ports Team)
* Correctly free parse tags at end of purple_html_to_xhtml (OSS-FUZZ
  (RR 913) (Elliott Sales de Andrade)
* Fix leak that may occur when xmlnode_from_str fails (OSS-FUZZ 34988)
  (RR 911) (Elliott Sales de Andrade)
* Cleanup, standardize and create starting corpora for all of the
  fuzzers. (RR 920) (Gary Kramlich)
* Port purple_str_to_time to use a regular expression and add additional
  unit tests for it. (RR 923) (Gary Kramlich)


Gary Kramlich <grim at>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Packagers mailing list