Pidgin Adds Google Talk Voice and Video Support (and a Vulnerability) 127
ottothecow writes "While various attempts at video and voice support have been in the pipeline since long before GAIM became Pidgin, fully functioning support over XMPP is on its way. Lifehacker reports that Pidgin 2.6 adds voice and video support for GChat (and presumably any other XMPP network) for Mac and Linux. Windows still has a few bugs but they are being worked on. Pidgin 2.6.1 is only available as source at the moment (but precompiled versions are available at getdeb)." Less happily, an anonymous reader writes "A remote arbitrary-code-execution vulnerability has been found in Libpurple (used by Pidgin and Adium instant messaging clients, among others), which can be triggered by a remote attacker by sending a specially crafted MSNSLP packet with invalid data to the client through the MSN server. No victim interaction is required, and the attacker is not required to be in the victim's buddy list (under default configuration)."
Mac Binaries (Score:3, Informative)
http://pdb.finkproject.org/pdb/package.php/pidgin [finkproject.org]
ummmm? (Score:5, Informative)
2.6.1 is only available as source at the moment?
http://sourceforge.net/projects/pidgin/files/Pidgin/pidgin-2.6.1.exe [sourceforge.net]
So that's magic? If you install that do the terrorists win?
Re:Holy contradictory stories, Batman! (Score:1, Informative)
I think they released 2.5.9, 2.6.0 and 2.6.1 on the same day. They are really trying hard to look amateurish.
Re:Holy contradictory stories, Batman! (Score:3, Informative)
2.5.9 and 2.6.1 are different releases (Score:5, Informative)
2.5.9 and 2.6.0 were both released Tuesday, August 18th addressing this security issue (CVE-2009-2694). 2.5.9 is 2.5.8 with only CVE-2009-2694 addressed and an unrelated crash bug fix. 2.6.0 contains CVE-2009-2694 in addition to many other bug fixes and the new Voice and Video support.
Unfortunately, another security issue was discovered with sending URL's over the Yahoo protocol and 2.6.1 was released on Wednesday, August 19th. According to the pidgin developers, 2.5.9 was not affected by separate bug.
Note: The Voice and Video support in pidgin-2.6.1 is a bit fragile. You MUST have the latest version of farsight2 and the stack of libraries it requires. You may also need to open ports on your firewall to allow it to connect.
Re:How about some autoupdate? (Score:3, Informative)
Re:Where is the source package? (Score:3, Informative)
Here is a recipie to build a set of 2.6.1 packages for debian lenny based on the packaging ari has done for sid (but not uploaded yet hence the download from svn.debian.org).
wget http://sourceforge.net/projects/pidgin/files/Pidgin/pidgin-2.6.1.tar.bz2 [sourceforge.net]
bunzip2 pidgin-2.6.1.tar.bz2
tar -xf pidgin-2.6.1.tar
gzip pidgin-2.6.1.tar
mv pidgin-2.6.1.tar.gz pidgin_2.6.1.orig.tar.gz
cd pidgin-2.6.1
svn export -r 14052 svn://svn.debian.org/svn/collab-maint/deb-maint/pidgin/trunk/debian
sed -i s/tcl8.6-dev/tcl8.5-dev/ debian/control
sed -i s/tk8.6-dev/tk8.5-dev/ debian/control
sed -i 's/libgstfarsight0.10-dev (>= 0.0.9),//' debian/control
sed -i 's/(>= 0.4.53)//' debian/control
sed -i 's/(>= 1.1.1)//' debian/control
sed -i 's/--enable-vv/--disable-vv/' debian/rules
dpkg-buildpackage
if it complains about missing build-depends install them and run dpkg-buildpackage again
note: I had to disable video/voice because libgstfarsight is not available in lenny.
Re:Easy fix for MSN vulnerability (Score:3, Informative)
Easier fix. Don't use MSN.
Re:Voice and video programs (Score:3, Informative)
Trillian is probably your best bet. I've never tried the A/V support, but it's been there for quite a while. Also look into Gizmo.