--- a/ChangeLog	Fri Jan 02 22:23:38 2009 +0000
+++ b/ChangeLog	Fri Jan 02 22:23:58 2009 +0000
@@ -27,7 +27,7 @@
 	* Fix a crash caused by authorization requests. (Florian Quèze)
 
 	Gadu-Gadu:
-	* Fix some problems with Gadu-Gadu buddy icons. (Adam Strzelecki)
+	* Add support for IM images. (Adam Strzelecki)
 	* Gadu-Gadu now checks that UID's are valid. (Adam Strzelecki)
 	* Gadu-Gadu now does proper charset translations where needed. (Adam
 	  Strzelecki)

--- a/NEWS	Fri Jan 02 22:23:38 2009 +0000
+++ b/NEWS	Fri Jan 02 22:23:58 2009 +0000
@@ -12,6 +12,23 @@
 	not usually received much attention.  Lots of changes have
 	been made, so definitely check the ChangeLog to see what's new.
 
+	John: It feels like it's been an age or two since we last released,
+	and I think it's well worth the wait.  Mark has sunk more time into
+	MSN and MySpace IM this release than any sane person should be
+	allowed to, and I've sunk more time into patches than I care to
+	admit.  By my count, our ChangeLog has 58 bullet points(!) and we've
+	closed 85 tickets specifically for this release.  Enjoy!
+
+	Ka-Hing: Bring your XMPP server to 2008 some time in 2009 would be
+	nice, DreamHost!
+
+	Elliott: Well, I can't blame the server for this release taking so long
+	but that's just how it worked out.  A few interesting MSN changes this
+	time.  Hopefully, federated & Yahoo! buddies will work for you, but I'm
+	not yet certain it's ready.  Mark made so many fixes, I'm not even sure
+	I recognize everything anymore, but hopefully that'll make things less
+	crashy for you.
+
 2.5.2 (10/19/2008):
 	Ethan: After a bit of a struggle with our services, which put
 	this release off for an unfortunate length of time, we're

--- a/libpurple/certificate.c	Fri Jan 02 22:23:38 2009 +0000
+++ b/libpurple/certificate.c	Fri Jan 02 22:23:58 2009 +0000
@@ -1259,6 +1259,7 @@
 				   "to cert_changed.\n");
 		/* vrq now becomes the problem of cert_changed */
 		x509_tls_cached_peer_cert_changed(vrq);
+		return;
 	}
 
 	/* Now get SHA1 sums for both and compare them */

--- a/libpurple/util.c	Fri Jan 02 22:23:38 2009 +0000
+++ b/libpurple/util.c	Fri Jan 02 22:23:58 2009 +0000
@@ -4509,18 +4509,35 @@
 purple_utf8_has_word(const char *haystack, const char *needle)
 {
 	char *hay, *pin, *p;
+	const char *start, *prev_char;
+	gunichar before, after;
 	int n;
 	gboolean ret = FALSE;
 
-	hay = g_utf8_strdown(haystack, -1);
+	start = hay = g_utf8_strdown(haystack, -1);
 
 	pin = g_utf8_strdown(needle, -1);
 	n = strlen(pin);
 
-	if ((p = strstr(hay, pin)) != NULL) {
-		if ((p == hay || !isalnum(*(p - 1))) && !isalnum(*(p + n))) {
+	while ((p = strstr(start, pin)) != NULL) {
+		prev_char = g_utf8_find_prev_char(hay, p);
+		before = -2;
+		if (prev_char) {
+			before = g_utf8_get_char(prev_char);
+		}
+		after = g_utf8_get_char_validated(p + n, - 1);
+
+		if ((p == hay ||
+				/* The character before is a reasonable guess for a word boundary
+				   ("!g_unichar_isalnum()" is not a valid way to determine word
+				    boundaries, but it is the only reasonable thing to do here),
+				   and isn't the '&' from a "&" or some such entity*/
+				(before != -2 && !g_unichar_isalnum(before) && *(p - 1) != '&'))
+				&& after != -2 && !g_unichar_isalnum(after)) {
 			ret = TRUE;
+			break;
 		}
+		start = p + 1;
 	}
 
 	g_free(pin);

--- a/pidgin/win32/nsis/pidgin-installer.nsi	Fri Jan 02 22:23:38 2009 +0000
+++ b/pidgin/win32/nsis/pidgin-installer.nsi	Fri Jan 02 22:23:58 2009 +0000
@@ -713,6 +713,7 @@
     Delete "$INSTDIR\ca-certs\CAcert_Root.pem"
     Delete "$INSTDIR\ca-certs\Equifax_Secure_CA.pem"
     Delete "$INSTDIR\ca-certs\GTE_CyberTrust_Global_Root.pem"
+    Delete "$INSTDIR\ca-certs\Microsoft_Internet_Authority.pem"
     Delete "$INSTDIR\ca-certs\Microsoft_Secure_Server_Authority.pem"
     Delete "$INSTDIR\ca-certs\StartCom_Free_SSL_CA.pem"
     Delete "$INSTDIR\ca-certs\Verisign_Class3_Primary_CA.pem"