mcabber (0.10.3)
* [UI] Add option 'iq_time_hide'
* [UI] Add 'iq_version_hide', 'iq_version_hide_version'
* Improved handling of damaged history log files
* Switch to libotr v4 API (Myhailo Danylenko)
* Add SSL options (Frank Zschockelt)
These options require a patched Loudmouth library.
- "ssl_ciphers" to define the allowed ciphers
- "ssl_ca" to set additional trusted certificates
* Fix compilation for old loudmouth libraries (Frank Zschockelt)
* Add 'color_timestamp' to highlight timestamp added by server (Hermitifier)
* New python based event script using OS X 10.8 notification center (Sharoon Thomas)
* Handle SIGHUP signal (Dominik George)
* Misc. bugfixes
-- Mikael, 2014-05-08
from 0.8.16 to 0.8.17
(and also update accordingly chat/irssi-*/distinfo).
Changes:
v0.8.17 2014-10-11 The Irssi team <staff@irssi.org>
+ Document that SSL connections aren't properly handled during /UPGRADE.
See Github PR #39.
+ Synchronize scripts with scripts.irssi.org.
+ Performance enhancement of the nicklist as well as the window_item_find
function. See Github PR #24.
+ Disallow unloading of static modules.
+ Allow UTF-8 characters in /bind. See Github PR #18.
+ Split overlong outgoing messages instead of silently truncating them.
Adds two new options: 'split_line_end' and 'split_line_start'.
'split_line_end' contains a string added to the end of line fragments.
'split_line_start' contains a string added to the beginning of line
fragments. See Github PR #29.
+ Added special /ignore NO_ACT level to ignore only activity (see /help ignore).
+ Support for 256 and true color terminals (see Github PR #48).
+ Support for italics (see Github PR #58).
+ Rewrote many help files.
- Fixed various compiler warnings and use of deprecated functions.
- Fixed Perl API usage and added PERL_NO_GET_CONTEXT to reduce code size.
- Fixed format_get_text Perl API. See Github PR #23.
- Fixed gui_printtext_after and term_refresh_*() visibility. See Github PR #22.
- Fixed issue where UTF-8 characters was corrupted once for every 32k text.
See Github PR #12.
- Fixed redrawing issue with right-aligned statusbar.
- Fixed use-after-free bug with cached settings values. See Github PR #147.
ejabberd Community 14.12 includes many bugfixes, and a few new features:
- New module mod_client_state implements XEP-0352: Client State Indication
- New module mod_fail2ban to ban IPs that show malicious signs
- New option store_empty_body in mod_offline
- New option disable_sasl_mechanisms
- Improve option resend_on_timeout to support if_offline
- More robust offline server
- Better charset support in XMLRPC
- Some PEP issues fixed
version 2.10.11 (11/23/14):
General:
* Fix handling of Self-Signed SSL/TLS Certificates when using the NSS
plugin (#16412)
* Improve default cipher suites used with the NSS plugin (#16262)
* Add NSS Preferences plugin which allows the SSL/TLS Versions and
cipher suites to be configured (#8061)
Gadu-Gadu:
* Fix a bug that prevented plugin to load when compiled without GnuTLS.
(mancha) (#16431)
* Fix build for platforms without AF_LOCAL definition. (#16404)
MSN:
* Fix broken login due to server change (dx, TReKiE). (#16451, #16455)
* Fail early when buddy list is unavailable instead of wasting bandwidth
endlessly re-trying.
version 2.10.10 (10/22/14):
General:
* Check the basic constraints extension when validating SSL/TLS
certificates. This fixes a security hole that allowed a malicious
man-in-the-middle to impersonate an IM server or any other https
endpoint. This affected both the NSS and GnuTLS plugins. (Discovered
by an anonymous person and Jacob Appelbaum of the Tor Project, with
thanks to Moxie Marlinspike for first publishing about this type of
vulnerability. Thanks to Kai Engert for guidance and for some of the
NSS changes) (CVE-2014-3694)
* Allow and prefer TLS 1.2 and 1.1 when using the NSS plugin for SSL.
(Elrond and Ashish Gupta) (#15909)
libpurple3 compatibility:
* Encrypted account passwords are preserved until the new one is set.
* Fix loading Google Talk and Facebook XMPP accounts.
Windows-Specific Changes:
* Don't allow overwriting arbitrary files on the file system when the
user installs a smiley theme via drag-and-drop. (Discovered by Yves
Younan of Cisco Talos) (CVE-2014-3697)
* Updates to dependencies:
* NSS 3.17.1 and NSPR 4.10.7
Finch:
* Fix build against Python 3. (Ed Catmur) (#15969)
Gadu-Gadu:
* Updated internal libgadu to version 1.12.0.
Groupwise:
* Fix potential remote crash parsing server message that indicates that
a large amount of memory should be allocated. (Discovered by Yves Younan
and Richard Johnson of Cisco Talos) (CVE-2014-3696)
IRC:
* Fix a possible leak of unencrypted data when using /me command
with OTR. (Thijs Alkemade) (#15750)
MXit:
* Fix potential remote crash parsing a malformed emoticon response.
(Discovered by Yves Younan and Richard Johnson of Cisco Talos)
(CVE-2014-3695)
XMPP:
* Fix potential information leak where a malicious XMPP server and
possibly even a malicious remote user could create a carefully crafted
XMPP message that causes libpurple to send an XMPP message containing
arbitrary memory. (Discovered and fixed by Thijs Alkemade and Paul
Aurich) (CVE-2014-3698)
* Fix Facebook XMPP roster quirks. (#15041, #15957)
Yahoo:
* Fix login when using the GnuTLS library for TLS connections. (#16172)
Upstream changes:
6.88 Sat Jun 28 13:14:00 BST 2014
- BotAddressed: Handle being addressed with a prefixed @ or %
6.87 Sat Jun 21 15:08:32 BST 2014
- Believe have resolved issues with online test
6.86 Fri Jun 20 11:12:06 BST 2014
- Added more diagnostics to the online test
6.85 Thu Jun 19 10:19:07 BST 2014
- Added some diagnostics output to the online test
6.84 Tue Jun 17 10:45:38 BST 2014
- Plugman: store @$ or else it gets overwritten - Commit: 65ba2a4f3
Clean up Makefile for readibility. Add SMF manifest.
Changes in 0.9.7:
- Fix server-to-server interoperability issue with Isode M-Link (since 0.9.6)
- Fix traceback in 'prosodyctl about' command with LuaRocks 2.2.0+ installed
Changes in 0.9.6:
- certmanager, net.http: Disable SSLv3 by default
- net.http.parser: Support status code 101 and allow handling of the received
data by plugins
- util.filters: Ignore filters being added twice (fixes issues on removal,
i.e. when some plugins are reloaded/unloaded)
- mod_s2s: Close offending s2s streams missing an 'id' attribute with
a stream error instead of throwing an unhandled error
- Networking API: Add 'ondetach' callback for listener objects, to prevent
leaks when connections have their listener changed
- core.stanza_router: Stricter validation of stanzas
- mod_admin_adhoc: Mark 'accountjids' field as required in 'end user sessions'
command (thanks Lloyd)
- mod_admin_adhoc: Add required to field in user deletion form too
- net.dns: Avoid duplicate cache entries
- util.stanza: Escape newlines and tabs (\r\n\t) when serializing stanzas.
- util/dataforms: Make sure we iterate over field tags only
- mod_s2s: Capitalize log message
- mod_pubsub: Fix error type of 'forbidden' (change from 'cancel' to 'auth')
Changes in 0.9.5:
- C2S: Fix traceback if a client opens a stream to component, which could
cause a crash in combination with some versions of LuaEvent
- C2S, S2S: Log received invalid stream headers
- S2S: Fix case where stream headers were sometimes sent twice
- DNS: Ensure all pending requests get notified of a timeout when looking
up a record
- DNS: Fix duplicated cache insertions by limiting outstanding queries
per name to one
- xmppstream: Disable LuaExpat's buffering
- xmppstream: Disable CharacterData merging after stream restarts
- xmppstream: Pass invalid stream headers to error handling
- Privacy lists: Correctly sort privacy list rules by order
- prosody: Check dependencies later in the startup sequence
- Config: Delay importing LuaFileSystem until needed by an Include line
- Config: Normalize VirtualHost and Component names
- prosodyctl: Normalize JIDs for adduser/passwd/deluser
- POSIX: Fix error reporting from disk space allocation
- POSIX: Verify that 'pidfile' is a string, show friendly error otherwise
- Dependency checking: Check that prosody is running under Lua 5.1. We don't
currently support any other versions. (LuaJIT identifies as 5.1)
- Compliance: Reset stream ID when resetting stream
- Compression: Log compression setup errors
- Console: Fix commands for adding and replacing name servers
- Console MUC commands: Fix error when a non-existent host is entered
- Filters: Prevent filters from being added twice
- Network: Transfer all available data between linked sockets
- dataforms: Add support for XEP-0221: Data Forms Media Element
ERROR: [check-interpreter.mk] The interpreter "/usr/pkg/bin/perl" of
"/scratch/chat/centerim/work/.destdir/usr/pkg/bin/cimconv" does not
exist. (etc) Thanks joerg@.
There's a new release out, including various browser bug fixes.
Key handling fixes for WebKit, removed outline for Chrome.
Made it more obvious when the stream is disconnected.
Optional support for smilies (see cgiirc.config.full and docs/smilies.conf.example)
Date: 24 September 2013 Author: dgl
- remove patches/patch-ad. #include <utmp.h> does not exist any more.
(upstream)
- Update 4.22.9 to 4.22.10
2010-10-26 Roger <roger@jikos.cz>
Disable standard printf() redefinition in yahoo_util.h Should fix#165
2010-10-23 Boris Petersen <transacid@gmail.com>
Fix for CVE-2009-3720 in libjabber's xml parser
2010-10-19 Roger <roger@jikos.cz>
Updated po files
Merge branch 'mob' of git+ssh://repo.or.cz:22/srv/git/centerim into mob
Yahoo - disable conference and file transfer support (it doesn't work anyway)
Propper authorization and buzz events
2010-10-19 Boris Petersen <transacid@gmail.com>
updated po files
2010-10-19 Roger <roger@jikos.cz>
Yahoo - add buddy authentication
2010-10-11 Roger <roger@jikos.cz>
Add missing initialization to get rid of some valgrind warnings
2010-10-07 Boris Petersen <transacid@gmail.com>
updated po files
2010-10-07 Roger <roger@jikos.cz>
Yahoo - implement missing callback stubs
2010-10-05 Boris Petersen <transacid@gmail.com>
updated po files
2010-10-05 Roger <roger@jikos.cz>
Yahoo - implement missing callbacks
2010-10-04 Roger <roger@jikos.cz>
fix GNUTLS connection
2010-10-02 Roger <roger@jikos.cz>
connwrap - initialize gnutls session in cw_connect
connwrap - don't deinit gnutls session in cw_nb_connect on error, it's done in delsock
2010-09-16 Roger <roger@jikos.cz>
Add missing sources to libyahoo2 makefile
2010-09-16 Boris Petersen <transacid@gmail.com>
updated po files
ignore .version file
2010-09-16 Roger <roger@jikos.cz>
Port Yahoo to new libyahoo2-1.0.1
Disables file transfer (at least for now)
Fix SSL context leak in connwrap
2010-08-27 Boris Petersen <transacid@gmail.com>
Added gettext-devel test to autogen.sh
2010-08-27 Sven Putteneers <sven@tuxera.be>
display received time if different from sent time
Added script to extract a part of a chatlog history and pretty-print it.
Run without parameters for usage info.
2010-07-31 Boris Petersen <transacid@gmail.com>
adding new script for history formating.
initial script by Ilya Sukhanov <ilya@sukhanov.net>
2010-06-19 Roger <roger@lv.(none)>
Add missing initialization to perm/deny SNAC and don't overwrite its id in SBL parsing
2010-04-24 Boris Petersen <transacid@gmail.com>
Merge git-version-gen with gnulib
2010-02-25 Damyan Yordanov <damyan@web.de>
bulgarian translation updated
2010-02-25 Boris Petersen <transacid@gmail.com>
updated po files
2010-02-21 Boris Petersen <transacid@gmail.com>
refresh index before checking for dirty versions
2010-02-21 Damyan Yordanov <damyan@web.de>
bulgarian translation updated
2010-02-18 Lubomir Rintel <lkundrak@v3.sk>
Use RAND_add() with nss_compat_openssl
It does not provide RAND_seed().
2010-02-18 Boris Petersen <transacid@gmail.com>
updated po files
2010-02-17 Roger <roger@lv.(none)>
Better jabber presence handling
2010-02-05 Boris Petersen <transacid@gmail.com>
Merge branch 'versioning' into mob
2010-02-05 Ahmed El-Mahmoudy <aelmahmoudy@sabily.org>
Check for FriBidi using pkg-config
New upstream releases of FriBidi don't provide fribidi-config anymore, so
using pkg-config instead to check for FriBidi.
2010-01-31 Boris Petersen <transacid@gmail.com>
new packaging friendlier versioning
This basically omits the 4 hash digits at the end of the version string.
so e.g.:
centerim-4.22.9.12-3be3.tar.gz
will end up
centerim-4.22.9.12.tar.gz
This makes it easier to package mobshot in gentoo for example.
Updated po files
2010-01-29 Hakan Kvist <hagar@df.lth.se>
Fixed compiler warnings in kkiproc.cc
Removed unused function in kkiproc.cc and fixed
compilewarnings regarding xprintf.
stringstream << should be used instead of sprintf,
and cout << instead of printf.
Beacause:
int64_t foo = 0xffffffffffffffff;
printf (%lx, foo);
printf will behave as expected on a 64 bit platform,
but not on a 32 bit platform (only ffffffff will be printed).
2010-01-28 Hakan Kvist <hagar@df.lth.se>
Cleanup of "extra protection" for ~/.centerim directory.
Reverted some parts of the commits:
e0ab4eeb52cdba438aa2834c4223881ab006b854
deb0cbaa7c385d2656229ac366071c090c55f597
See the discussion here:
http://centerim.org/pipermail/centerim-devel/2009-June/000678.html
If the ~/.centerim directory got the proper protection, then there
is no need for bloating the code with a lot of extra verifications.
No one else than the owner can access the files in ~/centerim
anyway.
Removal of unused variables
Removed a couple of unused variables.
There is still a lot to do if we want to be able to use -Wall for detecting
real errors (currently there are too many warnings in the output, so -Wall isn't
really useful).
Ncurses RTFM. remove ugly prototypes for FreeBSD and OSX
When reading the ncurses man page you find that
_XOPEN_SOURCE_EXTENDED must be defined when using
wide character functions when including ncurses.h.
2010-01-26 Hakan Kvist <hagar@df.lth.se>
Try to fix FreeBSD ncurses compile errors.
Tested on Ubuntu 9.04 and FreeBSD 7.2.
Try to fix FreeBSD ncurses compile errors.
Tested on Ubuntu 9.04 and FreeBSD 7.2.
Try to fix FreeBSD ncurses compile errors.
2010-01-25 Hakan Kvist <hagar@df.lth.se>
configure: check for ncurses/ncursesw. Only curses is not enough.
Some platforms (i.e Solaris 11), still ships ancient curses.
However centerim requires ncurses in order to compile.
Adapted configure.ac to only check for ncurses(w) instead of (n)curses(w).
Cleaned up #ifdefs in conscommon.h
2010-01-19 Hakan Kvist <hagar@df.lth.se>
Fixed compiler error with FreeBSD. Also fixed link error against curseslib.
FreeBSD do not want <utmp.h> to be included. However utmp is only used in linux,
so we do not need to include utmp.h for non linux systems.
Also bug in configure script was fixed.
The curses-lib was not properly included in the $LIBS-variable in the
configure.ac file.
2010-01-19 Boris Petersen <transacid@gmail.com>
Better check for ncurses/ncursesw
With many thanks to the autoconf archive for the macro
and Stéphane "kjir" Bisinger for the pointers and hints ;)
2009-12-14 Boris Petersen <transacid@gmail.com>
Updating Changelog for 4.22.9
2009-12-13 Boris Petersen <transacid@gmail.com>
New taging model.
To be up to date with gnulib's git-version-gen.
WARNING: This breaks compatibility with non v* tags.
For us that means everything before 4.22.9 won't work
anymore.
- The OTR plugin now uses libotr 4.0 (AKA libotr5 in debian based distros)
- Rejecting buddy requests in jabber won't accept them. Sorry for that.
- Purple builds can now enable built in protocols when configuring, by
passing a parameter such as --jabber=1 to configure
- You can now use /oper to change passwords with "ac x set -del password"
- Complex unicode characters (non-BMP) now display correctly in twitter.
- A few init / build script / pkg-config fixes. Added "install-systemd"
make target.
Finished 5 Jul 2014
Version 3.2.1:
- Most important change: http_client updated to use HTTP/1.1, now required
by Twitter.
- fill_by setting can now be used to fill a channel contacts *not* in a
certain group/on a certain account/etc. See "help set fill_by"
- Added utf8_nicks setting which lets you use non-ASCII nicknames for your
contacts. Might not work with all IRC clients, use at your own risk!
- Lots of bugfixes.
Finished 27 Nov 2013
* Fixed a bug causing wildcards in command alias replacement patterns not
to be expanded.
* Fixed a bug causing auto-joining of channels not starting in # or & to
sometimes fail because the auto-join command was generated before we got
the CHANTYPES pronouncement by the server.
* Added a size sanity check for incoming Blowfish ECB blocks. The blind
assumption of incoming blocks being the expected 12 bytes could lead to
a crash or up to 11 byte information leak due to an out-of-bounds read.
This fixes CVE-2014-8483.
* Enabling SSL/TLS support for connections will now advertise the protocols
Qt considers secure by default, instead of being hardcoded to TLSv1.
* Fixed the bundled 'sysinfo' script not coping with empty lines in
/etc/os-release.
* Made disk space info in the bundled 'sysinfo' script more robust by
forcing the C locale for 'df'.
* Added an audio player type hint for Cantata to the bundled 'media' script.
* Fixed some minor comparison logic errors turned up by static analysis.
* Konversation now depends on KDE Platform v4.9.0 or higher.
21 Oct 2014:
- Release 4.1.0
- Modernized autoconf build system
- Use constant-time comparisons where needed
- Use gcrypt secure memory allocation
- Correctly reject attempts to fragment a message into too many pieces
- Fix a missing opdata when sending message fragments
- Don't lose the first user message when REQUIRE_ENCRYPTION is set
- Fix some memory leaks
- Correctly check for children contexts' state when forgetting a context
- API Changes:
- Added API functions otrl_context_find_recent_instance and
otrl_context_find_recent_secure_instance.
the version number accidentally went backwards in the last irssi update.
This release mainly incorporates most of the pkgsrc patches into the upstream
tarball, so the only real change of note is that /beep output has been fixed.
