Swift is trying to plug a hole in the XMPP client landscape, and has
these aims:
* Wide platform availability.
* Doing the "Right Thing" for the user, without configuration.
* Doing the "Right Thing" with standards-compliance.
* Targeting the end-users, not the system administrators.
* Being an XMPP client - not multi-protocol.
* Concentrating on the most frequently performed tasks.
* Never interrupt the user with something that doesn't need attention.
Features of interest
* Easy status setting.
* Easy room joining and bookmarking.
* XEP-0258 Labelling for secure environments.
* Stream compression for bandwidth-saving.
* Support for the new SCRAM authentication mechanism.
Fix for a DoS vulnerability, see
https://www.debian.org/security/2014/dsa-2895
Changes in 0.9.4:
- Compression: Disallow compression on unauthenticated streams
- Core: Limit default read size and maximum stanza size
- Core: Enable SASL EXTERNAL by default for component s2s
- S2S: Warn if s2s_secure_auth and s2s_require_encryption have been
set in conflicting ways
- S2S: Warn if no local network addresses were found, preventing
successful s2s
- MUC: Fix traceback when a non-occupant tried to change an
occupant's role
- MUC: API: Fire an event when temporary rooms are destroyed after
the last person leaves
- Telnet: Fixed traceback when listing users
- Telnet: Apply normalization to JIDs in user management commands
- HTTP: Fix directory detection in file server on Windows
- Plugins: Fix paths on Windows
- MOTD: Don't strip blank lines from the message provided in the config
- prosodyctl: Better error reporting when generating certificates
- Makefile: Improve FreeBSD compatibility
- Multiple fixes to our migration tools, and support for importing MUCs
from ejabberd
Konversation 1.5 adds numerous major features over the previous stable
release. Of particular note are support for SASL and client
certificate authentication, all-new topic management UI, overhauled
authentication UI in the Identities dialog, per-tab spell-checking
language settings, user-configurable nick context menu entries, mouse
spring-loading on tabs, all-new versions of major bundled scripts and
improved Ignore and Watched Nicknames systems. Many under-the-hood
changes to improve codec support and general performance, along with
the usual slew of bug fixes all over, further sweeten the deal.
Full Changelog at:
https://projects.kde.org/projects/extragear/network/konversation/repository/revisions/master/entry/ChangeLog
Changes in 0.9.3:
- A config file passed as command line argument is no longer forgotten
when config is reloaded
- MUC: Allow admins to always bypass restrict_room_creation
- Strip trailing '.' when normalizing hostnames
- HTTP: Prevent silent connection failures
- Components: Allow easier overriding of component authentication by plugins
- Components: Enable TCP keepalives
- Migrator: Better error reporting and improved robustness
- S2S: Include IP in log messages, if hostname is unavailable
- TLS: Log error when initialization fails
Changes in 0.9.2:
- Debian/Ubuntu packages fixed to always generate per-system certs
- TLS: Improved cipher string, and use Prosody's preferred ciphers
- MUC: Fix for Spark clients not displaying room lists
Changes since 13.10:
- New OpenSSL ciphers option in c2s, s2s and s2s_out
- mod_roster: new access rule to restrict roster modificartion
- mod_pubsub: support for data migration from mnesia to odbc
- ejabberd_xmlrpc included
- Bugfixes
Version 0.4.3:
- new command /print
- logical and/or for tags in /filter and hook_print
- gaps in buffer numbers
- support of italic text
- new options to customize default text search in buffers
- use of IRC monitor command for /notify (if available on server)
- new IRC server option "ssl_fingerprint"
- new option to smart-filter IRC mode messages
- new option for default IRC ban mask
- support of IPv6 for DCC chat/file
- auto check CRC32 of files received with DCC
- many bugs fixed.
Version 0.4.2:
- rename binary from "weechat-curses" to "weechat" (with symbolic link "weechat-curses" for compatibility)
- add secured data (encryption of passwords or private data), new command /secure, new file sec.conf
- search of regular expression in buffer with text emphasis, in prefixes, messages or both
- add option "scroll_beyond_end" for command /window
- add optional buffer context in bar items (for example to display bitlbee nicklist in a root bar)
- new options weechat.look.hotlist_{prefix|suffix}
- new option weechat.look.key_bind_safe to prevent any key binding error from user
- new option weechat.network.proxy_curl to use a proxy when downloading URLs with curl
- display day change message dynamically
- support of wildcards in IRC commands (de)op/halfop/voice
- new option irc.look.notice_welcome_redirect to redirect channel welcome notices to the channel buffer
- new option irc.look.nick_color_hash: new hash algorithm to find nick colors (variant of djb2)
- add info about things defined by a script in the detailed view of script (/script show)
- support of "enchant" library in aspell plugin
- many bugs fixed.
finch does not compile with python-3.3. Since libpurple is not versioned
and finch pulls it in, we have to mark libpurple too, and then pidgin
because of libpurple. It's all one codebase anyway...
version 2.10.8 (1/28/2014):
General:
* Python build scripts and example plugins are now compatible with
Python 3. (Ashish Gupta) (#15624)
libpurple:
* Fix potential crash if libpurple gets an error attempting to read a
reply from a STUN server. (Discovered by Coverity static analysis)
(CVE-2013-6484)
* Fix potential crash parsing a malformed HTTP response. (Discovered by
Jacob Appelbaum of the Tor Project) (CVE-2013-6479)
* Fix buffer overflow when parsing a malformed HTTP response with
chunked Transfer-Encoding. (Discovered by Matt Jones, Volvent)
(CVE-2013-6485)
* Better handling of HTTP proxy responses with negative Content-Lengths.
(Discovered by Matt Jones, Volvent)
* Fix handling of SSL certificates without subjects when using libnss.
* Fix handling of SSL certificates with timestamps in the distant future
when using libnss. (#15586)
* Impose maximum download size for all HTTP fetches.
Pidgin:
* Fix crash displaying tooltip of long URLs. (CVE-2013-6478)
* Better handling of URLs longer than 1000 letters.
* Fix handling of multibyte UTF-8 characters in smiley themes. (#15756)
Windows-Specific Changes:
* When clicking file:// links, show the file in Explorer rather than
attempting to run the file. This reduces the chances of a user
clicking on a link and mistakenly running a malicious file.
(Originally discovered by James Burton, Insomnia Security. Rediscovered
by Yves Younan of Sourcefire VRT.) (CVE-2013-6486)
* Fix Tcl scripts. (#15520)
* Fix crash-on-startup when ASLR is always on. (#15521)
* Updates to dependencies:
* NSS 3.15.4 and NSPR 4.10.2
* Pango 1.29.4-1daa
Patched for https://bugzilla.gnome.org/show_bug.cgi?id=668154
AIM:
* Fix untrusted certificate error.
AIM and ICQ:
* Fix a possible crash when receiving a malformed message in a Direct IM
session.
Gadu-Gadu:
* Fix buffer overflow with remote code execution potential. Only
triggerable by a Gadu-Gadu server or a man-in-the-middle.
(Discovered by Yves Younan and Ryan Pentney of Sourcefire VRT)
(CVE-2013-6487)
* Disabled buddy list import/export from/to server (it didn't work
anymore). Buddy list synchronization will be implemented in 3.0.0.
* Disabled new account registration and password change options, as it
didn't work either. Account registration also caused a crash. Both
functions are available using official Gadu-Gadu website.
IRC:
* Fix bug where a malicious server or man-in-the-middle could trigger
a crash by not sending enough arguments with various messages.
(Discovered by Daniel Atallah) (CVE-2014-0020)
* Fix bug where initial IRC status would not be set correctly.
* Fix bug where IRC wasn't available when libpurple was compiled with
Cyrus SASL support. (#15517)
MSN:
* Fix NULL pointer dereference parsing headers in MSN.
(Discovered by Fabian Yamaguchi and Christian Wressnegger of the
University of Goettingen) (CVE-2013-6482)
* Fix NULL pointer dereference parsing OIM data in MSN.
(Discovered by Fabian Yamaguchi and Christian Wressnegger of the
University of Goettingen) (CVE-2013-6482)
* Fix NULL pointer dereference parsing SOAP data in MSN.
(Discovered by Fabian Yamaguchi and Christian Wressnegger of the
University of Goettingen) (CVE-2013-6482)
* Fix possible crash when sending very long messages. Not
remotely-triggerable. (Discovered by Matt Jones, Volvent)
MXit:
* Fix buffer overflow with remote code execution potential.
(Discovered by Yves Younan and Pawel Janic of Sourcefire VRT)
(CVE-2013-6487)
* Fix sporadic crashes that can happen after user is disconnected.
* Fix crash when attempting to add a contact via search results.
* Show error message if file transfer fails.
* Fix compiling with InstantBird.
* Fix display of some custom emoticons.
SILC:
* Correctly set whiteboard dimensions in whiteboard sessions.
SIMPLE:
* Fix buffer overflow with remote code execution potential.
(Discovered by Yves Younan of Sourcefire VRT) (CVE-2013-6487)
XMPP:
* Prevent spoofing of iq replies by verifying that the 'from' address
matches the 'to' address of the iq request. (Discovered by Fabian
Yamaguchi and Christian Wressnegger of the University of Goettingen)
(CVE-2013-6483)
* Fix crash on some systems when receiving fake delay timestamps with
extreme values. (Discovered by Jaime Breva Ribes) (CVE-2013-6477)
* Fix possible crash or other erratic behavior when selecting a very
small file for your own buddy icon.
* Fix crash if the user tries to initiate a voice/video session with a
resourceless JID.
* Fix login errors when the first two available auth mechanisms fail but
a subsequent mechanism would otherwise work when using Cyrus SASL.
(#15524)
* Fix dropping incoming stanzas on BOSH connections when we receive
multiple HTTP responses at once. (Issa Gorissen) (#15684)
Yahoo!:
* Fix possible crashes handling incoming strings that are not UTF-8.
(Discovered by Thijs Alkemade and Robert Vehse) (CVE-2012-6152)
* Fix a bug reading a peer to peer message where a remote user could
trigger a crash. (CVE-2013-6481)
Plugins:
* Fix crash in contact availability plugin.
* Fix perl function Purple::Network::ip_atoi
* Add Unity integration plugin.
either because they themselves are not ready or because a
dependency isn't. This is annotated by
PYTHON_VERSIONS_INCOMPATIBLE= 33 # not yet ported as of x.y.z
or
PYTHON_VERSIONS_INCOMPATIBLE= 33 # py-foo, py-bar
respectively, please use the same style for other packages,
and check during updates.
Use versioned_dependencies.mk where applicable.
Use REPLACE_PYTHON instead of handcoded alternatives, where applicable.
Reorder Makefile sections into standard order, where applicable.
Remove PYTHON_VERSIONS_INCLUDE_3X lines since that will be default
with the next commit.
Whitespace cleanups and other nits corrected, where necessary.
zul_, khorben, netcap, and jihbed.
mcabber is a small Jabber console client, it supports SSL, OTR,
MUC, history logging, commands completion and external actions
triggers.
o re-add the utf-8 changes now that the scrolling is not slowed
o scrolling is much faster now
o fix compile time errors in on modern glibc systems
o add /nuser command
o wserv and ircio move into "libexec" dir.
in 1985 and fixed up by Christos "last week". (I've apparently been
sitting on this package since 20130101, so it was a year ago...)
XXX: this should probably grow an rc script for the master daemon, phoned.
Upstream changes:
-----------------------------------------
version 2.44 at 2013-06-10 13:21:56 +0000
-----------------------------------------
Change: ae253101da7958777a572271f901e894ae20de05
Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
Date : 2013-06-10 14:21:56 +0000
Convert the distribution to dzil
Change: 2f3bfa5c4a97ca061c2f87d4f4706e0bb0376f43
Author: Chris Williams <chris@bingosnet.co.uk>
Date : 2013-06-10 06:08:52 +0000
Merge pull request #1 from avenj/messagetags
IRCv3.2 message tag support, tests for same.
Change: 31a1c9aeab4120e626af130d73b0f1a58a77d46e
Author: Jon Portnoy <avenj@cobaltirc.org>
Date : 2013-06-07 13:03:16 +0000
Add IRCv3.2 message tag support, tests for same.
Update DEPENDS
Upstream changes:
6.83 Mon May 27 10:40:09 BST 2013
- NickServID: React on IRC Message 433 - Commit: ec7cd33736
- BotCommand: Support for overriding the Command Handler
- BotCommand: Added Support for a Help Modification Callback
- BotCommand: Adapted the Help Callback Options so it gets the Command and Arguments
- BotCommand: Added Support for Command Aliases
- BotCommand: Allowed No Arguments/Only Variable Arguments
- Implemented SSL Client Cert Support
6.82 Sat Mar 9 22:15:02 GMT 2013
- Add the Prefix to the "Syntax:" line of the command help
6.81 Fri Nov 23 15:53:11 GMT 2012
- Resolve hash randomisation issues with v5.17.6
6.80 Thu Sep 20 09:52:59 BST 2012
- Add missing prereq
6.79 Wed Sep 19 14:24:03 BST 2012
- Argument naming and argument count validation in Plugin::BotCommand
- [rt.cpan.org #79745] nick_long_form dies due to a race condition
