PR pkg/48866 from Leonardo Taccari
Changes (from http://www.irssi.org/news/ChangeLog ):
Features:
* Add -noautosendcmd to /SERVER and /CONNECT. Passing this option will
force Irssi to not execute the content of the autosendcmd
chatnet-setting upon connect.
* Accept names replies with nick!user@host instead of just nick, if they
are enabled (see bug #805).
* Set window binds for channel items as sticky when re-creating window
binds as part of /layout save. This fixes the bug where previously
saved channel windows forgets their window number upon reconnect.
* Add experimental support for DNSSEC DANE validation of certificates.
* Strip the argument for boolean options (see bug #769).
* Freenode have been readded to the list of networks in the default
configuration file.
* Disabled support for the insecure SSLv2 protocol.
* Various documentation enhancements.
* Add -ssl_pass to /connect and /server (see bug #305).
Bugfixes:
* Fix crashing bug that can happen if the terminal height decreases
before the first window is created.
* Fixed minor compiler warnings.
* Fixed possible crashing bug when processing an octal escape sequence.
* Fixed the /ignore -network option (see bug #748).
* Fixed signal handling for /exec'd commands. Irssi now sends the signal
to the process group id instead of the process id.
* Fixed segfault generated by SSL disconnections (see bug #752).
* Fix compilation when build with -Werror=format-security. Patch by
Jaroslav Skarvada.
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
* Install a dummy log handler to avoid spamming e.g. the irssi-xmpp console
window in non-debug mode, patch from:
65fda2c884
* Fix build on Darwin
* Add patch comments and LICENSE.
Bump PKGREVISION.
Changelog since 13.12:
ejabberd now includes support for:
- XEP-0198: Stream Management (EJAB-532)
- XEP-0321: Remote Roster Management (EJAB-1381)
- RFC-3261: SIP proxy/registrar
- RFC-5766: TURN: Traversal Using Relays around NAT (EJAB-1017)
There are several improvements regarding encryption:
- Add option to specify openssl options
- Fix extraction of host names from certificates
- Fix certificate authentication for incoming s2s connections
- Fix handling of certificate verification errors for incoming s2s
- Handle “s2s_use_starttls: required_trusted” the same way for outgoing
- Support certificate verification for outgoing s2s connections
- Check TLS state before requesting SASL EXTERNAL
- Log TLS status for outgoing s2s with SASL EXTERNAL
- Verify host name before offering SASL EXTERNAL
Just to mention other improvements:
- New ejabberd command: disconnect_user/2
- New Bash completion script for ejabberdctl, experimental (EJAB-1042)
- Don’t provide current password in webinterface
- mod_register_web: check same acl as mod_register.
- Document and enable mod_carboncopy (XEP-0280) by default
- Make it possible to get/set vCards for MUC rooms
- Add Travis CI configuration file
v1.0.10 -- 09 Apr 2014
---------------------
- TLSSChannel: use malloc/realloc/free instead of their legacy Local* variants (fixes#222)
- VCard: remove \r from vcard photos. Fixes a recent change Facebook made to their vcard pictures (patch by Fernando Sanchez)
- Jingle: fixed replying; distinguish between 'from' and 'initiator'; added Jingle::Session::setInitiator()
- Jingle: fixed ::ICEUDP to actually add candidates; added ::Session::initiator(), ::setHandler(), ::sessionAccept( PluginList ); fixed storing of new sessions in ::SessionManager (patches by Erich Keane)
- Jingle: removed Jingle::setInitiator() and ::setResponder() (now provided by ctor)
- AtomicRefCount: fixed compilation on iOS (patch by Erich Keane)
- Jingle::Plugin: added JinglePluginType, pluginType(), and findPlugin() to easily look for and retrieve specific plugins
- ConnectionBOSH: fixed return value for recv() (patch by Sudarshan Prasad)
- Parser: get rid of bogus isValid() (fixes#180, #224)
v1.0.9 -- 15 Oct 2013
---------------------
- changed colon to dash in uid generation to possibly fix#191
- added Channel Binding (needed for SASL SCRAM-SHA-1-PLUS) to SChannel on win32 (untested)
- fixed SCRAM-SHA-1-PLUS
v1.0.8 -- 15 Oct 2013
---------------------
- ConnectionTLS: make stacked TLS/SSL connections work again with HTTP proxies
- added SASL SCRAM-SHA-1/SCRAM-SHA-1-PLUS authentication mechanisms (GnuTLS & OpenSSL only) (#201)
- properly seed the RNG
- SHA::hex(): finalize() only once
v1.0.7.1 -- 11 Oct 2013
---------------------
- fixed/updated the win32 project files
v1.0.7 -- 11 Oct 2013
---------------------
- added Jingle (XEP-0166)
- added Jingle ICE-UDP Transport (XEP-0176)
- added Jingle File Transfer (XEP-0234)
- fixed compilation in iOS7 SDK (thanks to Kurt Vermeersch)
- fixed bug in stanza handling/counting related to Stream Management (patch by Norbert Riedlin)
- added protected ClientBase::stanzasSent() to return sent stanzas (if Stream Management enabled)
v1.0.6 -- 04 Sep 2013
---------------------
- ClientBase: removed check for empty message body --> messages of type chat with empty bodies will be passed on to listeners - required for Message Carbons
- MessageSession: removed check for empty message body --> messages of type chat with empty bodies will be passed on to listeners - required for Message Carbons
- don't send presence after stream resumption
- added ClientBase::sendQueue()
- documentation updates and fixes
v1.0.5 -- 02 Sep 2013
---------------------
- added support for Stanza Forwarding (XEP-0297)
- added support for Message Carbons (XEP-0280)
v1.0.4 -- 30 Aug 2013
---------------------
- added support for Stream Management (XEP-0198)
- Fix some iterator usage for portability related to erase (patch by Daniel Bowen)
- Ensure setting a connection does not leave a deleted value in the member variable for a time (patch by Daniel Bowen)
- Add operator< and relatives to JID so that it can be in a map (patch by Daniel Bowen)
- Sandboxing on Apple doesn't like getprotobyname (patch by Daniel Bowen)
- MessageSession::send(): removed default argument of 2nd parameter to remove ambiguity of MS::send( string ) (#206) (source incompatible!)
- VCard: renamed setPhoto( string ) to setPhotoUri( string ) (#166) (source and binary incompatible)
v1.0.3 -- 22 Jul 2013
---------------------
- Changed license to GPLv3
- removed space from VS project name (--> gloox-1.0)
- VCardUpdate: fixed handling of empty hash (#203)
- VCardUpdate: added hasPhoto() to inidicate whether there was a photo tag (#203)
- compilation fixed when using getaddrinfo (patch by Roy van Dam)
- Receipt: recognize id attribute (patch by Dídac Pérez) (#208)
- MessageSession: added MS::send( string& ) to properly provide a base for MUCMS::send( string& ) (#206)
- really fixed memory leak in prep::idna()
- gloox.vcproj: removed not-yet-present tlsgnutlsserver.cpp/.h
v1.0.2 -- 05 Jul 2013
---------------------
- SOCKS5Bytestream: Don't wait for incoming data, notify about open stream immediately upon
connection (patch by Erik Horemans)
- fixed/updated Code::Blocks and VS project files (fixes#197, #198)
- fixed memory leak in ClientBase (fixes#204)
- fixed memory leak in prep::idna()
v1.0.1 -- 29 Jun 2013
---------------------
- Added support for Serverless Messaging (XEP-0174)
- TLSOpenSSLServer: compilation fix
- don't bail on DNS TCP queries
- fixed µs timeout value (now defaults to 1.000.000)
- omit port in initial greeting (usually -1 anyway)
- fixed SHA1 hashes of 55 byte strings (#164)
- fixed CFLAGS and LIBS in pkg-config file (#163)
- fixed SOCKS5Bytestream double close notification
- tell gcrypt that we're using pthreads (if available)
- ClientBase: send IQ error response for unsupported features
- ClientBase: fixed potential infinite loop on IQ error
- ClientBase: fixed NTLM auth
- ClientBase, SEF: mutex-protected SE handling
- PubSub: added 'subscribe & configure'
- PubSub: added optional subid
- SOCKS5BytestreamServer: expose local socket
- RosterManager: don't use string-comparison on JIDs; use JID class
- NonSASLAuth: fixed resource usage by deprecating ClientBase::m_selectedResource
- InBandBytestream: don't call handler in dtor
- util: fixed long2string()
- fixed a few leaks in GnutTLS client code (#181)
- VCard: made getters const (#186) (binary-incompatible change!)
- PubsubManager: fixed using wrong Tag (#190)
- Search: fixed search() (#193)
- DNS: fix socket leak if no network connection is available (#192)
- PubsubManager: unconditionally call handleItemPublication() (#194)
- configure: Added -lgcrypt (dependency of GNUTLS)
Swift is trying to plug a hole in the XMPP client landscape, and has
these aims:
* Wide platform availability.
* Doing the "Right Thing" for the user, without configuration.
* Doing the "Right Thing" with standards-compliance.
* Targeting the end-users, not the system administrators.
* Being an XMPP client - not multi-protocol.
* Concentrating on the most frequently performed tasks.
* Never interrupt the user with something that doesn't need attention.
Features of interest
* Easy status setting.
* Easy room joining and bookmarking.
* XEP-0258 Labelling for secure environments.
* Stream compression for bandwidth-saving.
* Support for the new SCRAM authentication mechanism.
Fix for a DoS vulnerability, see
https://www.debian.org/security/2014/dsa-2895
Changes in 0.9.4:
- Compression: Disallow compression on unauthenticated streams
- Core: Limit default read size and maximum stanza size
- Core: Enable SASL EXTERNAL by default for component s2s
- S2S: Warn if s2s_secure_auth and s2s_require_encryption have been
set in conflicting ways
- S2S: Warn if no local network addresses were found, preventing
successful s2s
- MUC: Fix traceback when a non-occupant tried to change an
occupant's role
- MUC: API: Fire an event when temporary rooms are destroyed after
the last person leaves
- Telnet: Fixed traceback when listing users
- Telnet: Apply normalization to JIDs in user management commands
- HTTP: Fix directory detection in file server on Windows
- Plugins: Fix paths on Windows
- MOTD: Don't strip blank lines from the message provided in the config
- prosodyctl: Better error reporting when generating certificates
- Makefile: Improve FreeBSD compatibility
- Multiple fixes to our migration tools, and support for importing MUCs
from ejabberd
Konversation 1.5 adds numerous major features over the previous stable
release. Of particular note are support for SASL and client
certificate authentication, all-new topic management UI, overhauled
authentication UI in the Identities dialog, per-tab spell-checking
language settings, user-configurable nick context menu entries, mouse
spring-loading on tabs, all-new versions of major bundled scripts and
improved Ignore and Watched Nicknames systems. Many under-the-hood
changes to improve codec support and general performance, along with
the usual slew of bug fixes all over, further sweeten the deal.
Full Changelog at:
https://projects.kde.org/projects/extragear/network/konversation/repository/revisions/master/entry/ChangeLog
Changes in 0.9.3:
- A config file passed as command line argument is no longer forgotten
when config is reloaded
- MUC: Allow admins to always bypass restrict_room_creation
- Strip trailing '.' when normalizing hostnames
- HTTP: Prevent silent connection failures
- Components: Allow easier overriding of component authentication by plugins
- Components: Enable TCP keepalives
- Migrator: Better error reporting and improved robustness
- S2S: Include IP in log messages, if hostname is unavailable
- TLS: Log error when initialization fails
Changes in 0.9.2:
- Debian/Ubuntu packages fixed to always generate per-system certs
- TLS: Improved cipher string, and use Prosody's preferred ciphers
- MUC: Fix for Spark clients not displaying room lists
Changes since 13.10:
- New OpenSSL ciphers option in c2s, s2s and s2s_out
- mod_roster: new access rule to restrict roster modificartion
- mod_pubsub: support for data migration from mnesia to odbc
- ejabberd_xmlrpc included
- Bugfixes
Version 0.4.3:
- new command /print
- logical and/or for tags in /filter and hook_print
- gaps in buffer numbers
- support of italic text
- new options to customize default text search in buffers
- use of IRC monitor command for /notify (if available on server)
- new IRC server option "ssl_fingerprint"
- new option to smart-filter IRC mode messages
- new option for default IRC ban mask
- support of IPv6 for DCC chat/file
- auto check CRC32 of files received with DCC
- many bugs fixed.
Version 0.4.2:
- rename binary from "weechat-curses" to "weechat" (with symbolic link "weechat-curses" for compatibility)
- add secured data (encryption of passwords or private data), new command /secure, new file sec.conf
- search of regular expression in buffer with text emphasis, in prefixes, messages or both
- add option "scroll_beyond_end" for command /window
- add optional buffer context in bar items (for example to display bitlbee nicklist in a root bar)
- new options weechat.look.hotlist_{prefix|suffix}
- new option weechat.look.key_bind_safe to prevent any key binding error from user
- new option weechat.network.proxy_curl to use a proxy when downloading URLs with curl
- display day change message dynamically
- support of wildcards in IRC commands (de)op/halfop/voice
- new option irc.look.notice_welcome_redirect to redirect channel welcome notices to the channel buffer
- new option irc.look.nick_color_hash: new hash algorithm to find nick colors (variant of djb2)
- add info about things defined by a script in the detailed view of script (/script show)
- support of "enchant" library in aspell plugin
- many bugs fixed.
finch does not compile with python-3.3. Since libpurple is not versioned
and finch pulls it in, we have to mark libpurple too, and then pidgin
because of libpurple. It's all one codebase anyway...
version 2.10.8 (1/28/2014):
General:
* Python build scripts and example plugins are now compatible with
Python 3. (Ashish Gupta) (#15624)
libpurple:
* Fix potential crash if libpurple gets an error attempting to read a
reply from a STUN server. (Discovered by Coverity static analysis)
(CVE-2013-6484)
* Fix potential crash parsing a malformed HTTP response. (Discovered by
Jacob Appelbaum of the Tor Project) (CVE-2013-6479)
* Fix buffer overflow when parsing a malformed HTTP response with
chunked Transfer-Encoding. (Discovered by Matt Jones, Volvent)
(CVE-2013-6485)
* Better handling of HTTP proxy responses with negative Content-Lengths.
(Discovered by Matt Jones, Volvent)
* Fix handling of SSL certificates without subjects when using libnss.
* Fix handling of SSL certificates with timestamps in the distant future
when using libnss. (#15586)
* Impose maximum download size for all HTTP fetches.
Pidgin:
* Fix crash displaying tooltip of long URLs. (CVE-2013-6478)
* Better handling of URLs longer than 1000 letters.
* Fix handling of multibyte UTF-8 characters in smiley themes. (#15756)
Windows-Specific Changes:
* When clicking file:// links, show the file in Explorer rather than
attempting to run the file. This reduces the chances of a user
clicking on a link and mistakenly running a malicious file.
(Originally discovered by James Burton, Insomnia Security. Rediscovered
by Yves Younan of Sourcefire VRT.) (CVE-2013-6486)
* Fix Tcl scripts. (#15520)
* Fix crash-on-startup when ASLR is always on. (#15521)
* Updates to dependencies:
* NSS 3.15.4 and NSPR 4.10.2
* Pango 1.29.4-1daa
Patched for https://bugzilla.gnome.org/show_bug.cgi?id=668154
AIM:
* Fix untrusted certificate error.
AIM and ICQ:
* Fix a possible crash when receiving a malformed message in a Direct IM
session.
Gadu-Gadu:
* Fix buffer overflow with remote code execution potential. Only
triggerable by a Gadu-Gadu server or a man-in-the-middle.
(Discovered by Yves Younan and Ryan Pentney of Sourcefire VRT)
(CVE-2013-6487)
* Disabled buddy list import/export from/to server (it didn't work
anymore). Buddy list synchronization will be implemented in 3.0.0.
* Disabled new account registration and password change options, as it
didn't work either. Account registration also caused a crash. Both
functions are available using official Gadu-Gadu website.
IRC:
* Fix bug where a malicious server or man-in-the-middle could trigger
a crash by not sending enough arguments with various messages.
(Discovered by Daniel Atallah) (CVE-2014-0020)
* Fix bug where initial IRC status would not be set correctly.
* Fix bug where IRC wasn't available when libpurple was compiled with
Cyrus SASL support. (#15517)
MSN:
* Fix NULL pointer dereference parsing headers in MSN.
(Discovered by Fabian Yamaguchi and Christian Wressnegger of the
University of Goettingen) (CVE-2013-6482)
* Fix NULL pointer dereference parsing OIM data in MSN.
(Discovered by Fabian Yamaguchi and Christian Wressnegger of the
University of Goettingen) (CVE-2013-6482)
* Fix NULL pointer dereference parsing SOAP data in MSN.
(Discovered by Fabian Yamaguchi and Christian Wressnegger of the
University of Goettingen) (CVE-2013-6482)
* Fix possible crash when sending very long messages. Not
remotely-triggerable. (Discovered by Matt Jones, Volvent)
MXit:
* Fix buffer overflow with remote code execution potential.
(Discovered by Yves Younan and Pawel Janic of Sourcefire VRT)
(CVE-2013-6487)
* Fix sporadic crashes that can happen after user is disconnected.
* Fix crash when attempting to add a contact via search results.
* Show error message if file transfer fails.
* Fix compiling with InstantBird.
* Fix display of some custom emoticons.
SILC:
* Correctly set whiteboard dimensions in whiteboard sessions.
SIMPLE:
* Fix buffer overflow with remote code execution potential.
(Discovered by Yves Younan of Sourcefire VRT) (CVE-2013-6487)
XMPP:
* Prevent spoofing of iq replies by verifying that the 'from' address
matches the 'to' address of the iq request. (Discovered by Fabian
Yamaguchi and Christian Wressnegger of the University of Goettingen)
(CVE-2013-6483)
* Fix crash on some systems when receiving fake delay timestamps with
extreme values. (Discovered by Jaime Breva Ribes) (CVE-2013-6477)
* Fix possible crash or other erratic behavior when selecting a very
small file for your own buddy icon.
* Fix crash if the user tries to initiate a voice/video session with a
resourceless JID.
* Fix login errors when the first two available auth mechanisms fail but
a subsequent mechanism would otherwise work when using Cyrus SASL.
(#15524)
* Fix dropping incoming stanzas on BOSH connections when we receive
multiple HTTP responses at once. (Issa Gorissen) (#15684)
Yahoo!:
* Fix possible crashes handling incoming strings that are not UTF-8.
(Discovered by Thijs Alkemade and Robert Vehse) (CVE-2012-6152)
* Fix a bug reading a peer to peer message where a remote user could
trigger a crash. (CVE-2013-6481)
Plugins:
* Fix crash in contact availability plugin.
* Fix perl function Purple::Network::ip_atoi
* Add Unity integration plugin.
either because they themselves are not ready or because a
dependency isn't. This is annotated by
PYTHON_VERSIONS_INCOMPATIBLE= 33 # not yet ported as of x.y.z
or
PYTHON_VERSIONS_INCOMPATIBLE= 33 # py-foo, py-bar
respectively, please use the same style for other packages,
and check during updates.
Use versioned_dependencies.mk where applicable.
Use REPLACE_PYTHON instead of handcoded alternatives, where applicable.
Reorder Makefile sections into standard order, where applicable.
Remove PYTHON_VERSIONS_INCLUDE_3X lines since that will be default
with the next commit.
Whitespace cleanups and other nits corrected, where necessary.
