Fixes security issue http://secunia.com/advisories/31633/
Changelog:
Version 1.2.2 (released 2008-08-26) hilights:
* Fixed a security issue where it was possible to recreate/hijack already
existing accounts.
* Various stability improvements and minor feature enhancements.
Version 1.2.1 (released 2008-06-24) hilights:
* Mostly a lot of fixes for bugs found after the 1.2 release.
* Daemon mode is now officially declared stable.
- Fixed proxy support.
- Fixed stalling issues while connecting to Jabber when using the OpenSSL
module.
- Fixed problem with GLib and ForkDaemon where processes didn't die when
the client disconnects.
- Fixed handling of "set charset none". (Which pretty much breaks the account
completely in 1.2.)
- You can now automatically identify yourself to BitlBee by setting a server
password in your IRC client.
- Compatible with all crazy kinds of line endings that clients can send.
- Changed root nicknames are now saved.
- Added ClientInterface setting to bind() outgoing connections to a specific
network interface.
- Support for receiving Jabber chatroom invitations.
- Relaxed port restriction of the Jabber module: added ports 80 and 443.
- Preserving case in Jabber resources of buddies, since these should
officially be treated as case sensitive.
- Fully stripping spaces from AIM screennames, this didn't happen completely
which severly breaks the IRC protocol.
- Removed all the yellow tape around daemon mode, it's pretty mature by now:
testing.bitlbee.org serves all (~30) SSL users from one daemon mode
process without any serious stability issues.
- Fixed GLib <2.6 compatibility issue.
- Misc. memory leak/crash fixes.
Changelog:
* Version 1.2 (released 2008-03-17) hilights:
- See 1.1.1dev and 1.1dev (Jabber module rewrite, Jabber groupchats, better
(and more secure) file format for user data, ForkDaemon mode).
- Yahoo! support in this release will hopefully still work next month.
* Development version 1.1.1dev (released 2007-11-24) hilights:
- Mostly internal changes (resolved some GPL issues, changed some parts of the
IM API).
- Support for Jabber chatrooms and an XML console.
- Support for named AIM chatrooms.
* Development version 1.1dev (released 2007-02-19) hilights:
- Many new features, enhancements, bugfixes, for example:
- Rewritten Jabber module.
- Improved file format for storing user configuration.
- ForkDaemon mode: Daemon mode without the stability problems.
Version 1.0.4 (released 2007-08-20) hilights:
- Removed call to sethostent() from proxy.c, this caused a lot of
problems especially for people on *BSD.
- Just some small bugfixes.
INSTALLATION_DIRS, as well as all occurrences of ${PREFIX}/man with
${PREFIX}/${PKGMANDIR}.
Fixes PR 35265, although I did not use the patch provided therein.
From changelog:
Version 1.0.3 (released 2006-06-24) hilights:
- Less ICQ spam because the web-aware flag is disabled.
- It's easier to talk to people who are not in your buddy list.
- ISON command works better with irssi (and probably other clients).
- The usual bug fixes.
Version 1.0.2 (released 2006-04-01) hilights:
- Fixed some issues in charset handling.
- Better handling of Jabber away states.
- Some daemon mode stability/usability fixes.
- Lots of miscellaneous fixes, cleanups, etc.
Version 1.0.1 (released 2006-01-14) hilights:
- This version contains some of the changes from the current bzr tree, mainly bug fixes
- AIM groupchat support
- Fixes problems with MSN messages failing to arrive
- Fixes problems with not seeing Jabber buddies online
- Now handles MSN passwords with commas correctly
- Code cleanup
CHANGES contains:
- renamed control channel to &bitlbee, to avoid confusions
- Jabber cleanup
- Handle RSS-to-Jabber feeds
- AIM notifications
- typing notifications come in as CTCP
- fixes a possible DoD bug
Also, the package now installs the full user-guide, and bitlbee.conf(5) man
page
as i did the two latest updates, take maintainership
The changelog for 0.99:
- Fixed memory initialization bug in OSCAR module that caused crashes on
closing the connection.
- Most likely fixed the bug that caused BitlBee to use 100% CPU time in
some situations.
- Outgoing MSN typing notifications are now understood correctly by the
orignal MS Mac/Windows clients (again).
- Added "account add $protocol" to the documentation, got rid of a lot
of over-markup (i.e. overuse of bold-tags), reviewed some other parts.
- Small changes to help.xsl to fix small flaws in the help.txt formatting.
- Messaging yourself now doesn't make irssi or mIRC crash anymore.
backslashes anymore. A single backslash is enough. Changed the
definition in all affected packages. For those that are not caught, an
additional check is placed into bsd.pkginstall.mk.
file's sole purpose was to provide a dependency on pkg-config and set
some environment variables. Instead, turn pkg-config into a "tool"
in the tools framework, where the pkg-config wrapper automatically
adds PKG_CONFIG_LIBDIR to the environment before invoking the real
pkg-config.
For all package Makefiles that included pkg-config/buildlink3.mk, remove
that inclusion and replace it with USE_TOOLS+=pkg-config.
Main changelog entries are:
Security:
- Fixed a bug in http_encode that might have caused buffer overflows
(although not likely to be exploitable) when trying to encode strings
with non-ASCII characters.
- Newline stripping added to prevent newline-in-friendlyname attacks.
(Which allowed remote people to make BitlBee send raw custom IRC lines.)
Bugs:
- Many crashes
- Yahoo! cleanup code to avoid 100% CPU time usage
- fixes for ICQ and MSN
approved by wiz@
(by default disabled in configure, but enabled via bsd.options.mk),
you can enable/disable it via "PKG_OPTIONS.bitlbee=-inet6", this closes
PR pkg/27691 by Georg Schwarz.
Bump PKGREVISION.
Changes:
- Full support for ICQ server-side contact lists!
NOTE: BitlBee now ignores your client-side contact list. If you want to
import your ICQ contact list, use the import_buddies command.
- Added the import_buddies command for upgrading purposes.
- Added support for OpenSSL.
- Fixed one major problem with the daemon mode by getting rid of the global
IRC structure.
- Documentation fixes. help.txt is now generated from XML. Also updated the
installation manual.
- Made the quickstart up-to-date. (By Elizabeth Krumbach)
- Some bitlbeed additions. (By Marcus Dennis)
- info-command support for Jabber, MSN, Yahoo! and a more verbose info-reply
for ICQ. (By Frank Thieme)
- Support for Jabber over SSL.
- nick_get() appends a _ on duplicates instead of chopping off the last
character.
- Got rid of an unused piece of code that caused crashes.
(oscar.c:gaim_parse_clientauto)
- When splitting long messages into 450-char chunks, BitlBee now tries not
to cut off in the middle of a line.
- Added a warning when the user specifies an unknown OSCAR server.
- Removed GLib 2.x dependency, BitlBee will work with GLib 1.x again.
- Improved strip_html(), now less likely to strip non-HTML things.
- An invalid account-command will now display an error message.
- Fixed a bug that caused crashes when /CTCP'ing a groupchat channel.
- Hopefully better Unicode/non-ASCII support for ICQ.
- Fixed MSN connection crash on non-ASCII characters in screenname.
- Added some missing charset conversion calls. (serv_got_crap,
serv_buddy_rename)
- "account off" without extra arguments now logs off all connections.
- Fixed a crash-bug on disconnecting Yahoo! connections before they're fully
connected.
- Fixed a bug in helpfile handling which sometimes caused crashes in daemon
mode.
- block and allow commands work with just a nick as an argument again.
- Working around a crash on some probably invalid Yahoo! packets.
- Fixed a possible double free() on shutdown in irc_free().
- Talking to ICQ people on AIM and vice versa and talking to people with
@mac.com accounts now possible.
- Low ASCII chars are now stripped from away-messages so the Jabber module
won't barf on BitchX and lame-script away messages anymore.
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
# Version 0.90 (released 2004-05-28) hilights:
* Another release with a speech!
* A complete rewrite of the MSN module, which mainly means more
stability, but also some good new features and other enhancements.
* Lots of cleanups and fixes in the other IM-modules.
* Full support for operating behind proxy servers.
features.
# Version 0.83 (released 2003-12-31) hilights:
* Mainly bugfixes.
* Added some features especially useful for public servers.
(Like server-client pinging)
Changes since 0.80:
o Fixed a buffer overflow plus another problem in the nick
handling code.
o Fixed MSN support.
o Added the qlist command.
o Fixed the Makefile: It doesn't just overwrite files in etcdir
anymore.
o Fixed a small problem in the auto-reconnect cleanup code.
o Added a configuration file.
o Added some access restrictions for people who don't want their
BitlBee server to be open to anyone.
o Added basic support for charsets, which makes BitlBee more useful
to people who don't speak ASCII.
o Added support for automatic reconnection to an IM-server.
o Yahoo! now works again.
And more...
