Version 3.6:
- irc/core:
* Add server-time IRCv3 capability (blastrock)
* Add PROXY command for haproxy/stunnel
* Large performance improvements for large contact lists
* Many UX/documentation improvements
* Added built-in crash handler that writes to /var/lib/bitlbee/crash.log
* Try to join long spaceless lines in paste_buffer without a newline. The
main use case for this is pasting long URLs and not breaking them
* Fix status message being set to null accidentally
* Fix handling utf8 nick renames when loading configs (MaskRay)
* Fix SSL's SNI with hostnames starting with a digit (CMB)
* Show correct nick when `rename -del` is used (arcnmx)
- twitter:
* Disable the stream setting by default. Filter streams still work.
* Update default character limit to 280 chars (qyliss)
* Fix quote tweet url display.
- jabber:
* Try to join anyway after "Already present in chat"
* Fix chat joins when ext_jid is provided for your own user.
Seen with Biboumi (a gateway from XMPP to IRC)
* Handle always_use_nicks more gracefully to reduce nick change noise
- otr:
* Don't block attempts to connect/smp/smpq to "offline" users
- Removed dead protocols:
* msn: Use the skypeweb purple plugin instead.
* skype (the dbus based thing): ditto.
* yahoo: It's so dead even the replacement protocol died.
* oscar: AIM is dead, for ICQ use the icyque purple plugin instead.
- For plugin devs:
* Add datadir to pkgconfig file and config.h (sm00th)
* Add "bitlbee-set-account-password" purple signal (for hangouts)
* Support libpurple 2.12.0's PURPLE_MESSAGE_REMOTE_SEND for groupchat
self-messages (for slack)
- Packaging/distro specific stuff:
* bitlbee@.service now sends stderr to syslog instead of the socket
* debian: only enable bitlbee.service, not bitlbee.socket too
* cygwin: portability fixes for plugins
* Support OpenSSL 1.1 built without backwards compat (cotequeiroz)
Changes since 8.2.25:
-- Noteworthy changes in version 8.2.26 (2019-05-31)
o) The 'general::tkline_expire_notices' configuration directive has been
replaced with user mode 'X'. *LINE expiration notices are sent to IRC
operators with that mode set
o) Fixed issue with '/rehash conf' creating duplicated class entries
instead of updating existing ones that are already in use
o) For a full list of all changes in this release, see https://git.io/fj0bx
Changes since 8.2.24:
-- Noteworthy changes in version 8.2.25 (2019-04-24)
o) The 'class::number_per_ip', 'class::max_local' and 'class::max_global'
configuration directives have been replaced with just 'class::number_per_ip_local'
and 'class::number_per_ip_global'. The 'class::max_local' basically was
redundant as it had the same functionality as 'class::number_per_ip'
o) Adding RESVs with wildcards no longer requires administrator privileges
o) The 'general::ignore_bogus_ts' configuration option has been deprecated
o) TLSv1.1 and TLSv1.0 are no longer supported and have been disabled in
the openssl and gnutls module
o) Minimum supported OpenSSL version is 1.0.1f now
o) Minimum supported GnuTLS version is 3.5.8 now
o) The 'serverinfo::vhost' and 'serverinfo:vhost6' configuration directives have
been deprecated. If you need to bind() a specific address you can specify one
in the connect {} block
o) The 'connect::vhost' configuration directive has been renamed to 'connect::bind'
Changes:
* Added a configure option, --disable-auto-extras, which disables
automatically enabling extras for which the dependencies are
available.
* Added support for disabling a STS policy for users in specific
connect classes.
* Added support for the IRCv3 Message IDs specification.
* Fixed a crash in the silence module on some older versions of
GCC.
* Fixed linking against v2 servers running the ASCII case mapping
module from inspircd-extras.
* Fixed an inverted condition in the commonchans module which made
the module not work.
* Fixed configure not failing when invalid options were passed to
it.
* Fixed pending X-lines only being applied to a single user.
* Fixed servers not specifying whether they are hidden. If no
visibility is specified then servers default to the visibility of
their parent server.
This release contains minor bug fixes and documentation corrections.
Most notably:
* Fixed building on NetBSD.
* Fixed building on Windows.
* Fixed building with older libc implementations.
* Fixed setting a distribution label.
* Fixed higher <maxlist> values not being shown in MAXLIST.
(This mainly means workarounds can be deleted from pkgsrc).
Changes:
* remove shift+click binding to close tabs
* re-add option to build against legacy perl
* add appstream metainfo for plugins
* add build option to set perl binary
* add option to build without appstream
* fix not unminimizing when restoring from tray
* fix translations containing invalid text events
* fix server passwords starting with :
* update libraries on windows, fixing CVE-2018-15120 (and emoji!)
This release contains many major new enhancements, some of which include:
* Full support for all currently ratified IRCv3 extensions.
* Support for WebSocket connections.
* Support for the bcrypt and PBKDF2 password hashing algorithms.
* Support for the WHOX extension.
* Support for UNIX socket connections.
* Support for the HAProxy PROXY protocol.
* Many performance improvements.
To upgrade from v2 (chat/inspircd) please consult the list of config
changes:
https://docs.inspircd.org/3/configuration-changes/
Without gettext-lib and msgfmt being available, package creation fails
because the locale files aren't generated.
Similar reasoning for gnutls as inspircd - anope is based on an old
version of inspircd and is also GPLv2 with no exception for OpenSSL.
gnutls is the recommended TLS library for both.
New
* Add a mobile phone indicator to the chat window
* Rework HTTPUpload dialog
* Add a "paste as quote" option to the message input
Bug fixes
* #8822 Fix memory leak when using spell checker
* #9514 Fix jingle filetransfers not working in some circumstances
* #9573 Dont leak DNS query when connecting over proxy
* #9578 Determine Windows version more reliably
* #9622 Fix an error while quitting Gajim
* #9633 Fix an error while sending a file
* #9637 Restore window size correctly on wayland
* #9660 GPG Agent setting is ignored
* #9645 Make zeroconf IPV6 compatible
* Improve dark theme colors
* Fix access to GnuPG keys
* Use UUID4 item ids for pubsub posts
* Dont send invalid show values
* Windows: Dont override format region settings
* Various smaller improvements
The tarball was silently updated without a release. After diffing this
against the git tag, the updated tarball seems to change some if statements
from if (x = y) to if (x == y)...
766055d5c0
The bug fixed by this change is apparently not exploitable.
Changes from 1.7.2 to 1.7.3:
* Fix CVE-2019-9917.
ZNC before 1.7.3-rc1 allows an existing remote user to cause a
Denial of Service (crash) via invalid encoding.
Changes between version 4.2.1 and 4.2.2:
Improvements:
Quicker connection handshake for clients which use CAP and/or SASL.
With "TOPIC #chan" and "MODE #chan +b" (and +e/+I) you can see who set the topic and bans/exempts/invex. The default is to only show the nick of the person who set the item. This can be changed (not the default) by setting:
set { topic-setter nick-user-host; };
set { ban-setter nick-user-host; };
The 'set by' and 'set at' information for +beI lists are now synchronized when servers link. You still see the MODE originating from the server, however when the banlist is queried you will now be able to see the original nick and time of the bansetter rather than serv.er.name. If you want the OLD behavior you can use: set { ban-setter-sync no; };
The default maximum topic length has been increased from 307 to 360.
You can now set more custom limits. The default settings are shown below:
set {
topic-length 360; /* maximum: 360 */
away-length 307; /* maximum: 360 */
quit-length 307; /* maximum: 395 */
kick-length 307; /* maximum: 360 */
};
The message sent to users upon *LINE can now be adjusted completely via set::reject-message::kline and set::reject-message::gline.
New set::anti-flood::max-concurrent-conversations which configures the maximum number of conversations a user can have with other users at the same time.
Until now this was hardcoded at limiting /MSG and /INVITE to 20 different users in a 15 second period. The new default is 10 users, which serves as a protection measure against spambots.
New set::max-targets-per-command which configures the maximum number of targets accepted for a command, such as 4 to allow e.g. /MSG nick1,nick2,nick3,nick4 hi.
Also changed the following defaults (previously hardcoded):
PRIVMSG from 20 to 4 targets, to counter /amsg spam
NOTICE from 20 to 1 target, to counter /anotice spam
KICK from 1 to 4 targets, to make it easier for channel operators to quickly kick a large amount of spambots
Added INVITE and KNOCK flood protection (command rate limiting):
set::anti-flood::invite-flood now defaults to 4 per 60 seconds (previously the effective limit was 1 invite per 6 seconds).
set::anti-flood::knock-flood now defaults to 4 per 120 seconds.
New set::outdated-tls-policy which describes what to do with clients that use outdated SSL/TLS protocols (eg: TLSv1.0) and ciphers.
The default settings are to warn in all cases: users connecting, opers /OPER'ing up and servers linking in. The user will see a message telling them to upgrade their IRC client.
This should help with migrating such users, since in the future, say one or two years from now, we would want to change the default to only allow TSLv1.2+ with ciphers that provide Forward Secrecy. Instead of rejecting clients without any error message, this provides a way to warn them and give them some time to upgrade their outdated IRC client.
Major issues fixed:
Crash issue in the 'websocket' module.
Minor issues fixed:
The advertised "link-security" was incorrectly downgraded from level 2 to 1 if spkifp was used as an authentication method.
In case of a crash, the ./unrealircd backtrace script was not working correctly in non-English environments, leading to less accurate bug reports.
Various crashes if a server receives incorrect commands from a trusted linked server.
A number of memory leaks on REHASH (about 1K).
SASL was not working post-registration, eg: when services link back in. This is now fixed in UnrealIRCd, but may require a services update as well.
Changed:
The noctcp user mode (+T) will now only block CTCP's and not CTCP REPLIES. Also, IRCOps can bypass user mode +T restrictions.
The server will warn if your ulines { } are matching UnrealIRCd servers.
The m_whox module now contains various features that m_who already had.
Also, m_whox will try to convert classic UnrealIRCd WHO requests such as "WHO +i 127.0.0.1" to whox style "WHO 127.0.0.1 i".
Unfortunately auto-converting WHO requests is not always possible. When in doubt the WHOX syntax is assumed. Users are thus (still) encouraged to use the whox style when m_whox is loaded.
For module coders:
New hook HOOKTYPE_WELCOME (aClient *acptr, int after_numeric): allows you to send a message at very specific places during the initial welcome.
New Isupport functions: IsupportSet, IsupportSetFmt and IsupportDelByName.
The M_ANNOUNCE flag in the command add functions should no longer be used as CMDS= is removed. Please update your module.
New "SJSBY" in PROTOCTL, which is used in SJOIN to sync extra data. See the last part of the SJOIN documentation.
For a command with 2 arguments, eg "PRIVMSG #a :txt", parv[1] is "#a", parv[2] is "txt" and parv[3] is NULL. Any arguments beyond that, such as parv[4] should not be accessed. To help module coders with detecting such bugs we now poison unused parv[] elements that should never be accessed. Note that without this poison your code will also crash, now it just crashes more consistently.
IRC protocol:
This section is intended for client coders and people interested in IRC protocol technicalities
Many changes in the tokens used in numeric 005 (RPL_ISUPPORT):
Removed CMDS= because this was an unnecessary abstraction and it was not picked up by any other IRCd.
The tokens KNOCK MAP USERIP have been added (moved from CMDS=..)
STARTTLS is no longer advertised in 005 since doing so would be too late. Also, STARTTLS is not the preferred method of using SSL/TLS.
Added TARGMAX= to communicate set::max-targets-per-command limits.
Removed the MAXTARGETS= token because TARGMAX= replaces it.
Added DEAF=d to signal what user mode is used for "deaf"
Added QUITLEN to communicate the set::quit-length setting (after all, why communicate length for KICK but not for QUIT?)
The 005 tokens are now sorted alphabetically
When hitting the TARGMAX limit (set::max-targets-per-command), for example with "/MSG k001,k002,k003,k004,k005 hi", you will see:
:server 407 me k005 :Too many targets. The maximum is 4 for PRIVMSG.
When hitting the set::anti-flood::max-concurrent-conversations limit (so not per command, but per time frame), you will see:
:server 439 me k011 :Message target change too fast. Please wait 7 seconds
When hitting the set::anti-flood::invite-flood limit you will get:
:server 263 me INVITE :Flooding detected. Please wait a while and try again.
When hitting the set::anti-flood::knock-flood limit you will get:
:server 480 me :Cannot knock on #channel (You are KNOCK flooding)
Not a protocol change. But when a server returns from a netsplit and syncs modes such as: :server MODE #chan +b this!is@an.old.ban
Then later on you can query the banlist (MODE #chan b) and you may see the actual original setter and timestamp of the ban. So if a user wishes to see the banlist then IRC clients are encouraged to actively query the banlist before displaying it. Fortunately most clients do this.
If the set::topic-setter or set::ban-setter are set to nick-user-host then the "added by" field in numerics that show these entries will contain nick!user@host instead of nick, eg:
:server 367 me #channel this!is@some.banbansetter!user@some.host 1549461765
inspircd is GPLv2 and does not have an exception to allow linking against
OpenSSL. The inspircd documentation also describes the gnutls module as
performing better and being preferred in most cases.
Changes:
0.4.9
-----
- fix loading events by event id with Conversation.get_events
0.4.8
-----
- set device name to "hangups" when authenticating
- fix snap package build
0.4.7
-----
- add manual login option
- publish tests in package
- add participant watermarks to conversation objects and UI
- improve hyperlink detection
- fix issue with loading conversion history
- bump aiohttp requirement to >=3.3
New features
core: do not automatically add a space when completing "nick:" at the beginning of command line (the space can be added in option weechat.completion.nick_completer)
core: add default keys Ctrl+F11/Ctrl+F12 to scroll up/down one page in nicklist (same action as F11/F12)
core: add command line option "-t" (or "--temp-dir") to create a temporary WeeChat home (deleted on exit)
api: add functions string_base_encode and string_base_decode, remove functions string_encode_base64 and string_decode_base64
api: add support of Time-based One-Time Password (TOTP), add infos "totp_generate" and "totp_validate"
buflist: add default keys Ctrl+F1/Ctrl+F2 to scroll up/down one page in buflist (same action as F1/F2)
buflist: add variable ${number2}, always set with the indented buffer number
exec: add option exec.command.shell to customize the shell used with /exec -sh
relay: add support of close frame in websocket connection (issue #1281)
relay: add support of Time-based One-Time Password (TOTP) as second authentication factor in weechat protocol
Bug fixes
core: fix compilation of empty regular expression (not allowed on FreeBSD)
core: fix forced highlight on messages sent to other buffers (issue #1277)
aspell: look for suggestions only if the misspelled word has changed (issue #1175)
buflist: add alternate key codes for F1/F2 and Alt+F1/Alt+F2 (compatibility with terminals)
buflist: fix warning displayed when script buffers.pl is loaded (issue #1274)
irc: fix parsing of whois messages in notify
irc: fix parsing of MODE, 341 (invite) and CHGHOST commands when there are colons (issue #1296)
irc: return IRC color code instead of WeeChat color code when decoding a too short ANSI color sequence
irc: fix encoding of italic attribute when colors are removed
irc: fix parsing of "time" message tag on FreeBSD (issue #1289)
relay: fix crash on /upgrade when the real IP is not set (issue #1294)
relay: fix memory leak in connection of client
Tests
unit: fix UTF-8 and evaluation tests on FreeBSD
unit: add tests on IRC configuration and protocol functions
Build
core: add C compiler flag "-fsigned—char" to force "char" data type to be always signed (issue #1277)
Quassel IRC is a modern, cross-platform, distributed IRC client
based on the Qt framework.
Distributed means that one (or multiple) client(s) can attach to
and detach from a central core that stays permanently online --
much like the popular combination of screen and a text-based IRC
client such as WeeChat, and similar to (but much more featureful
than) so-called BNCs. Re-attaching your client will show your IRC
session in the same state as you left it in (plus whatever happened
while you were gone), and this even when you re-attach from a
different location.
In addition, Quassel IRC can be used like a traditional client,
with providing both client and core functionality in one binary.
This so-called "Monolithic Client" completely hides the distributed
nature, so for a purely local installation, Quassel IRC can be
setup very easily.
