backslashes anymore. A single backslash is enough. Changed the
definition in all affected packages. For those that are not caught, an
additional check is placed into bsd.pkginstall.mk.
that these directories will be conditionally removed (based on reference
counts), regardless of the value of PKG_CONFIG. Bump the PKGREVISION
for packages that were modified as a result.
as the INSTALL and DEINSTALL scripts no longer distinguish between
the two types of files. Drop SUPPORT_FILES{,_PERMS} and modify the
packages in pkgsrc accordingly.
"this release of gaim has a few security fixes which mirror
the effects of patch-ae patch-af patch-ag"
ChangeLog says:
version 1.5.0 (8/11/2005):
* Ability to set IRC quit message (Lalo Martins)
* OSCAR file transfers now work for 2 users behind the same NAT
(Jonathan Clark)
* Yahoo! buddy requests to add you to their buddy list now prompt for
authorization
* Added a /clear command for conversations/chats
* Fixed ICQ encoding for messages with offline ICQ users
(Ilya Konstantinov, SF Bug #1179452)
* Default Yahoo! chat roomlist locale to 'us'
file's sole purpose was to provide a dependency on pkg-config and set
some environment variables. Instead, turn pkg-config into a "tool"
in the tools framework, where the pkg-config wrapper automatically
adds PKG_CONFIG_LIBDIR to the environment before invoking the real
pkg-config.
For all package Makefiles that included pkg-config/buildlink3.mk, remove
that inclusion and replace it with USE_TOOLS+=pkg-config.
- An error in the handling of away messages can be exploited to cause
a heap-based buffer overflow by sending a specially crafted away message
to a user logged into AIM or ICQ.
Successful exploitation allows execution of arbitrary code.
- An error in the handling of file transfers can be exploited to crash
the application by attempting to upload a file with a non-UTF8 filename
to a user logged into AIM or ICQ.
Patches from RedHat.
will install Perl modules into the "vendor" directories:
chat/vicq math/udunits
databases/rrdtool mbone/beacon
devel/p5-subversion
Bump their PKGREVISIONs.
"Multiple "memory alignment errors" in libgadu, as used in ekg before 1.6rc2
and other packages, allows remote attackers to cause a denial of service (bus
error) on certain architectures such as SPARC via an incoming message."
Bump PKGREVISION, patch from Gaim CVS.
The jabberd project team is pleased to announce the release of jabberd 2.0s9.
This is a security release. There is a buffer overflow that could be used to
perform a DoS attack and possible code execution. It is *HIGHLY* recommended
that you upgrade!
ChangeLog:
* fixed only one user is loaded correctly for each router acl
* fixed s2s segfault under particular connection timeout conditions
* fixed id is being case sensitive
* fixed Users cannot login after a long period of server inactivity
* fixed handling of stream errors
* fixed version attribute reply in stream
* fixed c2s glibc abort and mysql option flags
* fixed sx io mem leak
* fixed Incorrect SASL error message defined in sx/sasl.c
* fixed 3 buffer overflows in jid.c
* fixed second log-in in with similar resource breaks routing for first login
Main changelog entries are:
Security:
- Fixed a bug in http_encode that might have caused buffer overflows
(although not likely to be exploitable) when trying to encode strings
with non-ASCII characters.
- Newline stripping added to prevent newline-in-friendlyname attacks.
(Which allowed remote people to make BitlBee send raw custom IRC lines.)
Bugs:
- Many crashes
- Yahoo! cleanup code to avoid 100% CPU time usage
- fixes for ICQ and MSN
approved by wiz@
3 May 2005:
- Released 2.0.2
- Fix to co-exist more nicely with other encrypting gaim plugins.
1 Mar 2005:
- Initial autoconfiscation, thanks to Greg Troxel <gdt@ir.bbn.com>.
around at either build-time or at run-time is:
USE_TOOLS+= perl # build-time
USE_TOOLS+= perl:run # run-time
Also remove some places where perl5/buildlink3.mk was being included
by a package Makefile, but all that the package wanted was the Perl
executable.
easily controllable IRC client for your other POE components and sessions.
You create an IRC component and tell it what events your session cares about
and where to connect to, and it sends back interesting IRC events when they
happen. You make the client do things by sending it events.
changes since 1.3.1:
* Fix system log start times for some protocols
* SILC compiles with newer SILC toolkit versions (Pekka Riikonen)
* Fixed a bug where buddy icon cache files were left in the icon
cache directory after they were no longer in use.
* Attempt to detect the file type of a buddy icon when saving.
* Additional Yahoo! boot protection (Peter Lawler)
* A few Yahoo! memory leaks plugged (Peter Lawler)
* Fixed handling of the new Yahoo! profile page. (Joshua Honeycutt,
Peter Lawler)
* Fixed localized Yahoo! room lists. Please refer to the Yahoo!
section of the Gaim FAQ for details. (Peter Lawler)
* Enabled sending files to ICQ users using ICQ 5.02 and newer
(Jonathan Clark)
passing -Xc to sunpro defines __STDC__=1 and the build fails in
ircsig.c because <signal.h> only declares sigaction if __STD__=0.
fixes build on Solaris w/ sunpro.
Changes:
2.9.4
(1) SSL support can now be used incoming.
(2) Added three new configuration entries to handle new features:
listenex [--ssl][--limit <maxusers>][--localhost <hostname>] <port>
privatekey <filename>
publickey <filename>
2.9.3
(1) SECURITY FIX: FD_SETSIZE overflow DOS
(2) SSL support can now be used if configured with --with-ssl
SSL connection is done by passing -s
ex. /quote conn -s ircs.server
Note: this is only partially secure since SSL is only supported
outgoing.
2.9.2
(1) Added flush to logging
(2) General code changes to fix compiling on some compilers
(3) Fixed problems binding to listening address
2.9.1
(1) SECURITY FIX: password check, was only letting incorrect passwords in
(2) Fixed IP binding on listen
2.9.0
(1) Added trailing newlines to log records
(2) Added extra error handling on accepting connections
(3) Fixed buffer overflow in getnickuserhost (reported by Leon Juranic)
(4) Added extra check for gethostbyname2
(5) Made password check more thorough
(6) Fixed ipv6 dns resolving to random ipv4
2.8.9
(1) Fixed backspace security flaw (reported by Yak)
(2) Fixed compile errors related to compound statements
(3) Rewrote logic of /vip command
(4) Rewrote docked session listing code
2.8.8
(1) Added support for setting a specific IP to listen on
(listen <[host:]port> [maxusers])
(2) Enhanced bncsetup to use new conf format and new question to handle
specific host entering.
(3) Changed the Makefile to list libraries last, some crypt libraries
predefined their own main function which prevented compiling.
(4) Reorganized the connection code to fix a bug where a user gets
disconnected while connecting to an irc server.
(5) Socket length was not being set before accept. (Thanks chris)
(6) Removed old hack code for systems that do not support snprintf.
(7) Increased error checking in recv code.
(8) Better parsing of messages
(9) Server buffers always cleared when connecting to a new server.
(10) Initial IPv6 support. Added -6 option to the CONN command
(i.e. CONN -6 irc.ipv6.org) which is only necessary on ambigious
addresses or when connecting via dns.
(11) Listen host can be specified in conf as an ipv6 address by putting
the address in []'s (i.e. LISTEN [2000:610:0:23::]:6669)
Requested by Peter Avalos <pavalos@theshell.com> in private e-mail.
the modules are statically-linked into the ircservices executable.
This fixes the installation of chat/ircservices on platforms where
dlopen() doesn't obey its "mode" argument, e.g. RTLD_NOW. Unfortunately,
NetBSD/amd64 currently falls into this category (port-amd64/30570),
but this will also fix installation on any a.out NetBSD or OpenBSD
platform.
Approved for commit during the deep freeze by <agc>.
Changes:
1.0:
====
Only minor bugfixes were made to the previous version.
- Fixed channel public key list saving on backup router on JOIN
command reply.
- New optimized logging.
0.9.21:
=======
A small bugfix release.
- Added default limit how many channels one client can join (50).
- Added missing getopt.[ch].
- Fixed compilation with pkg-config files
0.9.20:
=======
A bugfix release to the SILC Server. In addition of various bugfixes,
this version now also includes new math library that from now on will be
included in all SILC distributions.
- Added more liberal channel names from the previous more stricter
identifier string change.
- Added SERVICE command to server, though services aren't supported yet.
- Fixed MOTD command to send empty reply if motd does not exist.
- Fixed LIST command.
- Fixed query to stop if client goes away.
- Added pkg-config check to the configure.
- Several other bugfixes were made.
The project was declared dead on February 27th 2003, although the last version
dates from August 14th 2001. Not to mention that the program does not work
any more due to all the changes in Yahoo's authentication mechanisms in the
meantime.
Changes:
- security fixes for DoS issues:
http://gaim.sourceforge.net/security/index.php?id=18http://gaim.sourceforge.net/security/index.php?id=19
- Fix Yahoo! privacy bug
- Fix Jabber Get Info crash on busted servers
- The file transfer details section now also displays the full
path to the local file sent/received.
- Yahoo! has the following new "/" commands: /join, /buzz
- Updated our gaim.desktop file, thanks to all our terrific
- translators for sending in translations of the changes
- Improvements to how Gaim handles new message notification
- Updated translations (de, sq, zh_CN).
- Fixed crash of server list connect button when no network is
selected while using GTK's auto-find feature [1166669].
- Fixed handling of WhoIs Special event on some networks where it
could chop off the first character [1164315].
- Plugin API changes: Added "nickserv" field to xchat_get_info.
- Python: Fixed get_list() incorrectly failing when the list
contained a time field [1171525].
- Perl: Make scripts using calls with fully qualified subs work again
[1170139] (Lian Wan Situ).
- Fixed input-box input-method (GTK I.M.) problem [1168239].
- Fixed: Ignore and Notify windows incorrectly used the stock CLOSE
button instead of DELETE [1170655].
- Placed Close/Connect buttons in correct position in server list
[1165474].
- Updated translations (ca, de, lt, nl, ru, sk, sr, vi).
- Added command line args -u and -p.
- Fixed handling of "MODE -o+o nick nick" (#1094026).
- Plugin API changes:
* Added "Key Press" print event.
* Added "state_cursor" for xchat_get_prefs.
* Added xchat_strip and xchat_free functions.
* Added "lasttalk" field to "users" list.
* Added "charset" field to xchat_get_info.
- Perl plugin changes (Lian Wan Situ):
* Move each script into their own unique package/namespace. Scripts
containing multiple packages will not be loaded.
* When warning messages are emitted you will now be told which
script it came from.
* Xchat::set_context will now accept Xchat::set_context( $channel )
and Xchat::set_context( $channel, $server ) in addition to
Xchat::set_context( $context ).
* Fix display of loaded scripts in the Plugins and Scripts window.
- TCL: Fixed crash with invalidated TCL timer (#1110306) (Daniel P.
Stasinski).
- /TIMER now supports timeouts to one decimal place.
- Fixed possible crash of open-file dialog on 64-bit machines.
- Pressing CTRL-O in the DCC Receive window will now open your
downloads folder.
- Win32: Default download folder changed to "My Documents\Downloads".
- Added -quiet arg to the /charset command.
- The /country command now supports a wildcard search.
- The user is now warned when real/user name is left blank in the
server list window.
- Added the /URL command.
- Added a text event for all unknown WHOIS reply lines.
- Added /ALLCHANL which sends to the current server only.
- Actions (/ME) are now treated like PRIV/CHAN for purposes of the
ignore list.
package) into "Makefile".
- Don't include "pkgsrc/devel/glib2/buidlink3.mk" because the package
inherits that dependence automatically from the "gtk2+" package.
While here, reintegrate Makefile.common into Makefile since xchat-gnome
has been removed from pkgsrc and there is no further need for Makefile.common.
tron@ says do it.
Several changes are involved since they are all interrelated. These
changes affect about 1000 files.
The first major change is rewriting bsd.builtin.mk as well as all of
the builtin.mk files to follow the new example in bsd.builtin.mk.
The loop to include all of the builtin.mk files needed by the package
is moved from bsd.builtin.mk and into bsd.buildlink3.mk. bsd.builtin.mk
is now included by each of the individual builtin.mk files and provides
some common logic for all of the builtin.mk files. Currently, this
includes the computation for whether the native or pkgsrc version of
the package is preferred. This causes USE_BUILTIN.* to be correctly
set when one builtin.mk file includes another.
The second major change is teach the builtin.mk files to consider
files under ${LOCALBASE} to be from pkgsrc-controlled packages. Most
of the builtin.mk files test for the presence of built-in software by
checking for the existence of certain files, e.g. <pthread.h>, and we
now assume that if that file is under ${LOCALBASE}, then it must be
from pkgsrc. This modification is a nod toward LOCALBASE=/usr. The
exceptions to this new check are the X11 distribution packages, which
are handled specially as noted below.
The third major change is providing builtin.mk and version.mk files
for each of the X11 distribution packages in pkgsrc. The builtin.mk
file can detect whether the native X11 distribution is the same as
the one provided by pkgsrc, and the version.mk file computes the
version of the X11 distribution package, whether it's built-in or not.
The fourth major change is that the buildlink3.mk files for X11 packages
that install parts which are part of X11 distribution packages, e.g.
Xpm, Xcursor, etc., now use imake to query the X11 distribution for
whether the software is already provided by the X11 distribution.
This is more accurate than grepping for a symbol name in the imake
config files. Using imake required sprinkling various builtin-imake.mk
helper files into pkgsrc directories. These files are used as input
to imake since imake can't use stdin for that purpose.
The fifth major change is in how packages note that they use X11.
Instead of setting USE_X11, package Makefiles should now include
x11.buildlink3.mk instead. This causes the X11 package buildlink3
and builtin logic to be executed at the correct place for buildlink3.mk
and builtin.mk files that previously set USE_X11, and fixes packages
that relied on buildlink3.mk files to implicitly note that X11 is
needed. Package buildlink3.mk should also include x11.buildlink3.mk
when linking against the package libraries requires also linking
against the X11 libraries. Where it was obvious, redundant inclusions
of x11.buildlink3.mk have been removed.
- internal libgadu now work with gnutls instead openssl library.
- fixed crash while start.
- Tlen.pl configuration moved to .gg2/tlen file
- Then to Everaldo www.everaldo.com for his Jabber icons.
- close bugs #177,#146,#170,#141,#148
- fixes of parsing links in chat window
- and others.
Changes:
- Fixes for two remotely exploitable crash bugs. See
http://gaim.sourceforge.net/security/ for more information.
- Removed parts of the font selection dialog that were not respected
- Fix being invited to a multi user chat on MSN
- Multiple SILC accounts should work now (Pekka Riikonen)
- Fix times on jabber chat backlogs
- Fix gevolution plugin to compile with e-d-s 1.0 or 1.2
- Fix gevolution plugin to remember buddy name when someone added you
and you then add them
- Formatting in jabber chats works
- Fix to prevent MSN disconnecting if you change status while
- connecting
- Change to correctly handle adding jabber buddies on ejabberd servers
Mostly from MAINTAINER via PR pkg/30204