version 2.10.11 (11/23/14):
General:
* Fix handling of Self-Signed SSL/TLS Certificates when using the NSS
plugin (#16412)
* Improve default cipher suites used with the NSS plugin (#16262)
* Add NSS Preferences plugin which allows the SSL/TLS Versions and
cipher suites to be configured (#8061)
Gadu-Gadu:
* Fix a bug that prevented plugin to load when compiled without GnuTLS.
(mancha) (#16431)
* Fix build for platforms without AF_LOCAL definition. (#16404)
MSN:
* Fix broken login due to server change (dx, TReKiE). (#16451, #16455)
* Fail early when buddy list is unavailable instead of wasting bandwidth
endlessly re-trying.
version 2.10.10 (10/22/14):
General:
* Check the basic constraints extension when validating SSL/TLS
certificates. This fixes a security hole that allowed a malicious
man-in-the-middle to impersonate an IM server or any other https
endpoint. This affected both the NSS and GnuTLS plugins. (Discovered
by an anonymous person and Jacob Appelbaum of the Tor Project, with
thanks to Moxie Marlinspike for first publishing about this type of
vulnerability. Thanks to Kai Engert for guidance and for some of the
NSS changes) (CVE-2014-3694)
* Allow and prefer TLS 1.2 and 1.1 when using the NSS plugin for SSL.
(Elrond and Ashish Gupta) (#15909)
libpurple3 compatibility:
* Encrypted account passwords are preserved until the new one is set.
* Fix loading Google Talk and Facebook XMPP accounts.
Windows-Specific Changes:
* Don't allow overwriting arbitrary files on the file system when the
user installs a smiley theme via drag-and-drop. (Discovered by Yves
Younan of Cisco Talos) (CVE-2014-3697)
* Updates to dependencies:
* NSS 3.17.1 and NSPR 4.10.7
Finch:
* Fix build against Python 3. (Ed Catmur) (#15969)
Gadu-Gadu:
* Updated internal libgadu to version 1.12.0.
Groupwise:
* Fix potential remote crash parsing server message that indicates that
a large amount of memory should be allocated. (Discovered by Yves Younan
and Richard Johnson of Cisco Talos) (CVE-2014-3696)
IRC:
* Fix a possible leak of unencrypted data when using /me command
with OTR. (Thijs Alkemade) (#15750)
MXit:
* Fix potential remote crash parsing a malformed emoticon response.
(Discovered by Yves Younan and Richard Johnson of Cisco Talos)
(CVE-2014-3695)
XMPP:
* Fix potential information leak where a malicious XMPP server and
possibly even a malicious remote user could create a carefully crafted
XMPP message that causes libpurple to send an XMPP message containing
arbitrary memory. (Discovered and fixed by Thijs Alkemade and Paul
Aurich) (CVE-2014-3698)
* Fix Facebook XMPP roster quirks. (#15041, #15957)
Yahoo:
* Fix login when using the GnuTLS library for TLS connections. (#16172)
Upstream changes:
6.88 Sat Jun 28 13:14:00 BST 2014
- BotAddressed: Handle being addressed with a prefixed @ or %
6.87 Sat Jun 21 15:08:32 BST 2014
- Believe have resolved issues with online test
6.86 Fri Jun 20 11:12:06 BST 2014
- Added more diagnostics to the online test
6.85 Thu Jun 19 10:19:07 BST 2014
- Added some diagnostics output to the online test
6.84 Tue Jun 17 10:45:38 BST 2014
- Plugman: store @$ or else it gets overwritten - Commit: 65ba2a4f3
Clean up Makefile for readibility. Add SMF manifest.
Changes in 0.9.7:
- Fix server-to-server interoperability issue with Isode M-Link (since 0.9.6)
- Fix traceback in 'prosodyctl about' command with LuaRocks 2.2.0+ installed
Changes in 0.9.6:
- certmanager, net.http: Disable SSLv3 by default
- net.http.parser: Support status code 101 and allow handling of the received
data by plugins
- util.filters: Ignore filters being added twice (fixes issues on removal,
i.e. when some plugins are reloaded/unloaded)
- mod_s2s: Close offending s2s streams missing an 'id' attribute with
a stream error instead of throwing an unhandled error
- Networking API: Add 'ondetach' callback for listener objects, to prevent
leaks when connections have their listener changed
- core.stanza_router: Stricter validation of stanzas
- mod_admin_adhoc: Mark 'accountjids' field as required in 'end user sessions'
command (thanks Lloyd)
- mod_admin_adhoc: Add required to field in user deletion form too
- net.dns: Avoid duplicate cache entries
- util.stanza: Escape newlines and tabs (\r\n\t) when serializing stanzas.
- util/dataforms: Make sure we iterate over field tags only
- mod_s2s: Capitalize log message
- mod_pubsub: Fix error type of 'forbidden' (change from 'cancel' to 'auth')
Changes in 0.9.5:
- C2S: Fix traceback if a client opens a stream to component, which could
cause a crash in combination with some versions of LuaEvent
- C2S, S2S: Log received invalid stream headers
- S2S: Fix case where stream headers were sometimes sent twice
- DNS: Ensure all pending requests get notified of a timeout when looking
up a record
- DNS: Fix duplicated cache insertions by limiting outstanding queries
per name to one
- xmppstream: Disable LuaExpat's buffering
- xmppstream: Disable CharacterData merging after stream restarts
- xmppstream: Pass invalid stream headers to error handling
- Privacy lists: Correctly sort privacy list rules by order
- prosody: Check dependencies later in the startup sequence
- Config: Delay importing LuaFileSystem until needed by an Include line
- Config: Normalize VirtualHost and Component names
- prosodyctl: Normalize JIDs for adduser/passwd/deluser
- POSIX: Fix error reporting from disk space allocation
- POSIX: Verify that 'pidfile' is a string, show friendly error otherwise
- Dependency checking: Check that prosody is running under Lua 5.1. We don't
currently support any other versions. (LuaJIT identifies as 5.1)
- Compliance: Reset stream ID when resetting stream
- Compression: Log compression setup errors
- Console: Fix commands for adding and replacing name servers
- Console MUC commands: Fix error when a non-existent host is entered
- Filters: Prevent filters from being added twice
- Network: Transfer all available data between linked sockets
- dataforms: Add support for XEP-0221: Data Forms Media Element
ERROR: [check-interpreter.mk] The interpreter "/usr/pkg/bin/perl" of
"/scratch/chat/centerim/work/.destdir/usr/pkg/bin/cimconv" does not
exist. (etc) Thanks joerg@.
There's a new release out, including various browser bug fixes.
Key handling fixes for WebKit, removed outline for Chrome.
Made it more obvious when the stream is disconnected.
Optional support for smilies (see cgiirc.config.full and docs/smilies.conf.example)
Date: 24 September 2013 Author: dgl
- remove patches/patch-ad. #include <utmp.h> does not exist any more.
(upstream)
- Update 4.22.9 to 4.22.10
2010-10-26 Roger <roger@jikos.cz>
Disable standard printf() redefinition in yahoo_util.h Should fix#165
2010-10-23 Boris Petersen <transacid@gmail.com>
Fix for CVE-2009-3720 in libjabber's xml parser
2010-10-19 Roger <roger@jikos.cz>
Updated po files
Merge branch 'mob' of git+ssh://repo.or.cz:22/srv/git/centerim into mob
Yahoo - disable conference and file transfer support (it doesn't work anyway)
Propper authorization and buzz events
2010-10-19 Boris Petersen <transacid@gmail.com>
updated po files
2010-10-19 Roger <roger@jikos.cz>
Yahoo - add buddy authentication
2010-10-11 Roger <roger@jikos.cz>
Add missing initialization to get rid of some valgrind warnings
2010-10-07 Boris Petersen <transacid@gmail.com>
updated po files
2010-10-07 Roger <roger@jikos.cz>
Yahoo - implement missing callback stubs
2010-10-05 Boris Petersen <transacid@gmail.com>
updated po files
2010-10-05 Roger <roger@jikos.cz>
Yahoo - implement missing callbacks
2010-10-04 Roger <roger@jikos.cz>
fix GNUTLS connection
2010-10-02 Roger <roger@jikos.cz>
connwrap - initialize gnutls session in cw_connect
connwrap - don't deinit gnutls session in cw_nb_connect on error, it's done in delsock
2010-09-16 Roger <roger@jikos.cz>
Add missing sources to libyahoo2 makefile
2010-09-16 Boris Petersen <transacid@gmail.com>
updated po files
ignore .version file
2010-09-16 Roger <roger@jikos.cz>
Port Yahoo to new libyahoo2-1.0.1
Disables file transfer (at least for now)
Fix SSL context leak in connwrap
2010-08-27 Boris Petersen <transacid@gmail.com>
Added gettext-devel test to autogen.sh
2010-08-27 Sven Putteneers <sven@tuxera.be>
display received time if different from sent time
Added script to extract a part of a chatlog history and pretty-print it.
Run without parameters for usage info.
2010-07-31 Boris Petersen <transacid@gmail.com>
adding new script for history formating.
initial script by Ilya Sukhanov <ilya@sukhanov.net>
2010-06-19 Roger <roger@lv.(none)>
Add missing initialization to perm/deny SNAC and don't overwrite its id in SBL parsing
2010-04-24 Boris Petersen <transacid@gmail.com>
Merge git-version-gen with gnulib
2010-02-25 Damyan Yordanov <damyan@web.de>
bulgarian translation updated
2010-02-25 Boris Petersen <transacid@gmail.com>
updated po files
2010-02-21 Boris Petersen <transacid@gmail.com>
refresh index before checking for dirty versions
2010-02-21 Damyan Yordanov <damyan@web.de>
bulgarian translation updated
2010-02-18 Lubomir Rintel <lkundrak@v3.sk>
Use RAND_add() with nss_compat_openssl
It does not provide RAND_seed().
2010-02-18 Boris Petersen <transacid@gmail.com>
updated po files
2010-02-17 Roger <roger@lv.(none)>
Better jabber presence handling
2010-02-05 Boris Petersen <transacid@gmail.com>
Merge branch 'versioning' into mob
2010-02-05 Ahmed El-Mahmoudy <aelmahmoudy@sabily.org>
Check for FriBidi using pkg-config
New upstream releases of FriBidi don't provide fribidi-config anymore, so
using pkg-config instead to check for FriBidi.
2010-01-31 Boris Petersen <transacid@gmail.com>
new packaging friendlier versioning
This basically omits the 4 hash digits at the end of the version string.
so e.g.:
centerim-4.22.9.12-3be3.tar.gz
will end up
centerim-4.22.9.12.tar.gz
This makes it easier to package mobshot in gentoo for example.
Updated po files
2010-01-29 Hakan Kvist <hagar@df.lth.se>
Fixed compiler warnings in kkiproc.cc
Removed unused function in kkiproc.cc and fixed
compilewarnings regarding xprintf.
stringstream << should be used instead of sprintf,
and cout << instead of printf.
Beacause:
int64_t foo = 0xffffffffffffffff;
printf (%lx, foo);
printf will behave as expected on a 64 bit platform,
but not on a 32 bit platform (only ffffffff will be printed).
2010-01-28 Hakan Kvist <hagar@df.lth.se>
Cleanup of "extra protection" for ~/.centerim directory.
Reverted some parts of the commits:
e0ab4eeb52cdba438aa2834c4223881ab006b854
deb0cbaa7c385d2656229ac366071c090c55f597
See the discussion here:
http://centerim.org/pipermail/centerim-devel/2009-June/000678.html
If the ~/.centerim directory got the proper protection, then there
is no need for bloating the code with a lot of extra verifications.
No one else than the owner can access the files in ~/centerim
anyway.
Removal of unused variables
Removed a couple of unused variables.
There is still a lot to do if we want to be able to use -Wall for detecting
real errors (currently there are too many warnings in the output, so -Wall isn't
really useful).
Ncurses RTFM. remove ugly prototypes for FreeBSD and OSX
When reading the ncurses man page you find that
_XOPEN_SOURCE_EXTENDED must be defined when using
wide character functions when including ncurses.h.
2010-01-26 Hakan Kvist <hagar@df.lth.se>
Try to fix FreeBSD ncurses compile errors.
Tested on Ubuntu 9.04 and FreeBSD 7.2.
Try to fix FreeBSD ncurses compile errors.
Tested on Ubuntu 9.04 and FreeBSD 7.2.
Try to fix FreeBSD ncurses compile errors.
2010-01-25 Hakan Kvist <hagar@df.lth.se>
configure: check for ncurses/ncursesw. Only curses is not enough.
Some platforms (i.e Solaris 11), still ships ancient curses.
However centerim requires ncurses in order to compile.
Adapted configure.ac to only check for ncurses(w) instead of (n)curses(w).
Cleaned up #ifdefs in conscommon.h
2010-01-19 Hakan Kvist <hagar@df.lth.se>
Fixed compiler error with FreeBSD. Also fixed link error against curseslib.
FreeBSD do not want <utmp.h> to be included. However utmp is only used in linux,
so we do not need to include utmp.h for non linux systems.
Also bug in configure script was fixed.
The curses-lib was not properly included in the $LIBS-variable in the
configure.ac file.
2010-01-19 Boris Petersen <transacid@gmail.com>
Better check for ncurses/ncursesw
With many thanks to the autoconf archive for the macro
and Stéphane "kjir" Bisinger for the pointers and hints ;)
2009-12-14 Boris Petersen <transacid@gmail.com>
Updating Changelog for 4.22.9
2009-12-13 Boris Petersen <transacid@gmail.com>
New taging model.
To be up to date with gnulib's git-version-gen.
WARNING: This breaks compatibility with non v* tags.
For us that means everything before 4.22.9 won't work
anymore.
- The OTR plugin now uses libotr 4.0 (AKA libotr5 in debian based distros)
- Rejecting buddy requests in jabber won't accept them. Sorry for that.
- Purple builds can now enable built in protocols when configuring, by
passing a parameter such as --jabber=1 to configure
- You can now use /oper to change passwords with "ac x set -del password"
- Complex unicode characters (non-BMP) now display correctly in twitter.
- A few init / build script / pkg-config fixes. Added "install-systemd"
make target.
Finished 5 Jul 2014
Version 3.2.1:
- Most important change: http_client updated to use HTTP/1.1, now required
by Twitter.
- fill_by setting can now be used to fill a channel contacts *not* in a
certain group/on a certain account/etc. See "help set fill_by"
- Added utf8_nicks setting which lets you use non-ASCII nicknames for your
contacts. Might not work with all IRC clients, use at your own risk!
- Lots of bugfixes.
Finished 27 Nov 2013
* Fixed a bug causing wildcards in command alias replacement patterns not
to be expanded.
* Fixed a bug causing auto-joining of channels not starting in # or & to
sometimes fail because the auto-join command was generated before we got
the CHANTYPES pronouncement by the server.
* Added a size sanity check for incoming Blowfish ECB blocks. The blind
assumption of incoming blocks being the expected 12 bytes could lead to
a crash or up to 11 byte information leak due to an out-of-bounds read.
This fixes CVE-2014-8483.
* Enabling SSL/TLS support for connections will now advertise the protocols
Qt considers secure by default, instead of being hardcoded to TLSv1.
* Fixed the bundled 'sysinfo' script not coping with empty lines in
/etc/os-release.
* Made disk space info in the bundled 'sysinfo' script more robust by
forcing the C locale for 'df'.
* Added an audio player type hint for Cantata to the bundled 'media' script.
* Fixed some minor comparison logic errors turned up by static analysis.
* Konversation now depends on KDE Platform v4.9.0 or higher.
21 Oct 2014:
- Release 4.1.0
- Modernized autoconf build system
- Use constant-time comparisons where needed
- Use gcrypt secure memory allocation
- Correctly reject attempts to fragment a message into too many pieces
- Fix a missing opdata when sending message fragments
- Don't lose the first user message when REQUIRE_ENCRYPTION is set
- Fix some memory leaks
- Correctly check for children contexts' state when forgetting a context
- API Changes:
- Added API functions otrl_context_find_recent_instance and
otrl_context_find_recent_secure_instance.
the version number accidentally went backwards in the last irssi update.
This release mainly incorporates most of the pkgsrc patches into the upstream
tarball, so the only real change of note is that /beep output has been fixed.
telepathy-glib 0.24.1 (2014-08-25)
==================================
Fixes:
* base-client: fix potential uninitialized variable bug (Guillaume)
* Fix a potential crash in contact-list example (fd.o #79006, Guillaume)
telepathy-glib 0.24.0 (2014-03-26)
==================================
The "space Tolkien" release.
Fixes since 0.23.3:
* don't leak every D-Bus method call result, a regression in 0.23.1 (Simon)
telepathy-glib 0.23.3 (2014-03-18)
==================================
This is the release candidate for the future 0.24.0 stable release.
Enhancements:
* TpProtocol gained API to access to its immutable properties as a
GVariant. (fd.o #55108, Guillaume)
* TpCallStream and TpCallContent now inherit the factory from their
TpCallChannel. (fd.o #76168, Guillaume)
Fixes:
* fix a memory leak when cleaning up TpProxy "prepare" requests
(fd.o #76000, Simon)
* fix a memory leak for paths to contacts' avatar data (fd.o #76000, Simon)
* fix crashes in TpFileTransferChannel with GLib 2.39 (fd.o #72319, Xavier)
* fix some paths memory leaks (fd.o #76119, Guillaume)
* tp_list_connection_managers_async() now terminates properly if there is no
CM installed. (fd.o #68892, Guillaume)
telepathy-glib 0.23.2 (2014-02-26)
==================================
Enhancements:
* TpBaseConnection now has an "account-path-suffix" property
(fd.o #74030, Xavier)
* New high level TpAccountChannelRequest API, including tubes, Conference and
SMSChannel. (fd.o #75450, Guillaume)
* 'TargetHandleType: None' is now automatically added when requesting a
channel with TpAccountChannelRequest if no handle type has been defined.
(fd.o #75450, Guillaume)
telepathy-glib 0.23.1 (2014-02-04)
==================================
The "undead space elves" release.
Dependencies:
* GLib 2.36 or later is required
Deprecations:
* TpPresenceMixin: optional arguments are deprecated, apart from a
string named "message". This matches our current D-Bus API.
Enhancements:
* tp_protocol_normalize_contact_async(),
tp_protocol_identify_account_async(), and high-level API for
the Protocol Addressing and Presence interfaces (fd.o #71048, Simon)
* More accessors for TpPresenceStatusSpec, which is now a boxed type
(fd.o #71048, Simon)
* tp_connection_manager_param_dup_variant_type() (fd.o #71093, Simon)
* Better debug output (fd.o #68390, #71048; Simon)
Fixes:
* In the examples, specifically ask for "TelepathyGlib-0.12" (this API
version), not Telepathy 1.0 (fd.o #49737, Simon)
* Improve tests' isolation from the real session bus (Xavier)
* Fix a critical warning for each new connection under GLib 2.39
(fd.o #72303, Xavier)
* Fix some possible crashes in file transfer channels, particularly
under GLib 2.39 (fd.o #72319, Xavier)
* Correct tp_account_request_set_avatar documentation (Xavier)
* Fix a TpConnection reference-leak in TpBaseClient (Guillaume)
telepathy-glib 0.23.0 (2013-10-28)
==================================
We no longer guarantee compatible upgrades within a development (odd) branch,
see README for details.
Dependencies:
* GLib 2.34 or later is required.
Enhancements:
* Spec 0.27.3
- added Conn.I.Sidecars1
- added Conn.I.Renaming
- added CD.I.Messages1
* TpAccount::avatar-changed signal (fd.o #52938, Guillaume)
* tp_value_array_free: equivalent of g_value_array_free but does not provoke
deprecation warnings from GLib (fd.o #69849, Simon)
* tp_account_is_prepared and tp_account_manager_is_prepared are now deprecated
(Guillaume)
Fixes:
* tp_contact_set_attributes: don't warn on genuinely absent interfaces
(fd.o #68149, Simon)
* channel-group: don't crash if no message has been provided (Guillaume)
telepathy-glib 0.22.0 (2013-10-02)
==================================
The "don't starve" release.
This is a new stable branch, recommended for use with GNOME 3.10.
Fixes since 0.21.2:
* When an avatar is downloaded, announce the change to the avatar token
immediately; if the avatar changes from A to B while we're still doing the
asynchronous file saving, don't set A as the new avatar when it has been
saved. Regression in 0.21.2. (fd.o #70010, Simon)
* Don't crash if the AccountManager returns an incorrect type for the
Avatar (fd.o #69849, Simon)
Significant changes since the previous stable branch, 0.20.x:
* tp_connection_get_self_contact() now returns NULL if the contact's
connection has been invalidated, in order to break a reference cycle
* Avatars are saved to the cache asynchronously
* TpBaseConnection implements SelfID, SelfContactChanged according to
telepathy-spec 0.27.2
* TpAccount:uri-schemes property, with change notification requiring
Mission Control 5.15+
telepathy-glib 0.21.2 (2013-09-24)
==================================
The "always another thing" release.
Enhancements:
* Writing avatars into cache now uses asynchronous I/O. (fd.o #63402;
Luca Versari, Chandni Verma, Simon McVittie)
* telepathy-spec 0.27.2
- add SelfID, SelfContactChanged
* tp_dbus_properties_mixin_dup_all() is now public (fd.o #69283, Simon)
* TpBaseProtocol now lists Presence.Statuses as an immutable
property. (fd.o #69520, Guillaume)
* TpBaseConnection: Implement SelfID and SelfContactChanged as defined in
spec 0.27.2. (Xavier)
* The inspect-cm example now inspects all CMs if run without arguments
(fd.o #68390, Simon)
Fixes:
* Don't crash if GetContactInfo() fails (fd.o #46430, Guillaume)
* Fix a race condition that could result in telepathy-haze protocol support
not being detected (fd.o #67183, Simon)
* Fix documentation for tp_connection_get_self_handle (Emilio)
* Make TpHeap work correctly with GComparator functions that return
values outside {-1, 0, 1} (fd.o #68932, Debarshi Ray)
* Examples have been updated to use more recent API (Simon)
* Better debug-logging (fd.o #68390, Simon)
telepathy-glib 0.21.1 (2013-06-20)
==================================
The "imperative tense" release.
Fixes:
* Fix a wrong introspection annotation on tp_debug_client_get_messages_finish()
that would lead to use-after-free (fd.o #65518, Simon)
* Isolate regression tests better (fd.o #63119, Simon)
* Explicitly annotate tp_account_update_parameters_finish()'s
'unset_parameters' argument to be a NULL-terminated string array. It was
previously incorrectly inferred to be a string, for some reason. (wjt)
* Always flag delivery reports with Non_Text_Content. (fd.o #61254, wjt)
* Don't announce legacy Group channels twice (fd.o #52011; Jonny, Simon)
* Don't crash if a broken connection manager signals a TLSCertificate
with no CertificateChainData, just invalidate the channel
(fd.o #61616, Guillaume)
* Adjust regression tests so we can distcheck under Automake 1.13,
and various other build-system updates (fd.o #65517, Simon)
telepathy-glib 0.21.0 (2013-04-03)
==================================
The "if only it was JS code" release.
This starts a new development branch.
Enhancements:
# Code-generation now copes with ${PYTHON} being set to Python 3
(e.g. "./configure PYTHON=python3" on Debian); Python 2 remains
fully supported (fd.o #56758, Simon)
# Add uri-schemes property on TpAccount, with notify::uri-schemes
emitted if using a recent AcountManager like Mission Control 5.15 or
later (Guillaume)
Fixes:
# Remove the pkg-config dependency from .pc files (Will)
# Don't emit the NewChannels signal twice for the obsolete ContactList GROUP
channels (fd.o #52011, Simon)
# Fix refcycle preventing TpConnection objects to be freed. This theoretically
introduce a behaviour change of tp_connection_get_self_contact() that now
returns NULL when the connection as been invalidated. (fd.o #63027, Xavier)
Deprecations:
# tp_g_key_file_get_int64, tp_g_key_file_get_uint64 (use the corresponding
functions from GLib >= 2.26)
main changes are significant internal cleanup, dozens of minor bug
fixes, and two new major features: connect via HTTP proxy, and
connect to SSL IRC servers.
New major features in this release:
- plugin "trigger": Swiss Army knife for WeeChat (replaces "rmodifier" plugin)
- plugin "exec": execute external commands (replaces script "shell.py")
- bare display: easy click on long URLs and text selection with mouse
- support of environment variables in /set command
- hidden buffers
- negated tags in filters
- toggle of filters in specific buffers
- flexible conditions for adding/removing buffers in hotlist
- text search in buffers with free content
- support of wildcard "*" inside masks
- support of nested variables in evaluated expressions
- tag with host in IRC messages displayed
- support of "away-notify" IRC capability
- IRC commands: /allpv, /remove, /unquiet
- bar items: buffer_short_name, irc_nick_modes
