The latest release in the stable 1.1 series has been released, consisting of a number of internal fixes for increased reliability and performance.
This is a HIGHLY RECOMMENDED release.
Fixes include problems with Anope support, m_ident sometimes not correctly resolving ident, OpenSSL connections terminating when they shouldn't, corruption on /map output, silent SVSHOLD (no more annoying notices), and U:Lines may now deoper users without resorting to /kill (so defender's secureoper functionality will work properly).
Fixes security issue http://secunia.com/advisories/31633/
Changelog:
Version 1.2.2 (released 2008-08-26) hilights:
* Fixed a security issue where it was possible to recreate/hijack already
existing accounts.
* Various stability improvements and minor feature enhancements.
Bump PKGREVISION of non-bundled plug-ins.
Changes for 2.5.0 (08/17/2008) since 2.4.3:
libpurple + pidgin:
- Lots of bug fixes and improvements for the MSN protocol
(MSNP15 support) and MSN "bunny icon" (?).
- Miscellaneous bug fixes, a few new icons, etc.
- The following API changes:
libpurple:
Added:
* Connection flag PURPLE_CONNECTION_ALLOW_CUSTOM_SMILEY to indicate
that the connection supports sending and receiving custom smileys.
* PurpleSmiley and the Smiley API.
* purple_serv_got_join_chat_failed
* chat-join-failed signal (see conversation-signals.dox)
* chat-invite-blocked and blocked-im-msg signals (see
converation-signals.dox) (Thanks to Stefan Ott)
* purple_blist_update_node_icon
* purple_buddy_icons_node_has_custom_icon
* purple_buddy_icons_node_find_custom_icon
* purple_buddy_icons_node_set_custom_icon
* purple_buddy_icons_node_set_custom_icon_from_file
* purple_notify_user_info_prepend_section_break
* purple_notify_user_info_prepend_section_header
* "website" and "dev_website" items to the ui_info hash table
* purple_cmds_get_handle, purple_cmds_init, purple_cmds_uninit
* cmd-added and cmd-removed signals
* purple_get_host_name
* purple_util_fetch_url_len (temporary function overload to add max_len
param)
* purple_util_fetch_url_request_len
* purple_prpl_send_attention
* purple_prpl_got_attention
* purple_prpl_got_attention_in_chat
Deprecated:
* purple_blist_update_buddy_icon
* purple_buddy_icons_has_custom_icon
* purple_buddy_icons_find_custom_icon
* purple_buddy_icons_set_custom_icon
* pidgin_set_custom_buddy_icon
* purple_util_fetch_url_len
* purple_util_fetch_url_request_len
* serv_send_attention
* serv_got_attention
Changed:
* xmlnode_copy now copies the prefix and namespace map for nodes.
pidgin:
Added:
* gtk_imhtml_smiley_create, gtk_imhtml_smiley_reload and
gtk_imhtml_smiley_destroy to deal with GtkIMHtmlSmiley's.
* pidgin_pixbuf_from_imgstore to create a GdkPixbuf from a
PurpleStoredImage.
* pidgin_themes_smiley_themeize_custom to associate custom smileys to
a GtkIMHtml widget.
* GTK_IMHTML_CUSTOM_SMILEY flag for GtkIMHtml.
* GTK+ Custom Smiley API.
around build problems. Set appropriate linker options instead to achieve
the same result. Bump package revision because of this fix which results
in changes to the binary.
Loudmouth 1.4.1
Loudmouth 1.4.1 contains a bugfix from 1.4.0 causing some clients to be disconnected if connected through a NAT firewall.
Loudmouth 1.4.0 contains no changes from 1.3.4 but is simply a release to mark it as the new stable branch.
Loudmouth 1.3.4
Loudmouth 1.3.4 is a release on the unstable 1.3 branch. It contains of added
features and bug fixes.
Loudmouth 1.3.3 released
Loudmouth 1.3.3 is a release on the unstable 1.3 branch. It contains of added
features and bug fixes.
Loudmouth 1.3.2 released
Loudmouth 1.3.2 is a release on the unstable 1.3 branch. It contains of added
features and bug fixes.
with X11 support (where it fixes the build). There is no compelling
reason to use Xft otherwise.
- Use CPU detection code on all NetBSD platforms. It turns out that XChat
properly deals with the case where we could figure out the number of
CPUs but not their clock frequency.
- Add support for building XChat with X11-less GTK+ 2.x under Mac OS X.
This fixes PR pkg/39328 by Adrian Portelli.
Bump package revision because of these improvements.
1.61 Tue Jul 27, 2004
Made a small change to the example.pl script to keep it from
dumping deref warnings. Thanks to an anonymous person who sent
this suggestion through the CPAN bug tracking system.
1.6 Mon Jan 26, 2004
Patched around yet another undocumented "feature" of the TOC
protocol---namely, in order to successfully sign on, you must have
at least one buddy in your buddy list. At sign-on, in the absence
of a real buddy list, Net::AOLIM inserts the current user as a
buddy in group "Me." Don't bother removing this buddy, as it
doesn't really exist---as soon as you add any real buddies, this
one will go away. Thanks to Galen Johnson and Jay Luker for
emailing with the symptoms.
deal with the case where we can only determine the number of cores (which
should work on all platform) and not the CPU frequency (which only works
on some x86 machines).
- Updated translations (de, fi, fr, hu, lt, nb, ru, th, zh_CN).
- Fixed creation of ~/.xchat2/scrollback/ paths
(xc284-scrollbmkdir.diff).
- Fixed a leak of file descriptors related to the scrollback feature
(resource leak) (xc284-fix-scrollbfdleak.diff).
- Stopped scrollback files growing too large by fixing the file-shrink
code.
- Put a "Display scrollback from previous session" into the Setup GUI
(logging section) so people can turn this off without typing commands.
- Made /away work even when the reason setting is empty.
- Using /part on a channel that contains a quotation mark now works
[1800855].
- Changed the default encoding to "IRC" (CP1252/Unicode Hybrid) for both
Unix and Windows.
- Fixed a possible Channel List crash if you searched many times while
the download was still going.
- Fixed alert balloons failing if the text contained "<" characters
[1827629].
- The Drag&Drop files to userlist feature has been enabled again.
- Removed the /set tab_icons setting and made it automatic (see FAQ for
more info about icons).
- Fixed a bug in creating files (save channel list, rawlog etc) that would
set the wrong permissions.
- Added command line argument --command=COMMAND which can be used in
conjuction with --existing (E.K.L.). This sends any xchat command to
an existing (running) client.
- A private SSL key/certificate can now be loaded from ~/.xchat2/client.pem.
- The Alerts settings now accept wildcards, instead of partitial string
match [1807563].
- Changing away status during reconnect/disconnect will now remember it.
- You can now change your Away/Back status (all networks) in the tray menu.
- Favorite Channels / Auto-Join-List management:
* Network List window now has a "..." button to edit the auto-join-list
in a more friendly way.
* Channel(text area), Tree/Tab and Channel-List right-click menus now
have a "Add to Favorites" function.
* Previous limit of 300 bytes has been overcome. Now up to 2 KB worth
of channels/keys can be joined and it will be automatically split
into multiple lines, if necessary.
* Per-Channel settings now save to disk, including Logging and Scrollback
settings.
* /ChanOpt has been re-worked to be more like /Set.
- 'hostname:port' syntax is now accepted, if it's not an IPv6 address.
- The Userlist right-click menu now has icons and an option to add to
friends list. If you've edited this menu before you'll still get the old
one. To get the new one delete ~/.xchat2/popup.conf while XChat isn't
running.
- ~/.xchat2/startup.txt is now loaded on launch (like /LOAD -e). Put any
commands you want executed at startup here.
- The lag-o-meter now has a full scale of 1.0 seconds.
- libnotify is now opened directly instead of using 'notify-send' to open
tray/balloon alerts.
- Added support for QuakeNet's /AUTH for nick password, when numeric
005 NETWORK=QuakeNet is detected.
- You can now copy with IRC attributes and mIRC colors if CTRL key is down
when a selection is finished (on mouse release). This replaces the old
"Color paste" feature.
- Added a 'compact' flag to gui_tweaks. This'll make the userlist and tree
spacing smaller. E.g. type /set -or gui_tweaks 32 and restart to turn
it on.
- The /CLEAR command takes a number as paramater (how many lines to clear).
- When there's missing information in the Userlist right-click menu,
it'll issue a silent /WHOIS and fill it in. This includes retrieving
a person's away-reason.
- Perl (Lian Wan Situ)
* /reloadall will now reload all the scripts that are currently load
instead of simply reruning the autoload routine
* gtk/glib/gdk errors and warnings have been redirected back to stderr
so they will no longer show up in the text box as a result of having
the Perl plugin loaded
* Check if the user has perl 5.6 instead of 5.8 and give an warning
dialog if they do (Peter Zelezny)
* Changed timer callbacks so that they are executed in the context that
they were created in
* Modified Xchat::print and Xchat::command to accept array references
in addition to strings for the channel and server parameters
- Plugin API:
* xchat_emit_print() will now trigger Sound, Blink, Icon etc type
events, depending on user's settings.
* Fixed a bug where not all 32 elements were available in
word[]/word_eol[].
Version 1.2.1 (released 2008-06-24) hilights:
* Mostly a lot of fixes for bugs found after the 1.2 release.
* Daemon mode is now officially declared stable.
- Fixed proxy support.
- Fixed stalling issues while connecting to Jabber when using the OpenSSL
module.
- Fixed problem with GLib and ForkDaemon where processes didn't die when
the client disconnects.
- Fixed handling of "set charset none". (Which pretty much breaks the account
completely in 1.2.)
- You can now automatically identify yourself to BitlBee by setting a server
password in your IRC client.
- Compatible with all crazy kinds of line endings that clients can send.
- Changed root nicknames are now saved.
- Added ClientInterface setting to bind() outgoing connections to a specific
network interface.
- Support for receiving Jabber chatroom invitations.
- Relaxed port restriction of the Jabber module: added ports 80 and 443.
- Preserving case in Jabber resources of buddies, since these should
officially be treated as case sensitive.
- Fully stripping spaces from AIM screennames, this didn't happen completely
which severly breaks the IRC protocol.
- Removed all the yellow tape around daemon mode, it's pretty mature by now:
testing.bitlbee.org serves all (~30) SSL users from one daemon mode
process without any serious stability issues.
- Fixed GLib <2.6 compatibility issue.
- Misc. memory leak/crash fixes.
various character set problems. The security issues fixed:
* NICK_CHANGE buffer overflow: CVE-2007-3728.
* pkcs_decode buffer overflow: CORE-2007-1212.
Changes since version 1.0.4.1:
- Fixed NEW_CLIENT packet handling crash.
- Fixed partial encryption in CTR mode in AES.
- Fixed printable fingerprint buffer overflow.
- Fixed UNIX signal delivery il SILC scheduler.
- Reprocess JOIN command synchronously after resolving channel user list.
- In JOIN command reply check if the channel key is already saved.
- Remove all channel keys and hmacs after giving LEAVE command.
- Added missing channel unreferencing in CMODE, CUMODE, TOPIC, INVITE,
BAN and KICK command replies.
- Fixed connection authentication with public keys to use correct public
key as responder.
- Zero tail of CTR mode IV in IV Included mode.
- Fixed CTR mode rekey.
- Rewrote the IV Included CTR mode encryption/decryption in packet engine.
- Fixed non-IPv6 compilation error.
- Fixed channel private key deleting when deleting the channel.
- Fixed TIMEOUT handling in user info resolving during JOINing, fixes crash.
- Fixed mandatory UN and HN SILC public key identifier checking.
- Fixed alignment issues with 64-bit CPUs.
- Added "There are now xx nick's" to "are xx nicks".
- Fixed USERS command user mode handling (integer overflow).
- Fixed big-endian issues from aes implementation.
- Fixed lib/silcutil/silcatomic.h compilation on IA64.
- Fixed public key identifier parsing to check lengths correctly.
- In silc_client_free check that scheduler is allocated before trying to
free it.
- Fixed buffer overflow in NICK_CHANGE notify. The destination buffer for
old nicknames was too small.
- Added support for rekey with PFS when using CTR mode encryption.
- Added silc_idcache_move that can be used to move entries between caches.
- Added better checks for invalid argument and notify payloads.
- Fixed SILC_PACKET_FLAG_LONG_PAD bitmask value.
- Set the destination ID to packet stream as SKE responder if ID was
present in key exchange packet.
- Compile sources with _GNU_SOURCE on Linux systems.
- Fixed Unix signal task dispatching to not lock the signals when
dispatching the callback to avoid deadlocks.
- Added SILC_VERSION macro for checking package versions at compile time.
- Use SILC_VERIFY to assert that silc_rwlock_wrlock can be called only
once per thread on Unix.
- Fixed USERS command reply write-lock unlocking.
- Fixed silc_create_key_pair to check for valid identifier.
- Rewrite signed public message handling, adopting the new hilight interface.
- Fix off by one error when loading modules.
- Don't delete hilight entry (because it's just a pointer, not a copy).
- Added __SILC_TOOLKIT_x_x_x macro to all Toolkit distribution which can
be used to check for Toolkit version in third-party software.
- Added support for channel@server channel name strings to client library
(SILC protocol version 1.3 change).
- Added full_nicknames and full_channel_names settings to SilcClientParams
that can be used to specify whether client library returns full nickname
and channel name strings. Full strings are nick@server and channel@server.
- Fixed unix connecting failure to return error code correctly.
- Fixed SKE timeout double free crash.
- Fixed MIME multipart decoding buffer overflow.
- Fixed connection auth protocol timeout crash.
- Fixed FSM machine finishing to check for existing threads at the final
free callback to allow time for the threads to finish.
- Fixed silc_client_get_clients_local to check the nick's server also if
nick@server nickname string is given to the function.
- And many more, oh well. For the user this means: better charset support,
less crashes, nick names now potentially user#23, server specific
channels and more sanity.
Talked over a while ago with wiz with no objections.
i) CVE-2008-2927 fix
ii) the previous version was being rejected from the ICQ network.
version 2.4.3 (07/01/2008):
libpurple:
* Yahoo! Japan now uses UTF-8, matching the behavior of official clients
and restoring compatibility with the web messenger (Yusuke Odate)
* Setting your buddy icon once again works for Yahoo! accounts.
* Fixes in the Yahoo! protocol to prevent a double free, crashes on
aliases, and alias functionality
* Fix crashes in the bonjour protocol
* Always use UTF-8 for Yahoo! (#5973)
* Fix a crash when the given jabber id is invalid.
* Make the IRC "unknown message" debugging messages UTF-8 safe.
* Fix connecting to ICQ
* Fix a memleak when handling jabber xforms.
Pidgin:
* Include the send button plugin in the win32 build
* Various memory leak fixes
Version 1.27
* Cleaned up the buddy "Get Info" screen a bit
* Fixed up a couple of compiler warnings
* You are now hidden on your own contact list by default
Version 1.26
* A few minor security fixes
* Incomming messages with HTML-like text are displayed properly
* Usernames and passwords with funny characters (like +) in them should work
Version 1.25
* Plugin will automatically reconnect if the messages stop downloading
* Logging you out of the plugin wont log you out of Facebook
* Buddies will appear online when typing and sending messages to you
* No DNS lookups for proxies
Version 1.24
* Some fixes to the friends search
* Messages can be auto-resent if they don't get through (buddy offline etc)
Version 1.23
* You can now search for friends from the account menu (Account->Facebook->Search for friends...)
Version 1.22
* Fixed receiving multiple notifications
* Local alias in Pidgin will be set if you havn't set it
Version 1.21
* Notifications (Inbox/Friends) appear as new emails in Pidgin
of mk/curses.b3.mk after devel/ncurses/b3.mk.
- Define DATADIR correctly so that it knows where to look for help files.
- Remove quotes around DOCS_PATH in snprintf() call so that smirk can
actually open the help files.
- Bump PKGREVISION.
2.0
===
- All of the core functionality has moved into Net::XMPP.
It provides the connection, messages, iq, and presence.
Net::Jabber now just provides the extensions that the
JEPs define and that are truly Jabber and not XMPP.
1.30
====
- Added initial support for XMPP 1.0 via XML::Stream 1.18.
- Locked version of XML::Stream to 1.18.
- Changed connectiontimeout to just timeout in the Connect
function.
- Hey, here's a good idea. Instead of copying the function
hash out of each namespace why not just use a refrence...
duh... This might make things a little faster and use a
smidge less memory. Just a little thought.
- Fixed a taint problem with an eval and the xmlns read from
the socket.
- Fixed some -w warnings.
- Updated client test to user newer methods and create the
test account.
- Added password to MUCJoin.
- Fixed typo in DefineNamespace.
- Added Tree Transfer (JEP-105)
1.29
====
- Added PubSub (JEP-60)
- Added documentation for most of the below.
- Added in a basic basic support for SOAP (JEP-72). You can
dump in rawxml and get it back out.
- Looking into using contants for the namespaces, but they
don't work in hashes. =(
- Removed jabber❌sxpm (it was never used).
- Added initial (low level) support for Commands (JEP-50).
- Added initial (low level) support for FNeg (JEP-20),
Disco (JEP-30), Bytestream (JEP-65), SI (JEP-95), and
FT-Profile (JEP-96).
- Made Client, Component, and Server inherit from Protocol
instead of AUTOLOADing. Why didn't I do this in the
beginning?
- Added function RosterRequest to let the user handle processing
the roster in their own callback and not return a hash.
- Added function PresenceDBClear that will clear out the
presence database.
- Added check to see if Process generated an error, and then
was called again (bad thing).
- Moved Process into Client.pm, Component.pm, and Server.pm.
- Locked version of XML::Stream to 1.17.
- Fixed typos in the Protocol help.
1.28
====
- Fixed bug in XPathDefined which caused the main iq callback
function to not work. Show stopper bug.
- Fixed iq:time test.
1.27
====
- Update examples/client scripts to include an xpath based
example.
- Added support for XPath based callbacks.
- Updated x:data to match the call for experience.
- Requires perl 5.6 in an attempt to get Unicode support.
- Added finer callback support for presence and message
based on type.
- Minor tweak to NOT remove an unknown xmlns packet (duh...)
- Fixed bug in JID.
- Updated DefineNamespace to handle most old style, and all
new style.
- Locked version of XML::Stream to 1.16.
- Major recore due to XML::Stream::Node and XPath.
- Moved from XML::Stream::Hash to XML::Stream::Node.
- Fixed XDB Reply error.
- Uninitialized value round up.
28 May 2008:
- The functionality of the OTR button has now moved to a menu. There's
an "OTR" menu, as well as an icon showing the current OTR state of
each active conversation in the window.
- New OTR icons from <cyrus_xiii@yahoo.com>
- OTR icons show up inline in the conversation window when the OTR
status changes.
- Buddy authentication has been revamped, based on the user study
published in SOUPS 2008. The default is now to choose a question and
an answer only you and the buddy should know. The question is
displayed to the buddy, who is prompted for the answer. The "shared
secret" and "fingerprint" authentication methods are still available.
remove the later. The old version 1.0.5 is unmaintained, has a remote
DoS vulnerability and is less reliable than version 1.2.0beta2.
Approved by Adrian Portelli.
manage their channels in a secure and efficient way and allows operators to
manage various things about their networks. Unlike it's predecessor, Shrike,
services has a completely reworked form of channel management that feels
somewhat like eggdrop and is somewhat more useful.
Services currently works with many irc daemons. More details are
available in the config file.
1.1.20 follows up with the latest fixes of the maintenence release. It is a HIGHLY RECOMENDED upgrade for all 1.1.19 (and prior) users, as it addresses a number of client compatibility and general stability fixes.
Version 1.7.20 (revision 1324)
With all currently known bugs fixed, this new release of Anope contains
loads of bugfixes and should provide a stable experience. This is one of
the last releases in the 1.7 series of Anope. We encourage users who were
not using the 1.7 series for stability reasons to try out this release and
report any bugs found on our bugtracker at http://bugs.anope.org/ .
An important note for MySQL users: various database schema improvements
have been added in Changes.mysql. Be sure to apply these changes to your
database schema for a large increase in performance of the MySQL code.
Take a look at the change log for more information about the changes made
for this release.
Version 1.7.21 (revision 1341)
This new release fixes a XOP-related exploitable crash bug which appeared in
Anope version 1.7.20. Earlier versions are not affected. Networks running
Anope 1.7.20 are strongly advised to upgrade to this release. Even though
networks running earlier versions are not affected by this bug, they are
still advised to upgrade due to numerous other bugfixes.
Next to the fix for the crash bug mentioned above, a number of other things
have been fixed as well, including various InspIRCd-related issues, bugs in
the MySQL code and a shiny new Russian translation.
Take a look at the change log for more information about the changes made
for this release.
