Fixes CVE-2017-14727, CVE-2017-8073
version 1.9.1:
a crash can happen in logger plugin when converting date/time specifiers in file mask.
Two other bugs are fixed as well in buflist and relay plugins.
version 1.9:
- improve speed of nicklist bar item callback
- add auto scroll of buflist bar with new option buflist.look.auto_scroll
- add option buflist.format.name
- add variables ${format_name}, ${current_buffer} and ${merged} in buflist
- display a warning in buflist when the script buffers.pl is loaded
- add server/channel pointers in trigger IRC callbacks
- add API functions config_option_get_string and hdata_compare
- fix bind of Space key
version 1.8:
- add option weechat.completion.nick_case_sensitive
- add wilcard matching operator, cut of string and ternary operator in evaluation of expressions
- add resize of window parents with /window resize [h/v]size
- add plugin "buflist" (bar with list of buffers)
- add arraylist and dynamic string functions in API
- add option "open" in command /server
- add signal "irc_server_lag_changed" and store the lag in the server buffer (local variable)
- add aspell options to control delimiters in suggestions
- add option "-include" in commands /allchan, /allpv and /allserv
For a complete changelog, see:
https://weechat.org/files/changelog/ChangeLog-1.9.1.html
mu-conference no longer has a functional upstream and is no longer
being maintained; the hosting provider gna shut down, and queries on
the jabberd2 and pkgsrc-users lists about interest did not elicit any
replies.
Changes:
mcabber (1.1.0)
* New "VI" mode (option 'vi_mode') (Holger Weiß)
* Fix issues in buddylist rebuild (franky)
* Do not use g_slist_free_full() which requires glib2 2.28.0 (Frank Bergmann)
* Use UTF-8 validation of file content when sending a message from a file
* Documentation updates
mcabber (1.0.5)
* Much better performances with huge rosters (Frank Zschockelt)
* Fix issue with carbons (CVE-2017-5589)
* Fix small memory leak
* contrib/vim: Support reloading filetype detection
mcabber (1.0.4)
* Bugfix: Check the origin of roster pushes
Cf. Gajim's CVE-2015-8688 and
https://gultsch.de/gajim_roster_push_and_message_interception.html
mcabber (1.0.3)
* Link with the tinfo library
* Fix default modules directory on OpenBSD (Tim van der Molen)
* Create history log dir if it doesn't exist (Andrey Utkin)
* [OTR] Do not send empty subjects when using otr (franky)
* [UI] /set does not display password values anymore (Egor Kovetskiy)
* [MUC] Use nick to set the role
* Misc help/documentation updates
mcabber (1.0.2)
* Compatible with Loudmouth >=1.5.3 with SHA256 support (Frank Zschockelt)
* Ignore the untrusted certificate warning when user sets a fingerprint
(Frank Zschockelt)
* Stop HTML-escaping OTR messages - only strip known tags (Frank Zschockelt)
* Read $HOME/.mcabberrc if there is no mcabber configuration directory
* Minor documentation updates
mcabber (1.0.1)
* [PGP] Improved PGP-encryption support
* [PGP] Improved support for GnuPG v2+
* [PGP] Encrypt messages with our own PGP key and decrypt our own
encrypted messages when Carbons are enabled
* [PGP] New PGP options: 'gpg_path' and 'gpg_home' (Holger Weiß)
* [PGP] Check all signatures and stop immediately if one could be verified
(Sven Gaerner)
* Improved Carbons support (Holger Weiß)
* New option: 'clear_unread_on_carbon' (Holger Weiß)
* Improve SSL fingerprint management;
Display the server SSL fingerprint when we connect
* Use XDG configuration directory if it contains a configuration file
* Fix a few memory leaks
* Fix external password support (especially on OS X)
* Fix resizing when mcabber is built with --enable-sigwinch
* Fix reading of history log files w/o LF character (Sam Whited)
* Minor documentation updates
* Other misc. bugfixes and cleanups
Minimal IRC server which integrates with Mattermost and Slack.
Features:
- support direct messages / private channels / edited messages
- auto-join/leave to same channels as on mattermost
- reconnects with backoff on mattermost restarts
- support multiple users
- support channel backlog (messages when you're disconnected from
IRC/mattermost)
- search messages (/msg mattermost search query)
- scrollback support (/msg mattermost scrollback #channel limit)
- restrict to specified mattermost instances
- set default team/server
- WHOIS, WHO, JOIN, LEAVE, NICK, LIST, ISON, PRIVMSG, MODE, TOPIC,
LUSERS, AWAY, KICK, INVITE support
- support TLS (ssl)
- support LDAP logins (mattermost enterprise) (use your ldap
account/pass to login)
- &users channel that contains members of all teams (if mattermost is
so configured) for easy messaging
- supports mattermost roles (shows admins with @ status for now)
- gitlab auth hack by using mmtoken cookie (see
https://github.com/42wim/matterircd/issues/29)
hangups is the first third-party instant messaging client for Google
Hangouts. It includes both a Python library and a reference client
with a text-based user interface.
Unlike its predecessor Google Talk, Hangouts uses a proprietary,
non-interoperable protocol. hangups is implemented by reverse-engineering
this protocol, which allows it to support features like group
messaging that aren't available in clients that connect via XMPP.
hangups is still in an early stage of development. The reference
client is usable for basic chatting, but the API is undocumented
and subject to change.
Originally packaged by myself in pkgsrc-wip.
This even makes it an option, to disable it if necessary. It is enabled by
default here since it remains disabled by default at run-time:
/set colors_ansi_24bit
Bumps PKGREVISION.
"Go for it" maya@
Perl 5.26.0 removed "." from @INC, so add it back to the scripts
used to configure the software. The scripts are only called from
the top-level directory, so adding 'use lib ".";' is sufficient.
Core
- Erlang/OTP 17.5 or higher is required, and 20 is now supported
- Make ejabberd_cluster modular
- Replace gen_fsm with p1_fsm to avoid warnings in OTP20+
- Fix clustering table reg_users_counter
- ext_mod: Update spec from custom and allow modules dependencies
- extauth.py: Fix to support : in passwords
- Set high water mark in lager for all backends
- Fix old route record in mnesia’s route table haven’t been remove
when restarting in some cases
- ejabberd_cluster*.erl: Add copyright and fix description
- Add support of rfc6120 section 4.9.3.16 on node shutdown
Configuration
- ejabberd_c2s: Fix priority of ‘certfile’ option
- Introduce ‘hosts’ modules option
- Fix ERLANG_OPTS, INET_DIST_INTERFACE and FIREWALL_WINDOW option
- Remove unused ‘managers’ option, related to the deferred XEP-0321
Commands
- Fix errors when running ejabberdctl as root
- Fix set_presence command to work in recent ejabberd
- Rename stop_all_connections to stop_s2s_connections for consistency
- Change policy of user_resources command, from user to admin
- Remove old command calling interface
- Describe more command arguments and results
Modules
- mod_http_api: Use hide_sensitive_log_data option when registering
users
- mod_http_fileserver: Request basic auth dialog from browser
- mod_muc: Fix nick bug with MUC on riak
- mod_muc: new hooks
- mod_push: Support XEP-0357: Push Notifications
- mod_push_keepalive: New module
PubSub/PEP
- Keep disco#info on PEP compatible with XEP-0060
- Preliminary export PubSub data from Mnesia tables to SQL file
- Fix PubSub send last published items
- Fix PEP node removal
- Fix PEP node identity
- Fix disco#items on PEP service
- Fix getting cached last item
- Add import of PEP from prosody
Set PKG_SYSCONFSUBDIR where appropriate, and use {MAKE,OWN}_DIRS to
create the directory tree under ${PKG_SYSCONFDIR} instead of using
INSTALLATION_DIRS.
Bump the PKGREVISION of packages that changed due to changes in the
package install scripts.
Use ${PKG_SYSCONFDIR}, not ${PKG_SYSCONFDIR}/gale, to refer to the
config directory -- since PKG_SYSCONFSUBDIR is set to "gale",
${PKG_SYSCONFDIR} already includes that subdirectory.
Remove ${PKG_SYSCONFSUBDIR} from OWN_DIRS, since the config
directory is already automatically created by the package install
scripts if PKG_SYSCONFSUBDIR is set.
Bump the PKGREVISION due to the changes in the package install
scripts.
v1.0.4 2017-07-07 The Irssi team <staff@irssi.org>
- Fix null pointer dereference when parsing invalid timestamp (GL#10,
GL!15). Reported by Brian 'geeknik' Carpenter.
- Fix use-after-free condition when removing nicks from the internal
nicklist (GL#11, GL!16). Reported by Brian 'geeknik' Carpenter.
- Fix incorrect string comparison in DCC file names (#714).
- Fix regression in Irssi 1.0.3 where it would claim "Invalid time '-1'"
(#716, #722).
- Fix a bug when using \n to separate lines with expand_escapes (#723).
- Retain screen output on improper exit, to better see any error
messages (#287, #721).
- Minor help update (#729).
Version 17.07
=============
Core
- Close accepted socket if sockname/peername has failed.
Version 17.06
=============
New features
- The new cache system is also a new component that allows fine tuning
of ejabberd performance for either small systems or large scale
servers.
- Certificate Manager is a feature that has been requested by many
organisations, allowing administrators to manage their certificate
more easily
- Riak support for several modules
API
- Deprecate misc:encode_base64/1 and misc:decode_base64/1
- Rename is_user_exists function to user_exists
- Allow api access on both ipv4 and 6 loopback addresses
- Fix invalid argument in get_messages_susbset
Admin
- Refactor ejabberdctl
- Improve ejabberdctl parameters parsing
- Quote all paths to allow spaces in directory names
- update-deps-releases.pl: Show operations to perform before asking to
apply them
- Fix Salt import from prosody SCRAMmed password
Configuration
- Validate module options on start_module/2
- Validate new options before module reloading
- Validate second-level options
- Introduce iqdisc global option
- stream_management listen option deprecated, use mod_stream_mgmt
- Check presence of some files during option validation
- Speedup configuration options lookup
- Validate all certfiles on startup
- Only validate certfiles if public_key:short_name_hash/1 is available
- Introduce Certficate Manager
Commands
- Add clear_cache admin command
- Parse correctly presence_broadcast option in change_room_option
command
- Describe command arguments and results in mod_muc_admin
- Improve export2sql explanation; remove obsolete and duplicated
command
- Fix and document push_roster_all command
- Fix mod_muc_admin command set_room_affiliation
- Fix invalid {args,result}_examples in mod_muc_admin
- Fix srg_user_add/del for non-Mnesia database backends
- Make ext_mod api return rescode
Compilation
- Erlang 17.5 or higher is required
- Add --enable-system-deps configure option
- Add --enable-stun and --enable-sip configure options
Core
- Speedup Mnesia tables initialization
- Improve Mnesia tables creation and transformation
- Improve ejabberd_c2s:close()
- ejabberd_c2s: Don’t close session on stream resume
- Speedup loading of translation files
- Fix ejabberd_router:is_my_route/1
- Don’t let a receiver crash if a controller is unavailable
- Fix OTP-17.5 support
- websocket: Catch exception that may happen when sending data over
websocket
Databases
- New sql_connect_timeout option
- New sql_query_timeout option
- Get rid of sql_queries.erl
- Use round-robin algorithm when selecting worker from DB pool
- Add Riak as BOSH RAM backend
- Add Riak as mod_proxy65 RAM backend
- Add Riak as mod_carboncopy RAM backend
- Add Riak as router RAM backend
- Add Riak as session manager RAM backend
- Fix cleaning of Riak route table
- Add pubsub import from prosody/metronome
- Fix username in mam export
- Fix Salt import from prosody SCRAMmed password
- In offline export to SQL, first write all DELETE, later all INSERT
Cache
- Implement cache for mod_announce
- Implement cache for mod_private
- Implement cache for mod_privacy/mod_blocking
- Implement cache for mod_last
- Implement cache for mod_vcard and mod_vcard_xupdate
- Implement cache for roster
- Add cache options to the validator
- Use cache for authentication backends
- Use new cache API in mod_shared_roster_ldap
- Use new cache API in ejabberd_oauth
- Use new cache API in mod_mam
- Use new cache API in mod_caps
- Use cache in front of Redis/SQL RAM backends
Modules
- mod_http_upload: Add support for HTTP File Upload 0.3.0
- mod_mam: Added export function
- mod_metrics: Don’t leak with UDP sockets
- mod_metrics: New options ip and port
- mod_muc: Allow a room admin to un/subscribe another JID
- mod_offline: Don’t store messages via a single process
- mod_offline: Make sure only jabber❌event tag is present in offline
event
- mod_register: New option ‘access_remove’ ACL
- mod_stream_mgmt: Preserve stanza count on timeout
- mod_vcard_ldap: Parse ldap_uids like in eldap_utils
- mod_client_state: Reset state on session resume
- mod_metrics: Fix IP address parsing
- mod_pubsub: Avoid useless calls on simples subscriptions
- mod_block_strangers: Add allow_local_users option
Elixir
- Update elixir to v1.4.4
o fixes for the OSX fixes in 20170606
o new window resizer now works, can get the old one at compile time with
--with-default-resize-method=old configure option
o more fixes for OSX and @-style assignment
o fix a window rebalance when not resizing bug
o fix crashes on OSX in complex scripts using []
o fix reconnecting channels moving windows
- Fix out of bounds read when scanning expandos (GL!11).
- Fix invalid memory access with quoted filenames in DCC
(GL#8, GL!12).
- Fix null-pointer dereference on DCC without address (GL#9, GL!13).
- Improve integer overflow handling. Originally reported by
oss-fuzz#525 (#706).
- Improve nicklist performance from O(N^2) to O(N) (#705).
- Fix initial screen redraw delay. By Stephen Oberholtzer
(#680, bdo#856201).
- Fix incorrect reset of true colours when resetting background. (#711).
- Fix missing -notls option in /SERVER. By Jari Matilainen (#117, #702).
- Fix minor history glitch on overcounter (#462, #685).
- Improved OpenSSL detection at compile time. By Rodrigo Rebello (#677).
- Improved NetBSD Terminfo detection. By Maya Rashish (#694, #698).
- Add missing syntax info for COMPLETION (#687, #688).
- Minor typo correction in help. By Michael Hansen (#707).
From maya@
Patch provided by Frédéric Fauberteau via PR pkg/52215.
Changes:
Version 3.5.1:
- purple:
* Fix crash on file transfer requests from unknown contacts. This was the
result of an incomplete fix in the previous release and may result in
remote DoS. Read the full security advisory at:
https://bugs.bitlbee.org/ticket/1282
- After some investigation we decided to reclassify a crash fix from the
previous release as a security issue. Read the full security advisory at:
https://bugs.bitlbee.org/ticket/1281
- Included help.txt in the release tarball, which was missing in the previous
release and resulted in adding python as a build dependency. The release
tarball of 3.5.1 does not require python.
Finished 30 Jan 2017
Version 3.5:
- ui:
* "chat list": shows a list of existing server-side chatrooms. With some
protocols, this is often the only way to add new channels.
See 'help chat list' for details. (jgeboski)
* "plugins": lists the installed plugins and their versions (jgeboski)
* Add 'nick_lowercase' and 'nick_underscores' settings.
* "handle_unknown" can be set per-account, not just globally
- jabber:
* Add "always_use_nicks" channel setting, for non-anonymous MUCs (trac #415)
See 'help set always_use_nicks' for possible side effects.
* Properly handle rejected file transfers
* Don't send parts in a chat if someone is still connected from other devices
* hipchat: support personal oauth tokens (manually generated ones)
- twitter:
* Hide muted tweets / no-retweets, add mute/unmute commands (Flexo)
* Show full version of extended tweets (with slightly more than 140 chars)
- purple:
* Support setting chat room topics (EionRobb)
* Support for extra groupchat settings. Shows an error if any required
ones are missing. Look for purple_ prefixed settings in "chan #... set"
* SIPE: persistent chats can be joined now, thanks to the "chat list" command
and the above ("purple_uri" channel setting)
* Fix a file transfer crash bug (Mainly affected telegram)
* Honor protocol flag to not require a password (used in hangouts, telegram)
* Set the contacts' nicks to the %full_name for a few whitelisted protocols
(hangouts, funyahoo, icq, line)
* LINE: added a hack to save its auth token, to avoid re-auth every time
* Show self-messages in groupchat backlogs (before join)
- yahoo:
* Removed because they killed their old protocol on a two month notice.
Use EionRobb's funyahoo purple plugin, or better yet, don't use yahoo.
- Stuff for enterprise deployments (all done by Sevas)
* Locked down accounts, useful when pregenerating user config files. An
account that is marked with the locked="true" attribute can't be removed
and its username/password can't be changed.
* Locked down settings. Same as above, but for individual account settings.
* AllowAccountAdd setting in bitlbee.conf, to disable adding new accounts.
* PAM and LDAP authentication backends (not compiled by default)
- For packagers:
* Enabled debug symbols in non-debug builds, disabled stripping by default.
This is closer to the default behavior of autotools, and --debug=1 is mostly
to set the DEBUG macro and disable optimization.
- For plugin devs:
* Plugins should now include an "init_plugin_info" function which will be used
for ABI version checking in the future. It's optional for now, but will be
enforced later. See the commit log of d28fe1c for details. (jgeboski)
Finished 8 Jan 2017
Version 3.4.2:
- irc:
* Self-messages (messages sent by yourself from other IM clients), given
support by the IM protocols and your IRC client. See this for details:
https://wiki.bitlbee.org/SelfMessages
* IRCv3.1 support and part of 3.2: cap-3.2, sasl-3.2, multi-prefix,
away-notify, extended-join, userhost-in-names
* Send numeric errors when failing to join a channel, to not confuse clients
* Channel autojoins should be more reliable now.
- jabber:
* Carbons (XEP-0280), for self-message support. It's not widely supported
by most public XMPP servers (easier if you host your own), but this will
probably change in the next few years. Thanks kormat for the original patch.
* Fix typing notifications between two bitlbee users or with gtalk users
* Remove facebook XMPP code, point people at bitlbee-facebook.
* Show groupchat kick/ban/leave reasons
* SASL ANONYMOUS (XEP-0175), for "guest" logins, see "help set anonymous"
* Hipchat: 'chat add hipchat "channel name"' now tries to guess the JID
- purple:
* Fix problems remembering SSL certificates as trusted
* Fix /join #channel, which joined a differently named channel
* Fix crash when doing "chat with" with skypeweb
* Fix html entities appearing in some protocols
* Fix setting away states in jabber, which failed silently
* Implement notify_message UI op, to be able to show some error messages.
- skype:
* Show all messages as groupchats since we can't tell which ones are private.
* This plugin is mostly-deprecated and mostly-broken but it's still useful
for p2p-based groupchats, which aren't delivered over newer protocols.
Everyone else should use the skypeweb purple plugin or msn instead.
- msn:
* Minor tweaks. Faster login, better error reporting, fixed add/remove.
Still MSNP21. Disregard that "Next release!" in the previous release.
- otr:
* Don't use NOTICE for user messages (revmischa)
* Fix crashes when using the jabber xmlconsole
* A few minor fixes: color multiline messages, filter incoming color codes.
- Packaging:
* Show ./configure args in bitlbee -V, config.h and Makefile.settings
* Allow setting the plugin dir in bitlbee.conf, for NixOS (anderspapitto)
* Improved cross compiler support (gamaral)
- Other important bugfixes:
* Fix potential crashes when leaving temporary channels
* Fix all sorts of crashing bugs when cancelling in-progress connections.
Finished 19 Mar 2016
1.3.0
* channel/supergroup support
* support sending code tags in markdown "backtick" format (see README for example)
* reduce amount of file-transfer popups in Pidgin, auto-load media in the background
* fix stability issues for the win32 build
* fix multiple crashes in libtgl
List of changes:
* Skype4Business (S4B) and Bot support
* Receive contacts
* Updated status icons - Users that would previously show as 'Away' will now show as 'Idle'
* Fixed buddy authorisation requests and responses
* Auto reconnects when there's an error, so you shouldn't have to press the Re-Enable button
* Call display improvements
* Tooltips display for people with special characters (&, ', <, >) in their user info
* Can remove yourself from the buddy list (that annoying cid- user!)
* Fixes tiny-text being sent when copy-pasting into Pidgin
* File transfer and image transfer improvements
* Allows clearing out your "Mood" message, so you don't show as "I'm not here right now" when you're actually Online
* Better error messages when a message failed to send
This package was contributed over e-mail by Scarlett, thanks!
Skype is an instant messaging app that provides online text message and
video chat services. Users may transmit both text and video messages and
may exchange digital documents such as images, text, and video. Skype
allows video conference calls.
This package contains a libpurple protocol plugin that adds support for
Skype (WebRTC).
Make the Redis support unconditional (no extra dependencies).
Changes in 17.04:
Admin
- Add more examples on config template
- Generate ejabberd lib dir when not available in code server
- Set default prefix to /usr/local
- Start supervisors after ext_mod
- Don't log warning on successful ping reply
- New muc_register_nick command
Core
- Deprecate jlib.erl in favor of misc.erl
- Add support for file-based queues
- ejabberd_sm: Fix routing of headline and groupchat messages
- Fix c2s connection close on demand
- Improve overloaded S2S queue processing
Databases
- Improve Redis related code
- Add Redis pool support
- Improve logging of Redis errors
- Add Redis and SQL as mod_proxy65 RAM backends
- Add Redis and SQL as mod_carboncopy RAM backends
- Add Redis and SQL as mod_bosh RAM backends
- Add Redis and SQL as router RAM backends
- Add SQL as mod_muc RAM backend
- Remove obsolete Pubsub mnesia migration calls
Miscellany
- ejabberd_http: Expand @VERSION@ in custom headers
- ejabberd_http: Add "custom_headers" option
- mod_client_state: Queue stanzas of each full JID
- mod_http_upload: Don't add "Server" header line
- Pubsub: Refactor pubsub's get_last_items
- Pubsub: Fix PEP issues
Major improvements
- New modular code allows to develop modules for a wide scope of
functionalities without patching the core code such as C2S, S2S and
router
- Now 'From' and 'To' arguments must be omitted in functions and
structures related to routing
- Ejabberd used to store all in-memory shared data such as ACLs,
proxy65, sessions, routes, clustering, etc in internal Mnesia
database and this used to be hardcoded. With new API it's now possible
to store such data in any database. However, currently only Mnesia
backend is supported.
- Dynamic configuration reload allows to reload modules, database
connections, listeners, ACLs and global options without restarting
ejabberd
- Spam protection allows to block packets from non-subscribers
- S2S dialback is now an optional module
Developer
- tools/hook_deps.sh: checks hook dependencies
- tools/find-outdated-deps.pl: checks which dependences need update
- Mark as deprecated add/get_local/global_option config functions
- Change routing API
Core
- Fix some corner cases while re-reading RFC6120
- Attach IP metadata to every stanza received from stream
- Apply SASLprep before storing/converting passwords
- Send compressed in correct order
- Reset XML stream before sending SASL success
- Speedup features list when a lot of virtual hosts configured
- Fix s2s_dns_timeout issues
- Better handling of IPv6 domains
- Rename mod_sm -> mod_stream_mgmt
- Don't count resent stanzas
- Improve startup procedure, and log startup time
- Add more processes to supervision
- sm_sql: Avoid PID collisions
Admin
- Add 'supervisor' listening option
- Accept "add_commands: admin" in commands section
- Make sure that api_permissions always have "console commands"
section
- Change name of pam dep from p1_pam to epam
- Improve compilation with rebar3
- Add TLS support for external components
- Specify "ExecReload" command in systemd unit
- Don't attempt to resolve _jabber._tcp SRV record
- Improve error reporting for forbidden servers
- mod_block_strangers: New module to block packets from
non-subscribers
- mod_register: Report password change in the log
- Remove relict mod_service_log
- Remove unused mod_ip_blacklist
- Remove ejabberd_frontend_socket
- WebAdmin: improve formatting when showing erlang terms
- Import from Prosody: Fix import of SCRAM passwords, offline
API & Commands
- get_last now always returns tuple with UTC XEP-0082 and status
- Protect users from delete_old_users command using a fixed access
rule
- Separate list of strings with \n for srg_get_info in mod_http_api
- Support non-JID lines in command create_rooms_file
- stop_all_connections now stops all s2s connections via supervisor
calls
- Support scrammed passwords in ejabberdctl import_prosody
Configuration
- Provide example mod_http_api configuration with couple commands
- Clarify new modules usage in the example config
- Don't crash on malformed IP addresses
- Fix parsing of acl/access rules inside oauth sections of
api_permissions
Config reload improvements
- Start/stop auth modules when host is added/deleted
- Improve modules start/stop procedures
- Check result of gen_mod:start/2 callback
- Improve reload_config admin command
- Invalidate access permissions on configuration reload
- Start/stop virtual hosts when reloading configuration file
- Reload modules when reloading configuration file
- Restart listeners on configuration reload
- Make sure all hooks are called with proper host
Databases
- Add missing NOT NULL restrictions in schemas
- Move archive tables into lite.sql for better comparison with other
schemas
- Implement database backend interface for mod_proxy65
- Implement database backend interface for MUC, BOSH and auth_anonyous
- Implement database backend interface for ejabberd_router
- Propagate the TRANSACTION_TIMEOUT to pgsql driver
New XMPP stream behavior
- Reflect cyrsasl API changes in remaining code
- Improve return values in cyrsasl API
- More refactoring on session management
- Add xmpp_stream_out behavior and rewrite s2s/SM code
- Rewrite ejabberd_service to use new XMPP stream API
MAM & offline storage
- Make a message is not bounced if it's archived
- Archive message before delivering it to offline storage
- Include stanza ID with archived offline messages
- Add stanza-id to every archived message
PubSub
- Avoid orphan_item leak on affiliation/subscription removal
- Fix pubsub SQL schemas, add NOT NULL restrictions
- Fix last item cache for multiple hosts
Server to server
- Several improvements of S2S errors logging
- Resolve all addresses from SRV lookup
- Add s2s work-around for gmail.com
2.12.3 (2016-10-22)
* fix crash with bad translations
* fix crash and leaks in mpcinfo plugin
* add mhop command
* change ping timeout to 60 by default
* update translations
2.12.2 (2016-10-08)
* fix input box theme with Adwaita 3.20
* fix return value of hexchat_pluginpref_get_int()
* fix tab color changing when print events are eaten
* fix network name not being sanitized for scrollback files
* fix building sysinfo on OS X <= 10.9
* fix resume with DCC GET
* fix possible assertion when decoding incoming text
* fix possible crashes when plugins modify the UI during context close
* add "chanmodes" to channel list in plugin api
* lua:
o add automatic return and = handling in console
o fix pluginpref usage
* fishlim:
o fix saving nicks containing [ or ]
o add commands: /topic+, /msg+, and /notice+
o add support for /me
o add /keyx command to do DH1080 key exchanges
* improve efficiency of various timers
* reduce updates of user count in titlebar/userlist
* download extra redist for perl on Windows
* update appdata file
* update translations
* update dependencies on Windows
This is a leaf package, and in preparation of a security fix.
"please commit" gdt@
version 2.12.0 (03/09/2017):
libpurple:
* Fix an out of bounds memory read in purple_markup_unescape_entity.
CVE-2017-2640
* Fix use of uninitialised memory if running non-debug-enabled versions of glib
* Updated AIM dev and dist ID's to new ones that were assigned by AOL.
* TLS certificate verification now uses SHA-256 checksums.
* Fixed SASL external auth for Freenode.
* Removed the MSN protocol plugin. It has been unusable and dormant for some
time. MSNP18 has been discontinued and the protocol plugin would require a
large update to start working again. See: http://ismsndeadyet.com/ The
third-party Pidgin SkypeWeb plugin, however, should provide enough
functionality as a replacement if people still want to use MSN:
https://github.com/EionRobb/skype4pidgin/tree/master/skypeweb
* Removed Mxit protocol plugin. The service was closed at the end of
September 2016. See
https://pidgin.im/pipermail/devel/2016-September/024078.htm
* Removed the MySpaceIM protocol plugin. The service has been defunct for a
long time. (#15356)
* Remove the Yahoo! protocol plugin. Yahoo has completely
reimplemented their protocol, so this version is no longer operable as
of August 5th, 2016:
https://yahoo.tumblr.com/post/145715934739/q2-2016-progress-report-on-our-product
A new protocol plugin has been written to support the new protocol.
It can be found here: https://github.com/EionRobb/funyahoo-plusplus
This also removes support for Yahoo! Japan. According to
http://messenger.yahoo.co.jp/ the service ended March 26th, 2014.
* Remove the Facebook (XMPP) account option. According to
https://developers.facebook.com/docs/chat the XMPP Chat API service
ended April 30th, 2015. A new protocol plugin has been written,
using a different method, to support Facebook. It can be found at
https://github.com/dequis/purple-facebook/wiki
* Fixed gnutls certificate validation errors that mainly affected google (Dequis)
General
* Replaced instances of d.pidgin.im with developer.pidgin.im and updated the
urls to use https. (#17036)
IRC
* Fixed issue of messages being silently cut off at 500 characters. Large
messages are now split into parts and sent one by one. (#4753)
build, and this update includes a security fix.
v1.0.2 2017-03-10 The Irssi team <staff@irssi.org>
- Prevent some null-pointer crashes (GL!9).
- Fix compilation with OpenSSL 1.1.0 (#628, #597).
- Correct dereferencing of already freed server objects during
output of netjoins. Found by APic (GL!10, GL#7).
- Fix in command arg parser to detect missing arguments in tail place
(#652, #651).
- Fix regression that broke incoming DCC file transfers (#667, #656).
- Fix issue with escaping \ in evaluated strings (#669, #520).
version 2.11.0 (06/21/2016):
General:
* 2.10.12 was accidentally released with new additions to the API and
should have been released as 2.11.0. Unfortunately, we did not catch
the mistake until after 2.10.12 was released, but we're fixing it now.
See ChangeLog.API for more information.
* Include the Mozilla certificate bundle. This fixes connecting to servers
with certificates from Let's Encrypt.
* Remove all 1024-bit CAs
libpurple:
* media: fix an issue with ximagesink displaying only a corner cut-out of
a larger webcam video (Jakub Adam)
* mediamanager: update output window destruction so that it reflects recent
changes in the media pipeline structure (Jakub Adam)
* Ported Instantbird's CommandUiOps to libpurple (Dequis)
Pidgin:
* Fixed#14962
* Fixed alignment of incoming right-to-left messages in protocols that
don't support rich text
* Fix a potential crash while exiting pidgin
Windows-Specific Changes:
* Use getaddrinfo for DNS to enable IPv6 (#1075)
* Updates to dependencies:
* NSS 3.24 and NSPR 4.12.
AIM:
* Add support for the newer kerberos-based authentication of AIM 8.x
Bonjour
* Fixed building on Mac OSX (Patrick Cloke) (#16883)
ICQ:
* Stop truncating passwords to 8 characters like old ICQ clients did.
(#16692). If you actually needed this, truncate your password
manually by pressing backspace a few times.
IRC:
* Base64-decode SASL messages before passing to libsasl (#16268)
MXit
* Fixed a buffer overflow. Discovered by Yves Younan of Cisco Talos.
(TALOS-CAN-0120)
* Fixed a remote out-of-bounds read. Discovered by Yves Younan of Cisco
Talos. (TALOS-CAN-0140)
* Fixed a remote out-of-band read. Discovered by Yves Younan of Cisco
Talos. (TALOS-CAN-0138, TALOS-CAN-0135)
* Fixed an invalid read. Discovered by Yves Younan of Cisco Talos
(TALOS-CAN-0118)
* Fixed a remote buffer overflow vulnerability. Discovered by Yves
Younan of Cisco Talos. (TALOS-CAN-0119)
* Fixed an out-of-bounds read discovered by Yves Younan of Cisco Talos.
(TALOS-CAN-0123)
* Fixed a directory traversal issue. Discovered by Yves Younan of Cisco
Talos (TALOS-CAN-0128)
* Fixed a remote denial of service vulnerability that could result in
a null pointer dereference. Discovered by Yves Younan of Cisco Talos.
(TALOS-CAN-0133)
* Fixed a remote denial of service that could result in an out-of-bounds
read. Discovered by Yves Younan of Cisco Talos (TALOS-CAN-0134)
* Fixed multiple remote buffer overflows. Discovered by Yves Younan of
Cisco Talos. (TALOS-CAN-0136)
* Fixed a remote NULL pointer dereference. Discovered by Yves Younan of
Cisco Talos (TALOS-CAN-0137)
* Fixed a remote code execution issue discovered by Yves Younan of Cisco
Talos. (TALOS-CAN-0142)
* Fixed a remote denial of service vulnerability in contact mood
handling. Discovered by Yves Younan of Cisco Talos (TALOS-CAN-0141)
* Fixed a remote out-of-bounds write vulnerability. Discovered by Yves
Younan of Cisco Talos. (TALOS-CAN-0139)
* Fix a remote out-of-bounds read. Discovered by Yves Younan of Cisco
Talos. (TALOS-CAN-0143)
0.9.12
- Dependencies: Fix certificate verification failures when using
LuaSec 0.6
- mod_s2s: Lower log message to 'warn' level, standard for
remotely-triggered protocol issues
- certs/Makefile: Remove -c flag from chmod call (a GNU extension)
- Networking: Prevent writes after a handler is closed
0.9.11
- HTTP parser: Improve buffering of incoming HTTP data and add size
limits
- sessionmanager: Fix for an issue which caused people to be kicked
from conferences if mod_smacks was enabled
- Dependencies: Workaround for compatibility with LuaSec 0.6
- MUC: Accept missing form as "instant room" request
- C2S: Fix issues with destroying disconnected connections
- mod_privacy: Fix selection of the top resource(s)
- mod_presence: Make sure both users get each others presence after
adding each other
- mod_http_files: Fix traceback when serving a non-wildcard path
- mod_http_files: Preserve a trailing slash in paths
- util.datamanager: Fix error handling
- net.server_event: Fix internal socket API to allow writing from
socket.ondrain callback
- net.server_event: Fix timeout
- net.server_event: Fix traceback due to write during TLS handshake
- net.server_event: Fix buffer length check
This needs glib2 to run, and glib2 depends on perl, so no reason not to
support perl scripting here.
Requested by Dominik Bialy in PR 52008.
Bump PKGREVISION.
v1.0.1 2017-02-03 The Irssi team <staff@irssi.org>
- Fix Perl compilation in object dir. By Martijn Dekker (#602, #623).
- Disable EC cryptography on Solaris to fix build (#604, #598).
- Fix incorrect HELP SERVER example (#606, #519).
- Correct memory leak in /OP and /VOICE. By Tim Konick (#608).
- Fix regression that broke second level completion (#613, #609).
- Correct missing NULL termination in perl_parse. By Hanno Böck (#619).
- Sync broken mail.pl script (#624, #607).
Changelog:
[[v1.7]]
== Version 1.7 (2017-01-15)
New features::
* core: add option weechat.look.align_multiline_words (issue #411, issue #802)
* core: add optional command prefix in completion templates "commands", "plugins_commands" and "weechat_commands"
* core: add optional arguments in completion template, sent to the callback
* core: add option "time" in command /debug
* api: add info "uptime" (WeeChat uptime)
* api: add info "pid" (WeeChat PID) (issue #850)
* fifo: add file fifo.conf and option fifo.file.path to customize FIFO pipe path/filename (issue #850)
* irc: add server option "usermode" (issue #377, issue #820)
* irc: add tag "self_msg" on self messages (issue #840)
Improvements::
* core, xfer: display more information on fork errors (issue #573)
* core: add a slash before commands completed in arguments of /command, /debug time, /key bind, /key bindctxt, /mute, /repeat, /wait
* core: add a warning in header of configuration files to not edit by hand (issue #851)
* alias: add a slash before commands completed in arguments of /alias
* exec: add option "-oc" in command /exec to execute commands in process output, don't execute commands by default with "-o" (issue #877)
* irc: evaluate content of server option "ssl_fingerprint" (issue #858)
* irc: change default value of option irc.network.lag_reconnect from 0 to 300 (issue #818)
* trigger: do not hide email in command "/msg nickserv register password email" (issue #849)
Bug fixes::
* core: fix deadlock when quitting after a signal SIGHUP/SIGQUIT/SIGTERM is received (issue #32)
* core: fix display of empty lines in search mode (issue #829)
* api: fix crash in function string_expand_home() when the HOME environment variable is not set (issue #827)
* exec: fix memory leak in display of process output
* irc: fix option "-temp" in command /server (issue #880)
* irc: fix close of server channels which are waiting for the JOIN when the server buffer is closed (issue #873)
* irc: fix buffer switching on manual join for forwarded channels (issue #876)
* irc: add missing tags on CTCP message sent
* lua: fix integers returned in Lua >= 5.3 (issue #834)
* relay: make HTTP headers case-insensitive for WebSocket connections (issue #888)
* relay: set status to "authentication failed" and close immediately connection in case of authentication failure in weechat and irc protocols (issue #825)
* script: reload a script after upgrade only if it was loaded, set autoload only if the script was auto-loaded (issue #855)
Build::
* core, irc, xfer: fix compilation on Mac OS X (add link with resolv) (issue #276)
* core: add build of xz package with make dist (cmake)
* tests: fix compilation of tests on FreeBSD 11.0
