Changes:
- Fix a use after free issue when receiving IRCv3 CAP information from the server (GL#34)
- Fix a crash during startup when windows weren’t fully initialised yet (#1114, bdo#935813)
Reassurance:
- Most servers do not send duplicate CAP.
Changes:
- Fix a test on big endian machines (#1014)
- Fix the compile time conditionality of wcwidth
implementation (#1019, gentoo#677804, #720)
- Fix /save no longer working on old Solaris (pre
POSIX.1-2008) (#1042, #1043)
- Fix regression of #764 where display of 8-bit (legacy
encoding) in the input prompt was broken (#1018,
#1057). Initial patch by Артём Курашов
- Fix regression of #779 where autolog_ignore_targets would
not matching itemless windows anymore (#1012, #1013)
- Fix a use after free issue when sending the SASL login on
(automatic and manual) reconnects (#1055, #1058). Reported
by ilbelkyr
pkgsrc changes: ssl option removed as it no longer works (it was default on)
Changes
Improved the /STATUSBAR commands (#858)
/SET no longer shows = between setting and value (#886)
/CUBES removed from default config (available as script) (#956)
/1 /2 /3 … removed from default config (available as new setting window_number_commands) (#958)
Always redraw the screen on resize. By David Phillips (#896)
Private notices intended for channels are now displayed on the channel (new setting notice_channel_context) (#959)
Additions
Imported the “Off-the-record” module into Irssi tree (#854, #589, #196)
Initial support for sideways split windows (#697, #431, #224, #807, FS#310, #947, #955, #989)
Change the implementation of wcwidth. This is used to calculate the width of emojis on your terminal screen (#917, #720)
Make the wcwidth functions available from Perl (#973): string_width(str) string_chars_for_width(str, width) wcwidth(char)
Added completion_keep_word setting (#979)
Allow activity_hide_targets to hide activity in itemless windows (#967, #997, #1001, #1003)
Added activity_hide_visible setting (#990)
Allow hiding of lines through the /IGNORE system (#901, #900, #892, #890, #884, #937)
Add window_default_hidelevel setting. By Doug Freed (#941)
Add activity_hide_window_hidelevel setting, defaulting to ON (#938)
Add autolog_only_saved_channels setting, to autolog only channels that are in the config (#968)
Add format support for the input line. By Ben Paxton, originally by Jonas Hurrelmann (#764, FS#621, #1004) use Irssi::TextUI; gui_input_set_extent(pos, text) gui_input_set_extents(pos, len, left, right) gui_input_clear_extents(pos, len) gui_input_get_extent(pos) gui_input_get_text_and_extents() gui_input_set_text_and_extents(…)
Parsing of IRCv3 CAP 3.2 (#775, #869)
Show CAP-related events in the user interface (#918, #916, #870, #704)
Continue using separators when addressing multiple nicks with tab completion. By Manish Goregaokar (#822)
Bind Shift-tab by default. By Niklas Luokkala (#830, #829)
Fuzzing more things (#913, #780, #813)
Fixes
Disconnect SASL properly in case the SASL module got unloaded from server (#931, #629, #618, #616)
Fix backward completion jumping to the first instead of last word (#979)
Improve empty topic handling (#961, #905, #911, #897, #888)
Prevent config truncation when no space left. By dequis and Lukas Waymann (#922, #925, #910, #909, #906, #871, #817)
Also time-out servers in lookup phase (#866, #130)
Fix build with LibreSSL 2.7. By Dorian Harmans (#865)
Fix a crash when appending to a textbuffer without line. Reported by Jari Matilainen (#862)
Fix segfault on sending large messages (#803, #796, #802)
Fix segfault on invalid statusbar config (#993, #994)
Fix random memory writes on restoring queries of foreign protocols (#999, #1000)
Make default keybinds deletable (#859, #507)
Fix freeze when resizing Irssi very small (#946)
Compare channels case-insensitively, avoiding confusions with the config file (#857, #856)
Fix DCC GET on Android. By Martin Staron (#844)
Improve rawlog performance (#957)
Fix nick escaping erroneously escaping quotes (#978, #974, #709)
Protect against theme recursion, improve padding performance, limit alignment padding. Credit to Oss-Fuzz (#835, #851, #850, #846, #848)
Fix recursive loop in replaces (#833, GL#23)
Fix headers for compilation of C modules (#939)
Documentation. By Zero King (#814). (#852)
Sync NEWS, docs, scripts (#849, #855)
Build system (#868, #867, #985, #988)
Fix build on IBM i and AIX. By Calvin Buckley (#975)
Misc fixes (#840, #839, #843, #953, #962). Tests (#806, #875, #905, #964, #1011). Fuzzing (#929).
Fix the resetting of window hiddenlevel (#861)
Fix clearing of hidelevel in layout (#951)
Fix accessing unallocated text when checking entry position (#928, #930)
Fix uninitialised memory on empty lines (#873, GL#31, #878, #877, #907, #914)
Fix use-after-free on expiration of hidden lines (#948)
Fix use-after-frees. By Maya Rashish (#919)
Fix out of bounds access in help display when window width is small (#949)
Fix paste_join_multiline (#970, #971)
Correctly check for errno when displaying SSL errors. By Janik Rabe (#895)
Fix wrong signal emission argument count (#965)
Documentation (#920). Sync NEWS, scripts (#849)
Fix Perl detection on MacOS. By Dominyk Tiller (#927)
Misc fixes. By Jaroslav Škarvada (#981, #982)
irssi-{xmpp,icb}: catch up with distinfo file.
1.1.1:
Restore compatibility with OpenSSL < 1.0.2 (#820, #831)
Fix test compilation on some platforms (#815, #816)
Fix portability and backwards compatibility of test runner (#818, #845)
Also contains all changes from 1.0.7:
Prevent use after free error during the execution of some commands. Found by Joseph Bisch (GL#17, GL!24).
Revert netsplit print optimisation due to crashes (#465, #809, #812, #819, #824).
Fix use after free when SASL messages are received in unexpected order (GL#26, GL!33).
Fix null pointer dereference in the tab completion when an empty nick is joined (GL#24, GL!31).
Fix use after free when entering oper password (GL#22, GL!32).
Fix null pointer dereference when too many windows are opened (GL#27, #837).
Fix out of bounds access in theme strings when the last escape is incomplete. Credit to Oss-Fuzz (#842).
Fix out of bounds write when using negative counts on window resize (GL#25, GL#29, #836).
Minor help correction. By William Jackson (#834).
v1.1.0 2018-01-15 The Irssi team <staff@irssi.org>
* Colour is now re-set when reaching a comma, matching mIRC
behaviour (#742, #740, #790)
* Irssi now shows the initial nick and name on first start
(#785, #786)
* lynx is no longer required to run autogen.sh (#81, #781)
* The command history no longer permits wrapping around (#686)
* /foreach now correctly sends arguments as commands, stopping
you from embarassing AMSGs (#659)
* /server does not connect to servers anymore, use /server
connect to change servers (#559, #649).
+ Add an option to ignore all channels or ignore all queries
using /set activity_hide_targets. By Jari Matilainen (#612,
#779)
+ Add a startup warning if the TERM var is wrong inside
tmux/screen (#726)
+ Add option to hide certain levels from the textbuffer using
/window hidelevel (#746, #808)
+ Irssi now has its first unit test (for mode parsing). By
Will Storey (#793)
+ Added access to global command history when using window
history, and a binding to erase entries from the command
history (erase_history_entry) (#762)
+ -alternate_nick is now available as a network specific
property. By Paul Townsend (#120, #771)
+ On FreeBSD, Irssi now supports Capsicum sandbox (/capsicum
enter). By Edward Tomasz Napierala (#735, #755, #772)
+ Filenames (directories) ending with a / now tab-complete
(#741)
+ UTF-8 should now work in regular expressions when using
GRegex (the default) (#636, #653)
+ Nicks are now properly escaped on completion. By Oscar
Linderholm (#693, #709)
+ /server add -port <num> now works. By Jari Matilainen (#703)
+ Add a setting key_timeout to make key sequences
automatically re-set when not finished (#644, #645)
+ Warn users about expired client certificates, as servers may
refuse them (#211, #627)
+ Add a new net_start_ssl function for StartTLS. This is
available from ABI 8 and can be used by protocol modules
(#615, #622).
+ The %# code is now stored in the textbuffer, so for example
web scripts can make use of it (#626)
+ Add new setting break_wide which can be used to enable
breaking of wide characters (for east-asian
users). Originally from FreeBSD ports. (#625)
+ Add fuzzing code (#610, #620, #701, #713)
- Netsplits show properly again (#812)
- Do not error on blank lines when using /exec -o. By Fabian
Kurz (FS#902, #805)
- Detect used nickname as reported by server. By Alexandre
Morignot (#219, #804)
- Prevent use after free error during the execution of some
commands. Found by Joseph Bisch. (GL#17, GL!24)
- Fix MODE parameter parsing when colon was used at a place
Irssi didn't expect (#601, #766)
- Fixed code to compile with
-Werror=declaration-after-statement (#795)
- Clang-format is now supported for git-clang-format (#784)
- Fix use after free when changing the network of
hilights. Reported by Rui Mathias. (#787, #788)
- Fix positioning error when tab-completing non-ascii
strings. (#752, #754)
- In-development issues (#750, #751)
- Clarify Alis in /help list (#699, #712)
- Improve /lastlog performance from O(N^2) to O(N) (#715)
- Fix a segfault on "script destroyed" signal. By Stephen
Oberholtzer (#660, #661).
- Fix early ISON error (#596, #647)
- Documentation improvements. By Paolo Martini (#639).
By Tristan Pepin (#731). By Paul Townsend (#684, #736).
By Will Storey (#777)
- Minor cleanups (#590). By Edward Tomasz Napierala (#734,
#738). By Will Storey (#770)
- Fix space issue in glib-2.0.m4 (#621)
v1.0.6 2018-01-07 The Irssi team <staff@irssi.org>
- Fix invalid memory access when reading hilight configuration
(#787, #788).
- Fix null pointer dereference when the channel topic is set
without specifying a sender (GL#20, GL!25).
- Fix return of random memory when using incomplete escape
codes (GL#21, GL!26).
- Fix heap buffer overflow when completing certain strings
(GL#19, GL!27).
- Fix return of random memory when using an incomplete
variable argument (GL#18, GL!28).
- Fix missing -sasl_method '' in /NETWORK (#718, #719).
- Fix incorrect restoration of term state when hitting SUSP
inside screen (#737, #733).
- Fix out of bounds read when compressing colour
sequences. Found by Hanno Böck (GL#12, GL!18).
- Fix use after free condition during a race condition when
waiting on channel sync during a rejoin (GL#13, GL!19).
- Fix null pointer dereference when parsing certain malformed
CTCP DCC messages (GL#14, GL!20).
- Fix crash due to null pointer dereference when failing to
split messages due to overlong nick or target (GL#15, GL!21).
- Fix out of bounds read when trying to skip a safe channel ID
without verifying that the ID is long enough (GL#16, GL!22).
- Fix return of random memory when inet_ntop failed (#769).
- Minor statusbar help update. By Robert Bisewski (#758,
#763).
Security advisory: https://irssi.org/security/irssi_sa_2017_10.txt
This even makes it an option, to disable it if necessary. It is enabled by
default here since it remains disabled by default at run-time:
/set colors_ansi_24bit
Bumps PKGREVISION.
"Go for it" maya@
v1.0.4 2017-07-07 The Irssi team <staff@irssi.org>
- Fix null pointer dereference when parsing invalid timestamp (GL#10,
GL!15). Reported by Brian 'geeknik' Carpenter.
- Fix use-after-free condition when removing nicks from the internal
nicklist (GL#11, GL!16). Reported by Brian 'geeknik' Carpenter.
- Fix incorrect string comparison in DCC file names (#714).
- Fix regression in Irssi 1.0.3 where it would claim "Invalid time '-1'"
(#716, #722).
- Fix a bug when using \n to separate lines with expand_escapes (#723).
- Retain screen output on improper exit, to better see any error
messages (#287, #721).
- Minor help update (#729).
- Fix out of bounds read when scanning expandos (GL!11).
- Fix invalid memory access with quoted filenames in DCC
(GL#8, GL!12).
- Fix null-pointer dereference on DCC without address (GL#9, GL!13).
- Improve integer overflow handling. Originally reported by
oss-fuzz#525 (#706).
- Improve nicklist performance from O(N^2) to O(N) (#705).
- Fix initial screen redraw delay. By Stephen Oberholtzer
(#680, bdo#856201).
- Fix incorrect reset of true colours when resetting background. (#711).
- Fix missing -notls option in /SERVER. By Jari Matilainen (#117, #702).
- Fix minor history glitch on overcounter (#462, #685).
- Improved OpenSSL detection at compile time. By Rodrigo Rebello (#677).
- Improved NetBSD Terminfo detection. By Maya Rashish (#694, #698).
- Add missing syntax info for COMPLETION (#687, #688).
- Minor typo correction in help. By Michael Hansen (#707).
From maya@
build, and this update includes a security fix.
v1.0.2 2017-03-10 The Irssi team <staff@irssi.org>
- Prevent some null-pointer crashes (GL!9).
- Fix compilation with OpenSSL 1.1.0 (#628, #597).
- Correct dereferencing of already freed server objects during
output of netjoins. Found by APic (GL!10, GL#7).
- Fix in command arg parser to detect missing arguments in tail place
(#652, #651).
- Fix regression that broke incoming DCC file transfers (#667, #656).
- Fix issue with escaping \ in evaluated strings (#669, #520).
This needs glib2 to run, and glib2 depends on perl, so no reason not to
support perl scripting here.
Requested by Dominik Bialy in PR 52008.
Bump PKGREVISION.
v1.0.1 2017-02-03 The Irssi team <staff@irssi.org>
- Fix Perl compilation in object dir. By Martijn Dekker (#602, #623).
- Disable EC cryptography on Solaris to fix build (#604, #598).
- Fix incorrect HELP SERVER example (#606, #519).
- Correct memory leak in /OP and /VOICE. By Tim Konick (#608).
- Fix regression that broke second level completion (#613, #609).
- Correct missing NULL termination in perl_parse. By Hanno Böck (#619).
- Sync broken mail.pl script (#624, #607).
v1.0.0 2017-01-03 The Irssi team <staff@irssi.org>
* Removed --disable-ipv6 (#408).
* /connect Network now aborts with an error if no servers have been
added to that network (#443).
* /dcc commands now use quotes around spaces consistently.
* bell_beeps was removed (#524, #565).
* Switch to GRegex instead of regex.h (#412).
+ irssiproxy can now forward all tags through a single
port. By Lukas Mai (mauke, #425).
+ irssiproxy can also listen on unix sockets. By Lukas Mai (#427).
+ send channel -botcmds immediately when no mask is specified (#175, #399).
+ the kill buffer now remembers consecutive kills.
New bindings were added: yank_next_cutbuffer and append_next_kill
By Todd A. Pratt (#353, #414, #455)
+ connections will avoid looking up IPv6 addresses if the machine does
not have an IPv6 address assigned (exact behaviour is implementation
defined, #410).
+ Fix potential crash if scripts insert undef values into the completion
list (#413).
+ Paste warning is now also shown on pasting overlong
lines. By Manish Goregaokar (#426).
+ autolog_ignore_targets and activity_hide_targets learn a new syntax
tag/* and * to ignore whole networks or everything.
By Jari Matilainen (vague666, #437)
+ /hilight got a -matchcase flag to hilight case
sensitively. By Thibault B (isundil, #421, #476).
+ Always build irssi with TLS support.
+ Rename SSL to TLS in the code and add -tls_* versions of the -ssl_*
options to /CONNECT and /SERVER, but make sure the -ssl_* options continue
to work.
+ Use TLS for Freenode, EFnet, EsperNet, OFTC, Rizon, and IRC6 in the default
configuration.
+ Display TLS connection information upon connect. You can disable this by
setting tls_verbose_connect to FALSE.
+ Add -tls_pinned_cert and -tls_pinned_pubkey for x509 and public key pinning.
The values needed for -tls_pinned_cert and -tls_pinned_pubkey is shown
when connecting to a TLS enabled IRC server, but you can also find the
values like this: Start by downloading the certificate from a given IRC
server:
$ openssl s_client -connect chat.freenode.net:6697 < /dev/null 2>/dev/null | \
openssl x509 > freenode.cert
Find the value for -tls_pinned_cert:
$ openssl x509 -in freenode.cert -fingerprint -sha256 -noout
Find the value for -tls_pinned_pubkey:
$ openssl x509 -in freenode.cert -pubkey -noout | \
openssl pkey -pubin -outform der | \
openssl dgst -sha256 -c | \
tr a-z A-Z
+ Remove support for DANE validation of TLS certificates.
There wasn't enough support in the IRC community to push for this on the
majority of bigger IRC networks. If you believe this should be
reintroduced into irssi, then please come up with an implementation that
does not rely on the libval library. It is causing a lot of troubles for
our downstream maintainers.
+ /names and $[...] now uses utf8 string operations. By Xavier
G. (#40, #411, #471, #480).
+ New setting completion_nicks_match_case (#488).
+ /channel /server /network now support modify subcommand. By
Jari Matilainen (#338, #498).
+ Irssi::signal_remove now works with coderefs. By Tom Feist (shabble, #512).
+ /script reset got an -autorun switch (#540, #538).
+ cap_toggle can now be called from Perl, and fields
cap_active and cap_supported can be inspected (#542).
+ Make it possible to disable empty line completion. By Lauri
Tirkkonen (lotheac, #574).
+ New option sasl_disconnect_on_failure to disconnect when
SASL log-in failed (#514).
- IP addresses are no longer stored when resolve_reverse_lookup is
used.
- Removed broken support for curses (#521).
- Removed broken dummy mode (#526).
- Fix terminal state after suspend (#450, #452).
- Improve Perl library path detection (#479, #132).
- Reconnect now works on unix connections (#493).
- Fix completion warnings (#125, #496, FS#124).
- Fix a crash in the --more-- item (#501).
- Fix a display issue in /unignore (#517, bdo#577202).
- Fix a crash in some netsplits (#529, #500).
- Fix crashes with some invalid config (#550, #551, #563, #564, #587, #581, #570).
- Add support for SASL Fragmentation. By Kenny Root (kruton, #506).
- Improve netsplit dumping (#420, #465).
- Improve responsibility under DCC I/O strain (#578, #159).
- Fix query nick change on open (#580, #586).
- Correct a few help texts.
irssi 0.8.21 is a maintenance release without any new features.
Changes:
- Correct a NULL pointer dereference in the nickcmp function found by
Joseph Bisch (GL#1)
- Correct an out of bounds read in certain incomplete control codes
found by Joseph Bisch (GL#2)
- Correct an out of bounds read in certain incomplete character
sequences found by Hanno Böck and independently by J. Bisch (GL#3)
- Correct an error when receiving invalid nick message (GL#4, #466)
previously it would create a world readable file containing chat
logs when /upgrade was used.
while a security fix, you have to jump through many hoops to be
affected by it - we don't enable perl scripts by default, we
don't run that perl script by default, and you'd have to know that
/upgrade exists in the first place, and run on a system where world
readability of files is a concern.
still, grab upstream update, bump PKGREVISION.
catch up with irssi-icb, irssi-xmpp distinfo (they grab irssi versioned
file).
comment out part of irssi-xmpp makefile which is breaking the build.
irssi 0.8.20 changes:
- Correct the name of an emitted sasl signal (#484)
- Correct the prototype for the 'message private' signal (#515)
- Corrections in away and hilight help text (#477, #518)
- /squery and /servlist commands have been restored.
- Where Irssi would previously only report "System error" on connect,
it will now try harder to retrieve the system error message.
- Fixed issue with +channels not working properly (#533)
- Fixed crash in optchan when item has no server (#485)
- Fixed random remote crash in the nicklist handling (#529)
- Fixed remote crash due to incorrect bounds checking on
formats, reported by Gabriel Campana and Adrien Guinet from
Quarkslab.
Changes:
v0.8.19 2016-03-23 The Irssi team <staff@irssi.org>
- Fixed regression when joining and parting channels on IRCnet (#435)
- Fixed SASL EXTERNAL (#432)
- Fixed regression when not using SASL (#438)
- Fixed incorrect SSL disconnects when using SSL from modules/scripts
(#439)
- Fixed regression where proxy_string could not be configured or
certain file transfers could not be accepted (#445)
- Fixed storing layout of !channels (#183)
- Fixed restoration of bracketed paste mode on quit (#449)
- Make the usage of meta-O for cursor keys configurable with
/set term_appkey_mode off
v0.8.18 2016-02-13 The Irssi team <staff@irssi.org>
* Modules will now require to define a
void MODULENAME ## _abicheck(int *version)
method to ensure that they are compiled against the correct Irssi
version.
* The signature of "message private" has been changed to
5: server, message, nick, address, target
in order to support "self messages". Module authors should
implement this change if they are using this signal.
* Removing networks will now remove all attached servers and channels
(#45).
* The proxy module now has an /irssiproxy command.
* sb_search has been moved to scripts.irssi.org
* WIN32 has been completely removed (it had not been working and is
lacking a maintainer.)
* Garbage Collection support has been removed. This will hardly have any
effect for anyone given that it has been unsupported for several years.
+ CAP SASL PLAIN login is now supported natively.
+ Paste bracket markers can be requested from terminal with
/set paste_use_bracketed_mode on
+ "Self messages" generated by some bouncers can now be received in the
proper window.
+ Try to split long lines on spaces to avoid words being splitted. Adds
a new option: 'split_line_on_space' which defaults to on.
+ Add setting hilight_nick_matches_everywhere (#56).
+ The config parser is more robust and prints out better diagnostics on
incorrect config files.
+ Ctrl+^ (FS#721) and Ctrl+J can now be bound.
+ Command history can be cleared with /window history -clear
+ /hilight -mask -line is now supported (FS#275).
+ CHANTYPES are now supported.
+ Improved reload speed of ignores.
+ Add -date feature to /lastlog
+ irssiproxy can be more easily enabled and disabled.
+ Expando for hostname (FS#829).
+ UNIX sockets can now also be specified in the config file.
+ Disable SSLv3 due to the POODLE vulnerability.
+ SSL ciphers can now be specified per server.
+ Added SNI support for SSL.
- /ignore now respects -pattern on merge (#78).
- irssiproxy (BNC) module now uses correct line endings.
- Fix missing lines on large pastes (FS#905).
- Correctly preserve STATUSMSG prefixes (#291).
- Fix infinite recursion in key bindings (FS#817).
- Fix incomplete awaylog caused by buffering.
- Fix calculation of UTF-8 string length display in some cases.
- Fix some Perl warnings related to @ISA.
- EXEC windowitems now get proper references on the Perl side.
- Incremental help file improvements.
- ANSI attributes are now properly reset.
- Fixed regression where text would blink when terminal lacks color
support.
- Permit the usage of Freenode extban syntax in /ban (#150)
- Fixed regression in scriptassist on unload of scripts.
- Fixed regression in -actcolor %n
Problems found with existing distfiles:
distfiles/icb-5.0.9.tar.gz
distfiles/icb.2.1.4.tar.Z
distfiles/zenicb-19981202.tar.gz
No changes made to these /distinfo files.
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
