that these directories will be conditionally removed (based on reference
counts), regardless of the value of PKG_CONFIG. Bump the PKGREVISION
for packages that were modified as a result.
as the INSTALL and DEINSTALL scripts no longer distinguish between
the two types of files. Drop SUPPORT_FILES{,_PERMS} and modify the
packages in pkgsrc accordingly.
"this release of gaim has a few security fixes which mirror
the effects of patch-ae patch-af patch-ag"
ChangeLog says:
version 1.5.0 (8/11/2005):
* Ability to set IRC quit message (Lalo Martins)
* OSCAR file transfers now work for 2 users behind the same NAT
(Jonathan Clark)
* Yahoo! buddy requests to add you to their buddy list now prompt for
authorization
* Added a /clear command for conversations/chats
* Fixed ICQ encoding for messages with offline ICQ users
(Ilya Konstantinov, SF Bug #1179452)
* Default Yahoo! chat roomlist locale to 'us'
file's sole purpose was to provide a dependency on pkg-config and set
some environment variables. Instead, turn pkg-config into a "tool"
in the tools framework, where the pkg-config wrapper automatically
adds PKG_CONFIG_LIBDIR to the environment before invoking the real
pkg-config.
For all package Makefiles that included pkg-config/buildlink3.mk, remove
that inclusion and replace it with USE_TOOLS+=pkg-config.
- An error in the handling of away messages can be exploited to cause
a heap-based buffer overflow by sending a specially crafted away message
to a user logged into AIM or ICQ.
Successful exploitation allows execution of arbitrary code.
- An error in the handling of file transfers can be exploited to crash
the application by attempting to upload a file with a non-UTF8 filename
to a user logged into AIM or ICQ.
Patches from RedHat.
will install Perl modules into the "vendor" directories:
chat/vicq math/udunits
databases/rrdtool mbone/beacon
devel/p5-subversion
Bump their PKGREVISIONs.
"Multiple "memory alignment errors" in libgadu, as used in ekg before 1.6rc2
and other packages, allows remote attackers to cause a denial of service (bus
error) on certain architectures such as SPARC via an incoming message."
Bump PKGREVISION, patch from Gaim CVS.
The jabberd project team is pleased to announce the release of jabberd 2.0s9.
This is a security release. There is a buffer overflow that could be used to
perform a DoS attack and possible code execution. It is *HIGHLY* recommended
that you upgrade!
ChangeLog:
* fixed only one user is loaded correctly for each router acl
* fixed s2s segfault under particular connection timeout conditions
* fixed id is being case sensitive
* fixed Users cannot login after a long period of server inactivity
* fixed handling of stream errors
* fixed version attribute reply in stream
* fixed c2s glibc abort and mysql option flags
* fixed sx io mem leak
* fixed Incorrect SASL error message defined in sx/sasl.c
* fixed 3 buffer overflows in jid.c
* fixed second log-in in with similar resource breaks routing for first login
Main changelog entries are:
Security:
- Fixed a bug in http_encode that might have caused buffer overflows
(although not likely to be exploitable) when trying to encode strings
with non-ASCII characters.
- Newline stripping added to prevent newline-in-friendlyname attacks.
(Which allowed remote people to make BitlBee send raw custom IRC lines.)
Bugs:
- Many crashes
- Yahoo! cleanup code to avoid 100% CPU time usage
- fixes for ICQ and MSN
approved by wiz@
3 May 2005:
- Released 2.0.2
- Fix to co-exist more nicely with other encrypting gaim plugins.
1 Mar 2005:
- Initial autoconfiscation, thanks to Greg Troxel <gdt@ir.bbn.com>.
around at either build-time or at run-time is:
USE_TOOLS+= perl # build-time
USE_TOOLS+= perl:run # run-time
Also remove some places where perl5/buildlink3.mk was being included
by a package Makefile, but all that the package wanted was the Perl
executable.
easily controllable IRC client for your other POE components and sessions.
You create an IRC component and tell it what events your session cares about
and where to connect to, and it sends back interesting IRC events when they
happen. You make the client do things by sending it events.
changes since 1.3.1:
* Fix system log start times for some protocols
* SILC compiles with newer SILC toolkit versions (Pekka Riikonen)
* Fixed a bug where buddy icon cache files were left in the icon
cache directory after they were no longer in use.
* Attempt to detect the file type of a buddy icon when saving.
* Additional Yahoo! boot protection (Peter Lawler)
* A few Yahoo! memory leaks plugged (Peter Lawler)
* Fixed handling of the new Yahoo! profile page. (Joshua Honeycutt,
Peter Lawler)
* Fixed localized Yahoo! room lists. Please refer to the Yahoo!
section of the Gaim FAQ for details. (Peter Lawler)
* Enabled sending files to ICQ users using ICQ 5.02 and newer
(Jonathan Clark)
passing -Xc to sunpro defines __STDC__=1 and the build fails in
ircsig.c because <signal.h> only declares sigaction if __STD__=0.
fixes build on Solaris w/ sunpro.
Changes:
2.9.4
(1) SSL support can now be used incoming.
(2) Added three new configuration entries to handle new features:
listenex [--ssl][--limit <maxusers>][--localhost <hostname>] <port>
privatekey <filename>
publickey <filename>
2.9.3
(1) SECURITY FIX: FD_SETSIZE overflow DOS
(2) SSL support can now be used if configured with --with-ssl
SSL connection is done by passing -s
ex. /quote conn -s ircs.server
Note: this is only partially secure since SSL is only supported
outgoing.
2.9.2
(1) Added flush to logging
(2) General code changes to fix compiling on some compilers
(3) Fixed problems binding to listening address
2.9.1
(1) SECURITY FIX: password check, was only letting incorrect passwords in
(2) Fixed IP binding on listen
2.9.0
(1) Added trailing newlines to log records
(2) Added extra error handling on accepting connections
(3) Fixed buffer overflow in getnickuserhost (reported by Leon Juranic)
(4) Added extra check for gethostbyname2
(5) Made password check more thorough
(6) Fixed ipv6 dns resolving to random ipv4
2.8.9
(1) Fixed backspace security flaw (reported by Yak)
(2) Fixed compile errors related to compound statements
(3) Rewrote logic of /vip command
(4) Rewrote docked session listing code
2.8.8
(1) Added support for setting a specific IP to listen on
(listen <[host:]port> [maxusers])
(2) Enhanced bncsetup to use new conf format and new question to handle
specific host entering.
(3) Changed the Makefile to list libraries last, some crypt libraries
predefined their own main function which prevented compiling.
(4) Reorganized the connection code to fix a bug where a user gets
disconnected while connecting to an irc server.
(5) Socket length was not being set before accept. (Thanks chris)
(6) Removed old hack code for systems that do not support snprintf.
(7) Increased error checking in recv code.
(8) Better parsing of messages
(9) Server buffers always cleared when connecting to a new server.
(10) Initial IPv6 support. Added -6 option to the CONN command
(i.e. CONN -6 irc.ipv6.org) which is only necessary on ambigious
addresses or when connecting via dns.
(11) Listen host can be specified in conf as an ipv6 address by putting
the address in []'s (i.e. LISTEN [2000:610:0:23::]:6669)
Requested by Peter Avalos <pavalos@theshell.com> in private e-mail.
the modules are statically-linked into the ircservices executable.
This fixes the installation of chat/ircservices on platforms where
dlopen() doesn't obey its "mode" argument, e.g. RTLD_NOW. Unfortunately,
NetBSD/amd64 currently falls into this category (port-amd64/30570),
but this will also fix installation on any a.out NetBSD or OpenBSD
platform.
Approved for commit during the deep freeze by <agc>.
Changes:
1.0:
====
Only minor bugfixes were made to the previous version.
- Fixed channel public key list saving on backup router on JOIN
command reply.
- New optimized logging.
0.9.21:
=======
A small bugfix release.
- Added default limit how many channels one client can join (50).
- Added missing getopt.[ch].
- Fixed compilation with pkg-config files
0.9.20:
=======
A bugfix release to the SILC Server. In addition of various bugfixes,
this version now also includes new math library that from now on will be
included in all SILC distributions.
- Added more liberal channel names from the previous more stricter
identifier string change.
- Added SERVICE command to server, though services aren't supported yet.
- Fixed MOTD command to send empty reply if motd does not exist.
- Fixed LIST command.
- Fixed query to stop if client goes away.
- Added pkg-config check to the configure.
- Several other bugfixes were made.
