A security and bug fix release. The security aspect is to mitigate the
"billion laughs" denial-of-service attack against XML parsers and XMPP
servers.
Other changes:
- Reject XML DTDs, comments and processing instructions, preventing
the "billion laughs" attack
- Switch to MEDIUMTEXT in the schema for MySQL to avoid truncating
large data (such as large avatars)
Prosody automatically upgrades the table in-place if possible, see:
http://prosody.im/doc/mysql
- Fix for endless loop when parsing certain invalid JSON
- Fix PostgreSQL compatibility in prosody-migrator
- Fix timestamp parsing for DST (affecting MUC scrollback retrieval)
- mod_legacyauth now correctly disabled for unencrypted connections by default
- Components properly inherit SSL settings and certificates from their
'parent' hosts
- Prevent startup with no VirtualHost entries in the config file
Small list of changes:
2.1.7
* BOSH: Keep the order of stanzas when BOSH sends several
* CAPTCHA in MUC: New whitelist option
* CAPTCHA: New captcha_limit option
* Core: Disable all entity expansions
* Core: Do not accept XML with undefined prefixes
* ejabberdctl: New DIST_USE_INTERFACE restricts IP erlang listen
* ejabberdctl: New ERL_EPMD_ADDRESS that works since Erlang/OTP R14B03
* extauth: If script crashes, ejabberd should restart it
* If a module start fails during server start, stop erlang
* mod_blocking: New XEP-0191 Simple Communications Blocking
* mod_pres_counter: Prevent subscription flood
* mod_register: Access now also controls account unregistrations
* mod_shared_roster: Fix support for anonymous accounts in @all@
* mod_shared_roster: New @online@ directive
* New Indonesian translation
* Pubsub: Apply filtered notification to PEP last items
* Pubsub: Owner can delete any items from its own node
2.1.6
* BOSH: Fix rare loop, support vhosts, allow module restart
* Config: Default configuration allows registrations only from localhost
* Config: Support to change loglevel per module at runtime
* Erlang/OTP: Fix compatibility from R10B-9 to R14B01
* ODBC: Compatibility with PostgreSQL 9.0
* Privacy lists: Fix to allow block by group and subscription again
* Pubsub: Fix cross domain eventing
* Register: Added CAPTCHA, password strength and ip_access to mod_register
* Register: New mod_register_web, with CAPTCHA support
* S2S: New options to require encryption, and verify certificates
* Shared Rosters: Added mod_shared_roster_ldap
* Bind listener ports early and start accepting connections later
* Prevent the "billion laughs" attack against expat by disabling internal
entity expansion.
* Shortcut DNS resolution failure in cases when given domain name is invalid
* Explicitly link libcrypt to authreg_mysql
* Removed xconfig - it's not used anywhere
* require python builtin sqlite3 module, PR#44968.
* require python>=25.
* drop avahi option from suggested. it require avahi-python, but python option
of net/avahi is disabled by default.
Bump PKGREVISION.
- warn the user if the IRCHOST may be wrong
- make /save save /ignore'd things
- remove K&R C support
- remove many old UNIX platforms support
- avoid a spurious SIGALRM
- avoid printing some 8-bit unprintable chars
- add support for modern qnx
General:
* Our bundled libgadu should now build on HP-UX.
* Fix some instances of file transfers never completing.
Pidgin:
* Sort by Status no longer causes buddies to move around when you click them.
* Fix embedding in the system tray on older GTK+ releases (such as on CentOS
5.5 and older Fedora).
* No longer require libstartup-notification for startup notification support.
GTK+ has included support for years, so use it instead.
AIM:
* Fix a bug where some buddies from your buddy list might not show up.
Affected non-English ICQ users the most.
* Send keepalives for all types of network connections. Will hopefully make
chat rooms more reliable.
MSN:
* Fix bug that prevented added buddies to your buddy list in certain
circumstances.
MXit:
* MXit plugin and reported client version now follow the libpurple version.
* Don't try to request profile information for non-user contacts.
* Allow Re-Invite for contacts in Deleted or Rejected state.
* Ensure we don't send packets too fast to the MXit server and trigger its
flood-detection mechanism. Also increased the internal packet queue to 32
packets.
XMPP:
* Fix building on platforms with an older glib (inadvertantly broken in 2.7.10).
* Don't treat the on-join status storms as 'new arrivals'.
* Extend the /join command to support room JIDs, enabling you to join a room on
any server.
* Add support for receiving a limited amount of history when joining a room
(not currently supported by Pidgin and Finch).
Yahoo!/Yahoo! JAPAN:
* Fix CVE-2011-1091, denials of service caused by NULL pointer dereferences due
to improper handling of malformed YMSG packets.
Fix for SA43543 and update kindly provided by gls@
This is a major release, with lot of bugs fixed and major new features.
Among the new features:
- 256 colors support, with unlimited number of nick colors
- irc proxy (relay plugin)
- redirection of IRC commands
- command /notify
- rmodifier plugin
- regular expressions for highlights
- color support for timestamp in chat buffer
- irc option to force color for some nicks
- share input line between buffers.
Upstream changes:
After ~5 years without a release 0.5.10 is now available. This is actually just
0.5.9 with one security fix:
CVE-2011-0050: XSS in R param in nonjs interface
Thanks to Michael Brooks (Sitewatch) for discovering this.
pkgsrc changes:
- Update MASTER_SITES and HOMEPAGE to point to cgiirc.org
- Add LICENSE
* Lots of XMPP improvements (user interface, new priv command to handle
privacy lists, incorporate non-ancient libiksemel, might now work under
AmigaOS).
Changes 0.7:
* Switch to directly use libiksemel, i/o layer restructuring.
* Force video sources to all have the same capabilities. This reduces the number of times video must be scaled down, saving CPU time.
* Starting multiple video calls and ending one no longer causes the other calls
to stop sending audio and video.
* Perl bindings now respect LDFLAGS.
* Added AddTrust External Root CA.
* Resolve some issues validating X.509 certificates signed off the CAcert Class
3 intermediate cert when using the GnuTLS SSL/TLS plugin.
spectrum is a XMPP transport using libpurple as a basis.
It provides transports/gateways to a large number of libpurple supported
IM systems, including AOL, Facebook, ICQ, IRC, Yahoo and MSN.
gloox is a rock-solid, full-featured Jabber/XMPP client library,
written in C++. It makes writing spec-compliant clients easy and
allows for hassle-free integration of Jabber/XMPP functionality
into existing applications.
Changed MAINTAINER to my netbsd.org address (from eric@cirr.com)
Renamed existing patches to follow new convention
patch-aa -> patch-Makefile
patch-af -> patch-configure
Added patches to cure segfaults found since 2.2.11's release
patch-router_router.c correct a segfault in the router
patch-s2s_out.c Resolver doesn't return IPv4 Address if
resolve_aaaa (IPv6) is enabled
patch-sm_sm.c fix segfault when debugging is turned on/up
* Optimization: A bunch of patches by M. Doliner (see svn log for more details)
* Feature: Allow the service admin to see the occupants of every rooms
* Feature: Allow the service admin to enter a room with nicknames locked even
if his nickname isn't the one needed
* Feature: option to disable room logging on the whole component
* Feature: option to save room log files in subdirectories according to date
* Feature: Patch by Smoku to hide empty rooms from disco/browse lists
* Bugfix: Two vulnerabilities in mysql module
* Bugfix: send code=110 when needed according to XEP-0045
* Bugfix: Fix crash when changing roles
* Bugfix: Fixed a bug when entering/leaving a room, it was considered as a nick
change
* Bugfix: Corrected the errors sent by mu-conference
* Bugfix: Better error code when choosing a nick not conform with the room
policy
* Bugfix: Fixed a segfault in the decline messages handler
* Bugfix: Avoid a segfault when asking unique room name with a too big user jid
* Bugfix: going in an infinite loop if the user invite the jid ""
* Bugfix: Changed error handling
- Don't kick a user if the message error is not delivery-related,
otherwise user could be kicked when refusing a file transfer for example
- If the user is not kicked, don't discard the error, send it to the
other user/chatroom
* Bugfix: Hide XEP-0203 delay nodes when sending back presences stanzas
John: Just a quick release for a security fix here. Elliott has not
yet had a chance to work on the MSN breakage that's been present in
the last couple releases, but we hope he can do it before 2.7.10!
Changes 2.7.8:
Elliott: OK, so I know a few things broke with the last release, and
it's too bad we had to rush it for that silly certificate thing that
the MSN people can't configure properly. I've certainly done a lot of
small fixes this time, but it's too bad we haven't been able to get the
transfers with the official client fixed yet. I promise it'll be in
the next release (barring any quick security issues).
John: So, it's been about a month since we last released. Again, we've
assembled a bugfix release for your enjoyment. While a few commonly
reported bugs remain, particularly in MSN, we're working on it for the
next release. In the meantime, Merry Christmas and enjoy!
Changes 2.7.7:
John: Well, this time around, we should finally have the certificate
issue really and fully fixed for all of you MSN users. Also, we have
a few AIM-related fixes in this release, most notably the fix for the
new "SSL Handshake Failure" message some of you got after upgrading.
That one was an oversight on our part. Enjoy the fixes!
and sysutils/nautilus-sendto to use the new devel/glib2/schemas.mk logic to
properly recompile the GSettings database during install/deinstall.
Bump PKGREVISION for these packages.
(This lets evince work in my machine; it would crash on startup because
it would not find its schema. I suspect this also fixes all the other
applications mentioned in this change. And the inclusion of schemas.mk
also prevents these packages from causing side-effects on the system if
they happen to call glib-compile-schemas during their build.)
Change log:
Main changes in 0.11.0
* New tabbed user interface. Tab headers now occupy several rows and
tab bar can be docked to the left and right sides of chat window
* Roster filter
* Added support for pixmaps (in particular emoticons) JISP archives
(XEP-0038)
* Added support for SOCKS4a and SOCKS5 proxy for the main connection
* Added user location support (XEP-0080)
* Added user mood support (XEP-0107)
* Added user activity support (XEP-0108)
* Added user tune support (XEP-0118)
* Added entity capabilities (XEP-0115 v.1.5, only reporting) support
* Added basic robot challenges support (XEP-0158, v.0.9)
* Added partial data forms media element support (XEP-0221, v.0.2,
URIs and images only)
* Roster is now exported to XML instead of Tcl list
* Added support for entity time (XEP-0202)
* Tkabber version is now reported in disco#info (XEP-0232)
* Moved deprecated Jabber Browser (XEP-0011) to an external plugin
* Moved Jidlink file transfer to an external plugin
* Added several new plugins: attline, ctcomp, custom-urls,
floatinglog, gmail, openurl, presencecmd, receipts
* Many fixes and enhancements
Changes
-------
New in 0.14
- Added color options to the chat window.
- Can now specify a reason for kick/ban in groupchat.
- Improved User Info window, to show more fields and photo view/save.
- Support for Enchant as an alternative to Aspell.
- Commandline interface now supports choosing profile and setting status.
- D-BUS interface now supports setting status and indicating sleep/wake.
- Fixed voice calling compatibility bugs with Pidgin and Empathy.
- Various other minor improvements and bugfixes.
New in 0.13
- Voice calls (Jingle RTP).
- Basic XMPP URI handler.
- Ability to permanently trust certificates at connect time.
- Mini command system (Ctrl+7 in chat window).
- Various bugfixes.
-D_SOCKADDR_LEN to CFLAGS.OSF1. DU has system headers that sometimes
provide the 4.4BSD length field and sometimes not, depending on which
_FOO_SOURCE things you define and other factors. The package's
configure script isn't coping; it's not fully clear why but it looks
like it's using different CFLAGS for configure tests and building, or
something like that...
PR 42474.
WIP package worked on by tonnerre, shattered, netcap, shindenmorr,
rillig, vstakhov.
Gajim is a Jabber client written in PyGTK. The goal of Gajim's developers
is to provide a full featured and easy to use xmpp client for the GTK+
users. Gajim does not require GNOME to run, eventhough it exists with it
nicely. Gajim is released under the GNU General Public License
FEATURES:
* Tabbed chat windows
* Group chat support (with MUC protocol)
* Emoticons, Avatars, File transfer, URL grabber, Bookmarks
* Systray icon, Speller
* TLS and GPG support (with SSL legacy support)
* Transport Registration support
* Service Discovery including Nodes
* Wikipedia, dictionary and search engine lookup
* Multiple accounts support
* DBus Capabilities
* XML Console
alternative from mk/jpeg.buildlink3.mk
This allows selection of an alternative jpeg library (namely the x86 MMX,
SSE, SSE2 accelerated libjpeg-turbo) via JPEG_DEFAULT=libjpeg-turbo, and
follows the current standard model for alternatives (fam, motif, fuse etc).
The mechanical edits were applied via the following script:
#!/bin/sh
for d in */*; do
[ -d "$d" ] || continue
for i in "$d/"Makefile* "$d/"*.mk; do
case "$i" in *.orig|*"*"*) continue;; esac
out="$d/x"
sed -e 's;graphics/jpeg/buildlink3\.mk;mk/jpeg.buildlink3.mk;g' \
-e 's;BUILDLINK_PREFIX\.jpeg;JPEGBASE;g' \
< "$i" > "$out"
if cmp -s "$i" "$out"; then
rm -f "$out"
else
echo "Edited $i"
mv -f "$i" "$i.orig" && mv "$out" "$i"
fi
done
done
Patch provided by gls@
Changes:
Version 3.0.1 (released 2010-11-24) hilights:
- MSN login fixes, Jabber (3.0 had a bug that made Jabber contacts never go
offline), some other minor IM module fixes (including the new default ICQ
login server).
- Fixed build issues on some non-Linux systems.
- Minor bugfixes/improvements.
- Made balloon time adjustable via /set input_balloon_time (Nicoleau Fabien).
- Fixed a crash in the /SET command if a boolean value was loaded from config
file that isn't set to 0 or 1.
- Added -on and -off parameters to the /SET command. This can be used to set
bits, for example gui_tweaks.
- Made scrolling backwards for the search window act better (Richard Hitt).
- [2045483] Made ESC key close the search window (Richard Rowell).
- Improved the reconnect logic. If a network is already open but disconnected,
it'll now get re-used if you use the Network List and connect to that same
network.
- Improved scrollback reloading speed significantly (Soeren Sandmann Pedersen).
- [2957047] Handle CTCPs when IDmsg is used correctly (Lian Wan Situ).
- [2987626] Allow /GHOST's password arg to be optional (Ori Avtalion).
- Added networks: 7-indonesia, ChattingAway, GeekShed, TURLINet.
- When switching tabs, make the treeview only scroll if the selected item
isn't visible [treeview-less-jumping.diff] (Brian Evans).
- Selecting an item in the nickmenu will now copy it to clipboard (Alex
Kutepow).
- New icons for notification area (systray): file offer, message and highlight
(Brian Evans).
- Defined a comparison routine for contexts in Python (Brian Evans).
- For the auto-join command, added an 'x' filler for empty keys. This works
around a bug in ircd-seven.
- When a single channel MODE changes, xchat will no longer re-issue a MODE
request for the titlebar display, but figure the new modes intelligently
(Brian Evans).
- Various text event changes (Brian Evans):
1. Added "Private Action", "Private Action to Dialog", "SSL Message".
2. Added "Identified text" parameter all the 'action' events.
3. Added a $3 parameter to "Server Text".
- Perl (Lian Wan Situ)
* Fixed a bug that resulted in timer hooks being leaked because
"return REMOVE" from a timer callback was not unhooking like it was
supposed to
* Reverted the unintentional change to how the server argument of print()
and command() is interepreted when it is undef
* Add hook_fd to the 'hooks' export tag
* Fixed a leak in XS_Xchat_get_list(Vincent Pit)
* Change Xchat::register so that scripts calling it without a name or
version will still show up in the plugins and scripts window.
* Added calls to PERL_SYS_INIT3 and PERL_SYS_TERM which are required on
some platforms
* Added some additional guards to prevents bits of scripts from spilling
into each other
* Added "modes", "win_ptr" and "xchatdirfs" to the list of keys that are
returned by context_info()
* Changed the information displayed in the "Plugins & Scripts" for scripts
that do not call register() to show up as "" for the name and description
and "unknown" for the version
* /reloadall will now reload scripts in the same order they were loaded
* Make xchat_send_modes available as Xchat::send_modes
* Add support for getting the network list using Xchat::get_list( "networks" )
* Xchat::strip_code will now strip off ANSI escape codes as well
* Use length with route keys
* closefd during main loop
* ported router connection closing improvement from cwave
* fix potential segfault in a call to xhash_putx()
* enforce iq type
* Fixed packet jabber:server -> jabber:client namespace mangling
* Fixed attribute namespace handling in NAD parser
* Fixed missing reference in log_error
Version 3.0 (released 2010-10-22) hilights:
* Lots of stuff, see the development version below.
* MSN protocol module was rewritten. This fixes some problems many people were
having with the old code lately, and adds support for things like status
messages and offline messages.
* The bitlbee-otr branch is now merged into mainline, which means you can
compile BitlBee with OTR encryption support, if you want, without any need
for patches/alternative branches.
* Many more fixes, small changes, etc. Just read the full non-bzr changelog for
all details.
Konversation 1.3.1 is a maintenance release that improves program behavior
and fixes defects.
Konversation 1.3 debuts a major new feature in the area of
Direct-Client-to-Client (DCC) support: An implementation of the DCC
Whiteboard extension that brings collaborative drawing - think two-player
Kolourpaint - to IRC. It also brings back the integration with KDE's SSL
certificate store the KDE 3 version enjoyed and expands support for
auto-away to the Windows and Mac OS X platforms thanks to both recent
advances in the KDE 4 platform and new code in Konversation. Interface
tweaks, new keyboard shortcuts and many bugfixes round things out.
Prosody is a flexible communications server for Jabber/XMPP written in Lua.
It aims to be easy to use, and light on resources. For developers it aims
to be easy to extend and give a flexible system on which to rapidly develop
added functionality, or prototype new protocols.
(Based on wip/prosody.)
0.85 - 9/10/2010
* Pretends to be iChat instead of an old version of AIM,
due to AIM blocking older clients
* Please note that bsflite is no longer in active development.
Any updates at this point will be minor. Since I do not use
AIM myself these days I am interested in finding somebody
interested in taking over bsflite development.
6.39 Sat Sep 4 02:16:28 UTC 2010
- AutoJoin.pm: Allow channel keys to be undefined
- Make the 'nickserv' command do the right thing on ratbox ircds
- Add a server_version() method
6.38 Fri Sep 3 18:33:50 UTC 2010
- Only process the first CTCP chunk we find in a message. This prevents
someone from flooding our outgoing queue by having us e.g. reply to 20
VERSION requests at a time.
- CTCP.pm: Reply to VERSION with "dev-git" when no version is available.
6.37 Tue Aug 17 22:53:22 GMT 2010
- Make all warnings fatal
- Use real temp files in tests instead of littering the dist directory
6.36 Mon Jul 26 03:53:50 GMT 2010
- Added a logged_in() method to see if we're logged into IRC
6.35 Sun Jun 27 09:32:22 GMT 2010
- Disconnecting.pod: Mention when it is appropriate to use
C<< $irc->yield('shutdown') >>.
- Connector.pm: Clear the reconnect timer when the plugin is deleted so
that we can actually shut down the IRC component.
- Depend on POE::Component::Pluggable 1.26 for irc_plugin_error
6.34 Fri Jun 25 18:16:40 GMT 2010
- CTCP.pm: Do "use POE::Component::IRC;" to avoid weird failures when
this plugin is compiled by code which hasn't done the same.
6.33 Mon Jun 21 20:27:42 GMT 2010
- BotCommand.pm: Allow user to choose how help messages are delivered
- BotCommand.pm: Require the command prefix in private messages
- BotCommand.pm: Make the help messages more context-sensitive
- BotCommand.pm: Add support for custom auth checks
- BotCommand.pm: If Eat == 1, we eat everything that looks like a command
- Cookbook: Add Gtk2 example by Damian Kaczmarek
- Logger.pm: Support a hook for custom log storage
- IRC.pm: Remove redundant version() method
- Convert distribution over to Dist::Zilla
Short list of changes:
* Erlang/OTP R12 support fixed
* Erlang/OTP R14A support added
* OpenSSL 0.9.8 or higher is required
* BOSH: New optional connection attribute process-delay
* C2S: Don't ask for client certificate when using tls
* C2S: Inform client that SSL session caching is disabled
* CTL: Fix problem when FIREWALL_WINDOW options for erl kernel were used
* CTL: Some systems delete the lock dir; in such case don't use Flock at all
* Caps: Support all the hash functions required by XEP-0115
* Config: Fix typo in --enable-transient_supervisors
* Config: New configure option: --enable-nif
* Extauth: Support parallel script running
* MUC: Allow admins to see private rooms in disco
* ODBC: Correct handling of SQL boolean types
* ODBC: Discard too old queued requests (the caller has already got a timeout)
* ODBC: Fixes wrong SQL escaping when --enable-full-xml is set
* ODBC: Use ets insead of asking supervisor in ejabberd_odbc_sup:get_pids/1
* Pubsub: Enforce disco features results
* S2S: When logging s2s out connection attempt or success, log if TLS is used
* Shared Rosters: When account is deleted, delete also member
of stored rosters
* Lots of little incremental bug fixes and enhancements in this release.
* Finally got some fixes out there for you Yahoo users behind some
particularly annoying firewalls and proxies, among other fixes. Enjoy!
Changes 2.7.2:
* We discovered a security issue in Pidgin 2.7.0 and 2.7.1 and decided to
release a patched version quickly. This release contains the fix for that
crash, and a few other minor fixes.
* Lots of little incremental bug fixes and enhancements in this release.
* Finally got some fixes out there for you Yahoo users behind some
particularly annoying firewalls and proxies, among other fixes. Enjoy!
Changes 2.7.2:
* We discovered a security issue in Pidgin 2.7.0 and 2.7.1 and decided to
release a patched version quickly. This release contains the fix for that
crash, and a few other minor fixes.
* More string format fixes in silcd and client libary
* configure: changed AC_PROG_LIBTOOL order to fix disabling shared libs
* configure: check threads support in OpenBSD
* Fixed string format vulnerability in client entry handling
* Reported and patch provided by William Cummings
* silcd: Fixed IDENTIFY command reply handling for channels
Changes 1.1.18 (server):
* silcd: Added heartbeat support
* Added support for sending SILC_PACKET_HEARTBEAT packets to connection,
to make sure they keep alive and to detect if they have died
* Set SO_KEEPALIVE for all accept()ed sockets
* silcd: Fixed SIGUSR1 signal handling
* Fixed the SIGUSR1 signal handling which can be used to dump the server
internals to /tmp.
* Changed also End of Stream handling to handle NULL idata pointer instead
of ignoring the EOS in case it is NULL.
* Changed also the DETACH timeout handling to use the packet stream
directly instead of looking up client in the callback
* More string format fixes in silcd and client libary
to trigger/signal a rebuild for the transition 5.10.1 -> 5.12.1.
The list of packages is computed by finding all packages which end
up having either of PERL5_USE_PACKLIST, BUILDLINK_API_DEPENDS.perl,
or PERL5_PACKLIST defined in their make setup (tested via
"make show-vars VARNAMES=..."), minus the packages updated after
the perl package update.
sno@ was right after all, obache@ kindly asked and he@ led the
way. Thanks!
changes:
- Add properties to get the Farsight2 session and stream
- Recognize the shm transmitter
- Ignore invalidly empty strings in tp properties
- Fix -Wshadow warnings
Unreal3.2.8.1
- Fixes a security issue, which is exploitable (crash) when allow::options::noident
is in use.
Unreal3.2.8
==[ NEW ]==
- set::level-on-join: this defines which privileges a user receives when creating a
channel, default is 'chanop', the only other available setting is 'none' (opless).
- Away notification through WATCH: This allows clients to receive a notification
when someone goes away or comes back, along with a reason, a bit like IM's.
There's probably no current client supporting this but it would be a nice feature
in notify lists. Client developers: see Changes file for full protocol details.
This feature can be disabled by setting set::watch-away-notification to 'no'.
- Spamfilter: Slow spamfilter detection: For each spamfilter, Unreal will check,
each time it executes, how long it takes to execute. When a certain threshold is
reached the IRCd will warn or even remove the spamfilter. This could prevent a
spamfilter from completely stalling the IRCd. Warning is configured through
set::spamfilter::slowdetect-warn (default: 250ms) and automatic deletion is
configured by set::spamfilter::slowdetect-fatal (default: 500ms).
You can set both settings to 0 (zero) to disable slow spamfilter detection.
This feature is currently not available on Windows.
- SSL: set::ssl::server-cipher-list can be used to limit the allowed ciphers
- SSL: To specify when an SSL session key should be renegotiated you can use
set::ssl::renegotiate-bytes <bytes> and set::ssl::renegotiate-timeout <seconds>.
- UHNAMES support: This sends the full nick!ident@host in NAMES which can be
used by clients for their IAL. mIRC, Klient, etc support this.
- There have also been some behavior changes, which can be considered NEW, see
next section (CHANGED).
==[ CHANGED ]==
- IPv6: On IPv6 servers you no longer have to use ::ffff:1.2.3.4 IP's for IPv4 in the
config file, you can use the simple 1.2.3.4 form, as they are converted automatically.
- When someone is banned and /PARTs, the part reason (comment) is no longer shown
- ChanMode +S/+c: now strips/blocks 'reverse' as well
- Smart banning is now disabled by default because it was too annoying, this means that
f.e. if there's a ban on *!*@*.com then you can still add a ban on *!*@*.aol.com
- except ban { } now also protects against ZLINEs and ban ip { }
- Modules: user modes and channel modes without parameters (eg: +X) no longer have
to be PERManent, this means they can be upgraded/reloaded/unloaded on-the-fly.
==[ MAJOR BUGS FIXED ]==
- Zip links issue (Overflowed unzipbuf)
- Crash issue with 3rd party modules that introduce new channel modes w/parameters
- Mac OS X: Various issues which prevented the IRCd from booting up
- Remote includes (constant) crash with new curl/c-ares versions
- A few rare crash issues, including a crash when linking to another server
- In case of clock adjustments, the IRCd will no longer freeze when the time is
adjusted backwards, nor will it incorrectly throttle clients when adjusted forward.
However, because clock adjustments (time shifts) of more than xx seconds are
so dangerous (and will still cause a number of issues), big warnings are now
printed when they happen.
Morale: synchronize your system clock, or use the built-in timesync feature.
==[ MINOR BUGS FIXED ]==
- CGI:IRC: Several IPv6 issues, both on IPv6 IRCd's and CGI:IRC gateways
- IP masks in oper::from::userhost sometimes didn't match when they should
- (G)ZLINE's on IPv6 users were sometimes rejected
- CHROOTDIR works again
- OperOverride fixes
- Throttling is now more accurate
- And more... see Changelog
While here, fixes PR#43618 (getline) and set LICENSE=gnu-gpl-v2.
Version 5.0
-----------
2009/07/31 .64 ChanServ DEPROTECT no longer removes channel owner mode, to
prevent abuse by rogue users. Reported by Kieron
Thwaites <ron2k.za@gmail.com>
* Special case to ignore the X509_V_ERR_UNABLE_TO_GET_CRL error
when CRL is not present in chain. Merged patch by Michal Witkowski.
* storage_ldapvcard rebind like auth_ldap for successful connection
to MS Active Directory as LDAP storage. Merged patch by x0r.
* Merged SASL External login for clients patch by Michal Witkowski.
* Merged router-filter redirect option by Ugnich Anton.
* Dropped support for PEP
* Fix for crash on empty pkt->to
Short list of changes:
* Bounce messages when closing c2s session
* Bugfixes when handling Service Discovery to contacts
* Don't send error stanza as reply to error stanza
* Don't store blocked messages in offline queue
* Extauth: Optionally cache extauth users in mnesia
* Full support for XEP-0115 Entity Capabilities v1.5
* HTTP-Bind (BOSH): Remove unneeded 100 ms delay, and export functions
to facilitate prebinding methods
* LDAP: Inband password change, Extensible match support,
and ldap_tls_verify.
* Localization: Updated most translations
* MUC: Refactor code to reduce calls to get_affiliation and get_role
* ODBC: Add created_at column also to PostgreSQL schema
* PAM: New option pam_userinfotype to provide username or JID
* Pubsub: Send created node notifications. Enforce
pubsub#presence_based_delivery, pubsub#show_values
* Vcard: Automatic vcard avatar addition in presence
* WebAdmin: New Access rule webadmin_view for read-only
Fix PR pkg/43329
- Version 1.2.7 (released 2010-05-15) hilights:
* Resolved MSN Messenger login issues.
* Twitter module now uses OAuth, so it'll still work after June.
* Various other fixes and small feature additions.
- Version 1.2.6a (released 2010-04-19) hilights:
* (1.2.6a because the original 1.2.6 release had one unfortunate bug in the
Twitter module.)
* Twitter support! (Implemented by Geert Mulders.)
* Fixed issues with MSN friendly names getting lost by allowing to store
them locally (see the local_display_name MSN setting.), and worked around
problems when talking to offline MSN contacts (see the
switchboard_keepalives MSN setting).
The usual bug fixes and small feature enhancements.
- Version 1.2.5 (released 2010-03-17) hilights:
* Full support for non-away status messages.
* Ability to generate nicknames from the contact's full name, making
Facebook's XMPP server work much better with BitlBee.
* Lots of misc. bug fixes and small feature enhancements.
Features:
* Add active_window_ignore_refnum option With active_window_ignore_refnum ON, the current behavior for the active_window key (meta-a by default) is preserved: it switches to the window with the highest activity level that was last activated. With active_window_ignore_refnum OFF, the old behavior is used: it switches to the window with the highest activity level with the lowest refnum. (by Matt Sparks, bug #667)
* Show new Charybdis +q list in channel windows (numerics 728 and 729).
* Allow servers to belong to multiple networks.
* Improve paste detection. Irssi now detects a paste if it reads at least three bytes in a single read; subsequent reads are associated to the same paste if they happen before 'paste_detect_time' time since the last read. If no read occurs after 'paste_detect_time' time the paste buffer is flushed; if there is at least one complete line its content is sent as a paste, otherwise it is processed normally.
* Show "target changing too fast" messages in the channel/query window.
* Use default trusted CAs if nothing is specified. This allows useful use of -ssl_verify without -ssl_cafile/-ssl_capath, using OpenSSL's default trusted CAs.
* Show why an SSL certificate failed validation.
* Make own nick and actions use default colour instead of white (by Tim Retout).
Bugfixes:
* Change some characters illegal in Windows filenames to underscores in logs
* Fix disconnects when sending large amounts of data over SSL
* Show all nicks instead of just the first in an /accept * listing (Bug #704)
* Make several signals without parameters available to perl again. In particular, this includes the "beep" signal (by Matt Sparks, bug #674)
* Close the config file fd after saving (by Sven Wegener)
* Check if an SSL certificate matches the hostname of the server we are connecting to.
* Fix bash'isms, use command -v instead of which and use bc -l in /CALC.
* Fix a crash with handling the DCC queue.
* Fix crash when checking for fuzzy nick match when not on the channel. Reported by Aurelien Delaitre (SATE 2009).
* Unlimit file descr. to 1024 for c2s, as in c2s configuration file.
* Allow -Os (instead of -O1) as a work-around 64-bit compiler bug.
* Router patch.
Changes in ejabberd-2.1.3
Client connections
* Avoid 'invalid' value in iq record
* Avoid resending stream:error stanzas on terminate (EJAB-1180)
* Close also legacy sessions that were half connected (EJAB-1165)
* iq_query_info/1 now returns 'invalid' if XMLNS is invalid
* New ejabberd_c2s option support: max_fsm_queue
* Rewrite mnesia counter functions to use dirty_update_counter (EJAB-1177)
* Run user_receive_packet also when sending offline messages (EJAB-1193)
* Use p1_fsm behaviour in c2s FSM (EJAB-1173)
Clustering
* Fix cluster race condition in route read
* New command to set master Mnesia node
* Use mnesia:async_dirty when cleaning table from failed node
Documentation
* Add quotes in documentation of some erl arguments (EJAB-1191)
* Add option access_from (EJAB-1187)
* Add option max_fsm_queue (EJAB-1185)
* Fix documentation installation, no need for executable permission
(EJAB-1170)
* Fix typo in EJABBERD_BIN_PATH (EJAB-891)
* Fix typos in example config comments (EJAB-1192)
ejabberdctl
* Support concurrent connections with bound connection names
* Add support for Jot in ctl and TTY in debug
* Support help command names with old - characters
* Fix to really use the variable ERL_PROCESSES
Erlang compatibility
* Don't call queue:filter/2 to keep compatibility with older Erlang versions
* Use alternative of file:read_line/1 to not require R13B02
HTTP
* Add new debugging hook to the http receiving process
* Allow a request_handler to serve a file in root of HTTP
HTTP-Bind (BOSH)
* Cross-domain HTTP-Bind support (EJAB-1168)
* Hibernate http-bind process after handling a request
* Reduce verbosity of HTTP Binding log messages
LDAP
* Document ldap_dn_filter, fetch only needed attributes in search
(EJAB-1204)
* Use "%u" pattern as default for ldap_uids (EJAB-1203)
Localization
* Fix German translation (EJAB-1195)
* Fix Russian translation
ODBC
* Fix MSSQL support, which was broken (EJAB-1201)
* Improved SQL reconnect behaviour
Pubsub, PEP and Caps
* Add extended stanza addressing 'replyto' on PEP (EJAB-1198)
* Add pubsub#purge_offline (EJAB-1186)
* Fix pubsub#title option (EJAB-1190)
* Fix remove_user for node subscriptions (EJAB-1172)
* Optimizations in mod_caps
Other
* mod_register: Add new acl access_from, default is to deny
* mod_sic: new module for the experimental XEP-0279 Server IP Check
(EJAB-1205)
* PIEFXIS: Catch errors when exporting to PIEFXIS file (EJAB-1178)
* Proxy65: new option "hostname" (EJAB-838)
* Roster: Fix resending authorization problem
* Shared Roster Groups: get contacts nickname from vcard (EJAB-114)
* S2S: Improved s2s connections clean up (EJAB-1202)
Changes in ejabberd-2.1.2
Core
* Close sessions that were half connected
* Fix SASL PLAIN authentication message for RFC4616 compliance
* Fix support for old Erlang/OTP R10 and R11
* Return proper error (not 'conflict') when register is forbidden by ACL
* When ejabberd stops, send stream close to clients
ejabberdctl
* Check for EGID in ejabberdctl command
* Command to stop ejabberd informing users, with grace period
* If there's a problem in config file, display config lines and stop node
MUC
* Kick occupants with reason when room is stopped due to MUC shutdown
* Write in room log when a room is created, destroyed, started, stopped
PubSub and PEP
* Don't call gen_server on internal event (improves performance and
scalability)
* Fix duplicate SHIM header in Pubsub message
* Notification messages of Pubsub node config change contained a SHIM
header
* SubID SHIM header missing in Pubsub message with multiple subscriptions
on the same node
* PEP: last published item not sent from unavailable users when the
subscription is implicit (XEP-0115)
* pep_mapping not working due to Node type mismatch
WebAdmin
* If big offline message queue, show only subset on WebAdmin
* Support in user list page of WebAdmin when mod_offline is disabled
Version 0.3.1.1:
This version fixes crashes with SSL connection to IRC server and purge of old
DCC chats. It is recommended to upgrade from 0.3.1 to 0.3.1.1 for all users.
Version 0.3.1:
- new IRC commands: allserv, allchan, sajoin, samode, sanick, sapart, saquit,
- check of SSL certificates and use of CertFP for IRC servers,
- options to customize IRC CTCP replies,
- options to choose target buffer for IRC messages,
- anti-flood improved for IRC servers,
- new expansions for alias arguments,
- new color darkgray, bright colors supported for backgrounds,
- many bugs fixed.
2009-10-11 SATOH Hiroh <cho45@lowreal.net>
* [new]
Implemented Server#sessions which returns all sessions connected to
the server.
* Released 0.0.9
2009-08-08 SATOH Hiroh <cho45@lowreal.net>
* [bug]:
Fixed to work on ruby1.9.1 (now can send iso-2022-jp)
* [new]
Implemented Message#ctcps returns embedded all ctcp messages (drry).
* Released 0.0.8
