21 Oct 2014:
- Release 4.1.0
- Modernized autoconf build system
- Use constant-time comparisons where needed
- Use gcrypt secure memory allocation
- Correctly reject attempts to fragment a message into too many pieces
- Fix a missing opdata when sending message fragments
- Don't lose the first user message when REQUIRE_ENCRYPTION is set
- Fix some memory leaks
- Correctly check for children contexts' state when forgetting a context
- API Changes:
- Added API functions otrl_context_find_recent_instance and
otrl_context_find_recent_secure_instance.
the version number accidentally went backwards in the last irssi update.
This release mainly incorporates most of the pkgsrc patches into the upstream
tarball, so the only real change of note is that /beep output has been fixed.
telepathy-glib 0.24.1 (2014-08-25)
==================================
Fixes:
* base-client: fix potential uninitialized variable bug (Guillaume)
* Fix a potential crash in contact-list example (fd.o #79006, Guillaume)
telepathy-glib 0.24.0 (2014-03-26)
==================================
The "space Tolkien" release.
Fixes since 0.23.3:
* don't leak every D-Bus method call result, a regression in 0.23.1 (Simon)
telepathy-glib 0.23.3 (2014-03-18)
==================================
This is the release candidate for the future 0.24.0 stable release.
Enhancements:
* TpProtocol gained API to access to its immutable properties as a
GVariant. (fd.o #55108, Guillaume)
* TpCallStream and TpCallContent now inherit the factory from their
TpCallChannel. (fd.o #76168, Guillaume)
Fixes:
* fix a memory leak when cleaning up TpProxy "prepare" requests
(fd.o #76000, Simon)
* fix a memory leak for paths to contacts' avatar data (fd.o #76000, Simon)
* fix crashes in TpFileTransferChannel with GLib 2.39 (fd.o #72319, Xavier)
* fix some paths memory leaks (fd.o #76119, Guillaume)
* tp_list_connection_managers_async() now terminates properly if there is no
CM installed. (fd.o #68892, Guillaume)
telepathy-glib 0.23.2 (2014-02-26)
==================================
Enhancements:
* TpBaseConnection now has an "account-path-suffix" property
(fd.o #74030, Xavier)
* New high level TpAccountChannelRequest API, including tubes, Conference and
SMSChannel. (fd.o #75450, Guillaume)
* 'TargetHandleType: None' is now automatically added when requesting a
channel with TpAccountChannelRequest if no handle type has been defined.
(fd.o #75450, Guillaume)
telepathy-glib 0.23.1 (2014-02-04)
==================================
The "undead space elves" release.
Dependencies:
* GLib 2.36 or later is required
Deprecations:
* TpPresenceMixin: optional arguments are deprecated, apart from a
string named "message". This matches our current D-Bus API.
Enhancements:
* tp_protocol_normalize_contact_async(),
tp_protocol_identify_account_async(), and high-level API for
the Protocol Addressing and Presence interfaces (fd.o #71048, Simon)
* More accessors for TpPresenceStatusSpec, which is now a boxed type
(fd.o #71048, Simon)
* tp_connection_manager_param_dup_variant_type() (fd.o #71093, Simon)
* Better debug output (fd.o #68390, #71048; Simon)
Fixes:
* In the examples, specifically ask for "TelepathyGlib-0.12" (this API
version), not Telepathy 1.0 (fd.o #49737, Simon)
* Improve tests' isolation from the real session bus (Xavier)
* Fix a critical warning for each new connection under GLib 2.39
(fd.o #72303, Xavier)
* Fix some possible crashes in file transfer channels, particularly
under GLib 2.39 (fd.o #72319, Xavier)
* Correct tp_account_request_set_avatar documentation (Xavier)
* Fix a TpConnection reference-leak in TpBaseClient (Guillaume)
telepathy-glib 0.23.0 (2013-10-28)
==================================
We no longer guarantee compatible upgrades within a development (odd) branch,
see README for details.
Dependencies:
* GLib 2.34 or later is required.
Enhancements:
* Spec 0.27.3
- added Conn.I.Sidecars1
- added Conn.I.Renaming
- added CD.I.Messages1
* TpAccount::avatar-changed signal (fd.o #52938, Guillaume)
* tp_value_array_free: equivalent of g_value_array_free but does not provoke
deprecation warnings from GLib (fd.o #69849, Simon)
* tp_account_is_prepared and tp_account_manager_is_prepared are now deprecated
(Guillaume)
Fixes:
* tp_contact_set_attributes: don't warn on genuinely absent interfaces
(fd.o #68149, Simon)
* channel-group: don't crash if no message has been provided (Guillaume)
telepathy-glib 0.22.0 (2013-10-02)
==================================
The "don't starve" release.
This is a new stable branch, recommended for use with GNOME 3.10.
Fixes since 0.21.2:
* When an avatar is downloaded, announce the change to the avatar token
immediately; if the avatar changes from A to B while we're still doing the
asynchronous file saving, don't set A as the new avatar when it has been
saved. Regression in 0.21.2. (fd.o #70010, Simon)
* Don't crash if the AccountManager returns an incorrect type for the
Avatar (fd.o #69849, Simon)
Significant changes since the previous stable branch, 0.20.x:
* tp_connection_get_self_contact() now returns NULL if the contact's
connection has been invalidated, in order to break a reference cycle
* Avatars are saved to the cache asynchronously
* TpBaseConnection implements SelfID, SelfContactChanged according to
telepathy-spec 0.27.2
* TpAccount:uri-schemes property, with change notification requiring
Mission Control 5.15+
telepathy-glib 0.21.2 (2013-09-24)
==================================
The "always another thing" release.
Enhancements:
* Writing avatars into cache now uses asynchronous I/O. (fd.o #63402;
Luca Versari, Chandni Verma, Simon McVittie)
* telepathy-spec 0.27.2
- add SelfID, SelfContactChanged
* tp_dbus_properties_mixin_dup_all() is now public (fd.o #69283, Simon)
* TpBaseProtocol now lists Presence.Statuses as an immutable
property. (fd.o #69520, Guillaume)
* TpBaseConnection: Implement SelfID and SelfContactChanged as defined in
spec 0.27.2. (Xavier)
* The inspect-cm example now inspects all CMs if run without arguments
(fd.o #68390, Simon)
Fixes:
* Don't crash if GetContactInfo() fails (fd.o #46430, Guillaume)
* Fix a race condition that could result in telepathy-haze protocol support
not being detected (fd.o #67183, Simon)
* Fix documentation for tp_connection_get_self_handle (Emilio)
* Make TpHeap work correctly with GComparator functions that return
values outside {-1, 0, 1} (fd.o #68932, Debarshi Ray)
* Examples have been updated to use more recent API (Simon)
* Better debug-logging (fd.o #68390, Simon)
telepathy-glib 0.21.1 (2013-06-20)
==================================
The "imperative tense" release.
Fixes:
* Fix a wrong introspection annotation on tp_debug_client_get_messages_finish()
that would lead to use-after-free (fd.o #65518, Simon)
* Isolate regression tests better (fd.o #63119, Simon)
* Explicitly annotate tp_account_update_parameters_finish()'s
'unset_parameters' argument to be a NULL-terminated string array. It was
previously incorrectly inferred to be a string, for some reason. (wjt)
* Always flag delivery reports with Non_Text_Content. (fd.o #61254, wjt)
* Don't announce legacy Group channels twice (fd.o #52011; Jonny, Simon)
* Don't crash if a broken connection manager signals a TLSCertificate
with no CertificateChainData, just invalidate the channel
(fd.o #61616, Guillaume)
* Adjust regression tests so we can distcheck under Automake 1.13,
and various other build-system updates (fd.o #65517, Simon)
telepathy-glib 0.21.0 (2013-04-03)
==================================
The "if only it was JS code" release.
This starts a new development branch.
Enhancements:
# Code-generation now copes with ${PYTHON} being set to Python 3
(e.g. "./configure PYTHON=python3" on Debian); Python 2 remains
fully supported (fd.o #56758, Simon)
# Add uri-schemes property on TpAccount, with notify::uri-schemes
emitted if using a recent AcountManager like Mission Control 5.15 or
later (Guillaume)
Fixes:
# Remove the pkg-config dependency from .pc files (Will)
# Don't emit the NewChannels signal twice for the obsolete ContactList GROUP
channels (fd.o #52011, Simon)
# Fix refcycle preventing TpConnection objects to be freed. This theoretically
introduce a behaviour change of tp_connection_get_self_contact() that now
returns NULL when the connection as been invalidated. (fd.o #63027, Xavier)
Deprecations:
# tp_g_key_file_get_int64, tp_g_key_file_get_uint64 (use the corresponding
functions from GLib >= 2.26)
main changes are significant internal cleanup, dozens of minor bug
fixes, and two new major features: connect via HTTP proxy, and
connect to SSL IRC servers.
New major features in this release:
- plugin "trigger": Swiss Army knife for WeeChat (replaces "rmodifier" plugin)
- plugin "exec": execute external commands (replaces script "shell.py")
- bare display: easy click on long URLs and text selection with mouse
- support of environment variables in /set command
- hidden buffers
- negated tags in filters
- toggle of filters in specific buffers
- flexible conditions for adding/removing buffers in hotlist
- text search in buffers with free content
- support of wildcard "*" inside masks
- support of nested variables in evaluated expressions
- tag with host in IRC messages displayed
- support of "away-notify" IRC capability
- IRC commands: /allpv, /remove, /unquiet
- bar items: buffer_short_name, irc_nick_modes
* SIP
- SIP Outbound (RFC 5626) support
- New option always_record_route
- New options record_route and routes
* Carbon Copy (XEP-0280)
- Don't log MUC messages with hint
- Don't carbon copy messages with hint
- Let is_carbon_copy/1 recognize carbons
- Don't send XEP-0280 v1 copies back to sender
* Stream Management (XEP-0198)
- XEP-0198: Terminate session if stanza queue becomes too large
- XEP-0198: Don't exit on socket send failure
- XEP-0198: Don't drop session on failed resume
- XEP-0198: Check whether routed packets are stanzas
* Riak
- Riak support
* Install and config
- New options log_rotate_count, log_rotate_size and log_rate_limit
- html guide is now generated when building source tarball
- Use p1_utils, and move treap.erl to p1_utils
- Get rid of p1_mnesia file
- old release notes are not installed anymore
- Don't "forget" listener options
- Always enable STUN at compile time
- Do not check for Erlang apps at configure time
- Add --enable-riak configure flag
* Tests
- Add tests for stream management
- Add tests for mod_carboncopy
- Add tests for mod_caps
- Improve MUC test cases
- Travis CI: Enable Riak tests
- Add Riak backend to the testing suit
- The test suite no longer fails without --enable-transient_supervisors.
* MUC
- MUC messages with ~ were not logged (EJAB-1696).
Some of its features include symmetric ciphering of talk and connections
(Blowfish and IDEA), the possibility of linking multiple bouncers to an
internal network including a shared partyline, vhost- and relay support to
connected bouncers and an extensive online help system.
PR pkg/48866 from Leonardo Taccari
Changes (from http://www.irssi.org/news/ChangeLog ):
Features:
* Add -noautosendcmd to /SERVER and /CONNECT. Passing this option will
force Irssi to not execute the content of the autosendcmd
chatnet-setting upon connect.
* Accept names replies with nick!user@host instead of just nick, if they
are enabled (see bug #805).
* Set window binds for channel items as sticky when re-creating window
binds as part of /layout save. This fixes the bug where previously
saved channel windows forgets their window number upon reconnect.
* Add experimental support for DNSSEC DANE validation of certificates.
* Strip the argument for boolean options (see bug #769).
* Freenode have been readded to the list of networks in the default
configuration file.
* Disabled support for the insecure SSLv2 protocol.
* Various documentation enhancements.
* Add -ssl_pass to /connect and /server (see bug #305).
Bugfixes:
* Fix crashing bug that can happen if the terminal height decreases
before the first window is created.
* Fixed minor compiler warnings.
* Fixed possible crashing bug when processing an octal escape sequence.
* Fixed the /ignore -network option (see bug #748).
* Fixed signal handling for /exec'd commands. Irssi now sends the signal
to the process group id instead of the process id.
* Fixed segfault generated by SSL disconnections (see bug #752).
* Fix compilation when build with -Werror=format-security. Patch by
Jaroslav Skarvada.
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
* Install a dummy log handler to avoid spamming e.g. the irssi-xmpp console
window in non-debug mode, patch from:
65fda2c884
* Fix build on Darwin
* Add patch comments and LICENSE.
Bump PKGREVISION.
Changelog since 13.12:
ejabberd now includes support for:
- XEP-0198: Stream Management (EJAB-532)
- XEP-0321: Remote Roster Management (EJAB-1381)
- RFC-3261: SIP proxy/registrar
- RFC-5766: TURN: Traversal Using Relays around NAT (EJAB-1017)
There are several improvements regarding encryption:
- Add option to specify openssl options
- Fix extraction of host names from certificates
- Fix certificate authentication for incoming s2s connections
- Fix handling of certificate verification errors for incoming s2s
- Handle “s2s_use_starttls: required_trusted” the same way for outgoing
- Support certificate verification for outgoing s2s connections
- Check TLS state before requesting SASL EXTERNAL
- Log TLS status for outgoing s2s with SASL EXTERNAL
- Verify host name before offering SASL EXTERNAL
Just to mention other improvements:
- New ejabberd command: disconnect_user/2
- New Bash completion script for ejabberdctl, experimental (EJAB-1042)
- Don’t provide current password in webinterface
- mod_register_web: check same acl as mod_register.
- Document and enable mod_carboncopy (XEP-0280) by default
- Make it possible to get/set vCards for MUC rooms
- Add Travis CI configuration file
v1.0.10 -- 09 Apr 2014
---------------------
- TLSSChannel: use malloc/realloc/free instead of their legacy Local* variants (fixes#222)
- VCard: remove \r from vcard photos. Fixes a recent change Facebook made to their vcard pictures (patch by Fernando Sanchez)
- Jingle: fixed replying; distinguish between 'from' and 'initiator'; added Jingle::Session::setInitiator()
- Jingle: fixed ::ICEUDP to actually add candidates; added ::Session::initiator(), ::setHandler(), ::sessionAccept( PluginList ); fixed storing of new sessions in ::SessionManager (patches by Erich Keane)
- Jingle: removed Jingle::setInitiator() and ::setResponder() (now provided by ctor)
- AtomicRefCount: fixed compilation on iOS (patch by Erich Keane)
- Jingle::Plugin: added JinglePluginType, pluginType(), and findPlugin() to easily look for and retrieve specific plugins
- ConnectionBOSH: fixed return value for recv() (patch by Sudarshan Prasad)
- Parser: get rid of bogus isValid() (fixes#180, #224)
v1.0.9 -- 15 Oct 2013
---------------------
- changed colon to dash in uid generation to possibly fix#191
- added Channel Binding (needed for SASL SCRAM-SHA-1-PLUS) to SChannel on win32 (untested)
- fixed SCRAM-SHA-1-PLUS
v1.0.8 -- 15 Oct 2013
---------------------
- ConnectionTLS: make stacked TLS/SSL connections work again with HTTP proxies
- added SASL SCRAM-SHA-1/SCRAM-SHA-1-PLUS authentication mechanisms (GnuTLS & OpenSSL only) (#201)
- properly seed the RNG
- SHA::hex(): finalize() only once
v1.0.7.1 -- 11 Oct 2013
---------------------
- fixed/updated the win32 project files
v1.0.7 -- 11 Oct 2013
---------------------
- added Jingle (XEP-0166)
- added Jingle ICE-UDP Transport (XEP-0176)
- added Jingle File Transfer (XEP-0234)
- fixed compilation in iOS7 SDK (thanks to Kurt Vermeersch)
- fixed bug in stanza handling/counting related to Stream Management (patch by Norbert Riedlin)
- added protected ClientBase::stanzasSent() to return sent stanzas (if Stream Management enabled)
v1.0.6 -- 04 Sep 2013
---------------------
- ClientBase: removed check for empty message body --> messages of type chat with empty bodies will be passed on to listeners - required for Message Carbons
- MessageSession: removed check for empty message body --> messages of type chat with empty bodies will be passed on to listeners - required for Message Carbons
- don't send presence after stream resumption
- added ClientBase::sendQueue()
- documentation updates and fixes
v1.0.5 -- 02 Sep 2013
---------------------
- added support for Stanza Forwarding (XEP-0297)
- added support for Message Carbons (XEP-0280)
v1.0.4 -- 30 Aug 2013
---------------------
- added support for Stream Management (XEP-0198)
- Fix some iterator usage for portability related to erase (patch by Daniel Bowen)
- Ensure setting a connection does not leave a deleted value in the member variable for a time (patch by Daniel Bowen)
- Add operator< and relatives to JID so that it can be in a map (patch by Daniel Bowen)
- Sandboxing on Apple doesn't like getprotobyname (patch by Daniel Bowen)
- MessageSession::send(): removed default argument of 2nd parameter to remove ambiguity of MS::send( string ) (#206) (source incompatible!)
- VCard: renamed setPhoto( string ) to setPhotoUri( string ) (#166) (source and binary incompatible)
v1.0.3 -- 22 Jul 2013
---------------------
- Changed license to GPLv3
- removed space from VS project name (--> gloox-1.0)
- VCardUpdate: fixed handling of empty hash (#203)
- VCardUpdate: added hasPhoto() to inidicate whether there was a photo tag (#203)
- compilation fixed when using getaddrinfo (patch by Roy van Dam)
- Receipt: recognize id attribute (patch by Dídac Pérez) (#208)
- MessageSession: added MS::send( string& ) to properly provide a base for MUCMS::send( string& ) (#206)
- really fixed memory leak in prep::idna()
- gloox.vcproj: removed not-yet-present tlsgnutlsserver.cpp/.h
v1.0.2 -- 05 Jul 2013
---------------------
- SOCKS5Bytestream: Don't wait for incoming data, notify about open stream immediately upon
connection (patch by Erik Horemans)
- fixed/updated Code::Blocks and VS project files (fixes#197, #198)
- fixed memory leak in ClientBase (fixes#204)
- fixed memory leak in prep::idna()
v1.0.1 -- 29 Jun 2013
---------------------
- Added support for Serverless Messaging (XEP-0174)
- TLSOpenSSLServer: compilation fix
- don't bail on DNS TCP queries
- fixed µs timeout value (now defaults to 1.000.000)
- omit port in initial greeting (usually -1 anyway)
- fixed SHA1 hashes of 55 byte strings (#164)
- fixed CFLAGS and LIBS in pkg-config file (#163)
- fixed SOCKS5Bytestream double close notification
- tell gcrypt that we're using pthreads (if available)
- ClientBase: send IQ error response for unsupported features
- ClientBase: fixed potential infinite loop on IQ error
- ClientBase: fixed NTLM auth
- ClientBase, SEF: mutex-protected SE handling
- PubSub: added 'subscribe & configure'
- PubSub: added optional subid
- SOCKS5BytestreamServer: expose local socket
- RosterManager: don't use string-comparison on JIDs; use JID class
- NonSASLAuth: fixed resource usage by deprecating ClientBase::m_selectedResource
- InBandBytestream: don't call handler in dtor
- util: fixed long2string()
- fixed a few leaks in GnutTLS client code (#181)
- VCard: made getters const (#186) (binary-incompatible change!)
- PubsubManager: fixed using wrong Tag (#190)
- Search: fixed search() (#193)
- DNS: fix socket leak if no network connection is available (#192)
- PubsubManager: unconditionally call handleItemPublication() (#194)
- configure: Added -lgcrypt (dependency of GNUTLS)
Swift is trying to plug a hole in the XMPP client landscape, and has
these aims:
* Wide platform availability.
* Doing the "Right Thing" for the user, without configuration.
* Doing the "Right Thing" with standards-compliance.
* Targeting the end-users, not the system administrators.
* Being an XMPP client - not multi-protocol.
* Concentrating on the most frequently performed tasks.
* Never interrupt the user with something that doesn't need attention.
Features of interest
* Easy status setting.
* Easy room joining and bookmarking.
* XEP-0258 Labelling for secure environments.
* Stream compression for bandwidth-saving.
* Support for the new SCRAM authentication mechanism.
Fix for a DoS vulnerability, see
https://www.debian.org/security/2014/dsa-2895
Changes in 0.9.4:
- Compression: Disallow compression on unauthenticated streams
- Core: Limit default read size and maximum stanza size
- Core: Enable SASL EXTERNAL by default for component s2s
- S2S: Warn if s2s_secure_auth and s2s_require_encryption have been
set in conflicting ways
- S2S: Warn if no local network addresses were found, preventing
successful s2s
- MUC: Fix traceback when a non-occupant tried to change an
occupant's role
- MUC: API: Fire an event when temporary rooms are destroyed after
the last person leaves
- Telnet: Fixed traceback when listing users
- Telnet: Apply normalization to JIDs in user management commands
- HTTP: Fix directory detection in file server on Windows
- Plugins: Fix paths on Windows
- MOTD: Don't strip blank lines from the message provided in the config
- prosodyctl: Better error reporting when generating certificates
- Makefile: Improve FreeBSD compatibility
- Multiple fixes to our migration tools, and support for importing MUCs
from ejabberd
Konversation 1.5 adds numerous major features over the previous stable
release. Of particular note are support for SASL and client
certificate authentication, all-new topic management UI, overhauled
authentication UI in the Identities dialog, per-tab spell-checking
language settings, user-configurable nick context menu entries, mouse
spring-loading on tabs, all-new versions of major bundled scripts and
improved Ignore and Watched Nicknames systems. Many under-the-hood
changes to improve codec support and general performance, along with
the usual slew of bug fixes all over, further sweeten the deal.
Full Changelog at:
https://projects.kde.org/projects/extragear/network/konversation/repository/revisions/master/entry/ChangeLog
Changes in 0.9.3:
- A config file passed as command line argument is no longer forgotten
when config is reloaded
- MUC: Allow admins to always bypass restrict_room_creation
- Strip trailing '.' when normalizing hostnames
- HTTP: Prevent silent connection failures
- Components: Allow easier overriding of component authentication by plugins
- Components: Enable TCP keepalives
- Migrator: Better error reporting and improved robustness
- S2S: Include IP in log messages, if hostname is unavailable
- TLS: Log error when initialization fails
Changes in 0.9.2:
- Debian/Ubuntu packages fixed to always generate per-system certs
- TLS: Improved cipher string, and use Prosody's preferred ciphers
- MUC: Fix for Spark clients not displaying room lists
Changes since 13.10:
- New OpenSSL ciphers option in c2s, s2s and s2s_out
- mod_roster: new access rule to restrict roster modificartion
- mod_pubsub: support for data migration from mnesia to odbc
- ejabberd_xmlrpc included
- Bugfixes
Version 0.4.3:
- new command /print
- logical and/or for tags in /filter and hook_print
- gaps in buffer numbers
- support of italic text
- new options to customize default text search in buffers
- use of IRC monitor command for /notify (if available on server)
- new IRC server option "ssl_fingerprint"
- new option to smart-filter IRC mode messages
- new option for default IRC ban mask
- support of IPv6 for DCC chat/file
- auto check CRC32 of files received with DCC
- many bugs fixed.
Version 0.4.2:
- rename binary from "weechat-curses" to "weechat" (with symbolic link "weechat-curses" for compatibility)
- add secured data (encryption of passwords or private data), new command /secure, new file sec.conf
- search of regular expression in buffer with text emphasis, in prefixes, messages or both
- add option "scroll_beyond_end" for command /window
- add optional buffer context in bar items (for example to display bitlbee nicklist in a root bar)
- new options weechat.look.hotlist_{prefix|suffix}
- new option weechat.look.key_bind_safe to prevent any key binding error from user
- new option weechat.network.proxy_curl to use a proxy when downloading URLs with curl
- display day change message dynamically
- support of wildcards in IRC commands (de)op/halfop/voice
- new option irc.look.notice_welcome_redirect to redirect channel welcome notices to the channel buffer
- new option irc.look.nick_color_hash: new hash algorithm to find nick colors (variant of djb2)
- add info about things defined by a script in the detailed view of script (/script show)
- support of "enchant" library in aspell plugin
- many bugs fixed.
finch does not compile with python-3.3. Since libpurple is not versioned
and finch pulls it in, we have to mark libpurple too, and then pidgin
because of libpurple. It's all one codebase anyway...
version 2.10.8 (1/28/2014):
General:
* Python build scripts and example plugins are now compatible with
Python 3. (Ashish Gupta) (#15624)
libpurple:
* Fix potential crash if libpurple gets an error attempting to read a
reply from a STUN server. (Discovered by Coverity static analysis)
(CVE-2013-6484)
* Fix potential crash parsing a malformed HTTP response. (Discovered by
Jacob Appelbaum of the Tor Project) (CVE-2013-6479)
* Fix buffer overflow when parsing a malformed HTTP response with
chunked Transfer-Encoding. (Discovered by Matt Jones, Volvent)
(CVE-2013-6485)
* Better handling of HTTP proxy responses with negative Content-Lengths.
(Discovered by Matt Jones, Volvent)
* Fix handling of SSL certificates without subjects when using libnss.
* Fix handling of SSL certificates with timestamps in the distant future
when using libnss. (#15586)
* Impose maximum download size for all HTTP fetches.
Pidgin:
* Fix crash displaying tooltip of long URLs. (CVE-2013-6478)
* Better handling of URLs longer than 1000 letters.
* Fix handling of multibyte UTF-8 characters in smiley themes. (#15756)
Windows-Specific Changes:
* When clicking file:// links, show the file in Explorer rather than
attempting to run the file. This reduces the chances of a user
clicking on a link and mistakenly running a malicious file.
(Originally discovered by James Burton, Insomnia Security. Rediscovered
by Yves Younan of Sourcefire VRT.) (CVE-2013-6486)
* Fix Tcl scripts. (#15520)
* Fix crash-on-startup when ASLR is always on. (#15521)
* Updates to dependencies:
* NSS 3.15.4 and NSPR 4.10.2
* Pango 1.29.4-1daa
Patched for https://bugzilla.gnome.org/show_bug.cgi?id=668154
AIM:
* Fix untrusted certificate error.
AIM and ICQ:
* Fix a possible crash when receiving a malformed message in a Direct IM
session.
Gadu-Gadu:
* Fix buffer overflow with remote code execution potential. Only
triggerable by a Gadu-Gadu server or a man-in-the-middle.
(Discovered by Yves Younan and Ryan Pentney of Sourcefire VRT)
(CVE-2013-6487)
* Disabled buddy list import/export from/to server (it didn't work
anymore). Buddy list synchronization will be implemented in 3.0.0.
* Disabled new account registration and password change options, as it
didn't work either. Account registration also caused a crash. Both
functions are available using official Gadu-Gadu website.
IRC:
* Fix bug where a malicious server or man-in-the-middle could trigger
a crash by not sending enough arguments with various messages.
(Discovered by Daniel Atallah) (CVE-2014-0020)
* Fix bug where initial IRC status would not be set correctly.
* Fix bug where IRC wasn't available when libpurple was compiled with
Cyrus SASL support. (#15517)
MSN:
* Fix NULL pointer dereference parsing headers in MSN.
(Discovered by Fabian Yamaguchi and Christian Wressnegger of the
University of Goettingen) (CVE-2013-6482)
* Fix NULL pointer dereference parsing OIM data in MSN.
(Discovered by Fabian Yamaguchi and Christian Wressnegger of the
University of Goettingen) (CVE-2013-6482)
* Fix NULL pointer dereference parsing SOAP data in MSN.
(Discovered by Fabian Yamaguchi and Christian Wressnegger of the
University of Goettingen) (CVE-2013-6482)
* Fix possible crash when sending very long messages. Not
remotely-triggerable. (Discovered by Matt Jones, Volvent)
MXit:
* Fix buffer overflow with remote code execution potential.
(Discovered by Yves Younan and Pawel Janic of Sourcefire VRT)
(CVE-2013-6487)
* Fix sporadic crashes that can happen after user is disconnected.
* Fix crash when attempting to add a contact via search results.
* Show error message if file transfer fails.
* Fix compiling with InstantBird.
* Fix display of some custom emoticons.
SILC:
* Correctly set whiteboard dimensions in whiteboard sessions.
SIMPLE:
* Fix buffer overflow with remote code execution potential.
(Discovered by Yves Younan of Sourcefire VRT) (CVE-2013-6487)
XMPP:
* Prevent spoofing of iq replies by verifying that the 'from' address
matches the 'to' address of the iq request. (Discovered by Fabian
Yamaguchi and Christian Wressnegger of the University of Goettingen)
(CVE-2013-6483)
* Fix crash on some systems when receiving fake delay timestamps with
extreme values. (Discovered by Jaime Breva Ribes) (CVE-2013-6477)
* Fix possible crash or other erratic behavior when selecting a very
small file for your own buddy icon.
* Fix crash if the user tries to initiate a voice/video session with a
resourceless JID.
* Fix login errors when the first two available auth mechanisms fail but
a subsequent mechanism would otherwise work when using Cyrus SASL.
(#15524)
* Fix dropping incoming stanzas on BOSH connections when we receive
multiple HTTP responses at once. (Issa Gorissen) (#15684)
Yahoo!:
* Fix possible crashes handling incoming strings that are not UTF-8.
(Discovered by Thijs Alkemade and Robert Vehse) (CVE-2012-6152)
* Fix a bug reading a peer to peer message where a remote user could
trigger a crash. (CVE-2013-6481)
Plugins:
* Fix crash in contact availability plugin.
* Fix perl function Purple::Network::ip_atoi
* Add Unity integration plugin.
either because they themselves are not ready or because a
dependency isn't. This is annotated by
PYTHON_VERSIONS_INCOMPATIBLE= 33 # not yet ported as of x.y.z
or
PYTHON_VERSIONS_INCOMPATIBLE= 33 # py-foo, py-bar
respectively, please use the same style for other packages,
and check during updates.
Use versioned_dependencies.mk where applicable.
Use REPLACE_PYTHON instead of handcoded alternatives, where applicable.
Reorder Makefile sections into standard order, where applicable.
Remove PYTHON_VERSIONS_INCLUDE_3X lines since that will be default
with the next commit.
Whitespace cleanups and other nits corrected, where necessary.
zul_, khorben, netcap, and jihbed.
mcabber is a small Jabber console client, it supports SSL, OTR,
MUC, history logging, commands completion and external actions
triggers.
o re-add the utf-8 changes now that the scrolling is not slowed
o scrolling is much faster now
o fix compile time errors in on modern glibc systems
o add /nuser command
o wserv and ircio move into "libexec" dir.
in 1985 and fixed up by Christos "last week". (I've apparently been
sitting on this package since 20130101, so it was a year ago...)
XXX: this should probably grow an rc script for the master daemon, phoned.
Upstream changes:
-----------------------------------------
version 2.44 at 2013-06-10 13:21:56 +0000
-----------------------------------------
Change: ae253101da7958777a572271f901e894ae20de05
Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
Date : 2013-06-10 14:21:56 +0000
Convert the distribution to dzil
Change: 2f3bfa5c4a97ca061c2f87d4f4706e0bb0376f43
Author: Chris Williams <chris@bingosnet.co.uk>
Date : 2013-06-10 06:08:52 +0000
Merge pull request #1 from avenj/messagetags
IRCv3.2 message tag support, tests for same.
Change: 31a1c9aeab4120e626af130d73b0f1a58a77d46e
Author: Jon Portnoy <avenj@cobaltirc.org>
Date : 2013-06-07 13:03:16 +0000
Add IRCv3.2 message tag support, tests for same.
Update DEPENDS
Upstream changes:
6.83 Mon May 27 10:40:09 BST 2013
- NickServID: React on IRC Message 433 - Commit: ec7cd33736
- BotCommand: Support for overriding the Command Handler
- BotCommand: Added Support for a Help Modification Callback
- BotCommand: Adapted the Help Callback Options so it gets the Command and Arguments
- BotCommand: Added Support for Command Aliases
- BotCommand: Allowed No Arguments/Only Variable Arguments
- Implemented SSL Client Cert Support
6.82 Sat Mar 9 22:15:02 GMT 2013
- Add the Prefix to the "Syntax:" line of the command help
6.81 Fri Nov 23 15:53:11 GMT 2012
- Resolve hash randomisation issues with v5.17.6
6.80 Thu Sep 20 09:52:59 BST 2012
- Add missing prereq
6.79 Wed Sep 19 14:24:03 BST 2012
- Argument naming and argument count validation in Plugin::BotCommand
- [rt.cpan.org #79745] nick_long_form dies due to a race condition
* 2.3.0 to 2.3.1 upgrade:
What changed:
- Marked "TLS-Everywhere" as EXPERIMENTAL feature
- default EXPERIMENTAL to 'no'
- default SUPERSEDED to 'no'
- moved STANZA-ACK and MY-IP-ADDRESS XEPs and IQ-PRIVATE push
out of experimental status
* 2.2.17 to 2.3.0 upgrade:
What changed:
- Renamed non-standard UPGRADE file overwriting outdated NEWS file
- Semantic Versioning: http://semver.org/
- TLS Everywhere: https://github.com/stpeter/manifesto
- Required GSASL >=1.1
- jabberd should compile without warnings
- out-of-source builds should work
- pgsql: authreg password_type support
- pgsql: schema support
- ldapvcard: groupattr works even if no groupattr_regex defined
- ldapfull: checks for ldap group membership on login
- vCard: Assume tel phone is voice phone
- MySQL: default password hashing algorithm changed to SHA512
- out-conn-reuse s2s.xml option naming unified
- XML parse error will log buffer details
- CRAM-MD5 auth support
- router private key cachain and password support
- hashed passwords support in SQLite3 storage
KGB is a system that provides notifications on IRC for commits made to Git,
Subversion and CVS repositories. It uses two components: a server, which
runs the IRC bot, and a client, which is hooked into the repositories and
sends the notifications to the server.
Changes in 0.9.1:
* Config: Fix the workaround for LuaSec 0.4.x to apply the ssl 'ciphers'
option correctly
* Config: Ability to specify the ssl 'dhparam' option simply as a path to
a file, instead of a callback function
* Windows: Fix s2s issues
* Windows: Fix the ability to specify absolute paths to SSL certificates
in the config
* Build: Fix compilation issue on non-Linux systems that have glibc (such as
Debian GNU/kFreeBSD)
* API: Fix to our set library, that caused the :include() and :exclude()
methods to behave incorrectly
Changes in 0.9.0:
* IPv6 support for c2s, s2s and all other services (e.g. HTTP)
* Server-to-server authentication using certificates (SASL EXTERNAL)
* A new HTTP subsystem, supporting virtual hosts, and fully reloadable modules
* Client and server connections are now handled by modules: mod_c2s, mod_s2s
* mod_pubsub: Basic pubsub service (some features not yet implemented)
* prosodyctl about - show information about a Prosody installation
* prosodyctl cert - command to generate XMPP certificates and CSRs
* Many very nice enhancements to our module API
* MUC: Configurable per-room history length
* MUC: Plugins can now extend the room configuration form
See notes on upgrading from 0.8.x:
https://prosody.im/doc/release/0.9.0#upgrading
- Add support for maildir mail boxes, which must be selected at compile time
[not enabled in this package]
- Fixes to support socks5 again, at least on freebsd.
- Add support for +T by special request.
- Add $windowctl(GET <refnum> CHANNELS).
- Port $strtol() and $tobase() from epic5.
- Numerous crashes and problems fixed.
Full change log:
http://wayback.archive.org/web/20121103102353/http://epicsol.org/?page=changelog
"Some of FISG's behavior has changed slightly after version 0.3.8.
Few commandline options have been renamed and there is NO default
input format anymore, you will always have to specify one."
* ncommand.c - fix /names * to replace * with current channel.
* fix dcc - its not perfect, but it works (let me know if there are
* /topic * now does the expected thing. same for /untopic *
* fix "/names" to work when not in a channel
Bugs fixed since 2.1.12:
* Compilation: Detect correctly newer Darwin versions (EJAB-1594)
* Guide: ejabberd_service expects a shaper_rule, not a shaper
* MUC: Handle multiple < and > in mod_muc_log plaintext mode (EJAB-1640)
* MUC: Handle ~ control sequence in text of mod_muc_log (EJAB-1639)
* MUC: list_to_integer/2 only works in OTP R14 and newer
* Pubsub: access_createnode acl also applies to auto created nodes
* Web: Normalize HTTP path
are replaced with .include "../../devel/readline/buildlink3.mk", and
USE_GNU_READLINE are removed,
* .include "../../devel/readline/buildlink3.mk" without USE_GNU_READLINE
are replaced with .include "../../mk/readline.buildlink3.mk".
WRKSRC is now handled automatically. Let options.mk include bsd.prefs.mk
instead of pulling it in again in Makefile. CONFIGURE_ARGS for hub and leaf
no longer exist. Removed from PKG_OPTIONS. Specifying hostname in
CONFIGURE_ARGS is also no longer available. Removed. ${IRCD_SHARE}/networks
files are no longer provided. Removing from post-install and PLIST. From
Changes:
- Fix compilation issue when disabling stacked extbans. https://bugs.gentoo.org/389949
- Fix compilation issues with bundled tre and ./curlinstall-ed curl caused by over-generic regexes. Reported by warg.
- Include CMDS=STARTTLS in ISUPPORT/numeric 005 to let clients discover STARTTLS support through VERSION, before or after registration (#4064).
- Added patch from nenotopia to use more modern LUSERS numerics (#3967).
- Fix small error in oper block documentation, reported by Stealth (#2318).
- Config parser failed to check for invalid set::ssl options, reported and patch by fbi (#4035).
- Tweak: send actual channel name and not user supplied channel in KICK, reported and patch by Stealth (#3298).
- Services coders: Added support for ESVID. Instead of a number you can
now store a string (of max NICKLEN size) as service stamp.
- Show account name in /WHOIS, for ESVID-capable services packages, patch from nenotopia (#3966).
- Added extended ban ~a:<account name> which matches users who are logged
in to services with that account name. This works only on services that
support ESVID. Patch from nenotopia (#3966).
- Updated extended ban documentation in help.conf and unreal32docs:
new bantype ~a, and some text about extended bans & invex (+I).
- compile fix for just-checked-in patches.
- extban ~a = also allowed for invex
- Throw up an error if a password in the configuration file is too long
(max 48 characters), reported by JasonTik, based on patch from
WolfSage (#3223).
- Enforce matching of unrealircd version and PACKAGE_VERSION macros (#4014).
- Make default service stamp 0 (zero) again, instead of '*' which was
introduced by ESVID changes a few days ago. This makes anope happy,
and also means nothing will change in a non-ESVID scenario.
- Fix misuse of stdarg.h macros when calling vsyslog() (#4065 by Jimini).
- Ditch vsyslog() as it's only a waste of CPU, inspired by #4065.
- Add CAP support. Currently implemented are: multi-prefix (NAMESX), and
userhost-in-names (UHNAMES). Patch from nenotopia (#4018, #4066)
- Fix issue with CAP & NOSPOOF. Patch from nenolod (#4077).
- Advertise 'tls' (STARTTLS) capability in CAP. Patch from nenolod (#4081).
- New user mode +I (IRCOp only) which hides idle times to other users,
suggested and patch supplied by Nath & binki (#3953).
- Added remove_oper_modes(), which works just like remove_oper_snomasks(),
- Get rid of networks/ directory, and all references to it. Suggested by
katsklaw and others (#4056).
- Added doc/example.es.conf, translated by Severus_Snape.
- Make the accept code check if the fd is within bounds instead of relying
on OpenFiles to be correct.
- Moved nospoof to config file, suggested by and patch from nenolod (#4078).
- Even when 'M' was listed in set::oper-only-stats you could still do a
'/STATS m'. Unlike other stats characters, case insensitivity was not
checked for this one. Reported by and patch from Apocalypse (#4086).
- Added patch from Adam for poll() support (#1245).
update my own fd check code for poll support
- Some more changes and fixes regarding poll patch:
- make c-ares use 100% poll. and make sure we never deal with negative fds.
- UnrealIRCd now supports poll() instead of select().
- Speed optimization: First, moved a large part of vsendto_prefix_one into
vmakebuf_local_withprefix. Then use this new function - which creates the
buffer-to-be-sent - at the top of functions like sendto_channel_butserv
and sendto_common_channels and send the prepared buffer in the loop that
comes after it. This means we only prepare the buffer once and then send
it many times, rather than both building and sending it XYZ times.
Benchmarking connect-join-quit of 10k clients:
100 users per channel: no noticeable speed improvement
1000 users per channel: 18% faster
10000 users in one channel: 50% faster
As you can see, unfortunately, for a typical irc network there isn't much
speed improvement. However, if you have a couple of 500+ user channels or
get attacked by clones then you may see some improvement in speed and/or lower
CPU usage.
- Call m_cap_Init() when m_cap is loaded through commands.so. Reported by nenolod.
- Fix for speed optimization a few lines up, was accidentally using ident
username (which might have been 'unknown') instead of effective username.
- Added support for SASL, patch from nenolod (#4079).
- Fix crash in AUTHENTICATE (SASL commit from an hour or so ago).
- Tweak SASL code to conform to current coding style.
- Split up PROTOCTL line, since with the addition of ESVID we exceeded
MAXPARA when using ZIP links.
- Poll I/O engine: get_client_by_pollfd() may return -1 when there's a race
condition. Don't abort, instead just skip those clients.
- Fix win32 installer: apparently it sometimes complained about not having
- the Visual C++ 2008 redistributable package installed when this was not true.
- Fix Windows build.
- Win32 compile fix (nenolod)
- Print out a warning when we can't write to a log file. When booting this
goes to the boot screen. When we are already booted it's sent to all
IRCOps with a limit of max. 1 message per 5 minutes.
- Refuse to boot when we can't write to any log file.
- Remove old no-stealth configuration directive from documentation,
reported by katsklaw, patch from warg (#4036).
- Added 'away-notify' client capability, which informs the client of any AWAY state changes of users on the same channel. Patch from nenolod (#4097).
- Add support for account-notify client capability (#4098). This capability
can be used to request passive notifications for accountname changes.
- If set::options::dont-resolve is enabled, then use only the IP information
from a WEBIRC message, reported by Ismat (#4103).
- Moved sendto_connectnotice, and thus the call to HOOKTYPE_LOCAL_CONNECT,
so it gets called after the broadcast of NICK to other servers.
- Fix bug caused by new I/O engine (both with and without USE_POLL):
queued data on the receive queue (eg: due to fake lag) was not processed
unless we got new data from the client.
- Add support for server-enforced mode locks (MLOCK).
This allows the IRCd to enforce MLOCKs that are set by services, which
eliminates clashes between users setting modes and services enforcing
it's mlock on channels. (#3055)
- complete the previous patch (MLOCK).. mostly just bringing it up to date & code-style
- Fixed another SASL crash bug. Always use HookAddEx, not HookAdd!
Crash occured after the first quit of a user after a REHASH.
- SASL now needs to be enabled explicitly by setting a set::sasl-server.
- Changed numeric 307 (RPL_WHOISREGNICK) to 'is identified for this nick',
- Win32 installer (SSL): Uncheck 'create certificate' checkbox when
server.cert.pem exists, and check it if the file doesn't exist.
- Win32 installer: Latest InnoSetup no longer supports Windows 95/98,
so update Minversion to make the .iss compile.
- Module coders: added HOOKTYPE_AWAY (sptr, away-reason).
- Add optional oper::require-modes setting to the oper block. (#4008 by katsklaw)
- Clarify that hiddenhost-prefix must be the same on linked servers for
bans to function properly (#4090, patch from warg, reported in #4043
by maxb).
- Add /SILENCE to HTML documentation (reported by Severus_Snape in
#4072, patch from warg).
- Show "Ping timeout: XYZ seconds" instead of just "Ping timeout".
- a bigger scratch buffer makes me sleep at night ;)
- Install server.*.pem files, patch from katsklaw (#3988).
- The ./Config script will now ask whether to generate an SSL
certificate when it does not exist (defaults to Yes), instead of
always generating one.
- Added missing Mod_Header to m_sasl.c
- Remove old reference to networks/ directory from Windows installer
- Disable sending of UHNAMES when HTM (High Traffic Mode) is ON,
- Disable sending of UHNAMES when HTM (High Traffic Mode) is ON,
- Add 'class' option to allow/deny channel so you can allow/deny
users based on their class. Patch from fspijkerman (#4125).
- Use poll() in the remote includes functions when USE_POLL is
defined (#4091).
- Fix bug where recursive includes would hang the IRCd, patch from
binki with some minor modifications, reported by warg (#3919).
- Upgraded to c-ares 1.9.1. Updated configure & other files.
- various win32 fixes:
- Disable USE_POLL on Windows, since it doesn't work with XP and has
no advantage anyway. Reported by nenolod (#4129).
- Various updates to makefile.win32 and .iss file, found during
building new versions of zlib, openssl, and curl.
- Added set::options::disable-cap, which can be used to disable the
new CAP support (#4104).
- Added auth method 'sslclientcertfp' which provides an alternative
method to authenticate users with SSL client certificates based
on SHA256 fingerprints. This can be used instead of the already
existing 'sslclientcert' so you don't have to use an external file.
One way to get the SHA256 fingerprint would be:
openssl x509 -in name-of-pem-file.pem -sha256 -noout -fingerprint
Suggested and patch supplied by Jobe (#4019).
- Added documentation on the new sslclientcertfp
- Moved documentation on authentication types to one place and refer
to it from each section (oper::password, vhost::password,
link::password-receive, etc).
- Windows: fix MOTD file always showing a date of 1/1/1970, reported
by maxarturo (#4102).
- Removed unreal32docs.es.html (outdated since 2006-12-22),
unreal32docs.gr.html (outdated since 2006-12-02), and
unreal32docs.nl.html (outdated since 2009-01-18, possibly 2007-07-12).
- Remove wircd.def, needs to be re-generated almost each build anyway..
- Use our own (v)snprintf if not available.
- Use a more robust method of learning the server origin for a SASL agent.
- Use a more robust method of learning the server origin for a SASL
agent. Fixes crash reported by Adam.
- Import unreal32docs Spanish translation by Karim Benzema.
- In the Mercurial repository the Changes file no longer exists (except
for a dummy file). You now need to run ./createchangelog to generate it.
Of course in official releases the Changes file will be present and
contain all details.
- From now on, the Changes file is based on the history of the Mercurial
repository. This means we no longer have to write text manually to the
Changes file. This simple change helps a lot in future development
because patches will no longer break when they are being ported from
one branch to another.
- Update ./createchangelog to make it only show changes on default branch.
- If you are running the IRCd as root and use IRC_USER/IRC_GROUP then we now
change ownership of the log file to that user/group so it can still write
after the setuid(). Reported by asmadeus (#4152).
- Fix duplicate user@host in away-notify and account-notify, reported by grawity (#4153).
- '/rehash -global' did often not rehash all servers. Reported by Cronus (#4143)
- allow channel: Permit multiple channel items in one block again, was broken by patch from #4125.
- Update the documentation about set::dns::nameserver to reflect reality (that the setting is only used if c-ares can?t read /etc/resolv.conf).
- Don't remove oper-modes such as +S from non-local clients.
- Pull in poll(2) stuff before any other ircd include files. (#4155)
- Windows: Fix strange linking bug. Outgoing connects from a Windows
IRCd caused a garbled SERVER protocol message, causing 'cannot find
server' errors and killing of users. Reported by Sunkat (#4183).
- Custom modules: move EXLIBS= so shared libraries are always linked.
Upstream did not provide NEWS. But, this is ~4 years of assorted
bugfixes and minor improvements. Most notably there is a fix that is
critical for stream startup in a timing-dependent case which seems to
hit reliably on netbsd-5/i386-xen, jabberd2.
Take MAINTAINERSHIP, as I appear to also be the upstream maintainer
now.
Use cmake for build
Version 0.4.1 (May 20, 2013)
- multiple layouts support
- nick prefix/suffix are now dynamic (and managed by core instead of irc plugin)
- unmask irc join if nick speaks some minutes after the join
- new option irc.look.display_join_message to disable some messages after joining a channel
- new option irc.look.pv_buffer to automatically merge private buffers
- add support of UHNAMES
- add DH-AES encryption method for SASL
- multiple irc servers allowed on same port for irc protocol in relay plugin
- add WebSocket server support (RFC 6455) in relay plugin (for irc and weechat protocols)
- send nicklist difference in relay plugin (weechat protocol)
- add control of autoload for scripts
- optimizations in aspell plugin
- many bugs fixed.
Version 0.4.0 (Jan 20, 2013)
- add option "diff" for command /set, display default values in output of /set
- add color support in prefix options
- add command /eval, use expression in conditions for bars
- connect by default with IPv6 to servers with fallback to IPv4
- add aspell suggestions
- add support of tags in irc messages and "server-time" capability
- add irc command /quiet
- add support of IPv6 in relay plugin
- add backlog for irc protocol in relay plugin
- display remote IP address for DCC chat/file in xfer plugin
- add git version in build
- many bugs fixed.
to address issues with NetBSD-6(and earlier)'s fontconfig not being
new enough for pango.
While doing that, also bump freetype2 dependency to current pkgsrc
version.
Suggested by tron in PR 47882
Changes since 2.1.10:
* Core ejabberd
- Make terms serialization faster
- Reduce size of XML stream state
* Administration
- Add SCRAM and remove MD5 support to ejabberd commands auth verification
- Added command to list all the vhosts registered in an ejabberd node
- Added export2odbc command, copied from mod_admin_extra.erl
- Fix ejabberdctl number of arguments error report with R15
- Check node name is available before starting ejabberd (EJAB-1572)
- Fix ejabberd_xmlrpc commands authentication with SCRAM
- Fix mod_offline:store_offline_msg argument (EJAB-1581)
- Log IP address when auth attempt fails
- Make sure update_info returns atoms only (EJAB-1595)
- On shutdown, first stop listeners, then modules
* Encryption
- Detect OpenSSL version at runtime, not at compile time
- Fixed signedness issue in tls_drv GET_DESCRYPTED_INPUT (EJAB-1591)
- Enable DHE key exchange in TLS driver
- Enable ECDHE key exchange in TSL driver
- Disable old and unsecure ciphers in TLS driver
- Disable SSL 2.0 in TLS driver
* HTTP-Bind
- Do not trigger item-not-found errors in mod_http_bind
- Repeated http-bind request should abort only requests with same rid
- Receiving missing request shouldn't close waiting out-ouf-order request
* XMPP
- Allow multiple fqdn values in configuration (EJAB-1578)
- Fix get_subscription_lists/4
- Fix account registration
- Send announce Message stanzas as Headline type instead of Normal
* Other
- Guide: Fix file name of Name Service Switch
- Guide: Document the db_type modules option (EJAB-1560)
- LDAP: Fix broken JPEG photo (EJAB-1526)
- LDAP: Fix compatibility with Erlang R16A (EJAB-1612)
- MUC: Fix angle brackets handle in plaintext log (EJAB-1610)
- MUC: Fix MUC start when Mnesia tables don't exist yet
- MUC: New mod_muc_log option file_permissions (EJAB-1588)
- ODBC: Merge SQL and Mnesia code into one module (EJAB-1560)
- Translation: New Hebrew
- Translation: Update Slovak
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package
Like last time, where this caused no complaints.
(This will close PR pkg/43970).
Version 5.0.0 2008-05-30
Version 6.0.0 2009-05-30
Version 7.0.0 2010-05-29
Version 7.0.1 2010-10-14 (PR pkg/43970)
Version 7.0.2 2010-12-10
Version 7.0.3 2010-12-24
Version 8.0.0 2011-05-29
Version 9.0.0 2012-05-29
---------
* Major changes in 9.0.0
** New command to re-order channels is added (ueno)
See the doc string of riece-command-reorder-channels.
** Complete multiple channels when joining (ueno)
* Major changes in 8.0.0
** Extend URL regexp used in riece-url (ueno)
** Use lexical binding everywhere (ueno)
** Update doc/ptexinfmt.el (kaoru)
* Major changes in 7.0.3
** Fix freeze behavior when the cursor is on a channel buffer (ueno)
riece-shrink-buffer had a bug which moves the cursor to the top or
bottom of buffer even when the buffer is frozen.
** Fix out-of-tree build (kaoru, ueno)
There were some code not passing srcdir correctly.
** Remove old-style backquotes for Emacs 24 (ueno)
* Major changes in 7.0.2
** Fix bug of reading IRC logs (ueno)
If coding-system was not specified when writing log to file, Riece
added extra ".nil" to the filename. That causes erronous behavior
on reading the logs back.
** Fix control sequence parsing (ueno)
* Major changes in 7.0.1
** Fix compilation error on Emacs 24. (ueno)
Emacs 24 does not have make-local-hook.
** Suppress byte-compile warnings. (kaoru)
Suppress "`save-excursion' defeated by `set-buffer'".
** Support "make distcheck". (ueno)
* Major changes in 7.0.0
** Mailing list address changed to riece-discuss@nongnu.org.
** Fix build for XEmacs 21.5. (ueno)
** Fix coloring riece-channel-list-indicator on mode-line. (ueno)
* Major changes in 6.1.0
** Revert to use setq instead of Custom for saved settings. (ueno)
** Add-on management commands can now be usable from the Command buffer. (kaoru)
* Major changes in 6.0.0
** New add-on riece-desktop-notify. (bg66)
** Fix Custom-based setting mechanism.
---------
COMMENT should not be longer than 70 characters.
COMMENT should not begin with 'A'.
COMMENT should not begin with 'An'.
COMMENT should not begin with 'a'.
COMMENT should not end with a period.
COMMENT should start with a capital letter.
pkglint warnings. Some files also got minor formatting, spelling, and style
corrections.
version 2.10.7 (02/13/2013):
Alien hatchery:
* No changes
General:
* The configure script will now exit with status 1 when specifying
invalid protocol plugins using the --with-static-prpls and
--with-dynamic-prpls arguments. (Michael Fiedler) (#15316)
libpurple:
* Fix a crash when receiving UPnP responses with abnormally long values.
(CVE-2013-0274)
* Don't link directly to libgcrypt when building with GnuTLS support.
(Bartosz Brachaczek) (#15329)
* Fix UPnP mappings on routers that return empty <URLBase/> elements
in their response. (Ferdinand Stehle) (#15373)
* Tcl plugin uses saner, race-free plugin loading.
* Fix the Tcl signals-test plugin for savedstatus-changed.
(Andrew Shadura) (#15443)
Pidgin:
* Make Pidgin more friendly to non-X11 GTK+, such as MacPorts' +no_x11
variant.
Gadu-Gadu:
* Fix a crash at startup with large contact list. Avatar support for
buddies will be disabled until 3.0.0. (#15226, #14305)
IRC:
* Support for SASL authentication. (Thijs Alkemade, Andy Spencer)
(#13270)
* Print topic setter information at channel join. (#13317)
MSN:
* Fix SSL certificate issue when signing into MSN for some users.
* Fix a crash when removing a user before its icon is loaded. (Mark
Barfield) (#15217)
MXit:
* Fix a bug where a remote MXit user could possibly specify a local
file path to be written to. (CVE-2013-0271)
* Fix a bug where the MXit server or a man-in-the-middle could
potentially send specially crafted data that could overflow a buffer
and lead to a crash or remote code execution. (CVE-2013-0272)
* Display farewell messages in a different colour to distinguish
them from normal messages.
* Add support for typing notification.
* Add support for the Relationship Status profile attribute.
* Remove all reference to Hidden Number.
* Ignore new invites to join a GroupChat if you're already joined, or
still have a pending invite.
* The buddy's name was not centered vertically in the buddy-list if they
did not have a status-message or mood set.
* Fix decoding of font-size changes in the markup of received messages.
* Increase the maximum file size that can be transferred to 1 MB.
* When setting an avatar image, no longer downscale it to 96x96.
Sametime:
* Fix a crash in Sametime when a malicious server sends us an abnormally
long user ID. (CVE-2013-0273)
Yahoo!:
* Fix a double-free in profile/picture loading code. (Mihai Serban)
(#15053)
* Fix retrieving server-side buddy aliases. (Catalin Salgu) (#15381)
Plugins:
* The Voice/Video Settings plugin supports using the sndio GStreamer
backends. (Brad Smith) (#14414)
* Fix a crash in the Contact Availability Detection plugin. (Mark)
(#15327)
* Make the Message Notification plugin more friendly to non-X11 GTK+,
such as MacPorts' +no_x11 variant.
Version 3.2 (released 2013-01-06) hilights:
Updated Twitter module. Support for Twitter API 1.1, streaming API, direct
messages and some other improvements.
Fixed potential connection issue to Google Talk, OpenFire, possibly other
Jabber services.
A bunch of other things.
Version 3.0.6 (released 2012-10-14) hilights:
Updated MSN module, now speaking the MSNP18 protocol. This adds support for
MPOP and also fixes sending off-line messages.
Loads of bugfixes, etc. accumulated over the last half a year.
* handle building with NetBSD 6's 64bit time_t on a 32 bit platform
* reorder src/utf8/checked.h to define the append() function
before using it later on in the same file.
Also updated the MASTER_SITES to reference the new download site.
prior will be migrated to the new format when you run 0.15 for the
first time.
Changes:
- Merge many changes from Psi+.
- New message history browser.
- New, fast contact list window.
- TURN proxying for voice calls.
- Store data in more standardized locations based on the platform.
- No longer dependent on the Qt3Support library.
- Domains ending in .local now always work, whether via DNS server or mdns.
- Windows 64-bit and Mac 64-bit now supported. Mac PPC deprecated.
- Legacy SSL port probe feature removed.
- Various small features and bugfixes.
Since 0.14, this version contains about two years worth of merges
from the Psi+ project. Thanks to Rion and Dealer_WeARE for diligently
keeping the Psi source repo current all this time.
Changes:
Security:
- CVE-2012-5854: Fix buffer overflow when decoding IRC colors in strings
- CVE-2012-5534: Fix untrusted command for function hook_process could lead to
execution of commands, because of shell expansions
Among the new features:
- add plugin "script" (replacement of weeget.py and script.pl)
- add support of SSL in relay plugin
- add color for offline nicks
- add system resource limits for WeeChat process
- add zoom on merged buffer (default key: alt+"x")
- add "Day changed to" in logger backlog
- add command line option "-r" (or "--run-command") to run command(s) after startup of WeeChat
- add option "swap" for command /buffer
- generate alternate IRC nicks dynamically (when all nicks are already in use)
- fix rejoin of password protected IRC channels
- fix freeze in irc and relay plugins with sockets
- fix color of long lines (displayed on more than one line on screen) under FreeBSD
- allow update for some variables of hdata
- add japanese user's guide, scripting guide and tester's guide
- many bugs fixed.
in gcc 4.1.3 (NetBSD 5.*) aka, -pedantic causes build
failures when including gnutls on older versions of gcc.
Should clear up the build issues on NetBSD 5.x
- HTTP service
- Fix ejabberd_http:get_line
- Don't use binary:match to extract lines from binaries
- Parse and encode https header names like native http parser does
- Parse correctly https request split into multiple packets
- Properly handle HEAD request in mod_http_bind (EJAB-1538)
- New option default_host for handling requests with ambiguous Host
(EJAB-1261)
- ODBC
- New ODBC support for mod_announce
- New ODBC support for mod_blocking
- New ODBC support for mod_irc
- New ODBC support for mod_muc
- New ODBC support for mod_shared_roster
- New ODBC support for mod_vcard_xupdate
- Add ODBC exporting function for privacy table
- Work also with some unicode strings in PgSQL (EJAB-1490)
- Replace a single quote with double quotes in an ODBC escape
- SSL
- Make sure that res is initialized in all cases
- Parse correctly https request split into multiple packets (EJAB-1537)
- Added missed tls:recv_data/2
- Don't ignore Length parameter in tls:recv
- Avoid quadratic behavior in reading SSL data
- Dix http_bind webserver TLS fail on Chrome (EJAB-1530)
- Miscelanea
- Assume we have only one CPU when an auto-detection fails (EJAB-1516)
- Auth: Relax digest-uri handling (EJAB-1529)
- Caps: Cache caps timestamp before the IQ-request is done
- IRC: Use of MUC password
- Private: misc errors cases fixes
- Pubsub: return user affiliation for a specified node (EJAB-1294)
- Shared Roster: Foreign items were not pushed (EJAB-1509)
- Shared Roster LDAP: user substitution in ldap_rfilter (EJAB-1555)
- Windows: Fix makefile rules for building DLLs
24 Aug 2012:
- Release 4.0.0
21 Jun 2012:
- Fixed an issue that happened when enabling the OTR plugin while a
conversation is open.
- Release 4.0.0-beta2
7 Jun 2012:
- The plugin now supports multiple OTR conversations with the same
buddy who is logged in at multiple locations. In this case, a new
OTR menu will appear, which allows you to select which session an
outgoing message is indended for. Note that concurrent SMP
authentications with the same buddy who is logged in multiple times
is not yet supported (starting a second authentication will end the
first).
- During a private conversation with a buddy, an incoming unencrypted
message will now trigger the regular incoming message notifications.
In Pidgin this includes showing the message in the top-right
notification area, if it is normally configured to do so.
- New Italian, Swedish, Polish and Vietnamese translations. Updates to
the French translation.
- When a private conversation begins, the plugin will indicate whether
Pidgin is configured to log the conversation.
- By default, OTR conversations will not be logged by Pidgin.
- Fingerprints in the manual authentication dialog are now selectable
- The plugin will no longer delete the OTR menus if a non-foreground
conversation window is closed.
- Except on WIN32, the plugin will now set the umask to 0077 before
creating the otr.* files in the purple directory so that they end up
mode 0600.
- The menu item now says "Reauthenticate buddy" when the buddy is
already authenticated.
- Release 4.0.0-beta1
Note that while the protocol is compatible, the API is not, and hence
there will be a pidgin-otr update within minutes.
There is an apparent gcc 4.1.3 -O2/SSP bug, which is avoided by
disabling SSP in libotr (which libotr finds and turns on). This is
temporary pending more fine-grained control and/or a fix.
Update to libotr 4.0.0. Note that libotr 4.x is API-incompatible with
libotr 3.x; upstream thinks this is ok, so pkgsrc won't try to work
around it.
24 Aug 2012:
- Release 4.0.0
- Support v3 of the OTR protocol
- The main new feature: sensibly handle the case where a user is logged
in multiple times to the same IM account
- API changes:
- instance tags, to support multiple simultaneous logins
- support for asynchronous private key generation
- the ability to provide an "extra" symmetric key to applications
(with forward secrecy)
- applications can supply a formation conversion callback if they do
not natively use XHTML-style UTF8 markup
- error messages formerly provided by libotr are now handled using
callbacks to the application, for better i18n support
- otrl_message_sending now handles message fragmentation internally
Packaged for wip by Leonardo Taccari.
irssi-xmpp is an irssi plugin to connect to the Jabber network.
Its aim is to provide a good integration in this text-based irc client
and a good support of XMPP (the Jabber protocol).
Its main features are:
* Sending and receiving messages in irssi's query windows
* A roster with contact & resource tracking (contact list)
* Contact management (add, remove, manage subscriptions)
* Tab completion of commands, JIDs and resources
* Many extensions supported (XEP) including Multi-User Chat (MUC)
* Support for multiple accounts
* Unicode support (UTF-8)
* SSL and STARTTLS support
To deal with the XMPP protocol, it uses of the Loudmouth library.
