Package Release Info

irssi-0.8.21-12.1

Update Info: openSUSE-2017-67
Available in Package Hub : 12 GA-SP5

platforms

AArch64
ppc64le
s390x
x86-64

subpackages

irssi
irssi-devel

Change Logs

* Fri Jan 06 2017 astieger@suse.com
- irssi 0.8.21 fixes four vulnerabilities that could result in
  denial of service (remote crash) when connecting to malicious
  servers or receiving specially crafted data [boo#1018357]:
  * CVE-2017-5193: NULL pointer dereference in the nickcmp function
  * CVE-2017-5194: out of bounds read in certain incomplete control codes
  * CVE-2017-5195: out of bounds read in certain incomplete character sequences
  * CVE-2017-5196: Correct an error when receiving invalid nick message
  * CVE-2017-5356: out of bounds read in format string [boo#1019809]
- drop irssi-0.8.20-buf.pl.patch, upstream
Version: 0.8.20-9.1
* Thu Oct 06 2016 meissner@suse.com
- irssi-0.8.20-buf.pl.patch: Fixed a information disclosure in buf.pl
  (CVE-2016-7553 bsc#1001215)
* Wed Sep 21 2016 mrueckert@suse.de
- disable PIE on sle11
* Wed Sep 21 2016 mrueckert@suse.de
- disable PIE on sle11
* Wed Sep 21 2016 meissner@suse.com
- Update to version 0.8.20
  - Correct the name of an emitted sasl signal (#484)
  - Correct the prototype for the 'message private' signal (#515)
  - Corrections in away and hilight help text (#477, #518)
  - /squery and /servlist commands have been restored.
  - Where Irssi would previously only report "System error" on connect,
    it will now try harder to retrieve the system error message.
  - Fixed issue with +channels not working properly (#533)
  - Fixed crash in optchan when item has no server (#485)
  - Fixed random remote crash in the nicklist handling (#529)
  - Fixed remote crash due to incorrect bounds checking on
  formats, reported by Gabriel Campana and Adrien Guinet from
  Quarkslab. (CVE-2016-7044, CVE-2016-7045, bsc#999199)
* Sat Mar 26 2016 idonmez@suse.com
- Update to version 0.8.19
  * Fixed regression when joining and parting channels on IRCnet
  * Fixed SASL EXTERNAL
  * Fixed regression when not using SASL
  * Fixed incorrect SSL disconnects when using SSL from modules/scripts
  * Fixed regression where proxy_string could not be configured or
  certain file transfers could not be accepted
  * Fixed storing layout of !channels
  * Fixed restoration of bracketed paste mode on quit
  * Make the usage of meta-O for cursor keys configurable with
  /set term_appkey_mode off
* Wed Mar 02 2016 idonmez@suse.com
- Update to version 0.8.18
  New Features
  + CAP SASL PLAIN login is now supported natively.
  + Paste bracket markers can be requested from terminal with
    /set paste_use_bracketed_mode on
  + "Self messages" generated by some bouncers can now be received in
    the proper window.
  + Try to split long lines on spaces to avoid words being splitted.
    Adds a new option: split_line_on_space which defaults to on.
  + Add setting hilight_nick_matches_everywhere (#56).
  + The config parser is more robust and prints out better diagnostics
    on incorrect config files.
  + Ctrl+^ (FS#721) and Ctrl+J can now be bound.
  + Command history can be cleared with /window history -clear
  + /hilight -mask -line is now supported (FS#275).
  + CHANTYPES are now supported.
  + Improved reload speed of ignores.
  + Add -date feature to /lastlog
  + irssiproxy can be more easily enabled and disabled.
  + Expando for hostname (FS#829).
  + UNIX sockets can now also be specified in the config file.
  + Disable SSLv3 due to the POODLE vulnerability.
  + SSL ciphers can now be specified per server.
  + Added SNI support for SSL.
  Bugfixes
  + /ignore now respects -pattern on merge (#78).
  + irssiproxy (BNC) module now uses correct line endings.
  + Fix missing lines on large pastes (FS#905).
  + Correctly preserve STATUSMSG prefixes (#291).
  + Fix infinite recursion in key bindings (FS#817).
  + Fix incomplete awaylog caused by buffering.
  + Fix calculation of UTF-8 string length display in some cases.
  + Fix some Perl warnings related to @ISA.
  + EXEC windowitems now get proper references on the Perl side.
  + Incremental help file improvements.
  + ANSI attributes are now properly reset.
  + Fixed regression where text would blink when terminal lacks color support.
  + Permit the usage of Freenode extban syntax in /ban (#150)
  + Fixed regression in scriptassist on unload of scripts.
  + Fixed regression in -actcolor %n
- Remove irssi-0.8.15-ssl-passphrase.patch, fixed upstream.
* Sun Jan 10 2016 astieger@suse.com
- downloads moved to github
- verify source signature
Version: 0.8.17-6.1
* Thu Jan 01 2015 meissner@suse.com
- build with PIE
* Fri Oct 17 2014 mrueckert@suse.de
- update to 0.8.17
  + Document that SSL connections aren't properly handled during
    /UPGRADE. See Github PR #39.
  + Synchronize scripts with scripts.irssi.org.
  + Performance enhancement of the nicklist as well as the
    window_item_find function. See Github PR #24.
  + Disallow unloading of static modules.
  + Allow UTF-8 characters in /bind. See Github PR #18.
  + Split overlong outgoing messages instead of silently truncating
    them.
    Adds two new options: 'split_line_end' and 'split_line_start'.
  - 'split_line_end' contains a string added to the end of line
    fragments.
  - 'split_line_start' contains a string added to the beginning
    of line
    fragments. See Github PR #29.
  + Added special /ignore NO_ACT level to ignore only activity (see
    /help ignore).
  + Support for 256 and true color terminals (see Github PR #48).
  + Support for italics (see Github PR #58).
  + Rewrote many help files.
  - Fixed various compiler warnings and use of deprecated
    functions.
  - Fixed Perl API usage and added PERL_NO_GET_CONTEXT to reduce
    code size.
  - Fixed format_get_text Perl API. See Github PR #23.
  - Fixed gui_printtext_after and term_refresh_*() visibility. See
    Github PR #22.
  - Fixed issue where UTF-8 characters was corrupted once for every
    32k text. See Github PR #12.
  - Fixed redrawing issue with right-aligned statusbar.
  - Fixed use-after-free bug with cached settings values. See
    Github PR #147.
* Thu Sep 04 2014 mrueckert@suse.de
- add conditional to enable socks support but disable by default.
  unless we can find a way to have socks support so it works
  without an existing socks.conf.
* Tue Jul 29 2014 mrueckert@suse.de
- disable ssl_passphrase patch but keep it until the discussion
  with upstream ended:
  https://github.com/irssi/irssi/issues/103
* Mon Jul 14 2014 mrueckert@suse.de
- update to 0.8.16
  + Add -noautosendcmd to /SERVER and /CONNECT. Passing this option
    will force Irssi to not execute the content of the autosendcmd
    chatnet-setting upon connect.
  + Accept names replies with nick!user@host instead of just nick,
    if they are enabled (see bug #805).
  - Set window binds for channel items as sticky when re-creating
    window binds as part of /layout save. This fixes the bug where
    previously saved channel windows forgets their window number
    upon reconnect.
  + Add experimental support for DNSSEC DANE validation of
    certificates.
  + Strip the argument for boolean options (see bug #769).
  + Freenode have been readded to the list of networks in the
    default configuration file.
  + Disabled support for the insecure SSLv2 protocol.
  + Various documentation enhancements.
  + Add -ssl_pass to /connect and /server (see bug #305).
  - Fix crashing bug that can happen if the terminal height
    decreases before the first window is created.
  - Fixed minor compiler warnings.
  - Fixed possible crashing bug when processing an octal escape
    sequence.
  - Fixed the /ignore -network option (see bug #748).
  - Fixed signal handling for /exec'd commands. Irssi now sends the
    signal to the process group id instead of the process id.
  - Fixed segfault generated by SSL disconnections (see bug #752).
  - Fix compilation when build with -Werror=format-security. Patch
    by Jaroslav Skarvada.
- refreshed irssi-0.8.15-ssl-passphrase.patch to apply without fuzz
  again
- disable irssi-0.8.15_ssl_proxy.patch for now
* Wed Jan 22 2014 mrueckert@suse.de
- added irssi-0.8.16_missing_prototype_warnings.patch:
  Fixes a compiler warning about missing prototype for SOCKSinit
- added -DGLIB_DISABLE_DEPRECATION_WARNINGS to reduce the noise
- added dante-devel as requires to irssi-devel so plugins can be
  compiled again
* Thu Sep 26 2013 ddiss@suse.com
- irssi-0.8.15-ssl-passphrase.patch
  Fix prompt breakage following SSL certificate passphrase prompt;
  (bnc#842532).
* Thu Sep 05 2013 mls@suse.de
- add libperl_requires, as we link against libperl and thus
  need a specific version of perl
* Mon Jun 10 2013 mrueckert@suse.de
- only enable socks support on opensuse
* Mon Feb 11 2013 mrueckert@suse.de
- added dante-devel to buildrequires to fix the socks support
  (bnc#794748)
- added -fno-strict-aliasing to the cflags
* Mon Feb 13 2012 coolo@suse.com
- patch license to follow spdx.org standard
* Tue Jan 11 2011 aj@suse.de
- Fix build for older openSUSE distros.
* Wed Dec 29 2010 aj@suse.de
- switch to perl_requires macro
* Thu Jul 29 2010 pascal.bleser@opensuse.org
- add desktop file and icon
* Mon Apr 26 2010 mrueckert@suse.de
- disable proxy patch until we got a decision upstream
* Mon Apr 26 2010 mrueckert@suse.de
- added irssi-0.8.15_ssl_proxy.patch: when using a proxy, use the
  ssl hostname of the proxy (based on the patch from
  https://bugs.launchpad.net/ubuntu/+source/irssi/+bug/565182)
  (bnc#596005) CVE-2010-1154, CVE-2010-1155
* Sun Apr 04 2010 pascal.bleser@opensuse.org
- update to 0.8.15: (bnc#596005) CVE-2010-1154, CVE-2010-1155
  * add active_window_ignore_refnum option
  * show new Charybdis +q list in channel windows (numerics 728 and
    729)
  * allow servers to belong to multiple networks
  * improve paste detection: Irssi now detects a paste if it reads
    at least three bytes in a single read; subsequent reads are
    associated to the same paste if they happen before
    'paste_detect_time' time since the last read. If no read occurs
    after 'paste_detect_time' time the paste buffer is flushed; if
    there is at least one complete line its content is sent as a
    paste, otherwise it is processed normally
  * show "target changing too fast" messages in the channel/query
    window
  * use default trusted CAs if nothing is specified
  * show why an SSL certificate failed validation
  * make own nick and actions use default colour instead of white
  * fix disconnects when sending large amounts of data over SSL
  * show all nicks instead of just the first in an /accept *
    listing
  * make several signals without parameters available to perl again
  * close the config file fd after saving
  * check if an SSL certificate matches the hostname of the server
    we are connecting to
  * fix bash'isms, use command -v instead of which and use bc -l in
    /CALC
  * fix a crash with handling the DCC queue
  * fix crash when checking for fuzzy nick match when not on the
    channel
* Tue Jul 28 2009 pascal.bleser@opensuse.org
- update to 0.8.14:
  * make /reset an alias for /set -default
  * make /unset an alias for /set -clear
  * allow ctrl+home / ctrl+end to go to the beginning / end of scrollback
  * accept WHOX reply (354 numeric) as a /who reply
  * show numerics directed at channels in the channel window
  * the time duration parser is more strict now
  * fix out of bounds access in event_wallops()
  * fix the autolog_ignore_targets logic to work correctly with manually opened log files
* Wed Jun 10 2009 mrueckert@suse.de
- added irssi-0.8.x_wallop_off_by_one.patch:
  fix of by one in wallop handling (bnc#510837) CVE-2009-1959
* Wed Apr 01 2009 mrueckert@suse.de
- update to 0.8.13
  + Reject some obviously invalid values in /set.
  + Add perl bindings for Window::get_history_lines
  + Use an io channel to write the config file.
  + Use memory slices instead of memory chunks for text buffer.
  + Remove methods to create/destroy TextBuffer and TextBufferView and low level api to add/remove lines, scripts should be fine using Window::print_after and TextBufferView::remove_line.
  + Add print_after method to Window perl object analogous to gui_printtext_after but which also expands formats and forces a full line.
  + Better mapping of signal parameters to Perl. All signals used in scripts now need to be registered with Irssi::signal_register.
  + Add public header with interfaces to manage statusbar items (bug #535)
  + Recode: assume utf-8 encoding for an ascii string in which no escape character occurs (bug #392).
  + Allow /BAN, /UNBAN, /KICBAN, /KNOCKOUT if channel is not synced.  Requesting ban lists from an unsynced channel will ask them from the server, banning a user whose u@h irssi does not know will ban nick!*@* and only bans irssi knows about can be removed.
  + Allow storing multiple "other" prefixes such as +q and +a (original patch by JasonX)
  + Add /set autolog_ignore_targets for cherry-picking targets that shouldn't get logged.
  + Add support for 16 colors. Formats KBGCRMYW and mirc colors are now mapped to colors 8-15. fe-text translates colors 8-15 to bold/blink+0-7 if the terminal supports only 8 colors. If your theme uses one of the high color formats and you really want bold you can change %FMT<string> to %fmt%_<string>%_, it will work fine in all irssi versions.
  + Better 005 PREFIX support (bug #580).
  + Display 407 numerics other than "duplicate channel".
  + Fix display of ratbox-style operspy whois.
  + Recode outgoing irc away messages (bug #412).
  + Recode outgoing irc quit messages.
  + Remove scrollback_levelclear_levels setting and add a 'level' option to 'sb levelclear' to specify a comma separated list of levels.
  + Add perl __WARN__ handler for scripts (bug #427).
  + Add Irssi::command_parse_options function to parse options for a command.
  + Revert recode changes introduced in 0.8.12.
  + Add completion for /WINDOW SERVER.
  + Support for reading kicks/msgs from TARGMAX/MAXTARGETS 005 tokens.
  + Enhancements to the redirections code.
  + Support for RPL_WHOISACTUALLY (338 numeric) for both ratbox and ircu (bug #428).
  + -idle option of /notify is gone.
  + /layout save now makes window-channel bindings instantly effective (bug #35).
  + /ping without arguments does not send anymore a ctcp ping to a channel (bug #542).
  + Track IRC operator status of nicks a bit better.
  + new 'actlist_names' option to add active items names in 'act' statusbar item.
  + new 'word_completion_backward' command to scroll backwards in the completion list.
  + add 'list' option to /bind to print all the available commands.
  + show setter/time in +I lists
  + apply -usermode before -autosendcmd (bug #548).
  + reduce memory usage of the scrollback buffer and make the display in /sb status more accurate (higher).
  + fix data getting dropped when a lot is sent at a time (e.g. when attaching to irssi-proxy, bug #528).
  + introduce the type Irssi::Irc::Client and signals to communicate with proxy clients to allow for scripting parts of the irssi-proxy.
  + Add sb_search.pl, a script for /SCROLLBACK SEARCH
  - Fix /NOTIFY list when nick is seen joining (bug #642).
  - Include hostmask in 001 event sent by proxy (bug #650).
  - Be more power-friendly: don't run any always-on <1s timers (bug #641).
  - Don't get confused by a failed /JOIN -window (bug #644).
  - Properly initialize embedded Perl (PERL_SYS_INIT3).
  - Replace invalid utf-8 bytes with U+FFFD when drawing a line.
  - Properly unload the original script when using /script load to reload it. (bug #525, patch by Lukas Mai)
  - Clean up script loading in general:
  * Don't leak local variables to eval'd code.
  * Set filename/line number to get better error messages from perl.
  * Use three-arg open and lexical filehandles to avoid surprises.
  * Include error reason in message for unopenable scripts.
  * Don't wrap script code in sub handler { } - this avoids spurious warnings and
    should at least allow __END__ to work properly.
    (Patch by Lukas Mai)
  - Fix NETSPLIT_SERVER_REC in signals for Perl.
  - Remove buggy /SCROLLBACK redraw and /SET scrollback_save_formats.
  - Always preserve the active mainwindow when resizing.
  - Ignore DNS not found errors when considering reconnect.
  - Do not strip the comma in a mirc color if it is not followed by a digit (bug #250).
  - Fix building perl module with perl-5.10 (bug #630).
  - fix leak with $L expando.
  - fix possible crash with /script reset.
  - ignore exceptions take precedence over ignores in all cases.
  - honour -channels preference for ignore -replies (bug #227).
  - Fix mode display in whois with unreal (379 numeric) (bug #479).
  - Fix regressions that prevented external modules from building/working (bugs #537 #539).
  - Fix /set hilight_level not taking effect immediately (bug #598).
  - Fix bold, blinking and indentation in /LASTLOG and buf.pl.