irssi-1.1.2-bp150.3.4.1

- update to 1.1.2
  - Fix the resetting of window hiddenlevel (#861)
  - Fix clearing of hidelevel in layout (#951)
  - Fix accessing unallocated text when checking entry position
    (#930)
  - Fix uninitialised memory on empty lines (#873, GL#31, #878,
    [#877], #907, #914)
  - Fix use-after-free on expiration of hidden lines (#948)
    (CVE-2019-5882 boo#1121396)
  - Fix use-after-frees. By Maya Rashish (#919)
  - Fix out of bounds access in help display when window width
    is small (#949)
  - Fix paste_join_multiline (#971)
  - Correctly check for errno when displaying SSL errors. By
    Janik Rabe (#895)
  - Fix wrong signal emission argument count (#965)
  - Documentation (#920). Sync NEWS, scripts (#849)
  - Fix Perl detection on MacOS. By Dominyk Tiller (#927)
  - Misc fixes. By Jaroslav Škarvada (#982)

- update to 1.1.1 (bsc#1081238):
  - Restore compatibility with OpenSSL < 1.0.2 (#820, #831)
  - Fix test compilation on some platforms (#815, #816)
  - Fix portability and backwards compatibility of test runner
    (#818, #845)
  - Prevent use after free error during the execution of some
    commands. Found by Joseph Bisch (GL#17, GL!24).
  - Revert netsplit print optimisation due to crashes (#465, #809,
    [#812], #819, #824). CVE-2018-7054
  - Fix use after free when SASL messages are received in
    unexpected order (GL#26, GL!33). CVE-2018-7053
  - Fix null pointer dereference in the tab completion when an
    empty nick is joined (GL#24, GL!31). CVE-2018-7050
  - Fix use after free when entering oper password (GL#22,
    GL!32).
  - Fix null pointer dereference when too many windows are
    opened (GL#27, #837). CVE-2018-7052
  - Fix out of bounds access in theme strings when the last
    escape is incomplete. Credit to Oss-Fuzz (#842). CVE-2018-7051
  - Fix out of bounds write when using negative counts on window
    resize (GL#25, GL#29, #836).
  - Minor help correction. By William Jackson (#834).

- update to 1.1.0
  * Changes
    + Colour is now re-set when reaching a comma, matching mIRC
    behaviour
    + Irssi now shows the initial nick and name on first start
    + lynx is no longer required to run autogen.sh
    + The command history no longer permits wrapping around
    + /foreach now correctly sends arguments as commands, stopping
    you from embarassing AMSGs
    + /server does not connect to servers anymore, use /server
    connect to change servers
    + The net_ip_compare API function is now deprecated, and the
    previously deprecated net_connect has been removed
  * Additions
    + Add an option to ignore all channels or ignore all queries
    using /set activity_hide_targets
    + Add a startup warning if the TERM var is wrong inside tmux /
    screen
    + Add option to hide certain levels from the textbuffer using /
    window hidelevel
    + Irssi now has its first unit test (for mode parsing)
    + Added access to global command history when using window
    history, and a binding to erase entries from the command
    history (erase_history_entry)
    + -alternate_nick is now available as a network specific
    property
    + On FreeBSD, Irssi now supports Capsicum sandbox (/capsicum
    enter)
    + Filenames (directories) ending with a / now tab-complete
    + UTF-8 should now work in regular expressions when using
    GRegex (the default)
    + Nicks are now properly escaped on completion
    + /server add -port now works
    + Add a setting key_timeout to make key sequences
    automatically re-set when not finished
    + Warn users about expired client certificates, as servers
    may refuse them
    + Add a new net_start_ssl function for StartTLS. This is
    available from ABI 8 and can be used by protocol modules
    + The %# code is now stored in the textbuffer, so for example
    web scripts can make use of it
    + Add new setting break_wide which can be used to enable
    breaking of wide characters (for east-asian users)
    + Add fuzzing code
  * Fixes
    + Netsplits show properly again
    + Do not error on blank lines when using /exec -o
    + Detect used nickname as reported by server
    + Prevent use after free error during the execution of some
    commands
    + Fix MODE parameter parsing when colon was used at a place
    Irssi didn't expect
    + Fixed code to compile with -Werror=declaration-after-statement
    + Clang-format is now supported for git-clang-format
    + Fix use after free when changing the network of hilights
    + Fix positioning error when tab-completing non-ascii strings
    + In-development issues
    + Clarify Alis in /help list
    + Improve /lastlog performance from O(N^2) to O(N)
    + Fix a segfault on "script destroyed" signal
    + Fix early ISON error
    + Documentation improvements
    + Minor cleanups
    + Fix space issue in glib-2.0.m4
- cleanup with spec-cleaner
- drop regex-patch-653.patch
  * fixed upstream in 79bbca4644cad7f2dee89c7ac6b8f9acc2c8b427

- update to 1.0.6 (bsc#1074958)
  - Fix invalid memory access when reading hilight configuration
    (#787, #788).
  - Fix null pointer dereference when the channel topic is set
    without specifying a sender (GL#20, GL!25). CVE-2018-5206
  - Fix return of random memory when using incomplete escape
    codes (GL#21, GL!26). CVE-2018-5205
  - Fix heap buffer overflow when completing certain strings
    (GL#19, GL!27). CVE-2018-5208
  - Fix return of random memory when using an incomplete
    variable argument (GL#18, GL!28). CVE-2018-5207

- update to 1.0.5 (boo#1064540)
  - Fix missing -sasl_method '' in /NETWORK (#718, #719).
  - Fix incorrect restoration of term state when hitting SUSP
    inside screen (#737, #733).
  - Fix out of bounds read when compressing colour
    sequences. Found by Hanno Böck (GL#12, GL!18). CVE-2017-15228
  - Fix use after free condition during a race condition when
    waiting on channel sync during a rejoin (GL#13, GL!19).
    CVE-2017-15227
  - Fix null pointer dereference when parsing certain malformed
    CTCP DCC messages (GL#14, GL!20).
    CVE-2017-15721
  - Fix crash due to null pointer dereference when failing to
    split messages due to overlong nick or target (GL#15, GL!21).
    CVE-2017-15723
  - Fix out of bounds read when trying to skip a safe channel ID
    without verifying that the ID is long enough (GL#16, GL!22).
    CVE-2017-15722
  - Fix return of random memory when inet_ntop failed (#769).
  - Minor statusbar help update. By Robert Bisewski (#758,
    [#763]).

- update to 1.0.4
  - Fix null pointer dereference when parsing invalid timestamp (GL#10,
    GL!15). Reported by Brian 'geeknik' Carpenter. CVE-2017-10965
    boo#1047709
  - Fix use-after-free condition when removing nicks from the internal
    nicklist (GL#11, GL!16). Reported by Brian 'geeknik' Carpenter.
    CVE-2017-10966
  - Fix incorrect string comparison in DCC file names (#714).
  - Fix regression in Irssi 1.0.3 where it would claim "Invalid time '-1'"
    (#716, #722).
  - Fix a bug when using \n to separate lines with expand_escapes (#723).
  - Retain screen output on improper exit, to better see any error
    messages (#287, #721).
  - Minor help update (#729).

- update to 1.0.3
  - Fix out of bounds read when scanning expandos (GL!11).
  - Fix invalid memory access with quoted filenames in DCC
    (GL#8, GL!12). bsc#1043052 CVE-2017-9469
  - Fix null-pointer dereference on DCC without address (GL#9, GL!13).
    bsc#1043051 CVE-2017-9468
  - Improve integer overflow handling. Originally reported by
    oss-fuzz#525 (#706).
  - Improve nicklist performance from O(N^2) to O(N) (#705).
  - Fix initial screen redraw delay. By Stephen Oberholtzer
    (#680, bdo#856201).
  - Fix incorrect reset of true colours when resetting background. (#711).
  - Fix missing -notls option in /SERVER. By Jari Matilainen (#117, #702).
  - Fix minor history glitch on overcounter (#462, #685).
  - Improved OpenSSL detection at compile time. By Rodrigo Rebello (#677).
  - Improved NetBSD Terminfo detection. By Maya Rashish (#694, #698).
  - Add missing syntax info for COMPLETION (#687, #688).
  - Minor typo correction in help. By Michael Hansen (#707).

- add references to previous change

- irssi 1.0.2 fixes a vulnerability that could result in denial of
  service or worse during a netjoin in certain circumstances (CVE
  pending) bsc#1029020
  - Prevent some null-pointer crashes (GL!9).
  - Fix compilation with OpenSSL 1.1.0 (#628, #597).
  - Correct dereferencing of already freed server objects during
    output of netjoins. Found by APic (GL!10, GL#7).
  - Fix in command arg parser to detect missing arguments in tail place
    (#652, #651).
  - Fix regression that broke incoming DCC file transfers (#667, #656).
  - Fix issue with escaping \ in evaluated strings (#669, #520).
- Added regex-patch-653.patch from Upstream PR#653 to improve UTF8
  support in GRegex

- irssi 1.0.1:
  * Fix Perl compilation in object dir
  * Fix incorrect HELP SERVER example
  * Correct memory leak in /OP and /VOICE
  * Fix regression that broke second level completion
  * Correct missing NULL termination in perl_parse boo#1023638
  * Sync broken mail.pl script
  * Prevent a memory leak during the processing of the SASL
    response boo#1023637

- Update to version 1.0.0
  * irssiproxy can now forward all tags through a single port.
  * The kill buffer now remembers consecutive kills. New bindings
    were added: yank_next_cutbuffer and append_next_kill.
  * autolog_ignore_targets and activity_hide_targets learn a new
    syntax tag/* and * to ignore whole networks or everything.
  * hilight got a -matchcase flag to hilight case sensitively.
  * Display TLS connection information upon connect. You can disable
    this by setting tls_verbose_connect to FALSE
  * Certificate pinning for TLS certificates
  * /names and $[?] now uses utf8 string operations.
  * New setting completion_nicks_match_case
  * /channel /server /network now support modify subcommand.
  * New option sasl_disconnect_on_failure to disconnect when SASL
    log-in failed.
- Drop not applied irssi-0.8.15_ssl_proxy.patch
- Run through spec-cleaner, remove support for old openSUSE/SUSE
  releases.

- irssi 0.8.21 fixes four vulnerabilities that could result in
  denial of service (remote crash) when connecting to malicious
  servers or receiving specially crafted data [boo#1018357]:
  * CVE-2017-5193: NULL pointer dereference in the nickcmp function
  * CVE-2017-5194: out of bounds read in certain incomplete control codes
  * CVE-2017-5195: out of bounds read in certain incomplete character sequences
  * CVE-2017-5196: Correct an error when receiving invalid nick message
  * CVE-2017-5356: out of bounds read in format string [boo#1019809]
- drop irssi-0.8.20-buf.pl.patch, upstream

- irssi-0.8.20-buf.pl.patch: Fixed a information disclosure in buf.pl
  (CVE-2016-7553 bsc#1001215)

- disable PIE on sle11

- disable PIE on sle11

- Update to version 0.8.20
  - Correct the name of an emitted sasl signal (#484)
  - Correct the prototype for the 'message private' signal (#515)
  - Corrections in away and hilight help text (#477, #518)
  - /squery and /servlist commands have been restored.
  - Where Irssi would previously only report "System error" on connect,
    it will now try harder to retrieve the system error message.
  - Fixed issue with +channels not working properly (#533)
  - Fixed crash in optchan when item has no server (#485)
  - Fixed random remote crash in the nicklist handling (#529)
  - Fixed remote crash due to incorrect bounds checking on
  formats, reported by Gabriel Campana and Adrien Guinet from
  Quarkslab. (CVE-2016-7044, CVE-2016-7045, bsc#999199)

- Update to version 0.8.19
  * Fixed regression when joining and parting channels on IRCnet
  * Fixed SASL EXTERNAL
  * Fixed regression when not using SASL
  * Fixed incorrect SSL disconnects when using SSL from modules/scripts
  * Fixed regression where proxy_string could not be configured or
  certain file transfers could not be accepted
  * Fixed storing layout of !channels
  * Fixed restoration of bracketed paste mode on quit
  * Make the usage of meta-O for cursor keys configurable with
  /set term_appkey_mode off

- Update to version 0.8.18
  New Features
  + CAP SASL PLAIN login is now supported natively.
  + Paste bracket markers can be requested from terminal with
    /set paste_use_bracketed_mode on
  + "Self messages" generated by some bouncers can now be received in
    the proper window.
  + Try to split long lines on spaces to avoid words being splitted.
    Adds a new option: split_line_on_space which defaults to on.
  + Add setting hilight_nick_matches_everywhere (#56).
  + The config parser is more robust and prints out better diagnostics
    on incorrect config files.
  + Ctrl+^ (FS#721) and Ctrl+J can now be bound.
  + Command history can be cleared with /window history -clear
  + /hilight -mask -line is now supported (FS#275).
  + CHANTYPES are now supported.
  + Improved reload speed of ignores.
  + Add -date feature to /lastlog
  + irssiproxy can be more easily enabled and disabled.
  + Expando for hostname (FS#829).
  + UNIX sockets can now also be specified in the config file.
  + Disable SSLv3 due to the POODLE vulnerability.
  + SSL ciphers can now be specified per server.
  + Added SNI support for SSL.
  Bugfixes
  + /ignore now respects -pattern on merge (#78).
  + irssiproxy (BNC) module now uses correct line endings.
  + Fix missing lines on large pastes (FS#905).
  + Correctly preserve STATUSMSG prefixes (#291).
  + Fix infinite recursion in key bindings (FS#817).
  + Fix incomplete awaylog caused by buffering.
  + Fix calculation of UTF-8 string length display in some cases.
  + Fix some Perl warnings related to @ISA.
  + EXEC windowitems now get proper references on the Perl side.
  + Incremental help file improvements.
  + ANSI attributes are now properly reset.
  + Fixed regression where text would blink when terminal lacks color support.
  + Permit the usage of Freenode extban syntax in /ban (#150)
  + Fixed regression in scriptassist on unload of scripts.
  + Fixed regression in -actcolor %n
- Remove irssi-0.8.15-ssl-passphrase.patch, fixed upstream.

- downloads moved to github
- verify source signature

- build with PIE

- update to 0.8.17
  + Document that SSL connections aren't properly handled during
    /UPGRADE. See Github PR #39.
  + Synchronize scripts with scripts.irssi.org.
  + Performance enhancement of the nicklist as well as the
    window_item_find function. See Github PR #24.
  + Disallow unloading of static modules.
  + Allow UTF-8 characters in /bind. See Github PR #18.
  + Split overlong outgoing messages instead of silently truncating
    them.
    Adds two new options: 'split_line_end' and 'split_line_start'.
  - 'split_line_end' contains a string added to the end of line
    fragments.
  - 'split_line_start' contains a string added to the beginning
    of line
    fragments. See Github PR #29.
  + Added special /ignore NO_ACT level to ignore only activity (see
    /help ignore).
  + Support for 256 and true color terminals (see Github PR #48).
  + Support for italics (see Github PR #58).
  + Rewrote many help files.
  - Fixed various compiler warnings and use of deprecated
    functions.
  - Fixed Perl API usage and added PERL_NO_GET_CONTEXT to reduce
    code size.
  - Fixed format_get_text Perl API. See Github PR #23.
  - Fixed gui_printtext_after and term_refresh_*() visibility. See
    Github PR #22.
  - Fixed issue where UTF-8 characters was corrupted once for every
    32k text. See Github PR #12.
  - Fixed redrawing issue with right-aligned statusbar.
  - Fixed use-after-free bug with cached settings values. See
    Github PR #147.