| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Changelog:
Changes ordered by priority.
High:
* Ensure only valid UTF-8 is passed to libidn. It was found (CVE-2015-2059)
that libidn can read beyond the boundaries of the provided buffer when an
input string contains invalid UTF-8 sequences.
Systems where Prosody is compiled with libICU are not affected by this issue.
Medium:
* DNS: Fix traceback caused when DNS server IP is unroutable (issue 473)
* HTTP client: More robust handling of chunked encoding across packet
boundaries
* Stanza router: Fix handling of 'error' <iq>'s with multiple children
Low:
* c2s: Fix error reply when clients try to bind multiple resources on the
same stream (issue 484)
* s2s: Ensure to/from attributes are always present on stream headers, even
if empty (issue 468)
* Build scripts: Add --libdir option to ./configure to simplify building on
some platforms
* Fix traceback in datamanager when used outside of Prosody
(e.g. in some migration tools)
* mod_admin_telnet: Fix potential traceback in server:memory()
command (issue 471)
* HTTP server: Improved debug logging
|
|
- Add support for WebSocket
- Flexible session management with multiple backends: Mnesia/SQL/Redis or
custom backend for session manager
- Security improvement with SCRAM based password encryption in SQL
authentication backends.
- Package management for ejabberd contributed modules
- Improved Elixir experience
- Automatic clustering scripts
- Added missing index on database
- Important updates on the documentation, with the launch of a new
documentation site: docs.ejabberd.im
- Several other bugfixes
More information on release at
https://www.ejabberd.im/node/24818
|
|
|
|
|
|
harmful when enabling certain options.
|
|
|
|
Approved by gdt@.
|
|
1) add patch-elisp-comp from FreeBSD ports to fix
"Wrong type argument: stringp, nil"
2) for some reason the unit test fails if we're in CET time zone so
just set TZ=GMT in the make environment for now.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Enable odbc, mysql and pgsql support unconditionally (no dependency cost).
Changes in 15.02:
- Add Elixir support, allows to write plugins in Elixir (not enabled in
this pkgsrc package)
- New command to reload configuration without restart
- Support old style erlang expressions in YAML configuration
- Improved captcha listener parsing when protocol not specified
- Fix upgrade of old unbinarized pubsub table from 2.1
- Minor updates in the documentation
- Other bugfixes
|
|
won't do the right thing on platforms where it is valid. Bump revision.
|
|
|
|
|
|
HexChat is an IRC client based on XChat, but unlike XChat it's completely
free for both Windows and Unix-like systems. Since XChat is open source, it's
perfectly legal. HexChat was originally called XChat-WDK which in turn was a
successor of freakschat.
|
|
|
|
|
|
|
|
Patch from Jonathan Buschmann in PR pkg/49540, slightly adapted.
|
|
mcabber (0.10.3)
* [UI] Add option 'iq_time_hide'
* [UI] Add 'iq_version_hide', 'iq_version_hide_version'
* Improved handling of damaged history log files
* Switch to libotr v4 API (Myhailo Danylenko)
* Add SSL options (Frank Zschockelt)
These options require a patched Loudmouth library.
- "ssl_ciphers" to define the allowed ciphers
- "ssl_ca" to set additional trusted certificates
* Fix compilation for old loudmouth libraries (Frank Zschockelt)
* Add 'color_timestamp' to highlight timestamp added by server (Hermitifier)
* New python based event script using OS X 10.8 notification center (Sharoon Thomas)
* Handle SIGHUP signal (Dominik George)
* Misc. bugfixes
-- Mikael, 2014-05-08
|
|
path.
|
|
|
|
|
|
from 0.8.16 to 0.8.17
(and also update accordingly chat/irssi-*/distinfo).
Changes:
v0.8.17 2014-10-11 The Irssi team <staff@irssi.org>
+ Document that SSL connections aren't properly handled during /UPGRADE.
See Github PR #39.
+ Synchronize scripts with scripts.irssi.org.
+ Performance enhancement of the nicklist as well as the window_item_find
function. See Github PR #24.
+ Disallow unloading of static modules.
+ Allow UTF-8 characters in /bind. See Github PR #18.
+ Split overlong outgoing messages instead of silently truncating them.
Adds two new options: 'split_line_end' and 'split_line_start'.
'split_line_end' contains a string added to the end of line fragments.
'split_line_start' contains a string added to the beginning of line
fragments. See Github PR #29.
+ Added special /ignore NO_ACT level to ignore only activity (see /help ignore).
+ Support for 256 and true color terminals (see Github PR #48).
+ Support for italics (see Github PR #58).
+ Rewrote many help files.
- Fixed various compiler warnings and use of deprecated functions.
- Fixed Perl API usage and added PERL_NO_GET_CONTEXT to reduce code size.
- Fixed format_get_text Perl API. See Github PR #23.
- Fixed gui_printtext_after and term_refresh_*() visibility. See Github PR #22.
- Fixed issue where UTF-8 characters was corrupted once for every 32k text.
See Github PR #12.
- Fixed redrawing issue with right-aligned statusbar.
- Fixed use-after-free bug with cached settings values. See Github PR #147.
|
|
Can be revived as krb5 versions later.
|
|
ejabberd Community 14.12 includes many bugfixes, and a few new features:
- New module mod_client_state implements XEP-0352: Client State Indication
- New module mod_fail2ban to ban IPs that show malicious signs
- New option store_empty_body in mod_offline
- New option disable_sasl_mechanisms
- Improve option resend_on_timeout to support if_offline
- More robust offline server
- Better charset support in XMLRPC
- Some PEP issues fixed
|
|
(do we have strlcpy support in MISSING_FEATURES?)
|
|
|
|
|
|
|
|
|
|
|
|
version 2.10.11 (11/23/14):
General:
* Fix handling of Self-Signed SSL/TLS Certificates when using the NSS
plugin (#16412)
* Improve default cipher suites used with the NSS plugin (#16262)
* Add NSS Preferences plugin which allows the SSL/TLS Versions and
cipher suites to be configured (#8061)
Gadu-Gadu:
* Fix a bug that prevented plugin to load when compiled without GnuTLS.
(mancha) (#16431)
* Fix build for platforms without AF_LOCAL definition. (#16404)
MSN:
* Fix broken login due to server change (dx, TReKiE). (#16451, #16455)
* Fail early when buddy list is unavailable instead of wasting bandwidth
endlessly re-trying.
version 2.10.10 (10/22/14):
General:
* Check the basic constraints extension when validating SSL/TLS
certificates. This fixes a security hole that allowed a malicious
man-in-the-middle to impersonate an IM server or any other https
endpoint. This affected both the NSS and GnuTLS plugins. (Discovered
by an anonymous person and Jacob Appelbaum of the Tor Project, with
thanks to Moxie Marlinspike for first publishing about this type of
vulnerability. Thanks to Kai Engert for guidance and for some of the
NSS changes) (CVE-2014-3694)
* Allow and prefer TLS 1.2 and 1.1 when using the NSS plugin for SSL.
(Elrond and Ashish Gupta) (#15909)
libpurple3 compatibility:
* Encrypted account passwords are preserved until the new one is set.
* Fix loading Google Talk and Facebook XMPP accounts.
Windows-Specific Changes:
* Don't allow overwriting arbitrary files on the file system when the
user installs a smiley theme via drag-and-drop. (Discovered by Yves
Younan of Cisco Talos) (CVE-2014-3697)
* Updates to dependencies:
* NSS 3.17.1 and NSPR 4.10.7
Finch:
* Fix build against Python 3. (Ed Catmur) (#15969)
Gadu-Gadu:
* Updated internal libgadu to version 1.12.0.
Groupwise:
* Fix potential remote crash parsing server message that indicates that
a large amount of memory should be allocated. (Discovered by Yves Younan
and Richard Johnson of Cisco Talos) (CVE-2014-3696)
IRC:
* Fix a possible leak of unencrypted data when using /me command
with OTR. (Thijs Alkemade) (#15750)
MXit:
* Fix potential remote crash parsing a malformed emoticon response.
(Discovered by Yves Younan and Richard Johnson of Cisco Talos)
(CVE-2014-3695)
XMPP:
* Fix potential information leak where a malicious XMPP server and
possibly even a malicious remote user could create a carefully crafted
XMPP message that causes libpurple to send an XMPP message containing
arbitrary memory. (Discovered and fixed by Thijs Alkemade and Paul
Aurich) (CVE-2014-3698)
* Fix Facebook XMPP roster quirks. (#15041, #15957)
Yahoo:
* Fix login when using the GnuTLS library for TLS connections. (#16172)
|
|
Resolve PR pkg/49343.
|
|
|
|
Upstream changes:
6.88 Sat Jun 28 13:14:00 BST 2014
- BotAddressed: Handle being addressed with a prefixed @ or %
6.87 Sat Jun 21 15:08:32 BST 2014
- Believe have resolved issues with online test
6.86 Fri Jun 20 11:12:06 BST 2014
- Added more diagnostics to the online test
6.85 Thu Jun 19 10:19:07 BST 2014
- Added some diagnostics output to the online test
6.84 Tue Jun 17 10:45:38 BST 2014
- Plugman: store @$ or else it gets overwritten - Commit: 65ba2a4f3
|
|
fix compilation of plugin API functions (macros) when compiler
optimizations are enabled
commit 03c0067272caae88758fd7847689177c0e18b48d
|
|
|
|
package anymore.
|
|
|
|
Clean up Makefile for readibility. Add SMF manifest.
Changes in 0.9.7:
- Fix server-to-server interoperability issue with Isode M-Link (since 0.9.6)
- Fix traceback in 'prosodyctl about' command with LuaRocks 2.2.0+ installed
Changes in 0.9.6:
- certmanager, net.http: Disable SSLv3 by default
- net.http.parser: Support status code 101 and allow handling of the received
data by plugins
- util.filters: Ignore filters being added twice (fixes issues on removal,
i.e. when some plugins are reloaded/unloaded)
- mod_s2s: Close offending s2s streams missing an 'id' attribute with
a stream error instead of throwing an unhandled error
- Networking API: Add 'ondetach' callback for listener objects, to prevent
leaks when connections have their listener changed
- core.stanza_router: Stricter validation of stanzas
- mod_admin_adhoc: Mark 'accountjids' field as required in 'end user sessions'
command (thanks Lloyd)
- mod_admin_adhoc: Add required to field in user deletion form too
- net.dns: Avoid duplicate cache entries
- util.stanza: Escape newlines and tabs (\r\n\t) when serializing stanzas.
- util/dataforms: Make sure we iterate over field tags only
- mod_s2s: Capitalize log message
- mod_pubsub: Fix error type of 'forbidden' (change from 'cancel' to 'auth')
Changes in 0.9.5:
- C2S: Fix traceback if a client opens a stream to component, which could
cause a crash in combination with some versions of LuaEvent
- C2S, S2S: Log received invalid stream headers
- S2S: Fix case where stream headers were sometimes sent twice
- DNS: Ensure all pending requests get notified of a timeout when looking
up a record
- DNS: Fix duplicated cache insertions by limiting outstanding queries
per name to one
- xmppstream: Disable LuaExpat's buffering
- xmppstream: Disable CharacterData merging after stream restarts
- xmppstream: Pass invalid stream headers to error handling
- Privacy lists: Correctly sort privacy list rules by order
- prosody: Check dependencies later in the startup sequence
- Config: Delay importing LuaFileSystem until needed by an Include line
- Config: Normalize VirtualHost and Component names
- prosodyctl: Normalize JIDs for adduser/passwd/deluser
- POSIX: Fix error reporting from disk space allocation
- POSIX: Verify that 'pidfile' is a string, show friendly error otherwise
- Dependency checking: Check that prosody is running under Lua 5.1. We don't
currently support any other versions. (LuaJIT identifies as 5.1)
- Compliance: Reset stream ID when resetting stream
- Compression: Log compression setup errors
- Console: Fix commands for adding and replacing name servers
- Console MUC commands: Fix error when a non-existent host is entered
- Filters: Prevent filters from being added twice
- Network: Transfer all available data between linked sockets
- dataforms: Add support for XEP-0221: Data Forms Media Element
|
|
|
|
ERROR: [check-interpreter.mk] The interpreter "/usr/pkg/bin/perl" of
"/scratch/chat/centerim/work/.destdir/usr/pkg/bin/cimconv" does not
exist. (etc) Thanks joerg@.
|
|
applied for Emacs24-24.4.50 and Emacs25-25.0.50
|
