Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
from Zafer Aydogan in followup to PR pkg/35117.
|
|
various character set problems. The security issues fixed:
* NICK_CHANGE buffer overflow: CVE-2007-3728.
* pkcs_decode buffer overflow: CORE-2007-1212.
Changes since version 1.0.4.1:
- Fixed NEW_CLIENT packet handling crash.
- Fixed partial encryption in CTR mode in AES.
- Fixed printable fingerprint buffer overflow.
- Fixed UNIX signal delivery il SILC scheduler.
- Reprocess JOIN command synchronously after resolving channel user list.
- In JOIN command reply check if the channel key is already saved.
- Remove all channel keys and hmacs after giving LEAVE command.
- Added missing channel unreferencing in CMODE, CUMODE, TOPIC, INVITE,
BAN and KICK command replies.
- Fixed connection authentication with public keys to use correct public
key as responder.
- Zero tail of CTR mode IV in IV Included mode.
- Fixed CTR mode rekey.
- Rewrote the IV Included CTR mode encryption/decryption in packet engine.
- Fixed non-IPv6 compilation error.
- Fixed channel private key deleting when deleting the channel.
- Fixed TIMEOUT handling in user info resolving during JOINing, fixes crash.
- Fixed mandatory UN and HN SILC public key identifier checking.
- Fixed alignment issues with 64-bit CPUs.
- Added "There are now xx nick's" to "are xx nicks".
- Fixed USERS command user mode handling (integer overflow).
- Fixed big-endian issues from aes implementation.
- Fixed lib/silcutil/silcatomic.h compilation on IA64.
- Fixed public key identifier parsing to check lengths correctly.
- In silc_client_free check that scheduler is allocated before trying to
free it.
- Fixed buffer overflow in NICK_CHANGE notify. The destination buffer for
old nicknames was too small.
- Added support for rekey with PFS when using CTR mode encryption.
- Added silc_idcache_move that can be used to move entries between caches.
- Added better checks for invalid argument and notify payloads.
- Fixed SILC_PACKET_FLAG_LONG_PAD bitmask value.
- Set the destination ID to packet stream as SKE responder if ID was
present in key exchange packet.
- Compile sources with _GNU_SOURCE on Linux systems.
- Fixed Unix signal task dispatching to not lock the signals when
dispatching the callback to avoid deadlocks.
- Added SILC_VERSION macro for checking package versions at compile time.
- Use SILC_VERIFY to assert that silc_rwlock_wrlock can be called only
once per thread on Unix.
- Fixed USERS command reply write-lock unlocking.
- Fixed silc_create_key_pair to check for valid identifier.
- Rewrite signed public message handling, adopting the new hilight interface.
- Fix off by one error when loading modules.
- Don't delete hilight entry (because it's just a pointer, not a copy).
- Added __SILC_TOOLKIT_x_x_x macro to all Toolkit distribution which can
be used to check for Toolkit version in third-party software.
- Added support for channel@server channel name strings to client library
(SILC protocol version 1.3 change).
- Added full_nicknames and full_channel_names settings to SilcClientParams
that can be used to specify whether client library returns full nickname
and channel name strings. Full strings are nick@server and channel@server.
- Fixed unix connecting failure to return error code correctly.
- Fixed SKE timeout double free crash.
- Fixed MIME multipart decoding buffer overflow.
- Fixed connection auth protocol timeout crash.
- Fixed FSM machine finishing to check for existing threads at the final
free callback to allow time for the threads to finish.
- Fixed silc_client_get_clients_local to check the nick's server also if
nick@server nickname string is given to the function.
- And many more, oh well. For the user this means: better charset support,
less crashes, nick names now potentially user#23, server specific
channels and more sanity.
Talked over a while ago with wiz with no objections.
|
|
i) CVE-2008-2927 fix
ii) the previous version was being rejected from the ICQ network.
version 2.4.3 (07/01/2008):
libpurple:
* Yahoo! Japan now uses UTF-8, matching the behavior of official clients
and restoring compatibility with the web messenger (Yusuke Odate)
* Setting your buddy icon once again works for Yahoo! accounts.
* Fixes in the Yahoo! protocol to prevent a double free, crashes on
aliases, and alias functionality
* Fix crashes in the bonjour protocol
* Always use UTF-8 for Yahoo! (#5973)
* Fix a crash when the given jabber id is invalid.
* Make the IRC "unknown message" debugging messages UTF-8 safe.
* Fix connecting to ICQ
* Fix a memleak when handling jabber xforms.
Pidgin:
* Include the send button plugin in the win32 build
* Various memory leak fixes
|
|
- CVE-2007-5839: e_hostname uses mktempnam in an unsafe manner.
- CVE-2007-4584: p_mode classic buffer overflow using a static string.
|
|
Version 1.27
* Cleaned up the buddy "Get Info" screen a bit
* Fixed up a couple of compiler warnings
* You are now hidden on your own contact list by default
Version 1.26
* A few minor security fixes
* Incomming messages with HTML-like text are displayed properly
* Usernames and passwords with funny characters (like +) in them should work
Version 1.25
* Plugin will automatically reconnect if the messages stop downloading
* Logging you out of the plugin wont log you out of Facebook
* Buddies will appear online when typing and sending messages to you
* No DNS lookups for proxies
Version 1.24
* Some fixes to the friends search
* Messages can be auto-resent if they don't get through (buddy offline etc)
Version 1.23
* You can now search for friends from the account menu (Account->Facebook->Search for friends...)
Version 1.22
* Fixed receiving multiple notifications
* Local alias in Pidgin will be set if you havn't set it
Version 1.21
* Notifications (Inbox/Friends) appear as new emails in Pidgin
|
|
|
|
of mk/curses.b3.mk after devel/ncurses/b3.mk.
- Define DATADIR correctly so that it knows where to look for help files.
- Remove quotes around DOCS_PATH in snprintf() call so that smirk can
actually open the help files.
- Bump PKGREVISION.
|
|
|
|
|
|
but so is the underlying code...
|
|
2.0
===
- All of the core functionality has moved into Net::XMPP.
It provides the connection, messages, iq, and presence.
Net::Jabber now just provides the extensions that the
JEPs define and that are truly Jabber and not XMPP.
1.30
====
- Added initial support for XMPP 1.0 via XML::Stream 1.18.
- Locked version of XML::Stream to 1.18.
- Changed connectiontimeout to just timeout in the Connect
function.
- Hey, here's a good idea. Instead of copying the function
hash out of each namespace why not just use a refrence...
duh... This might make things a little faster and use a
smidge less memory. Just a little thought.
- Fixed a taint problem with an eval and the xmlns read from
the socket.
- Fixed some -w warnings.
- Updated client test to user newer methods and create the
test account.
- Added password to MUCJoin.
- Fixed typo in DefineNamespace.
- Added Tree Transfer (JEP-105)
1.29
====
- Added PubSub (JEP-60)
- Added documentation for most of the below.
- Added in a basic basic support for SOAP (JEP-72). You can
dump in rawxml and get it back out.
- Looking into using contants for the namespaces, but they
don't work in hashes. =(
- Removed jabber:x:sxpm (it was never used).
- Added initial (low level) support for Commands (JEP-50).
- Added initial (low level) support for FNeg (JEP-20),
Disco (JEP-30), Bytestream (JEP-65), SI (JEP-95), and
FT-Profile (JEP-96).
- Made Client, Component, and Server inherit from Protocol
instead of AUTOLOADing. Why didn't I do this in the
beginning?
- Added function RosterRequest to let the user handle processing
the roster in their own callback and not return a hash.
- Added function PresenceDBClear that will clear out the
presence database.
- Added check to see if Process generated an error, and then
was called again (bad thing).
- Moved Process into Client.pm, Component.pm, and Server.pm.
- Locked version of XML::Stream to 1.17.
- Fixed typos in the Protocol help.
1.28
====
- Fixed bug in XPathDefined which caused the main iq callback
function to not work. Show stopper bug.
- Fixed iq:time test.
1.27
====
- Update examples/client scripts to include an xpath based
example.
- Added support for XPath based callbacks.
- Updated x:data to match the call for experience.
- Requires perl 5.6 in an attempt to get Unicode support.
- Added finer callback support for presence and message
based on type.
- Minor tweak to NOT remove an unknown xmlns packet (duh...)
- Fixed bug in JID.
- Updated DefineNamespace to handle most old style, and all
new style.
- Locked version of XML::Stream to 1.16.
- Major recore due to XML::Stream::Node and XPath.
- Moved from XML::Stream::Hash to XML::Stream::Node.
- Fixed XDB Reply error.
- Uninitialized value round up.
|
|
|
|
|
|
28 May 2008:
- The functionality of the OTR button has now moved to a menu. There's
an "OTR" menu, as well as an icon showing the current OTR state of
each active conversation in the window.
- New OTR icons from <cyrus_xiii@yahoo.com>
- OTR icons show up inline in the conversation window when the OTR
status changes.
- Buddy authentication has been revamped, based on the user study
published in SOUPS 2008. The default is now to choose a question and
an answer only you and the buddy should know. The question is
displayed to the buddy, who is prompted for the answer. The "shared
secret" and "fingerprint" authentication methods are still available.
|
|
- Added support for one-way authentication using an explicit question,
based on the SOUPS 2008 user study.
|
|
remove the later. The old version 1.0.5 is unmaintained, has a remote
DoS vulnerability and is less reliable than version 1.2.0beta2.
Approved by Adrian Portelli.
|
|
|
|
|
|
manage their channels in a secure and efficient way and allows operators to
manage various things about their networks. Unlike it's predecessor, Shrike,
services has a completely reworked form of channel management that feels
somewhat like eggdrop and is somewhat more useful.
Services currently works with many irc daemons. More details are
available in the config file.
|
|
builtin version of OpenSSL is used.
* Do not, under any case, do anything with svn during the configure process
|
|
1.1.20 follows up with the latest fixes of the maintenence release. It is a HIGHLY RECOMENDED upgrade for all 1.1.19 (and prior) users, as it addresses a number of client compatibility and general stability fixes.
|
|
Patch provided by Hasso Tepper in PR 38849.
|
|
Version 1.7.20 (revision 1324)
With all currently known bugs fixed, this new release of Anope contains
loads of bugfixes and should provide a stable experience. This is one of
the last releases in the 1.7 series of Anope. We encourage users who were
not using the 1.7 series for stability reasons to try out this release and
report any bugs found on our bugtracker at http://bugs.anope.org/ .
An important note for MySQL users: various database schema improvements
have been added in Changes.mysql. Be sure to apply these changes to your
database schema for a large increase in performance of the MySQL code.
Take a look at the change log for more information about the changes made
for this release.
Version 1.7.21 (revision 1341)
This new release fixes a XOP-related exploitable crash bug which appeared in
Anope version 1.7.20. Earlier versions are not affected. Networks running
Anope 1.7.20 are strongly advised to upgrade to this release. Even though
networks running earlier versions are not affected by this bug, they are
still advised to upgrade due to numerous other bugfixes.
Next to the fix for the crash bug mentioned above, a number of other things
have been fixed as well, including various InspIRCd-related issues, bugs in
the MySQL code and a shiny new Russian translation.
Take a look at the change log for more information about the changes made
for this release.
|
|
|
|
|
|
|
|
|
|
properly in the media script.
|
|
While here, add DESTDIR support.
|
|
|
|
Should fix PR 38354.
While here, add DESTDIR support.
|
|
Bump PKGREVISION.
|
|
|
|
many packages used to use ${PAX}. Use the common way of directly calling
pax, it is created as tool after all.
|
|
|
|
|
|
|
|
Otherwise libpurple insists on having it if the dbus option is enabled.
From David Brownlee.
|
|
* New default binding ctrl+x to open context menus.
* Menu triggers and other bindings will no longer conflict.
* Middle click pastes the internal clipboard (when mouse support is enabled).
|
|
|
|
* The typing notification in the conversation history can be disabled or
customized (font, color etc.) in .gtkrc-2.0.
* Added a plugin (not installed by default) which adds a Send button back to
the conversation window. People without physical keyboards have a hard time
with the lack of the button.
* Clicking on the buddyicon in the conversation window toggles the size of the
icon between small and large.
* The settings of a chat (e.g. Handle in an XMPP chat, or Exchange in an AIM
chat) can be edited from its context menu in the buddy list.
* Add a "Present conversation window" preference to the Message Notification
plugin; the "Raise conversation window" option does not unminimize windows
or draw attention to them when they are on other workspaces--the "Present"
option should.
* Add a preference to set Escape as the keyboard shortcut for closing the
conversation window.
* Add an option in the context menu to disable smileys in the selected text
in the conversation history/log viewer. This should help people who
regularly paste code in conversations.
* Add a preference to choose the minimum size of the text input area in lines.
* Moved the "Local alias" field in the Modify Account dialog to be below the
"User Options" heading on the "Basic" tab.
* Number of room occupants is now shown in chat tooltips where possible
|
|
enable them in options.mk, through overrides.
|
|
o In MySpaceIM, messages from spambots are discarded (Justin Williams)
o Strip mIRC formatting codes from quit and part messages.
o IRC now displays ban lists in-channel for joined channels.
o Fixed a bug where the list of loaded plugins would get removed when
switching between different operating systems.
o Fix reception of IRC PART without a part message on Undernet
(fixes a problem with litter in the channel user list).
o IRC no longer crashes on /list on servers which erroneously omit RPL_LISTSTART
o Update the NetworkManager support to use D-Bus directly, instead of
libnm-glib. Hopefully it's stable now. It will now compile by default if you
have D-Bus support and NetworkManager.h. (Elliott Sales de Andrade)
o MSN buddy list synchronization is now more forgiving, only asking about
buddies who have disappeared completely from the server list and not those
that have simply moved groups.
o IRC will now try to append 1-9 to your nick if it is in use, instead of
substituting the last character with 1-9 where possible.
o Bonjour buddies will be saved persistently if they're moved out of the
"Bonjour" group. (Eion Robb)
|
|
|
|
Based on patch provided in PR 38624.
'cicqconv' command is renamed for 'cimconv', conflict with centericq is gone away.
2008-04-08 New version (4.22.5) released.
This release fixes various segfaults in the Yahoo protocol. It also introduces a
bar which displays all open chats nicely.
2008-03-29 New version (4.22.4) released.
This release fixes the possible url exploit described in CVE-2008-1467. It also
makes CenterIM ready for the Yahoo protocol change kicking in on 2nd april 2008.
2008-03-11 New version (4.22.3) released.
This version fixes the various ICQ contact list issues (e.g adding contacts
should now work).
2007-12-08 New version (4.22.2) released.
More than 90 fixes/improvements have been added to centerim since our last
release in June. The main fixes included are:
* Fixed bug in msn login when the server sent a NOT message
* Fixed bug in ICQ protocol which prevented others from seeing your presence
(partial)
* New version tracking/updating (Thanks to David Riebenbauer for this helpful
feature)
* Added an "Out for Lunch" state
|
|
Based on patch from Leonardo Taccari in PR pkg/38418
|
|
(CVE-2008-1996). Before this, the application would crash if too many TCP
connections are opened.
|
|
There is a single crash fix in versions prior 1.1.19, in KLINE use. Opers on older versions are advised to avoid KLINE, and to use GLINE instead.
Minor server buffering enhancements (should be a bit faster on netburst and use less CPU for highly loaded servers)
Tempramental linking fix (thanks to djGrrr for helping finally track this down)
Upgrade at your leisure.
|
|
From Daniel Horecki in PR #38570
|