SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for irssi-1.0.6-35.1.x86_64.rpm :
Sun Jan 7 13:00:00 2018 ailin.nemuiAATTgmail.com
- update to 1.0.6
- Fix invalid memory access when reading hilight configuration
(#787, #788).
- Fix null pointer dereference when the channel topic is set
without specifying a sender (GL#20, GL!25). CVE-2018-5206
- Fix return of random memory when using incomplete escape
codes (GL#21, GL!26). CVE-2018-5205
- Fix heap buffer overflow when completing certain strings
(GL#19, GL!27). CVE-2018-5208
- Fix return of random memory when using an incomplete
variable argument (GL#18, GL!28). CVE-2018-5207

Sun Oct 22 14:00:00 2017 ailin.nemuiAATTgmail.com
- update to 1.0.5 (boo#1064540)
- Fix missing -sasl_method \'\' in /NETWORK (#718, #719).
- Fix incorrect restoration of term state when hitting SUSP
inside screen (#737, #733).
- Fix out of bounds read when compressing colour
sequences. Found by Hanno Böck (GL#12, GL!18). CVE-2017-15228
- Fix use after free condition during a race condition when
waiting on channel sync during a rejoin (GL#13, GL!19).
CVE-2017-15227
- Fix null pointer dereference when parsing certain malformed
CTCP DCC messages (GL#14, GL!20).
CVE-2017-15721
- Fix crash due to null pointer dereference when failing to
split messages due to overlong nick or target (GL#15, GL!21).
CVE-2017-15723
- Fix out of bounds read when trying to skip a safe channel ID
without verifying that the ID is long enough (GL#16, GL!22).
CVE-2017-15722
- Fix return of random memory when inet_ntop failed (#769).
- Minor statusbar help update. By Robert Bisewski (#758,
[#763]).

Thu Jul 6 14:00:00 2017 ailin.nemuiAATTgmail.com
- update to 1.0.4
- Fix null pointer dereference when parsing invalid timestamp (GL#10,
GL!15). Reported by Brian \'geeknik\' Carpenter. CVE-2017-10965
boo#1047709
- Fix use-after-free condition when removing nicks from the internal
nicklist (GL#11, GL!16). Reported by Brian \'geeknik\' Carpenter.
CVE-2017-10966
- Fix incorrect string comparison in DCC file names (#714).
- Fix regression in Irssi 1.0.3 where it would claim \"Invalid time \'-1\'\"
(#716, #722).
- Fix a bug when using \
to separate lines with expand_escapes (#723).
- Retain screen output on improper exit, to better see any error
messages (#287, #721).
- Minor help update (#729).

Tue Jun 6 14:00:00 2017 ailin.nemuiAATTgmail.com
- update to 1.0.3
- Fix out of bounds read when scanning expandos (GL!11).
- Fix invalid memory access with quoted filenames in DCC
(GL#8, GL!12). bsc#1043052 CVE-2017-9469
- Fix null-pointer dereference on DCC without address (GL#9, GL!13).
bsc#1043051 CVE-2017-9468
- Improve integer overflow handling. Originally reported by
oss-fuzz#525 (#706).
- Improve nicklist performance from O(N^2) to O(N) (#705).
- Fix initial screen redraw delay. By Stephen Oberholtzer
(#680, bdo#856201).
- Fix incorrect reset of true colours when resetting background. (#711).
- Fix missing -notls option in /SERVER. By Jari Matilainen (#117, #702).
- Fix minor history glitch on overcounter (#462, #685).
- Improved OpenSSL detection at compile time. By Rodrigo Rebello (#677).
- Improved NetBSD Terminfo detection. By Maya Rashish (#694, #698).
- Add missing syntax info for COMPLETION (#687, #688).
- Minor typo correction in help. By Michael Hansen (#707).

Mon Mar 13 13:00:00 2017 astiegerAATTsuse.com
- add references to previous change

Sat Mar 11 13:00:00 2017 ailin.nemuiAATTgmail.com
- irssi 1.0.2 fixes a vulnerability that could result in denial of
service or worse during a netjoin in certain circumstances (CVE
pending) bsc#1029020
- Prevent some null-pointer crashes (GL!9).
- Fix compilation with OpenSSL 1.1.0 (#628, #597).
- Correct dereferencing of already freed server objects during
output of netjoins. Found by APic (GL!10, GL#7).
- Fix in command arg parser to detect missing arguments in tail place
(#652, #651).
- Fix regression that broke incoming DCC file transfers (#667, #656).
- Fix issue with escaping \\ in evaluated strings (#669, #520).
- Added regex-patch-653.patch from Upstream PR#653 to improve UTF8
support in GRegex

Mon Feb 6 13:00:00 2017 astiegerAATTsuse.com
- irssi 1.0.1:

* Fix Perl compilation in object dir

* Fix incorrect HELP SERVER example

* Correct memory leak in /OP and /VOICE

* Fix regression that broke second level completion

* Correct missing NULL termination in perl_parse boo#1023638

* Sync broken mail.pl script

* Prevent a memory leak during the processing of the SASL
response boo#1023637

Fri Jan 6 13:00:00 2017 idonmezAATTsuse.com
- Update to version 1.0.0

* irssiproxy can now forward all tags through a single port.

* The kill buffer now remembers consecutive kills. New bindings
were added: yank_next_cutbuffer and append_next_kill.

* autolog_ignore_targets and activity_hide_targets learn a new
syntax tag/
* and
* to ignore whole networks or everything.

* hilight got a -matchcase flag to hilight case sensitively.

* Display TLS connection information upon connect. You can disable
this by setting tls_verbose_connect to FALSE

* Certificate pinning for TLS certificates

* /names and $[…] now uses utf8 string operations.

* New setting completion_nicks_match_case

* /channel /server /network now support modify subcommand.

* New option sasl_disconnect_on_failure to disconnect when SASL
log-in failed.
- Drop not applied irssi-0.8.15_ssl_proxy.patch
- Run through spec-cleaner, remove support for old openSUSE/SUSE
releases.

Fri Jan 6 13:00:00 2017 astiegerAATTsuse.com
- irssi 0.8.21 fixes four vulnerabilities that could result in
denial of service (remote crash) when connecting to malicious
servers or receiving specially crafted data [boo#1018357]:

* CVE-2017-5193: NULL pointer dereference in the nickcmp function

* CVE-2017-5194: out of bounds read in certain incomplete control codes

* CVE-2017-5195: out of bounds read in certain incomplete character sequences

* CVE-2017-5196: Correct an error when receiving invalid nick message

* CVE-2017-5356: out of bounds read in format string [boo#1019809]
- drop irssi-0.8.20-buf.pl.patch, upstream

Thu Oct 6 14:00:00 2016 meissnerAATTsuse.com
- irssi-0.8.20-buf.pl.patch: Fixed a information disclosure in buf.pl
(CVE-2016-7553 bsc#1001215)

Wed Sep 21 14:00:00 2016 mrueckertAATTsuse.de
- disable PIE on sle11

Wed Sep 21 14:00:00 2016 mrueckertAATTsuse.de
- add BR for xz to fix build on sle11
- switch to %{?_smp_mflags}
- pass --disable-silent-rules to get verbose makefiles again

Wed Sep 21 14:00:00 2016 meissnerAATTsuse.com
- Update to version 0.8.20
- Correct the name of an emitted sasl signal (#484)
- Correct the prototype for the \'message private\' signal (#515)
- Corrections in away and hilight help text (#477, #518)
- /squery and /servlist commands have been restored.
- Where Irssi would previously only report \"System error\" on connect,
it will now try harder to retrieve the system error message.
- Fixed issue with +channels not working properly (#533)
- Fixed crash in optchan when item has no server (#485)
- Fixed random remote crash in the nicklist handling (#529)
- Fixed remote crash due to incorrect bounds checking on
formats, reported by Gabriel Campana and Adrien Guinet from
Quarkslab. (CVE-2016-7044, CVE-2016-7045, bsc#999199)

Sat Mar 26 13:00:00 2016 idonmezAATTsuse.com
- Update to version 0.8.19

* Fixed regression when joining and parting channels on IRCnet

* Fixed SASL EXTERNAL

* Fixed regression when not using SASL

* Fixed incorrect SSL disconnects when using SSL from modules/scripts

* Fixed regression where proxy_string could not be configured or
certain file transfers could not be accepted

* Fixed storing layout of !channels

* Fixed restoration of bracketed paste mode on quit

* Make the usage of meta-O for cursor keys configurable with
/set term_appkey_mode off

Wed Mar 2 13:00:00 2016 idonmezAATTsuse.com
- Update to version 0.8.18
New Features
+ CAP SASL PLAIN login is now supported natively.
+ Paste bracket markers can be requested from terminal with
/set paste_use_bracketed_mode on
+ \"Self messages\" generated by some bouncers can now be received in
the proper window.
+ Try to split long lines on spaces to avoid words being splitted.
Adds a new option: split_line_on_space which defaults to on.
+ Add setting hilight_nick_matches_everywhere (#56).
+ The config parser is more robust and prints out better diagnostics
on incorrect config files.
+ Ctrl+^ (FS#721) and Ctrl+J can now be bound.
+ Command history can be cleared with /window history -clear
+ /hilight -mask -line is now supported (FS#275).
+ CHANTYPES are now supported.
+ Improved reload speed of ignores.
+ Add -date feature to /lastlog
+ irssiproxy can be more easily enabled and disabled.
+ Expando for hostname (FS#829).
+ UNIX sockets can now also be specified in the config file.
+ Disable SSLv3 due to the POODLE vulnerability.
+ SSL ciphers can now be specified per server.
+ Added SNI support for SSL.
Bugfixes
+ /ignore now respects -pattern on merge (#78).
+ irssiproxy (BNC) module now uses correct line endings.
+ Fix missing lines on large pastes (FS#905).
+ Correctly preserve STATUSMSG prefixes (#291).
+ Fix infinite recursion in key bindings (FS#817).
+ Fix incomplete awaylog caused by buffering.
+ Fix calculation of UTF-8 string length display in some cases.
+ Fix some Perl warnings related to AATTISA.
+ EXEC windowitems now get proper references on the Perl side.
+ Incremental help file improvements.
+ ANSI attributes are now properly reset.
+ Fixed regression where text would blink when terminal lacks color support.
+ Permit the usage of Freenode extban syntax in /ban (#150)
+ Fixed regression in scriptassist on unload of scripts.
+ Fixed regression in -actcolor %n
- Remove irssi-0.8.15-ssl-passphrase.patch, fixed upstream.

Sun Jan 10 13:00:00 2016 astiegerAATTsuse.com
- downloads moved to github
- verify source signature

Thu Jan 1 13:00:00 2015 meissnerAATTsuse.com
- build with PIE

Fri Oct 17 14:00:00 2014 mrueckertAATTsuse.de
- update to 0.8.17
+ Document that SSL connections aren\'t properly handled during
/UPGRADE. See Github PR #39.
+ Synchronize scripts with scripts.irssi.org.
+ Performance enhancement of the nicklist as well as the
window_item_find function. See Github PR #24.
+ Disallow unloading of static modules.
+ Allow UTF-8 characters in /bind. See Github PR #18.
+ Split overlong outgoing messages instead of silently truncating
them.
Adds two new options: \'split_line_end\' and \'split_line_start\'.
- \'split_line_end\' contains a string added to the end of line
fragments.
- \'split_line_start\' contains a string added to the beginning
of line
fragments. See Github PR #29.
+ Added special /ignore NO_ACT level to ignore only activity (see
/help ignore).
+ Support for 256 and true color terminals (see Github PR #48).
+ Support for italics (see Github PR #58).
+ Rewrote many help files.
- Fixed various compiler warnings and use of deprecated
functions.
- Fixed Perl API usage and added PERL_NO_GET_CONTEXT to reduce
code size.
- Fixed format_get_text Perl API. See Github PR #23.
- Fixed gui_printtext_after and term_refresh_
*() visibility. See
Github PR #22.
- Fixed issue where UTF-8 characters was corrupted once for every
32k text. See Github PR #12.
- Fixed redrawing issue with right-aligned statusbar.
- Fixed use-after-free bug with cached settings values. See
Github PR #147.

Thu Sep 4 14:00:00 2014 mrueckertAATTsuse.de
- add conditional to enable socks support but disable by default.
unless we can find a way to have socks support so it works
without an existing socks.conf.

Tue Jul 29 14:00:00 2014 mrueckertAATTsuse.de
- disable ssl_passphrase patch but keep it until the discussion
with upstream ended:
https://github.com/irssi/irssi/issues/103

Mon Jul 14 14:00:00 2014 mrueckertAATTsuse.de
- update to 0.8.16
+ Add -noautosendcmd to /SERVER and /CONNECT. Passing this option
will force Irssi to not execute the content of the autosendcmd
chatnet-setting upon connect.
+ Accept names replies with nick!userAATThost instead of just nick,
if they are enabled (see bug #805).
- Set window binds for channel items as sticky when re-creating
window binds as part of /layout save. This fixes the bug where
previously saved channel windows forgets their window number
upon reconnect.
+ Add experimental support for DNSSEC DANE validation of
certificates.
+ Strip the argument for boolean options (see bug #769).
+ Freenode have been readded to the list of networks in the
default configuration file.
+ Disabled support for the insecure SSLv2 protocol.
+ Various documentation enhancements.
+ Add -ssl_pass to /connect and /server (see bug #305).
- Fix crashing bug that can happen if the terminal height
decreases before the first window is created.
- Fixed minor compiler warnings.
- Fixed possible crashing bug when processing an octal escape
sequence.
- Fixed the /ignore -network option (see bug #748).
- Fixed signal handling for /exec\'d commands. Irssi now sends the
signal to the process group id instead of the process id.
- Fixed segfault generated by SSL disconnections (see bug #752).
- Fix compilation when build with -Werror=format-security. Patch
by Jaroslav Skarvada.
- refreshed irssi-0.8.15-ssl-passphrase.patch to apply without fuzz
again
- disable irssi-0.8.15_ssl_proxy.patch for now

Wed Jan 22 13:00:00 2014 mrueckertAATTsuse.de
- added irssi-0.8.16_missing_prototype_warnings.patch:
Fixes a compiler warning about missing prototype for SOCKSinit
- added -DGLIB_DISABLE_DEPRECATION_WARNINGS to reduce the noise
- added dante-devel as requires to irssi-devel so plugins can be
compiled again

Thu Sep 26 14:00:00 2013 ddissAATTsuse.com
- irssi-0.8.15-ssl-passphrase.patch
Fix prompt breakage following SSL certificate passphrase prompt;
(bnc#842532).

Thu Sep 5 14:00:00 2013 mlsAATTsuse.de
- add libperl_requires, as we link against libperl and thus
need a specific version of perl

Mon Jun 10 14:00:00 2013 mrueckertAATTsuse.de
- only enable socks support on opensuse

Mon Feb 11 13:00:00 2013 mrueckertAATTsuse.de
- added dante-devel to buildrequires to fix the socks support
(bnc#794748)
- added -fno-strict-aliasing to the cflags

Mon Feb 13 13:00:00 2012 cooloAATTsuse.com
- patch license to follow spdx.org standard

Tue Jan 11 13:00:00 2011 ajAATTsuse.de
- Fix build for older openSUSE distros.

Wed Dec 29 13:00:00 2010 ajAATTsuse.de
- switch to perl_requires macro

Thu Jul 29 14:00:00 2010 pascal.bleserAATTopensuse.org
- add desktop file and icon

Mon Apr 26 14:00:00 2010 mrueckertAATTsuse.de
- disable proxy patch until we got a decision upstream

Mon Apr 26 14:00:00 2010 mrueckertAATTsuse.de
- added irssi-0.8.15_ssl_proxy.patch: when using a proxy, use the
ssl hostname of the proxy (based on the patch from
https://bugs.launchpad.net/ubuntu/+source/irssi/+bug/565182)
(bnc#596005) CVE-2010-1154, CVE-2010-1155

Sun Apr 4 14:00:00 2010 pascal.bleserAATTopensuse.org
- update to 0.8.15: (bnc#596005) CVE-2010-1154, CVE-2010-1155

* add active_window_ignore_refnum option

* show new Charybdis +q list in channel windows (numerics 728 and
729)

* allow servers to belong to multiple networks

* improve paste detection: Irssi now detects a paste if it reads
at least three bytes in a single read; subsequent reads are
associated to the same paste if they happen before
\'paste_detect_time\' time since the last read. If no read occurs
after \'paste_detect_time\' time the paste buffer is flushed; if
there is at least one complete line its content is sent as a
paste, otherwise it is processed normally

* show \"target changing too fast\" messages in the channel/query
window

* use default trusted CAs if nothing is specified

* show why an SSL certificate failed validation

* make own nick and actions use default colour instead of white

* fix disconnects when sending large amounts of data over SSL

* show all nicks instead of just the first in an /accept
*
listing

* make several signals without parameters available to perl again

* close the config file fd after saving

* check if an SSL certificate matches the hostname of the server
we are connecting to

* fix bash\'isms, use command -v instead of which and use bc -l in
/CALC

* fix a crash with handling the DCC queue

* fix crash when checking for fuzzy nick match when not on the
channel

Tue Jul 28 14:00:00 2009 pascal.bleserAATTopensuse.org
- update to 0.8.14:

* make /reset an alias for /set -default

* make /unset an alias for /set -clear

* allow ctrl+home / ctrl+end to go to the beginning / end of scrollback

* accept WHOX reply (354 numeric) as a /who reply

* show numerics directed at channels in the channel window

* the time duration parser is more strict now

* fix out of bounds access in event_wallops()

* fix the autolog_ignore_targets logic to work correctly with manually opened log files

Wed Jun 10 14:00:00 2009 mrueckertAATTsuse.de
- added irssi-0.8.x_wallop_off_by_one.patch:
fix of by one in wallop handling (bnc#510837) CVE-2009-1959

Wed Apr 1 14:00:00 2009 mrueckertAATTsuse.de
- update to 0.8.13
+ Reject some obviously invalid values in /set.
+ Add perl bindings for Window::get_history_lines
+ Use an io channel to write the config file.
+ Use memory slices instead of memory chunks for text buffer.
+ Remove methods to create/destroy TextBuffer and TextBufferView and low level api to add/remove lines, scripts should be fine using Window::print_after and TextBufferView::remove_line.
+ Add print_after method to Window perl object analogous to gui_printtext_after but which also expands formats and forces a full line.
+ Better mapping of signal parameters to Perl. All signals used in scripts now need to be registered with Irssi::signal_register.
+ Add public header with interfaces to manage statusbar items (bug #535)
+ Recode: assume utf-8 encoding for an ascii string in which no escape character occurs (bug #392).
+ Allow /BAN, /UNBAN, /KICBAN, /KNOCKOUT if channel is not synced. Requesting ban lists from an unsynced channel will ask them from the server, banning a user whose uAATTh irssi does not know will ban nick!
*AATT
* and only bans irssi knows about can be removed.
+ Allow storing multiple \"other\" prefixes such as +q and +a (original patch by JasonX)
+ Add /set autolog_ignore_targets for cherry-picking targets that shouldn\'t get logged.
+ Add support for 16 colors. Formats KBGCRMYW and mirc colors are now mapped to colors 8-15. fe-text translates colors 8-15 to bold/blink+0-7 if the terminal supports only 8 colors. If your theme uses one of the high color formats and you really want bold you can change %FMT to %fmt%_%_, it will work fine in all irssi versions.
+ Better 005 PREFIX support (bug #580).
+ Display 407 numerics other than \"duplicate channel\".
+ Fix display of ratbox-style operspy whois.
+ Recode outgoing irc away messages (bug #412).
+ Recode outgoing irc quit messages.
+ Remove scrollback_levelclear_levels setting and add a \'level\' option to \'sb levelclear\' to specify a comma separated list of levels.
+ Add perl __WARN__ handler for scripts (bug #427).
+ Add Irssi::command_parse_options function to parse options for a command.
+ Revert recode changes introduced in 0.8.12.
+ Add completion for /WINDOW SERVER.
+ Support for reading kicks/msgs from TARGMAX/MAXTARGETS 005 tokens.
+ Enhancements to the redirections code.
+ Support for RPL_WHOISACTUALLY (338 numeric) for both ratbox and ircu (bug #428).
+ -idle option of /notify is gone.
+ /layout save now makes window-channel bindings instantly effective (bug #35).
+ /ping without arguments does not send anymore a ctcp ping to a channel (bug #542).
+ Track IRC operator status of nicks a bit better.
+ new \'actlist_names\' option to add active items names in \'act\' statusbar item.
+ new \'word_completion_backward\' command to scroll backwards in the completion list.
+ add \'list\' option to /bind to print all the available commands.
+ show setter/time in +I lists
+ apply -usermode before -autosendcmd (bug #548).
+ reduce memory usage of the scrollback buffer and make the display in /sb status more accurate (higher).
+ fix data getting dropped when a lot is sent at a time (e.g. when attaching to irssi-proxy, bug #528).
+ introduce the type Irssi::Irc::Client and signals to communicate with proxy clients to allow for scripting parts of the irssi-proxy.
+ Add sb_search.pl, a script for /SCROLLBACK SEARCH
- Fix /NOTIFY list when nick is seen joining (bug #642).
- Include hostmask in 001 event sent by proxy (bug #650).
- Be more power-friendly: don\'t run any always-on <1s timers (bug #641).
- Don\'t get confused by a failed /JOIN -window (bug #644).
- Properly initialize embedded Perl (PERL_SYS_INIT3).
- Replace invalid utf-8 bytes with U+FFFD when drawing a line.
- Properly unload the original script when using /script load to reload it. (bug #525, patch by Lukas Mai)
- Clean up script loading in general:

* Don\'t leak local variables to eval\'d code.

* Set filename/line number to get better error messages from perl.

* Use three-arg open and lexical filehandles to avoid surprises.

* Include error reason in message for unopenable scripts.

* Don\'t wrap script code in sub handler { } - this avoids spurious warnings and
should at least allow __END__ to work properly.
(Patch by Lukas Mai)
- Fix NETSPLIT_SERVER_REC in signals for Perl.
- Remove buggy /SCROLLBACK redraw and /SET scrollback_save_formats.
- Always preserve the active mainwindow when resizing.
- Ignore DNS not found errors when considering reconnect.
- Do not strip the comma in a mirc color if it is not followed by a digit (bug #250).
- Fix building perl module with perl-5.10 (bug #630).
- fix leak with $L expando.
- fix possible crash with /script reset.
- ignore exceptions take precedence over ignores in all cases.
- honour -channels preference for ignore -replies (bug #227).
- Fix mode display in whois with unreal (379 numeric) (bug #479).
- Fix regressions that prevented external modules from building/working (bugs #537 #539).
- Fix /set hilight_level not taking effect immediately (bug #598).
- Fix bold, blinking and indentation in /LASTLOG and buf.pl.


 
ICM