irssi (1.2.0-2+deb10u1) buster; urgency=medium * Import upstream security fix for CVE-2019-13045 (closes: #931264) -- Rhonda D'Vine Thu, 29 Jul 2021 14:11:39 +0200 irssi (1.2.0-2) unstable; urgency=medium [ Rhonda D'Vine ] * Install otr help file also in irssi-plugin-otr package (closes: #922145) * Add NEWS.Debian entry about the upgrade path for the stored OTR data. * New patch 99fix-big-endian-64bit-test pulled from upstream. [ Unit 193 ] * Remove the now-empty dh_strip override. -- Rhonda D'Vine Tue, 12 Feb 2019 21:59:00 +0100 irssi (1.2.0-1) unstable; urgency=medium * New upstream release. * Build-Depends on debhelper-compat (= 12), remove debian/compat. * Bump Standards-Version to 4.3.0. * Refresh patches. * Create a HOME for dh_auto_test. * Remove dh_strip --dbgsym-migration option. * Reduce debian/upstream/signing-key.asc to minimal export. * Build irssi-plugin-otr package out of this source. -- Rhonda D'Vine Tue, 12 Feb 2019 09:33:05 +0100 irssi (1.1.2-1) unstable; urgency=high [ Daniel Kahn Gillmor ] * irssi Provides: irssi-abi-XXX for safer plugin packaging (Closes: #811445) [ Rhonda D'Vine ] * Bump Standards-Version to 4.2.1. * New upstream bugfix release, fixing CVE-2019-5882 (closes: #918865) -- Rhonda D'Vine Fri, 21 Sep 2018 16:57:51 +0200 irssi (1.1.1-1) unstable; urgency=medium [ Rhonda D'Vine ] * New upstream release. * Uploaded from mIRC. * Adjust 03firsttimer_text patch for new location of the text. * Update copyright format URL to use https. * Install example scripts. * Bump Standards-Version to 4.1.4. * Move repository to salsa, update Vcs-* URLs. [ Unit 193 ] * Use https for upstream homepage. * /connect OFTC instead of irc.debian.org to get an ssl connection. -- Rhonda D'Vine Wed, 25 Jul 2018 10:09:40 +0800 irssi (1.0.7-1) unstable; urgency=high * New upstream bugfix release (closes: #886475): From 1.0.6: - Fix invalid memory access when reading hilight configuration (#787, #788). - Fix null pointer dereference when the channel topic is set without specifying a sender [CVE-2018-5206] - Fix return of random memory when using incomplete escape codes [CVE-2018-5205] - Fix heap buffer overflow when completing certain strings [CVE-2018-5208] - Fix return of random memory when using an incomplete variable argument [CVE-2018-5207] From 1.0.7: - Prevent use after free error during the execution of some commands. Found by Joseph Bisch [CVE-2018-7054] (closes: #890674) - Revert netsplit print optimisation due to crashes - Fix use after free when SASL messages are received in unexpected order [CVE-2018-7053] (closes: #890675) - Fix null pointer dereference in the tab completion when an empty nick is joined [CVE-2018-7050] (closes: #890678) - Fix use after free when entering oper password - Fix null pointer dereference when too many windows are opened [CVE-2018-7052] (closes: #890676) - Fix out of bounds access in theme strings when the last escape is incomplete. Credit to Oss-Fuzz [CVE-2018-7051] (closes: #890677) - Fix out of bounds write when using negative counts on window resize - Minor help correction. By William Jackson * Fix watch URL. * Bump to debhelper compat 11, remove autotools-dev Build-Depends. * Bump Standards-Version to 4.1.3. * Add lintian overrides for the spelling of "hilight" in the changelog mentioning the lintian overrides for the spelling of "hilight" in irssi itself. -- Rhonda D'Vine Tue, 06 Mar 2018 14:42:44 +0100 irssi (1.0.5-1) unstable; urgency=high * New upstream bugfix release (closes: #879521): - Fix missing -sasl_method '' in /NETWORK. - Fix incorrect restoration of term state when hitting SUSP inside screen. - Fix out of bounds read when compressing colour sequences. Found by Hanno Böck. [CVE-2017-15228] - Fix use after free condition during a race condition when waiting on channel sync during a rejoin [CVE-2017-15227] - Fix null pointer dereference when parsing certain malformed CTCP DCC messages. [CVE-2017-15721] - Fix crash due to null pointer dereference when failing to split messages due to overlong nick or target. [CVE-2017-15723] - Fix out of bounds read when trying to skip a safe channel ID without verifying that the ID is long enough. [CVE-2017-15722] - Fix return of random memory when inet_ntop failed. - Minor statusbar help update. * Remove deprecated --with autotools_dev call to dh. * Bump Standards-Version to 4.1.1. * Change priority of irssi-dev from deprecated extra to optional. * Use pkg-info.mk in debian/rules instead of calling dpkg-parsechangelog directly. -- Rhonda D'Vine Mon, 06 Nov 2017 16:24:38 +0100 irssi (1.0.4-1) unstable; urgency=high * New upstream bugfix release (closes: #867598): - Fix null pointer dereference when parsing invalid timestamp. Reported by Brian 'geeknik' Carpenter. [CVE-2017-10965] - Fix use-after-free condition when removing nicks from the internal nicklist. Reported by Brian 'geeknik' Carpenter. [CVE-2017-10966] - Fix incorrect string comparison in DCC file names. - Fix regression in Irssi 1.0.3 where it would claim "Invalid time '-1'". - Fix a bug when using \n to separate lines with expand_escapes. - Retain screen output on improper exit, to better see any error messages. - Minor help update. -- Rhonda D'Vine Tue, 11 Jul 2017 07:17:19 +0200 irssi (1.0.3-1) unstable; urgency=high * New upstream pure bugfix release. -- Rhonda D'Vine Thu, 08 Jun 2017 10:08:46 +0200 irssi (1.0.2-1) unstable; urgency=high * New upstream pure bugfix release: - Prevent some null-pointer crashes. - Fix compilation with OpenSSL 1.1.0. - Correct dereferencing of already freed server objects during output of netjoins. Found by APic. (closes: #857502) - Fix in command arg parser to detect missing arguments in tail place. - Fix regression that broke incoming DCC file transfers. - Fix issue with escaping \ in evaluated strings. -- Rhonda D'Vine Sat, 11 Mar 2017 10:52:54 +0100 irssi (1.0.1-1) unstable; urgency=high * New upstream pure bugfix release: - Fix Perl compilation in object dir. - Disable EC cryptography on Solaris to fix build. - Fix incorrect HELP SERVER example. - Correct memory leak in /OP and /VOICE. - Fix regression that broke second level completion. - Correct missing NULL termination in perl_parse. - Sync broken mail.pl script. -- Rhonda D'Vine Mon, 06 Feb 2017 08:07:55 +0100 irssi (1.0.0-1) unstable; urgency=medium * New upstream release. * Add patch 25tls-ssl-compat-defines provided by upstream's dx for backward compatibility to not require modules using these functions to change code. * Update patch 22fix-perl-hardening. -- Rhonda D'Vine Sun, 08 Jan 2017 01:08:23 +0100 irssi (0.8.21-1) unstable; urgency=medium * New upstream security release (Closes: #850403): - CVE-2017-5193: NULL pointer dereference in the nickcmp function - CVE-2017-5194: Use-after-freee when receiving invalid nick message - CVE-2017-5195: Out-of-bounds read in certain incomplete control codes - CVE-2017-5196: Out-of-bounds read in certain incomplete character sequences * Remove patch 23fix-buf.pl which is included in upstream release. * Set PACKAGE_VERSION for configure as suggested by upstream. -- Rhonda D'Vine Thu, 05 Jan 2017 10:26:08 +0100 irssi (0.8.20-2) unstable; urgency=high * New patch 23fix-buf.pl to fix an information exposure issue involved with using buf.pl and /upgrade. -- Rhonda D'Vine Sat, 24 Sep 2016 16:10:19 +0200 irssi (0.8.20-1) unstable; urgency=critical * New upstream security release. * Fix heap corruption and missing bounds checks (CVE-2016-7044 CVE-2016-7045) -- Rhonda D'Vine Wed, 21 Sep 2016 22:09:18 +0200 irssi (0.8.19-2) unstable; urgency=low * Bump Standards-Version to 3.9.8. * Drop DANE support, libval changed and doesn't offer that interface anymore. * Drop -dbg package in favor of the automatically created dbgsym one. -- Rhonda D'Vine Wed, 20 Apr 2016 10:32:45 +0200 irssi (0.8.19-1) unstable; urgency=medium * New upstream release. * Patch src/perl/Makefile.* for passing over *FLAGS to perl. * export DEB_BUILD_MAINT_OPTIONS=hardening=+all * Rewrite copyright file in DEP5 and add AUTHORS to docs. * Remove two dots from ... at the start of lines from botti.1 to fix manpage error. * Remove quilt from Build-Depends, not needed anymore. * Bump Standards-Version to 3.9.7. -- Rhonda D'Vine Thu, 24 Mar 2016 15:43:12 +0100 irssi (0.8.18-1) unstable; urgency=medium * New upstream release. * Updated debian/watch with patch submitted by Unit193, thanks! * Add lintian overrides file for the spelling "hilight" messages. -- Rhonda D'Vine Mon, 29 Feb 2016 22:40:36 +0100 irssi (0.8.18~beta1-1) experimental; urgency=medium [ Rhonda D'Vine ] * New upstream beta release, which contains fixes for: - line highlights on -mask don't work (closes: #696105) * Adjusted patches/12manpage-fix to manpage update. * Reworking debian/rules into dh style. This enables hardened build flags (closes: #761123) * Adding debian/source/format. * Bumping Standards-Version to 3.9.6. * Don't chmod +x the irssi.install file, ship it executable in the source package. [ Mattia Rizzolo ] * Install usr/lib directly, multiarch moved the files from usr/lib/irssi. * Get rid of the .la and .a file, they aren't wanted. -- Rhonda D'Vine Tue, 22 Dec 2015 16:36:10 +0100 irssi (0.8.17-1) unstable; urgency=medium * The AdaCamp Berlin upload, new upstream stable release. * Remove commit patches 41fab07 and 1cf7017 which are included in this release. -- Rhonda D'Vine Sun, 12 Oct 2014 07:38:57 +0200 irssi (0.8.17~rc1-1) experimental; urgency=medium * New upstream release which includes: - binding utf8 characters, removing the patch * Updated firstimer message patch. * README got renamed to README.md. * Compile with --enable-true-color. * Pull upstream commits 41fab07 and 1cf7017 to fix the colour black which got broken by extended colours. -- Rhonda D'Vine Mon, 28 Jul 2014 16:29:23 +0200 irssi (0.8.16-1) unstable; urgency=medium [ Rhonda D'Vine ] * New upstream release (closes: #751016), uploading to unstable. * Upstream release did obsolete cumode_space-fix patch so we're removing it. * Limit Build-Depends on libval-dev to linux-any until it is fixed on non-linux architectures. Check DEB_HOST_ARCH_OS for linux in debian/rules to enable dane. * Bump Standards-Version to 3.9.5. * Check upstream signature on the tarballs through debian/watch (closes: #749827) * Set Priority of irssi-dbg and irssi-dev to extra. * Build-Depend on dh-autoreconf and call it on building (closes: #727292) * Remove --without-servertest --enable-perl configure switches (closes: #631731) * Add support for parallel build (closes: #727832) * Remove dependency_libs from .la files. [ gregor herrmann ] * Fix "hardcodes /usr/lib/perl5": - Make debian/irssi.install executable, and use $Config{vendorarch} there. - Use debhelper 9 to get this feature. (Closes: #752478) -- Rhonda D'Vine Sat, 19 Jul 2014 08:31:54 +0200 irssi (0.8.16~rc1-1) experimental; urgency=low * New upstream release candidate, making the patch 19disable_sslv2 obsolete. * Build with --enable-dane. * Upload to experimental for now because of build issues of libval on kFreeBSD and HURD. * Update debian/copyright file. * Disable patch 20fix_ssl_proxy_hostname_check for the moment. * Bump Standards-Version to 3.9.4, no changes required. * Add an irssi-dbg package (closes: #706903) -- Gerfried Fuchs Wed, 18 Sep 2013 12:20:27 +0200 irssi (0.8.15-5) unstable; urgency=low * Updated bind_utf8-fix patch from upstream bug tracker again (closes: #637036) * Bump Standards-Version to 3.9.3. * Add recommended targets build-{arch,indep} to debian/rules. -- Gerfried Fuchs Tue, 24 Apr 2012 17:59:05 +0200 irssi (0.8.15-4) unstable; urgency=medium * Update bind_utf8-fix patch from upstream bug tracker to fix issue with now broken alt- keybindings (closes: #625690, #627248) -- Gerfried Fuchs Fri, 10 Jun 2011 20:13:15 +0200 irssi (0.8.15-3) unstable; urgency=low * Add patch bind_utf8-fix extracted from upstream bug #553 to enable binding utf8 characters. * Bump Standards-Version to 3.9.2. * Update to debhelper 7, use dh_prep instead of dh_clean -k. * Pull disable_sslv2 patch from Ubuntu. * Pull fix_ssl_proxy_hostname_check from Ubuntu (closes: #578304) -- Gerfried Fuchs Tue, 03 May 2011 11:47:58 +0200 irssi (0.8.15-2) unstable; urgency=low * Switch Vcs-* field values to git.deb.at. * Add patch by Pierre Habouzit for crash when $cumode_space is used. Thanks! (closes: #606319) -- Gerfried Fuchs Tue, 14 Dec 2010 21:57:29 +0100 irssi (0.8.15-1) unstable; urgency=low * New Upstream version, prepared with current autotools (closes: #575295) * Remove David also from Uploaders field on his own will, thanks for the work so far. -- Gerfried Fuchs Sat, 03 Apr 2010 21:37:36 +0200 irssi (0.8.15~rc1-1) unstable; urgency=low * New upstream release candidate, containing fixes for: - Make meta-a behavior configurable (closes: #525970) - some signals are no longer available in perl environment (closes: #534649) * Patch theme-white-background-fix applied upstream, dropping. * Bumped Standards-Version to 3.8.4. * Switched Maintainer and Uploaders field to better match reality. * Add ${misc:Depends} to irssi-dev, too. -- Gerfried Fuchs Tue, 23 Mar 2010 21:33:44 +0100 irssi (0.8.14-1) unstable; urgency=low * New upstream release, dropping wallops-fix patch. * Refreshed quilt patches. * Bumped Standards-Version to 3.8.2. -- Gerfried Fuchs Wed, 29 Jul 2009 12:55:04 +0200 irssi (0.8.13-2) unstable; urgency=medium * New patch: - wallops-fix: Fix CVE-2009-1959 off-by-one in event_wallops (closes: #531357) -- Gerfried Fuchs Tue, 16 Jun 2009 11:03:06 +0200 irssi (0.8.13-1) unstable; urgency=low * New upstream release. * Refreshed quilt patches. -- Gerfried Fuchs Tue, 14 Apr 2009 16:59:19 +0200 irssi (0.8.13~rc1-1) unstable; urgency=low * New upstream release candidate. * Incorporated patches (removed from packaging): help-URL-fix, nickmask-mask, fullword-full, ctcp-channel, server==NULL-handling, typo-authentification, leave-help, perlembed-fix, perlembed-fix, proxy-join-fix, mode-display-fix * All other patches refreshed. * New patch manpage-fix to fix hyphens in the synopsis of the manpage. * Bump to Standards-Version 3.8.1. * Aligned irssi-dev short description with main package description. * Adopt debian/watch to match release candidates. -- Gerfried Fuchs Thu, 19 Mar 2009 11:12:17 +0100 irssi (0.8.12-6) unstable; urgency=low * New patch: - mode-display-fix: Fix mode display in whois with unreal (379 numeric). (upstream svn r4637, bug #479) * Updated patch: - perlembed-fix: The initial approach wasn't completely clean, it got revised by upstream. -- Gerfried Fuchs Thu, 29 Jan 2009 13:29:51 +0100 irssi (0.8.12-5) unstable; urgency=low * New patches: - perlembed-fix to fix adjust to perembed documentation, fixing a possible breakage on at least hppa (closes: #495059) - proxy-join-fix to fix a buffer problem which made joining lots of channels through proxy not get all through, pulled from upstream revision 4840 (closes: #308673) -- Gerfried Fuchs Tue, 02 Sep 2008 13:57:52 +0200 irssi (0.8.12-4) unstable; urgency=low * Remove alternative handling cleanup from before etch release. * Fixed a typo noticed by John Dong, patch typo-authentification (closes: #465570) * Pull upstream revision r4612 as patch help-URL-fix to fix help URL (closes: #485140) * Remove reference to LEAVE in help files, patch leave-help (closes: #255535) * Apply patch from Tim Retout to use default colour for ownnick and actions instead of white (closes: #479171) * Remove autogenerated files, both from patch series and also in clean target. Thanks to Felix Palmen for mentioning it (closes: #476473) * Add doc-base files for the FAQ, manual and startup-HOWTO (closes: #451690, #480098) * Update to Standards-Version 3.8.0: - Add debian/README.source referencing the quilt documentation. * Actually also _use_ the menu file for irssi... And removed some of the other commented dh_* entries in debian/rules. * Updated debian/copyright to contain more current informations, added the keyword exception to the openssl linking GPL addition. * Removed empty debian/irssi.postinst file. -- Gerfried Fuchs Mon, 09 Jun 2008 12:11:19 +0200 irssi (0.8.12-3) unstable; urgency=low [ Gerfried Fuchs ] * Switch to quilt to make it possible to produce the following patch without any headaches. * patch fullword-full added about printing -full instead of -fullword which is the wrong option to /hilight * Put the four created files into patches too so that everything changed is below /debian/ only. * Imported all into git for being able to team maintain (Closes: #445840) * Add Vcs-* fields to control file. * Patches pulled from upstream svn: - 07ctcp-channel: Do not allow /ping by itself to ctcp ping a channel. - 08server==NULL-handling: Handle server == NULL case in skip_target. Thanks to Pedro Fragoso from ubuntu for notifying me about them. * Bumped Standards-Version to 3.7.3, no further required changes. * Bump debhelper compat level to 5. -- Gerfried Fuchs Thu, 17 Jan 2008 09:55:41 +0100 irssi (0.8.12-2) unstable; urgency=low [ Gerfried Fuchs ] * Added Homepage: to control file. * Added watchfile. * patch chanmode_expando_strip added for changing default to not expose channel key by default (Closes: #347944) * patch ctcp_version_reply added for not exposing $sysname $sysarch in ctcp version replies by default (Closes: #373094) * patch firsttimer_text added which extends the text displayed to firsttime users about irc.debian.org and #debian (Closes: #393707) * Remove irssi-text dummy package from control and all the old package relation stats to it and irssi-snapshot, and irssi-scripts versioning. * patch nickmask-mask added about printing -mask instead of -nickmask which is a wrong option to /hilight (Closes: #417397) * Don't ignore make distclean errors anymore. * Removed automatic config.{guess,sub} update from debian/rules. -- Gerfried Fuchs Thu, 18 Oct 2007 08:29:50 +0200 irssi (0.8.12-1) unstable; urgency=low [ David Pashley ] * Gerfried Fuchs added to Uploaders (Closes: #445840) * Removed old not used patches from the package. [ Gerfried Fuchs ] * New upstream release (Closes: #421053) - patch 05upgrade-check-binary.dpatch applied upstream. - patch 08doublefree applied upstream. - C1 control characters aren't passed through anymore (Closes: #435315) - return random host on DNS round robin (Closes: #374715) * Updated menu file to new menu policy section, added longtitle. * Bumped Standards-Version to 3.7.2, no changes needed. -- Gerfried Fuchs Wed, 17 Oct 2007 07:54:49 +0200 irssi (0.8.10-2) unstable; urgency=low * Fix Conflicts and Replaces lines to make backporting to sarge easier * Fix the menu entry (Closes: #274201) * Added a Provides for irc (Closes: #267411) * Removed calls to ldconfig in postinst and postrm by calling dh_makeshlibs with the -n flag * Remove alteratives for irc and irssi (Closes: #348149) * Fix a glib memory bug. patch by Chris Moore (Closes: #358172, #358499) * Include changelog from irssi-text (Closes: #344292) -- David Pashley Fri, 30 Dec 2005 15:12:29 +0000 irssi (0.8.10-1) unstable; urgency=low * new upstream release -- David Pashley Sat, 10 Dec 2005 21:25:51 +0000 irssi (0.8.10~rc8-1) unstable; urgency=low * New upstream (Closes: #340287) * Add dpatch to the build-depends -- David Pashley Wed, 30 Nov 2005 23:10:27 +0000 irssi (0.8.10~rc6-1) unstable; urgency=low * New upstream version * Disable the GnuTLS patch for now. * Added Provides, Replaces and Conflicts for irssi-text and irssi-snapshot -- David Pashley Fri, 14 Oct 2005 00:39:15 +0100 irssi (0.8.10~rc5-1) unstable; urgency=low * Initial packaging to unify irssi-text and irssi-snapshot * Provide a -dev package for building modules (Closes: #184771) * Check for an executable file before we try to execute it with /upgrade (Closes: #242026) * Only allow /exec to recurse 100 times (Closes: #186416) * Call SIGTSTP rather than SIGSTOP on ^Z (With thanks to Mark Hymers ) (Closes: #177108) * Redirect Glib critical errors to the status window rather than to stderr (Closes: #270596) * Correctly lower case chat protocols using g_ascii_strdown() rather than using the deprecated g_strdown() (pushed upstream) (Closes: #232628) -- David Pashley Sun, 10 Jul 2005 15:11:38 +0300