security-related fixes:
- Fix out of bounds read when compressing colour sequences. Found by Hanno Böck (GL#12, GL!18).
- Fix use after free condition during a race condition when waiting on channel sync during a rejoin (GL#13, GL!19).
- Fix null pointer dereference when parsing certain malformed CTCP DCC messages (GL#14, GL!20).
- Fix crash due to null pointer dereference when failing to split messages due to overlong nick or target (GL#15, GL!21).
- Fix out of bounds read when trying to skip a safe channel ID without verifying that the ID is long enough (GL#16, GL!22).
- Fix return of random memory when inet_ntop failed (#769).
fixes include
v1.0.3 2017-06-06 The Irssi team <staff@irssi.org>
- Fix out of bounds read when scanning expandos (GL!11).
- Fix invalid memory access with quoted filenames in DCC
(GL#8, GL!12).
- Fix null-pointer dereference on DCC without address (GL#9, GL!13).
- Improve integer overflow handling. Originally reported by
oss-fuzz#525 (#706).
v1.0.2 2017-03-10 The Irssi team <staff@irssi.org>
- Prevent some null-pointer crashes (GL!9).
- Correct dereferencing of already freed server objects during
output of netjoins. Found by APic (GL!10, GL#7).
only) - ok jca@ krw@
(a) A NULL pointer dereference in the nickcmp function found by Joseph
Bisch. (CWE-690)
(b) Use after free when receiving invalid nick message (Issue #466, CWE-146)
(c) Out of bounds read in certain incomplete control codes found by
Joseph Bisch. (CWE-126)
(d) Out of bounds read in certain incomplete character sequences found
by Hanno Böck and independently by J. Bisch. (CWE-126)
were problems with irssi-icb (will be fixed in following commit). I made some
small changes from the earlier diff: add PKGSPEC so that plugins pick up the
correct version of irssi, use a better license marker, and install the
irssi-config script that irssi-icb looks for.
- Set window binds for channel items as sticky when re-creating window
binds as part of /layout save. This addresses the problem of previously
saved channel window items forgetting their windows upon reconnection,
which resulted in them being opened in new windows.
- Ensure that expando_cumode_space() doesn't free unallocated memory when no
prefix exists by conditionally allocating and marking to-be-freed the cumode
string inside of expando_cumode().
viq (maintainer) doesn't have time to look at it properly but is
generally ok with this.
- Remove USE_GROFF
- Remove --enable-ipv6 from CONFIGURE_ARGS since its enabled by default
- Backport fixes from SVN repo..
- Replace deprecated glib functions
- Do not go beyond the end of the string when processing an octal escape
- glib iochannel fixes
- Fix segfault generated by SSL disconnections
- Do not use SSLv2 protocol
- When sending a signal to an /exec'd command, send it to the process
group id instead of the process id.
Changes to the port:
- normalize paths;
- make term_charset work;
- note the net/irssi-silc in DESCR;
- cleanup;
very initial diff, testing and ok maintainer Wiktor Izdebski
ok jasper@
