irssi (1.2.0-2+deb10u1) buster; urgency=medium
* Import upstream security fix for CVE-2019-13045 (closes: #931264)
-- Rhonda D'Vine <rhonda@debian.org> Thu, 29 Jul 2021 14:11:39 +0200
irssi (1.2.0-2) unstable; urgency=medium
[ Rhonda D'Vine ]
* Install otr help file also in irssi-plugin-otr package (closes: #922145)
* Add NEWS.Debian entry about the upgrade path for the stored OTR data.
* New patch 99fix-big-endian-64bit-test pulled from upstream.
[ Unit 193 ]
* Remove the now-empty dh_strip override.
-- Rhonda D'Vine <rhonda@debian.org> Tue, 12 Feb 2019 21:59:00 +0100
irssi (1.2.0-1) unstable; urgency=medium
* New upstream release.
* Build-Depends on debhelper-compat (= 12), remove debian/compat.
* Bump Standards-Version to 4.3.0.
* Refresh patches.
* Create a HOME for dh_auto_test.
* Remove dh_strip --dbgsym-migration option.
* Reduce debian/upstream/signing-key.asc to minimal export.
* Build irssi-plugin-otr package out of this source.
-- Rhonda D'Vine <rhonda@debian.org> Tue, 12 Feb 2019 09:33:05 +0100
irssi (1.1.2-1) unstable; urgency=high
[ Daniel Kahn Gillmor ]
* irssi Provides: irssi-abi-XXX for safer plugin packaging (Closes: #811445)
[ Rhonda D'Vine ]
* Bump Standards-Version to 4.2.1.
* New upstream bugfix release, fixing CVE-2019-5882 (closes: #918865)
-- Rhonda D'Vine <rhonda@debian.org> Fri, 21 Sep 2018 16:57:51 +0200
irssi (1.1.1-1) unstable; urgency=medium
[ Rhonda D'Vine ]
* New upstream release.
* Uploaded from mIRC.
* Adjust 03firsttimer_text patch for new location of the text.
* Update copyright format URL to use https.
* Install example scripts.
* Bump Standards-Version to 4.1.4.
* Move repository to salsa, update Vcs-* URLs.
[ Unit 193 ]
* Use https for upstream homepage.
* /connect OFTC instead of irc.debian.org to get an ssl connection.
-- Rhonda D'Vine <rhonda@debian.org> Wed, 25 Jul 2018 10:09:40 +0800
irssi (1.0.7-1) unstable; urgency=high
* New upstream bugfix release (closes: #886475):
From 1.0.6:
- Fix invalid memory access when reading hilight configuration
(#787, #788).
- Fix null pointer dereference when the channel topic is set
without specifying a sender [CVE-2018-5206]
- Fix return of random memory when using incomplete escape
codes [CVE-2018-5205]
- Fix heap buffer overflow when completing certain strings
[CVE-2018-5208]
- Fix return of random memory when using an incomplete
variable argument [CVE-2018-5207]
From 1.0.7:
- Prevent use after free error during the execution of some
commands. Found by Joseph Bisch [CVE-2018-7054] (closes: #890674)
- Revert netsplit print optimisation due to crashes
- Fix use after free when SASL messages are received in
unexpected order [CVE-2018-7053] (closes: #890675)
- Fix null pointer dereference in the tab completion when an
empty nick is joined [CVE-2018-7050] (closes: #890678)
- Fix use after free when entering oper password
- Fix null pointer dereference when too many windows are
opened [CVE-2018-7052] (closes: #890676)
- Fix out of bounds access in theme strings when the last
escape is incomplete. Credit to Oss-Fuzz [CVE-2018-7051]
(closes: #890677)
- Fix out of bounds write when using negative counts on window
resize
- Minor help correction. By William Jackson
* Fix watch URL.
* Bump to debhelper compat 11, remove autotools-dev Build-Depends.
* Bump Standards-Version to 4.1.3.
* Add lintian overrides for the spelling of "hilight" in the changelog
mentioning the lintian overrides for the spelling of "hilight" in irssi
itself.
-- Rhonda D'Vine <rhonda@debian.org> Tue, 06 Mar 2018 14:42:44 +0100
irssi (1.0.5-1) unstable; urgency=high
* New upstream bugfix release (closes: #879521):
- Fix missing -sasl_method '' in /NETWORK.
- Fix incorrect restoration of term state when hitting SUSP
inside screen.
- Fix out of bounds read when compressing colour
sequences. Found by Hanno Böck. [CVE-2017-15228]
- Fix use after free condition during a race condition when
waiting on channel sync during a rejoin [CVE-2017-15227]
- Fix null pointer dereference when parsing certain malformed
CTCP DCC messages. [CVE-2017-15721]
- Fix crash due to null pointer dereference when failing to
split messages due to overlong nick or target. [CVE-2017-15723]
- Fix out of bounds read when trying to skip a safe channel ID
without verifying that the ID is long enough. [CVE-2017-15722]
- Fix return of random memory when inet_ntop failed.
- Minor statusbar help update.
* Remove deprecated --with autotools_dev call to dh.
* Bump Standards-Version to 4.1.1.
* Change priority of irssi-dev from deprecated extra to optional.
* Use pkg-info.mk in debian/rules instead of calling dpkg-parsechangelog
directly.
-- Rhonda D'Vine <rhonda@debian.org> Mon, 06 Nov 2017 16:24:38 +0100
irssi (1.0.4-1) unstable; urgency=high
* New upstream bugfix release (closes: #867598):
- Fix null pointer dereference when parsing invalid timestamp.
Reported by Brian 'geeknik' Carpenter. [CVE-2017-10965]
- Fix use-after-free condition when removing nicks from the internal
nicklist. Reported by Brian 'geeknik' Carpenter. [CVE-2017-10966]
- Fix incorrect string comparison in DCC file names.
- Fix regression in Irssi 1.0.3 where it would claim "Invalid time '-1'".
- Fix a bug when using \n to separate lines with expand_escapes.
- Retain screen output on improper exit, to better see any error
messages.
- Minor help update.
-- Rhonda D'Vine <rhonda@debian.org> Tue, 11 Jul 2017 07:17:19 +0200
irssi (1.0.3-1) unstable; urgency=high
* New upstream pure bugfix release.
-- Rhonda D'Vine <rhonda@debian.org> Thu, 08 Jun 2017 10:08:46 +0200
irssi (1.0.2-1) unstable; urgency=high
* New upstream pure bugfix release:
- Prevent some null-pointer crashes.
- Fix compilation with OpenSSL 1.1.0.
- Correct dereferencing of already freed server objects during
output of netjoins. Found by APic. (closes: #857502)
- Fix in command arg parser to detect missing arguments in tail place.
- Fix regression that broke incoming DCC file transfers.
- Fix issue with escaping \ in evaluated strings.
-- Rhonda D'Vine <rhonda@debian.org> Sat, 11 Mar 2017 10:52:54 +0100
irssi (1.0.1-1) unstable; urgency=high
* New upstream pure bugfix release:
- Fix Perl compilation in object dir.
- Disable EC cryptography on Solaris to fix build.
- Fix incorrect HELP SERVER example.
- Correct memory leak in /OP and /VOICE.
- Fix regression that broke second level completion.
- Correct missing NULL termination in perl_parse.
- Sync broken mail.pl script.
-- Rhonda D'Vine <rhonda@debian.org> Mon, 06 Feb 2017 08:07:55 +0100
irssi (1.0.0-1) unstable; urgency=medium
* New upstream release.
* Add patch 25tls-ssl-compat-defines provided by upstream's dx for backward
compatibility to not require modules using these functions to change code.
* Update patch 22fix-perl-hardening.
-- Rhonda D'Vine <rhonda@debian.org> Sun, 08 Jan 2017 01:08:23 +0100
irssi (0.8.21-1) unstable; urgency=medium
* New upstream security release (Closes: #850403):
- CVE-2017-5193: NULL pointer dereference in the nickcmp function
- CVE-2017-5194: Use-after-freee when receiving invalid nick message
- CVE-2017-5195: Out-of-bounds read in certain incomplete control codes
- CVE-2017-5196: Out-of-bounds read in certain incomplete character
sequences
* Remove patch 23fix-buf.pl which is included in upstream release.
* Set PACKAGE_VERSION for configure as suggested by upstream.
-- Rhonda D'Vine <rhonda@debian.org> Thu, 05 Jan 2017 10:26:08 +0100
irssi (0.8.20-2) unstable; urgency=high
* New patch 23fix-buf.pl to fix an information exposure issue involved with
using buf.pl and /upgrade.
-- Rhonda D'Vine <rhonda@debian.org> Sat, 24 Sep 2016 16:10:19 +0200
irssi (0.8.20-1) unstable; urgency=critical
* New upstream security release.
* Fix heap corruption and missing bounds checks (CVE-2016-7044
CVE-2016-7045)
-- Rhonda D'Vine <rhonda@debian.org> Wed, 21 Sep 2016 22:09:18 +0200
irssi (0.8.19-2) unstable; urgency=low
* Bump Standards-Version to 3.9.8.
* Drop DANE support, libval changed and doesn't offer that interface
anymore.
* Drop -dbg package in favor of the automatically created dbgsym one.
-- Rhonda D'Vine <rhonda@debian.org> Wed, 20 Apr 2016 10:32:45 +0200
irssi (0.8.19-1) unstable; urgency=medium
* New upstream release.
* Patch src/perl/Makefile.* for passing over *FLAGS to perl.
* export DEB_BUILD_MAINT_OPTIONS=hardening=+all
* Rewrite copyright file in DEP5 and add AUTHORS to docs.
* Remove two dots from ... at the start of lines from botti.1 to fix manpage
error.
* Remove quilt from Build-Depends, not needed anymore.
* Bump Standards-Version to 3.9.7.
-- Rhonda D'Vine <rhonda@debian.org> Thu, 24 Mar 2016 15:43:12 +0100
irssi (0.8.18-1) unstable; urgency=medium
* New upstream release.
* Updated debian/watch with patch submitted by Unit193, thanks!
* Add lintian overrides file for the spelling "hilight" messages.
-- Rhonda D'Vine <rhonda@debian.org> Mon, 29 Feb 2016 22:40:36 +0100
irssi (0.8.18~beta1-1) experimental; urgency=medium
[ Rhonda D'Vine ]
* New upstream beta release, which contains fixes for:
- line highlights on -mask don't work (closes: #696105)
* Adjusted patches/12manpage-fix to manpage update.
* Reworking debian/rules into dh style. This enables hardened build flags
(closes: #761123)
* Adding debian/source/format.
* Bumping Standards-Version to 3.9.6.
* Don't chmod +x the irssi.install file, ship it executable in the source
package.
[ Mattia Rizzolo ]
* Install usr/lib directly, multiarch moved the files from usr/lib/irssi.
* Get rid of the .la and .a file, they aren't wanted.
-- Rhonda D'Vine <rhonda@debian.org> Tue, 22 Dec 2015 16:36:10 +0100
irssi (0.8.17-1) unstable; urgency=medium
* The AdaCamp Berlin upload, new upstream stable release.
* Remove commit patches 41fab07 and 1cf7017 which are included in this
release.
-- Rhonda D'Vine <rhonda@debian.org> Sun, 12 Oct 2014 07:38:57 +0200
irssi (0.8.17~rc1-1) experimental; urgency=medium
* New upstream release which includes:
- binding utf8 characters, removing the patch
* Updated firstimer message patch.
* README got renamed to README.md.
* Compile with --enable-true-color.
* Pull upstream commits 41fab07 and 1cf7017 to fix the colour black which
got broken by extended colours.
-- Rhonda D'Vine <rhonda@debian.org> Mon, 28 Jul 2014 16:29:23 +0200
irssi (0.8.16-1) unstable; urgency=medium
[ Rhonda D'Vine ]
* New upstream release (closes: #751016), uploading to unstable.
* Upstream release did obsolete cumode_space-fix patch so we're removing it.
* Limit Build-Depends on libval-dev to linux-any until it is fixed on
non-linux architectures. Check DEB_HOST_ARCH_OS for linux in debian/rules
to enable dane.
* Bump Standards-Version to 3.9.5.
* Check upstream signature on the tarballs through debian/watch
(closes: #749827)
* Set Priority of irssi-dbg and irssi-dev to extra.
* Build-Depend on dh-autoreconf and call it on building (closes: #727292)
* Remove --without-servertest --enable-perl configure switches
(closes: #631731)
* Add support for parallel build (closes: #727832)
* Remove dependency_libs from .la files.
[ gregor herrmann ]
* Fix "hardcodes /usr/lib/perl5":
- Make debian/irssi.install executable, and use $Config{vendorarch} there.
- Use debhelper 9 to get this feature.
(Closes: #752478)
-- Rhonda D'Vine <rhonda@debian.org> Sat, 19 Jul 2014 08:31:54 +0200
irssi (0.8.16~rc1-1) experimental; urgency=low
* New upstream release candidate, making the patch 19disable_sslv2 obsolete.
* Build with --enable-dane.
* Upload to experimental for now because of build issues of libval on
kFreeBSD and HURD.
* Update debian/copyright file.
* Disable patch 20fix_ssl_proxy_hostname_check for the moment.
* Bump Standards-Version to 3.9.4, no changes required.
* Add an irssi-dbg package (closes: #706903)
-- Gerfried Fuchs <rhonda@debian.org> Wed, 18 Sep 2013 12:20:27 +0200
irssi (0.8.15-5) unstable; urgency=low
* Updated bind_utf8-fix patch from upstream bug tracker again
(closes: #637036)
* Bump Standards-Version to 3.9.3.
* Add recommended targets build-{arch,indep} to debian/rules.
-- Gerfried Fuchs <rhonda@debian.org> Tue, 24 Apr 2012 17:59:05 +0200
irssi (0.8.15-4) unstable; urgency=medium
* Update bind_utf8-fix patch from upstream bug tracker to fix issue with now
broken alt-<cursor> keybindings (closes: #625690, #627248)
-- Gerfried Fuchs <rhonda@debian.org> Fri, 10 Jun 2011 20:13:15 +0200
irssi (0.8.15-3) unstable; urgency=low
* Add patch bind_utf8-fix extracted from upstream bug #553 to enable binding
utf8 characters.
* Bump Standards-Version to 3.9.2.
* Update to debhelper 7, use dh_prep instead of dh_clean -k.
* Pull disable_sslv2 patch from Ubuntu.
* Pull fix_ssl_proxy_hostname_check from Ubuntu (closes: #578304)
-- Gerfried Fuchs <rhonda@debian.org> Tue, 03 May 2011 11:47:58 +0200
irssi (0.8.15-2) unstable; urgency=low
* Switch Vcs-* field values to git.deb.at.
* Add patch by Pierre Habouzit for crash when $cumode_space is used. Thanks!
(closes: #606319)
-- Gerfried Fuchs <rhonda@debian.at> Tue, 14 Dec 2010 21:57:29 +0100
irssi (0.8.15-1) unstable; urgency=low
* New Upstream version, prepared with current autotools (closes: #575295)
* Remove David also from Uploaders field on his own will, thanks for the
work so far.
-- Gerfried Fuchs <rhonda@debian.at> Sat, 03 Apr 2010 21:37:36 +0200
irssi (0.8.15~rc1-1) unstable; urgency=low
* New upstream release candidate, containing fixes for:
- Make meta-a behavior configurable (closes: #525970)
- some signals are no longer available in perl environment
(closes: #534649)
* Patch theme-white-background-fix applied upstream, dropping.
* Bumped Standards-Version to 3.8.4.
* Switched Maintainer and Uploaders field to better match reality.
* Add ${misc:Depends} to irssi-dev, too.
-- Gerfried Fuchs <rhonda@debian.at> Tue, 23 Mar 2010 21:33:44 +0100
irssi (0.8.14-1) unstable; urgency=low
* New upstream release, dropping wallops-fix patch.
* Refreshed quilt patches.
* Bumped Standards-Version to 3.8.2.
-- Gerfried Fuchs <rhonda@debian.at> Wed, 29 Jul 2009 12:55:04 +0200
irssi (0.8.13-2) unstable; urgency=medium
* New patch:
- wallops-fix: Fix CVE-2009-1959 off-by-one in event_wallops
(closes: #531357)
-- Gerfried Fuchs <rhonda@debian.at> Tue, 16 Jun 2009 11:03:06 +0200
irssi (0.8.13-1) unstable; urgency=low
* New upstream release.
* Refreshed quilt patches.
-- Gerfried Fuchs <rhonda@debian.at> Tue, 14 Apr 2009 16:59:19 +0200
irssi (0.8.13~rc1-1) unstable; urgency=low
* New upstream release candidate.
* Incorporated patches (removed from packaging): help-URL-fix,
nickmask-mask, fullword-full, ctcp-channel, server==NULL-handling,
typo-authentification, leave-help, perlembed-fix, perlembed-fix,
proxy-join-fix, mode-display-fix
* All other patches refreshed.
* New patch manpage-fix to fix hyphens in the synopsis of the manpage.
* Bump to Standards-Version 3.8.1.
* Aligned irssi-dev short description with main package description.
* Adopt debian/watch to match release candidates.
-- Gerfried Fuchs <rhonda@debian.at> Thu, 19 Mar 2009 11:12:17 +0100
irssi (0.8.12-6) unstable; urgency=low
* New patch:
- mode-display-fix: Fix mode display in whois with unreal (379 numeric).
(upstream svn r4637, bug #479)
* Updated patch:
- perlembed-fix: The initial approach wasn't completely clean, it got
revised by upstream.
-- Gerfried Fuchs <rhonda@debian.at> Thu, 29 Jan 2009 13:29:51 +0100
irssi (0.8.12-5) unstable; urgency=low
* New patches:
- perlembed-fix to fix adjust to perembed documentation, fixing a
possible breakage on at least hppa (closes: #495059)
- proxy-join-fix to fix a buffer problem which made joining lots of
channels through proxy not get all through, pulled from upstream
revision 4840 (closes: #308673)
-- Gerfried Fuchs <rhonda@debian.at> Tue, 02 Sep 2008 13:57:52 +0200
irssi (0.8.12-4) unstable; urgency=low
* Remove alternative handling cleanup from before etch release.
* Fixed a typo noticed by John Dong, patch typo-authentification
(closes: #465570)
* Pull upstream revision r4612 as patch help-URL-fix to fix help URL
(closes: #485140)
* Remove reference to LEAVE in help files, patch leave-help
(closes: #255535)
* Apply patch from Tim Retout to use default colour for ownnick and actions
instead of white (closes: #479171)
* Remove autogenerated files, both from patch series and also in clean
target. Thanks to Felix Palmen for mentioning it (closes: #476473)
* Add doc-base files for the FAQ, manual and startup-HOWTO
(closes: #451690, #480098)
* Update to Standards-Version 3.8.0:
- Add debian/README.source referencing the quilt documentation.
* Actually also _use_ the menu file for irssi... And removed some of the
other commented dh_* entries in debian/rules.
* Updated debian/copyright to contain more current informations, added the
keyword exception to the openssl linking GPL addition.
* Removed empty debian/irssi.postinst file.
-- Gerfried Fuchs <rhonda@debian.at> Mon, 09 Jun 2008 12:11:19 +0200
irssi (0.8.12-3) unstable; urgency=low
[ Gerfried Fuchs ]
* Switch to quilt to make it possible to produce the following patch without
any headaches.
* patch fullword-full added about printing -full instead of -fullword which
is the wrong option to /hilight
* Put the four created files into patches too so that everything changed is
below /debian/ only.
* Imported all into git for being able to team maintain (Closes: #445840)
* Add Vcs-* fields to control file.
* Patches pulled from upstream svn:
- 07ctcp-channel: Do not allow /ping by itself to ctcp ping a channel.
- 08server==NULL-handling: Handle server == NULL case in skip_target.
Thanks to Pedro Fragoso from ubuntu for notifying me about them.
* Bumped Standards-Version to 3.7.3, no further required changes.
* Bump debhelper compat level to 5.
-- Gerfried Fuchs <rhonda@debian.at> Thu, 17 Jan 2008 09:55:41 +0100
irssi (0.8.12-2) unstable; urgency=low
[ Gerfried Fuchs ]
* Added Homepage: to control file.
* Added watchfile.
* patch chanmode_expando_strip added for changing default to not expose
channel key by default (Closes: #347944)
* patch ctcp_version_reply added for not exposing $sysname $sysarch in ctcp
version replies by default (Closes: #373094)
* patch firsttimer_text added which extends the text displayed to firsttime
users about irc.debian.org and #debian (Closes: #393707)
* Remove irssi-text dummy package from control and all the old package
relation stats to it and irssi-snapshot, and irssi-scripts versioning.
* patch nickmask-mask added about printing -mask instead of -nickmask which
is a wrong option to /hilight (Closes: #417397)
* Don't ignore make distclean errors anymore.
* Removed automatic config.{guess,sub} update from debian/rules.
-- Gerfried Fuchs <rhonda@debian.at> Thu, 18 Oct 2007 08:29:50 +0200
irssi (0.8.12-1) unstable; urgency=low
[ David Pashley ]
* Gerfried Fuchs <rhonda@debian.at> added to Uploaders (Closes: #445840)
* Removed old not used patches from the package.
[ Gerfried Fuchs ]
* New upstream release (Closes: #421053)
- patch 05upgrade-check-binary.dpatch applied upstream.
- patch 08doublefree applied upstream.
- C1 control characters aren't passed through anymore (Closes: #435315)
- return random host on DNS round robin (Closes: #374715)
* Updated menu file to new menu policy section, added longtitle.
* Bumped Standards-Version to 3.7.2, no changes needed.
-- Gerfried Fuchs <rhonda@debian.at> Wed, 17 Oct 2007 07:54:49 +0200
irssi (0.8.10-2) unstable; urgency=low
* Fix Conflicts and Replaces lines to make backporting to sarge easier
* Fix the menu entry (Closes: #274201)
* Added a Provides for irc (Closes: #267411)
* Removed calls to ldconfig in postinst and postrm by calling dh_makeshlibs
with the -n flag
* Remove alteratives for irc and irssi (Closes: #348149)
* Fix a glib memory bug. patch by Chris Moore <dooglus@gmail.com>
(Closes: #358172, #358499)
* Include changelog from irssi-text (Closes: #344292)
-- David Pashley <david@davidpashley.com> Fri, 30 Dec 2005 15:12:29 +0000
irssi (0.8.10-1) unstable; urgency=low
* new upstream release
-- David Pashley <david@davidpashley.com> Sat, 10 Dec 2005 21:25:51 +0000
irssi (0.8.10~rc8-1) unstable; urgency=low
* New upstream (Closes: #340287)
* Add dpatch to the build-depends
-- David Pashley <david@davidpashley.com> Wed, 30 Nov 2005 23:10:27 +0000
irssi (0.8.10~rc6-1) unstable; urgency=low
* New upstream version
* Disable the GnuTLS patch for now.
* Added Provides, Replaces and Conflicts for irssi-text and irssi-snapshot
-- David Pashley <david@davidpashley.com> Fri, 14 Oct 2005 00:39:15 +0100
irssi (0.8.10~rc5-1) unstable; urgency=low
* Initial packaging to unify irssi-text and irssi-snapshot
* Provide a -dev package for building modules (Closes: #184771)
* Check for an executable file before we try to execute it with /upgrade
(Closes: #242026)
* Only allow /exec to recurse 100 times (Closes: #186416)
* Call SIGTSTP rather than SIGSTOP on ^Z (With thanks to Mark Hymers
<mark.hymers@ncl.ac.uk>) (Closes: #177108)
* Redirect Glib critical errors to the status window rather than to stderr
(Closes: #270596)
* Correctly lower case chat protocols using g_ascii_strdown() rather than
using the deprecated g_strdown() (pushed upstream) (Closes: #232628)
-- David Pashley <david@davidpashley.com> Sun, 10 Jul 2005 15:11:38 +0300