Ibid

Ibid 0.1.1 "Pimpernel"

Series 0.1
0.1.1 "Pimpernel"

Bug fixes for 0.1.0. No massive new features.

Milestone information

Project:: Ibid

Series:: 0.1

Version:: 0.1.1

Code name:: Pimpernel

Released:: 2011-02-23

Registrant:: Stefano Rivera

Release registered:: 2011-02-23

Active:: No. Drivers cannot target bugs and blueprints to this milestone.

Download RDF metadata

Activities

Assigned to you:: No blueprints or bugs assigned to you.

Assignees:: 1 Keegan Carruthers-Smith, 9 Max Rabkin, 1 Michael Gorven, 37 Stefano Rivera, 5 marcog

Blueprints:: No blueprints are targeted to this milestone.

Bugs:: 53 Fix Released

Download files for this release

After you've downloaded a file, you can verify its authenticity using its MD5 sum or signature. (How do I verify a download?)

File	Description	Downloads
Ibid-0.1.1.tar.gz (md5, sig)	release tarball	1,945 last downloaded 3 weeks ago
Total downloads:		1,945

Release notes

Bug fix release, including a couple of security issues.

Several plugins that consume Web services or scrape Web sites have been
updated to cope with changes since the last release.

There were no DB schema changes between 0.1.0 and 0.1.1.

Resolved Security Issues
------------------------

Remote Execution
^^^^^^^^^^^^^^^^

:bug:`705860`:
   Permissions were ignored for handlers not using :func:`@match
   <ibid.plugins.match>`.
   This allowed users to perform actions they were not authorised to.

However, no included plugins were exposed by this, all
access-restricted handlers had match patterns.

Information Disclosure
^^^^^^^^^^^^^^^^^^^^^^

:bug:`567576`:
   Occasionally insecure permissions on log files.
   When the bot spoke first (creating a new log file), the log file
   would be publicly readable, even if the message was sent in private.

   Example:
   If the bot delivered a *privmsg* memo to a user at the beginning of
   the month, it would create the logfile with public readable
   permissions.
   If the logfile directory was published by a web server, this would
   make this private conversation log accessible to the public.

Resolution: Now channels must be explicitly configured to have
publicly readable logs.

:bug:`649383`:
   If someone received a private message from the bot
   during a public meeting, the message could appear in the meeting
   minutes.

Example: a *privmsg* memo received during a meeting would appear in
the minutes.

Major User Visible Changes
--------------------------

* New configuration option ``plugins.log.public_logs``, a list of
``source:channel`` globs of channels to log in files with publically
readable permissions.

* New configuration option ``plugins.ascii.preferred_fonts``, a list of
figlet fonts, the first one found is the default.

* Currency exchange now uses Yahoo instead of XE.com.

API Changes
-----------

* New Function: :func:`ibid.utils.parse_timestamp` for parsing
well-formatted timestamps.

* New Function: :func:`ibid.utils.generic_webservice` for retrieving
arbitrary data from a web-service.

* New Function: :func:`ibid.db.get_regexp_op` which returns a REGEXP
SqlAlchemy operator for the DBMS in use.

Changelog

View the full changelog

2011-02-23 Stefano Rivera <email address hidden>

Remove MyLifeIsG.com support from MyLifeIsAverage Processor. The
site has been down for around a year.

Fixes: :bug:`722675`.

2011-02-22 Stefano Rivera <email address hidden>

Use bounded_matches when returning search results.

Fixes: :bug:`722655`.

2011-02-22 Stefano Rivera <email address hidden>

Typo: parse_timestmap -> parse_timestamp (and remove an unnecessary
import).

Fixes: :bug:`722682`.

2011-02-22 Stefano Rivera <email address hidden>

Allow addresponse() to take the param 0.

Fixes: :bug:`723132`.

2011-02-21 Stefano Rivera <email address hidden>

Added CHANGES and tool for generating changelog entries.
Set version to 0.1.1.