--- irssi-0.8.14.orig/debian/irssi.doc-base.manual +++ irssi-0.8.14/debian/irssi.doc-base.manual @@ -0,0 +1,8 @@ +Document: irssi-manual +Title: Irssi Manual +Abstract: This Irssi User's Manual is slightly incomplete but can still + help for general concepts. +Section: Network/Communication + +Format: Text +Files: /usr/share/doc/irssi/manual.txt.gz --- irssi-0.8.14.orig/debian/botti.1 +++ irssi-0.8.14/debian/botti.1 @@ -0,0 +1,97 @@ +.\" This -*- nroff -*- file has been generated from +.\" DocBook SGML with docbook-to-man on Debian GNU/Linux. +...\" +...\" transcript compatibility for postscript use. +...\" +...\" synopsis: .P! +...\" +.de P! +\\&. +.fl \" force out current output buffer +\\!%PB +\\!/showpage{}def +...\" the following is from Ken Flowers -- it prevents dictionary overflows +\\!/tempdict 200 dict def tempdict begin +.fl \" prolog +.sy cat \\$1\" bring in postscript file +...\" the following line matches the tempdict above +\\!end % tempdict % +\\!PE +\\!. +.sp \\$2u \" move below the image +.. +.de pF +.ie \\*(f1 .ds f1 \\n(.f +.el .ie \\*(f2 .ds f2 \\n(.f +.el .ie \\*(f3 .ds f3 \\n(.f +.el .ie \\*(f4 .ds f4 \\n(.f +.el .tm ? font overflow +.ft \\$1 +.. +.de fP +.ie !\\*(f4 \{\ +. ft \\*(f4 +. ds f4\" +' br \} +.el .ie !\\*(f3 \{\ +. ft \\*(f3 +. ds f3\" +' br \} +.el .ie !\\*(f2 \{\ +. ft \\*(f2 +. ds f2\" +' br \} +.el .ie !\\*(f1 \{\ +. ft \\*(f1 +. ds f1\" +' br \} +.el .tm ? font underflow +.. +.ds f1\" +.ds f2\" +.ds f3\" +.ds f4\" +'\" t +.ta 8n 16n 24n 32n 40n 48n 56n 64n 72n +.TH "botti" "1" +.SH "NAME" +botti \(em Run an irssi module, such as a bot, without a UI +.SH "SYNOPSIS" +.PP +\fBbotti\fP [\fB\fIOPTIONS\fP\fP] +.SH "DESCRIPTION" +.PP +This manual page documents briefly the +\fBbotti\fP command. +.PP +Botti allows for you to run an irssi module without a UI. +This is most useful for bots, and by default botti will load the +"bot" module. +.PP +This manual page was written for the \fBDebian\fP distribution +because the original program does not have a manual page. +.SH "OPTIONS" +.IP "\fB--config\fP " 10 +Specify the configuration file location. By default, +it is ~/.irssi/config. +.IP "\fB--home\fP " 10 +Specify the irssi home directory location. By default, +it is ~/.irssi. +.IP "\fB-l\fP \fB--load\fP " 10 +Specify a module to load. By default, it is "bot". +.IP "\fB--session\fP " 10 +Option used by the /UPGRADE command. +.IP "\fB-?\fP \fB--help\fP " 10 +Print instructions. +.IP "\fB--usage\fP " 10 +Print simple usage instructions. +.SH "AUTHOR" +.PP +This manual page was written by David Nusinow \ for +the \fBDebian\fP system (but may be used by others). Permission is +granted to copy, distribute and/or modify this document under +the terms of the GNU Free Documentation +License, Version 1.1 or any later version published by the Free +Software Foundation; with no Invariant Sections, no Front-Cover +Texts and no Back-Cover Texts. +...\" created by instant / docbook-to-man, Thu 24 Apr 2003, 02:34 --- irssi-0.8.14.orig/debian/compat +++ irssi-0.8.14/debian/compat @@ -0,0 +1 @@ +5 --- irssi-0.8.14.orig/debian/control +++ irssi-0.8.14/debian/control @@ -0,0 +1,48 @@ +Source: irssi +Section: net +Priority: optional +Maintainer: Ubuntu Core Developers +XSBC-Original-Maintainer: David Pashley +Uploaders: Gerfried Fuchs +Build-Depends: debhelper (>= 5), autotools-dev, libglib2.0-dev, perl (>= 5.8.1), libperl-dev (>= 5.8.1), libncurses5-dev, libssl-dev, openssl, quilt +Standards-Version: 3.8.2 +Homepage: http://irssi.org/ +Vcs-Git: git://git.debian.org/git/users/alfie/irssi.git +Vcs-Browser: http://git.debian.org/?p=users/alfie/irssi.git;a=summary + +Package: irssi +Architecture: any +Depends: ${shlibs:Depends}, ${perl:Depends}, ${misc:Depends}, perl-base(>= 5.8.1) +Suggests: irssi-scripts +Description: terminal based IRC client + Irssi is a terminal based IRC client for UNIX systems. It also supports + SILC and ICB protocols via plugins. + . + Features include: + * Autologging + * Formats and themes + * Configurable keybindings + * Paste detection + * Perl scripting + * Irssi-proxy + * Transparent upgrading + * Recode support + +Package: irssi-dev +Architecture: any +Depends: irssi +Description: terminal based IRC client - development files + Irssi is a terminal based IRC client for UNIX systems. It also supports + SILC and ICB protocols via plugins. + . + Features include: + * Autologging + * Formats and themes + * Configurable keybindings + * Paste detection + * Perl scripting + * Irssi-proxy + * Transparent upgrading + * Recode support + . + This package includes the development files for the irssi client. --- irssi-0.8.14.orig/debian/NEWS.Debian +++ irssi-0.8.14/debian/NEWS.Debian @@ -0,0 +1,12 @@ +irssi (0.8.10~rc5-1) unstable; urgency=low + + * This package has the beginnings of GNUTLS support for SSL rather + than the upstream OpenSSL code. This may have many bugs in and is + not feature complete. In particular it does not support verification + of the server's certificate. As a result the connection is vunerable + to man in the middle attack. This is only a regression if you use + the -cafile or -capath options to /connect. The data is still + encrypted. + + -- David Pashley Sun, 17 Jul 2005 19:39:37 +0300 + --- irssi-0.8.14.orig/debian/changelog.irssi-text +++ irssi-0.8.14/debian/changelog.irssi-text @@ -0,0 +1,269 @@ +irssi-text (0.8.9-9) unstable; urgency=low + + * Update to dh-make compat 4 and depend on debhelper >=4 + * Add a space in the menu file at the end of the line + + -- David Pashley Sat, 28 May 2005 20:30:14 +0100 + +irssi-text (0.8.9-8) unstable; urgency=low + + * Updated the patch for #186416 to output a better error string + * Check for an executable file before we try to execute it with /upgrade + (Closes: #242026) + + -- David Pashley Mon, 28 Mar 2005 20:01:38 +0100 + +irssi-text (0.8.9-7) unstable; urgency=low + + * Only allow /exec to recurse 100 times (Closes: #186416) + * Call SIGTSTP rather than SIGSTOP on ^Z (With thanks to Mark Hymers + ) (Closes: #177108) + + -- David Pashley Sun, 27 Mar 2005 16:07:19 +0100 + +irssi-text (0.8.9-6) unstable; urgency=low + + * Include patch to fix Big5 input (from + http://www.freshports.org/chinese/irssi/) (Closes: #274201) + + -- David Pashley Sat, 26 Mar 2005 13:06:45 +0000 + +irssi-text (0.8.9-5) unstable; urgency=low + + * Redirect Glib critical errors to the status window rather than to stderr + (Closes: #270596) + + -- David Pashley Thu, 24 Mar 2005 08:45:34 +0000 + +irssi-text (0.8.9-4) unstable; urgency=low + + * Correctly lower case chat protocols using g_ascii_strdown() rather than + using the deprecated g_strdown() (Closes: #232628) + + -- David Pashley Wed, 23 Mar 2005 08:29:32 +0000 + +irssi-text (0.8.9-3) unstable; urgency=medium + + * Fix linker errors on IA64 by building with -O2 on that platform too. + * Upload with medium urgency to get the previous fixes into sarge + + -- David Pashley Sat, 19 Mar 2005 17:43:07 +0000 + +irssi-text (0.8.9-2) unstable; urgency=medium + + * Upload medium as it would be useful to get the irssi-common and perl fixes + into sarge. + * Conflict with irssi-common (Closes: #263320) + * Update to Standards-Version 3.6.1 + * Update to building against libglib2.0 + * Fix the menu file quoting + * Depend on autotools-dev and update config.{status,guess} automatically + (Closes: #296989) + * Recompile against libperl5.8 (5.8.4) (Closes: #248020, #224930, #247104) + + -- David Pashley Tue, 15 Mar 2005 07:51:23 +0000 + +irssi-text (0.8.9-1) unstable; urgency=low + + * Acknowledge NMU + * New Maintainer + + -- David Pashley Sun, 25 Jan 2004 13:29:21 +0000 + +irssi-text (0.8.9-0.1) unstable; urgency=high + + * NMU + * New upstream release, which fixes a remote crash with non-x86 + architectures or with people running certain scripts (nicklist.pl, + tab_stop.pl most importantly) (closes: #223650, #223597) + + -- Norbert Tretkowski Fri, 12 Dec 2003 10:17:28 +0100 + +irssi-text (0.8.6-7) unstable; urgency=low + + * Recompiled against perl 5.8.2. This should fix the segfaults. (closes: + #219806, #220279) + * Fixed the irssi-alternative + + -- Pekka Aleksi Knuutila Wed, 12 Nov 2003 01:12:37 +0200 + +irssi-text (0.8.6-6) unstable; urgency=low + + * Made the irc alternative point to irssi-text instead of irssi (closes: + #216870) + + -- Pekka Aleksi Knuutila Mon, 27 Oct 2003 22:28:32 +0200 + +irssi-text (0.8.6-5) unstable; urgency=low + + * Recompiled against perl 5.8.1 (closes: #213288, #213356) + * Added irc alternative (closes: #183011) + * Added botti manpage (closes: #190538) + + -- Pekka Aleksi Knuutila Tue, 30 Sep 2003 22:37:52 +0300 + +irssi-text (0.8.6-4) unstable; urgency=low + + * Recompiled static perl support because modularity turned out to be too + inconvenient (closes: #178593 #178594) + * Moved manpage from /usr/man to /usr/share/man (closes: #179520) + + -- Pekka Aleksi Knuutila Tue, 4 Feb 2003 06:57:06 +0000 + +irssi-text (0.8.6-3) unstable; urgency=low + + * Added manpage by Michael Wiedmann + * Perl support is now compiled as a module + * Added Suggests: perl-base + + -- Pekka Aleksi Knuutila Wed, 22 Jan 2003 21:44:27 +0200 + +irssi-text (0.8.6-2) unstable; urgency=low + + * Added "Replaces: irssi-scripts (<= 8)" + * Enabled SSL support, with a specific permission to be linked against + OpenSSL + + -- Pekka Aleksi Knuutila Sat, 23 Nov 2002 14:37:38 +0200 + +irssi-text (0.8.6-1) unstable; urgency=low + + * New upstream release (closes: #166456) + + -- Pekka Aleksi Knuutila Thu, 21 Nov 2002 22:50:31 +0200 + +irssi-text (0.8.5-4) unstable; urgency=low + + * Fixed formatting and added mention of the xirssi and irssi-snapshot + packages to the package description. + + -- Pekka Aleksi Knuutila Sun, 8 Sep 2002 00:53:24 +0300 + +irssi-text (0.8.5-3) unstable; urgency=low + + * Recompiled against perl 5.8 (closes: #158024) + + -- Pekka Aleksi Knuutila Sun, 25 Aug 2002 13:30:28 +0300 + +irssi-text (0.8.5-2) unstable; urgency=low + + * $(CFLAGS) is now really passed to make in debian/rules, so the package is + built without -O2 on ia64 (closes: #152912) + + -- Pekka Aleksi Knuutila Fri, 19 Jul 2002 18:02:49 +0300 + +irssi-text (0.8.5-1) unstable; urgency=low + + * New upstream release + + -- Pekka Aleksi Knuutila Thu, 20 Jun 2002 00:45:43 +0300 + +irssi-text (0.8.4-2) unstable; urgency=high + + * Made the package build without -O2 on ia64, due to a bug in gcc + (closes: #140274) + + -- Pekka Aleksi Knuutila Thu, 28 Mar 2002 17:59:35 +0200 + +irssi-text (0.8.4-1) unstable; urgency=low + + * New upstream release + + -- Pekka Aleksi Knuutila Wed, 13 Mar 2002 18:25:25 +0200 + +irssi-text (0.8.2-2) unstable; urgency=low + + * Added Conflict on irssi-scripts-1 and Suggests on newer versions + (closes: #138090) + * debian/rules now doesn't override CFLAGS if DEB_BUILD_OPTIONS includes + nocflags + * Updated the package description + + -- Pekka Aleksi Knuutila Wed, 13 Mar 2002 15:58:15 +0200 + +irssi-text (0.8.2-1) unstable; urgency=low + + * New upstream release + * Added HTML files to /usr/share/doc + + -- Pekka Aleksi Knuutila Tue, 12 Mar 2002 20:55:38 +0200 + +irssi-text (0.8.1-1) unstable; urgency=low + + * New upstream release + * Fixed speeling error in the copyright file (closes: #131698) + + -- Pekka Aleksi Knuutila Sun, 17 Feb 2002 17:32:18 +0200 + +irssi-text (0.7.98.3-2) unstable; urgency=low + + * Made perl support ready for perl 5.6.1, thanks to Branden O'Dea + (closes: #95535) + + -- Pekka Aleksi Knuutila Sun, 17 Feb 2002 17:32:12 +0200 + +irssi-text (0.7.98.3-1) unstable; urgency=low + + * New upstream release (closes: #90139) + * Include the libfe_perl files (closes: #90189) + + -- Pekka Aleksi Knuutila Mon, 19 Mar 2001 17:17:25 +0200 + +irssi-text (0.7.98.1-1) unstable; urgency=low + + * New upstream release + * Recompiled with perl-5.6 (closes: #86157) + * Added alternative for irssi(1) man-page (closes: #80845) + + -- Pekka Aleksi Knuutila Fri, 23 Feb 2001 16:48:43 +0200 + +irssi-text (0.7.97.2-1) unstable; urgency=low + + * New upstream release + + -- Pekka Aleksi Knuutila Tue, 19 Dec 2000 15:22:56 +0200 + +irssi-text (0.7.97.1-1) unstable; urgency=low + + * New upstream release + + -- Pekka Aleksi Knuutila Wed, 6 Dec 2000 21:40:44 +0200 + +irssi-text (0.7.97-1) unstable; urgency=low + + * New upstream release + + -- Pekka Aleksi Knuutila Sun, 3 Dec 2000 21:35:03 +0200 + +irssi-text (0.7.96-2) unstable; urgency=low + + * Added startup-howto to /usr/share/doc + * Applied 0.7.96-2 bugfixes from upstream + + -- Pekka Aleksi Knuutila Mon, 30 Oct 2000 17:48:34 +0200 + +irssi-text (0.7.96-1) unstable; urgency=low + + * New upstream release + + -- Pekka Aleksi Knuutila Thu, 19 Oct 2000 23:22:54 +0300 + +irssi-text (0.7.95-2) unstable; urgency=medium + + * Applied patch to fix remote crash + + -- Pekka Aleksi Knuutila Wed, 23 Aug 2000 10:21:36 +0300 + +irssi-text (0.7.95-1) unstable; urgency=low + + * New upstream release + * Fixed debian/rules clean (closes: Bug#69105) + + -- Pekka Aleksi Knuutila Sun, 13 Aug 2000 22:03:53 +0300 + +irssi-text (0.7.94-1) unstable; urgency=low + + * Initial release + + -- Pekka Aleksi Knuutila Wed, 26 Jul 2000 21:40:40 +0300 + --- irssi-0.8.14.orig/debian/irssi.doc-base.startup-howto +++ irssi-0.8.14/debian/irssi.doc-base.startup-howto @@ -0,0 +1,9 @@ +Document: irssi-startup-howto +Title: Irssi Startup HOWTO +Abstract: A short HOWTO for new Irssi users (not to new IRC users ..) to + get you started. +Section: Network/Communication + +Format: HTML +Index: /usr/share/doc/irssi/startup-HOWTO.html +Files: /usr/share/doc/irssi/startup-HOWTO.html --- irssi-0.8.14.orig/debian/irssi-dev.install +++ irssi-0.8.14/debian/irssi-dev.install @@ -0,0 +1 @@ +debian/tmp/usr/include --- irssi-0.8.14.orig/debian/irssi.doc-base.faq +++ irssi-0.8.14/debian/irssi.doc-base.faq @@ -0,0 +1,12 @@ +Document: irssi-faq +Title: Irssi FAQ +Abstract: This document answers frequently asked questions about the + Irssi IRC client. +Section: Network/Communication + +Format: HTML +Index: /usr/share/doc/irssi/faq.html +Files: /usr/share/doc/irssi/faq.html + +Format: Text +Files: /usr/share/doc/irssi/faq.txt.gz --- irssi-0.8.14.orig/debian/irssi.install +++ irssi-0.8.14/debian/irssi.install @@ -0,0 +1,7 @@ +debian/tmp/etc/irssi.conf +debian/tmp/usr/bin/botti +debian/tmp/usr/bin/irssi +debian/tmp/usr/lib/irssi/ +debian/tmp/usr/lib/perl5/ +debian/tmp/usr/share/doc/irssi/ +debian/tmp/usr/share/irssi/ --- irssi-0.8.14.orig/debian/irssi.manpages +++ irssi-0.8.14/debian/irssi.manpages @@ -0,0 +1,2 @@ +debian/botti.1 +debian/tmp/usr/share/man/man1/irssi.1 --- irssi-0.8.14.orig/debian/copyright +++ irssi-0.8.14/debian/copyright @@ -0,0 +1,106 @@ +License +======= + + Copyright (C) 1998-2002 Timo Sirainen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + +A copy of the GPL can be found in /usr/share/common-licenses/GPL-2, +later versions are included in the same directory. + +COPYING includes the following addition linking exception to the GPL: + + Specific permission is granted for the GPLed code in this + distribition to be linked to OpenSSL without invoking GPL clause + 2(b). + +Sources +======= + +The source was obtained from http://www.irssi.org/files/ + +Copyright +========= + +AUTHORS contains: + + Original code: + + Timo Sirainen + + Irssi staff (current maintainers) : + + Valentin Batz (senneth, vb) + Wouter Coekaerts (coekie) + Jochen Eisinger (c0ffee) + Geert Hauwaerts + Emanuele Giaquinta (exg) + Jilles Tjoelker + + Large feature patches by: + + David Leadbeater (dg, dgl) : isupport + vjt@users.sf.net : SSL support + Joel Eriksson : SSL certs + Heikki Orsila : DCC SEND queueing + Mark Trumbull : DCC SERVER + Francesco Fracassi : Passive DCC + + Other patches (grep for "patch" in ChangeLog) by: + + Toby Peterson + Soren Jacobsen + Kuang-che Wu + Joost Vunderink (Garion) + Wang WenRui + Jean-Yves Lefort (decadix) + Joel Eriksson + Maarten van der Zwaart + Noah Levitt + Krzysztof Kowalik (Borys) + Peder Stray + mls@suse.de + nix@suhs.nu + Marcin Kowalczyk (Qrczak) + Petr Baudis + Bjoern Krombholz (fuchs) + aldem-irssi@aldem.net, + BC-bd + Juerd + Han + pv2b + Tommi Komulainen (tommik) + mike@po.cs.msu.su + zinx@magenet.net + yathen@web.de + paul@raade.org + Leszek Matok + tygrys@moo.pl + manoj@io.com + cph@cph.demon.co.uk + ganesh@earth.li + Jakub Jankowski (shasta) + vanilla@freebsd.org + Tinuk + Mark Glines + Kjetil Ødegaard + Chris Moore + ComradeP + Lauri Nurmi + Mikko Rauhala + loafier + Nicolas Collignon + Daniel Koning + Yi-Hsuan Hsin + +Debian Packaging +================ + +This packaging was written by David Pashley and +contains ideas and code from previous irssi packaging by Pekka Aleksi +Knuutila . In parts there has been updates to it by +Gerfried Fuchs . +The debianization is licensed the same way as irssi itself. --- irssi-0.8.14.orig/debian/irssi.docs +++ irssi-0.8.14/debian/irssi.docs @@ -0,0 +1,4 @@ +NEWS +README +TODO +debian/changelog.irssi-text --- irssi-0.8.14.orig/debian/changelog +++ irssi-0.8.14/debian/changelog @@ -0,0 +1,350 @@ +irssi (0.8.14-1ubuntu1.1) karmic-security; urgency=low + + * SECURITY UPDATE: perform certificate host validation + - debian/patches/91_CVE-2010-1155.patch: adjust to verify hostname against + CN. Also use one SSL_CTX per connection and use default trusted CAs if + nothing specified. + - CVE-2010-1155 + * SECURITY UPDATE: fix crash when checking for fuzzy nick match when not on + the channel + - debian/patches/91_CVE-2010-1156.patch: verify channel is non-NULL in + src/core/nicklist.c + - CVE-2010-1156 + * debian/patches/92_disable_sslv2.patch: do not use SSLv2 protocol + + -- Jamie Strandboge Wed, 14 Apr 2010 14:32:04 -0500 + +irssi (0.8.14-1ubuntu1) karmic; urgency=low + + * Merge from debian unstable, remaining changes: LP: #406890 + - debian/patches: 03firsttimer_text + + Adapt it so it tells you about connecting to irc.ubuntu.com and + joining #ubuntu instead of irc.debian.org and #debian. + - debian/patches: 90irc-ubuntu-com + + -- Bhavani Shankar Thu, 30 Jul 2009 19:12:55 +0530 + +irssi (0.8.14-1) unstable; urgency=low + + * New upstream release, dropping wallops-fix patch. + * Refreshed quilt patches. + * Bumped Standards-Version to 3.8.2. + + -- Gerfried Fuchs Wed, 29 Jul 2009 12:55:04 +0200 + +irssi (0.8.13-2ubuntu1) karmic; urgency=low + + * Merge from debian unstable, remaining changes: LP: #389748 + - debian/patches: 03firsttimer_text + + Adapt it so it tells you about connecting to irc.ubuntu.com and + joining #ubuntu instead of irc.debian.org and #debian. + - debian/patches: 90irc-ubuntu-com + + -- Bhavani Shankar Sat, 20 Jun 2009 05:51:09 +0530 + +irssi (0.8.13-2) unstable; urgency=medium + + * New patch: + - wallops-fix: Fix CVE-2009-1959 off-by-one in event_wallops + (closes: #531357) + + -- Gerfried Fuchs Tue, 16 Jun 2009 11:03:06 +0200 + +irssi (0.8.13-1ubuntu1) karmic; urgency=low + + * Merge from debian unstable (LP: #372411), remaining changes: + - debian/patches: 03firsttimer_text + + Adapt it so it tells you about connecting to irc.ubuntu.com and + joining #ubuntu instead of irc.debian.org and #debian. + - debian/patches: 90irc-ubuntu-com + * Fixed debian/patches/90irc-ubuntu-com for new irssi.conf. + + -- Andres Rodriguez Tue, 05 May 2009 15:50:50 -0500 + +irssi (0.8.13-1) unstable; urgency=low + + * New upstream release. + * Refreshed quilt patches. + + -- Gerfried Fuchs Tue, 14 Apr 2009 16:59:19 +0200 + +irssi (0.8.13~rc1-1) unstable; urgency=low + + * New upstream release candidate. + * Incorporated patches (removed from packaging): help-URL-fix, + nickmask-mask, fullword-full, ctcp-channel, server==NULL-handling, + typo-authentification, leave-help, perlembed-fix, perlembed-fix, + proxy-join-fix, mode-display-fix + * All other patches refreshed. + * New patch manpage-fix to fix hyphens in the synopsis of the manpage. + * Bump to Standards-Version 3.8.1. + * Aligned irssi-dev short description with main package description. + * Adopt debian/watch to match release candidates. + + -- Gerfried Fuchs Thu, 19 Mar 2009 11:12:17 +0100 + +irssi (0.8.12-6ubuntu1) jaunty; urgency=low + + * Merge from Debian unstable (LP: #326002), Ubuntu remaining changes: + - Added debian/patches/90irc-ubuntu-com.dpatch + - debian/patches/03firsttimer_text: + + Adapt it so it tells you about connecting to irc.ubuntu.com and + joining #ubuntu instead of irc.debian.org and #debian. + New with this merge: We now also apply this patch. + + -- Pedro Fragoso Wed, 04 Feb 2009 21:46:19 +0000 + +irssi (0.8.12-6) unstable; urgency=low + + * New patch: + - mode-display-fix: Fix mode display in whois with unreal (379 numeric). + (upstream svn r4637, bug #479) + * Updated patch: + - perlembed-fix: The initial approach wasn't completely clean, it got + revised by upstream. + + -- Gerfried Fuchs Thu, 29 Jan 2009 13:29:51 +0100 + +irssi (0.8.12-5ubuntu1) jaunty; urgency=low + + * Merge from Debian unstable (LP: #295270), Ubuntu remaining changes: + - Added debian/patches/90irc-ubuntu-com.dpatch + - debian/patches/03firsttimer_text: + + Adapt it so it tells you about connecting to irc.ubuntu.com and + joining #ubuntu instead of irc.debian.org and #debian. + New with this merge: We now also apply this patch. + - debian/irssi.perm: Don't remove alternative on upgrades. + + -- Pedro Fragoso Wed, 05 Nov 2008 02:41:00 +0000 + +irssi (0.8.12-5) unstable; urgency=low + + * New patches: + - perlembed-fix to fix adjust to perembed documentation, fixing a + possible breakage on at least hppa (closes: #495059) + - proxy-join-fix to fix a buffer problem which made joining lots of + channels through proxy not get all through, pulled from upstream + revision 4840 (closes: #308673) + + -- Gerfried Fuchs Tue, 02 Sep 2008 13:57:52 +0200 + +irssi (0.8.12-4ubuntu2) intrepid; urgency=low + + * debian/patches/90irc-ubuntu-com.dpatch: Changed irc.ubuntu.com's + default port to 8001 to avoid DCC exploit (LP: #263259). + + -- Jonathan Patrick Davies Sun, 31 Aug 2008 12:28:41 +0100 + +irssi (0.8.12-4ubuntu1) intrepid; urgency=low + + * Merge from debian unstable (LP: #241282), remaining changes: + - Added debian/patches/90irc-ubuntu-com.dpatch (LP: #52690) + - debian/patches/03firsttimer_text: + + Adapt it so it tells you about connecting to irc.ubuntu.com and + joining #ubuntu instead of irc.debian.org and #debian. (LP: #188590) + New with this merge: We now also apply this patch. + - Modify Maintainer value to match DebianMaintainerField spec. + - debian/irssi.perm: Don't remove alternative on upgrades. (LP: #67698) + * debian/patches/91-manpage-typo: + - Dropped, merged upstream. + + -- Pedro Fragoso Wed, 11 Jun 2008 15:36:34 +0100 + +irssi (0.8.12-4) unstable; urgency=low + + * Remove alternative handling cleanup from before etch release. + * Fixed a typo noticed by John Dong, patch typo-authentification + (closes: #465570) + * Pull upstream revision r4612 as patch help-URL-fix to fix help URL + (closes: #485140) + * Remove reference to LEAVE in help files, patch leave-help + (closes: #255535) + * Apply patch from Tim Retout to use default colour for ownnick and actions + instead of white (closes: #479171) + * Remove autogenerated files, both from patch series and also in clean + target. Thanks to Felix Palmen for mentioning it (closes: #476473) + * Add doc-base files for the FAQ, manual and startup-HOWTO + (closes: #451690, #480098) + * Update to Standards-Version 3.8.0: + - Add debian/README.source referencing the quilt documentation. + * Actually also _use_ the menu file for irssi... And removed some of the + other commented dh_* entries in debian/rules. + * Updated debian/copyright to contain more current informations, added the + keyword exception to the openssl linking GPL addition. + * Removed empty debian/irssi.postinst file. + + -- Gerfried Fuchs Mon, 09 Jun 2008 12:11:19 +0200 + +irssi (0.8.12-3ubuntu4) intrepid; urgency=low + + * Rebuild for the perl 5.10 transition (LP: #230016). + + -- Michael Bienia Sat, 24 May 2008 15:02:30 +0200 + +irssi (0.8.12-3ubuntu3) hardy; urgency=low + + * Replace authentification with a less amusing word + + -- John Dong Fri, 08 Feb 2008 20:57:33 -0500 + +irssi (0.8.12-3ubuntu2) hardy; urgency=low + + * debian/patches/03firsttimer_text: + - Adapt it so it tells you about connecting to irc.ubuntu.com and + joining #ubuntu, instead of irc.debian.org and #debian. LP: #188590. + + -- Emilio Pozuelo Monfort Wed, 06 Feb 2008 00:59:54 +0100 + +irssi (0.8.12-3ubuntu1) hardy; urgency=low + + * Merge from debian unstable, remaining changes (LP: #181641): + - Added debian/patches/90irc-ubuntu-com.dpatch (Launchpad #52690). + New with this merge: We now also apply this patch. + - Modify Maintainer value to match the DebianMaintainerField spec. + - debian/irssi.prerm: Don't remove alternative on upgrades (LP #67698). + + -- Soren Hansen Tue, 05 Feb 2008 23:17:04 +0100 + +irssi (0.8.12-3) unstable; urgency=low + + [ Gerfried Fuchs ] + * Switch to quilt to make it possible to produce the following patch without + any headaches. + * patch fullword-full added about printing -full instead of -fullword which + is the wrong option to /hilight + * Put the four created files into patches too so that everything changed is + below /debian/ only. + * Imported all into git for being able to team maintain (Closes: #445840) + * Add Vcs-* fields to control file. + * Patches pulled from upstream svn: + - 07ctcp-channel: Do not allow /ping by itself to ctcp ping a channel. + - 08server==NULL-handling: Handle server == NULL case in skip_target. + Thanks to Pedro Fragoso from ubuntu for notifying me about them. + * Bumped Standards-Version to 3.7.3, no further required changes. + * Bump debhelper compat level to 5. + + -- Gerfried Fuchs Thu, 17 Jan 2008 09:55:41 +0100 + +irssi (0.8.12-2ubuntu2) hardy; urgency=low + + * debian/patches/10ping_ctcp: prevent /ping with no arguments from sending + CTCP PING to a channel (backported from SVN, LP: #96758). + + -- Pedro Fragoso Tue, 04 Dec 2007 19:40:59 +0000 + +irssi (0.8.12-2ubuntu1) hardy; urgency=low + + * Merge with Debian, remaining Ubuntu changes: + - Added debian/patches/90irc-ubuntu-com.dpatch (Launchpad #52690). + - Modify Maintainer value to match the DebianMaintainerField spec. + - debian/irssi.prerm: Do not alternative. LP: #67698. + + -- Emilio Pozuelo Monfort Fri, 02 Nov 2007 18:13:28 +0100 + +irssi (0.8.12-2) unstable; urgency=low + + [ Gerfried Fuchs ] + * Added Homepage: to control file. + * Added watchfile. + * patch chanmode_expando_strip added for changing default to not expose + channel key by default (Closes: #347944) + * patch ctcp_version_reply added for not exposing $sysname $sysarch in ctcp + version replies by default (Closes: #373094) + * patch firsttimer_text added which extends the text displayed to firsttime + users about irc.debian.org and #debian (Closes: #393707) + * Remove irssi-text dummy package from control and all the old package + relation stats to it and irssi-snapshot, and irssi-scripts versioning. + * patch nickmask-mask added about printing -mask instead of -nickmask which + is a wrong option to /hilight (Closes: #417397) + * Don't ignore make distclean errors anymore. + * Removed automatic config.{guess,sub} update from debian/rules. + + -- Gerfried Fuchs Thu, 18 Oct 2007 08:29:50 +0200 + +irssi (0.8.12-1) unstable; urgency=low + + [ David Pashley ] + * Gerfried Fuchs added to Uploaders (Closes: #445840) + * Removed old not used patches from the package. + + [ Gerfried Fuchs ] + * New upstream release (Closes: #421053) + - patch 05upgrade-check-binary.dpatch applied upstream. + - patch 08doublefree applied upstream. + - C1 control characters aren't passed through anymore (Closes: #435315) + - return random host on DNS round robin (Closes: #374715) + * Updated menu file to new menu policy section, added longtitle. + * Bumped Standards-Version to 3.7.2, no changes needed. + + -- Gerfried Fuchs Wed, 17 Oct 2007 07:54:49 +0200 + +irssi (0.8.11-0ubuntu1) gutsy; urgency=low + + * New upstream release: + - http://www.irssi.org/news/ChangeLog + * debian/{control,compat}: + - Bump Standards. + * debian/patches/00list: + - Disable 05upgrade-check-binary.patch, applied upstream. + - Disable 08doublefree.patch, applied upstream. + + -- Christian Bjälevik Sat, 28 Apr 2007 02:52:01 +0200 + +irssi (0.8.10-2ubuntu1) edgy; urgency=low + + * Add irc.ubuntu.com as the first listed IRC server (closes: Malone + #52690). + + -- Colin Watson Tue, 3 Oct 2006 17:46:55 +0100 + +irssi (0.8.10-2) unstable; urgency=low + + * Fix Conflicts and Replaces lines to make backporting to sarge easier + * Fix the menu entry (Closes: #274201) + * Added a Provides for irc (Closes: #267411) + * Removed calls to ldconfig in postinst and postrm by calling dh_makeshlibs + with the -n flag + * Remove alteratives for irc and irssi (Closes: #348149) + * Fix a glib memory bug. patch by Chris Moore + (Closes: #358172, #358499) + * Include changelog from irssi-text (Closes: #344292) + + -- David Pashley Fri, 30 Dec 2005 15:12:29 +0000 + +irssi (0.8.10-1) unstable; urgency=low + + * new upstream release + + -- David Pashley Sat, 10 Dec 2005 21:25:51 +0000 + +irssi (0.8.10~rc8-1) unstable; urgency=low + + * New upstream (Closes: #340287) + * Add dpatch to the build-depends + + -- David Pashley Wed, 30 Nov 2005 23:10:27 +0000 + +irssi (0.8.10~rc6-1) unstable; urgency=low + + * New upstream version + * Disable the GnuTLS patch for now. + * Added Provides, Replaces and Conflicts for irssi-text and irssi-snapshot + + -- David Pashley Fri, 14 Oct 2005 00:39:15 +0100 + +irssi (0.8.10~rc5-1) unstable; urgency=low + + * Initial packaging to unify irssi-text and irssi-snapshot + * Provide a -dev package for building modules (Closes: #184771) + * Check for an executable file before we try to execute it with /upgrade + (Closes: #242026) + * Only allow /exec to recurse 100 times (Closes: #186416) + * Call SIGTSTP rather than SIGSTOP on ^Z (With thanks to Mark Hymers + ) (Closes: #177108) + * Redirect Glib critical errors to the status window rather than to stderr + (Closes: #270596) + * Correctly lower case chat protocols using g_ascii_strdown() rather than + using the deprecated g_strdown() (pushed upstream) (Closes: #232628) + + -- David Pashley Sun, 10 Jul 2005 15:11:38 +0300 + --- irssi-0.8.14.orig/debian/watch +++ irssi-0.8.14/debian/watch @@ -0,0 +1,4 @@ +version=3 +opts="uversionmangle=s/-rc/~rc/" \ +http://irssi.org/files/ irssi-([\da-z\.-]+)\.tar\.gz debian uupdate +# Site/Directory Pattern Version Script --- irssi-0.8.14.orig/debian/rules +++ irssi-0.8.14/debian/rules @@ -0,0 +1,106 @@ +#!/usr/bin/make -f +# -*- makefile -*- +# Sample debian/rules that uses debhelper. +# This file was originally written by Joey Hess and Craig Small. +# As a special exception, when this file is copied by dh-make into a +# dh-make output file, you may use that output file without restriction. +# This special exception was added by Craig Small in version 0.37 of dh-make. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +include /usr/share/quilt/quilt.make + +# These are used for cross-compiling and for saving the configure script +# from having to guess our platform (since we know it already) +DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) + + +CFLAGS = -Wall -g + +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS += -O0 +else + CFLAGS += -O2 +endif + +config.status: patch configure + dh_testdir + # Add here commands to configure the package. + CFLAGS="$(CFLAGS)" ./configure --host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE) \ + --prefix=/usr --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info \ + --sysconfdir=/etc \ + --without-servertest --enable-ipv6 --with-bot --with-proxy \ + --enable-perl --with-perl-lib=vendor + + +build: build-stamp + +build-stamp: config.status + dh_testdir + + # Add here commands to compile the package. + $(MAKE) + #docbook-to-man debian/irssi.sgml > irssi.1 + + touch build-stamp + +clean: unpatch + dh_testdir + dh_testroot + rm -f build-stamp + + # Add here commands to clean up after the build process. + [ ! -f Makefile ] || $(MAKE) distclean + + rm -f \ + src/perl/common/Makefile.old \ + src/perl/irc/Makefile.old \ + src/perl/textui/Makefile.old \ + src/perl/ui/Makefile.old \ + src/perl/perl-signals-list.h \ + src/perl/irssi-core.pl.h \ + default-config.h \ + default-theme.h + + dh_clean + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + # Add here commands to install the package into debian/tmp. + $(MAKE) install DESTDIR=$(CURDIR)/debian/tmp + + +# Build architecture-independent files here. +binary-indep: build install +# We have nothing to do by default. + +# Build architecture-dependent files here. +binary-arch: build install + dh_testdir + dh_testroot + dh_installchangelogs ChangeLog + dh_installdocs + dh_installexamples + dh_install + dh_installmenu + dh_installman + dh_link + dh_strip + dh_compress + dh_fixperms + dh_perl + dh_makeshlibs -n + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install --- irssi-0.8.14.orig/debian/irssi.menu +++ irssi-0.8.14/debian/irssi.menu @@ -0,0 +1,2 @@ +?package(irssi):needs="text" section="Applications/Network/Communication" \ +title="Irssi" longtitle="Terminal Based IRC Client" command="/usr/bin/irssi" --- irssi-0.8.14.orig/debian/README.source +++ irssi-0.8.14/debian/README.source @@ -0,0 +1,2 @@ +This package uses quilt for its patch management, see +/usr/share/doc/quilt/README.source if you are unfamiliar with it. --- irssi-0.8.14.orig/debian/patches/01chanmode_expando_strip +++ irssi-0.8.14/debian/patches/01chanmode_expando_strip @@ -0,0 +1,18 @@ +Author: Gerfried Fuchs vim:ft=diff: +Description: Don't expand chanmode by default, BTS #347944 + +Index: irssi-0.8.14/src/core/expandos.c +=================================================================== +--- irssi-0.8.14.orig/src/core/expandos.c ++++ irssi-0.8.14/src/core/expandos.c +@@ -584,7 +584,9 @@ void expandos_init(void) + #endif + settings_add_str("misc", "STATUS_OPER", "*"); + settings_add_str("lookandfeel", "timestamp_format", "%H:%M"); +- settings_add_bool("lookandfeel", "chanmode_expando_strip", FALSE); ++ /* don't expand by default and expose channel key, ++ * see debian bug #347944 */ ++ settings_add_bool("lookandfeel", "chanmode_expando_strip", TRUE); + + last_sent_msg = NULL; last_sent_msg_body = NULL; + last_privmsg_from = NULL; last_public_from = NULL; --- irssi-0.8.14.orig/debian/patches/91_disable_sslv2.patch +++ irssi-0.8.14/debian/patches/91_disable_sslv2.patch @@ -0,0 +1,14 @@ +Origin: r5136 +Description: Do not use SSLv2 protocol. From Bazerka. + +diff -Nur irssi-0.8.14/src/core/network-openssl.c irssi-0.8.14.new/src/core/network-openssl.c +--- irssi-0.8.14/src/core/network-openssl.c 2010-04-14 13:35:32.240201673 -0500 ++++ irssi-0.8.14.new/src/core/network-openssl.c 2010-04-14 13:35:43.950433414 -0500 +@@ -406,6 +406,7 @@ + g_error("Could not allocate memory for SSL context"); + return NULL; + } ++ SSL_CTX_set_options(ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2); + + if (mycert && *mycert) { + char *scert = NULL, *spkey = NULL; --- irssi-0.8.14.orig/debian/patches/11theme-white-background-fix +++ irssi-0.8.14/debian/patches/11theme-white-background-fix @@ -0,0 +1,82 @@ +Author: Tim Retout vim:ft=diff: +Description: Make own nick and actions use default color instead of + white, BTS #479171 + +Index: irssi-0.8.14/default.theme +=================================================================== +--- irssi-0.8.14.orig/default.theme ++++ irssi-0.8.14/default.theme +@@ -63,7 +63,7 @@ abstracts = { + ## + + # text to insert at the beginning of each non-message line +- line_start = "%B-%W!%B-%n "; ++ line_start = "%B-%n!%B-%n "; + + # timestamp styling, nothing by default + timestamp = "$*"; +@@ -138,7 +138,7 @@ abstracts = { + + # $0 = nick mode, $1 = nick + ownmsgnick = "{msgnick $0 $1-}"; +- ownnick = "%W$*%n"; ++ ownnick = "%_$*%n"; + + # public message in channel, $0 = nick mode, $1 = nick + pubmsgnick = "{msgnick $0 $1-}"; +@@ -163,7 +163,7 @@ abstracts = { + + # own private message in query + ownprivmsgnick = "{msgnick $*}"; +- ownprivnick = "%W$*%n"; ++ ownprivnick = "%_$*%n"; + + # private message in query + privmsgnick = "{msgnick %R$*%n}"; +@@ -173,7 +173,7 @@ abstracts = { + ## + + # used internally by this theme +- action_core = "%W * $*%n"; ++ action_core = "%_ * $*%n"; + + # generic one that's used by most actions + action = "{action_core $*} "; +@@ -185,7 +185,7 @@ abstracts = { + ownaction_target = "{action_core $0}%K:%c$1%n "; + + # private action sent by others +- pvtaction = "%W (*) $*%n "; ++ pvtaction = "%_ (*) $*%n "; + pvtaction_query = "{action $*}"; + + # public action sent by others +@@ -211,9 +211,9 @@ abstracts = { + ctcp = "%g$*%n"; + + # wallops +- wallop = "%W$*%n: "; ++ wallop = "%_$*%n: "; + wallop_nick = "%n$*"; +- wallop_action = "%W * $*%n "; ++ wallop_action = "%_ * $*%n "; + + # netsplits + netsplit = "%R$*%n"; +@@ -235,14 +235,14 @@ abstracts = { + # DCC chat, own msg/action + dccownmsg = "[%r$0%K($1-%K)%n] "; + dccownnick = "%R$*%n"; +- dccownquerynick = "%W$*%n"; ++ dccownquerynick = "%_$*%n"; + dccownaction = "{action $*}"; + dccownaction_target = "{action_core $0}%K:%c$1%n "; + + # DCC chat, others + dccmsg = "[%G$1-%K(%g$0%K)%n] "; + dccquerynick = "%G$*%n"; +- dccaction = "%W (*dcc*) $*%n %|"; ++ dccaction = "%_ (*dcc*) $*%n %|"; + + ## + ## statusbar --- irssi-0.8.14.orig/debian/patches/12manpage-fix +++ irssi-0.8.14/debian/patches/12manpage-fix @@ -0,0 +1,16 @@ +Author: Gerfried Fuchs vim:ft=diff: +Description: Fix the hyphens in the synopsis + +Index: irssi-0.8.14/docs/irssi.1 +=================================================================== +--- irssi-0.8.14.orig/docs/irssi.1 ++++ irssi-0.8.14/docs/irssi.1 +@@ -3,7 +3,7 @@ + Irssi \- a modular IRC client for UNIX + .SH SYNOPSIS + .B irssi +-[-dv!?] [-c server] [-p port] [-n nickname] [-w password] [-h hostname] ++[\-dv!?] [\-c server] [\-p port] [\-n nickname] [\-w password] [\-h hostname] + .SH DESCRIPTION + .B Irssi + is a modular Internet Relay Chat client. It is highly extensible and --- irssi-0.8.14.orig/debian/patches/90irc-ubuntu-com +++ irssi-0.8.14/debian/patches/90irc-ubuntu-com @@ -0,0 +1,10 @@ +Index: irssi-0.8.13-1ubuntu1/irssi.conf +=================================================================== +--- irssi-0.8.13-1ubuntu1.orig/irssi.conf 2009-05-05 15:39:37.000000000 -0500 ++++ irssi-0.8.13-1ubuntu1/irssi.conf 2009-05-05 15:40:52.000000000 -0500 +@@ -1,4 +1,5 @@ + servers = ( ++ { address = "irc.ubuntu.com"; chatnet = "Ubuntu"; port = "8001"; }, + { address = "eu.irc6.net"; chatnet = "IRCnet"; port = "6667"; }, + { address = "irc.open-ircnet.net"; chatnet = "IRCnet"; port = "6667"; }, + { address = "irc.efnet.org"; chatnet = "EFNet"; port = "6667"; }, --- irssi-0.8.14.orig/debian/patches/91_CVE-2010-1156.patch +++ irssi-0.8.14/debian/patches/91_CVE-2010-1156.patch @@ -0,0 +1,24 @@ +Origin: r5126 +Description: fix crash when checking for fuzzy nick match when not on the + channel. (CVE-2010-1156) + +diff -Nur irssi-0.8.14/src/core/nicklist.c irssi-0.8.14.new/src/core/nicklist.c +--- irssi-0.8.14/src/core/nicklist.c 2009-07-21 13:48:05.000000000 -0500 ++++ irssi-0.8.14.new/src/core/nicklist.c 2010-04-14 13:33:14.170161584 -0500 +@@ -575,9 +575,13 @@ + if (fullmatch) + return TRUE; /* matched without fuzzyness */ + +- /* matched with some fuzzyness .. check if there's an exact match +- for some other nick in the same channel. */ +- return nick_nfind(channel, msgstart, (int) (msg-msgstart)) == NULL; ++ if (channel != NULL) { ++ /* matched with some fuzzyness .. check if there's an exact match ++ for some other nick in the same channel. */ ++ return nick_nfind(channel, msgstart, (int) (msg-msgstart)) == NULL; ++ } else { ++ return TRUE; ++ } + } + + void nicklist_init(void) --- irssi-0.8.14.orig/debian/patches/series +++ irssi-0.8.14/debian/patches/series @@ -0,0 +1,12 @@ +01chanmode_expando_strip +02ctcp_version_reply +03firsttimer_text +## 06gnutls-support by David Pashley +#06gnutls-support +11theme-white-background-fix +12manpage-fix +90irc-ubuntu-com + +91_CVE-2010-1155.patch +91_CVE-2010-1156.patch +91_disable_sslv2.patch --- irssi-0.8.14.orig/debian/patches/91_CVE-2010-1155.patch +++ irssi-0.8.14/debian/patches/91_CVE-2010-1155.patch @@ -0,0 +1,365 @@ +Origin: r5104, r5107, r5108 and r5116 +Description: perform certificate host validation (CVE-2010-1155). CVE-2010-1154 + was also assigned to this issue for checking /0 in CN, but it never checked + the hostname until these commits. From the upstream svn log: + r5104: + Check if an SSL certificate matches the hostname of the server we are + connecting to + r5107: + Use one SSL_CTX per connection, use default trusted CAs if nothing specified. + This allows useful use of -ssl_verify without -ssl_cafile/-ssl_capath, using + OpenSSL's default trusted CAs. + r5108: + Call OpenSSL_add_all_algorithms(), may be needed to verify SHA256 certs with + certain versions of OpenSSL. + r5116: + network-openssl: Show why a certificate failed validation. + +diff -Nur irssi-0.8.14/src/core/network.h irssi-0.8.14.new/src/core/network.h +--- irssi-0.8.14/src/core/network.h 2009-07-21 13:48:05.000000000 -0500 ++++ irssi-0.8.14.new/src/core/network.h 2010-04-14 13:25:51.050161002 -0500 +@@ -47,7 +47,7 @@ + /* Connect to socket */ + GIOChannel *net_connect(const char *addr, int port, IPADDR *my_ip); + /* Connect to socket with ip address and SSL*/ +-GIOChannel *net_connect_ip_ssl(IPADDR *ip, int port, IPADDR *my_ip, const char *cert, const char *pkey, const char *cafile, const char *capath, gboolean verify); ++GIOChannel *net_connect_ip_ssl(IPADDR *ip, int port, const char* hostname, IPADDR *my_ip, const char *cert, const char *pkey, const char *cafile, const char *capath, gboolean verify); + int irssi_ssl_handshake(GIOChannel *handle); + /* Connect to socket with ip address */ + GIOChannel *net_connect_ip(IPADDR *ip, int port, IPADDR *my_ip); +diff -Nur irssi-0.8.14/src/core/network-openssl.c irssi-0.8.14.new/src/core/network-openssl.c +--- irssi-0.8.14/src/core/network-openssl.c 2009-07-21 13:48:05.000000000 -0500 ++++ irssi-0.8.14.new/src/core/network-openssl.c 2010-04-14 13:26:18.761443736 -0500 +@@ -26,6 +26,7 @@ + + #include + #include ++#include + #include + #include + #include +@@ -39,28 +40,174 @@ + SSL *ssl; + SSL_CTX *ctx; + unsigned int verify:1; ++ const char *hostname; + } GIOSSLChannel; + +-static SSL_CTX *ssl_ctx = NULL; ++static int ssl_inited = FALSE; + + static void irssi_ssl_free(GIOChannel *handle) + { + GIOSSLChannel *chan = (GIOSSLChannel *)handle; + g_io_channel_unref(chan->giochan); + SSL_free(chan->ssl); +- if (chan->ctx != ssl_ctx) +- SSL_CTX_free(chan->ctx); ++ SSL_CTX_free(chan->ctx); + g_free(chan); + } + +-static gboolean irssi_ssl_verify(SSL *ssl, SSL_CTX *ctx, X509 *cert) ++/* Checks if the given string has internal NUL characters. */ ++static gboolean has_internal_nul(const char* str, int len) { ++ /* Remove trailing nul characters. They would give false alarms */ ++ while (len > 0 && str[len-1] == 0) ++ len--; ++ return strlen(str) != len; ++} ++ ++/* tls_dns_name - Extract valid DNS name from subjectAltName value */ ++static const char *tls_dns_name(const GENERAL_NAME * gn) ++{ ++ const char *dnsname; ++ ++ /* We expect the OpenSSL library to construct GEN_DNS extension objects as ++ ASN1_IA5STRING values. Check we got the right union member. */ ++ if (ASN1_STRING_type(gn->d.ia5) != V_ASN1_IA5STRING) { ++ g_warning("Invalid ASN1 value type in subjectAltName"); ++ return NULL; ++ } ++ ++ /* Safe to treat as an ASCII string possibly holding a DNS name */ ++ dnsname = (char *) ASN1_STRING_data(gn->d.ia5); ++ ++ if (has_internal_nul(dnsname, ASN1_STRING_length(gn->d.ia5))) { ++ g_warning("Internal NUL in subjectAltName"); ++ return NULL; ++ } ++ ++ return dnsname; ++} ++ ++/* tls_text_name - extract certificate property value by name */ ++static char *tls_text_name(X509_NAME *name, int nid) ++{ ++ int pos; ++ X509_NAME_ENTRY *entry; ++ ASN1_STRING *entry_str; ++ int utf8_length; ++ unsigned char *utf8_value; ++ char *result; ++ ++ if (name == 0 || (pos = X509_NAME_get_index_by_NID(name, nid, -1)) < 0) { ++ return NULL; ++ } ++ ++ entry = X509_NAME_get_entry(name, pos); ++ g_return_val_if_fail(entry != NULL, NULL); ++ entry_str = X509_NAME_ENTRY_get_data(entry); ++ g_return_val_if_fail(entry_str != NULL, NULL); ++ ++ /* Convert everything into UTF-8. It's up to OpenSSL to do something ++ reasonable when converting ASCII formats that contain non-ASCII ++ content. */ ++ if ((utf8_length = ASN1_STRING_to_UTF8(&utf8_value, entry_str)) < 0) { ++ g_warning("Error decoding ASN.1 type=%d", ASN1_STRING_type(entry_str)); ++ return NULL; ++ } ++ ++ if (has_internal_nul((char *)utf8_value, utf8_length)) { ++ g_warning("NUL character in hostname in certificate"); ++ OPENSSL_free(utf8_value); ++ return NULL; ++ } ++ ++ result = g_strdup((char *) utf8_value); ++ OPENSSL_free(utf8_value); ++ return result; ++} ++ ++ ++/** check if a hostname in the certificate matches the hostname we used for the connection */ ++static gboolean match_hostname(const char *cert_hostname, const char *hostname) ++{ ++ const char *hostname_left; ++ ++ if (!strcasecmp(cert_hostname, hostname)) { /* exact match */ ++ return TRUE; ++ } else if (cert_hostname[0] == '*' && cert_hostname[1] == '.' && cert_hostname[2] != 0) { /* wildcard match */ ++ /* The initial '*' matches exactly one hostname component */ ++ hostname_left = strchr(hostname, '.'); ++ if (hostname_left != NULL && ! strcasecmp(hostname_left + 1, cert_hostname + 2)) { ++ return TRUE; ++ } ++ } ++ return FALSE; ++} ++ ++/* based on verify_extract_name from tls_client.c in postfix */ ++static gboolean irssi_ssl_verify_hostname(X509 *cert, const char *hostname) ++{ ++ int gen_index, gen_count; ++ gboolean matched = FALSE, has_dns_name = FALSE; ++ const char *cert_dns_name; ++ char *cert_subject_cn; ++ const GENERAL_NAME *gn; ++ STACK_OF(GENERAL_NAME) * gens; ++ ++ /* Verify the dNSName(s) in the peer certificate against the hostname. */ ++ gens = X509_get_ext_d2i(cert, NID_subject_alt_name, 0, 0); ++ if (gens) { ++ gen_count = sk_GENERAL_NAME_num(gens); ++ for (gen_index = 0; gen_index < gen_count && !matched; ++gen_index) { ++ gn = sk_GENERAL_NAME_value(gens, gen_index); ++ if (gn->type != GEN_DNS) ++ continue; ++ ++ /* Even if we have an invalid DNS name, we still ultimately ++ ignore the CommonName, because subjectAltName:DNS is ++ present (though malformed). */ ++ has_dns_name = TRUE; ++ cert_dns_name = tls_dns_name(gn); ++ if (cert_dns_name && *cert_dns_name) { ++ matched = match_hostname(cert_dns_name, hostname); ++ } ++ } ++ ++ /* Free stack *and* member GENERAL_NAME objects */ ++ sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); ++ } ++ ++ if (has_dns_name) { ++ if (! matched) { ++ /* The CommonName in the issuer DN is obsolete when SubjectAltName is available. */ ++ g_warning("None of the Subject Alt Names in the certificate match hostname '%s'", hostname); ++ } ++ return matched; ++ } else { /* No subjectAltNames, look at CommonName */ ++ cert_subject_cn = tls_text_name(X509_get_subject_name(cert), NID_commonName); ++ if (cert_subject_cn && *cert_subject_cn) { ++ matched = match_hostname(cert_subject_cn, hostname); ++ if (! matched) { ++ g_warning("SSL certificate common name '%s' doesn't match host name '%s'", cert_subject_cn, hostname); ++ } ++ } else { ++ g_warning("No subjectAltNames and no valid common name in certificate"); ++ } ++ free(cert_subject_cn); ++ } ++ ++ return matched; ++} ++ ++static gboolean irssi_ssl_verify(SSL *ssl, SSL_CTX *ctx, const char* hostname, X509 *cert) + { +- if (SSL_get_verify_result(ssl) != X509_V_OK) { ++ long result; ++ ++ result = SSL_get_verify_result(ssl); ++ if (result != X509_V_OK) { + unsigned char md[EVP_MAX_MD_SIZE]; + unsigned int n; + char *str; + +- g_warning("Could not verify SSL servers certificate:"); ++ g_warning("Could not verify SSL servers certificate: %s", ++ X509_verify_cert_error_string(result)); + if ((str = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0)) == NULL) + g_warning(" Could not get subject-name from peer certificate"); + else { +@@ -89,6 +236,8 @@ + } + } + return FALSE; ++ } else if (! irssi_ssl_verify_hostname(cert, hostname)){ ++ return FALSE; + } + return TRUE; + } +@@ -229,19 +378,14 @@ + { + SSL_library_init(); + SSL_load_error_strings(); +- +- ssl_ctx = SSL_CTX_new(SSLv23_client_method()); +- if(!ssl_ctx) +- { +- g_error("Initialization of the SSL library failed"); +- return FALSE; +- } ++ OpenSSL_add_all_algorithms(); ++ ssl_inited = TRUE; + + return TRUE; + + } + +-static GIOChannel *irssi_ssl_get_iochannel(GIOChannel *handle, const char *mycert, const char *mypkey, const char *cafile, const char *capath, gboolean verify) ++static GIOChannel *irssi_ssl_get_iochannel(GIOChannel *handle, const char *hostname, const char *mycert, const char *mypkey, const char *cafile, const char *capath, gboolean verify) + { + GIOSSLChannel *chan; + GIOChannel *gchan; +@@ -251,18 +395,20 @@ + + g_return_val_if_fail(handle != NULL, NULL); + +- if(!ssl_ctx && !irssi_ssl_init()) ++ if(!ssl_inited && !irssi_ssl_init()) + return NULL; + + if(!(fd = g_io_channel_unix_get_fd(handle))) + return NULL; + ++ ctx = SSL_CTX_new(SSLv23_client_method()); ++ if (ctx == NULL) { ++ g_error("Could not allocate memory for SSL context"); ++ return NULL; ++ } ++ + if (mycert && *mycert) { + char *scert = NULL, *spkey = NULL; +- if ((ctx = SSL_CTX_new(SSLv23_client_method())) == NULL) { +- g_error("Could not allocate memory for SSL context"); +- return NULL; +- } + scert = convert_home(mycert); + if (mypkey && *mypkey) + spkey = convert_home(mypkey); +@@ -279,10 +425,6 @@ + if ((cafile && *cafile) || (capath && *capath)) { + char *scafile = NULL; + char *scapath = NULL; +- if (! ctx && (ctx = SSL_CTX_new(SSLv23_client_method())) == NULL) { +- g_error("Could not allocate memory for SSL context"); +- return NULL; +- } + if (cafile && *cafile) + scafile = convert_home(cafile); + if (capath && *capath) +@@ -297,14 +439,15 @@ + g_free(scafile); + g_free(scapath); + verify = TRUE; ++ } else { ++ if (!SSL_CTX_set_default_verify_paths(ctx)) ++ g_warning("Could not load default certificates"); + } + +- if (ctx == NULL) +- ctx = ssl_ctx; +- + if(!(ssl = SSL_new(ctx))) + { + g_warning("Failed to allocate SSL structure"); ++ SSL_CTX_free(ctx); + return NULL; + } + +@@ -312,8 +455,7 @@ + { + g_warning("Failed to associate socket to SSL stream"); + SSL_free(ssl); +- if (ctx != ssl_ctx) +- SSL_CTX_free(ctx); ++ SSL_CTX_free(ctx); + return NULL; + } + +@@ -323,6 +465,7 @@ + chan->ssl = ssl; + chan->ctx = ctx; + chan->verify = verify; ++ chan->hostname = hostname; + + gchan = (GIOChannel *)chan; + gchan->funcs = &irssi_ssl_channel_funcs; +@@ -333,14 +476,14 @@ + return gchan; + } + +-GIOChannel *net_connect_ip_ssl(IPADDR *ip, int port, IPADDR *my_ip, const char *cert, const char *pkey, const char *cafile, const char *capath, gboolean verify) ++GIOChannel *net_connect_ip_ssl(IPADDR *ip, int port, const char* hostname, IPADDR *my_ip, const char *cert, const char *pkey, const char *cafile, const char *capath, gboolean verify) + { + GIOChannel *handle, *ssl_handle; + + handle = net_connect_ip(ip, port, my_ip); + if (handle == NULL) + return NULL; +- ssl_handle = irssi_ssl_get_iochannel(handle, cert, pkey, cafile, capath, verify); ++ ssl_handle = irssi_ssl_get_iochannel(handle, hostname, cert, pkey, cafile, capath, verify); + if (ssl_handle == NULL) + g_io_channel_unref(handle); + return ssl_handle; +@@ -382,7 +525,7 @@ + g_warning("SSL server supplied no certificate"); + return -1; + } +- ret = !chan->verify || irssi_ssl_verify(chan->ssl, chan->ctx, cert); ++ ret = !chan->verify || irssi_ssl_verify(chan->ssl, chan->ctx, chan->hostname, cert); + X509_free(cert); + return ret ? 0 : -1; + } +diff -Nur irssi-0.8.14/src/core/servers.c irssi-0.8.14.new/src/core/servers.c +--- irssi-0.8.14/src/core/servers.c 2009-07-21 13:48:05.000000000 -0500 ++++ irssi-0.8.14.new/src/core/servers.c 2010-04-14 13:25:51.070161073 -0500 +@@ -224,7 +224,7 @@ + port = server->connrec->proxy != NULL ? + server->connrec->proxy_port : server->connrec->port; + handle = server->connrec->use_ssl ? +- net_connect_ip_ssl(ip, port, own_ip, server->connrec->ssl_cert, server->connrec->ssl_pkey, ++ net_connect_ip_ssl(ip, port, server->connrec->address, own_ip, server->connrec->ssl_cert, server->connrec->ssl_pkey, + server->connrec->ssl_cafile, server->connrec->ssl_capath, server->connrec->ssl_verify) : + net_connect_ip(ip, port, own_ip); + } else { --- irssi-0.8.14.orig/debian/patches/06gnutls-support +++ irssi-0.8.14/debian/patches/06gnutls-support @@ -0,0 +1,589 @@ +Author: David Pashley vim:ft=diff: +Description: none + +diff -urNad --exclude=CVS --exclude=.svn ./configure.in /tmp/dpep-work.Xa2n5L/irssi/configure.in +--- ./configure.in 2005-07-17 16:00:49.000000000 +0300 ++++ /tmp/dpep-work.Xa2n5L/irssi/configure.in 2005-07-17 16:46:18.000000000 +0300 +@@ -222,7 +222,11 @@ + AC_ARG_ENABLE(ssl, + [ --disable-ssl Disable Secure Sockets Layer support],, + enable_ssl=yes) +- ++if test "$enable_ssl" = "yes"; then ++ AM_PATH_LIBGNUTLS(1.0.16, have_gnutls="true", have_gnutls="false") ++ AC_DEFINE(HAVE_GNUTLS,, Build with GNUTLS support) ++fi ++AM_CONDITIONAL(HAVE_GNUTLS, test "x$have_gnutls" = "xtrue") + dnl ** + dnl ** just some generic stuff... + dnl ** +diff -urNad --exclude=CVS --exclude=.svn ./src/core/Makefile.am /tmp/dpep-work.Xa2n5L/irssi/src/core/Makefile.am +--- ./src/core/Makefile.am 2005-07-17 16:00:43.000000000 +0300 ++++ /tmp/dpep-work.Xa2n5L/irssi/src/core/Makefile.am 2005-07-17 16:46:18.000000000 +0300 +@@ -7,6 +7,12 @@ + -DSYSCONFDIR=\""$(sysconfdir)"\" \ + -DMODULEDIR=\""$(libdir)/irssi/modules"\" + ++#if HAVE_OPENSSL ++#SSL = network-openssl.c ++#else ++SSL = network-gnutls.c ++#endif ++ + libcore_a_SOURCES = \ + args.c \ + channels.c \ +@@ -30,7 +36,7 @@ + net-nonblock.c \ + net-sendbuffer.c \ + network.c \ +- network-openssl.c \ ++ $(SSL) \ + nicklist.c \ + nickmatch-cache.c \ + pidwait.c \ +diff -urNad --exclude=CVS --exclude=.svn ./src/core/network-gnutls.c /tmp/dpep-work.Xa2n5L/irssi/src/core/network-gnutls.c +--- ./src/core/network-gnutls.c 1970-01-01 02:00:00.000000000 +0200 ++++ /tmp/dpep-work.Xa2n5L/irssi/src/core/network-gnutls.c 2005-07-17 16:46:18.000000000 +0300 +@@ -0,0 +1,514 @@ ++/* ++ network-ssl.c : SSL support ++ ++ Copyright (C) 2002 vjt ++ ++ This program is free software; you can redistribute it and/or modify ++ it under the terms of the GNU General Public License as published by ++ the Free Software Foundation; either version 2 of the License, or ++ (at your option) any later version. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU General Public License for more details. ++ ++ You should have received a copy of the GNU General Public License ++ along with this program; if not, write to the Free Software ++ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA ++*/ ++ ++#include "module.h" ++#include "network.h" ++#include "misc.h" ++ ++#define HAVE_GNUTLS ++ ++#ifdef HAVE_GNUTLS ++ ++#include ++#include ++#include ++ ++/* ssl i/o channel object */ ++typedef struct ++{ ++ GIOChannel pad; ++ gint fd; ++ GIOChannel *giochan; ++ gnutls_session session; ++ unsigned int got_cert:1; ++ unsigned int verify:1; ++ unsigned int have_handshaked:1; ++ gnutls_anon_client_credentials anon_cred; ++ gnutls_certificate_credentials xcred; ++} GIOSSLChannel; ++ ++static void irssi_ssl_free(GIOChannel *handle) ++{ ++ GIOSSLChannel *chan = (GIOSSLChannel *)handle; ++ g_io_channel_unref(chan->giochan); ++ gnutls_bye(chan->session, GNUTLS_SHUT_RDWR); ++ gnutls_deinit(chan->session); ++ g_free(chan); ++} ++ ++/*static gboolean irssi_ssl_verify(SSL *ssl, SSL_CTX *ctx, X509 *cert) ++{ ++ if (SSL_get_verify_result(ssl) != X509_V_OK) { ++ unsigned char md[EVP_MAX_MD_SIZE]; ++ unsigned int n; ++ char *str; ++ ++ g_warning("Could not verify SSL servers certificate:"); ++ if ((str = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0)) == NULL) ++ g_warning(" Could not get subject-name from peer certificate"); ++ else { ++ g_warning(" Subject : %s", str); ++ free(str); ++ } ++ if ((str = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0)) == NULL) ++ g_warning(" Could not get issuer-name from peer certificate"); ++ else { ++ g_warning(" Issuer : %s", str); ++ free(str); ++ } ++ if (! X509_digest(cert, EVP_md5(), md, &n)) ++ g_warning(" Could not get fingerprint from peer certificate"); ++ else { ++ char hex[] = "0123456789ABCDEF"; ++ char fp[EVP_MAX_MD_SIZE*3]; ++ if (n < sizeof(fp)) { ++ unsigned int i; ++ for (i = 0; i < n; i++) { ++ fp[i*3+0] = hex[(md[i] >> 4) & 0xF]; ++ fp[i*3+1] = hex[(md[i] >> 0) & 0xF]; ++ fp[i*3+2] = i == n - 1 ? '\0' : ':'; ++ } ++ g_warning(" MD5 Fingerprint : %s", fp); ++ } ++ } ++ return FALSE; ++ } ++ return TRUE; ++} ++*/ ++ ++int irssi_ssl_handshake(GIOChannel *handle) { ++ GIOSSLChannel *chan = (GIOSSLChannel *)handle; ++ int ret; ++ while(1) { ++ fd_set fds_read; ++ fd_set fds_write; ++ struct timeval timeout={1,0}; ++ ++ ret = gnutls_handshake(chan->session); ++ ++ if((ret != GNUTLS_E_AGAIN) && ++ (ret != GNUTLS_E_INTERRUPTED)) ++ break; ++ ++ FD_ZERO(&fds_read); ++ FD_ZERO(&fds_write); ++ ++ FD_SET(chan->fd, &fds_read); ++ FD_SET(chan->fd, &fds_write); ++ select(chan->fd+1, &fds_read, &fds_write, NULL, &timeout); ++ } ++ if (ret < 0) { ++ g_warning( "*** Handshake failed: %s", gnutls_strerror(ret)); ++ if (ret == GNUTLS_E_FATAL_ALERT_RECEIVED) { ++ g_warning( "*** alert: %s", gnutls_alert_get_name (gnutls_alert_get (chan->session))); ++ } ++ ++ ++ } else { ++ chan->have_handshaked = 1; ++ g_warning("- Handshake was completed"); ++ } ++ ++ return ret; ++ ++} ++#if GLIB_MAJOR_VERSION < 2 ++ ++#ifdef G_CAN_INLINE ++G_INLINE_FUNC ++#else ++static ++#endif ++GIOError ssl_errno(gint e) ++{ ++ switch(e) ++ { ++ case EINVAL: ++ return G_IO_ERROR_INVAL; ++ case EINTR: ++ case EAGAIN: ++ return G_IO_ERROR_AGAIN; ++ default: ++ return G_IO_ERROR_INVAL; ++ } ++ /*UNREACH*/ ++ return G_IO_ERROR_INVAL; ++} ++ ++static GIOError irssi_ssl_cert_step(GIOSSLChannel *chan) ++{ ++ g_warning("irssi_ssl_cert_step"); ++ /*UNREACH*/ ++ return G_IO_ERROR_INVAL; ++} ++ ++static GIOError irssi_ssl_read(GIOChannel *handle, gchar *buf, guint len, guint *ret) ++{ ++ GIOSSLChannel *chan = (GIOSSLChannel *)handle; ++ gint err; ++ ++ err = gnutls_record_recv(chan->session, buf, len); ++ if(err < 0) { ++ *ret = 0; ++ return ssl_errno(errno); ++ } else { ++ *ret = err; ++ return G_IO_ERROR_NONE; ++ } ++ /*UNREACH*/ ++ return -1; ++} ++ ++static GIOError irssi_ssl_write(GIOChannel *handle, gchar *buf, guint len, guint *ret) ++{ ++ GIOSSLChannel *chan = (GIOSSLChannel *)handle; ++ gint err; ++ ++ ++ err = gnutls_record_send(chan->session, buf, len); ++ if(err < 0) ++ { ++ *ret = 0; ++ return ssl_errno(errno); ++ } ++ else ++ { ++ *ret = err; ++ return G_IO_ERROR_NONE; ++ } ++ /*UNREACH*/ ++ return G_IO_ERROR_INVAL; ++} ++ ++static GIOError irssi_ssl_seek(GIOChannel *handle, gint offset, GSeekType type) ++{ ++ GIOSSLChannel *chan = (GIOSSLChannel *)handle; ++ GIOError e; ++ e = g_io_channel_seek(chan->giochan, offset, type); ++ return (e == G_IO_ERROR_NONE) ? G_IO_ERROR_NONE : G_IO_ERROR_INVAL; ++} ++ ++static void irssi_ssl_close(GIOChannel *handle) ++{ ++ GIOSSLChannel *chan = (GIOSSLChannel *)handle; ++ g_io_channel_close(chan->giochan); ++} ++ ++static guint irssi_ssl_create_watch(GIOChannel *handle, gint priority, GIOCondition cond, ++ GIOFunc func, gpointer data, GDestroyNotify notify) ++{ ++ GIOSSLChannel *chan = (GIOSSLChannel *)handle; ++ ++ return chan->giochan->funcs->io_add_watch(handle, priority, cond, func, data, notify); ++} ++ ++/* ssl function pointers */ ++static GIOFuncs irssi_ssl_channel_funcs = ++{ ++ irssi_ssl_read, ++ irssi_ssl_write, ++ irssi_ssl_seek, ++ irssi_ssl_close, ++ irssi_ssl_create_watch, ++ irssi_ssl_free ++}; ++ ++#else /* GLIB_MAJOR_VERSION < 2 */ ++ ++#ifdef G_CAN_INLINE ++G_INLINE_FUNC ++#else ++static ++#endif ++GIOStatus ssl_errno(gint e) ++{ ++ switch(e) ++ { ++ case EINVAL: ++ return G_IO_STATUS_ERROR; ++ case EINTR: ++ case EAGAIN: ++ return G_IO_STATUS_AGAIN; ++ default: ++ return G_IO_STATUS_ERROR; ++ } ++ /*UNREACH*/ ++ return G_IO_STATUS_ERROR; ++} ++ ++static GIOStatus irssi_ssl_cert_step(GIOSSLChannel *chan) ++{ ++ g_warning("irssi_ssl_cert_step"); ++ /*UNREACH*/ ++ return G_IO_STATUS_ERROR; ++} ++ ++static GIOStatus irssi_ssl_read(GIOChannel *handle, gchar *buf, guint len, guint *ret, GError **gerr) ++{ ++ GIOSSLChannel *chan = (GIOSSLChannel *)handle; ++ gint err; ++ if (!chan->have_handshaked) { ++ irssi_ssl_handshake(handle); ++ } ++ ++ ++ err = gnutls_record_recv(chan->session, buf, len); ++ if(err < 0) ++ { ++ *ret = 0; ++ return ssl_errno(errno); ++ } ++ else ++ { ++ *ret = err; ++ return G_IO_STATUS_NORMAL; ++ } ++ /*UNREACH*/ ++ return G_IO_STATUS_ERROR; ++} ++ ++static GIOStatus irssi_ssl_write(GIOChannel *handle, const gchar *buf, gsize len, gsize *ret, GError **gerr) ++{ ++ GIOSSLChannel *chan = (GIOSSLChannel *)handle; ++ gint err; ++ ++ if (!chan->have_handshaked) { ++ irssi_ssl_handshake(handle); ++ } ++ ++ ++ err = gnutls_record_send(chan->session, buf, len); ++ if(err < 0) ++ { ++ *ret = 0; ++ return ssl_errno(errno); ++ } ++ else ++ { ++ *ret = err; ++ return G_IO_STATUS_NORMAL; ++ } ++ /*UNREACH*/ ++ return G_IO_STATUS_ERROR; ++} ++ ++static GIOStatus irssi_ssl_seek(GIOChannel *handle, gint64 offset, GSeekType type, GError **gerr) ++{ ++ GIOSSLChannel *chan = (GIOSSLChannel *)handle; ++ GIOError e; ++ e = g_io_channel_seek(chan->giochan, offset, type); ++ return (e == G_IO_ERROR_NONE) ? G_IO_STATUS_NORMAL : G_IO_STATUS_ERROR; ++} ++ ++static GIOStatus irssi_ssl_close(GIOChannel *handle, GError **gerr) ++{ ++ GIOSSLChannel *chan = (GIOSSLChannel *)handle; ++ g_io_channel_close(chan->giochan); ++ ++ return G_IO_STATUS_NORMAL; ++} ++ ++static GSource *irssi_ssl_create_watch(GIOChannel *handle, GIOCondition cond) ++{ ++ GIOSSLChannel *chan = (GIOSSLChannel *)handle; ++ ++ return chan->giochan->funcs->io_create_watch(handle, cond); ++} ++ ++static GIOStatus irssi_ssl_set_flags(GIOChannel *handle, GIOFlags flags, GError **gerr) ++{ ++ GIOSSLChannel *chan = (GIOSSLChannel *)handle; ++ ++ return chan->giochan->funcs->io_set_flags(handle, flags, gerr); ++} ++ ++static GIOFlags irssi_ssl_get_flags(GIOChannel *handle) ++{ ++ GIOSSLChannel *chan = (GIOSSLChannel *)handle; ++ ++ return chan->giochan->funcs->io_get_flags(handle); ++} ++ ++static GIOFuncs irssi_ssl_channel_funcs = { ++ irssi_ssl_read, ++ irssi_ssl_write, ++ irssi_ssl_seek, ++ irssi_ssl_close, ++ irssi_ssl_create_watch, ++ irssi_ssl_free, ++ irssi_ssl_set_flags, ++ irssi_ssl_get_flags ++}; ++ ++#endif ++ ++static void tls_log_func(int level, const char *str) ++{ ++ ++ g_warning( "|<%d>| %s", level, g_strchomp(str)); ++} ++ ++static gboolean irssi_ssl_init(void) ++{ ++ g_warning("irssi_ssl_init"); ++ int ret; ++ if ((ret = gnutls_global_init())) { ++ g_warning( "failed to init gnutls: %s", gnutls_strerror(ret)); ++ return FALSE; ++ } ++ gnutls_global_set_log_function(tls_log_func); ++ gnutls_global_set_log_level(0); ++ ++ return TRUE; ++ ++} ++ ++int is_socket_connected(int fd) { ++ fd_set fds_write; ++ struct timeval timeout={0,0}; ++ FD_ZERO(&fds_write); ++ FD_SET(fd, &fds_write); ++ select(fd+1, 0, &fds_write, NULL, &timeout); ++ ++ struct sockaddr s; ++ socklen_t s_len; ++ if (getpeername(fd,&s,&s_len) == -1 && errno == ENOTCONN) { ++ char ch; ++ read(fd,&ch,1); ++ return FALSE; ++ } ++ return TRUE; ++} ++ ++ ++/*static*/ GIOChannel *irssi_ssl_get_iochannel(GIOChannel *handle, const char *mycert, const char *mypkey, const char *cafile, const char *capath, gboolean verify) ++{ ++ g_warning("irssi_ssl_get_iochannel"); ++ GIOSSLChannel *chan; ++ GIOChannel *gchan; ++ int ret, fd; ++ gnutls_session session; ++ ++ ++ gnutls_anon_client_credentials anon_cred; ++ gnutls_certificate_credentials xcred; ++ ++ int protocol_priority[] = { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 }; ++ int kx_priority[] = ++ { GNUTLS_KX_DHE_RSA, GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, ++ GNUTLS_KX_SRP_RSA, GNUTLS_KX_SRP_DSS, GNUTLS_KX_SRP, ++ /* Do not use anonymous authentication, unless you know what that means */ ++ GNUTLS_KX_RSA_EXPORT, GNUTLS_KX_ANON_DH, 0 ++ }; ++ int cipher_priority[] = ++ { GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_AES_128_CBC, ++ GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR_128, ++ GNUTLS_CIPHER_ARCFOUR_40, 0 ++ }; ++ int comp_priority[] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 }; ++ int mac_priority[] = ++ { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, GNUTLS_MAC_RMD160, 0 }; ++ int cert_type_priority[] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 }; ++ ++ ++ g_return_val_if_fail(handle != NULL, NULL); ++ ++ if(!irssi_ssl_init()) ++ return NULL; ++ ++ fd = g_io_channel_unix_get_fd(handle); ++//if(!(fd = g_io_channel_unix_get_fd(handle)) || !is_socket_connected(fd)) { ++// return NULL; ++// } ++ ++ g_warning ("irssi_ssl_get_iochannel sanity checks complete"); ++ ++ ++ gnutls_certificate_allocate_credentials(&xcred); ++ gnutls_certificate_set_verify_flags(xcred, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); ++ gnutls_anon_allocate_client_credentials(&anon_cred); ++ if (cafile) { ++ /* sets the trusted cas file */ ++ if ((ret = gnutls_certificate_set_x509_trust_file(xcred, cafile, GNUTLS_X509_FMT_PEM)) < 0) { ++ g_warning( "gnutls_certificate_set_x509_trust_file failed: %s", gnutls_strerror(ret)); ++ } ++ } ++ ++ /* Initialize TLS session */ ++ if (gnutls_init(&session, GNUTLS_CLIENT) < 0 ) { ++ g_warning( "gnutls_init failed: %s", gnutls_strerror(ret)); ++ } ++ ++ gnutls_certificate_type_set_priority(session, cert_type_priority); ++ gnutls_cipher_set_priority(session, cipher_priority); ++ gnutls_compression_set_priority(session, comp_priority); ++ gnutls_kx_set_priority(session, kx_priority); ++ gnutls_protocol_set_priority(session, protocol_priority); ++ gnutls_mac_set_priority(session, mac_priority); ++ ++ gnutls_dh_set_prime_bits(session, 512); ++ ++ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anon_cred); ++ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); ++ ++ ++ /* connect to the peer */ ++ gnutls_transport_set_ptr(session, (gnutls_transport_ptr) fd); ++ ++ ++ chan = g_new0(GIOSSLChannel, 1); ++ chan->fd = fd; ++ chan->giochan = handle; ++ chan->session = session; ++ //chan->got_cert = cert != NULL; ++ chan->verify = verify; ++ chan->anon_cred = anon_cred; ++ chan->xcred = xcred; ++ ++ gchan = (GIOChannel *)chan; ++ gchan->funcs = &irssi_ssl_channel_funcs; ++ g_io_channel_init(gchan); ++ ++ /* Perform the TLS handshake */ ++ return gchan; ++} ++ ++GIOChannel *net_connect_ip_ssl(IPADDR *ip, int port, IPADDR *my_ip, const char *cert, const char *pkey, const char *cafile, const char *capath, gboolean verify) ++{ ++ GIOChannel *handle, *ssl_handle; ++ ++ handle = net_connect_ip(ip, port, my_ip); ++ ssl_handle = irssi_ssl_get_iochannel(handle, cert, pkey, cafile, capath, verify); ++ if (ssl_handle == NULL) ++ g_io_channel_unref(handle); ++ return ssl_handle; ++} ++ ++#else /* HAVE_OPENSSL */ ++ ++GIOChannel *net_connect_ip_ssl(IPADDR *ip, int port, IPADDR *my_ip, const char *cert, const char *pkey, const char *cafile, const char *capath, gboolean verify) ++{ ++ g_warning("Connection failed: SSL support not enabled in this build."); ++ errno = ENOSYS; ++ return NULL; ++} ++ ++#endif /* ! HAVE_OPENSSL */ +diff -urNad --exclude=CVS --exclude=.svn ./src/fe-none/Makefile.am /tmp/dpep-work.Xa2n5L/irssi/src/fe-none/Makefile.am +--- ./src/fe-none/Makefile.am 2005-07-17 16:00:41.000000000 +0300 ++++ /tmp/dpep-work.Xa2n5L/irssi/src/fe-none/Makefile.am 2005-07-17 16:46:18.000000000 +0300 +@@ -12,7 +12,8 @@ + @COMMON_NOUI_LIBS@ \ + @PERL_LINK_LIBS@ \ + @PERL_LINK_FLAGS@ \ +- @PROG_LIBS@ ++ @PROG_LIBS@ \ ++ -lgnutls + + botti_SOURCES = \ + irssi.c +diff -urNad --exclude=CVS --exclude=.svn ./src/fe-text/Makefile.am /tmp/dpep-work.Xa2n5L/irssi/src/fe-text/Makefile.am +--- ./src/fe-text/Makefile.am 2005-07-17 16:00:44.000000000 +0300 ++++ /tmp/dpep-work.Xa2n5L/irssi/src/fe-text/Makefile.am 2005-07-17 16:46:18.000000000 +0300 +@@ -21,7 +21,9 @@ + @PERL_FE_LINK_LIBS@ \ + @PERL_LINK_FLAGS@ \ + @PROG_LIBS@ \ +- @TEXTUI_LIBS@ ++ @TEXTUI_LIBS@ \ ++ -lgnutls ++ + + tparm_sources = \ + tparm.c --- irssi-0.8.14.orig/debian/patches/02ctcp_version_reply +++ irssi-0.8.14/debian/patches/02ctcp_version_reply @@ -0,0 +1,19 @@ +Author: Gerfried Fuchs vim:ft=diff: +Description: remove $sysname $sysarch from default version reply, BTS #373094 + +Index: irssi-0.8.14/src/irc/core/ctcp.c +=================================================================== +--- irssi-0.8.14.orig/src/irc/core/ctcp.c ++++ irssi-0.8.14/src/irc/core/ctcp.c +@@ -327,8 +327,10 @@ void ctcp_init(void) + { + ctcp_cmds = NULL; + ++ /* remove $sysname $sysarch from default version reply, too much info, ++ * see debian bug #373094 */ + settings_add_str("misc", "ctcp_version_reply", +- PACKAGE_TARNAME" v$J - running on $sysname $sysarch"); ++ PACKAGE_TARNAME" v$J"); + settings_add_str("misc", "ctcp_userinfo_reply", "$Y"); + settings_add_int("flood", "max_ctcp_queue", 5); + --- irssi-0.8.14.orig/debian/patches/03firsttimer_text +++ irssi-0.8.14/debian/patches/03firsttimer_text @@ -0,0 +1,29 @@ +Author: Gerfried Fuchs vim:ft=diff: +Description: add hint about #debian to first time user message, BTS #393707 + +Index: irssi-0.8.14/src/fe-text/irssi.c +=================================================================== +--- irssi-0.8.14.orig/src/fe-text/irssi.c ++++ irssi-0.8.14/src/fe-text/irssi.c +@@ -81,6 +81,8 @@ static int dirty, full_redraw, dummy; + static GMainLoop *main_loop; + int quitting; + ++/* add debian informations for first time users, ++ * see debian bug #393707 */ + static const char *firsttimer_text = + "Looks like this is the first time you've run irssi.\n" + "This is just a reminder that you really should go read\n" +@@ -88,7 +90,11 @@ static const char *firsttimer_text = + "and more irssi beginner info at http://www.irssi.org\n" + "\n" + "For the truly impatient people who don't like any automatic\n" +- "window creation or closing, just type: /MANUAL-WINDOWS"; ++ "window creation or closing, just type: /MANUAL-WINDOWS\n" ++ "\n" ++ "For Ubuntu specific help type \"/connect irc.ubuntu.com\"\n" ++ "and \"/join #ubuntu\" (without the quotes) and ask your\n" ++ "question."; + static int display_firsttimer = FALSE; + +