News Archive

Irssi 1.2.1 and 1.1.3 and 1.0.8 Released

Posted on June 29^th 2019

Irssi 1.2.1 and 1.1.3 and 1.0.8 have been released! They contain some critical updates which we hope you'll enjoy. There are no new features. All Irssi users should upgrade to this version. See the NEWS for details.

For more information refer to the security advisory.

If you've had any issues with SASL login suddenly failing, hopefully this update will fix that.

This release can be downloaded from our releases page. Binary test packages for various Linux distributions are automatically generated by the openSUSE Build Service and are available for download in the irssi-test and irssi-oldtest repositories.

Please check with your distro whether they provide officially updated packages.

We currently do not have any alternate advice.

The Irssi Team.

Irssi 1.2.0 OTR Migration Path

Posted on February 12^th 2019

With the release of Irssi 1.2.0 we now bundle the OTR plug-in as part of the Irssi source code. During the import phase of the irssi-otr codebase we fixed a number of issues, but one of them caused us to break backwards compatibility for old irssi-otr users.

With the updated OTR implementation the secret keys of the user is no longer stored with an account name of $nickname@$server (for example: user@irc.libera.chat), but is rather stored with the network (or chatnet if you like) name from Irssi (for example: liberachat). This should remove the issue that some users have reported where if they connect to another server on a given network the OTR implementation generates new keys for you.

You can see your list of OTR keys in Irssi using /otr info.

Upgrade Path

This requires a bit of manual work, but if you look at your ~/.irssi/otr directory you should have 3 files:

otr.fp - containing the fingerprints of your OTR buddies.
otr.instag - containing the tags from OTR.
otr.key - containing your secret keys.

In otr.fp and otr.key you should manually open these files and modify the old strings to the new format. The otr.key file is the most important one since it contains the secret key material. The file contains an s-expression like structure where the account name key can be found in the (name name-goes-here) tuple. The otr.fp file contains a list of known fingerprints. Correct the account name from your preview keys there as well.

Irssi 1.2.0 Released

Posted on February 11^th 2019

Happy lunar new year from the Irssi Team!

Irssi 1.2.0 has been released. This release is the result of all the contributions Irssi received in the past year. Of course, it includes all the security fixes from Irssi 1.1.2.

23 users contributed to this release. In total 174 files changed with 9215 line insertions and 1602 line deletions. Thanks everyone!

Another thanks for those helping us test Irssi by running the Git version!

Some notable changes:

/statusbar has a whole new syntax
/1 /2 /3 ... removed from default config (available as new setting window_number_commands)
Private notices intended for channels are now displayed on the channel (new setting notice_channel_context)
The assumed width of characters can now be configured (new setting wcwidth_implementation)

Some interesting new features:

The "Off-the-record" module is now included in the Irssi source
Initial version of horizontal splits
Formatting support for the input line, for example to hilight wrong words with spell checker script

See the NEWS for details.

After installing the new release, you can use /upgrade to re-launch your Irssi binary, but don't forget to /save first. TLS connections will break and require manual /reconnect 1 and so on. To save and restore the window content, load the buf.pl script and make sure it is in autorun. Starting with Irssi 1.1.0, you can also save and restore your command history -- /script install savecmdhist and make sure it is in autorun as well.

We are committed to put security, stability and regression fixes on subsequent 1.2.x releases, as we have done for 1.1.

As usual, there remains a lot to be done. We are always looking for help, so you can check the bugs and see if you can fix some, or implement some of the enhancement requests.

By the way, test packages for the Git version are also available for download in the irssi-git repository, and an archive of the old stable version is available in irssi-oldtest.

Feel welcome to join our IRC channel, or discuss this news on Lobsters, Hacker News or Twitter.

The Irssi Team.

Irssi 1.1.2 Released

Posted on January 9^th 2019

Happy New Year from the Irssi Team!

Irssi 1.1.2 has been released! This release fixes some stability issues in Irssi 1.1 as well as a few bug fixes. There are no new features. All Irssi 1.1 users should upgrade to this version. See the NEWS for details.

For more information refer to the security advisory.

Please check with your distribution whether they provide officially updated packages.

We currently do not have any alternate advice.

In the meantime, the following interesting changes happened in the development version of Irssi:

Syntax for the the /STATUSBAR commands was improved (#858)
Private notices intended for channels are now displayed on the channel (new setting notice_channel_context) (#959)
The "Off-the-record" module was imported into the Irssi tree (#854, #589, #196)
Users can now choose between different implementations of wcwidth. This is used to calculate the width of emojis on your terminal screen (#917, #720)

These functions are now also available from Perl (#973):
```
string_width(str)
string_chars_for_width(str, width)
wcwidth(char)
```
Added a completion_keep_word setting (#979)
Allow hiding of lines through the /IGNORE system (#901, #900, #892, #890, #884, #937)
Add autolog_only_saved_channels setting, to autolog only channels that are in the config (#968)
Prevent config truncation when no space left. By dequis and Lukas Waymann (#922, #925, #910, #909, #906, #871, #817)
Time-out broken SSL connections (#866, #130)
Make default keybinds deletable (#859, #507)

Feel welcome to join our IRC channel for any questions.

The Irssi Team.

🎆 Irssi 1.1.1 and 1.0.7 Released 🎆

Posted on February 15^th 2018

Happy Lunar New Year from the Irssi Team!

Irssi 1.1.1 and 1.0.7 have been released! They contain some critical updates which we hope you'll enjoy. There are no new features. All Irssi users should upgrade to this version. See the NEWS for details.

For more information refer to the security advisory.

One of bigger issues that was silent to us was a bug in OpenSSL that has been fixed six years ago. It causes Irssi to crash. None of the developers were using such old software. Unfortunately, Debian jessie and Ubuntu 14.04 still use OpenSSL from before that.

The other important bug was that netsplits would crash Irssi when getting disconnected. Sorry for this bug. It shows that the netsplit code is badly tested since it doesn't occur so frequently. We could really benefit from some unit tests here...

An odd issue was found in the configure script. Our development box has a version of autotools that was patched by the distribution to fix a minor syntax issue. Unfortunately, that patch broke the POSIX sh compatibility of the generated files! (The bug is only present in the 1.1.0 release tarballs.)

Another invisible issue was that the test suite would mysteriously fail on sufficiently old systems. Turns out the required TAP output is only present in GLib 2.40 and later (and of course not documented). Again, no-one on the team was using anything older...

A surprising issue was uncovered when using negative numbers to manipulate window sizes. Let's just say Irssi totally didn't expect you to do this. (It will crash your Irssi and possibly show odd display glitches.)

Irssi 1.0.7 also includes a patch for some /server add/modify commands that could crash Irssi. This was originally scheduled for 1.0.6 but forgotten! Oops.

Please check with your distro whether they provide officially updated packages.

We currently do not have any alternate advice.

In the meantime, the following interesting changes happened in the development version:

Sideways split support was added into Irssi (#697)
Ben Paxton backported code to colourise the input prompt, originally by Jonas Hurrelmann. This can be used for spell checking or nick colouring. (#764)
Manish Goregaokar contributed code that will add a colon behind all the tab-completed nicks (#822)
another take at the netsplit printing optimisations was merged (now with less crashes??) (#832)
the theme engine was added to Google's Oss-Fuzz and already uncovered several deficiencies
Niklas Luokkala added the binding that selects the previous completion during tab completion to Shift+Tab by default (#830)
Martin Staron contributed code that might fix storing of DCC GETs on Android phones or FAT partitions (#844)
CAP 3.2 capability negotiation is now supported (#775)

Feel welcome to join our IRC channel, or discuss this news on reddit or Twitter.

The Irssi Team.

PyIRCFuzz

Posted by Joseph Bisch on January 24^th 2018

This blog post is a follow up to my first post on this blog about fuzzing Irssi. This time we will look at using pyircfuzz instead of afl-fuzz.

First we are going to get pyircfuzz itself and run it. Pyircfuzz acts as an IRC server, but it sends a variety of messages (not always well formed) to the IRC client(s) that are connected in an attempt to crash the client(s).

git clone https://github.com/josephbisch/pyircfuzz
cd pyircfuzz
python3 ircfuzz.py

Next we need to get Irssi and checkout 1.0.2, because we know it actually has bugs for us to find. Then, after we have built Irssi, we are going to run it and connect to the pyircfuzz instance on localhost and log the error output to a file.

git clone https://github.com/irssi/irssi
cd irssi
git checkout 1.0.2
ASAN_OPTIONS=detect_leaks=0 ./autogen.sh CC=clang CFLAGS="-g -Og -fsanitize=address"
make
./src/fe-text/irssi -c localhost 2> asan.log

Here is a picture of what Irssi looks like at this point. It crashed so quickly (remember we are using an outdated version of Irssi) that I didn't have time to get a screenshot of the fuzzing in action.

Here is the AddressSanitizer output (from asan.log):

Irssi 1.1.0 Released

Posted on January 15^th 2018

Happy new year again from the Irssi Team!

Irssi 1.1.0 has been released. This release is the result of all the contributions Irssi received in the past year. Of course, it includes all the security fixes from Irssi 1.0.6.

Will Storey, Joseph Bisch, Edward Tomasz Napierala and Jari Matitainen contributed to this release and accepted our invitation to join the project, as well as external contributions from Robert Bisewski, Paul Townsend, Oscar Linderholm, Rodrigo Rebello, Stephen Oberholtzer, Paolo Martini, Martijn Dekker, Tim Konick, Hanno Böck, Tristan Pepin Michael Hansen, and Lasse Toimela. In total 151 files changed, with 6214 line insertions and 1062 line deletions. Thanks everyone!

We rushed in some last minute fixes into 1.1.0 so as they wouldn't have to sit on the queue until next year. We hope it doesn't affect stability of the release too much. Thanks for those helping us test by running the Git version!

Some notable changes:

/server does not connect to servers anymore, we recommend using /connect! You can also change servers using /server connect
/foreach now emits commands instead of sending text to the targets

Some interesting new features:

If you use the per window command history, global history can now be accessed with Ctrl+Arrows
History entries can now be deleted (e.g. to remove some secrets)
East-asian users will enjoy /set break_wide to make words wrap more naturally
On FreeBSD, Irssi now supports the Capsicum sandbox (experimental)
Lines with certain levels can be hidden from screen (not ignored), using /window hidelevel

Some new developments:

Fuzzing code has been added to the repository, which may help find certain kinds of bugs (and already has!)
Module authors can now use net_start_ssl for StartTLS (used e.g. by Quassel)
Irssi now has a folder for unit tests!

See the NEWS for details.

After installing the new release, you can use /upgrade to re-launch your Irssi binary, but don't forget to /save first. TLS connections will break and require manual /reconnect 1 and so on. To save and restore the window content, load the buf.pl script and make sure it is in autorun. Starting with Irssi 1.1.0, you can also save and restore your command history -- check this comment until someone comes up with a proper script.

We are committed to put security, stability and regression fixes on subsequent 1.1.x releases, as we have done for 1.0.

As usual, there remains a lot to be done. We are always looking for help, so you can check the bugs and see if you can fix some, or implement some of the enhancement requests. The initial version of horizontal splits has already landed in Git and thus should be included in Irssi 1.2.0.

By the way, test packages for the Git version are also available for download in the irssi-git repository, and an archive of the old stable version is available in irssi-oldtest.

We are also looking for packagers who want to take the challenge of adding compatible builds of irssi-{python,otr,xmpp,icb,quassel,fish,theme-indent,...} to either distributions or the openSUSE Build Service (has to support all our current targets there.)

Feel welcome to join our IRC channel, or discuss this news, on reddit.

The Irssi Team.

Irssi 1.0.6 Released

Posted on January 7^th 2018

Happy new year from the Irssi Team!

Irssi 1.0.6 has been released. This release fixes a few security issues in Irssi as well as a few bugs. There are no new features. All Irssi users should upgrade to this version. See the NEWS for details.

Most issues have been identified using fuzzing, thanks to Joseph Bisch.

For more information refer to the security advisory.

Please check with your distro whether they provide officially updated packages.

We currently do not have any alternate advice.

The Irssi Team.