News Archive
Irssi 1.0.5 Released
Posted on October 22nd 2017
Irssi 1.0.5 has been released. This release fixes a few security issues in Irssi as well as a few bugs. There are no new features. All Irssi users should upgrade to this version. See the NEWS for details.
Most issues have been identified using fuzzing, thanks to Hanno Böck and Joseph Bisch. We expect Joseph will be able to tell you more about his newest fuzzer at freenode.live on the weekend!
For more information refer to the security advisory.
This release can be downloaded from our releases page. Binary test packages for various Linux distributions are automatically generated by the openSUSE Build Service and are available for download in the irssi-test repository.
Please check with your distro whether they provide officially updated packages.
We currently do not have any alternate advice.
The Irssi Team.
Irssi 1.0.4 Released
Posted on July 7th 2017
Irssi 1.0.4 has been released. This release fixes two remote crash issues in Irssi as well as a few bugs, correcting a mistake that was introduced in 1.0.3 while parsing some time-related settings. There are no new features. All Irssi users should upgrade to this version. See the NEWS for details.
Our bug reporter Brian 'geeknik' Carpenter writes:
34 days after reading Fuzzing Irssi, my AFL instance was finally able to trigger a null pointer dereference in irssi 1.0.2. [...] Hopefully this one isn't fixed yet.
35 days after reading Fuzzing Irssi, my AFL instance triggered a heap-use-after-free in irssi 1.0.2. Compiled on Debian 8 x64 following the instructions and patches of the referenced article. (;
For more information refer to the security advisory.
Thanks, Brian!
This release can be downloaded from our releases page. Binary test packages for various Linux distributions are automatically generated by the openSUSE Build Service and are available for download in the irssi-test repository.
Please check with your distro whether they provide officially updated packages.
We currently do not have any alternate advice.
The Irssi Team.
Irssi 1.0.3 Released
Posted on June 6th 2017
Irssi 1.0.3 has been released. This release fixes two remote crash issue in Irssi as well as a few bug fixes, the most notable that TLS can now be disabled from within the text-UI. There are no new features. All Irssi users should upgrade to this version. See the NEWS for details.
Read the security advisory.
Read more... the Irssi Team.
Fuzzing Irssi
Posted by Joseph Bisch on May 12th 2017
Hello fellow Irssi users and people interested in learning about fuzzing,
There have been recent efforts within the Irssi and open source security communities to make Irssi more secure through the use of fuzzing. For example the security bugs revealed in the first Irssi security advisory of 2017 were found by fuzzing. In this blog post, we will cover an introduction to fuzzing, how to fuzz Irssi, and a look at a couple of actual bugs found in past versions of Irssi.
Read more... the Irssi Team.
Help us test horizontal/vertical splits
Posted by Nei on May 6th 2017
It all started in 2005, when I asked in FS#310 whether vertical splits would be possible. By that, of course, I meant to split the windows horizontally in a line. At that time, the most popular version of Irssi had been 0.8.9 for several years.
Read more... the Irssi Team.
Poll: Non-UTF-8 discontinuation
Posted on March 12th 2017
Hello fellow Irssi users,
We are planning to remove 8-bit and Chinese support from Irssi.
Interaction with legacy IRC channels would still be provided through /recode, as it is currently.
However, Irssi would stop working on non-UTF-8 terminals (or at least appear heavily glitched)
If you have any helpful comments or concerns about this topic, please raise your voice either in the GitHub issue 671 or by writing an e-mail. We're especially interested to learn about people who are still using the 8-bit support and why you would not be able to move to Unicode.
Thank you for your support,
The Irssi Team.
Irssi 1.0.2 Released
Posted on March 11th 2017
Irssi 1.0.2 has been released. This release fixes a remote crash issue in Irssi 1.0 as well as a few bug fixes, the most notable a regression that broke incoming DCC file transfers. There are no new features. All Irssi 1.0 users should upgrade to this version. See the NEWS for details.
Furthermore, we need to emphasise that in Irssi 1.0 up to and
including 1.0.2, GRegex is not UTF-8
compliant. Enabling UTF-8
in GRegex while receiving arbitrary messages (i.e. invalid UTF-8, as
happens frequently on IRC) would lead to memory issues and crashes,
therefore it is currently operating in byte mode. You can either
choose to revert to your system provided regex engine using
--disable-gregex
at ./configure time and hope that it does whatever
you need, or join the discussion on issue #636 for how to best solve
this problem, or apply the
patch from PR#653 if
you need proper Unicode-aware regexen in /hilight
and /ignore
as
an intermediate solution.
Read the security advisory.
Read more... the Irssi Team.
Irssi 1.0.1 Released
Posted on February 5th 2017
Irssi 1.0.1 has been released. This release is our first bug fix release on the 1.0 branch. You won't see new features on 1.0. Most importantly, a mistake that broke tab completion of settings and aliases has been corrected, as well as a memory leak during SASL found by Joseph Bisch. All users of 1.0.0 should upgrade to this version. See the NEWS for details.
Read more... the Irssi Team.