Security update for weechat (moderate)

An update that fixes one vulnerability is now available.

Description:

This update for weechat fixes the following issues:

update to 3.2.1:

• CVE-2021-40516: relay: fix crash when decoding a malformed websocket
  frame (boo#1190206)

update to 3.2

main changes:

 * use XDG directories by default (config, data, cache, runtime)
 * add support of IRC SASL mechanisms SCRAM-SHA-1, SCRAM-SHA-256 and
   SCRAM-SHA-512
 * automatically load system certificates without giving a hardcoded path
   to the file with certificates
 * add options to customize commands executed on system signals received
   (SIGHUP, SIGQUIT, SIGTERM, SIGUSR1, SIGUSR2)
 * add bar item "tls_version" and buflist format
 * add signals "cursor_start" and "cursor_end"
 * add function crypto_hmac in API
 * add translated string in evaluation of expressions with "translate:xxx"
 * add info "weechat_daemon"
 * add Python stub for WeeChat API
 * add variables "${tg_shell_argc}" and "${tg_shell_argvN}" in command
   trigger evaluated strings
 * many bugs fixed.

for all changes, please visit:
https://weechat.org/files/changelog/ChangeLog-3.2.html

update to 3.1

New features

 * core: add options weechat.look.hotlist_update_on_buffer_switch and
   weechat.look.read_marker_update_on_buffer_switch (issue #992, issue
   #993)
 * core: add option sec.crypt.passphrase_command to read passphrase from
   an external program on startup, remove option
   sec.crypt.passphrase_file (issue #141)
 * core: improve debug in command /eval: display more verbose debug with
   two "-d", add indentation and colors
 * core: add options "setvar" and "delvar" in command /buffer, rename
   option "localvar" to "listvar"
 * core: add buffer local variable "completion_default_template"
   (evaluated) to override the value of option
   "weechat.completion.default_template" (issue #1600)
 * core: add option "recreate" in command /filter
 * core: add raw string in evaluation of expressions with "raw:xxx"
   (issue #1611)
 * core: add evaluation of conditions in evaluation of expressions with
   "eval_cond:xxx" (issue #1582)
 * api: add info_hashtable "secured_data"
 * irc: add info "irc_is_message_ignored"
 * irc: add server option "default_chantypes", used when the server does
   not send them in message 005 (issue #1610)
 * trigger: add variable "${tg_trigger_name}" in command trigger
   evaluated strings (issue #1580)

• Bug fixes

  • core: fix quoted line in cursor mode (issue #1602)
  • core: fix wrong size of the new window after vertical split (issue
    #1612)
  • core: do not remove quotes in arguments of command /eval as they can
    be part of the evaluated expression/condition (issue #1601)
  • core: display an error when the buffer is not found with command
    /command -buffer
  • buflist: add option buflist.look.use_items to speed up display of
    buflist (issue #1613)
  • irc: add bar item “irc_nick_prefix”
  • irc: fix separator between nick and host in bar item “irc_nick_host”
  • irc: fix completion of commands /halfop and /dehalfop

• Documentation

  • do not build weechat-headless man page if headless binary is disabled
    (issue #1607)

update to 3.0.1:

 * exec: fix search of command by identifier
 * spell: fix refresh of bar item "spell_suggest" when the input becomes
   empty (issue #1586)
 * spell: fix crash with IRC color codes in command line (issue #1589)

update to 3.0

New features

 * api: add optional list of colors in infos "nick_color" and
   "nick_color_name" (issue #1565)
 * api: add argument "bytes" in function string_dyn_concat
 * api: add function string_color_code_size (issue #1547)
 * exec: add option "-oerr" to send stderr to buffer (now disabled by
   default) (issue #1566)
 * fset: add option fset.look.auto_refresh (issue #1553)
 * irc: add pointer to irc_nick in focus of bar item "buffer_nicklist"
   (issue #1535, issue #1538)
 * irc: allow to send text on buffers with commands /allchan, /allpv and
   /allserv
 * irc: evaluate command executed by commands /allchan, /allpv and
   /allserv (issue #1536)
 * script: add option script.scripts.download_enabled (issue #1548)
 * trigger: add variable "tg_argc" in data set by command trigger (issue
   #1576)
 * trigger: add variable "tg_trigger_name" in data set by all triggers
   (issue #1567, issue #1568)

Bug fixes

 * core: set "notify_level" to 3 if there is a highlight in the line
   (issue #1529)
 * core: do not add line with highlight and tag "notify_none" to hotlist
   (issue #1529)
 * irc: remove SASL timeout message displayed by error after successful
   SASL authentication (issue #1515)
 * irc: send all channels in a single JOIN command when reconnecting to
   the server (issue #1551)
 * script: do not automatically download list of scripts on startup if
   the file is too old (issue #1548)
 * spell: properly skip WeeChat and IRC color codes when checking words
   in input (issue #1547)
 * trigger: fix recursive calls to triggers using regex (issue #1546)
 * trigger: add ${tg_tags} !!- ,notify_none, in conditions of default
   trigger "beep" (issue #1529)

• Tests

  • core: add tests on GUI line functions

• Build

  • core: disable debug by default in autotools build
  • tests: fix compilation with CppUTest ��� 4.0

• new .desktop file from weechat sources

• update to 2.9

• New features

  • core: add bar option “color_bg_inactive”: color for window bars in
    inactive window (issue #732)
  • core: add Alacritty title escape sequence support (issue #1517)
  • core: display notify level for current buffer with command /buffer
    notify (issue #1505)
  • core: count only visible nicks in bar item “buffer_nicklist_count”,
    add bar items “buffer_nicklist_count_groups” and
    “buffer_nicklist_count_all” (issue #1506)
  • core: set default size for input bar to 0 (automatic) (issue #1498)
  • core: add default key Alt+Enter to insert a newline (issue #1498)
  • core: add flag “input_multiline” in buffer (issue #984, issue #1063)
  • core: add a scalable WeeChat logo (SVG) (issue #1454, issue #1456)
  • core: add base 16/32/64 encoding/decoding in evaluation of expressions
    with “base_encode:base,xxx” and “base_decode:base,xxx”
  • core: add case sensitive wildcard matching comparison operator (==*
    and !!*) and case sensitive/insensitive include comparison operators
    (==-, !!-, =-, !-) in evaluation of expressions
  • core: add default key Alt+Shift+N to toggle nicklist bar
  • core: add command line option “–stdout” in weechat-headless binary to
    log to stdout rather than ~/.weechat/weechat.log (issue #1475, issue
    #1477)
  • core: reload configuration files on SIGHUP (issue #1476)
  • api: add pointer “_bar_window” in hashtable sent to hook focus
    callback (issue #1450)
  • api: add info_hashtable “focus_info” (issue #1245, issue #1257)
  • api: rename function hook_completion_get_string to
    completion_get_string and hook_completion_list_add to
    completion_list_add
  • api: add functions completion_new, completion_search and
    completion_free
  • api: add hdata “completion_word”
  • buflist: add default key Alt+Shift+B to toggle buflist
  • buflist: add options enable/disable/toggle in command /buflist
  • buflist: evaluate option buflist.look.sort so that sort can be
    customized for each of the three buflist bar items (issue #1465)
  • irc: add support of UTF8MAPPING (issue #1528)
  • irc: display account messages in buffers (issue #1250)
  • python: add WeeChat sharedir python directory to PYTHONPATH (issue
    #1537)
  • relay: increase default limits for IRC backlog options
  • relay: add command “handshake” in weechat relay protocol and nonce to
    prevent replay attacks, add options relay.network.password_hash_algo,
    relay.network.password_hash_iterations, relay.network.nonce_size
    (issue #1474)
  • relay: add command “completion” in weechat relay protocol to perform a
    completion on a string at a given position (issue #1484)
  • relay: add option relay.network.auth_timeout
  • relay: update default colors for client status
  • relay: add status “waiting_auth” in irc and weechat protocols (issue
    #1358)
  • trigger: evaluate arguments of command when the trigger is created
    (issue #1472)

• Bug fixes

  • core: fix command /window scroll_beyond_end when buffer has fewer
    lines than chat height (issue #1509)
  • core: force buffer property “time_for_each_line” to 0 for buffers with
    free content (issue #1485)
  • core: don���t collapse consecutive newlines in lines displayed before
    the first buffer is created
  • core: don���t remove consecutive newlines when pasting text (issue
    #1500)
  • core: don���t collapse consecutive newlines in bar content (issue
    #1500)
  • core: fix WEECHAT_SHAREDIR with CMake build (issue #1461)
  • core: fix memory leak in calculation of expression on FreeBSD (issue
    #1469)
  • core: fix resize of a bar when its size is 0 (automatic) (issue #1470)
  • api: fix use of pointer after free in function key_unbind
  • api: replace plugin and buffer name by buffer pointer in argument
    “modifier_data” sent to weechat_print modifier callback (issue #42)
  • buflist: add “window” pointer in bar item evaluation only if it���s
    not NULL (if bar type is “window”)
  • exec: fix use of same task id for different tasks (issue #1491)
  • fifo: fix errors when writing in the FIFO pipe (issue #713)
  • guile: enable again /guile eval (issue #1514)
  • irc: use new default chantypes “#&” when the server does not send it
  • irc: add support of optional server in info “irc_is_nick”, fix check
    of nick using UTF8MAPPING isupport value (issue #1528)
  • irc: fix add of ignore with flags in regex, display full ignore mask
    in list of ignores (issue #1518)
  • irc: do not remove spaces at the end of users messages received (issue
    #1513)
  • irc: fix realname delimiter color in WHO/WHOX response (issue #1497)
  • irc: reuse a buffer with wrong type “channel” when a private message
    is received (issue #869)
  • python: fix crash when invalid UTF-8 string is in a WeeChat hashtable
    converted to a Python dict (issue #1463)
  • relay: add missing field “notify_level” in message
    “_buffer_line_added” (issue #1529)
  • relay: fix slow send of data to clients when SSL is enabled
  • trigger: only return trigger���s return code when condition evaluates
    to true (issue #592)
  • trigger: fix truncated trigger command with commands /trigger
    input|output|recreate
  • trigger: do not hide values of options with /set command in cmd_pass
    trigger

• Documentation

  • add includes directory
  • merge 53 auto-generated files into 11 files
  • fix broken literal blocks in Japanese docs with Firefox (issue #1466)

• Tests

  • core: add CI with GitHub Actions, move codecov.io upload to GitHub
    Actions
  • core: switch to Ubuntu Bionic on Travis CI, use pylint3 to lint Python
    scripts
  • core: run tests on plugins only if the plugins are enabled and compiled
  • irc: add tests on IRC color and channel functions

• Build

  • javascript: disable build by default and remove Debian packaging
    of JavaScript plugin (issue #360)
  • core: make GnuTLS a required dependency
  • core: fix build with CMake 3.17.0
  • core: fix build with cygport on Cygwin

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

• openSUSE Backports SLE-15-SP3:

  zypper in -t patch openSUSE-2022-83=1