Quassel IRC client Logo

In case you wonder where the announcement of 0.6.0 went, he writes that they skipped it because “shortly after tagging, we’ve discovered two serious bugs in that version. One could make the monolithic client try to select the PostgreSQL backend rather than SQlite; the other would lead to a crash on startup in some setups”.

In the announcement, he cites the following as the most notable new features:

Completely reworked client/core connection featuring the long-awaited reconnection and Solid support as well as a streamlined UI

Support for the new DBus-based system tray of KDE and, in some distros, Gnome (StatusNotifier spec)

Improved notification handling

Support for inputting formatted (colored/bold/…) text

SASL auth support (replaces NickServ e.g. in Freenode)

Several new languages and improved translations for already existing ones

Build system improvements

Version 0.7.x is already in development but he says that they will “maintain the 0.6.x branch in feature and string freeze at least until 0.7.0 is released” which means they’ll backport bugfixes where it makes sense but won’t introduce new features in the 0.6.x branch to “make packagers of freeze-loving distros happy”.

The complete changelog can be found here and the download can be obtained from here.

  Copyright secured by Digiprove

Feel free to Flattr this post at flattr.com, if you like it.

Quassel IRC client updated to 0.6.1 is a post from: IRC-Junkie.org - IRC News

This post is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Deutschland license.

Related posts:

1. Quassel IRC v0.4.0 Released
2. Quassel IRC client releases version 0.5.2
3. Quassel IRC CTCP Command Injection Vulnerability

This bugfix release mainly contains “build system fixes for recent versions of KDE and Qt” and “some issues with netsplit handling have also been fixed”. A bug that made the menu-bar vanish has been fixed and if you are affected you now can “use the context menu on the chatview to re-enable it”.

Due to the recent floodings of mass CTCPs to channels on freenode they added an option that allows you to forbid replys to certain CTCP types for the network you choose.

Developer Sput writes that “Since Freenode has fixed the problem the other day, using this should no longer be necessary for now” which is not entirely true – the fix itself is the addition of a channelmode that doesn’t allow channel-wide CTCPs (+C) which however has to be enabled to come into effect.

The download can be found here.

Feel free to Flattr this post at flattr.com, if you like it.

Quassel IRC client releases version 0.5.2 is a post from: IRC-Junkie.org - IRC News

This post is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Deutschland license.

Related posts:

1. Quassel IRC client updated to 0.6.1
2. Quassel IRC v0.4.0 Released
3. Quassel IRC CTCP Command Injection Vulnerability

The Kubuntu-supported client’s 0.4 branch has a number of major upgrades, including:

KDE Integration: Quassel can now be integrated into KDE4, allowing for your style and color schemes to be picked up by Quassel correctly.

UI and Feature Overhaul: Plenty of minor improvements here, such as context menus, URL hyperlinks, colored nicknames, paste warnings and much more.

Streamlined Monolithic Client: Big improvement over the original core + client combined binary.

Facelift: Quassel are happy to brag that they have a complete makeover appearance-wise, courtesy of Nuno Pinheiro (from Oxygen).

Quassel weren’t able to implement everything they wanted to with the 0.4.0 release. Because Kubuntu is now using Quassel as their default IRC client, Quassel have been working to try and meet Kubuntu’s deadline, which means things such as translations into other languages have been put on hold until the 0.4.1 release.

The full article can be found here.

The Feature log and Git history can be found here and here respectively.

Give it a spin and tell us what you think!

Feel free to Flattr this post at flattr.com, if you like it.

Quassel IRC v0.4.0 Released is a post from: IRC-Junkie.org - IRC News

This post is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Deutschland license.

Related posts:

1. Quassel IRC client updated to 0.6.1
2. Quassel IRC CTCP Command Injection Vulnerability
3. Quassel IRC client releases version 0.5.2

Researchers have found a remotely exploitable vulnerability in the Quassel IRC client.

Quoted from the projects homepage:

Well, looks like 0.3.0.2 was not the last 0.3.0 release after all. coekie found an issue with CTCP handling in Quassel Core that allows attackers to send arbitrary IRC messages on your behalf. This issue is present in all versions prior to 0.3.0.3 and Git older than October 26th (rev. d7a0381).

Details on the vulnerability are provided on the webpage of the exploits author:

A CTCP ping where the value contains a CTCP quoted newline (‘\020′ + ‘n’) will let the Quassel core reply with a message containing an unquoted newline (‘\n’). The IRC server interprets this as a command separator.

Having a newline seperator injected in your IRC session means that anybody that sends a carefully crafted, malicious CTCP ping to your vulnerable client will be able to add an arbitrary command to it that will be executed with your privileges by the client – just as if you had typed it yourself.

The vulnerability is patched in version 0.3.0.3 which is available for download here.

As noted on the homepage, some distributions already have the new version available in their package repositories, other should update manually.

Gentoo and *buntu already ship the new version, with more distributions hopefully following ASAP. If you still use a 0.2-rc1 core, please consider updating to 0.3.x as soon as possible. Note that we provide unstable, but fixed packages for Debian now, thanks to dileX.

Feel free to Flattr this post at flattr.com, if you like it.

Quassel IRC CTCP Command Injection Vulnerability is a post from: IRC-Junkie.org - IRC News

This post is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Deutschland license.

Related posts:

1. KVIrc 3.x and 4.x Remote Command Execution Vulnerability
2. Quassel IRC v0.4.0 Released
3. Quassel IRC client releases version 0.5.2