Changes in Ibid

Release 0.1.1 “Pimpernel” (2011-02-24)

Bug fix release, including a couple of security issues.

Several plugins that consume Web services or scrape Web sites have been updated to cope with changes since the last release.

There were no DB schema changes between 0.1.0 and 0.1.1.

Resolved Security Issues

Remote Execution

LP: #705860:

Permissions were ignored for handlers not using @match. This allowed users to perform actions they were not authorised to.

However, no included plugins were exposed by this, all access-restricted handlers had match patterns.

Information Disclosure

LP: #567576:

Occasionally insecure permissions on log files. When the bot spoke first (creating a new log file), the log file would be publicly readable, even if the message was sent in private.

Example: If the bot delivered a privmsg memo to a user at the beginning of the month, it would create the logfile with public readable permissions. If the logfile directory was published by a web server, this would make this private conversation log accessible to the public.

Resolution: Now channels must be explicitly configured to have publicly readable logs.

LP: #649383:

If someone received a private message from the bot during a public meeting, the message could appear in the meeting minutes.

Example: a privmsg memo received during a meeting would appear in the minutes.

Major User Visible Changes

• New configuration option plugins.log.public_logs, a list of source:channel globs of channels to log in files with publically readable permissions.
• New configuration option plugins.ascii.preferred_fonts, a list of figlet fonts, the first one found is the default.
• Currency exchange now uses Yahoo instead of XE.com.

API Changes

• New Function: ibid.utils.parse_timestamp() for parsing well-formatted timestamps.
• New Function: ibid.utils.generic_webservice() for retrieving arbitrary data from a web-service.
• New Function: ibid.db.get_regexp_op() which returns a REGEXP SqlAlchemy operator for the DBMS in use.

All Changes

2011-02-23 Stefano Rivera <stefano@rivera.za.net>

Remove MyLifeIsG.com support from MyLifeIsAverage Processor. The site has been down for around a year.

Fixes: LP: #722675.

2011-02-22 Stefano Rivera <stefano@rivera.za.net>

Use bounded_matches when returning search results.

Fixes: LP: #722655.

2011-02-22 Stefano Rivera <stefano@rivera.za.net>

Typo: parse_timestmap -> parse_timestamp (and remove an unnecessary import).

Fixes: LP: #722682.

2011-02-22 Stefano Rivera <stefano@rivera.za.net>

Allow addresponse() to take the param 0.

Fixes: LP: #723132.

2011-02-21 Stefano Rivera <stefano@rivera.za.net>

Added CHANGES and tool for generating changelog entries. Set version to 0.1.1.

2011-02-20 Stefano Rivera <stefano@rivera.za.net>

Filter out empty definitions in gdefine.

Fixes: LP: #719851.

2011-02-20 Stefano Rivera <stefano@rivera.za.net>

We don’t support SQLAlchemy 0.6 yet.

Fixes: LP: #651992.

2011-02-20 Marco Gallotta <marco@gallotta.co.za>

Only append .com for url’s like “example”.

Fixes: LP: #702062.

2011-02-20 Stefano Rivera <stefano@rivera.za.net>

Use escape=# for LIKEs. Perform literal queries on all non-get Factoid operations. Return useful error if start index is too high. Substitute $arg for _% in search.

Fixes: LP: #544493.

2011-02-20 Stefano Rivera <stefano@rivera.za.net>

HTTPErrors should result in using url as title, not abandoning the grab.

Fixes: LP: #702798.

2011-02-20 Stefano Rivera <stefano@rivera.za.net>

Catch ImportErrors for packages we don’t require in setup.py.

Fixes: LP: #651990.

2011-02-20 Stefano Rivera <stefano@rivera.za.net>

pysqlite is only necessary on ancient Pythons.

Fixes: LP: #708302.

2011-01-25 Stefano Rivera <stefano@rivera.za.net>

Add function get_regexp_op to ibid.db that returns a REGEXP op that works on Postgres too.

Fixes: LP: #595423.

2011-01-22 Keegan Carruthers-Smith <keegan.csmith@gmail.com>

Use correct plurality in pending memos message.

Fixes LP: #634257.

2011-01-22 Stefano Rivera <stefano@rivera.za.net>

Add parse_timestamp function to ibid.utils, use for parsing timestamps from Twitter.

Fixes LP: #702815.

2011-01-22 Stefano Rivera <stefano@rivera.za.net>

URLErrors have reasons, but there are other HTTPErrors

Fixes LP: #670855.

2011-01-21 Max Rabkin <max.rabkin@gmail.com>

Enforce permissions on non-@match handlers.

Fixes LP: #705860.

2011-01-19 Stefano Rivera <stefano@rivera.za.net>

Handle non-500 error codes from twitter.

Fixes LP: #670855.

2011-01-19 Stefano Rivera <stefano@rivera.za.net>

Strip tags from gcalc response.

Fixes LP: #702371.

2011-01-19 Max Rabkin <max.rabkin@gmail.com>

Check content_type is set before checking its value.

Fixes LP: #701900.

2011-01-19 Max Rabkin <max.rabkin@gmail.com>

Catch exceptions when polling feeds so that one broken feed doesn’t stop all feeds.

Fixes LP: #578396.

2011-01-19 Max Rabkin <max.rabkin@gmail.com>

Use new OEIS API at oeis.org

Fixes LP: #700475.

2010-12-25 Stefano Rivera <stefano@rivera.za.net>

Fix for the logging open file cache: Logs in logs might not be in recent_logs.

Fixes LP: #655645.

2010-12-25 Stefano Rivera <stefano@rivera.za.net>

Support toilet fonts, correctly decode utf-8 figlet output, handle font choice edge cases.

Fixes LP: #607743.

2010-12-24 Stefano Rivera <stefano@rivera.za.net>

Follow redirects in “is it up”

Fixes LP: #599410.

2010-12-24 Stefano Rivera <stefano@rivera.za.net>

Rework nickserv auth to allow simultaneous authentications for the same nick (although Nickserv will only be bothered once).

Fixes LP: #655647.

2010-12-24 Stefano Rivera <stefano@rivera.za.net>

Use absolute imports to import SILC correctly

Fixes LP: #654202.

2010-12-20 Stefano Rivera <stefano@rivera.za.net>

Country Code list parsing: Check for ; in a line before splitting by semi-colons.

Fixes LP: #692347.

2010-12-20 Max Rabkin <max.rabkin@gmail.com>

Don’t treat feeds with no messages as errors.

Fixes LP: #661187.

2010-11-08 Stefano Rivera <stefano@rivera.za.net>

Correctly handle state events that have no channel.

Fixes LP: #656349.

2010-11-07 Stefano Rivera <stefano@rivera.za.net>

Port google scrape search to get_html_parse_tree + etree. Handle superscript in gcalc.

Fixes LP: #580696.

2010-11-07 Stefano Rivera <stefano@rivera.za.net>

Put periodic lock-using code in a try...finally block.

2010-10-15 Stefano Rivera <stefano@rivera.za.net>

Support twitter’s new AJAX URLs.

Fixes LP: #654535.

2010-10-15 Stefano Rivera <stefano@rivera.za.net>

Always respond to memo sending with confirmation of recipient. Allow memos to begin with “on ...” when not naming a known source.

Fixes LP: #634253.

2010-10-04 Stefano Rivera <stefano@rivera.za.net>

Disallow empty factoid names.

Fixes LP: #606065.

2010-10-05 Guy Halse

Allow bot to identify with zanet.net’s NickServ.

Fixes LP: #652000.

2010-10-03 Stefano Rivera <stefano@rivera.za.net>

[SECURITY] Add a configuration glob-list of channels which should have public logs, rather than attempting to guess.

Fixes LP: #567576.

2010-09-30 Stefano Rivera <stefano@rivera.za.net>

Docs: Be clear that ibid is in Debian & Ubuntu.

2010-09-30 Stefano Rivera <stefano@rivera.za.net>

Handle 0 tweets in Twitter Atom feed parsing, correctly handle it elsewhere instead of treating it as no such twit.

Fixes LP: #646989.

2010-09-29 Max Rabkin <max.rabkin@gmail.com>

[SECURITY] Don’t leak private messages to meeting logs.

Fixes LP: #649383.

2010-08-14 Stefano Rivera <stefano@rivera.za.net>

Don’t try to process() events without a message in meeting.

Fixes LP: #598094.

2010-07-10 Stefano Rivera <stefano@rivera.za.net>

Correct abbreviated cross-ref format, shown up by Sphinx 1.0b1.

2010-07-04 Stefano Rivera <stefano@rivera.za.net>

Display latest tweets from retweeting-twits instead of thinking they don’t exist.

Fixes LP: #554906.

2010-06-13 Michael Gorven <michael@gorven.za.net>

Fix real JID detection when more than one ‘x’ element is received.

2010-06-07 Stefano Rivera <stefano@rivera.za.net>

NickServ support for rizon.

2010-06-04 Stefano Rivera <stefano@rivera.za.net>

Switch from XE.com to Yahoo for currency conversions.

2010-06-04 Stefano Rivera <stefano@rivera.za.net>

Limit the size of the file-descriptor pool in log.

Fixes LP: #567571.

2010-05-12 Stefano Rivera <stefano@rivera.za.net>

Google is also a calculator.

Fixes LP: #574300.

2010-05-12 Stefano Rivera <stefano@rivera.za.net>

Use explicit lower() on each side of LIKE so factoids with arguments can be case-insensitive on Postgres.

Fixes LP: #574427.

2010-05-05 Max Rabkin <max.rabkin@gmail.com>

Escape query url in google scrape.

Fixes LP: #572308.

2010-05-05 Stefano Rivera <stefano@rivera.za.net>

Incorrect substitution in SQLite indexing warning.

2010-05-05 Stefano Rivera <stefano@rivera.za.net>

Change administrative user & identity linking syntax to be less problematically broad.

Fixes LP: #567510.

2010-04-26 Stefano Rivera <stefano@rivera.za.net>

Increase default HTTP GET size from 500 bytes to 2kiB.

Fixes LP: #563928.

2010-04-13 Stefano Rivera <stefano@rivera.za.net>

Update youtube plugin to cope with site redesign.

Fixes LP: #561684.

2010-04-13 Max Rabkin <max.rabkin@gmail.com>

Allow digits in Unicode character names.

2010-04-13 Stefano Rivera <stefano@rivera.za.net>

HTTP GET: Don’t assume everything is utf-8, decode according to provided charset, fall back to utf-8 for text, and guess with chardet if either of those was wrong.

Fixes LP: #560973.

2010-04-09 Max Rabkin <max.rabkin@gmail.com>

Use unicode case-insensitive matching in factoid.

Fixes LP: #542707.

2010-03-27 Michael Gorven <michael@gorven.za.net>

Treat the Processor’s first feature as the primary feature in RPC.

Fixes LP: #545168.

2010-03-27 Max Rabkin <max.rabkin@gmail.com>

Respond with unicode in bible error handlers.

Fixes LP: #544260.

2010-03-26 Marco Gallotta <marco@gallotta.co.za>

Allow trailing punctuation in tea-style addressing.

Fixes LP: #545186.

2010-03-23 Marco Gallotta <marco@gallotta.co.za>

Add username=ibid parameter to geonames API calls. Some calls now require it.

Fixes LP: #543989.

2010-03-23 Max Rabkin <max.rabkin@gmail.com>

Python 2.5 compatibility update for unicode lookup. Exception for unknown character changed in 2.6.

Fixes LP: #542593.

2010-03-10 Stefano Rivera <stefano@rivera.za.net>

Add placeholder to force ibid/static to be distributed.

Release 0.1.0 “Hazel” (2010-03-10)

• First public release.