WeeChat DevCenter

Sunday, October 23 2022

Dark theme for this blog

This blog is now following automatically your desktop / browser theme, by using light theme and a new dark theme.

Saturday, January 8 2022

New design for security page

One thing is sure, we're not kidding with the security vulnerabilities, and our goal is to be completely transparent with the users about the issues as soon as they are public (ie with a new version, a fix/patch or at least a workaround available).

In this context, the security page has been redesigned from scratch, it is more user-friendly and a lot of new information has been added about each vulnerability.

The URL is unchanged: https://weechat.org/doc/security/.

Among the new information:

  • A "WSA" identifier (WeeChat Security Advisory), which is unique by vulnerability, and built like this: WSA-YEAR-ID (YEAR on 4 digits, and the ID starts to 1 for the first vulnerability of this year, 2 for the second, etc.).
  • The CVSS vector, score and severity, for more information:
  • The vulnerability type, also known as CWE (Common Weakness Enumeration), for more information: https://cwe.mitre.org/
  • The short description of the issue.
  • The scope: which part of WeeChat is affected: it can be one or multiple plugins or features.
  • More detailed information about the mitigation for the issue.
  • The credit: who found the issue and reported it to WeeChat security team (displayed only with the agreement of the reporter).

Important: due to the way the CVSS vector, score and severity are computed, the severity level previously displayed has changed for some vulnerabilities and is now higher:

  • WSA-2021-1 (Crash on malformed websocket frame in relay plugin): medium -> high (score: 7.5)
  • WSA-2020-3 (Buffer overflow on new IRC message 005 with nick prefixes): low -> high (score: 7.5)
  • WSA-2020-2 (Crash on malformed IRC message 352 (WHO)): low -> high (score: 7.5)
  • WSA-2020-1 (Buffer overflow on malformed IRC message 324 (channel mode)): low -> high (score: 7.5)
  • WSA-2013-3 (Crash on IRC commands sent via Relay): medium -> high (score: 7.5)
  • WSA-2013-2 (Crash on send of unknown commands to IRC server): low -> medium (score: 5.5)
  • WSA-2013-1 (Crash on nicks monitored with /notify): low -> medium (score: 5.5)
  • WSA-2006-1 (Crash in API function infobar_printf): low -> medium (score: 6.2)
  • WSA-2004-1 (Buffer overflows in build of strings): low -> medium (score: 6.2)

The page is now separated into two parts: the overview with only part of the info, and detail of each vulnerability below.

The overview shows synthesized data (click for full size):

weechat.org_2022-01_security_new_overview.png, Jan 2022

Below this, the detail of each vulnerability is displayed, for example this detail about the latest security vulnerability, fixed in version 3.2.1 (September 2021):

weechat.org_2022-01_security_new_detail.png, Jan 2022

For convenience, a list of vulnerabilities by WeeChat version is also available:

weechat.org_2022-01_security_new_by_version.png, Jan 2022

For the record and reference (especially old severities), the previous security page was:

weechat.org_2022-01_security_old.png, Jan 2022

Wednesday, November 24 2021

Dark theme for weechat.org

A brand new dark theme has been added on WeeChat.org!

The use of this dark theme is automatic (following your desktop/browser configuration).
It can be forced by a new link displayed at the bottom of any page: "Theme: auto (dark, light)".

New dark theme (click for full size):


weechat.org_2021_dark.png

The light theme:


weechat.org_2021_light.png

Hope you like this new eye-friendly dark theme!

Sunday, May 6 2018

New design for weechat.org

The WeeChat site weechat.org has been improved with many changes. It is now fully responsive, using Bootstrap toolkit.

Hope you enjoy the new site!

The history of weechat.org in images: click on each screenshot for full-size.

  • In 2009, for the major release 0.3.0 of WeeChat, the site was rewritten in Python using Django (it was initially written PHP):


weechat.org_2009.png

  • In 2013, for the 10th birthday of WeeChat, a new logo was introduced (it is still used today), and the design of site was improved:


weechat.org_2013.png

  • In 2018, for the 15th birthday of WeeChat, the site becomes responsive, using Bootstrap toolkit:


weechat.org_2018.png

Sunday, May 3 2015

Ubuntu repositories

Starting from today, 8 new chroots have been added for automatic builds of weechat-devel on Ubuntu (and some manual builds of stable version).

Here's the full list of repositories (amd64/i386 for Debian/Ubuntu, armhf for Raspbian):

  • Debian sid (unstable): devel
  • Debian stretch (testing): devel
  • Debian jessie (stable): devel + 1.1.1
  • Debian wheezy (oldstable): devel + 1.1.1
  • Debian squeeze (oldoldstable): devel + 1.1.1
  • Ubuntu vivid (15.04) (new): devel
  • Ubuntu utopic (14.10) (new): devel + 1.1.1
  • Ubuntu trusty (14.04) (new): devel + 1.1.1
  • Ubuntu precise (12.04) (new): devel + 1.1.1
  • Raspbian wheezy (oldstable): devel + 1.1.1

Repositories are visible on: https://weechat.org/download/debian/

Friday, March 28 2014

Source code of weechat.org

The source code of weechat.org is now available on GitHub: https://github.com/weechat/weechat.org.

It is written in Python and uses Django, and gettext for translations.

Designers, Python/Django developers and especially translators are welcome!