![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / chat / bitchx
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
bitchx: Various security & sanity patches from other packaging systems.
chat: Replace RMD160 checksums with BLAKE2s checksums All checksums have been double-checked against existing RMD160 and SHA512 hashes
chat: Remove SHA1 hashes for distfiles
Add SHA512 digests for distfiles for chat category Problems found with existing distfiles: distfiles/icb-5.0.9.tar.gz distfiles/icb.2.1.4.tar.Z distfiles/zenicb-19981202.tar.gz No changes made to these /distinfo files. Otherwise, existing SHA1 digests verified and found to be the same on the machine holding the existing distfiles (morden). All existing SHA1 digests retained for now as an audit trail.
Upgrade to 1.2.1, reuse work from wip/bitchx (by Makoto Fujiwara) Drop all local patches for old GCC fixes and tuning the program itself. Upstream changelog ================== [Changes 1.2.1] * Prefer <fcntl.h> over <sys/fcntl.h> (reported by ncopa). (caf) * Fix overflow in say() when handling a maximum-length client message. (caf) * Remove WANT_CHAN_NICK_SERV define and include network services commands by default. (caf) * Pass through externally-provided CPPFLAGS (reported by cpet). (caf) * Don't set the mode on new channels until synched - this speeds up joining lots of channels at connect time if one of them is new, and reduces the chance of being flooded off the server. (caf) * Correctly handle channel sync across multi-server. (caf) * Fixes and improvements for channel logging. (caf) * Use correct (MODECHAN and MODEUSER) display level for channel and user modes. (caf) * Allow %- status format to handle max-length topics (reported by oxy). (caf) * Add /FSET WOHIS_LOGGEDIN for services login info on hybrid, ratbox and ircu. (caf) * Add sanity checking of incoming nicknames. (caf) * /MV (massvoice) shouldn't send +v for already-voiced users. (caf) * Fix lag check on recent 32 bit OpenBSD / NetBSD (reported by DJ). (caf) * Fix key bindings that terminate with ^. (caf) * Fix the $timer() scripting function. (caf) * Fix the /TKB (timed kickban) command. (caf) * Rewrite termcap/terminfo detection logic in configure and include term.h in term.c for the system definition of tparm(). This fixes a crash on NetBSD x86-64 (reported by jeezy), and should also ensure that terminfo is used in preference to termcap on NetBSD. (caf) * Fix output when built against termcap. (caf) * Fix STATUS_NOTIFY so that it appears in the right window. (caf) * Improve robustness of status formats handling. (caf) * Use system setenv() in preference to compat bsd_setenv(). (caf) * Allow selection of alternate hashing methods with $crypt(). (caf) * Improve the initial seeding of the randm() fallback RNG. (caf) * Strengthen the cookie generation algorithm for /detach. (caf) * RANDOM_SOURCE now only affects the rand() scripting function. (caf) * Make RANDOM_LOCAL_PORTS actually random. (caf) * Show same message on local terminal as used in emergency exit QUIT. (caf) * Remove unused XLINK CTCP reply handler. (caf) * Ensure add_socketread() doesn't leak file descriptors. (caf) * Fix listing bans on local channels (/BANS &channel). (flashback) * Fix unbanning by number (/UNBAN #channel #number). (caf) * Improve the list_channels() function. (caf) * Use socklen_t instead of plain int where available. (flashback) * Use <termios.h> in preference to <sys/termios.h> where it's available. (caf) * Skip malformed abots.sav entries in read_abot(), avoiding null dereferences found by Coverity. (flashback) * Ensure proper handling of % when /FSET DCC is used. (caf) * Improve robustness of CDCC save file loading. (caf) * Fix open file leak in /LASTLOG found by Coverity. (caf) * Fix file descriptor leak on SOCKS4 connection failure found by Coverity. (caf) * Fix out-of-bounds error in cryptit() found by Coverity. (flashback) * Cleanup save_formats(). (caf) * Fix off-by-one error in add_socketread() and set_socketwrite() found by Coverity. (caf) * Fix longstanding bug with ordering of rfc1459[] array. (caf) * Fix crash after /SETAR -, reported by riderplus. (caf) * Remove special handling of 484 numeric, which is no longer needed and was buggy (making BitchX think that usermode +G was set). (caf) * Add /OBITS command, shows obituaries for some BitchX friends. (caf) * Fix abuses of the RESIZE macro. Reported by nenolod. (caf) * Clears up a crash and some build warnings in the acro plugin. (caf) * Applied patches from jdhore to clean up the plugin building and installing process. (caf) * Fix building on newer Cygwin (reported by VICODAN). (caf) * Fix building plugins on FreeBSD-10 (reported by cpet). (caf) * Messages sent to channels should use lastlog level PUBLIC, not MSG. (caf) * panasync OK'd releasing tcl.c, so here it is. (caf) * Fix QUIT messages with SSL connections. (flashback) * Rename include/bitchx to include/options.h, fixes building on case-insensitive platforms. (caf) * Use AI_ADDRCONFIG flag to improve server address selection when client is built for IPv6 but we don't have an IPv6 address. (caf) * Enable SSL support by default, if OpenSSL is present at build time. (caf) * Fix leak and potential crash in lame_resolv() using IPv6. (caf, snadge) * Apply patch from snadge defining BIND_4_COMPAT on OpenBSD, to allow /nslookup to build. (caf) * Fix problem connecting to IPv4 when IPv6 enabled on FreeBSD and enable IPv6 on all supporting platforms. Thanks to brabes, snadge and packet. (caf) * Improve connect() error handling. (caf) * Remove obsolete .spec files. (caf) * configure - only create sig.inc if it's actually needed. (caf) * configure - use the right dependencies when checking for net/if.h, i arpa/inet.h and resolv.h. Reported by flashback. (caf) * Fix plugin Makefiles for out-of-tree building, reported by nyet. (caf) * Add DESTDIR support to build system, to ease rpm and deb packaging. Reported separately by nyet and VICODAN. (caf) * Fix /detach and wserv with IPv6 enabled. (caf, snadge, packet) * Make default for NICK_COMPLETION_CHAR explicit. (caf) * Reduce footprint when starting up disconnected. (caf) * Fix /nslookup command (including fixing compilation on cygwin). (caf) * Improve /detach error handling and remove bogus F_SETOWN use, reported by madsage. (caf) * Add /FSET WHOIS_SECURE for SSL connection info on ratbox, unreal and freenode. (caf) * Add /FSET CHANNEL_URL for services channel URL numeric. (caf) * Fix crash bug in $mircansi() scripting function. (caf) * Add half-op support to /topic and /untopic. (caf) * Tidy up the URL grabber, fixing a memory leak. (caf) * Cleanup the /BHELP code, fixing a potential crash. Apply updates to BitchX.help from t3gah. (caf) * [1.1s01] Sanity check color codes, fixes a potential crash. (caf) * Add /FSET USERMODE_OTHER to correctly format user mode changes where the source isn't the same as the target, reported by gauze. (caf) * Improve country() and add several new TLDs, suggested by gauze. (caf) * Apply fixes from darkfires removing non-standard use of arithmetic on void * values, to allow building on Irix. (caf) * Apply fix from darkfires to allow building with ICC. (caf) * Show correct message when a socket connection is closed cleanly. (caf) * Add /FSET WHOIS_CALLERID for +g mode notification on hybrid & ratbox. (caf) * Build script fix to allow plugins to build on x86-64. (caf) * Correct count in /CLONES (reported by t3gah), and format output nicely using an /fset. (caf) * Add definition of BIND_8_COMPAT to fix build problem on Mac OS X. (caf) * Ensure that SHOW_AWAY_ONCE doesn't hide away status in /whois output. (caf) * Fix the the -z command line option for specifying username. (flashback) * Fix up /WILN, /WILC and /WILCR. (caf) * Backport changes from epic5 to make recv_nick, sent_nick and sent_body per-server, and apply new version of do_oops from flashback. This means that /oops, "/query .", "/query ,", "/msg ." and "/msg ," are per-server, along with the $. $, and $B aliases. (caf) * Handle error return from getcwd() in /cd. (caf) * Fix alloca warnings on freebsd. (caf) * Fix memory leak in banlist.c. (caf) * Apply a fix contributed by cpet for the configure script on FreeBSD 9. (caf) * Fix a refcounting issue in the whowas list handling, which should make the listing of users that left in a netsplit right again. (caf) * Improve argument-handling in /hostname command - now supports doing /hostname 2 to switch to second vhost. (caf) * Change the display of server stats so that the averages (eg. users per channel) are correctly rounded. (caf) * Reinstate RPL_WHOISACTUALLY / RPL_WHOISHOST numerics - things seem to have stabilised in the ircd world on this. (caf) * Fixed two cases where the client was incorrectly deciding that a numeric originated from a remote server rather than the local server - this caused BitchX to falsely report channel desynch and incorrectly hide some numerics. (caf) * Fixed $servernum() scripting function, it was returning the wrong server reference in most cases. (caf) * [1.1s01] Fixed .cmsg crash reported by zimzum. (caf) * Changed the defaults for JOIN_NEW_WINDOW_TYPE and QUERY_NEW_WINDOW_TYPE so that they work out of the box. (caf) * Some cleanups in quit message handling, fixed a bug where a quit from an unexpected source could crash the client. (caf) * Cleaned up the handling of channel mode changes a little, including fixing buggy handling of certain key and limit mode changes. (caf) * Fix bug where you got disconnected if the server sent a 464 numeric (bad password) that the client wasn't expecting. (caf) * Add /HOP and /DEHOP commands for halfop. (caf) * Removed "scan" plugin, this functionality is now covered by /SCAN -stat. (caf) * Change NICKSORT_OP to NICKSORT_STAT (sorts nicks by channel status - chanop first, then halops, voices and others). Added /SCAN -stat to sort nicks using NICKSORT_OP. Removed NICKSORT_VOICE - it was broken anyway. (caf) * Add halfop nick prefix to default status line, and change the voice prefix so it appears whether or not you're opped. (caf) * Add halfop support to $channel() scripting function. (caf) * Rework /SCAN and /NAMES formatting. This removes the /FSETs NAMES_BOTCOLOR, NAMES_FRIENDCOLOR, NAMES_NICKCOLOR, NAMES_OPCOLOR, NAMES_SHITCOLOR and NAMES_VOICECOLOR and replaces them with new /FSETs. (caf) * Add $ishalfop(<nick> <channel) scripting function, just like the existing function in EPIC. (caf) * Fix four bugs in the /FE scripting function. (caf) * Fix incompatibility with 64-bit platforms. (caf) * Fix module load version check logic. (caf) * [1.1s01] Cleanups to allow compiling with new gcc releases. (caf) * [1.1s01] Fix configure check for termcap.h. (caf) * [1.1s01] Re-implement code to find available vhost addresses (CVE-2007-5839). (caf) * [1.1s01] Fix test for GCC >= 2.7 - fixes compiling on S390 platform. (caf) * [1.1s01] Improve buffer handling in convert_output_format_raw (CVE-2007-4584). (caf) * [1.1s01] Handle negative numerics correctly (CVE-2007-3360). (caf)
Fix for later gcc against platforms without stpcpy().
Fix build on SunOS.
Add patches for two longstanding security issues in bitchx: - CVE-2007-5839: e_hostname uses mktempnam in an unsafe manner. - CVE-2007-4584: p_mode classic buffer overflow using a static string.
Pullup ticket 2120 - requested by lkundrak security fix for bitchx - pkgsrc/chat/bitchx/Makefile 1.42 - pkgsrc/chat/bitchx/distinfo 1.16 - pkgsrc/chat/bitchx/patches/patch-ar 1.1 Module Name: pkgsrc Committed By: lkundrak Date: Mon Jun 25 14:15:21 UTC 2007 Modified Files: pkgsrc/chat/bitchx: Makefile distinfo Added Files: pkgsrc/chat/bitchx/patches: patch-ar Log Message: Fix for a security issue, CVE-2007-3360. A malicious server could direct the client into executing arbitrary code.
Fix for a security issue, CVE-2007-3360. A malicious server could direct the client into executing arbitrary code.
Fixed the build on NetBSD with gcc4.
Don't define tparm on DragonFly as well. This fixes PR 31891.
FreeBSD build fix from FreeBSD CVS tree Minor pkglintification of Makefile
Add RMD160 digests in addition to SHA1 ones
Changes 1.1: * Fixed bug with using [$8] in expressions (Reported by BlackJac) (Patch from |Rain|) (BugID: 64) (powuh) * Fixed bug in /set show_end_of_msgs. When OFF prevented hooking of some end_of_msg numerics. (Reported by BlackJac) (Patch from |Rain|) (BugID: 51) (powuh) * Fixed incorrect ordering of operations in screen.c which caused an off-by-one access at the end ofthe buffer. (Patch from |Rain|) (BugID: 48) (powuh) * Fixed ischanvoice() to be compatiable with epic. Maintained reverse functionality as not to break existing scripts. (Patch from |Rain|) (BugID: 20) (powuh) * Fixed segfault with convert_output_format not honoring MAX_RECURSE. (Patch from |Rain|) (powuh) * Fixed possble rouge server exploit: If a rogue server sends us a ctcp request from an extremely large nickname (over about 512 bytes), we may attempt to alloca() a negative value, which under gcc will return a invalid pointer the contents of which will then be overwritten. (Reported by O_6) (Patch from |Rain|) (powuh) * Fixed segfault with channel mode parsing. (Patch from O_6) (powuh) * Removed auto_resume script, it's not needed any more (caf). * Fixed string copying snafu in gtkbitchx.c (reported by Huey) (caf). * Added STATUS_USER20 to STATUS_USER39 (patch from BlackJac) (caf).
Fix pointers for cursor_not_in_display() & cursor_in_display(). Fixes BUS error on sparc64. Appears to apply to version Bitchx 1.1 too.
Regen.
Pull up revision 1.8 (requested by salo in ticket #1289): PKGREVISION++ - Fix major core bug with channel mode -k * on hybrid7 servers. For more information see: http://www.securityfocus.com/archive/1/321093 Patch from BitchX CVS.
PKGREVISION++ - Fix major core bug with channel mode -k * on hybrid7 servers. For more information see: http://www.securityfocus.com/archive/1/321093 Patch from BitchX CVS.
Pull up revision 1.7 (requested by salo in ticket #1239): Bump PKGREVISION: fix several potential buffer overflows found by Timo Sirainen <tss at iki dot fi>
Bump PKGREVISION: fix several potential buffer overflows found by Timo Sirainen <tss at iki dot fi>, see the following url for more details: http://securityfocus.com/archive/1/315057 Patch from bugtraq by <caf at guarana dor org>.
Update to version 1.0c19. Changes unknown. Based on PR pkg/19296 from Juan RP.
fix /usr/local paths in man page.
Add patch that might fix pkg/17715, submitter never replied.
Fixed improper tgetstr call that was causing bitchx to crash when used with NetBSD curses.
Move to sha1 distfile digests, and add distfile sizes.
+ move the distfile digest/checksum value from files/md5 to distinfo + move the patch digest/checksum values from files/patch-sum to distinfo