![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / chat / znc
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
Pullup ticket #6887 - requested by nia
chat/znc: security fix
Revisions pulled up:
- chat/znc/Makefile 1.48
- chat/znc/PLIST 1.8
- chat/znc/PLIST.nls 1.6
- chat/znc/distinfo 1.14
---
Module Name: pkgsrc
Committed By: nia
Date: Wed Aug 7 22:23:46 UTC 2024
Modified Files:
pkgsrc/chat/znc: Makefile PLIST PLIST.nls distinfo
Log Message:
znc: Update to 1.9.1
* This is a security release to fix CVE-2024-39844: remote code execution vulnerability in modtcl.
* To mitigate this for existing installations, simply unload the modtcl module for every user, if it's loaded. Note that only users with admin rights can load modtcl at all.
* Thanks to Johannes Kuhn (DasBrain) for reporting, to glguy for the patch, and to multiple IRC network operators for help with mitigating this on server side before disclosure.
* Improve tooltips in webadmin.
znc: Update to 1.9.1
* This is a security release to fix CVE-2024-39844: remote code execution vulnerability in modtcl.
* To mitigate this for existing installations, simply unload the modtcl module for every user, if it's loaded. Note that only users with admin rights can load modtcl at all.
* Thanks to Johannes Kuhn (DasBrain) for reporting, to glguy for the patch, and to multiple IRC network operators for help with mitigating this on server side before disclosure.
* Improve tooltips in webadmin.
znc: update to version 1.9.0
Changelog:
New
Support for capability negotiation 302 and cap-notify. ZNC now has API AddServerDependentCapability(), using which modules can easily implement new capabilities: if server supports a cap, it will automatically be offered to clients which support cap-notify and ZNC will notify the module when the capability is enabled or disabled for server and for each client. (#1859)
Several capabilities (away-notify, account-notify, extended-join) were moved from the core to a new module: corecaps.
The corecaps module is loaded automatically when upgrading from old config and when creating new config, but it's possible to unload it.
Note: users who were using pre-release versions of 1.9.x (from git or from nightly tarballs) won't have it loaded automatically, because the existing config states Version = 1.9. In such case you can load it manually. This is to honor choice of users who decide to unload it, since we don't know whether the module is missing intentionally.
Added support for account-tag capability, also in corecaps module (#1746)
Updated password hashing algorithm from SHA-256 to Argon2id (if libargon2 is installed). Existing passwords are transparently upgraded upon login. (#1879)
Allow ordering of channels: via ListChans, MoveChan and SwapChans commands, and via webadmin (#1744)
New user options: DenySetIdent, DenySetNetwork, DenySetRealName, DenySetQuitMsg, DenySetCTCPReplies (#1814)
Switch --makeconf wizard default network from freenode to Libera
Added Portuguese and Turkish translations
znc-buildmod: output where the module was written to
Fixes
Fixed crash when receiving SASL lines from server without having negotiated SASL via CAP
Fixed build with SWIG 4.2.0
Fixed build with LibreSSL (#1828)
Fixed handling of timezones when parsing server-time tags received from server (#1857) (#1773)
Use module names as the module ident, otherwise some clients were merging conversations with different modules together. (#1874)
Stopped sending invalid 333 (RPL_TOPICWHOTIME) to client if topic owner is unknown (#1889)
Fixed an ODR violation (#1835)
Better hide password in PASS debug lines, sometimes it was not hidden
CAP REQ sent by client without CAP LS now suspends the registration as the spec requires (#1820)
Modules
autoop: In some cases settings were parsed incorrectly, resulting in failure to do the autoop, now it's fixed
clientnotify: Added options to reduce amount of notifications depending on the IP and the client ID of the connecting client (#1843)
controlpanel: Fixed help output
log: Log nickserv account in the joins lines. (#1870)
modperl: Allow overriding label for timers, which means now there can be more than 1 timer per module
modpython:
Rewrote internals of how modpython loads modules. (#1724)
Main motivation for the switch from using imp to using importlib was to support Python 3.12+.
As an additional benefit, now it's possible to structure the module as a python package (a subdirectory with __init__.py and other .py files).
All the old python modules should load as they were before.
ZNC no longer supports loading a C python extension directly through modpython (though I doubt there were any users of that obscure feature): if you want to some parts of the module to be compiled, you can always import that from __init__.py.
Implemented Module.AddCommand() (#1832) (#1833)
route_replies:
Added Solanum-specific 337 (RPL_WHOISTEXT) to possible replies of /whois (#1881)
Route replies to /topic
sasl: Don't forward 908 (RPL_SASLMECHS) to clients (#1756)
webadmin: Fixed order of breadcrumbs in network page
watch: Allow new entries to use spaces (#1822)
Notes for package maintainers
Require C++17 compiler. That is, GCC 8+ or Clang 5+. (#1887)
Removed autoconf, leaving only CMake as the build system. The configure script is now merely a wrapper for CMake, and accepts mostly the same parameters as the old configure. You can use either configure as before, or CMake directly. Minimum supported CMake version is 3.13.
If cctz library is available on the system, it will be used, otherwise the bundled copy will be used
libargon2 is new optional dependency
Dropped support for Python < 3.4
Dropped support for SWIG < 4.0.1
The systemd unit now passes --datadir=/var/lib/znc
Internal
Switched to steady clock for cache map and for sockets to fix certain issues with leap seconds and DST
Made CUser::Put...() send to all clients instead of only networkless clients. Deprecate CUser::PutAllUser()
Setup Github Actions to replace old Travis CI setup
Added CIFuzz (#1845)
Added CodeQL (#1846)
List of translators is now automatically generated from Crowdin
Modernized the way how CMake is used
Updated default SSL settings from Mozilla recommendations
Rewrote message parsing using std::string_view, improving the performance of the parser (#1785)
Web: removed legacy xhtml syntax (#1723)
Documented more functions
Made some integration tests run faster by changing ServerThrottle value in the test
znc: add znc-palaver plugin (ok nia@). Bump PKGREVISION.
chat: Replace RMD160 checksums with BLAKE2s checksums All checksums have been double-checked against existing RMD160 and SHA512 hashes
chat: Remove SHA1 hashes for distfiles
znc: Update to 1.8.2 Changelog: # ZNC 1.8.2 (2020-07-07) ## New * Polish translation * List names of translators in TRANSLATORS.md file in source, as this contribution isn't directly reflected in git log * During --makeconf warn about listening on port 6697 too, not only about 6667 ## Fixes * webadmin: When confirming deletion of a network and selecting No, redirect to the edituser page instead of listusers page * Make more client command results translateable, which were missed before
znc: Update to 1.8.1 # ZNC 1.8.1 (2020-05-07) Fixed bug introduced in ZNC 1.8.0: Authenticated users can trigger an application crash (with a NULL pointer dereference) if echo-message is not enabled and there is no network. CVE-2020-13775
znc: Update to 1.8.0
# ZNC 1.8.0 (2020-05-01)
## New
* Output of various commands (e.g. `/znc help`) was switched from a table to a list
* Support IP while verifying SSL certificates
* Make it more visible that admins have lots of privileges
## Fixes
* Fix parsing of channel modes when the last parameter starts with a colon, improving compatibility with InspIRCd v3
* Fix null dereference on startup when reading invalid config
* Don't show server passwords on ZNC startup
* Fix build with newer OpenSSL
* Fix in-source CMake build
* Fix echo-message for `status`
## Modules
* controlpanel: Add already supported NoTrafficTimeout User variable to help output
* modpython:
* Use FindPython3 in addition to pkg-config in CMake to simplify builds on Gentoo when not using emerge
* Support python 3.9
* modtcl: Added GetNetworkName
* partyline: Module is removed
* q: Module is removed
* route_replies: Handle more numerics
* sasl: Fix sending of long authentication information
* shell: Unblock signals when spawning child processes
* simple_away: Convert to UTC time
* watch: Better support multiple clients
* webadmin: Better wording for TrustPKI setting
## Internal
* Refactor the way how SSL certificate is checked to simplify future socket-related refactors
* Build integration test and ZNC itself with the same compiler (https://bugs.gentoo.org/699258)
* Various improvements for translation CI
* Normalize variable name sUserName/sUsername
* Make de-escaping less lenient
znc: Update to 1.7.5. pkgsrc changes: - Switched to cmake. Upstream changes: - modpython: Add support for Python 3.8 - modtcl: install .tcl files when building with CMake - nickserv: report success of Clear commands - Update translations, add Italian, Bulgarian, fix name of Dutch - Update error messages to be clearer - Add a deprecation warning to ./configure to use CMake instead in addition to an already existing warning in README
znc: Update to 1.7.4 Changes: * Local patch for CVE-2019-12816 removed due to presence in release * Send "Connected!" messages to client to the correct nick (#1665)
znc: Fix CVE-2019-12816 This is an remote code execution and privilege escalation vulnerability. It requires an already-existing unprivileged ZNC user. This is znc-1.7.3nb2.
chat/znc: Update to 1.7.3. Changes from 1.7.2 to 1.7.3: * Fix CVE-2019-9917. ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service (crash) via invalid encoding.
chat/znc: Update to 1.7.2.
Take maintainership I guess since I'm using this.
Changes from 1.7.1:
New
Add French translation
Update translations
Fixes
Fix compilation without deprecated APIs in OpenSSL (#1615)
Distinguish Channel CTCP Requests and Replies (#1624)
admindebug: Enforce need of TTY to turn on debug mode (#1580)
controlpanel: Add missing return to ListNetMods (#1589)
webadmin: Fix adding the last allowed network (#1584)
Internal
Add more details to DNS error logs (#1626)
chat/znc: Import version 1.7.1. Based on work in pkgsrc-wip. ZNC is an advanced IRC bouncer with IPv6 and SSL support.