SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for znc-perl-1.7.1-47.5.x86_64.rpm :
Wed Jul 18 14:00:00 2018 mpluskalAATTsuse.com
- Update to version 1.7.1:

* Security critical fixes[edit]
+ CVE-2018-14055: non-admin user could gain admin privileges and shell access by injecting values into znc.conf.
+ CVE-2018-14056: path traversal in HTTP handler via ../ in a web skin name.

* Core
+ Fix znc-buildmod to not hardcode the compiler used to build ZNC anymore in CMake build (#1536)
+ Fix language selector. Russian and German were both not selectable.
+ Fix build without SSL support (#1554)
+ Fix several broken strings
+ Stop spamming users about debug mode. This feature was added in 1.7.0, now reverted. (#1541)

* New
+ Add partial Spanish, Indonesian, and Dutch translations

* Modules
+ adminlog: Log the error message again (regression of 1.7.0) (#1557)
+ admindebug: New module, which allows admins to turn on/off --debug in runtime (#1556)
+ flooddetach: Fix description of commands (#1548)
+ modperl: Fix memory leak in NV handling
+ modperl: Fix functions which return VCString (#1543)
+ modpython: Fix functions which return VCString (#1543)
+ webadmin: Fix fancy CTCP replies editor for Firefox. It was showing the plain version even when JS is enabled

* Internal
+ Deprecate one of the overloads of CMessage::GetParams(), rename it to CMessage::GetParamsColon()
+ Don\'t throw from destructor in the integration test
+ Fix a warning with integration test / gmake / znc-buildmod interaction.
- Drop upstream patches:

* znc-inject2.patch

* znc-inject.patch

* znc-traversal.patch

Mon Jul 16 14:00:00 2018 mpluskalAATTsuse.com
- Fix boo#1101280 CVE-2018-14056

* znc-traversal.patch
- Fix boo#1101281 CVE-2018-14055

* znc-inject.patch

* znc-inject2.patch
- Fix building on Leap-42
* by using less strict linker flags

Mon Jun 4 14:00:00 2018 tchvatalAATTsuse.com
- Define systemd unitdir for cmake

Fri Jun 1 14:00:00 2018 mpluskalAATTsuse.com
- Update to version 1.7.0:

* Add CMake build. Minimum supported CMake version is 3.1. For now ZNC can be built with either CMake or autoconf. In future autoconf is going to be removed.

* Currently znc-buildmod requires python if CMake was used; if that\'s a concern for you, please open a bug.

* Increase minimum GCC version from 4.7 to 4.8. Minimum Clang version stays at 3.2.

* Make ZNC UI translateable to different languages (only with CMake), add partial Russian and German translations. (#1237) (#1354) (#1462)

* If you want to translate ZNC to your language, please join https://crowdin.com/project/znc-bouncer

* Configs written before ZNC 0.206 can\'t be read anymore (#929)

* Implement IRCv3.2 capabilities away-notify, account-notify, extended-join (#315) (#316)

* Implement IRCv3.2 capabilities echo-message, cap-notify on the \"client side\" (#950)

* Update capability names as they are named in IRCv3.2: znc.in/server-time-iso→server-time, znc.in/batch→batch. Old names will continue working for a while, then will be removed in some future version.

* Make ZNC request server-time from server when available (#839)

* Increase accepted line length from 1024 to 2048 to give some space to message tags

* Separate buffer size settings for channels and queries (#967)

* Support separate SSLKeyFile and SSLDHParamFile configuration in addition to existing SSLCertFile (#1192)

* Add \"AuthOnlyViaModule\" global/user setting (#331)

* Added pyeval module

* Added stripcontrols module (#387)

* Add new substitutions to ExpandString: %empty% and %network%. (#1049) (#1139)

* Stop defaulting real name to \"Got ZNC?\" (#818)

* Make the user aware that debug mode is enabled. (#1446)

* Added ClearAllBuffers command (#852)

* Don\'t require CSRF token for POSTs if the request uses HTTP Basic auth. (#946)

* Set HttpOnly and SameSite=strict for session cookies (#1077) (#1450)

* Add SNI SSL client support (#1200)

* Add support for CIDR notation in allowed hosts list and in trusted proxy list (#207) (#1219)

* Add network-specific config for cert validation in addition to user-supplied fingerprints: TrustAllCerts, defaults to false, and TrustPKI, defaults to true. (#866)

* Add /attach command for symmetry with /detach. Unlike /join it allows wildcards.

* Timestamp format now supports sub-second precision with %f. Used in awaystore, listsockets, log modules and buffer playback when client doesn\'t support server-time (#1455)

* Build on macOS using ICU, Python, and OpenSSL from Homebrew, if available (#894)

* Remove --with-openssl=/path option from ./configure. SSL is still supported and is still configurable
- Update dependencies
- Run spec-cleaner
- Use cmake for building

Wed Mar 7 13:00:00 2018 mpluskalAATTsuse.com
- Update to version 1.6.6:

* Fix use-after-free in znc --makepem. It was broken for a long
time, but started segfaulting only now. This is a useability
fix, not a security fix, because self-signed (or signed by a
CA) certificates can be created without using --makepem, and
then combined into znc.pem.

Thu Nov 9 13:00:00 2017 jzelazkovaAATTsuse.com
- Cleanup of spec file with spec-cleaner

Wed May 10 14:00:00 2017 mpluskalAATTsuse.com
- Update project url

Wed Mar 15 13:00:00 2017 mpluskalAATTsuse.com
- Update to version 1.6.5:

* Fixed a regression of 1.6.4 which caused a crash in modperl/modpython. (#1283)

* Fixed the behavior of verbose command in the sasl module. (#1291)

Fri Feb 3 13:00:00 2017 mpluskalAATTsuse.com
- Drop extra hardening flags

Fri Feb 3 13:00:00 2017 jengelhAATTinai.de
- Slightly trim descriptions.

Wed Dec 14 13:00:00 2016 mpluskalAATTsuse.com
- Update to version 1.6.4 (boo#1017182):

* Fixed build with OpenSSL 1.1. (#1310)

* Fixed build on Cygwin.

* Fixed a segfault after cloning a user. The bug was introduced in ZNC 1.6.0. (#1340)

* Fixed a segfault when deleting a user or network which is waiting for DNS during connection. The bug was introduced in ZNC 1.0. (#1342)

* Fixed a segfault which could be triggered using alias module. (#1347)

* Fixed an error in controlpanel module when setting the bindhost of another user.

* Fixed route_replies to not cause client to disconnect by timeout. (#1299)

* Fixed compatibility with the Gitter IRC bridge. (#1321)

* Fixed OnInvite for modpython and modperl. (#1283)

* Fixed external location of GoogleTest for make test.

Tue Mar 29 14:00:00 2016 mpluskalAATTsuse.com
- Update changelog with missed issue boo#973088 (update to 1.6.3)

Wed Feb 24 13:00:00 2016 mpluskalAATTsuse.com
- Update to 1.6.3

* New character encoding is now applied immediately, without
reconnect.

* Fixed build with LibreSSL. (#594)

* Fixed error 404 when accessing the web UI with the configured
URI prefix, but without the / in the end.

* znc-buildmod now exits with non-zero exit code when the .cpp
file is not found. (#1226)

* Fixed znc-buildmod on Cygwin.

* ExpandString got expanded.

* Default quit message is switche
- Small spec file cleanup

Tue Nov 17 13:00:00 2015 mpluskalAATTsuse.com
- Update to 1.6.2

* fixes
+ Fixed a use-after-delete in webadmin. It was already
partially fixed in ZNC 1.4; since 1.4 it has been still
possible to trigger, but much harder.
+ Fixed a startup failure when awaynick and simple_away were
both loaded, and simple_away had arguments.
+ Fixed a build failure when using an ancient OpenSSL version.
+ Fixed a build failure when using OpenSSL which was built
without SSLv3 support.
+ Bindhost was sometimes used as ident.
+ CAP :END wasn\'t parsed correctly, causing timeout during
login for some clients.
+ Fixed channel keys if client joined several channels in
single command.
+ Fixed memory leak when reading an invalid config.

* autovoice
+ Check for autovoices when we are opped.

* controlpanel
+ Fixed DelCTCPReply case-insensitivity.

* dcc
+ Add missing return statement. It was harmless.

* modpython
+ Fixed a memory leak.

* modules_online
+ Wrong ident was used before.

* stickychan
+ Fixed to unstick inaccessible channels to avoid infinite
join loops.

* internal changes
+ Fixed the nick passed to CModule::OnChanMsg() so it has
channel permissions set.
+ Fixed noisy -Winconsistent-missing-override compilation
warnings.
+ Initialized some fields in constructors of modules before
OnLoad().
- Make building more verbose
- Partially fixes bsc#956254 - CVE-2014-9043

Wed Aug 5 14:00:00 2015 mimi.vxAATTgmail.com
- Update to 1.6.1:

* Fixed the problem that channels were no longer removed from the config despite
of chansaver being loaded.

* Fixed query buffer size for users who have the default channel buffer size set to 0.

* Fixed a startup failure when simple_away was loaded after awaynick.

* Fixed channel matching commands, such as DETACH, to be case insensitive.

* Specified the required compiler versions in the configure script.

* Fixed a rare conflict of HTTP-Basic auth and cookies.

* Hid local IP address from the 404 page.

* Fixed a build failure for users who have -Werror=missing-declarations in their CXXFLAGS.

* Fixed CXXFLAGS=-DVERSION_EXTRA=\"foo\" which is used by some distros to package ZNC.

* Fixed znc-buildmod on Cygwin.

* Fixed CThreadPool destructor to handle spurious wakeups.

* Fixed make distclean to remove zncconfig.h.

* Improved the error message about --datadir.

* Fixed a compilation warning when HAVE_LIBSSL is not defined.

* Fixed \'comparision\' typos in CString documentation.

* Added a non-minified version of the jQuery source code to make Linux distributions
(Debian) happy, even though the jQuery license does not require this.

* chansaver:

* Fixed random loading behavior due to an uninitialized member variable.

* modpython:

* Fixed access to CUser::GetUserClients() and CUser::GetAllClients().

* sasl:

* Improved help texts for the SET and REQUIREAUTH commands. (#875)

* savebuff:

* Fixed periodical writes on the disk when the module is loaded after startup. (#868)

* webadmin:

* Fixed module checkboxes not to claim that all networks/users have loaded
a module when there are no networks/users. (#872)

* Added an explanation that ZNC was built without ICU support, when encoding
settings are disabled for that reason.

* Improved the breadcrumbs.

* Mentioned ExpandString in CTCP replies.

* Added an explanation how to delete port which is used to access webadmin.

Sun Feb 15 13:00:00 2015 mpluskalAATTsuse.com
- Update to 1.6.0:

* Switch versioning scheme to ... Add settings

* for which SSL/TLS protocols to use (SSLProtocols),
which ciphers to enable (SSLCiphers). By default TLSv1+ are enabled,
SSLv2/3 are disabled. Default ciphers are what Mozilla advices:
https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29

* Validate SSL certificates. Allow clients to specify an ID as part of

* username
(user[AATTidentifier][/network]). Currently not used, but modules can
use it.

* Add alias module for ZNC-side command interception and processing.

* Support character encodings with separate settings for networks,
and for clients. It replaces older charset module, which didn\'t work
well with webadmin, log and other modules.

* Support X-Forwarded-For HTTP header, used with new TrustedProxy

* setting. Add URIPrefix option for HTTP listeners, used with reverse

* proxy. Store query buffers per query the same way it\'s done for

* channels,
add new option AutoClearQueryBuffer.

* Add DisableChan command to
*status, it was available only in
webadmin before.

* Allow wildcards in arguments of Help commands of
*status and
various modules.

* Support IRCv3.2 batches, used for buffer playbacks. Support IRCv3.2

* self-message. Remove awaynick module. It\'s considered bad etiquette.

* Add JoinDelay setting, which allows a delay between
connection to server, and joining first channel. By default it joins
immediately after connect.

* Make Detach, EnableChan and DisableChan commands of
*status
accept multiple channels.

* znc-buildmod: Build output to the current working directory. Wrap

* long lines in tables (e.g. in Help or
ListAvailMods commands).

* Support ECDHE if available in OpenSSL. Report ZNC version more

* consistently, add HideVersion
setting, which hides ZNC version from public.

* Bump compiler requirements to support C++11. This means
GCC 4.7+, Clang 3.2+, SWIG 3.0.0+.
- Drop support for old distributions since they lack support for
C++11
- Drop package extra, all modules are now in znc
- Disable colloquy plugin since it fails to build
- Drop init script

Mon Feb 9 13:00:00 2015 mpluskalAATTsuse.com
- Rename znc-python to znc-python3
- Add signature and znc.keyring
- Reorder source names
- Correct (pre) dependencies for older releases of openSUSE

Tue Sep 30 14:00:00 2014 mpluskalAATTsuse.com
- Use proper licence
- Some tiny spec file cleanups

Mon Sep 29 14:00:00 2014 mpluskalAATTsuse.com
- Tighter dependency for perl
- Cleanup specfile

Mon Sep 29 14:00:00 2014 mpluskalAATTsuse.com
- Update to new version (1.4)
- Split to more packages
- Enable perl, python and tcl modules
- Remove obsolete modules
- Spec file cleanup

Sat Jan 5 13:00:00 2013 joey.yuzhengAATTgmail.com
- add cap_sasl to support sasl which is needed for cloak usage.
http://wiki.znc.in/Cap_sasl

Mon Sep 17 14:00:00 2012 suseAATTammler.ch
- update to 0.206 (bugfix release)
- Identfile: don\'t crash when ZNC is shutting down.
- CTCPReplies setting with empty value now blocks those CTCP
requests to the client.
- Show more sane error messages instead of \"Error: Success\".
- Imapauth: Follow RFC more closely.
- \"No\" is a false value too.

Wed Jan 25 13:00:00 2012 suseAATTammler.ch
- update to 0.204 (CVE-2012-0033)

* Fix a crash in bouncedcc module with DCC RESUME.

* Fix modperl compilation.

* Don\'t use mkdir during install.

* Check for the swig2.0 binary too, instead of only swig.

Sun Sep 25 14:00:00 2011 suseAATTammler.ch
- update to 0.202 (bugfix release)

* Fix a crash when a user changes the buffer size of a channel.

Wed Sep 14 14:00:00 2011 suseAATTammler.ch
- update to 0.200
- Move ident spoofing from ZNC core into new identfile module.
- Move dcc handling from ZNC core into new modules bouncedcc and dcc.
- Remove the obsolete fixfreenode module.
- New module: cert
- Move away into ZNC-Extra.
- remove remote services, just use it local

Thu Mar 31 14:00:00 2011 ammlerAATTopenttdcoop.org
- update to 0.098
- new module: modpython (not enabled in this package)
- webinterface for modules perform and listsockets
- admin can disconnect/reconnect other users
- user modules:
- colloquy (Push private messages and highlights to
your iPhone/iPod Touch via Colloquy Mobile.)
- update twitter (ssl and new api support)

Mon Nov 8 13:00:00 2010 ammlerAATTopenttdcoop.org
- update to 0.096
- new modules: clearbufferonmsg, certauth
- new global setting: MaxBufferSize
- new config option: SSLCertFile
- module route_replies now also supports routing channel ban
lists, ban exemptions and invite exceptions
- big perl overhaul (not part of this package)

Tue Jul 6 14:00:00 2010 anschneiderAATTexsuse.de
- updated twitter module

Mon Jul 5 14:00:00 2010 ammlerAATTopenttdcoop.org
- update to 0.092
- Webmods - Every module can now provide its own webpages.
- Webmods and thus webadmin now use cookies for managing
sessions instead of HTTP authentication.
- ZNC can now listen on IPv4-only, IPv6-only or on both-IP
sockets. Renamed \"Listen\" config option to \"Listener\".
- Added AddPort, DelPort, ListPorts command to
*status.
- Added a traffic info page to webadmin.

Fri Feb 19 13:00:00 2010 ammlerAATTopenttdcoop.org
- update to 0.080
New Webadmin default skin with UTF-8 support

Tue Dec 29 13:00:00 2009 anschneiderAATTexsuse.de
- added twitter module

Mon Dec 28 13:00:00 2009 anschneiderAATTexsuse.de
- update to 0.078
Fixed a possible crash if a client disconnected before an auth
module was able to verify the login.

Fri Jul 24 14:00:00 2009 mrueckertAATTsuse.de
- update to 0.074
ALL ZNC versions prior to 0.072 have a path traversal bug in
core. Users with a valid login are able to write files to all
places to which ZNC has write access. This means they could
upload and load new modules which do anything imaginable.


  
ICM