1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-05 13:33:12 +02:00
Commit Graph

1084 Commits

Author SHA1 Message Date
Bram Matthys f86cf68548 UnrealIRCd 4.0.16 2017-11-12 07:59:11 +01:00
Bram Matthys 67396c808d Update release notes 2017-11-10 19:48:32 +01:00
Bram Matthys 69264175e7 Update conf/ssl/curl-ca-bundle.crt (Wed Sep 20 03:12:05 2017 GMT) 2017-11-10 19:12:39 +01:00
Bram Matthys 6b35aa35a8 Delete UnrealIRCd 3.2.x changelogs (they are in git anyway) 2017-11-10 18:58:21 +01:00
Bram Matthys c5e38b9272 UnrealIRCd 4.0.16-rc1 2017-10-29 12:16:43 +01:00
Bram Matthys 704487e124 Fix numerous crash bugs in server to server code.
In 3.2.x we didn't fix these bugs since servers are trusted and
should send correct commands. In 4.0.x we changed this so we would
fix them when we come across such issues at normal priority (not
consider them security issues). I now took it a step further and
actively checked/looked for these issues and a bunch of them were
found. Almost all are NULL pointer dereferences, with some exceptions.
* S2S: MODE: check conv_param return value (NULL ptr crash)
* S2S: MODE: floodprot: More checks (NULL ptr crash)
* S2S: MODE: OOB write of NULL (write NULL past last element in an array)
* S2S: NICK: old compat fixes (NULL ptr crash)
* S2S: PROTOCTL: Check for double SID=
* S2S: SERVER: require at least 3 parameters (NULL ptr crash)
* S2S: SJOIN: require at least 3 parameters (NULL ptr crash)
* S2S: SJOIN: Fix OOB read (read 1 byte past buffer)
* S2S: TKL: validate set_at and expire_at (NULL ptr crash)
* S2S: TKL: require at least 9 parameters for spamf, not 8 (NULL ptr crash)
* S2S: TKL: ignore invalid spamfilter matching type (remove abort() call)
* S2S: TOPIC: querying for topic is not permitted (NULL ptr crash)
* S2S: UID: require 12 parameters (NULL ptr crash)
* S2S: WATCH: this is not a server command (NULL ptr crash)
* Fix OOB read (1 byte beyond string) for timevals. This was reachable
  from config code, TKL (S2S) and /*LINE (Oper). In practice no crash.
* MODE: make code less confusing (effectively no change)
* TRACE: remove strange output in case of 0 lines of output
* Fix unimportant memory leak on boot (#4713, reported by dg)
* Fix small memory leak upon 'DNS i' (oper only command)
* Always work on a copy in clean_ban_mask(). This fixes a bug that could
  result in a strlcpy(buf, buf, sizeof(buf)). So, overlapping strings,
  which is undefined behavior.
2017-10-29 11:20:52 +01:00
Bram Matthys 77234b2b8d API change for HOOKTYPE_PRE_INVITE and fix #5023:
* API change for HOOKTYPE_PRE_INVITE:
  (aClient *sptr, aClient *target, aChannel *chptr, int *override)
  Modules must now send the error message instead of only returning
  HOOK_DENY. Also check for operoverride and set *override=1.

This so modules can send their own error messages instead of the
default message being sent ("channel is +V" - which is not true).

Reported by Gottem (#5023).
2017-10-23 10:07:33 +02:00
Bram Matthys a716e3ccaa The default oper snomask now includes 'S' (spamfilter notices). 2017-10-18 15:11:12 +02:00
Bram Matthys 70b64c2ad8 If you have any blacklist { } block then UnrealIRCd will set an
set::handshake-delay of 2 seconds by default. This will allow (most)
DNSBL checking to be finished before the user comes online, while
still allowing a smooth user experience.
If your DNS(BL) is slow then you could raise this setting slightly.
2017-10-18 15:03:12 +02:00
Bram Matthys 98b4832b27 clarify 2017-10-12 20:18:24 +02:00
Bram Matthys c2d80028b3 Update release notes to reflect latest changes. 2017-10-12 20:16:42 +02:00
Bram Matthys df5ed0884e Use spkifp instead of sslclientcertfp in example conf.
Add example link block for services (but reject if user does not
change the default password)
2017-10-09 15:10:37 +02:00
Bram Matthys 75ab9a766c Dumdeedum 2017-10-08 18:21:43 +02:00
Bram Matthys b52b82f8a5 Tweaks 2017-10-07 21:42:41 +02:00
Bram Matthys ee2435689c Some initial work on release notes for 4.0.16. 2017-10-07 21:36:22 +02:00
Bram Matthys 37dbdfeee3 Bump version to 4.0.16-devel. This version is under development.
You should always use https://www.unrealircd.org/ for stable releases.
In case you wondered what happened with 4.0.15: that version consists
of cherry-picked / backports of the two crash fixes from this 'unreal40'
development branch. The current code simply wasn't ready yet for a
rushed security release.
2017-10-01 19:37:29 +02:00
Bram Matthys 838354f155 UnrealIRCd 4.0.14 2017-09-15 10:23:49 +02:00
Bram Matthys de9216a339 * Please do not use UmodeDel, CmdoverrideDel and any other *Del()
functions from MOD_UNLOAD. [..]
2017-09-15 10:19:55 +02:00
Bram Matthys 217ea69fe8 Use ircs:// link instead of irc:// 2017-09-15 08:24:30 +02:00
Bram Matthys 91e108499e Convert remaining http:// links to https:// 2017-09-15 08:19:08 +02:00
Bram Matthys 3cbf2536b2 Clarify 2017-09-08 08:26:53 +02:00
Bram Matthys 1f856745e5 4.0.14-rc1 2017-09-08 08:16:21 +02:00
Bram Matthys 366a494c00 Last update of release notes before -rc1? 2017-09-08 08:15:54 +02:00
Bram Matthys 296decf648 This code can be removed now that we have a working verify_certificate().
Also broke LibreSSL (SSL_CTX_get0_param undefined).
2017-09-06 16:49:25 +02:00
Bram Matthys a21222a672 Bump MODDATA_MAX_CLIENT from 8 to 12 and move MODDATA_MAX_* to include/config.h 2017-09-06 16:29:48 +02:00
Bram Matthys 05c6dfbb35 Update release notes 2017-09-06 16:22:13 +02:00
Bram Matthys 58ebc9c6be Move previous release notes (4.0.13) to doc/RELEASE-NOTES.old 2017-09-03 16:23:05 +02:00
Bram Matthys 788f628403 Update release notes 2017-09-03 16:22:44 +02:00
Bram Matthys 3510a98e50 Shorten the set::plaintext-policy text. Content was good but it was too long. 2017-09-03 16:10:37 +02:00
Bram Matthys 8fad7c563d Add cap/link-security and cap/plaintext-policy modules. 2017-09-03 16:06:39 +02:00
Bram Matthys 08b621aa08 +Minor issues fixed 2017-08-25 20:38:30 +02:00
Bram Matthys bfa00e95b7 Set default plaintext-policy to be 'warn' for /OPER and 'deny' for
server linking. Write some draft release notes for later use.
2017-08-19 11:19:33 +02:00
Bram Matthys 40e3e11b61 UnrealIRCd 4.0.13 2017-08-15 12:12:10 +02:00
Bram Matthys c8a67f9436 Update curl-ca-bundle to Wed Jun 7 03:12:05 2017. Remove CACERT. 2017-08-15 11:48:48 +02:00
Bram Matthys 74d5f380dd A /REHASH from a WebSocket connection would cause a crash (requires
IRCOp privileges). This is a rather technical issue, we now simply
reject the rehash. See comments in code for more information.
2017-08-10 09:02:05 +02:00
Bram Matthys 18202a0f73 Fix "ban too broad" checking. Reported by Gottem in #4961.
* The 'ban too broad' checking was broken. This permitted glines such
  as 192.168.0.0/1 being set. Now it rejects CIDR of /15 and lower.
  To disable this safety measure you can (still) use:
  set { options { allow-insane-bans; }; };
2017-08-10 08:30:54 +02:00
Bram Matthys 8ccf5700f1 Prepare for 4.0.13-rc1 2017-08-10 07:46:17 +02:00
Bram Matthys ab3e65a76f Load cap/sts module by default (only active if set::ssl::sts-policy is set). 2017-08-09 15:49:03 +02:00
Bram Matthys 0c1f299b0b UnrealIRCd 4.0.12.1 release 2017-06-02 08:56:24 +02:00
Bram Matthys ffc5f0ce44 Update modules.optional.conf 2017-05-13 12:33:37 +02:00
Bram Matthys 50801f5068 Add conf/modules.optional.conf. This loads all additional modules that
are not in modules.default.conf.
2017-05-13 12:24:55 +02:00
Bram Matthys bbf33b62dc UnrealIRCd will now refuse to run as root, as promised a couple of versions ago.
https://www.unrealircd.org/docs/Do_not_run_as_root
2017-05-12 11:42:01 +02:00
Bram Matthys 3dc27370a1 Prepare for UnrealIRCd 4.0.12 release. 2017-05-12 11:24:36 +02:00
Bram Matthys c97a3e1903 Add user mode +Z: Only allows SSL/TLS users to private message you.
Based on +R, idea seen on the forums (from Stealth ?)
2017-02-18 14:39:32 +01:00
Bram Matthys e44fb1d355 UnrealIRCd 4.0.11 2017-02-10 15:34:05 +01:00
Bram Matthys 027826d451 Document channel mode +D and remove +u. Reported by FwdInTime (#4839). 2017-02-10 13:07:21 +01:00
Bram Matthys e09da031cc UnrealIRCd 4.0.10 release 2017-01-13 09:12:52 +01:00
Bram Matthys 90508c74ae UnrealIRCd 4.0.10-rc2 2017-01-06 13:35:31 +01:00
Bram Matthys 6067202cdf Rewrite SJOIN to fix a bug where modes were sometimes cut-off resulting
in incorrect bans being added.
2017-01-06 11:11:19 +01:00
Bram Matthys 61265ec226 Write release notes for 4.0.10-rc1 2016-12-30 21:11:58 +01:00