Tags · flakes/znc

New stuff:
* Add new global setting MaxBufferSize instead of hardcoding a value.
* Support CAP.
* Add new module certauth which works similar to certfp (http://www.oftc.net/oftc/NickServ/CertFP).
* route_replies now also supports routing channel ban lists, ban exemptions and invite exceptions.
* Add a -nostore flag to the away module.
* Add a new config option SSLCertFile.

Fixes:
* Fix configure to automatically disable modperl if perl is not found.
* Include the port number in cookie names to make them unique across different znc instances on the same box.
* Make sure that we have at least c-ares 1.5.0.
* Make znc work on solaris.
* Improve configure's and make's output.
* Complain about truncated config files.
* Fix some std::out_of_range error triggerable by people with a valid login.
* Make fakeonline behave while we are not connected to an IRC server.
* Always attach to channels when joining them.
* Fix a NULL pointer dereference in route_replies.

Minor stuff:
* Allow leading and trailing spaces in config entries.
* Use pkg-config for finding openssl, if it's available. We still fall back to the old code if this fails.
* znc no longer accepts an alternative file name for znc.conf as its argument.
* Generate correct HTTP status codes in webmods and make sure this doesn't happen again.
* Rewrite our PING/PONG handling.
* Raise the size of the query buffer to 250.
* Update to latest Csocket.

Internal stuff:
* Remove the fake module usage in WebMods.
* Remove fake modules completely.
* Make CTable more robust.
* Move the OnKick() module call so it is issued when the nick still is visible in the channel.
* Remove CZNC::GetUser() since CZNC::FindUser() does the same.
* Minor changes to webmod skins.
* Add new macros GLOBALMODULECALL and ALLMODULECALL.
* Remove a bogus CClient* argument from some module calls.
* Mark some functions as const.

Aug 20, 2010
e1b4abe
zip
tar.gz

znc-0.092

ZNC 0.092

Changes since ZNC 0.090:

This is a bugfix-only release, mainly for fixing CVE-2010-2488.

Fixes:
* ZNC wrongly counted outgoing connections towards
  the AnonIPLimit config option.
* The traffic stats caused a NULL pointer dereference if there were any
  unauthenticated connections. (CVE-2010-2488)
* Csocket had a bug where a wrong error message was generated
  and one that caused busy loops with c-ares.

Jul 3, 2010
7460064
zip
tar.gz

znc-0.090

ZNC 0.090

Changes since ZNC 0.080:

Upgrading from previous versions
================================

Errors during start-up
----------------------
The shell, email and imapauth modules have been moved from
the regular module set to the "extra" set, you have to use --enable-extra
with ./configure to compile them.

So, to fix these errors, edit the znc.conf file in ~/.znc/configs and
don't load those modules, or recompile znc with extra.

WebMods
-------
While previously only the "webadmin" provided an HTTP server/interface,
the HTTP server is now integrated into ZNC's core. This means that all modules
(not only webadmin) can now provide web pages. Examples shipping with ZNC are
lastseen, stickychan and notes. Old-style module arguments to webadmin
will be automatically converted to the new syntax.

Please note that the WebMods interface uses session cookies
instead of 'Basic' HTTP authentication.

All URLs to webadmin's settings pages have changed.
Please adjust your scripts etc. if necessary.

Running without installing
--------------------------
If you want to run ZNC without doing make install, i.e. if you want to run
it from the source dir, you will have to add --enable-run-from-source as an
argument to ./configure. You do NOT have to care about this if
you use a --prefix= or if you install ZNC system-wide.

Detailed Changelog
==================

New stuff
* WebMods - Every module can now provide its own webpages.
* Webmods and thus webadmin now use cookies for managing sessions instead of HTTP authentication.
* WebMod-enabled lastseen, stickychan modules.
* Partyline now also handles notices, /me and CTCP.
* Partyline now saves channel topics across restarts.
* Added a "number of channels" column to /znc listusers.
* Added an optional user name argument to /znc listchans.
* Support for the general CAP protocol and the multi-prefix and userhost-in-names caps on connections to the IRC server.
* ZNC can now listen on IPv4-only, IPv6-only or on both-IP sockets. Renamed "Listen" config option to "Listener".
* Added LoadModule, UnLoadModule, ListMods commands to the Admin module.
* Added ability to set/get TimezoneOffset to the Admin module.
* Added "Connect to IRC + automatically re-connect" checkbox to webadmin.
* Remember "automatically connect + reconnect" flag across restarts by writing it to the config file.
* Added AddPort, DelPort, ListPorts command to *status.
* Added optional quit message argument to disconnect command.
* Added new charset module to extra.
* Added a traffic info page to webadmin.

Fixes
* Don't let ZNC connect to itself.
* Added a missing error message to /znc updatemod.
* Generate cryptographically stronger certificates in --makepem.
* Autoattach now triggers on channel actions.
* --disable-tcl now really disables TCL instead of enabling it.
* User name comparison in blockuser is now case-sensitive.
* Fixed /names when route_replies is loaded.
* autoreply now ignores messages from self.
* Don't forward QUIT messages to clients.
* Do not create empty directories if one does ./znc --datadir=NON_EXISTING_DIR.
* Query to Raw send the command to IRC instead of to the client.
* Fixed desync in Partyline after addfixchan or delfixchan.
* Save passwords for Nickserv module as NV instead of keeping them as arguments.
* CSRF Protection.
* Fixed a rare configure failure with modperl.
* disconkick now only sends kicks for channels the client actually joined.
* More sanity checks while rewriting znc.conf.
* Fixed static compilation with libcrypto which needs libdl by checking for libdl earlier.
* Fixed modtcl with newer tcl versions.
* Better error message if pkg-config is not found.
* Fixed a possible race condition in autoop which could cause bogous "invalid password" messages.

Minor stuff
* Fixed a memory leak and some coding style thanks to cppcheck (http://cppcheck.sf.net).
* Updated to latest Csocket.
* Cleanup to /znc help.
* Removed --disable-modules.
* saslauth: Error out "better" on invalid module arguments.
* Changed the default ConnectDelay from 30s to 5s.
* Misc style/skin fixes to webadmin/webmods.
* Do not expose ZNC's version number through the web interface unless there's an active user session.
* Updated AUTHORS file.
* Moved some modules into/out of extra.
* Added ./configure --enable-run-from-script, without it ZNC will no longer look for modules in ./modules/.
* Made a dedicated page to confirm user deletion in webadmin.
* Use spaces for seperating ip addresses from ports.
* ZNC's built-in MOTD now goes through ExpandString.
* Check for root before generating a new config file.
* Added a flag for adding irc-only / http-only ports via /znc addport.

Internal stuff
* Minor cleanup to various places.
* Changes in configure.
* Flakes messed with the version number.
* CString::Split() now Trim()s values before pushing them if bTrimWhiteSpace is true.
* Added new module hooks for config entries.
* New module hook OnAddUser().
* Cleanup to ISUPPORT parser.
* Use Split() instead of Token() where possible.
* Modularize CIRCSock::ForwardRaw353().
* Use a better seed for srand().
* Changes to debug output.
* Support for delayed HTTP request processing.
* Fixed CSmartPtr's operator==.
* Better port/listener management exposed through CZNC.
* Move CListener and CRealListener into their own files.
* Move the HTTP/IRC switching to CIncomingConnection.
* Add IsIRCAway() to CUser.
* Move some common pid file code into new InitPidFile().
* Templates can now sort loops based on a key.

A lot of work went into this release, we would like to thank everyone who contributed code, helped testing or provided feedback.

Jun 6, 2010
43ece72
zip
tar.gz

znc-0.080

ZNC 0.080

Changes since ZNC 0.078:

New stuff:
* Move the "Another client authenticated as you"-message into the new clientnotify module.
* Update to latest Csocket.
* Only allow admins to load modtcl unless -DMOD_MODTCL_ALLOW_EVERYONE is used.
* Include /me's in the query buffer.
* Some tweaks to savebuff to differentiate it more from buffextras.
* send_raw can now also send to clients.
* Imported the block_motd and flooddetach modules into extra.
* Added new setting ServerThrottle which sets a timeout between connections to the same server.
* Don't propose every single module in --makeconf.
* Use UTF-8 as the default charset for webadmin.
* Revamped the default webadmin skin.
* New font style for the "ice" webadmin skin.
* Added a summary line to /znc listchans.
* The admin module can now handle more settings and got some missing permission checks added.

Fixes:
* Apply new ConnectDelay settings immediately after a rehash.
* Do a clean shutdown just before a restart.
* Fix a theoretical crash in modtcl.
* CUser instances now use the correct save and download path after Clone().
* Several improvements to znc-buildmod.
* Fix a crash with modperl by loading modules differently.
* Fix HTTP Cache-Control headers for static files served by webadmin.
* Send the nicklist to a user who is being force-rejoined in partyline.
* Set the issuer name in CUtils::GenerateCert().
* Fixed some inconsistency with /znc reloadmod.
* Added a workaround for SSL connections which incorrectly errored out during handshake.

Minor stuff:
* Don't try to catch SIGILL, SIGBUS or SIGSEGV, the default action will do fine.
* Added IP-address to messages from notify_connect.
* Switched to Csocket's own c-ares code.
* Add more doxygen comments.
* Removed useless "add your current ip" checkbox from webadmin's edit user page.
* Don't try to request a MOTD if there is none.

Internal stuff:
* It's 2010, where's my hoverboard?
* Got rid of Timers.h.
* Added a Clone() method to CNick.
* Call OnChanAction() after OnChanCTCP().
* Random cleanups to CFile::Delete().
* Other random cleanups.
* Move the implementation of CSocket to Socket.cpp/h.

Feb 18, 2010
33b526e
zip
tar.gz

znc-0.078

ZNC 0.078

Changes sicne ZNC 0.076:

New stuff:
* Add a DCCVHost config option which specifies the VHost (IP only!) for DCC bouncing.
* Users cloned via the admin module no longer automatically connect to IRC.
* Inform new clients about their /away status.
* The "BUG" messages from route_replies can now be turned off via <code>/msg *route_replies silent yes</code>.
* Rewrite znc.conf on SIGUSR1.
* ISpoofFormat now supports ExpandString.

Fixes:
* Allow specifing port and password for delserver.
* Write the config file on restart and shutdown.
* Disable c-ares if it is not found unless ''--enable-c-ares'' was used.
* blockuser was missing an admin check.
* Sometimes, removing a server caused znc to lose track of which server it is connected to.
* Include a more portable header for uint32_t in SHA256.h.
* Fixed cases where ZNC didn't properly block PONG replies to its own PINGs.
* Fixed a possible crash if a client disconnected before an auth module was able to verify the login.
* Away allowed to accidentally execute IRC commands.
* Correctly bind to named hosts if c-ares is enabled.
* Don't accept only spaces as QuitMsg because this would cause an invalid config to be written out.

Minor stuff:
* Comment out some weird code in Client.cpp.
* Remove connect_throttle since it's obsoleted by fail2ban.
* Remove outdated sample znc.conf.
* route_replies now got a higher timeout before it generates a "BUG" message.
* Documented the signals on which znc reacts better.

Internal stuff:
* New module hook OnIRCConnecting().
* Remove obsolete CUtils::GetHashPass().
* A module's GetDescription() now returns a C-String.
* When opening a module, check the version number first and don't do '''anything''' on a mismatch.

Dec 18, 2009
ed4c836
zip
tar.gz

znc-0.076

ZNC 0.076

Changes since ZNC 0.074:

New stuff:
* Add a "make uninstall" Makefile target.
* Imported modules from znc-extra: fixfreenode, buffextras, autoreply, route_replies, adminlog.
* Imported the rest of znc-extra under modules/extra hidden behind configure's --enable-extra.
* ZNC now uses SHA-256 instead of MD5 for hashing passwords. MD5 hashes still work correctly.

Fixes:
* Don't cache duplicate raw 005 (e.g. due to /version).
* Send a MODE removing all user modes to clients when we lose the irc connection.
* Use a nickmask instead of a nick as the source for ZNC-generated MODE commands.
* Use the right error codes if startup fails.
* Fix a NULL pointer dereference in some of the ares-specific code.
* VHost and Motd input boxes in graphiX and dark-clouds in webadmin didn't insert newlines.
* Generate proper error messages when loading modules. This was broken since znc 0.070.
* Allow unloading of removed modules. This was broken since znc 0.070.
* Fix savebuff with KeepBuffer = false.
* Fix accidental low buffer size for webadmin sockets.
* AltNicks are no longer truncated to 9 characters.
* Webadmin can now successfully add new admin users and have them load the shell module.
* Webadmin no longer includes the znc version in the auth realm.
* CUser::Clone now handles modules after all other settings, making it work with shell.
* Some CSS selectors in webadmin's dark-clouds and graphiX skins were wrong.
* The help output from the admin module was improved.

Minor stuff:
* make distclean now also removes the pkg-config files.
* Add the autoconf check for large file support.
* Generic "not enough arguments" support for route_replies and some fix for /lusers.
* ZNC now tries to join channels in random order.
* route_replies now handles "No such channel" for /names.
* Fixes a theoretical crash on shutdown.
* saslauth was moved to znc-extra.

Internal stuff:
* Now using autoconf 2.64.
* Removed unused classes CNoCopy and CSafePtr.
* Moved CZNC::FindModPath() to CModules.
* Added CModules::GetModDirs() as a central place for finding module dirs.
* Added CModules::GetModPathInfo() which works like GetModInfo() but which takes the full path to the module.
* Updated to latest Csocket which adds openssl 1.0 compatibility and fixes some minor bug.
* Merged the internal join and ping timers.

Sep 24, 2009
25ce7c8
zip
tar.gz

znc-0.074

ZNC 0.074

Changes since ZNC 0.072:

Brown-paper-bag fixes:
* Fix a regression due to r1569: Webadmin was broken if the skins were accessed
  through an absolute path (=almost always).

"Standard" fixes:
* Fix a possible crash if users are deleted while they have active DCC sockets.

Sorry for breaking your webadmin experience guys. :(

Jul 23, 2009
7cf570d
zip
tar.gz

znc-0.072

ZNC 0.072

Changes since ZNC 0.070:

High-impact security bugs:
There was a path traversal bug in ZNC which allowed attackers write access to
any place to which ZNC has write access. The attacker only needed a user
account (with BounceDCCs enabled). Details are in the commit message:
http://znc.svn.sourceforge.net/viewvc/znc?view=rev&sortby=rev&sortdir=down&revision=1570

All ZNC versions since ZNC 0.022 (Initial import in SVN) are affected.

New stuff:
* /msg *status uptime is now accessible to everyone.
* ZNC can now optionally use c-ares for asynchronous DNS resolving.
* The new config option AnonIPLimit limits the number of unidentified connections per IP.

Fixes:
* znc --no-color --makeconf still used some color codes.
* Webadmin favicons were broken since r1481.
* znc.pc was installed to the wrong directory in multilib systems.
* Handle flags like e.g. --allow-root for /msg *status restart.
* Fix channel user mode tracking.
* Fix a possible crash if users are deleted while they are connecting to IRC.
* Limit HTTP POST data to 1 MiB.
* OnStatusCommand() wasn't called for commands executed via /znc.
* On systems where sizeof(off_t) is 4, all ZNC-originated DCCs failed with
"File too large (>4 GiB)".
* ZNC didn't properly verify paths when checking for directory traversal attacks (Low impact).

Minor stuff:
* Minor speed optimizations.
* stickychan now accepts a channel list as module arguments.
* Added a clear command to nickserv.
* Added an execute command to perform.
* Added a swap command to perform.
* fail2ban clears all bans on rehash.

Internal stuff:
* The API for traffic stats changed.
* Some optimizations to CSmartPtr.
* CString now accepts an optional precision for converting floating point numbers.
* Made home dir optional in CDir::ChangeDir().
* EMFILE in CSockets is handled by closing the socket.

Special thanks to cnu and flakes for finding security issues!

Jul 21, 2009
9f71f30
zip
tar.gz

znc-0.070

ZNC 0.070

Changes since ZNC 0.068:

New stuff (aka the cool things):
* Add a CloneUser command to admin.
* Make webadmin work better with browser caches in conjunction with changing skins.
* Better error messages if binding a listening port fails.
* admin module now supports per-channel settings.
* Fix the KICK that partyline generates when a user is deleted.
* fail2ban now allows a couple of login attempts before an IP is banned.
* Fixed a crash bug in stickychan.
* Install a pkg-config .pc file.
* Auto-detect globalness in re/un/loadmod commands.

Fixes:
* Fix a bug where ZNC lost its lock on the config file.
* Limit DCC transfers to files smaller than 4 GiB.
* Make znc -D actually work.
* Make znc --datadir ./meh --makeconf work. The restart used to fail.
* Fix a crash bug if CNick::GetPermStr() was called on CNick objects from module calls.
* Some fixes for solaris.
* nickserv module now also works on OFTC.
* Make sure the "Invalid password" message is sent before a client socket is closed.
* Fix a bug where ZNC would reply with stale cached MODEs for a "MODE #chan" request.

Minor stuff:
* Man page updates.
* Make CFile::Close() check close()'s return values if --debug is used.
* Update to latest Csocket.
* Improve the error messages generated by /msg *status loadmod.
* Remove broken znc --encrypt-pem.

Internal stuff:
* cout and endl are included in Utils.h, not main.h.
* CFile::Get*Time() now return a time_t.
* Switched some more CFile members to more appropriate return types.
* CFile::Seek() now takes an off_t as its argument.
* Turn TCacheMap into more of a map.
* Updates to latest Csocket.
* API breakage: CAuthBase now wants a Csock* instead of just the remote ip.
* New Module hooks
** OnChanBufferStarting()
** OnChanBufferPlayLine()
** OnChanBufferEnding()
** OnPrivBufferPlayLine()

May 23, 2009
29dd48d
zip
tar.gz

PreviousNext

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

znc-0.096

znc-0.094