2009
znc (0.058-2+lenny3) stable-security; urgency=high
* Fixes an high-impact directory traversal bug, where unprivileged users can
save about DCC SEND files on the server with the rights of the znc process.
The attacker could also use the exploit to get a shell on the server.
Closes: #537977
-- Patrick Matthäi <pmatthaei@debian.org> Fri, 24 Jul 2009 10:59:59 +0200
znc (0.058-2+lenny2) stable; urgency=low
* Add 03-crash-deleted-user.dpatch, which fixes a possible crash if users are
deleted.
If a user is deleted while it is trying to connect to an IRC server, the
IRC socket wasn't deleted together with the user. At some later point in
time, the IRC socket will try to use the user object, which was already
freed by now.
Closes: #536489
* Change my email address.
-- Patrick Matthäi <pmatthaei@debian.org> Fri, 10 Jul 2009 12:20:16 +0200
znc (0.058-2+lenny1) stable-security; urgency=low
* Add 02-webmin-priv-escalation.dpatch which properly handle newlines in
CHTTPSock::GetParam() and strip them out. This patch fixes an important
privilege escalation.
Closes: #516950
-- Patrick Matthäi <patrick.matthaei@web.de> Wed, 4 Mar 2009 11:55:21 +0200
2008
znc (0.058-2) unstable; urgency=low
* Implemented dpatch.
* Add 01-emb_perl-sys-init3.dpatch patch from upstream svn (r1155-r1158).
Closes: #495076
* Merge debian/changelog from the stable 0.045-3+etch1 upload.
-- Patrick Matthäi <patrick.matthaei@web.de> Sun, 17 Aug 2008 19:50:11 +0200
znc (0.058-1) unstable; urgency=high
* New upstream release.
- Bumping urgency to high, because this release fixes a local privilege
escalation. For more informations see svn commit 1113 on the upstream
subversion repository. This bug does not exist in the stable version.
* Removed note on a not existing file in README.Debian.
* Removed the indefinite article "an" from the short description.
-- Patrick Matthäi <patrick.matthaei@web.de> Thu, 10 Jul 2008 14:02:50 +0200
znc (0.056+svn1109-1) unstable; urgency=low
* New upstream svn snapshot.
* Add VERSION_EXTRA CXXFLAGS which appends the Debian revision to the
internal version of znc.
-- Patrick Matthäi <patrick.matthaei@web.de> Sat, 28 Jun 2008 11:35:47 +0200
znc (0.056+svn1093-1) unstable; urgency=low
* New upstream svn snapshot.
- Manpages have been added.
Closes: #411500
- The README now also describes two options which are unclear for most
users.
Closes: #411502
- Drop dpatch. The patch has been applied by upstream.
- We do not need to fix the rights of modperl.pm anymore, fixed in svn.
* Bumped Standards-Version to 3.8.0 (no changes needed).
* Correct typo in the Files field for Csocket.cpp and Csocket.h.
Thanks psychon for reporting that.
-- Patrick Matthäi <patrick.matthaei@web.de> Sat, 14 Jun 2008 18:27:01 +0100
znc (0.045-3+etch1) stable; urgency=low
* Set myself as new maintainer.
* Applied two patches from upstream which fixes two crash bugs:
- Crash bug when doing /nick while not connected to IRC (NULL pointer).
- Crash bug when using *status while not connected to IRC (NULL pointer).
-- Patrick Matthäii <patrick.matthaei@web.de> Fri, 13 Jun 2008 21:49:31 +0100
znc (0.056-1) unstable; urgency=low
* New upstream release.
* New maintainer.
Closes: #483248
* Build znc with IPv6 support.
* Applied upstream patch from svn r1068 to de-bashify znc-buildmod.
* Dropped autotools-dev build depend.
* Removed Vcs-Git control field.
* Added DM-Upload-Allowed control field.
* Some debian/rules tweaks like cross compile support.
* Install modperl.pm without executable rights.
-- Patrick Matthäi <patrick.matthaei@web.de> Sat, 31 May 2008 21:04:31 +0100
znc (0.054-4) unstable; urgency=low
* Orphaned the package.
-- Joey Hess <joeyh@debian.org> Tue, 27 May 2008 18:34:09 -0400
znc (0.054-3) unstable; urgency=low
* Convert znc-buildmod to a bash script so as to not need to worry about
bashisms (actually, nonportable echo -e's) in this script. Closes: #480621
-- Joey Hess <joeyh@debian.org> Wed, 14 May 2008 19:46:43 -0400
znc (0.054-2) unstable; urgency=low
* Remove some patches for things fixed upstream. Thanks to Robert Förster
for pointing them out.
-- Joey Hess <joeyh@debian.org> Sat, 19 Apr 2008 17:00:13 -0400
znc (0.054-1) unstable; urgency=low
* New upstream release:
* Forward /names replies for unknown channels.
* Global modules can no longer hook into every config line, but only
those prefixed with 'GM:'.
* Don't forward topic changes for detached channels.
* Remove ~/.znc/configs/backups and instead only keep one backup under
znc.conf-backup.
* Update /msg *status help.
* Add --datadir to znc-config.
* Update bundled Csocket to the latest version. This fixes some bugs
(e.g. not closing SSL connections properly).
* Use $HOME if possible to get the user's home (No need to read
/etc/passwd anymore).
* Use -Wshadow and fix all those warnings.
* Add /msg *status ListAvailMods. Thanks to SilverLeo.
* Add OnRehashDone() module call.
* Add rehashing (SIGHUP and /msg *status rehash).
* Also write a pid file if we are compiled with --enable-debug.
Thanks to SilverLeo.
* Add ClearVHost and 'fix' SetVHost. Thanks to SilverLeo.
* Increase the connect timeout for IRC connections to 2 mins.
* Add a user's vhost to the list on the user page in webadmin.
* Add --no-color switch and only use colors if we are on a terminal.
* Add DenySetVHost config option. Thanks to Veit Wahlich aka cru.
* Change --makeconf's default for KeepNick and KeepBuffer to false.
* Add simple_away module. This sets you away some time after you
disconnect from ZNC.
* Don't write unneeded settings to the <Chan> section. Thanks to SilverLeo.
* Remove OnFinishedConfig() module call. Use OnBoot() instead.
* Fix some GCC 4.3 warnings. Thanks to darix again.
* Move the static data (webadmin's skins) to /usr/share/znc per default.
Thanks to Marcus Rueckert aka darix.
* New znc-buildmod which works on shells other than bash.
* Add ClearAllChannelBuffers to *status.
* Handle CTCPs to *status.
* autoattach now saves and reloads its settings.
* Let webadmin use the user's defaults for new chans. Thanks to SilverLeo.
-- Joey Hess <joeyh@debian.org> Tue, 01 Apr 2008 13:13:12 -0400
znc (0.052-2) unstable; urgency=low
* Add a Homepage field. * Remove antiidle module, gone upsteam (bad merge before). * Copyright file updates.
-- Joey Hess <joeyh@debian.org> Fri, 18 Jan 2008 13:34:27 -0500
2007
znc (0.052-1) unstable; urgency=low
* New upstream release:
* Added saslauth module.
* Add del command to autoattach.
* Make awaynick save its settings and restore them when it is loaded again.
* Added disconnect and connect commands to *status.
* CTCPReply = VERSION now ignores ctcp version requests (as long as no
client is attached). This works for every CTCP request.
* Add -W to our default CXXFLAGS.
* Remove save command from perform, it wasn't needed.
* Add list command to stickychan.
* --with-module-prefix=x now really uses x and not x/znc (Inspired by
CNU :) ).
* Use a dynamic select timeout (sleep until next cron runs). This should
save some CPU time.
* Fix NAMESX / UHNAMES, round two (multi-client breakage).
* Module API change (without any breakage): OnLoad gets sMessage instead
of sErrorMsg.
* Fix a mem-leak.
* Disable auto-rejoin on kick and add module kickrejoin.
* Respect $CXXFLAGS env var in configure.
* Removed some executable bits on graphiX' images.
* Added README file and removed docs/.
* Removed the antiidle module.
* Fixes for GCC 4.3 (Debian bug #417793).
* Some dead code / code duplications removed.
* Rewrote Makefile.ins and don't strip binaries anymore by default.
-- Joey Hess <joeyh@debian.org> Tue, 04 Dec 2007 13:12:15 -0500
znc (0.050-1) unstable; urgency=low
* New upstream release:
* fixed UHNAMES bug (ident was messed up, wrong joins were sent)
* fixed /lusers bug (line was cached more than once)
* added disabled chans to the core
* send out a notice asking for the server password if client
doesn't send one
* added ConnectDelay config option
* added timestamps on the backlog
* added some module calls
* added basic traffic stats
* added usermodes support
* API breakage (CModule::OnLoad got an extra param)
* added fixed channels to the partyline module
* fixed partyline bugs introduced by last item
* fixed a NULL pointer dereference if /nick command was received from a
client while not connected to IRC
* added a JoinTries per-user config option which specifies how often we
try to rejoin a channel (default: 0 -> unlimited)
* make configure fail if it can't find openssl (or perl, ...)
* new modules: antiidle, nickserv
* znc-buildmod contains a bashish, run under bash.
-- Joey Hess <joeyh@debian.org> Mon, 27 Aug 2007 13:44:40 -0400
znc (0.047-2) unstable; urgency=low
* Fix nostrip build. Closes: #438368
-- Joey Hess <joeyh@debian.org> Thu, 16 Aug 2007 13:55:47 -0400
znc (0.047-1) unstable; urgency=low
* New upstream release. * Patch from tbm fixing FTBFS with gcc 4.3. Closes: #417793 * Add a basic README.Debian. Closes: #411495
-- Joey Hess <joeyh@debian.org> Mon, 14 May 2007 13:44:45 -0400
2006
znc (0.045-3) unstable; urgency=high
* Apply patch from CVS to fix a security hole that allowed a logged-in
user to get/put any accessible file on the host running znc, rather than
only files they should be allowed to access. Closes: #403141
-- Joey Hess <joeyh@debian.org> Thu, 14 Dec 2006 17:08:30 -0500
znc (0.045-2) unstable; urgency=low
* Fix FTBFS with gcc 4.2 which removes the deprecated >? operator.
Closes: #393993
-- Joey Hess <joeyh@debian.org> Fri, 20 Oct 2006 16:23:17 -0400
znc (0.045-1) unstable; urgency=low
* First release. * Moved the modules from /usr/share/znc to /usr/lib/znc. * Use recent config.sub and config.guess from autotools-dev. * Added LICENSE and LICENSE.OpenSSL files from current upstream CVS.
-- Joey Hess <joeyh@debian.org> Thu, 14 Sep 2006 13:04:28 -0400