znc-1.7.1-2.1

- Update to version 1.7.1:
  * Security critical fixes[edit]
    + CVE-2018-14055: non-admin user could gain admin privileges and shell access by injecting values into znc.conf.
    + CVE-2018-14056: path traversal in HTTP handler via ../ in a web skin name.
  * Core
    + Fix znc-buildmod to not hardcode the compiler used to build ZNC anymore in CMake build (#1536)
    + Fix language selector. Russian and German were both not selectable.
    + Fix build without SSL support (#1554)
    + Fix several broken strings
    + Stop spamming users about debug mode. This feature was added in 1.7.0, now reverted. (#1541)
  * New
    + Add partial Spanish, Indonesian, and Dutch translations
  * Modules
    + adminlog: Log the error message again (regression of 1.7.0) (#1557)
    + admindebug: New module, which allows admins to turn on/off --debug in runtime (#1556)
    + flooddetach: Fix description of commands (#1548)
    + modperl: Fix memory leak in NV handling
    + modperl: Fix functions which return VCString (#1543)
    + modpython: Fix functions which return VCString (#1543)
    + webadmin: Fix fancy CTCP replies editor for Firefox. It was showing the plain version even when JS is enabled
  * Internal
    + Deprecate one of the overloads of CMessage::GetParams(), rename it to CMessage::GetParamsColon()
    + Don't throw from destructor in the integration test
    + Fix a warning with integration test / gmake / znc-buildmod interaction.
- Drop upstream patches:
  * znc-inject2.patch
  * znc-inject.patch
  * znc-traversal.patch

- Fix boo#1101280 CVE-2018-14056
  * znc-traversal.patch
- Fix boo#1101281 CVE-2018-14055
  * znc-inject.patch
  * znc-inject2.patch
- Fix building on Leap-42* by using less strict linker flags

- Define systemd unitdir for cmake

- Update to version 1.7.0:
  * Add CMake build. Minimum supported CMake version is 3.1. For now ZNC can be built with either CMake or autoconf. In future autoconf is going to be removed.
  * Currently znc-buildmod requires python if CMake was used; if that's a concern for you, please open a bug.
  * Increase minimum GCC version from 4.7 to 4.8. Minimum Clang version stays at 3.2.
  * Make ZNC UI translateable to different languages (only with CMake), add partial Russian and German translations. (#1237) (#1354) (#1462)
  * If you want to translate ZNC to your language, please join https://crowdin.com/project/znc-bouncer
  * Configs written before ZNC 0.206 can't be read anymore (#929)
  * Implement IRCv3.2 capabilities away-notify, account-notify, extended-join (#315) (#316)
  * Implement IRCv3.2 capabilities echo-message, cap-notify on the "client side" (#950)
  * Update capability names as they are named in IRCv3.2: znc.in/server-time-iso→server-time, znc.in/batch→batch. Old names will continue working for a while, then will be removed in some future version.
  * Make ZNC request server-time from server when available (#839)
  * Increase accepted line length from 1024 to 2048 to give some space to message tags
  * Separate buffer size settings for channels and queries (#967)
  * Support separate SSLKeyFile and SSLDHParamFile configuration in addition to existing SSLCertFile (#1192)
  * Add "AuthOnlyViaModule" global/user setting (#331)
  * Added pyeval module
  * Added stripcontrols module (#387)
  * Add new substitutions to ExpandString: %empty% and %network%. (#1049) (#1139)
  * Stop defaulting real name to "Got ZNC?" (#818)
  * Make the user aware that debug mode is enabled. (#1446)
  * Added ClearAllBuffers command (#852)
  * Don't require CSRF token for POSTs if the request uses HTTP Basic auth. (#946)
  * Set HttpOnly and SameSite=strict for session cookies (#1077) (#1450)
  * Add SNI SSL client support (#1200)
  * Add support for CIDR notation in allowed hosts list and in trusted proxy list (#207) (#1219)
  * Add network-specific config for cert validation in addition to user-supplied fingerprints: TrustAllCerts, defaults to false, and TrustPKI, defaults to true. (#866)
  * Add /attach command for symmetry with /detach. Unlike /join it allows wildcards.
  * Timestamp format now supports sub-second precision with %f. Used in awaystore, listsockets, log modules and buffer playback when client doesn't support server-time (#1455)
  * Build on macOS using ICU, Python, and OpenSSL from Homebrew, if available (#894)
  * Remove --with-openssl=/path option from ./configure. SSL is still supported and is still configurable
- Update dependencies
- Run spec-cleaner
- Use cmake for building

- Update to version 1.6.6:
  * Fix use-after-free in znc --makepem. It was broken for a long
    time, but started segfaulting only now. This is a useability
    fix, not a security fix, because self-signed (or signed by a
    CA) certificates can be created without using --makepem, and
    then combined into znc.pem.

- Cleanup of spec file with spec-cleaner

- Update project url

- Update to version 1.6.5:
  * Fixed a regression of 1.6.4 which caused a crash in modperl/modpython. (#1283)
  * Fixed the behavior of verbose command in the sasl module. (#1291)

- Drop extra hardening flags

- Slightly trim descriptions.

- Update to version 1.6.4 (boo#1017182):
  * Fixed build with OpenSSL 1.1. (#1310)
  * Fixed build on Cygwin.
  * Fixed a segfault after cloning a user. The bug was introduced in ZNC 1.6.0. (#1340)
  * Fixed a segfault when deleting a user or network which is waiting for DNS during connection. The bug was introduced in ZNC 1.0. (#1342)
  * Fixed a segfault which could be triggered using alias module. (#1347)
  * Fixed an error in controlpanel module when setting the bindhost of another user.
  * Fixed route_replies to not cause client to disconnect by timeout. (#1299)
  * Fixed compatibility with the Gitter IRC bridge. (#1321)
  * Fixed OnInvite for modpython and modperl. (#1283)
  * Fixed external location of GoogleTest for make test.

- Update changelog with missed issue boo#973088 (update to 1.6.3)

- Update to 1.6.3
  * New character encoding is now applied immediately, without
    reconnect.
  * Fixed build with LibreSSL. (#594)
  * Fixed error 404 when accessing the web UI with the configured
    URI prefix, but without the / in the end.
  * znc-buildmod now exits with non-zero exit code when the .cpp
    file is not found. (#1226)
  * Fixed znc-buildmod on Cygwin.
  * ExpandString got expanded.
  * Default quit message is switche
- Small spec file cleanup

- Update to 1.6.2
  * fixes
  + Fixed a use-after-delete in webadmin. It was already
  partially fixed in ZNC 1.4; since 1.4 it has been still
  possible to trigger, but much harder.
  + Fixed a startup failure when awaynick and simple_away were
  both loaded, and simple_away had arguments.
  + Fixed a build failure when using an ancient OpenSSL version.
  + Fixed a build failure when using OpenSSL which was built
  without SSLv3 support.
  + Bindhost was sometimes used as ident.
  + CAP :END wasn't parsed correctly, causing timeout during
  login for some clients.
  + Fixed channel keys if client joined several channels in
  single command.
  + Fixed memory leak when reading an invalid config.
  * autovoice
  + Check for autovoices when we are opped.
  * controlpanel
  + Fixed DelCTCPReply case-insensitivity.
  * dcc
  + Add missing return statement. It was harmless.
  * modpython
  + Fixed a memory leak.
  * modules_online
  + Wrong ident was used before.
  * stickychan
  + Fixed to unstick inaccessible channels to avoid infinite
  join loops.
  * internal changes
  + Fixed the nick passed to CModule::OnChanMsg() so it has
  channel permissions set.
  + Fixed noisy -Winconsistent-missing-override compilation
  warnings.
  + Initialized some fields in constructors of modules before
  OnLoad().
- Make building more verbose
- Partially fixes bsc#956254 - CVE-2014-9043

- Update to 1.6.1:
  * Fixed the problem that channels were no longer removed from the config despite
  of chansaver being loaded.
  * Fixed query buffer size for users who have the default channel buffer size set to 0.
  * Fixed a startup failure when simple_away was loaded after awaynick.
  * Fixed channel matching commands, such as DETACH, to be case insensitive.
  * Specified the required compiler versions in the configure script.
  * Fixed a rare conflict of HTTP-Basic auth and cookies.
  * Hid local IP address from the 404 page.
  * Fixed a build failure for users who have -Werror=missing-declarations in their CXXFLAGS.
  * Fixed CXXFLAGS=-DVERSION_EXTRA="foo" which is used by some distros to package ZNC.
  * Fixed znc-buildmod on Cygwin.
  * Fixed CThreadPool destructor to handle spurious wakeups.
  * Fixed make distclean to remove zncconfig.h.
  * Improved the error message about --datadir.
  * Fixed a compilation warning when HAVE_LIBSSL is not defined.
  * Fixed 'comparision' typos in CString documentation.
  * Added a non-minified version of the jQuery source code to make Linux distributions
  (Debian) happy, even though the jQuery license does not require this.
  * chansaver:
  * Fixed random loading behavior due to an uninitialized member variable.
  * modpython:
  * Fixed access to CUser::GetUserClients() and CUser::GetAllClients().
  * sasl:
  * Improved help texts for the SET and REQUIREAUTH commands. (#875)
  * savebuff:
  * Fixed periodical writes on the disk when the module is loaded after startup. (#868)
  * webadmin:
  * Fixed module checkboxes not to claim that all networks/users have loaded
    a module when there are no networks/users. (#872)
  * Added an explanation that ZNC was built without ICU support, when encoding
    settings are disabled for that reason.
  * Improved the breadcrumbs.
  * Mentioned ExpandString in CTCP replies.
  * Added an explanation how to delete port which is used to access webadmin.

- Update to 1.6.0:
  * Switch versioning scheme to <major>.<minor>.<patch>.  Add settings
  * for which SSL/TLS protocols to use (SSLProtocols),
  which ciphers to enable (SSLCiphers). By default TLSv1+ are enabled,
  SSLv2/3 are disabled. Default ciphers are what Mozilla advices:
  https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29
  * Validate SSL certificates.  Allow clients to specify an ID as part of
  * username
  (user[@identifier][/network]). Currently not used, but modules can
  use it.
  * Add alias module for ZNC-side command interception and processing.
  * Support character encodings with separate settings for networks,
  and for clients. It replaces older charset module, which didn't work
  well with webadmin, log and other modules.
  * Support X-Forwarded-For HTTP header, used with new TrustedProxy
  * setting.  Add URIPrefix option for HTTP listeners, used with reverse
  * proxy.  Store query buffers per query the same way it's done for
  * channels,
  add new option AutoClearQueryBuffer.
  * Add DisableChan command to *status, it was available only in
  webadmin before.
  * Allow wildcards in arguments of Help commands of *status and
  various modules.
  * Support IRCv3.2 batches, used for buffer playbacks.  Support IRCv3.2
  * self-message.  Remove awaynick module. It's considered bad etiquette.
  * Add JoinDelay setting, which allows a delay between
  connection to server, and joining first channel. By default it joins
  immediately after connect.
  * Make Detach, EnableChan and DisableChan commands of *status
  accept multiple channels.
  * znc-buildmod: Build output to the current working directory.  Wrap
  * long lines in tables (e.g. in Help or
  ListAvailMods commands).
  * Support ECDHE if available in OpenSSL.  Report ZNC version more
  * consistently, add HideVersion
  setting, which hides ZNC version from public.
  * Bump compiler requirements to support C++11. This means
  GCC 4.7+, Clang 3.2+, SWIG 3.0.0+.
- Drop support for old distributions since they lack support for
  C++11
- Drop package extra, all modules are now in znc
- Disable colloquy plugin since it fails to build
- Drop init script

- Rename znc-python to znc-python3
- Add signature and znc.keyring
- Reorder source names
- Correct (pre) dependencies for older releases of openSUSE

- Use proper licence
- Some tiny spec file cleanups

- Tighter dependency for perl
- Cleanup specfile

- Update to new version (1.4)
- Split to more packages
- Enable perl, python and tcl modules
- Remove obsolete modules
- Spec file cleanup

- add cap_sasl to support sasl which is needed for cloak usage.
  http://wiki.znc.in/Cap_sasl

- update to 0.206 (bugfix release)
  - Identfile: don't crash when ZNC is shutting down.
  - CTCPReplies setting with empty value now blocks those CTCP
    requests to the client.
  - Show more sane error messages instead of "Error: Success".
  - Imapauth: Follow RFC more closely.
  - "No" is a false value too.

- update to 0.204 (CVE-2012-0033)
  * Fix a crash in bouncedcc module with DCC RESUME.
  * Fix modperl compilation.
  * Don't use mkdir during install.
  * Check for the swig2.0 binary too, instead of only swig.

- update to 0.202 (bugfix release)
  * Fix a crash when a user changes the buffer size of a channel.

- update to 0.200
  - Move ident spoofing from ZNC core into new identfile module.
  - Move dcc handling from ZNC core into new modules bouncedcc and dcc.
  - Remove the obsolete fixfreenode module.
  - New module: cert
  - Move away into ZNC-Extra.
- remove remote services, just use it local

- update to 0.098
  - new module: modpython (not enabled in this package)
  - webinterface for modules perform and listsockets
  - admin can disconnect/reconnect other users
  - user modules:
  - colloquy (Push private messages and highlights to
    your iPhone/iPod Touch via Colloquy Mobile.)
  - update twitter (ssl and new api support)

- update to 0.096
  - new modules: clearbufferonmsg, certauth
  - new global setting: MaxBufferSize
  - new config option: SSLCertFile
  - module route_replies now also supports routing channel ban
    lists, ban exemptions and invite exceptions
  - big perl overhaul (not part of this package)

- updated twitter module

- update to 0.092
  - Webmods - Every module can now provide its own webpages.
  - Webmods and thus webadmin now use cookies for managing
    sessions instead of HTTP authentication.
  - ZNC can now listen on IPv4-only, IPv6-only or on both-IP
    sockets. Renamed "Listen" config option to "Listener".
  - Added AddPort, DelPort, ListPorts command to *status.
  - Added a traffic info page to webadmin.

- update to 0.080
  New Webadmin default skin with UTF-8 support

- added twitter module

- update to 0.078
  Fixed a possible crash if a client disconnected before an auth
  module was able to verify the login.

- update to 0.074
  ALL ZNC versions prior to 0.072 have a path traversal bug in
  core. Users with a valid login are able to write files to all
  places to which ZNC has write access. This means they could
  upload and load new modules which do anything imaginable.

- added znc-0.066_sles9_configure.patch:
  fix build on sles9

- update to 0.066
  ALL ZNC versions have a privilege escalation bug in webadmin.
  Users with a valid login are able to write arbitrary lines to
  your znc.conf which means they can make themselves admin, load
  the shell module or temporarily overwrite any files znc has
  access to (e.g. ~/.ssh/authorized_keys) via ISpoof. This bug can
  only be abused when ZNC is restarted or rehashed, so check your
  config before you do so!
  This bug is fixed in znc 0.066. Update as soon as possible!
  for all the details see http://en.znc.in/wiki/ChangeLog/0.066
- fix rpmlint warnings
- split out devel package