Version: 1.7.1-2.1
* Wed Jul 18 2018 mpluskal@suse.com
- Update to version 1.7.1:
* Security critical fixes[edit]
+ CVE-2018-14055: non-admin user could gain admin privileges and shell access by injecting values into znc.conf.
+ CVE-2018-14056: path traversal in HTTP handler via ../ in a web skin name.
* Core
+ Fix znc-buildmod to not hardcode the compiler used to build ZNC anymore in CMake build (#1536)
+ Fix language selector. Russian and German were both not selectable.
+ Fix build without SSL support (#1554)
+ Fix several broken strings
+ Stop spamming users about debug mode. This feature was added in 1.7.0, now reverted. (#1541)
* New
+ Add partial Spanish, Indonesian, and Dutch translations
* Modules
+ adminlog: Log the error message again (regression of 1.7.0) (#1557)
+ admindebug: New module, which allows admins to turn on/off --debug in runtime (#1556)
+ flooddetach: Fix description of commands (#1548)
+ modperl: Fix memory leak in NV handling
+ modperl: Fix functions which return VCString (#1543)
+ modpython: Fix functions which return VCString (#1543)
+ webadmin: Fix fancy CTCP replies editor for Firefox. It was showing the plain version even when JS is enabled
* Internal
+ Deprecate one of the overloads of CMessage::GetParams(), rename it to CMessage::GetParamsColon()
+ Don't throw from destructor in the integration test
+ Fix a warning with integration test / gmake / znc-buildmod interaction.
- Drop upstream patches:
* znc-inject2.patch
* znc-inject.patch
* znc-traversal.patch
* Mon Jul 16 2018 mpluskal@suse.com
- Fix boo#1101280 CVE-2018-14056
* znc-traversal.patch
- Fix boo#1101281 CVE-2018-14055
* znc-inject.patch
* znc-inject2.patch
- Fix building on Leap-42* by using less strict linker flags
* Mon Jun 04 2018 tchvatal@suse.com
- Define systemd unitdir for cmake
* Fri Jun 01 2018 mpluskal@suse.com
- Update to version 1.7.0:
* Add CMake build. Minimum supported CMake version is 3.1. For now ZNC can be built with either CMake or autoconf. In future autoconf is going to be removed.
* Currently znc-buildmod requires python if CMake was used; if that's a concern for you, please open a bug.
* Increase minimum GCC version from 4.7 to 4.8. Minimum Clang version stays at 3.2.
* Make ZNC UI translateable to different languages (only with CMake), add partial Russian and German translations. (#1237) (#1354) (#1462)
* If you want to translate ZNC to your language, please join https://crowdin.com/project/znc-bouncer
* Configs written before ZNC 0.206 can't be read anymore (#929)
* Implement IRCv3.2 capabilities away-notify, account-notify, extended-join (#315) (#316)
* Implement IRCv3.2 capabilities echo-message, cap-notify on the "client side" (#950)
* Update capability names as they are named in IRCv3.2: znc.in/server-time-iso→server-time, znc.in/batch→batch. Old names will continue working for a while, then will be removed in some future version.
* Make ZNC request server-time from server when available (#839)
* Increase accepted line length from 1024 to 2048 to give some space to message tags
* Separate buffer size settings for channels and queries (#967)
* Support separate SSLKeyFile and SSLDHParamFile configuration in addition to existing SSLCertFile (#1192)
* Add "AuthOnlyViaModule" global/user setting (#331)
* Added pyeval module
* Added stripcontrols module (#387)
* Add new substitutions to ExpandString: %empty% and %network%. (#1049) (#1139)
* Stop defaulting real name to "Got ZNC?" (#818)
* Make the user aware that debug mode is enabled. (#1446)
* Added ClearAllBuffers command (#852)
* Don't require CSRF token for POSTs if the request uses HTTP Basic auth. (#946)
* Set HttpOnly and SameSite=strict for session cookies (#1077) (#1450)
* Add SNI SSL client support (#1200)
* Add support for CIDR notation in allowed hosts list and in trusted proxy list (#207) (#1219)
* Add network-specific config for cert validation in addition to user-supplied fingerprints: TrustAllCerts, defaults to false, and TrustPKI, defaults to true. (#866)
* Add /attach command for symmetry with /detach. Unlike /join it allows wildcards.
* Timestamp format now supports sub-second precision with %f. Used in awaystore, listsockets, log modules and buffer playback when client doesn't support server-time (#1455)
* Build on macOS using ICU, Python, and OpenSSL from Homebrew, if available (#894)
* Remove --with-openssl=/path option from ./configure. SSL is still supported and is still configurable
- Update dependencies
- Run spec-cleaner
- Use cmake for building
* Wed Mar 07 2018 mpluskal@suse.com
- Update to version 1.6.6:
* Fix use-after-free in znc --makepem. It was broken for a long
time, but started segfaulting only now. This is a useability
fix, not a security fix, because self-signed (or signed by a
CA) certificates can be created without using --makepem, and
then combined into znc.pem.
* Thu Nov 09 2017 jzelazkova@suse.com
- Cleanup of spec file with spec-cleaner
Version: 1.6.0-18.1
* Sun Feb 15 2015 mpluskal@suse.com
- Update to 1.6.0:
* Switch versioning scheme to <major>.<minor>.<patch>. Add settings
* for which SSL/TLS protocols to use (SSLProtocols),
which ciphers to enable (SSLCiphers). By default TLSv1+ are enabled,
SSLv2/3 are disabled. Default ciphers are what Mozilla advices:
https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29
* Validate SSL certificates. Allow clients to specify an ID as part of
* username
(user[@identifier][/network]). Currently not used, but modules can
use it.
* Add alias module for ZNC-side command interception and processing.
* Support character encodings with separate settings for networks,
and for clients. It replaces older charset module, which didn't work
well with webadmin, log and other modules.
* Support X-Forwarded-For HTTP header, used with new TrustedProxy
* setting. Add URIPrefix option for HTTP listeners, used with reverse
* proxy. Store query buffers per query the same way it's done for
* channels,
add new option AutoClearQueryBuffer.
* Add DisableChan command to *status, it was available only in
webadmin before.
* Allow wildcards in arguments of Help commands of *status and
various modules.
* Support IRCv3.2 batches, used for buffer playbacks. Support IRCv3.2
* self-message. Remove awaynick module. It's considered bad etiquette.
* Add JoinDelay setting, which allows a delay between
connection to server, and joining first channel. By default it joins
immediately after connect.
* Make Detach, EnableChan and DisableChan commands of *status
accept multiple channels.
* znc-buildmod: Build output to the current working directory. Wrap
* long lines in tables (e.g. in Help or
ListAvailMods commands).
* Support ECDHE if available in OpenSSL. Report ZNC version more
* consistently, add HideVersion
setting, which hides ZNC version from public.
* Bump compiler requirements to support C++11. This means
GCC 4.7+, Clang 3.2+, SWIG 3.0.0+.
- Drop support for old distributions since they lack support for
C++11
- Drop package extra, all modules are now in znc
- Disable colloquy plugin since it fails to build
- Drop init script
* Mon Feb 09 2015 mpluskal@suse.com
- Rename znc-python to znc-python3
- Add signature and znc.keyring
- Reorder source names
- Correct (pre) dependencies for older releases of openSUSE
* Tue Sep 30 2014 mpluskal@suse.com
- Use proper licence
- Some tiny spec file cleanups
* Mon Sep 29 2014 mpluskal@suse.com
- Tighter dependency for perl
- Cleanup specfile
* Mon Sep 29 2014 mpluskal@suse.com
- Update to new version (1.4)
- Split to more packages
- Enable perl, python and tcl modules
- Remove obsolete modules
- Spec file cleanup
* Sat Jan 05 2013 joey.yuzheng@gmail.com
- add cap_sasl to support sasl which is needed for cloak usage.
http://wiki.znc.in/Cap_sasl
* Mon Sep 17 2012 suse@ammler.ch
- update to 0.206 (bugfix release)
- Identfile: don't crash when ZNC is shutting down.
- CTCPReplies setting with empty value now blocks those CTCP
requests to the client.
- Show more sane error messages instead of "Error: Success".
- Imapauth: Follow RFC more closely.
- "No" is a false value too.
* Wed Jan 25 2012 suse@ammler.ch
- update to 0.204 (CVE-2012-0033)
* Fix a crash in bouncedcc module with DCC RESUME.
* Fix modperl compilation.
* Don't use mkdir during install.
* Check for the swig2.0 binary too, instead of only swig.
* Sun Sep 25 2011 suse@ammler.ch
- update to 0.202 (bugfix release)
* Fix a crash when a user changes the buffer size of a channel.
* Wed Sep 14 2011 suse@ammler.ch
- update to 0.200
- Move ident spoofing from ZNC core into new identfile module.
- Move dcc handling from ZNC core into new modules bouncedcc and dcc.
- Remove the obsolete fixfreenode module.
- New module: cert
- Move away into ZNC-Extra.
- remove remote services, just use it local
* Thu Mar 31 2011 ammler@openttdcoop.org
- update to 0.098
- new module: modpython (not enabled in this package)
- webinterface for modules perform and listsockets
- admin can disconnect/reconnect other users
- user modules:
- colloquy (Push private messages and highlights to
your iPhone/iPod Touch via Colloquy Mobile.)
- update twitter (ssl and new api support)
* Mon Nov 08 2010 ammler@openttdcoop.org
- update to 0.096
- new modules: clearbufferonmsg, certauth
- new global setting: MaxBufferSize
- new config option: SSLCertFile
- module route_replies now also supports routing channel ban
lists, ban exemptions and invite exceptions
- big perl overhaul (not part of this package)
* Tue Jul 06 2010 anschneider@exsuse.de
- updated twitter module
* Mon Jul 05 2010 ammler@openttdcoop.org
- update to 0.092
- Webmods - Every module can now provide its own webpages.
- Webmods and thus webadmin now use cookies for managing
sessions instead of HTTP authentication.
- ZNC can now listen on IPv4-only, IPv6-only or on both-IP
sockets. Renamed "Listen" config option to "Listener".
- Added AddPort, DelPort, ListPorts command to *status.
- Added a traffic info page to webadmin.
* Fri Feb 19 2010 ammler@openttdcoop.org
- update to 0.080
New Webadmin default skin with UTF-8 support
* Tue Dec 29 2009 anschneider@exsuse.de
- added twitter module
* Mon Dec 28 2009 anschneider@exsuse.de
- update to 0.078
Fixed a possible crash if a client disconnected before an auth
module was able to verify the login.
* Fri Jul 24 2009 mrueckert@suse.de
- update to 0.074
ALL ZNC versions prior to 0.072 have a path traversal bug in
core. Users with a valid login are able to write files to all
places to which ZNC has write access. This means they could
upload and load new modules which do anything imaginable.
* Wed Feb 25 2009 mrueckert@suse.de
- added znc-0.066_sles9_configure.patch:
fix build on sles9
* Tue Feb 24 2009 mrueckert@suse.de
- update to 0.066
ALL ZNC versions have a privilege escalation bug in webadmin.
Users with a valid login are able to write arbitrary lines to
your znc.conf which means they can make themselves admin, load
the shell module or temporarily overwrite any files znc has
access to (e.g. ~/.ssh/authorized_keys) via ISpoof. This bug can
only be abused when ZNC is restarted or rehashed, so check your
config before you do so!
This bug is fixed in znc 0.066. Update as soon as possible!
for all the details see http://en.znc.in/wiki/ChangeLog/0.066
- fix rpmlint warnings
- split out devel package