To create new wiki account, please join us on #znc at Libera.Chat and ask admins to create a wiki account for you. You can say thanks to spambots for this inconvenience.
ChangeLog/1.4: Difference between revisions
Jump to navigation
Jump to search
DarthGandalf (talk | contribs) |
DarthGandalf (talk | contribs) No edit summary |
||
(4 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
This release is done to fix a denial of service attack through webadmin. After authentication, users can crash | {{ChangeLog}} | ||
This release is done to fix a denial of service attack through webadmin. After authentication, users can crash ZNC through a use-after-delete. | |||
Additionally, a number of fixes and nice, low-risk additions from our development branch is included. | Additionally, a number of fixes and nice, low-risk additions from our development branch is included. | ||
Line 5: | Line 7: | ||
== New == | == New == | ||
* Warn people that making | * Reduce users' confusion during --makeconf. | ||
* Warn people that making ZNC listen on port 6667 might cause problems with some web browsers. | |||
* Always generate a SSL certificate during --makeconf. | * Always generate a SSL certificate during --makeconf. | ||
* Stop asking for a bind host / listen host in --makeconf. People who don't want wildcard binds can configure this later. | |||
* Don't create ~/.znc/modules if it doesn't exist yet. | * Don't create ~/.znc/modules if it doesn't exist yet. | ||
== Fixes == | == Fixes == | ||
* Fix a use-after-delete in webadmin. {{CVE|2014-9403}} | |||
* Honor the BindHost whitelist when configuring BindHosts in controlpanel module. | |||
* Ignore trailing whitespace in <code>/znc jump</code> arguments. | * Ignore trailing whitespace in <code>/znc jump</code> arguments. | ||
* Change formatting of startup messages so that we never overwrite part of a message when printing the result of an action. | * Change formatting of startup messages so that we never overwrite part of a message when printing the result of an action. | ||
Line 16: | Line 21: | ||
* Send the correct error for invalid CAP subcommands. | * Send the correct error for invalid CAP subcommands. | ||
* Make sure znc-buildmod includes zncconfig.h at the beginning of module code. | * Make sure znc-buildmod includes zncconfig.h at the beginning of module code. | ||
== Modules == | == Modules == | ||
* Make awaystore automatically call the Ping command when the Back command is used. | * Make awaystore automatically call the Ping command when the Back command is used. | ||
* Add SSL information and port number to servers in webadmin. | * Add SSL information and port number to servers in network list in webadmin. | ||
* Disable password autocompletion when editing users in webadmin. | |||
* Make nickserv module work on StarChat.net and ircline.org. | * Make nickserv module work on StarChat.net and ircline.org. | ||
* Remove accidental timeout for run commands in shell module. | * Remove accidental timeout for run commands in shell module. | ||
* certauth now uses a case insensitive | * certauth now uses a case insensitive comparison on hexadecimal fingerprints. | ||
=== controlpanel === | === controlpanel === | ||
Line 38: | Line 42: | ||
== Internal == | == Internal == | ||
* Don't redefine _FORTIFY_SOURCE if compiler already defines it. | |||
* Cache list of available timezones instead of re-reading it whenever it is needed. | * Cache list of available timezones instead of re-reading it whenever it is needed. | ||
* Improve const-correctness. | * Improve const-correctness. | ||
* Fix various low-priority compiler warnings. | * Fix various low-priority compiler warnings. | ||
* Change in-memory storage format for ServerThrottle. | |||
* Use native API on Win32 to replace a file with another file. | * Use native API on Win32 to replace a file with another file. | ||
* Add src/version.cpp to .gitignore. | * Add src/version.cpp to .gitignore. | ||
Latest revision as of 09:56, 2 April 2017
← 1.2 | ZNC 1.4 | 1.6.0 → |
This is an old ZNC version. If you still use it, please consider upgrading to 1.9.1. |
This release is done to fix a denial of service attack through webadmin. After authentication, users can crash ZNC through a use-after-delete.
Additionally, a number of fixes and nice, low-risk additions from our development branch is included.
In detail, these are:
New
- Reduce users' confusion during --makeconf.
- Warn people that making ZNC listen on port 6667 might cause problems with some web browsers.
- Always generate a SSL certificate during --makeconf.
- Stop asking for a bind host / listen host in --makeconf. People who don't want wildcard binds can configure this later.
- Don't create ~/.znc/modules if it doesn't exist yet.
Fixes
- Fix a use-after-delete in webadmin. CVE-2014-9403
- Honor the BindHost whitelist when configuring BindHosts in controlpanel module.
- Ignore trailing whitespace in
/znc jump
arguments. - Change formatting of startup messages so that we never overwrite part of a message when printing the result of an action.
- Fix configure on non-bash shells.
- Send the correct error for invalid CAP subcommands.
- Make sure znc-buildmod includes zncconfig.h at the beginning of module code.
Modules
- Make awaystore automatically call the Ping command when the Back command is used.
- Add SSL information and port number to servers in network list in webadmin.
- Disable password autocompletion when editing users in webadmin.
- Make nickserv module work on StarChat.net and ircline.org.
- Remove accidental timeout for run commands in shell module.
- certauth now uses a case insensitive comparison on hexadecimal fingerprints.
controlpanel
- Correct double output.
- Add support for the MaxNetworks global setting.
- Add support for the BindHost per-network setting.
modperl and modpython
- Make
OnAddNetwork
andOnDeleteNetwork
module hooks work. - Don't create .pyc files during compilation.
- Fix modperl on MacOS X. Twice.
- Require at least SWIG 2.0.12 on MacOS X.
Internal
- Don't redefine _FORTIFY_SOURCE if compiler already defines it.
- Cache list of available timezones instead of re-reading it whenever it is needed.
- Improve const-correctness.
- Fix various low-priority compiler warnings.
- Change in-memory storage format for ServerThrottle.
- Use native API on Win32 to replace a file with another file.
- Add src/version.cpp to .gitignore.