]>
jfr.im git - solanum.git/log
William Pitcock [Thu, 10 Dec 2015 07:33:30 +0000 (01:33 -0600)]
extban: implement helper functions for stackable extbans (part 1) (ref #74)
William Pitcock [Thu, 10 Dec 2015 07:00:32 +0000 (01:00 -0600)]
override: only engage override code if we're needing to authorize a WRITE to a channel's state (closes #65)
William Pitcock [Tue, 8 Dec 2015 20:26:26 +0000 (14:26 -0600)]
ssld: update for protocol changes
William Pitcock [Mon, 7 Dec 2015 07:52:16 +0000 (01:52 -0600)]
update NEWS to note that CertFP methods are now configurable
William Pitcock [Mon, 7 Dec 2015 07:49:30 +0000 (01:49 -0600)]
allow certfp method to be configured
William Pitcock [Mon, 7 Dec 2015 07:21:26 +0000 (01:21 -0600)]
ssld: we only will continue supporting one fingerprint method at a time
William Pitcock [Mon, 7 Dec 2015 07:15:00 +0000 (01:15 -0600)]
Merge branch 'master' of github.com:atheme/charybdis
Elizabeth Myers [Wed, 27 May 2015 21:46:46 +0000 (16:46 -0500)]
Add ability to change CertFP hash.
Presently this only supports SHA1, as the machinery to actually change
the cipher is not hooked up to anything yet.
Elizabeth Myers [Wed, 27 May 2015 21:46:46 +0000 (16:46 -0500)]
Add ability to change CertFP hash.
Presently this only supports SHA1, as the machinery to actually change
the cipher is not hooked up to anything yet.
William Pitcock [Sat, 5 Dec 2015 13:18:35 +0000 (07:18 -0600)]
update copyright on NEWS (haha)
William Pitcock [Sat, 5 Dec 2015 13:09:52 +0000 (07:09 -0600)]
update README
William Pitcock [Sat, 5 Dec 2015 13:07:01 +0000 (07:07 -0600)]
update NEWS a little more
William Pitcock [Sat, 5 Dec 2015 12:48:38 +0000 (06:48 -0600)]
m_message: use same behaviour for +R users as +g users (closes #96)
William Pitcock [Sat, 5 Dec 2015 12:37:04 +0000 (06:37 -0600)]
mbedtls: implement rb_get_ssl_certfp()
William Pitcock [Sat, 5 Dec 2015 04:53:04 +0000 (22:53 -0600)]
newconf: TLS listener ports should always be defer_accept
TLS clients are required to send ClientHello upon connection, the server may not reply with ServerHello until this has happened
William Pitcock [Sat, 5 Dec 2015 04:42:10 +0000 (22:42 -0600)]
mbedtls: use server certificate for client mode too
William Pitcock [Sat, 5 Dec 2015 04:41:02 +0000 (22:41 -0600)]
mbedtls: make client mode work too
William Pitcock [Fri, 4 Dec 2015 06:01:40 +0000 (00:01 -0600)]
libratbox: fix up mbedtls backend
William Pitcock [Fri, 4 Dec 2015 04:38:54 +0000 (22:38 -0600)]
libratbox: gnutls: we want to pass F, not F->fd to rb_listen()
William Pitcock [Fri, 4 Dec 2015 04:32:33 +0000 (22:32 -0600)]
libratbox: initial cut at an mbedtls implementation, which will replace openssl and gnutls backends in charybdis 3.6
notably, it presently is lacking CertFP support, but everything else is implemented
William Pitcock [Fri, 4 Dec 2015 00:37:32 +0000 (18:37 -0600)]
libratbox: prepare build system for mbed tls backend
William Pitcock [Fri, 20 Nov 2015 05:10:36 +0000 (23:10 -0600)]
Revert "supported: remove TARGMAX, nothing really uses it, and the information conveyed is useless anyway"
This reverts commit
ff2f68e617bb5bcaddfdaa5e4e29348a95d147ff .
William Pitcock [Fri, 20 Nov 2015 04:53:55 +0000 (22:53 -0600)]
cap: implement ircv3.2 chghost cap
William Pitcock [Fri, 20 Nov 2015 04:43:45 +0000 (22:43 -0600)]
send: add negation argument to sendto_common_channels_local() and friends
William Pitcock [Thu, 19 Nov 2015 23:13:04 +0000 (17:13 -0600)]
parse: handle_encap(): remove parv[0] initialization, anything using parv[0] should crash the ircd
William Pitcock [Thu, 19 Nov 2015 23:12:07 +0000 (17:12 -0600)]
modules/m_resv: update comments since parv[0] is not used anymore
William Pitcock [Mon, 16 Nov 2015 21:01:57 +0000 (15:01 -0600)]
supported: remove TARGMAX, nothing really uses it, and the information conveyed is useless anyway
Jilles Tjoelker [Sat, 14 Nov 2015 23:20:14 +0000 (00:20 +0100)]
monitor: Show 005 entry only if m_monitor.so is actually loaded.
This only affects the MONITOR=<max> entry, not TARGMAX=...,MONITOR:
which is harder to modify from a module.
Aaron Jones [Sun, 25 Oct 2015 15:59:16 +0000 (15:59 +0000)]
[libratbox] Remove an unused random function
Nothing in the Charybdis or libratbox code calls rb_get_pseudo_random
and under OpenSSL it uses RAND_pseudo_bytes() which is both dangerous
and removed in OpenSSL version 1.1.0.
Aaron Jones [Fri, 23 Oct 2015 16:08:15 +0000 (16:08 +0000)]
Improve the versions of TLS used for server to server linking
When building against current OpenSSL (<= 1.0.2) or old LibreSSL
(< 2.2.2) the server will use TLSv1.0 only when connecting to other
servers.
This patch corrects that.
Aaron Jones [Fri, 23 Oct 2015 16:05:33 +0000 (16:05 +0000)]
Use new TLS method APIs with new LibreSSL
OpenBSD 5.8 includes LibreSSL 2.2.2, which finally brings the API up to
what they claim it is by implementing the new TLS client and server
method APIs. Therefore, in furtherance of commits
a4c8c827 and
1a4e224a
we can build with the new APIs if building against (real) OpenSSL 1.1.0
or LibreSSL 2.2.2.
Reported-by: Juuso Lapinlampi <redacted>
William Pitcock [Thu, 15 Oct 2015 23:05:38 +0000 (18:05 -0500)]
Merge pull request #106 from awilfox/master
Fix MONITOR C
Andrew Wilcox [Thu, 15 Oct 2015 22:13:49 +0000 (17:13 -0500)]
monitor: don't use already-freed pointer, unlike the moronic atheme developers
Andrew Wilcox [Thu, 15 Oct 2015 22:12:11 +0000 (17:12 -0500)]
Revert "remove MONITOR for now pending a complete rewrite"
This reverts commit
87fa262fec3149bff8daf9552b9df7f38a973890 .
William Pitcock [Thu, 15 Oct 2015 14:39:48 +0000 (09:39 -0500)]
remove MONITOR for now pending a complete rewrite
William Pitcock [Mon, 12 Oct 2015 00:32:31 +0000 (19:32 -0500)]
monitor: additional cleanup pointed out by mr_flea
William Pitcock [Mon, 12 Oct 2015 00:11:01 +0000 (19:11 -0500)]
monitor: additional cleanups, and add a missing free_monitor() in m_monitor
William Pitcock [Sun, 11 Oct 2015 23:48:53 +0000 (18:48 -0500)]
monitor: fix the resource leak properly, unlike the moronic elemental-ircd developers
Jilles Tjoelker [Thu, 1 Oct 2015 20:54:29 +0000 (22:54 +0200)]
Fix build on glibc (no strlcpy).
Jilles Tjoelker [Sun, 20 Sep 2015 13:20:05 +0000 (15:20 +0200)]
Use new info when sending away-notify after QJM.
Jilles Tjoelker [Fri, 22 May 2015 19:42:36 +0000 (21:42 +0200)]
s_conf: Split out a function.
Jilles Tjoelker [Fri, 22 May 2015 19:42:10 +0000 (21:42 +0200)]
kqueue: Remove unnecessary cast.
Jilles Tjoelker [Thu, 5 Mar 2015 23:41:51 +0000 (00:41 +0100)]
Remove the unneeded username parameter to register_local_user().
Jilles Tjoelker [Sun, 13 Sep 2015 20:56:14 +0000 (22:56 +0200)]
Check CIDR ban IP address for validity.
Otherwise, we compare to uninitialized stack data. This is wrong but seems
harmless.
Closes #103
William Pitcock [Sat, 8 Aug 2015 22:41:32 +0000 (18:41 -0400)]
Merge pull request #101 from Elizafox/master
Relocate report_Klines to proper home
Elizabeth Myers [Sat, 8 Aug 2015 22:25:29 +0000 (17:25 -0500)]
Relocate report_Klines to proper home
This function is not used anywhere else but m_stats, so should be put
there.
Mantas Mikulėnas [Tue, 14 Jul 2015 09:50:37 +0000 (12:50 +0300)]
Merge pull request #100 from Mkaysi/readme
Update NEWS & README.md
Mikaela Suomalainen [Tue, 14 Jul 2015 09:40:24 +0000 (12:40 +0300)]
Update NEWS & README.md
* Point to irc.freenode.net instead of irc.atheme.org. I know that it's
CNAME to chat, but I think it's preferable to use the irc. subdomain
to make it clear that it's IRC.
* Point to GitHub issue tracker instead of bugs-meta.atheme.org that
doesn't exist
* Remove mentioning of BUGS file and change README.FIRST to README.md as
the first doesn't exist and I think they are the same file.
William Pitcock [Mon, 6 Jul 2015 22:13:50 +0000 (17:13 -0500)]
Merge pull request #95 from jailbird777/master
Spring cleaning redux
William Pitcock [Mon, 6 Jul 2015 22:13:12 +0000 (17:13 -0500)]
Merge pull request #89 from prgmrbill/add-channel-mode-s-help-cmode
Adds extension channel modes to help/opers/cmode
Aaron Jones [Thu, 25 Jun 2015 13:57:07 +0000 (13:57 +0000)]
LibreSSL have far advanced OPENSSL_VERSION_NUMBER beyond the
feature set they support (2.0 even!), deliberately breaking
backward compatibility. Therefore, in order to fix a regression
introduced by commit
a4c8c827 with regard to LibreSSL's stupidity,
unconditionally use the old TLS API if building against LibreSSL.
Aaron Jones [Wed, 20 May 2015 16:41:34 +0000 (16:41 +0000)]
libratbox/openssl: Set explicit cipher list for the client context aswell
This is in furtherance of commits
9799bea4 and
1f384464 and addresses
any potential vulnerability to LogJam <https://weakdh.org/>
Aaron Jones [Wed, 20 May 2015 10:39:04 +0000 (10:39 +0000)]
Fix regression introduced by previous commit
I really shouldn't copy and paste code.
Aaron Jones [Wed, 20 May 2015 02:27:59 +0000 (02:27 +0000)]
Tidy up OpenSSL options code, support new version-agnostic client and server APIs
Jail Bird [Mon, 20 Apr 2015 05:55:20 +0000 (00:55 -0500)]
Spring cleaning redux:
- Implemented changes suggested by Jilles
- Remove some unused parameters in functions
- Remove some unused ssl procs
- 63-bit time_t support in TS deltas
- const char * vs char * cleanup
- struct alignment (void *) casts
- signed vs unsigned fixes
- bad memset() call
- Bad LT_MAIN in libratbox
- char -> unsigned char casts for isdigit/isspace/etc calls
Thanks Jilles!
Aaron Jones [Fri, 27 Mar 2015 23:04:39 +0000 (23:04 +0000)]
Misc code cleanups
* src/packet.c: Remove a dead store
* src/res.c: Remove a dead store
* src/sslproc.c: Remove a dead store
* src/sslproc.c: Don't call the same accessor twice
These silence some fairly harmless compiler warnings
Aaron Jones [Sun, 13 Jul 2014 00:00:00 +0000 (00:00 +0000)]
INFO: Be easier on human eyes
Aaron Jones [Sun, 13 Jul 2014 00:00:00 +0000 (00:00 +0000)]
Remove network_desc configuration option, never actually used anywhere
William Pitcock [Tue, 24 Mar 2015 17:31:24 +0000 (12:31 -0500)]
Merge pull request #92 from aaronmdjones/master
Use accessor function for certificate fingerprint, allow fingerprint generation for chained unknown roots
Aaron Jones [Tue, 24 Mar 2015 05:25:38 +0000 (05:25 +0000)]
Generate fingerprints for chained certificates with an unknown root
Aaron Jones [Tue, 24 Mar 2015 05:22:25 +0000 (05:22 +0000)]
Use X509_digest() instead of memcpy() to obtain cert fingerprint
This will continue to work even if the OpenSSL developers make the
X509* structure opaque, the current approach will not.
William Pitcock [Mon, 23 Mar 2015 02:08:05 +0000 (21:08 -0500)]
cap: missed a spot on =sticky caps removal
William Pitcock [Sun, 22 Mar 2015 21:41:47 +0000 (16:41 -0500)]
ircd manpage: remove references to ircd.conf(5) (closes #91)
William Pitcock [Sun, 22 Mar 2015 21:36:04 +0000 (16:36 -0500)]
Merge pull request #90 from aaronmdjones/master
Update ciphersuite string to prohibit RC4
Aaron Jones [Sun, 22 Mar 2015 06:14:39 +0000 (06:14 +0000)]
Update ciphersuite string to prohibit RC4
This is in accordance with RFC 7465
<https://tools.ietf.org/html/rfc7465>
Also correct the key exchange mechanism strings; these should be
prefixed with 'k'.
PrgmrBill [Tue, 17 Mar 2015 20:39:25 +0000 (16:39 -0400)]
Updates format to match help/users/umode
Instead of adding a new section I made it look like the example from help/users/umode.
PrgmrBill [Tue, 17 Mar 2015 19:19:14 +0000 (15:19 -0400)]
Adds a new section for extension channel modes
Adds new section - "FROM EXTENSIONS". These channel modes may not be available if the related extension is not loaded.
PrgmrBill [Tue, 17 Mar 2015 19:06:56 +0000 (15:06 -0400)]
Wraps long lines + adds TLS
- Fixes long line by wrapping
- Adds TLS as charybdis now has SSL_OP_NO_SSLv3
PrgmrBill [Tue, 17 Mar 2015 18:57:55 +0000 (14:57 -0400)]
Adds SSL only channel mode
Adds +S channel mode - Only users connected via SSL may join the channel while this mode is set. Users already in the channel are not affected.
William Pitcock [Tue, 10 Mar 2015 13:21:46 +0000 (08:21 -0500)]
cap: sasl is now enforced as sticky again
William Pitcock [Tue, 10 Mar 2015 13:20:03 +0000 (08:20 -0500)]
cap: chase ircv3.2 interpretation of sticky/ack-required caps (basically dropping support other than serverside enforcement of stickyness)
change request @ ircv3/ircv3-specifications#122
William Pitcock [Mon, 9 Mar 2015 00:22:49 +0000 (19:22 -0500)]
Merge pull request #86 from rnjohnson18/patch-1
Change example.conf to ircd.conf.example
rnjohnson18 [Mon, 9 Mar 2015 00:16:36 +0000 (19:16 -0500)]
Change example.conf to ircd.conf.example
William Pitcock [Sun, 8 Mar 2015 20:26:31 +0000 (15:26 -0500)]
charybdis 3.5.0 rc1.
Mantas Mikulėnas [Fri, 6 Mar 2015 15:19:16 +0000 (17:19 +0200)]
sasl: reformat the other messages consistently
Mantas Mikulėnas [Fri, 6 Mar 2015 15:18:54 +0000 (17:18 +0200)]
sasl: adjust 'H' message following commit
7d33cce8efb
Jilles Tjoelker [Sun, 1 Mar 2015 22:46:20 +0000 (23:46 +0100)]
Fix some compiler warnings about signed/unsigned comparison.
Jilles Tjoelker [Sun, 1 Mar 2015 15:12:12 +0000 (16:12 +0100)]
conf: Correct message when serverinfo::nicklen is set too low (<9).
Jilles Tjoelker [Sun, 1 Mar 2015 14:00:52 +0000 (15:00 +0100)]
cap-notify: Fix possible crash on 64-bit systems.
find_named_client() was called without a prototype and therefore the
pointer could be truncated.
Jilles Tjoelker [Sun, 1 Mar 2015 13:53:40 +0000 (14:53 +0100)]
send: sendto_local_clients_with_capability() needn't use serial
sendto_local_clients_with_capability() sends to a subset of the list of
local clients and cannot visit the same client multiple times like
sendto_channel_flags() and sendto_common_channels_local() can.
Max Teufel [Sun, 1 Mar 2015 08:59:27 +0000 (09:59 +0100)]
m_cap: do not allow sasl CAP when the agent is offline
William Pitcock [Sun, 1 Mar 2015 07:09:34 +0000 (01:09 -0600)]
charybdis 3.5.0-test1.
William Pitcock [Sun, 1 Mar 2015 07:06:58 +0000 (01:06 -0600)]
config: further EGD removal
William Pitcock [Sun, 1 Mar 2015 07:05:14 +0000 (01:05 -0600)]
libratbox: remove RB_PRNG_EGD in its entirety (closes #85)
William Pitcock [Sun, 1 Mar 2015 06:58:40 +0000 (00:58 -0600)]
cap-notify: implement cap-notify for sasl service (closes #84)
William Pitcock [Sun, 1 Mar 2015 06:44:34 +0000 (00:44 -0600)]
cap-notify: add sendto_local_clients_with_capability() (ref #84)
William Pitcock [Sun, 1 Mar 2015 06:26:23 +0000 (00:26 -0600)]
cap-notify: add cap-notify cap
William Pitcock [Sun, 1 Mar 2015 06:22:50 +0000 (00:22 -0600)]
sasl: making the sasl capability actually sticky seems incompatible with broken implementations, so we make it just a formality instead.
William Pitcock [Sun, 1 Mar 2015 06:01:24 +0000 (00:01 -0600)]
sasl: fix null deref on remote client exit
William Pitcock [Sat, 28 Feb 2015 07:12:25 +0000 (01:12 -0600)]
sasl: ircv3 wg decided sasl capability should be sticky (ref ircv3/ircv3-specifications#103)
Max Teufel [Sat, 28 Feb 2015 07:06:38 +0000 (01:06 -0600)]
src/channel: add support for IRCv3.2 userhost-in-names
William Pitcock [Sat, 28 Feb 2015 07:01:08 +0000 (01:01 -0600)]
cap: remove SASL_REAUTH capability
William Pitcock [Sat, 28 Feb 2015 06:48:43 +0000 (00:48 -0600)]
sasl: allow reauth without sasl-reauth capability (since it's being dropped)
William Pitcock [Wed, 25 Feb 2015 02:32:08 +0000 (20:32 -0600)]
move README to markdown.
William Pitcock [Wed, 25 Feb 2015 02:25:34 +0000 (20:25 -0600)]
remove references to LIBPATH (closes #26).
William Pitcock [Wed, 18 Feb 2015 18:35:34 +0000 (12:35 -0600)]
ircd.conf.example: explain DH parameters size better (closes #68)
William Pitcock [Wed, 18 Feb 2015 18:29:57 +0000 (12:29 -0600)]
Merge pull request #82 from grawity/sasl-send-conn-info
m_sasl: send information about the client connection
William Pitcock [Mon, 16 Feb 2015 23:50:51 +0000 (17:50 -0600)]
Revert "m_invite: add support for CAP invite-notify"
This reverts commit
93eb76cc323f9b1219c86ac9b360e00ea215388f .
William Pitcock [Mon, 16 Feb 2015 23:40:25 +0000 (17:40 -0600)]
libratbox/gnutls: call gnutls_rnd_refresh() to ensure our PRNG is initialized
William Pitcock [Mon, 16 Feb 2015 21:57:14 +0000 (15:57 -0600)]
rebuild configure