]>
jfr.im git - solanum.git/log
William Pitcock [Thu, 15 Oct 2015 14:39:48 +0000 (09:39 -0500)]
remove MONITOR for now pending a complete rewrite
William Pitcock [Mon, 12 Oct 2015 00:32:31 +0000 (19:32 -0500)]
monitor: additional cleanup pointed out by mr_flea
William Pitcock [Mon, 12 Oct 2015 00:11:01 +0000 (19:11 -0500)]
monitor: additional cleanups, and add a missing free_monitor() in m_monitor
William Pitcock [Sun, 11 Oct 2015 23:48:53 +0000 (18:48 -0500)]
monitor: fix the resource leak properly, unlike the moronic elemental-ircd developers
Jilles Tjoelker [Thu, 1 Oct 2015 20:54:29 +0000 (22:54 +0200)]
Fix build on glibc (no strlcpy).
Jilles Tjoelker [Sun, 20 Sep 2015 13:20:05 +0000 (15:20 +0200)]
Use new info when sending away-notify after QJM.
Jilles Tjoelker [Fri, 22 May 2015 19:42:36 +0000 (21:42 +0200)]
s_conf: Split out a function.
Jilles Tjoelker [Fri, 22 May 2015 19:42:10 +0000 (21:42 +0200)]
kqueue: Remove unnecessary cast.
Jilles Tjoelker [Thu, 5 Mar 2015 23:41:51 +0000 (00:41 +0100)]
Remove the unneeded username parameter to register_local_user().
Jilles Tjoelker [Sun, 13 Sep 2015 20:56:14 +0000 (22:56 +0200)]
Check CIDR ban IP address for validity.
Otherwise, we compare to uninitialized stack data. This is wrong but seems
harmless.
Closes #103
William Pitcock [Sat, 8 Aug 2015 22:41:32 +0000 (18:41 -0400)]
Merge pull request #101 from Elizafox/master
Relocate report_Klines to proper home
Elizabeth Myers [Sat, 8 Aug 2015 22:25:29 +0000 (17:25 -0500)]
Relocate report_Klines to proper home
This function is not used anywhere else but m_stats, so should be put
there.
Mantas Mikulėnas [Tue, 14 Jul 2015 09:50:37 +0000 (12:50 +0300)]
Merge pull request #100 from Mkaysi/readme
Update NEWS & README.md
Mikaela Suomalainen [Tue, 14 Jul 2015 09:40:24 +0000 (12:40 +0300)]
Update NEWS & README.md
* Point to irc.freenode.net instead of irc.atheme.org. I know that it's
CNAME to chat, but I think it's preferable to use the irc. subdomain
to make it clear that it's IRC.
* Point to GitHub issue tracker instead of bugs-meta.atheme.org that
doesn't exist
* Remove mentioning of BUGS file and change README.FIRST to README.md as
the first doesn't exist and I think they are the same file.
William Pitcock [Mon, 6 Jul 2015 22:13:50 +0000 (17:13 -0500)]
Merge pull request #95 from jailbird777/master
Spring cleaning redux
William Pitcock [Mon, 6 Jul 2015 22:13:12 +0000 (17:13 -0500)]
Merge pull request #89 from prgmrbill/add-channel-mode-s-help-cmode
Adds extension channel modes to help/opers/cmode
Aaron Jones [Thu, 25 Jun 2015 13:57:07 +0000 (13:57 +0000)]
LibreSSL have far advanced OPENSSL_VERSION_NUMBER beyond the
feature set they support (2.0 even!), deliberately breaking
backward compatibility. Therefore, in order to fix a regression
introduced by commit
a4c8c827 with regard to LibreSSL's stupidity,
unconditionally use the old TLS API if building against LibreSSL.
Aaron Jones [Wed, 20 May 2015 16:41:34 +0000 (16:41 +0000)]
libratbox/openssl: Set explicit cipher list for the client context aswell
This is in furtherance of commits
9799bea4 and
1f384464 and addresses
any potential vulnerability to LogJam <https://weakdh.org/>
Aaron Jones [Wed, 20 May 2015 10:39:04 +0000 (10:39 +0000)]
Fix regression introduced by previous commit
I really shouldn't copy and paste code.
Aaron Jones [Wed, 20 May 2015 02:27:59 +0000 (02:27 +0000)]
Tidy up OpenSSL options code, support new version-agnostic client and server APIs
Jail Bird [Mon, 20 Apr 2015 05:55:20 +0000 (00:55 -0500)]
Spring cleaning redux:
- Implemented changes suggested by Jilles
- Remove some unused parameters in functions
- Remove some unused ssl procs
- 63-bit time_t support in TS deltas
- const char * vs char * cleanup
- struct alignment (void *) casts
- signed vs unsigned fixes
- bad memset() call
- Bad LT_MAIN in libratbox
- char -> unsigned char casts for isdigit/isspace/etc calls
Thanks Jilles!
Aaron Jones [Fri, 27 Mar 2015 23:04:39 +0000 (23:04 +0000)]
Misc code cleanups
* src/packet.c: Remove a dead store
* src/res.c: Remove a dead store
* src/sslproc.c: Remove a dead store
* src/sslproc.c: Don't call the same accessor twice
These silence some fairly harmless compiler warnings
Aaron Jones [Sun, 13 Jul 2014 00:00:00 +0000 (00:00 +0000)]
INFO: Be easier on human eyes
Aaron Jones [Sun, 13 Jul 2014 00:00:00 +0000 (00:00 +0000)]
Remove network_desc configuration option, never actually used anywhere
William Pitcock [Tue, 24 Mar 2015 17:31:24 +0000 (12:31 -0500)]
Merge pull request #92 from aaronmdjones/master
Use accessor function for certificate fingerprint, allow fingerprint generation for chained unknown roots
Aaron Jones [Tue, 24 Mar 2015 05:25:38 +0000 (05:25 +0000)]
Generate fingerprints for chained certificates with an unknown root
Aaron Jones [Tue, 24 Mar 2015 05:22:25 +0000 (05:22 +0000)]
Use X509_digest() instead of memcpy() to obtain cert fingerprint
This will continue to work even if the OpenSSL developers make the
X509* structure opaque, the current approach will not.
William Pitcock [Mon, 23 Mar 2015 02:08:05 +0000 (21:08 -0500)]
cap: missed a spot on =sticky caps removal
William Pitcock [Sun, 22 Mar 2015 21:41:47 +0000 (16:41 -0500)]
ircd manpage: remove references to ircd.conf(5) (closes #91)
William Pitcock [Sun, 22 Mar 2015 21:36:04 +0000 (16:36 -0500)]
Merge pull request #90 from aaronmdjones/master
Update ciphersuite string to prohibit RC4
Aaron Jones [Sun, 22 Mar 2015 06:14:39 +0000 (06:14 +0000)]
Update ciphersuite string to prohibit RC4
This is in accordance with RFC 7465
<https://tools.ietf.org/html/rfc7465>
Also correct the key exchange mechanism strings; these should be
prefixed with 'k'.
PrgmrBill [Tue, 17 Mar 2015 20:39:25 +0000 (16:39 -0400)]
Updates format to match help/users/umode
Instead of adding a new section I made it look like the example from help/users/umode.
PrgmrBill [Tue, 17 Mar 2015 19:19:14 +0000 (15:19 -0400)]
Adds a new section for extension channel modes
Adds new section - "FROM EXTENSIONS". These channel modes may not be available if the related extension is not loaded.
PrgmrBill [Tue, 17 Mar 2015 19:06:56 +0000 (15:06 -0400)]
Wraps long lines + adds TLS
- Fixes long line by wrapping
- Adds TLS as charybdis now has SSL_OP_NO_SSLv3
PrgmrBill [Tue, 17 Mar 2015 18:57:55 +0000 (14:57 -0400)]
Adds SSL only channel mode
Adds +S channel mode - Only users connected via SSL may join the channel while this mode is set. Users already in the channel are not affected.
William Pitcock [Tue, 10 Mar 2015 13:21:46 +0000 (08:21 -0500)]
cap: sasl is now enforced as sticky again
William Pitcock [Tue, 10 Mar 2015 13:20:03 +0000 (08:20 -0500)]
cap: chase ircv3.2 interpretation of sticky/ack-required caps (basically dropping support other than serverside enforcement of stickyness)
change request @ ircv3/ircv3-specifications#122
William Pitcock [Mon, 9 Mar 2015 00:22:49 +0000 (19:22 -0500)]
Merge pull request #86 from rnjohnson18/patch-1
Change example.conf to ircd.conf.example
rnjohnson18 [Mon, 9 Mar 2015 00:16:36 +0000 (19:16 -0500)]
Change example.conf to ircd.conf.example
William Pitcock [Sun, 8 Mar 2015 20:26:31 +0000 (15:26 -0500)]
charybdis 3.5.0 rc1.
Mantas Mikulėnas [Fri, 6 Mar 2015 15:19:16 +0000 (17:19 +0200)]
sasl: reformat the other messages consistently
Mantas Mikulėnas [Fri, 6 Mar 2015 15:18:54 +0000 (17:18 +0200)]
sasl: adjust 'H' message following commit
7d33cce8efb
Jilles Tjoelker [Sun, 1 Mar 2015 22:46:20 +0000 (23:46 +0100)]
Fix some compiler warnings about signed/unsigned comparison.
Jilles Tjoelker [Sun, 1 Mar 2015 15:12:12 +0000 (16:12 +0100)]
conf: Correct message when serverinfo::nicklen is set too low (<9).
Jilles Tjoelker [Sun, 1 Mar 2015 14:00:52 +0000 (15:00 +0100)]
cap-notify: Fix possible crash on 64-bit systems.
find_named_client() was called without a prototype and therefore the
pointer could be truncated.
Jilles Tjoelker [Sun, 1 Mar 2015 13:53:40 +0000 (14:53 +0100)]
send: sendto_local_clients_with_capability() needn't use serial
sendto_local_clients_with_capability() sends to a subset of the list of
local clients and cannot visit the same client multiple times like
sendto_channel_flags() and sendto_common_channels_local() can.
Max Teufel [Sun, 1 Mar 2015 08:59:27 +0000 (09:59 +0100)]
m_cap: do not allow sasl CAP when the agent is offline
William Pitcock [Sun, 1 Mar 2015 07:09:34 +0000 (01:09 -0600)]
charybdis 3.5.0-test1.
William Pitcock [Sun, 1 Mar 2015 07:06:58 +0000 (01:06 -0600)]
config: further EGD removal
William Pitcock [Sun, 1 Mar 2015 07:05:14 +0000 (01:05 -0600)]
libratbox: remove RB_PRNG_EGD in its entirety (closes #85)
William Pitcock [Sun, 1 Mar 2015 06:58:40 +0000 (00:58 -0600)]
cap-notify: implement cap-notify for sasl service (closes #84)
William Pitcock [Sun, 1 Mar 2015 06:44:34 +0000 (00:44 -0600)]
cap-notify: add sendto_local_clients_with_capability() (ref #84)
William Pitcock [Sun, 1 Mar 2015 06:26:23 +0000 (00:26 -0600)]
cap-notify: add cap-notify cap
William Pitcock [Sun, 1 Mar 2015 06:22:50 +0000 (00:22 -0600)]
sasl: making the sasl capability actually sticky seems incompatible with broken implementations, so we make it just a formality instead.
William Pitcock [Sun, 1 Mar 2015 06:01:24 +0000 (00:01 -0600)]
sasl: fix null deref on remote client exit
William Pitcock [Sat, 28 Feb 2015 07:12:25 +0000 (01:12 -0600)]
sasl: ircv3 wg decided sasl capability should be sticky (ref ircv3/ircv3-specifications#103)
Max Teufel [Sat, 28 Feb 2015 07:06:38 +0000 (01:06 -0600)]
src/channel: add support for IRCv3.2 userhost-in-names
William Pitcock [Sat, 28 Feb 2015 07:01:08 +0000 (01:01 -0600)]
cap: remove SASL_REAUTH capability
William Pitcock [Sat, 28 Feb 2015 06:48:43 +0000 (00:48 -0600)]
sasl: allow reauth without sasl-reauth capability (since it's being dropped)
William Pitcock [Wed, 25 Feb 2015 02:32:08 +0000 (20:32 -0600)]
move README to markdown.
William Pitcock [Wed, 25 Feb 2015 02:25:34 +0000 (20:25 -0600)]
remove references to LIBPATH (closes #26).
William Pitcock [Wed, 18 Feb 2015 18:35:34 +0000 (12:35 -0600)]
ircd.conf.example: explain DH parameters size better (closes #68)
William Pitcock [Wed, 18 Feb 2015 18:29:57 +0000 (12:29 -0600)]
Merge pull request #82 from grawity/sasl-send-conn-info
m_sasl: send information about the client connection
William Pitcock [Mon, 16 Feb 2015 23:50:51 +0000 (17:50 -0600)]
Revert "m_invite: add support for CAP invite-notify"
This reverts commit
93eb76cc323f9b1219c86ac9b360e00ea215388f .
William Pitcock [Mon, 16 Feb 2015 23:40:25 +0000 (17:40 -0600)]
libratbox/gnutls: call gnutls_rnd_refresh() to ensure our PRNG is initialized
William Pitcock [Mon, 16 Feb 2015 21:57:14 +0000 (15:57 -0600)]
rebuild configure
William Pitcock [Mon, 16 Feb 2015 21:53:55 +0000 (15:53 -0600)]
configure: move some OS X toolchain checks around (closes #40)
Max Teufel [Mon, 16 Feb 2015 19:24:12 +0000 (20:24 +0100)]
m_invite: add support for CAP invite-notify
Specification:
<https://github.com/ircv3/ircv3-specifications/blob/master/extensions/invite-notify-3.2.md>
William Pitcock [Mon, 16 Feb 2015 21:39:36 +0000 (15:39 -0600)]
m_sasl: move some struct members around for sasl-reauth
William Pitcock [Sun, 15 Feb 2015 23:40:20 +0000 (17:40 -0600)]
cap: fix compile
William Pitcock [Sun, 15 Feb 2015 23:10:39 +0000 (17:10 -0600)]
cap: allow clients to do sasl reauth if they requested sasl and sasl-reauth (ref ircv3/ircv3#103).
William Pitcock [Sun, 15 Feb 2015 23:01:35 +0000 (17:01 -0600)]
cap: add notion of required dependency caps
William Pitcock [Sat, 14 Feb 2015 21:23:00 +0000 (15:23 -0600)]
Merge pull request #83 from maxteufel/feature/saslserv_config_option
m_sasl: add configuration option for the nick of the SASL agent
Max Teufel [Sat, 14 Feb 2015 09:41:10 +0000 (10:41 +0100)]
m_sasl: add configuration option for the nick of the SASL agent
This allows multiple improvements to m_sasl. With this change, the SASL
authentication gets aborted immediately when services are offline.
Additionally, we send the SASL ENCAP messages directly to the specified
SASL agent.
Jilles Tjoelker [Fri, 13 Feb 2015 22:07:02 +0000 (23:07 +0100)]
Ignore duplicate USER and PASS.
If SASL starts using USER/PASS for unregistered clients, this change stops
users from using one USER/PASS for SASL while using another for connecting.
Mantas Mikulėnas [Fri, 13 Feb 2015 20:16:53 +0000 (22:16 +0200)]
m_sasl: send information about the client connection
William Pitcock [Mon, 9 Feb 2015 20:59:56 +0000 (14:59 -0600)]
Merge pull request #81 from attilamolnar/master+openssl
openssl: Disable session tickets and session caching
Attila Molnar [Mon, 9 Feb 2015 20:19:09 +0000 (21:19 +0100)]
openssl: Disable session caching
Attila Molnar [Mon, 9 Feb 2015 20:18:32 +0000 (21:18 +0100)]
openssl: Disable session tickets
William Pitcock [Mon, 9 Feb 2015 17:14:03 +0000 (11:14 -0600)]
fix target list generation edge case where WALLCHOPS was requested alongside normal users if the source user was not a channel op.
from ircd-hybrid r5457
Jilles Tjoelker [Fri, 30 Jan 2015 16:54:13 +0000 (17:54 +0100)]
Merge branch 'master+sjoin-deadcode' of https://github.com/attilamolnar/charybdis
Attila Molnar [Fri, 30 Jan 2015 13:42:08 +0000 (14:42 +0100)]
SJOIN: Remove some dead code
Jilles Tjoelker [Sun, 25 Jan 2015 21:11:16 +0000 (22:11 +0100)]
introduce_client(): Remove redundant check for sockhost starting with colon.
Other code (inet_ntop6() in libratbox/src/commio.c and
extensions/m_webirc.c) ensures the sockhost does not start with a colon.
Checking only here does not make sense.
Reported by: Attila
Jilles Tjoelker [Fri, 16 Jan 2015 22:23:56 +0000 (23:23 +0100)]
Don't append a domain to names without dot from reverse lookup.
Some code to append "domain" from /etc/resolv.conf to unqualified names (for
server connections) erroneously applied to names from reverse DNS lookups as
well.
The effect was that "domain" from /etc/resolv.conf was appended to
"localhost", even though the DNS server intended "localhost" to be a fully
qualified name.
Aaron Jones [Thu, 15 Jan 2015 00:00:00 +0000 (00:00 +0000)]
Allow clients to have a resolved hostname of localhost
I slightly changed the patch to match surrounding style.
(cherry picked from commit
0b06270fd6266c85d19e008efcd039605daf59d0 )
Jilles Tjoelker [Fri, 17 Oct 2014 22:54:34 +0000 (00:54 +0200)]
pretty_mask(): Stop temporarily modifying the passed mask entirely.
Jilles Tjoelker [Fri, 10 Oct 2014 21:05:41 +0000 (23:05 +0200)]
pretty_mask(): Use explicit lengths instead of temporarily writing '\0'.
This is slightly simpler and should fix Coverity warnings.
Jilles Tjoelker [Thu, 15 Jan 2015 22:36:26 +0000 (23:36 +0100)]
libratbox: Fix sizeof in two memsets.
This fixes a compiler warning. The necessary fields of the struct sigevent
were initialized so there was no problem.
Submitted by: Aaron (via IRC)
Reviewed by: Attila
Jilles Tjoelker [Fri, 10 Oct 2014 21:56:16 +0000 (23:56 +0200)]
linebuf: Fix possible memory corruption when receiving many CR/LF.
The last byte of balloc.c's block pointer could be changed from 10 or 13 to
0. On amd64, this is not possible. On i386, this is possible and usually
causes a crash soon.
William Pitcock [Wed, 5 Nov 2014 10:52:50 +0000 (04:52 -0600)]
Merge pull request #73 from Argure/master
Explicitly drop SSLv3 connections (SSL_OP_NO_SSLv3) - might break TLS-ca...
William Pitcock [Wed, 5 Nov 2014 05:26:40 +0000 (23:26 -0600)]
Merge pull request #75 from attilamolnar/master+nullcharfix
Fix sending null char after ERROR when the server is full
Attila Molnar [Tue, 4 Nov 2014 20:57:37 +0000 (21:57 +0100)]
Fix sending null char after ERROR when the server is full
Patrick Godschalk [Sun, 26 Oct 2014 12:15:30 +0000 (13:15 +0100)]
Explicitly drop SSLv3 connections (SSL_OP_NO_SSLv3) - might break TLS-capable clients that still depend on SSLv23 handshake
Jilles Tjoelker [Sun, 21 Sep 2014 16:28:24 +0000 (18:28 +0200)]
ban: Fix build breakage.
A normal 'make' did not rebuild m_ban.c even though dependencies had
changed.
Jilles Tjoelker [Sun, 21 Sep 2014 16:20:26 +0000 (18:20 +0200)]
tools: Remove Hybrid 6 conversion tools.
Hybrid 6 is old enough that the conversion tools can go away now.
They are for I and K lines; the ircd.conf converter was already removed.
This removes compiler/analyzer warnings about these tools.
Jilles Tjoelker [Sun, 21 Sep 2014 16:03:20 +0000 (18:03 +0200)]
bandb: Don't apply empty ban list when bandb starts sending bans.
When bandb sends the ban list, it first sends 'C', then all bans and
finally 'F'. Only when 'F' is sent is ircd supposed to apply the bans.
Because of a missing break, 'C' also did 'F', clearing the ircd active
permanent bans until bandb sent 'F'.
The effect is pretty limited because having bandb send the ban list via
/rehash bans is uncommon and most bans will be enforced when reset.
Jilles Tjoelker [Sun, 21 Sep 2014 15:44:34 +0000 (17:44 +0200)]
libratbox: Add comment that case fallthrough is deliberate.
Jilles Tjoelker [Sun, 21 Sep 2014 14:58:06 +0000 (16:58 +0200)]
Gitignore vim swap files.
Jilles Tjoelker [Sun, 21 Sep 2014 14:56:49 +0000 (16:56 +0200)]
server: Don't read beyond the bounds of ServerInfo.ip and ServerInfo.ip6.
Jilles Tjoelker [Sun, 21 Sep 2014 13:16:15 +0000 (15:16 +0200)]
server: Remove two dead stores.