head 1.4; access; symbols pkgsrc-2015Q3:1.3.0.64 pkgsrc-2015Q3-base:1.3 pkgsrc-2015Q2:1.3.0.62 pkgsrc-2015Q2-base:1.3 pkgsrc-2015Q1:1.3.0.60 pkgsrc-2015Q1-base:1.3 pkgsrc-2014Q4:1.3.0.58 pkgsrc-2014Q4-base:1.3 pkgsrc-2014Q3:1.3.0.56 pkgsrc-2014Q3-base:1.3 pkgsrc-2014Q2:1.3.0.54 pkgsrc-2014Q2-base:1.3 pkgsrc-2014Q1:1.3.0.52 pkgsrc-2014Q1-base:1.3 pkgsrc-2013Q4:1.3.0.50 pkgsrc-2013Q4-base:1.3 pkgsrc-2013Q3:1.3.0.48 pkgsrc-2013Q3-base:1.3 pkgsrc-2013Q2:1.3.0.46 pkgsrc-2013Q2-base:1.3 pkgsrc-2013Q1:1.3.0.44 pkgsrc-2013Q1-base:1.3 pkgsrc-2012Q4:1.3.0.42 pkgsrc-2012Q4-base:1.3 pkgsrc-2012Q3:1.3.0.40 pkgsrc-2012Q3-base:1.3 pkgsrc-2012Q2:1.3.0.38 pkgsrc-2012Q2-base:1.3 pkgsrc-2012Q1:1.3.0.36 pkgsrc-2012Q1-base:1.3 pkgsrc-2011Q4:1.3.0.34 pkgsrc-2011Q4-base:1.3 pkgsrc-2011Q3:1.3.0.32 pkgsrc-2011Q3-base:1.3 pkgsrc-2011Q2:1.3.0.30 pkgsrc-2011Q2-base:1.3 pkgsrc-2011Q1:1.3.0.28 pkgsrc-2011Q1-base:1.3 pkgsrc-2010Q4:1.3.0.26 pkgsrc-2010Q4-base:1.3 pkgsrc-2010Q3:1.3.0.24 pkgsrc-2010Q3-base:1.3 pkgsrc-2010Q2:1.3.0.22 pkgsrc-2010Q2-base:1.3 pkgsrc-2010Q1:1.3.0.20 pkgsrc-2010Q1-base:1.3 pkgsrc-2009Q4:1.3.0.18 pkgsrc-2009Q4-base:1.3 pkgsrc-2009Q3:1.3.0.16 pkgsrc-2009Q3-base:1.3 pkgsrc-2009Q2:1.3.0.14 pkgsrc-2009Q2-base:1.3 pkgsrc-2009Q1:1.3.0.12 pkgsrc-2009Q1-base:1.3 pkgsrc-2008Q4:1.3.0.10 pkgsrc-2008Q4-base:1.3 pkgsrc-2008Q3:1.3.0.8 pkgsrc-2008Q3-base:1.3 cube-native-xorg:1.3.0.6 cube-native-xorg-base:1.3 pkgsrc-2008Q2:1.3.0.4 pkgsrc-2008Q2-base:1.3 cwrapper:1.3.0.2 pkgsrc-2008Q1:1.2.0.28 pkgsrc-2008Q1-base:1.2 pkgsrc-2007Q4:1.2.0.26 pkgsrc-2007Q4-base:1.2 pkgsrc-2007Q3:1.2.0.24 pkgsrc-2007Q3-base:1.2 pkgsrc-2007Q2:1.2.0.22 pkgsrc-2007Q2-base:1.2 pkgsrc-2007Q1:1.2.0.20 pkgsrc-2007Q1-base:1.2 pkgsrc-2006Q4:1.2.0.18 pkgsrc-2006Q4-base:1.2 pkgsrc-2006Q3:1.2.0.16 pkgsrc-2006Q3-base:1.2 pkgsrc-2006Q2:1.2.0.14 pkgsrc-2006Q2-base:1.2 pkgsrc-2006Q1:1.2.0.12 pkgsrc-2006Q1-base:1.2 pkgsrc-2005Q4:1.2.0.10 pkgsrc-2005Q4-base:1.2 pkgsrc-2005Q3:1.2.0.8 pkgsrc-2005Q3-base:1.2 pkgsrc-2005Q2:1.2.0.6 pkgsrc-2005Q2-base:1.2 pkgsrc-2005Q1:1.2.0.4 pkgsrc-2005Q1-base:1.2 pkgsrc-2004Q4:1.2.0.2 pkgsrc-2004Q4-base:1.2 pkgsrc-2004Q3:1.1.0.10 pkgsrc-2004Q3-base:1.1 pkgsrc-2004Q2:1.1.0.8 pkgsrc-2004Q2-base:1.1 pkgsrc-2004Q1:1.1.0.6 pkgsrc-2004Q1-base:1.1 pkgsrc-2003Q4:1.1.0.4 pkgsrc-2003Q4-base:1.1 netbsd-1-6-1:1.1.0.2; locks; strict; comment @# @; 1.4 date 2015.09.27.19.06.23; author kamil; state dead; branches; next 1.3; commitid EiOH68EnQb3slVCy; 1.3 date 2008.07.06.05.16.50; author tonnerre; state Exp; branches; next 1.2; 1.2 date 2004.11.26.11.39.05; author adam; state dead; branches; next 1.1; 1.1 date 2003.03.29.21.20.30; author salo; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2003.03.29.21.20.30; author grant; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2003.04.06.20.58.12; author grant; state Exp; branches; next ; desc @@ 1.4 log @Upgrade to 1.2.1, reuse work from wip/bitchx (by Makoto Fujiwara) Drop all local patches for old GCC fixes and tuning the program itself. Upstream changelog ================== [Changes 1.2.1] * Prefer over (reported by ncopa). (caf) * Fix overflow in say() when handling a maximum-length client message. (caf) * Remove WANT_CHAN_NICK_SERV define and include network services commands by default. (caf) * Pass through externally-provided CPPFLAGS (reported by cpet). (caf) * Don't set the mode on new channels until synched - this speeds up joining lots of channels at connect time if one of them is new, and reduces the chance of being flooded off the server. (caf) * Correctly handle channel sync across multi-server. (caf) * Fixes and improvements for channel logging. (caf) * Use correct (MODECHAN and MODEUSER) display level for channel and user modes. (caf) * Allow %- status format to handle max-length topics (reported by oxy). (caf) * Add /FSET WOHIS_LOGGEDIN for services login info on hybrid, ratbox and ircu. (caf) * Add sanity checking of incoming nicknames. (caf) * /MV (massvoice) shouldn't send +v for already-voiced users. (caf) * Fix lag check on recent 32 bit OpenBSD / NetBSD (reported by DJ). (caf) * Fix key bindings that terminate with ^. (caf) * Fix the $timer() scripting function. (caf) * Fix the /TKB (timed kickban) command. (caf) * Rewrite termcap/terminfo detection logic in configure and include term.h in term.c for the system definition of tparm(). This fixes a crash on NetBSD x86-64 (reported by jeezy), and should also ensure that terminfo is used in preference to termcap on NetBSD. (caf) * Fix output when built against termcap. (caf) * Fix STATUS_NOTIFY so that it appears in the right window. (caf) * Improve robustness of status formats handling. (caf) * Use system setenv() in preference to compat bsd_setenv(). (caf) * Allow selection of alternate hashing methods with $crypt(). (caf) * Improve the initial seeding of the randm() fallback RNG. (caf) * Strengthen the cookie generation algorithm for /detach. (caf) * RANDOM_SOURCE now only affects the rand() scripting function. (caf) * Make RANDOM_LOCAL_PORTS actually random. (caf) * Show same message on local terminal as used in emergency exit QUIT. (caf) * Remove unused XLINK CTCP reply handler. (caf) * Ensure add_socketread() doesn't leak file descriptors. (caf) * Fix listing bans on local channels (/BANS &channel). (flashback) * Fix unbanning by number (/UNBAN #channel #number). (caf) * Improve the list_channels() function. (caf) * Use socklen_t instead of plain int where available. (flashback) * Use in preference to where it's available. (caf) * Skip malformed abots.sav entries in read_abot(), avoiding null dereferences found by Coverity. (flashback) * Ensure proper handling of % when /FSET DCC is used. (caf) * Improve robustness of CDCC save file loading. (caf) * Fix open file leak in /LASTLOG found by Coverity. (caf) * Fix file descriptor leak on SOCKS4 connection failure found by Coverity. (caf) * Fix out-of-bounds error in cryptit() found by Coverity. (flashback) * Cleanup save_formats(). (caf) * Fix off-by-one error in add_socketread() and set_socketwrite() found by Coverity. (caf) * Fix longstanding bug with ordering of rfc1459[] array. (caf) * Fix crash after /SETAR -, reported by riderplus. (caf) * Remove special handling of 484 numeric, which is no longer needed and was buggy (making BitchX think that usermode +G was set). (caf) * Add /OBITS command, shows obituaries for some BitchX friends. (caf) * Fix abuses of the RESIZE macro. Reported by nenolod. (caf) * Clears up a crash and some build warnings in the acro plugin. (caf) * Applied patches from jdhore to clean up the plugin building and installing process. (caf) * Fix building on newer Cygwin (reported by VICODAN). (caf) * Fix building plugins on FreeBSD-10 (reported by cpet). (caf) * Messages sent to channels should use lastlog level PUBLIC, not MSG. (caf) * panasync OK'd releasing tcl.c, so here it is. (caf) * Fix QUIT messages with SSL connections. (flashback) * Rename include/bitchx to include/options.h, fixes building on case-insensitive platforms. (caf) * Use AI_ADDRCONFIG flag to improve server address selection when client is built for IPv6 but we don't have an IPv6 address. (caf) * Enable SSL support by default, if OpenSSL is present at build time. (caf) * Fix leak and potential crash in lame_resolv() using IPv6. (caf, snadge) * Apply patch from snadge defining BIND_4_COMPAT on OpenBSD, to allow /nslookup to build. (caf) * Fix problem connecting to IPv4 when IPv6 enabled on FreeBSD and enable IPv6 on all supporting platforms. Thanks to brabes, snadge and packet. (caf) * Improve connect() error handling. (caf) * Remove obsolete .spec files. (caf) * configure - only create sig.inc if it's actually needed. (caf) * configure - use the right dependencies when checking for net/if.h, i arpa/inet.h and resolv.h. Reported by flashback. (caf) * Fix plugin Makefiles for out-of-tree building, reported by nyet. (caf) * Add DESTDIR support to build system, to ease rpm and deb packaging. Reported separately by nyet and VICODAN. (caf) * Fix /detach and wserv with IPv6 enabled. (caf, snadge, packet) * Make default for NICK_COMPLETION_CHAR explicit. (caf) * Reduce footprint when starting up disconnected. (caf) * Fix /nslookup command (including fixing compilation on cygwin). (caf) * Improve /detach error handling and remove bogus F_SETOWN use, reported by madsage. (caf) * Add /FSET WHOIS_SECURE for SSL connection info on ratbox, unreal and freenode. (caf) * Add /FSET CHANNEL_URL for services channel URL numeric. (caf) * Fix crash bug in $mircansi() scripting function. (caf) * Add half-op support to /topic and /untopic. (caf) * Tidy up the URL grabber, fixing a memory leak. (caf) * Cleanup the /BHELP code, fixing a potential crash. Apply updates to BitchX.help from t3gah. (caf) * [1.1s01] Sanity check color codes, fixes a potential crash. (caf) * Add /FSET USERMODE_OTHER to correctly format user mode changes where the source isn't the same as the target, reported by gauze. (caf) * Improve country() and add several new TLDs, suggested by gauze. (caf) * Apply fixes from darkfires removing non-standard use of arithmetic on void * values, to allow building on Irix. (caf) * Apply fix from darkfires to allow building with ICC. (caf) * Show correct message when a socket connection is closed cleanly. (caf) * Add /FSET WHOIS_CALLERID for +g mode notification on hybrid & ratbox. (caf) * Build script fix to allow plugins to build on x86-64. (caf) * Correct count in /CLONES (reported by t3gah), and format output nicely using an /fset. (caf) * Add definition of BIND_8_COMPAT to fix build problem on Mac OS X. (caf) * Ensure that SHOW_AWAY_ONCE doesn't hide away status in /whois output. (caf) * Fix the the -z command line option for specifying username. (flashback) * Fix up /WILN, /WILC and /WILCR. (caf) * Backport changes from epic5 to make recv_nick, sent_nick and sent_body per-server, and apply new version of do_oops from flashback. This means that /oops, "/query .", "/query ,", "/msg ." and "/msg ," are per-server, along with the $. $, and $B aliases. (caf) * Handle error return from getcwd() in /cd. (caf) * Fix alloca warnings on freebsd. (caf) * Fix memory leak in banlist.c. (caf) * Apply a fix contributed by cpet for the configure script on FreeBSD 9. (caf) * Fix a refcounting issue in the whowas list handling, which should make the listing of users that left in a netsplit right again. (caf) * Improve argument-handling in /hostname command - now supports doing /hostname 2 to switch to second vhost. (caf) * Change the display of server stats so that the averages (eg. users per channel) are correctly rounded. (caf) * Reinstate RPL_WHOISACTUALLY / RPL_WHOISHOST numerics - things seem to have stabilised in the ircd world on this. (caf) * Fixed two cases where the client was incorrectly deciding that a numeric originated from a remote server rather than the local server - this caused BitchX to falsely report channel desynch and incorrectly hide some numerics. (caf) * Fixed $servernum() scripting function, it was returning the wrong server reference in most cases. (caf) * [1.1s01] Fixed .cmsg crash reported by zimzum. (caf) * Changed the defaults for JOIN_NEW_WINDOW_TYPE and QUERY_NEW_WINDOW_TYPE so that they work out of the box. (caf) * Some cleanups in quit message handling, fixed a bug where a quit from an unexpected source could crash the client. (caf) * Cleaned up the handling of channel mode changes a little, including fixing buggy handling of certain key and limit mode changes. (caf) * Fix bug where you got disconnected if the server sent a 464 numeric (bad password) that the client wasn't expecting. (caf) * Add /HOP and /DEHOP commands for halfop. (caf) * Removed "scan" plugin, this functionality is now covered by /SCAN -stat. (caf) * Change NICKSORT_OP to NICKSORT_STAT (sorts nicks by channel status - chanop first, then halops, voices and others). Added /SCAN -stat to sort nicks using NICKSORT_OP. Removed NICKSORT_VOICE - it was broken anyway. (caf) * Add halfop nick prefix to default status line, and change the voice prefix so it appears whether or not you're opped. (caf) * Add halfop support to $channel() scripting function. (caf) * Rework /SCAN and /NAMES formatting. This removes the /FSETs NAMES_BOTCOLOR, NAMES_FRIENDCOLOR, NAMES_NICKCOLOR, NAMES_OPCOLOR, NAMES_SHITCOLOR and NAMES_VOICECOLOR and replaces them with new /FSETs. (caf) * Add $ishalfop( = 2.7 - fixes compiling on S390 platform. (caf) * [1.1s01] Improve buffer handling in convert_output_format_raw (CVE-2007-4584). (caf) * [1.1s01] Handle negative numerics correctly (CVE-2007-3360). (caf) @ text @$NetBSD: patch-ah,v 1.3 2008/07/06 05:16:50 tonnerre Exp $ --- source/commands.c.orig 2003-06-11 09:00:41.000000000 +0200 +++ source/commands.c @@@@ -2617,7 +2617,6 @@@@ BUILT_IN_COMMAND(e_hostname) #if !defined(__linux__) && !defined(BSD) && !defined(__EMX__) bitchsay("Local Host Name is [%s]", (LocalHostName)? LocalHostName: hostname); #elif defined(old_hostname) - char filename[81]; char comm[200]; FILE *fptr; char *p = NULL, *q; @@@@ -2632,34 +2631,29 @@@@ BUILT_IN_COMMAND(e_hostname) #endif #endif - tmpnam(filename); #if defined(_BSDI_VERSION) && _BSDI_VERSION < 199701 if (!(p = path_search("netstat", "/sbin:/usr/sbin:/bin:/usr/bin"))) { yell("No Netstat to be found"); return; } - sprintf(comm, "%s -in >%s", p, filename); + sprintf(comm, "%s -in", p); #elif defined(__EMX__) - sprintf(comm, "netstat -a > %s", filename); + sprintf(comm, "netstat -a"); #else if (!(p = path_search("ifconfig", "/sbin:/usr/sbin:/bin:/usr/bin"))) { yell("Can't find ifconfig"); return; } - sprintf(comm, "%s -a >%s", p, filename); + sprintf(comm, "%s -a", p); #endif - system(comm); #ifdef __EMXPM__ pm_seticon(last_input_screen); #endif - if ((fptr = fopen(filename, "r")) == NULL) - { - unlink(filename); + if ((fptr = popen(comm, "r")) == NULL) return; - } #if defined(_BSDI_VERSION) && _BSDI_VERSION < 199701 fgets(comm, 200, fptr); fgets(comm, 200, fptr); @@@@ -2777,7 +2771,6 @@@@ BUILT_IN_COMMAND(e_hostname) } } fclose(fptr); - unlink(filename); for (new = virtuals, i = 1; virtuals; i++) { new = virtuals; @ 1.3 log @Add patches for two longstanding security issues in bitchx: - CVE-2007-5839: e_hostname uses mktempnam in an unsafe manner. - CVE-2007-4584: p_mode classic buffer overflow using a static string. @ text @d1 1 a1 1 $NetBSD$ @ 1.2 log @Changes 1.1: * Fixed bug with using [$8] in expressions (Reported by BlackJac) (Patch from |Rain|) (BugID: 64) (powuh) * Fixed bug in /set show_end_of_msgs. When OFF prevented hooking of some end_of_msg numerics. (Reported by BlackJac) (Patch from |Rain|) (BugID: 51) (powuh) * Fixed incorrect ordering of operations in screen.c which caused an off-by-one access at the end ofthe buffer. (Patch from |Rain|) (BugID: 48) (powuh) * Fixed ischanvoice() to be compatiable with epic. Maintained reverse functionality as not to break existing scripts. (Patch from |Rain|) (BugID: 20) (powuh) * Fixed segfault with convert_output_format not honoring MAX_RECURSE. (Patch from |Rain|) (powuh) * Fixed possble rouge server exploit: If a rogue server sends us a ctcp request from an extremely large nickname (over about 512 bytes), we may attempt to alloca() a negative value, which under gcc will return a invalid pointer the contents of which will then be overwritten. (Reported by O_6) (Patch from |Rain|) (powuh) * Fixed segfault with channel mode parsing. (Patch from O_6) (powuh) * Removed auto_resume script, it's not needed any more (caf). * Fixed string copying snafu in gtkbitchx.c (reported by Huey) (caf). * Added STATUS_USER20 to STATUS_USER39 (patch from BlackJac) (caf). @ text @d1 1 a1 1 $NetBSD: patch-ah,v 1.1 2003/03/29 21:20:30 salo Exp $ d3 36 a38 16 Fixes potential remote buffer overflows. See the following url for more details: http://securityfocus.com/archive/1/315057 Patch by caf@@guarana.org. --- source/ctcp.c.orig 2002-02-28 05:22:47.000000000 +0100 +++ source/ctcp.c 2003-03-29 21:41:01.000000000 +0100 @@@@ -1482,6 +1482,10 @@@@ *putbuf2; int len; len = IRCD_BUFFER_SIZE - (12 + strlen(to)); + + if (len < strlen(ctcp_cmd[datatag].name) + 3) + return; + putbuf2 = alloca(len); d40 20 a59 1 if (format) @ 1.1 log @Bump PKGREVISION: fix several potential buffer overflows found by Timo Sirainen , see the following url for more details: http://securityfocus.com/archive/1/315057 Patch from bugtraq by . @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-ah was added on branch netbsd-1-6-1 on 2003-04-06 20:58:12 +0000 @ text @d1 20 @ 1.1.2.2 log @Add new file (requested by salo in ticket #1239): Bump PKGREVISION: fix several potential buffer overflows found by Timo Sirainen @ text @a0 20 $NetBSD: patch-ah,v 1.1.2.1 2003/04/06 20:58:12 grant Exp $ Fixes potential remote buffer overflows. See the following url for more details: http://securityfocus.com/archive/1/315057 Patch by caf@@guarana.org. --- source/ctcp.c.orig 2002-02-28 05:22:47.000000000 +0100 +++ source/ctcp.c 2003-03-29 21:41:01.000000000 +0100 @@@@ -1482,6 +1482,10 @@@@ *putbuf2; int len; len = IRCD_BUFFER_SIZE - (12 + strlen(to)); + + if (len < strlen(ctcp_cmd[datatag].name) + 3) + return; + putbuf2 = alloca(len); if (format) @