head 1.3; access; symbols pkgsrc-2013Q2:1.3.0.10 pkgsrc-2013Q2-base:1.3 pkgsrc-2012Q4:1.3.0.8 pkgsrc-2012Q4-base:1.3 pkgsrc-2011Q4:1.3.0.6 pkgsrc-2011Q4-base:1.3 pkgsrc-2011Q2:1.3.0.4 pkgsrc-2011Q2-base:1.3 pkgsrc-2009Q4:1.3.0.2 pkgsrc-2009Q4-base:1.3 pkgsrc-2009Q1:1.2.0.16 pkgsrc-2009Q1-base:1.2 pkgsrc-2008Q4:1.2.0.14 pkgsrc-2008Q4-base:1.2 pkgsrc-2008Q3:1.2.0.12 pkgsrc-2008Q3-base:1.2 cube-native-xorg:1.2.0.10 cube-native-xorg-base:1.2 pkgsrc-2008Q2:1.2.0.8 pkgsrc-2008Q2-base:1.2 cwrapper:1.2.0.6 pkgsrc-2008Q1:1.2.0.4 pkgsrc-2008Q1-base:1.2 pkgsrc-2007Q4:1.2.0.2 pkgsrc-2007Q4-base:1.2 pkgsrc-2007Q3:1.1.0.6 pkgsrc-2007Q3-base:1.1 pkgsrc-2007Q2:1.1.0.4 pkgsrc-2007Q2-base:1.1 pkgsrc-2007Q1:1.1.0.2; locks; strict; comment @# @; 1.3 date 2009.06.10.13.33.39; author obache; state dead; branches; next 1.2; 1.2 date 2007.10.18.09.15.34; author obache; state Exp; branches; next 1.1; 1.1 date 2007.05.22.16.47.05; author lkundrak; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2007.05.22.16.47.05; author ghen; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2007.05.24.09.13.13; author ghen; state Exp; branches; next ; desc @@ 1.3 log @Update eggdrop to 1.6.19+ctcpfix, say, 1.6.19nb1. Eggdrop Changes 1.6.19+ctcpfix (14 May 2009): - Fixed another bug in the CTCP parsing code introduced by the servmsg.c buffer overflow patch in 1.6.19. * Patch by: thommey 1.6.19 (18 April 2008): - Update the recommended TCL version to 8.5 * Patch by: guppy - Updated Copyright dates - added [sL] and thommey to the AUTHORS file * Patch by: guppy - load blowfish by default * Patch by: guppy - added a TCL to handle the PONG : junk on some EFnet servers * Patch by: [sL], guppy - add a simple TCL to handle the PASS junk on some Undernet servers * Patch by: guppy - add support for chanmode +T * Patch by: Thomas "thommey" Sader - CTCP parsing was broken by the servmsg.c buffer overflow patch * Patch by: Thomas "thommey" Sader - Fixed a couple of typos in the FEATURES file. * Patch by: Tomas Szaniszlo - Fixed two buffer overflows in servmsg.c (CVE-2007-2807). * Found by: Bow Sineath - Patch by: Nico Golde / Wcc - Fixed compatibility problems with certain time_t implementations. * Found by: various - Patch by: Tothwolf - Complete raw traffic wasn't getting logged in some cases; only the raw command itself was. Fixed. * Patch by: mrBuG @ text @$NetBSD: patch-am,v 1.2 2007/10/18 09:15:34 obache Exp $ Fix for http://www.eggheads.org/bugzilla/show_bug.cgi?id=462 --- src/mod/server.mod/servmsg.c.orig 2006-03-28 02:35:51.000000000 +0000 +++ src/mod/server.mod/servmsg.c @@@@ -461,7 +461,8 @@@@ static int gotmsg(char *from, char *msg) to = newsplit(&msg); fixcolon(msg); /* Only check if flood-ctcp is active */ - strcpy(uhost, from); + strncpy(uhost, from, UHOSTMAX); + uhost[UHOSTMAX] = '\0'; nick = splitnick(&uhost); if (flud_ctcp_thr && detect_avalanche(msg)) { if (!ignoring) { @ 1.2 log @Update eggdrop to 1.6.18. While here, fixes PR 30307, ipv6 option isn't supported since version 1.6.16. 1.6.18 (09 July 2006) * Look for Tcl in /lib64 and /usr/lib64. * Patch by: Kuja + RC1 released on April 3rd, 2006. * Fixed a type conversion problem in snprintf.c causing Eggdrop to not compile on OSF1. * Found by: Joker - Patch by: Wcc - Detect NetBSD Tcl in /usr/pkg/lib and /usr/pkg/include. * Found by: mish - Patch by: Wcc - Fixed possibility of referencing a NULL pointer in rembot(). - Added a missing param cast for dcc_table.timeout. - Fixed a memleak / other nasty stuff when MODES_PER_LINE_MAX != 6. - Fixed putlog() of an uninitialized (and incorrect) variable in dcc_telnet_hostresolved(). * Patch by: lordares - Valgrind doesn't bitch about init_uptime() now. * Patch by: Wcc - Dns.mod should compile on Mac OS X now. Thanks to Netscrape @@ EFNet for testing. * Found by: various - Patch by: Wcc - Corrected nat-ip setting documentation. * Found by: BarkerJr - Patch by: Wcc - Don't allow realname to be blank or whitespace. * Found by: Jesse M - Patch by: BarkerJr / Wcc - Fixed an error in channel get. You can now, correctly, do a channel get #channel stopnethack-mode. * Found by: Chris Northwood - Patch by: Wcc - The pushmode command should work properly for bans now. * Patch by: thommey - Apparently we broke lastbind. * Found by: bUrN - Patch by: thommey - Request topic on channel reset. * Found by: De Kus - Patch by: Darko - Fixed a situation where noshare could be set to 1 and never restored. * Patch by: lordares - Fixed a socklist leak in net.c. * Patch by: lordares - Hopefully fixed dns lockups. * Found by: various - Patch by: Sven Trenkel - Fixed remote note bug in add_note() that was introduced in 1.6.17. Fixes Bugzilla Bug # 433 "Remote Notes Always Say User is Offline" * Found by: alex323 - Patch by: Tothwolf - Completely rewrote check_tcl_bind(). - Added inline check_bind_flags() for flag checking for check_tcl_bind(). - Added inline check_bind_match() for match checking for check_tcl_bind(). - Rewrote trigger_bind() and made it inline for check_tcl_bind(). - Fixed pointless calling of nmalloc() and nfree() for ContextNote in trigger_bind() when DEBUG_CONTEXT isn't defined. - Moved findidx() from tcl.c to dccutil.c. - Moved findanyidx() from tclhash.c to dccutil.c. - Moved CHECKVALIDITY from tclhash.h to tclegg.h. - Added CHECKVALIDITY checks to builtin_dcc() and builtin_fil(). - Moved CMD_LEAVE from cmdt.h to tclegg.h. - Changed NULL to CMD_LEAVE for partyline quit in cmds.c. - Renamed BIND_EXEC_BRK to BIND_QUIT. - Fixed misc typos. * Patch by: Tothwolf - Added support to MSGM, PUBM, NOTC, and WALL binds to support bound procs returning 1 to prevent logging of the trigger message text. Fixes Bugzilla Bug # 334 "msgm bind return values" - Added BIND_STACKRET bit mask and support for stacked bind return values to check_tcl_bind(). This allows check_tcl_bind() to check if any stacked bound procs return 1 while allowing all matching stacked binds to be processed. Previously if BIND_WANTRET was used to check the return value of stacked binds, only the first match would be triggered. - Modified irc.mod gotmsg() function to trigger PUBM binds before triggering PUB binds. MSGM and MSG binds already worked this way. - Modified irc.mod gotmsg() function to allow a message to trigger both PUBM and PUB binds. Previously if a message triggered a PUB bind, any PUBM binds that might match the message text would not be triggered. Fixes Bugzilla Bug # 351 "bind pub hogs pubm" - Added exclusive-binds setting and code to gotmsg() functions to allow MSGM and PUBM binds to be exclusive of MSG and PUB binds. - Fixed logging for WALL bind. It had been broken since it was originally implemented in eggdrop-hayes. Wallops messages were always logged regardless of the return value of a bound proc. Returning '1' from a bound proc now causes Eggdrop to not log the Wallops message. * Patch by: Tothwolf - Check for Tcl 8.5 before older versions. * Patch by: Tothwolf - Use flagrec_eq() instead of flagrec_ok() in help_subst() since lower flags are automatically added now. * Patch by: Tothwolf - Check for bot's nick and user@@host earlier in detect_flood() and detect_chan_flood(). * Patch by: Tothwolf - Allow wildcard matching and stacking for note binds. * Patch by: Tothwolf - Use CHANMETA to define valid channel prefixes in gotmsg(). * Found by: zathras3 at hotmail.com - Patch by: Wcc - Fix for problems created when loading long user-defined channel setting names from the channel file. * Patch by: Stream - Help file update related to sharing. * Patch by: Shawn888, slennox - Fix for randint() on Solaris / SunOS. * Patch by: Mikael Hedberg - Updated Copyright Dates. * Patch by: Paladin - Fixed 3 invalid reads in notes.c. * Patch by: rush at winkey.oompah.org - Corrected a few of the error messages in neterror(). * Found by: Steven Nikkel - Patch by: Wcc - Corrected the order of our search paths for Tcl. This should help stop version mismatches between the headers and libraries. * Patch by: CoderX2 @ text @d1 1 a1 1 $NetBSD: patch-am,v 1.1 2007/05/22 16:47:05 lkundrak Exp $ @ 1.1 log @Fix for the following: eggdrop<=1.6.18 arbitrary-code-execution http://www.eggheads.org/bugzilla/show_bug.cgi?id=462 @ text @d1 1 a1 1 $NetBSD$ d5 1 a5 1 --- src/mod/server.mod/servmsg.c.orig 2007-05-22 18:29:49.000000000 +0200 d7 1 a7 1 @@@@ -424,7 +424,8 @@@@ static int gotmsg(char *from, char *msg) @ 1.1.2.1 log @file patch-am was added on branch pkgsrc-2007Q1 on 2007-05-24 09:13:13 +0000 @ text @d1 16 @ 1.1.2.2 log @Pullup ticket 2097 - requested by salo security fix for eggdrop - pkgsrc/chat/eggdrop/Makefile 1.26 - pkgsrc/chat/eggdrop/distinfo 1.11 - pkgsrc/chat/eggdrop/patches/patch-al 1.1 - pkgsrc/chat/eggdrop/patches/patch-am 1.1 Module Name: pkgsrc Committed By: lkundrak Date: Tue May 22 16:47:05 UTC 2007 Modified Files: pkgsrc/chat/eggdrop: Makefile distinfo Added Files: pkgsrc/chat/eggdrop/patches: patch-al patch-am Log Message: Fix for the following: eggdrop<=1.6.18 arbitrary-code-execution http://www.eggheads.org/bugzilla/show_bug.cgi?id=462 @ text @a0 16 $NetBSD$ Fix for http://www.eggheads.org/bugzilla/show_bug.cgi?id=462 --- src/mod/server.mod/servmsg.c.orig 2007-05-22 18:29:49.000000000 +0200 +++ src/mod/server.mod/servmsg.c @@@@ -424,7 +424,8 @@@@ static int gotmsg(char *from, char *msg) to = newsplit(&msg); fixcolon(msg); /* Only check if flood-ctcp is active */ - strcpy(uhost, from); + strncpy(uhost, from, UHOSTMAX); + uhost[UHOSTMAX] = '\0'; nick = splitnick(&uhost); if (flud_ctcp_thr && detect_avalanche(msg)) { if (!ignoring) { @