ngIRCd CVSHEAD
- - Fixed detection of IRC lines which are too long to send. Detected by
- Florian Westphal, <westphal@foo.fh-furtwangen.de>.
- - Fixed return values of our own implementation of strlcpy(). The code has
- been taken from rsync and they fixed it, but we didn't until today :-/
- It has only been used when the system didn't implement strlcpy by itself,
- not on "modern" systems. Florian Westphal, <westphal@foo.fh-furtwangen.de>.
+ - Fixed a bug that could case a root exploit when the daemon is compiled
+ to do IDENT lookups and is logging to syslog. Bug discovered by CoKi,
+ <coki@nosystem.com.ar>, thanks a lot!
+ (http://www.nosystem.com.ar/advisories/advisory-11.txt)
+ - Code cleanups from Florian Westphal, <westphal@foo.fh-furtwangen.de>.
- Raised the maximum length of passwords to 20 characters.
- Fixed a memory leak when resizing the connection pool and realloc()
failed. Now we don't fall back to malloc(), which should be sane anyway.
should enable the system to write proper core files when not running with
root privileges ...
+ngIRCd 0.8.2 (2005-01-26)
+
+ - Added doc/SSL.txt to distribution.
+ - Fixed a buffer overflow that could cause the daemon to crash. Bug found
+ by Florian Westphal, <westphal@foo.fh-furtwangen.de>.
+ - Fixed a possible buffer underrun when reading the MOTD file. Thanks
+ to Florian Westphal, <westphal@foo.fh-furtwangen.de>.
+ - Fixed detection of IRC lines which are too long to send. Detected by
+ Florian Westphal, <westphal@foo.fh-furtwangen.de>.
+ - Fixed return values of our own implementation of strlcpy(). The code has
+ been taken from rsync and they fixed it, but we didn't until today :-/
+ It has only been used when the system didn't implement strlcpy by itself,
+ not on "modern" systems. Florian Westphal, <westphal@foo.fh-furtwangen.de>.
+
ngIRCd 0.8.1 (2004-12-25)
- Autoconf: Updated config.guess and config.sub
--
-$Id: ChangeLog,v 1.252 2005/01/19 23:33:53 alex Exp $
+$Id: ChangeLog,v 1.257 2005/02/03 09:26:42 alex Exp $