head 1.2; access; symbols OPENPKG_E1_MP_HEAD:1.2 OPENPKG_E1_MP:1.2 OPENPKG_E1_MP_2_STABLE:1.2 OPENPKG_E1_FP:1.2 OPENPKG_2_STABLE_MP:1.2 OPENPKG_2_STABLE_20061018:1.2 OPENPKG_2_STABLE_20060622:1.2 OPENPKG_2_STABLE:1.2.0.8 OPENPKG_2_STABLE_BP:1.2 OPENPKG_2_5_RELEASE:1.2 OPENPKG_2_5_SOLID:1.2.0.6 OPENPKG_2_5_SOLID_BP:1.2 OPENPKG_2_4_RELEASE:1.2 OPENPKG_2_4_SOLID:1.2.0.4 OPENPKG_2_4_SOLID_BP:1.2 OPENPKG_CW_FP:1.2 OPENPKG_2_3_RELEASE:1.2 OPENPKG_2_3_SOLID:1.2.0.2 OPENPKG_2_3_SOLID_BP:1.2 OPENPKG_2_2_RELEASE:1.1 OPENPKG_2_2_SOLID:1.1.0.10 OPENPKG_2_2_SOLID_BP:1.1 OPENPKG_2_1_RELEASE:1.1 OPENPKG_2_1_SOLID:1.1.0.8 OPENPKG_2_1_SOLID_BP:1.1 OPENPKG_2_0_RELEASE:1.1 OPENPKG_2_0_SOLID:1.1.0.6 OPENPKG_2_0_SOLID_BP:1.1 OPENPKG_1_2_SOLID:1.1.0.4 OPENPKG_1_3_RELEASE:1.1.2.1 OPENPKG_1_3_SOLID:1.1.2.1.0.2 OPENPKG_1_3_SOLID_BP:1.1.2.1 OPENPKG_1_STABLE:1.1.0.2 OPENPKG_1_STABLE_MP:1.1; locks; strict; comment @# @; 1.2 date 2004.11.04.07.52.20; author tho; state Exp; branches; next 1.1; 1.1 date 2003.07.22.12.30.25; author rse; state Exp; branches 1.1.2.1 1.1.4.1; next ; 1.1.2.1 date 2003.07.24.20.44.15; author rse; state Exp; branches 1.1.2.1.2.1; next ; 1.1.2.1.2.1 date 2003.10.19.07.09.42; author thl; state Exp; branches; next ; 1.1.4.1 date 2003.10.19.07.12.51; author thl; state Exp; branches; next ; desc @@ 1.2 log @upgrading package: ircd 2.10.3p7 -> 2.11.0 @ text @Index: support/config.h.dist --- support/config.h.dist.orig 2004-11-02 23:37:19 +0100 +++ support/config.h.dist 2004-11-03 12:18:55 +0100 @@@@ -468,11 +468,7 @@@@ /* ** Define delimiter of fields in ircd.conf. */ -#ifdef INET6 -# define IRCDCONF_DELIMITER '%' -#else -# define IRCDCONF_DELIMITER ':' -#endif +#define IRCDCONF_DELIMITER ';' /* * Max number of channels a user is allowed to join. Index: support/configure --- support/configure.orig 2004-10-21 23:47:46 +0200 +++ support/configure 2004-11-03 12:27:07 +0100 @@@@ -3581,7 +3581,7 @@@@ if echo "$irc_cv_solaris_2" | egrep "^2\.(0|1|2)" >/dev/null; then cat >>confdefs.h <<\_ACEOF -#define SOLARIS_2_0_2_1_2_2 1 + _ACEOF elif echo "$irc_cv_solaris_2" | grep "^2\.3" >/dev/null; then @ 1.1 log @speclint police: move ircd.patch into CVS and merge with ircd.freebsd.patch files @ text @d1 8 a8 6 --- common/os.h.orig Thu Feb 3 18:57:00 2000 +++ common/os.h Tue Oct 16 17:56:26 2001 @@@@ -744,7 +744,7 @@@@ 0, 0, 0, 0, 0}; # endif d10 1 a10 8 +# define IRCDCONF_DELIMITER ';' #else # define AFINET AF_INET @@@@ -757,5 +757,5 @@@@ # define IN_ADDR in_addr # define WHOSTENTP(x) (x) d12 2 a13 5 +# define IRCDCONF_DELIMITER ';' #endif --- support/configure Tue Jan 14 12:20:16 2003 +++ support/configure Tue Jan 14 12:29:41 2003 @@@@ -1308,7 +1308,6 @@@@ d15 6 d22 2 a23 1 cat >> confdefs.h <<\EOF d25 2 a26 1 EOF @ 1.1.4.1 log @SA-2003.045-ircd; CAN-2003-0864 @ text @d1 5 a5 18 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0864 Buffer overflow in m_join in channel.c for IRCnet IRCD 2.10.x to 2.10.3p3 allows local users to cause a denial of service http://akson.sgh.waw.pl/~chopin/ircd/patches/m_join.diff Please be advised, that it is strongly recommended to upgrade to version 2.10.3p5, not only apply that patch. Thank you. --- ircd/channel.c.orig Fri Oct 10 22:34:05 2003 +++ ircd/channel.c Sat Oct 11 00:03:40 2003 @@@@ -2001,7 +2001,7 @@@@ Reg Link *lp; Reg aChannel *chptr; Reg char *name, *key = NULL; - int i, flags = 0; + int i, tmplen, flags = 0; char *p = NULL, *p2 = NULL, *s, chop[5]; d7 2 a8 23 if (parc < 2 || *parv[1] == '\0') @@@@ -2150,10 +2150,20 @@@@ parv[0]), name); continue; } + tmplen = strlen(name); + if (i + tmplen + 2 /* comma and \0 */ + >= sizeof(jbuf) ) + { + + break; + + } if (*jbuf) - (void)strcat(jbuf, ","); - (void)strncat(jbuf, name, sizeof(jbuf) - i - 1); - i += strlen(name)+1; + { + jbuf[i++] = ','; + } + (void)strcpy(jbuf + i, name); + i += tmplen; } d10 19 a28 19 p = NULL; @@@@ -2305,6 +2315,16 @@@@ parv[0], name, chop); else if (*chptr->chname != '&') { + /* ":" (1) "nick" (NICKLEN) " JOIN :" (7), comma (1) + ** possible chop (4), ending \r\n\0 (3) = 16 + ** must fit in the cbuf as well! --B. */ + if (strlen(cbuf) + strlen(name) + NICKLEN + 16 + >= sizeof(cbuf)) + { + sendto_serv_butone(cptr, ":%s JOIN :%s", + parv[0], cbuf); + cbuf[0] = '\0'; + } if (*cbuf) strcat(cbuf, ","); strcat(cbuf, name); @ 1.1.2.1 log @mass Merge-From-CURRENT (MFC) in preparation for OpenPKG 1.3 [class BASE only] @ text @@ 1.1.2.1.2.1 log @SA-2003.045-ircd; CAN-2003-0864 @ text @a28 62 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0864 Buffer overflow in m_join in channel.c for IRCnet IRCD 2.10.x to 2.10.3p3 allows local users to cause a denial of service http://akson.sgh.waw.pl/~chopin/ircd/patches/m_join.diff Please be advised, that it is strongly recommended to upgrade to version 2.10.3p5, not only apply that patch. Thank you. --- ircd/channel.c.orig Fri Oct 10 22:34:05 2003 +++ ircd/channel.c Sat Oct 11 00:03:40 2003 @@@@ -2001,7 +2001,7 @@@@ Reg Link *lp; Reg aChannel *chptr; Reg char *name, *key = NULL; - int i, flags = 0; + int i, tmplen, flags = 0; char *p = NULL, *p2 = NULL, *s, chop[5]; if (parc < 2 || *parv[1] == '\0') @@@@ -2150,10 +2150,20 @@@@ parv[0]), name); continue; } + tmplen = strlen(name); + if (i + tmplen + 2 /* comma and \0 */ + >= sizeof(jbuf) ) + { + + break; + + } if (*jbuf) - (void)strcat(jbuf, ","); - (void)strncat(jbuf, name, sizeof(jbuf) - i - 1); - i += strlen(name)+1; + { + jbuf[i++] = ','; + } + (void)strcpy(jbuf + i, name); + i += tmplen; } p = NULL; @@@@ -2305,6 +2315,16 @@@@ parv[0], name, chop); else if (*chptr->chname != '&') { + /* ":" (1) "nick" (NICKLEN) " JOIN :" (7), comma (1) + ** possible chop (4), ending \r\n\0 (3) = 16 + ** must fit in the cbuf as well! --B. */ + if (strlen(cbuf) + strlen(name) + NICKLEN + 16 + >= sizeof(cbuf)) + { + sendto_serv_butone(cptr, ":%s JOIN :%s", + parv[0], cbuf); + cbuf[0] = '\0'; + } if (*cbuf) strcat(cbuf, ","); strcat(cbuf, name); @