VooDoo cIRCle

File Release Notes and Changelog

Release Name: 1.0.33

Notes:
Release version 1.0.33
Date: 2005-04-26
Bug fix: No more responses to CTCP quoted NOTICE's (RFC is saying strictly that there MUST NOT be automatic reply to NOTICE). However, CTCP request is only PRIVMSG, not NOTICE.
Bug fix: ...many forgotten bug fixes related to CTCP messages handling.
Bug fix: Packets received on BOTNET with commands from protocol BOTNET 5 and later were not fully functioning.
Security minor bug fix: There was possibility of buffer overflow while receiving specially crafted packet on BOTNET connection which could crash bot. Since the length of buffer was not tested inside the packet frame, but packet as whole was tested, there is not possibility of disclosure of sensitive information, nor execution of arbitrary code. However, it is still needed for intruder to know password of remote bot, and, if SSL connection is only allowed for remote bot, it needs correct client's certificate to process these crafted packets; without previous successful authentication it is not possible. (affected versions: from 1.0.20 to 1.0.32 inclusive)
Semi-bug fix: Fixed unknown mode +i panic warning in debug log on UnrealIRCd.
Improvement: Added on_broadcast event to catch IRC operators' PRIVMSG's and NOTICE's separately from other messages so far passed to private definitions section's on_privmsg and on_notice events - from now not.
Improvement: Added on_server_msg event to channel definition and private definition.
Improvement: Added informations about current IRC server host/port to PHP script.
Improvement: From now on, using YYYY-MM-DD style of timestamp in ChangeLog, as recommended international format of date, instead of YYYY/MM/DD :-)


Changes:
Release version 1.0.33
Date: 2005-04-26
Bug fix: No more responses to CTCP quoted NOTICE's (RFC is saying strictly that there MUST NOT be automatic reply to NOTICE). However, CTCP request is only PRIVMSG, not NOTICE.
Bug fix: ...many forgotten bug fixes related to CTCP messages handling.
Bug fix: Packets received on BOTNET with commands from protocol BOTNET 5 and later were not fully functioning.
Security minor bug fix: There was possibility of buffer overflow while receiving specially crafted packet on BOTNET connection which could crash bot. Since the length of buffer was not tested inside the packet frame, but packet as whole was tested, there is not possibility of disclosure of sensitive information, nor execution of arbitrary code. However, it is still needed for intruder to know password of remote bot, and, if SSL connection is only allowed for remote bot, it needs correct client's certificate to process these crafted packets; without previous successful authentication it is not possible. (affected versions: from 1.0.20 to 1.0.32 inclusive)
Semi-bug fix: Fixed unknown mode +i panic warning in debug log on UnrealIRCd.
Improvement: Added on_broadcast event to catch IRC operators' PRIVMSG's and NOTICE's separately from other messages so far passed to private definitions section's on_privmsg and on_notice events - from now not.
Improvement: Added on_server_msg event to channel definition and private definition.
Improvement: Added informations about current IRC server host/port to PHP script.
Improvement: From now on, using YYYY-MM-DD style of timestamp in ChangeLog, as recommended international format of date, instead of YYYY/MM/DD :-)