Commit Graph

5938 Commits

Author SHA1 Message Date
Alexey Sokolov 7456cbaf02 Merge pull request #2016 from MarkLee131/fix/addheader-crlf-guard
HTTPSock: reject CR/LF in AddHeader name/value
2026-04-27 01:38:00 +01:00
Alexey Sokolov 8f5425f99c Merge pull request #1999 from znc/dependabot/github_actions/codecov/codecov-action-6
Bump codecov/codecov-action from 5 to 6
2026-04-25 11:46:08 +01:00
Alexey Sokolov 2a1844ee4e Merge pull request #2000 from znc/dependabot/github_actions/docker/login-action-4
Bump docker/login-action from 3 to 4
2026-04-25 11:45:34 +01:00
Alexey Sokolov 939d2b6c30 Merge pull request #1998 from znc/dependabot/github_actions/docker/metadata-action-6
Bump docker/metadata-action from 5 to 6
2026-04-25 11:45:05 +01:00
Alexey Sokolov 7540979707 Merge pull request #1997 from znc/dependabot/github_actions/docker/build-push-action-7
Bump docker/build-push-action from 6 to 7
2026-04-25 11:44:40 +01:00
Alexey Sokolov 0f1c646e5e Merge pull request #1991 from znc/dependabot/github_actions/actions/upload-artifact-7
Bump actions/upload-artifact from 6 to 7
2026-04-25 11:44:23 +01:00
MarkLee131 20e8f73b03 HTTPSock: extract IsValidHeaderField helper and add tests (#2010) 2026-04-25 17:38:31 +08:00
MarkLee131 04cf89beec HTTPSock: reject CR/LF in AddHeader name/value
AddHeader wrote its arguments straight into the response stream. No
in-tree caller reaches it with attacker-controlled bytes today, but the
public API is exposed to module authors; one bad caller would be a
header-injection bug. Filter at the entry rather than at every caller.
2026-04-25 10:38:31 +08:00
dependabot[bot] 9ff31be416 Bump docker/login-action from 3 to 4
Bumps [docker/login-action](https://github.com/docker/login-action) from 3 to 4.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-04-01 15:21:14 +00:00
dependabot[bot] 0fe69f3145 Bump codecov/codecov-action from 5 to 6
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5 to 6.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v5...v6)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-04-01 15:21:09 +00:00
dependabot[bot] 4825289561 Bump docker/metadata-action from 5 to 6
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5 to 6.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](https://github.com/docker/metadata-action/compare/v5...v6)

---
updated-dependencies:
- dependency-name: docker/metadata-action
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-04-01 15:21:05 +00:00
dependabot[bot] 05aa47bd91 Bump docker/build-push-action from 6 to 7
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6 to 7.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v6...v7)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-04-01 15:20:59 +00:00
Alexey Sokolov 8566db72dd Merge pull request #1995 from jabberwock/fix/getparamscolon-bounds-check
Message: add bounds check in GetParamsColon when uIdx >= params.size()
2026-03-17 18:05:39 +00:00
jabberwock 20908fc2d1 test: add GetParamsColon unit tests including out-of-bounds uIdx cases 2026-03-17 09:39:50 -07:00
jabberwock 94aeaa02bf Message: add bounds check in GetParamsColon when uIdx >= params.size()
Without this check, when uIdx >= m_vsParams.size() and the vector is
non-empty, the subtraction in the clamp condition underflows to SIZE_MAX.
GetParamsSplit() already has the equivalent check at the top of the
function; this brings GetParamsColon() in line with it.

Fixes #1994
2026-03-17 09:39:50 -07:00
Alexey Sokolov 55d34645de Merge pull request #1992 from TehPeGaSuS/patch-2
Fix formatting in ZNC connection message
2026-03-10 18:45:27 +00:00
TehPeGaSuS 4c0483adfa Use user configured network
Use user configured network on the IRC client connection message example, so it turns from `/server <znc_server_ip> 1025 Admin:<pass>` to `/server <znc_server_ip> 1025 Admin/libera:<pass>`.

Should have done this from the start... 😅
2026-03-10 10:26:35 +01:00
TehPeGaSuS 9cb82dad06 Fix formatting in ZNC connection message
Make IRC client connection example consistent with the line above
2026-03-10 10:02:55 +01:00
dependabot[bot] e76c4df386 Bump actions/upload-artifact from 6 to 7
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6 to 7.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v6...v7)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-03-01 12:32:22 +00:00
Alexey Sokolov 84be3d0f0b Merge pull request #1990 from danny8376/webadmin-pass-w-space
Fix webadmin serverlist parsing for password containing space
2026-02-27 00:00:45 +00:00
DannyAAM c2a760709c Fix webadmin serverlist parsing for password containing space 2026-02-26 21:57:50 +08:00
Alexey Sokolov ad7bd6d7ee Don't try to join channel which ZNC is already on.
When Goguma connects to ZNC, it joins the joined channels again and
again, triggering flood protection.

Note: even with this fix, the Goguma+ZNC experience is still pretty bad
and requires doing something about repeating chat history
2026-01-26 22:15:23 +00:00
Alexey Sokolov a187ae180e Merge pull request #1987 from znc/dependabot/github_actions/actions/upload-artifact-6
Bump actions/upload-artifact from 5 to 6
2026-01-01 17:01:41 +00:00
Alexey Sokolov e9a1f0d975 Merge pull request #1989 from Un1matr1x/issues/1988
Welcome to 2026
2026-01-01 14:55:26 +00:00
Falk Rund ad6a397ca4 Welcome to 2026
[skip ci]
2026-01-01 13:44:32 +01:00
dependabot[bot] bd99d51122 Bump actions/upload-artifact from 5 to 6
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 5 to 6.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-01-01 12:01:34 +00:00
Alexey Sokolov 418628a0d9 Merge pull request #1985 from znc/dependabot/github_actions/actions/checkout-6
Bump actions/checkout from 5 to 6
2025-12-12 01:09:26 +00:00
ZNC-Jenkins fbfd391ec3 Update translations from Crowdin for bg_BG 2025-12-11 00:27:03 +00:00
dependabot[bot] 1ae1b0a520 Bump actions/checkout from 5 to 6
Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-12-10 00:59:37 +00:00
Alexey Sokolov d8b8c16783 Merge branch '1.10.x' 2025-12-10 00:55:07 +00:00
Dominique Leuenberger 49af1c8d53 Fix build with SWIG 4.4
SWIG 4.4 has dropped the usage of SWIG_NULLPTR again, which means we can't
rely on its presence to identify SWIG >= 4.2.0

Generate a swig_version.h by parsing the output of `swig -version` and
writing this in a hex representation

Fixes #1979
2025-12-10 00:34:39 +00:00
ZNC-Jenkins 18416d7df6 Update translations from Crowdin for 2025-12-06 00:26:11 +00:00
ZNC-Jenkins 7c2571ff03 Update translations from Crowdin for 2025-12-06 00:26:10 +00:00
ZNC-Jenkins 0d651d6f67 Update translations from Crowdin for de_DE 2025-11-20 00:26:22 +00:00
ZNC-Jenkins bfa58f6892 Update translations from Crowdin for de_DE 2025-11-20 00:26:21 +00:00
ZNC-Jenkins 4aa81e07f6 Update translations from Crowdin for 2025-11-15 00:29:28 +00:00
ZNC-Jenkins 7747f9bb1d Update translations from Crowdin for 2025-11-15 00:29:23 +00:00
ZNC-Jenkins ea22b297fc Update translations from Crowdin for de_DE nl_NL 2025-11-10 00:26:12 +00:00
ZNC-Jenkins 4115baa9f4 Update translations from Crowdin for de_DE nl_NL 2025-11-10 00:26:11 +00:00
ZNC-Jenkins 74a5da185c Update translations from Crowdin for de_DE 2025-11-09 00:26:22 +00:00
ZNC-Jenkins 3427c58246 Update translations from Crowdin for de_DE 2025-11-09 00:26:17 +00:00
ZNC-Jenkins 7847b4c007 Update translations from Crowdin for 2025-11-08 00:26:26 +00:00
ZNC-Jenkins 530b2ac7b8 Update translations from Crowdin for 2025-11-08 00:26:25 +00:00
ZNC-Jenkins cb1d4aae94 Update translations from Crowdin for de_DE 2025-11-07 00:26:39 +00:00
Alexey Sokolov 81a76a05b0 Merge pull request #1982 from bastelratte/syntax_de
Update autoreply.de_DE.po
2025-11-06 00:57:00 +00:00
bastelratte 97fc8be37a Update autoreply.de_DE.po
Correction DE when = wenn
2025-11-05 21:14:08 +01:00
Alexey Sokolov 2df0206d06 Merge pull request #1980 from znc/dependabot/github_actions/actions/upload-artifact-5
Bump actions/upload-artifact from 4 to 5
2025-11-01 12:38:56 +00:00
Alexey Sokolov cf889c1727 Merge pull request #1981 from znc/dependabot/github_actions/github/codeql-action-4
Bump github/codeql-action from 3 to 4
2025-11-01 12:38:19 +00:00
dependabot[bot] 1586688217 Bump github/codeql-action from 3 to 4
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-11-01 12:01:28 +00:00
dependabot[bot] 19b3cc0e2b Bump actions/upload-artifact from 4 to 5
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 5.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-11-01 12:01:23 +00:00