security fix necessitating 2.5.1

hace 3 años · 4860c5cad0
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,17 @@
 
				
				 # Changelog
			
 
				
				 All notable changes to Oragono will be documented in this file.
			
 
				
				 
			
 
				
				+## [2.5.1] - 2021-02-02
			
 
				
				+
			
 
				
				+Oragono 2.5.1 is a bugfix release that fixes a significant security issue. We apologize for the oversight.
			
 
				
				+
			
 
				
				+This release includes no changes to the config file format or the database.
			
 
				
				+
			
 
				
				+Many thanks to [@xnaas](https://github.com/xnaas) for reporting the issue.
			
 
				
				+
			
 
				
				+### Security
			
 
				
				+* Fix an incorrect permissions check in NickServ (#1520, thanks [@xnaas](https://github.com/xnaas)!)
			
 
				
				+
			
 
				
				 ## [2.5.0] - 2021-01-31
			
 
				
				 
			
 
				
				 We're pleased to announce Oragono 2.5.0, a new stable release.
			
--- a/irc/nickserv.go
+++ b/irc/nickserv.go
@@ -1148,7 +1148,7 @@ func nsClientsLogoutHandler(service *ircService, server *Server, client *Client,
 
				
				 		// User must have "kill" privileges to logout other user sessions.
			
 
				
				 		if target != client {
			
 
				
				 			oper := client.Oper()
			
 
				
				-			if oper.HasRoleCapab("kill") {
			
 
				
				+			if !oper.HasRoleCapab("kill") {
			
 
				
				 				service.Notice(rb, client.t("Insufficient oper privs"))
			
 
				
				 				return
			
 
				
				 			}
			
--- a/irc/version.go
+++ b/irc/version.go
@@ -7,7 +7,7 @@ import "fmt"
 
				
				 
			
 
				
				 const (
			
 
				
				 	// SemVer is the semantic version of Oragono.
			
 
				
				-	SemVer = "2.6.0-unreleased"
			
 
				
				+	SemVer = "2.5.1"
			
 
				
				 )
			
 
				
				 
			
 
				
				 var (