I have fixed motd issue

.github/workflows/ci.yml

@@ -45,3 +45,4 @@ jobs:
       run: make -j2
     - name: make install
       run: make install
+

include/cache.h

@@ -44,7 +44,7 @@ void load_help(void);
 void send_user_motd(struct Client *);
 void send_user_rules(struct Client *);
 void send_oper_motd(struct Client *);
-void cache_user_motd(void);
+void cache_user_motd(struct Client *source_p);
 void cache_user_rules(void);
 
 struct Dictionary;

include/send.h

@@ -64,6 +64,7 @@ extern void sendto_channel_local(int type, struct Channel *, const char *, ...)
 extern void sendto_channel_local_butone(struct Client *, int type, struct Channel *, const char *, ...) AFP(4, 5);
 
 extern void sendto_channel_local_with_capability(int type, int caps, int negcaps, struct Channel *, const char *, ...) AFP(5, 6);
+extern void sendto_channel_local_with_capability_butone(struct Client *, int type, int caps, int negcaps, struct Channel *, const char *, ...) AFP(6, 7);
 
 extern void sendto_common_channels_local(struct Client *, int cap, const char *, ...) AFP(3, 4);
 extern void sendto_common_channels_local_butone(struct Client *, int cap, const char *, ...) AFP(3, 4);

libratbox/src/openssl.c

@@ -392,25 +392,69 @@ rb_setup_ssl_server(const char *const certfile, const char *keyfile,
 	}
 	else
 	{
-		FILE *const dhf = fopen(dhfile, "r");
+		BIO *const bio = BIO_new_file(dhfile, "r");
 		DH *dhp = NULL;
 
-		if(dhf == NULL)
+		if(bio == NULL)
 		{
-			rb_lib_log("%s: fopen ('%s'): %s", __func__, dhfile, strerror(errno));
+			rb_lib_log("%s: BIO_new_file ('%s'): %s", __func__, dhfile, strerror(errno));
 		}
-		else if(PEM_read_DHparams(dhf, &dhp, NULL, NULL) == NULL)
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L && !defined(LIBRESSL_VERSION_NUMBER)
+		/* OpenSSL 3.0+ - use EVP_PKEY API */
+		else
+		{
+			EVP_PKEY *pkey = NULL;
+			OSSL_DECODER_CTX *ctx = NULL;
+
+			ctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "PEM", NULL, "DH",
+			                                     OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
+			                                     NULL, NULL);
+			if(ctx == NULL)
+			{
+				rb_lib_log("%s: OSSL_DECODER_CTX_new_for_pkey: %s", __func__,
+				           rb_ssl_strerror(rb_ssl_last_err()));
+				BIO_free(bio);
+			}
+			else if(OSSL_DECODER_from_bio(ctx, bio) == 1)
+			{
+				dhp = EVP_PKEY_get1_DH(pkey);
+				if(dhp != NULL)
+				{
+					SSL_CTX_set_tmp_dh(ssl_ctx_new, dhp);
+					DH_free(dhp);
+					EVP_PKEY_free(pkey);
+				}
+				else
+				{
+					rb_lib_log("%s: EVP_PKEY_get1_DH: %s", __func__,
+					           rb_ssl_strerror(rb_ssl_last_err()));
+					EVP_PKEY_free(pkey);
+				}
+			}
+			else
+			{
+				rb_lib_log("%s: OSSL_DECODER_from_bio ('%s'): %s", __func__, dhfile,
+				           rb_ssl_strerror(rb_ssl_last_err()));
+				EVP_PKEY_free(pkey);
+			}
+			OSSL_DECODER_CTX_free(ctx);
+			BIO_free(bio);
+		}
+#else
+		/* OpenSSL < 3.0 or LibreSSL - use legacy API */
+		else if(PEM_read_bio_DHparams(bio, &dhp, NULL, NULL) == NULL)
 		{
-			rb_lib_log("%s: PEM_read_DHparams ('%s'): %s", __func__, dhfile,
+			rb_lib_log("%s: PEM_read_bio_DHparams ('%s'): %s", __func__, dhfile,
 			           rb_ssl_strerror(rb_ssl_last_err()));
-			fclose(dhf);
+			BIO_free(bio);
 		}
 		else
 		{
 			SSL_CTX_set_tmp_dh(ssl_ctx_new, dhp);
 			DH_free(dhp);
-			fclose(dhf);
+			BIO_free(bio);
 		}
+#endif
 	}
 
 	if(SSL_CTX_set_cipher_list(ssl_ctx_new, cipherlist) != 1)

libratbox/src/openssl_ratbox.h

@@ -30,8 +30,12 @@
 #include <openssl/evp.h>
 #include <openssl/rand.h>
 #include <openssl/ssl.h>
+#include <openssl/bio.h>
 
 #include <openssl/opensslv.h>
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L && !defined(LIBRESSL_VERSION_NUMBER)
+#include <openssl/decoder.h>
+#endif
 
 /*
  * A long time ago, in a world far away, OpenSSL had a well-established mechanism for ensuring compatibility with

modules/m_rehash.c

@@ -86,56 +86,73 @@ rehash_dns(struct Client *source_p)
 static void
 rehash_ssld(struct Client *source_p)
 {
-    if (!IsOperAdmin(source_p)) {
-        sendto_one(source_p, form_str(ERR_NOPRIVS),
-                   me.name, source_p->name, "admin");
-        return;
-    }
-    sendto_realops_snomask(SNO_GENERAL, L_ALL, "%s is restarting ssld",
+    sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
+                           "%s is restarting ssld",
                            get_oper_name(source_p));
+    if (!MyConnect(source_p))
+        remote_rehash_oper_p = source_p;
 
     restart_ssld();
 }
 
 static void
 rehash_motd(struct Client *source_p)
 {
-    struct stat sb;
-    struct tm *local_tm;
-
     sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
                            "%s is forcing re-reading of MOTD file",
                            get_oper_name(source_p));
     if (!MyConnect(source_p))
         remote_rehash_oper_p = source_p;
 
-    free_cachefile(user_motd);
-    user_motd = cache_file(MPATH, "ircd.motd", 0);
+    cache_user_motd(source_p);
+}
+
+static void
+rehash_rules(struct Client *source_p)
+{
+    struct cachefile *old_rules;
+    struct cachefile *new_rules;
 
-    if(stat(MPATH, &sb) == 0) {
-        local_tm = localtime(&sb.st_mtime);
-
-        if(local_tm != NULL) {
-            rb_snprintf(user_motd_changed, sizeof(user_motd_changed),
-                        "%d/%d/%d %d:%d",
-                        local_tm->tm_mday, local_tm->tm_mon + 1,
-                        1900 + local_tm->tm_year, local_tm->tm_hour,
-                        local_tm->tm_min);
-        }
+    sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
+                           "%s is forcing re-reading of RULES file",
+                           get_oper_name(source_p));
+    if (!MyConnect(source_p))
+        remote_rehash_oper_p = source_p;
+
+    /* Load new cache first, then swap pointer, then free old cache.
+     * This prevents use-after-free if send_user_rules is iterating. */
+    new_rules = cache_file(RPATH, "ircd.rules", 0);
+    if(new_rules != NULL) {
+        /* Only update if new cache loaded successfully */
+        old_rules = user_rules;
+        user_rules = new_rules;
+        free_cachefile(old_rules);
     }
+    /* If new_rules is NULL (file missing/error), keep old RULES */
 }
 
 static void
 rehash_omotd(struct Client *source_p)
 {
+    struct cachefile *old_motd;
+    struct cachefile *new_motd;
+
     sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
                            "%s is forcing re-reading of OPER MOTD file",
                            get_oper_name(source_p));
     if (!MyConnect(source_p))
         remote_rehash_oper_p = source_p;
 
-    free_cachefile(oper_motd);
-    oper_motd = cache_file(OPATH, "opers.motd", 0);
+    /* Load new cache first, then swap pointer, then free old cache.
+     * This prevents use-after-free if send_oper_motd is iterating. */
+    new_motd = cache_file(OPATH, "opers.motd", 0);
+    if(new_motd != NULL) {
+        /* Only update if new cache loaded successfully */
+        old_motd = oper_motd;
+        oper_motd = new_motd;
+        free_cachefile(old_motd);
+    }
+    /* If new_motd is NULL (file missing/error), keep old MOTD */
 }
 
 static void