-- ChangeLog --
+ngIRCd 21
+
+ - Enforce "penalty times" on error conditions more consistently and in
+ more places. Now most error codes sent back from the IRC server to the
+ client should result in a 2 second "penalty".
+ - Implement a new configuration option "AllowedChannelTypes" that lists
+ all allowed channel types (channel prefixes) for newly created channels
+ on the local server. By default, all supported channel types are allowed.
+ If set to the empty string, local clients can't create new channels at
+ all, which equals the old "PredefChannelsOnly = yes" setting.
+ This change deprecates the "PredefChannelsOnly" variable, too, but it is
+ still supported and translated to the apropriate "AllowedChannelTypes"
+ setting. When the old "PredefChannelsOnly" variable is processed, a
+ warning message is logged. (Closes bug #152)
+ - Add support for "client certificate fingerprinting". When a client
+ passes an SSL certificate to the server, the "fingerprint" will be
+ forwarded in the network which enables IRC services to identify the
+ user using this certificate and not using passwords.
+ - IRC Operator names, as defined in ngircd.conf, are logged now when
+ handling successful OPER commands.
+ - Some error conditions while handling IRC commands, like "permission
+ denied" or "need more parameters", result in more penalty times.
+ - The numeric replies of some commands became split too early which
+ resulted in more numeric reply lines than necessary.
+ - Implement a new configuration option "IncludeDir" in the "[Options]"
+ section that can be used to specify a directory which can contain
+ further configuration files and configuration file snippets matching
+ the pattern "*.conf". These files are read in after the main server
+ configuration file ("ngircd.conf" by default) has been read in and
+ parsed. The default is "$SYSCONFDIR/ngircd.conf.d", so that it is
+ possible to adjust the configuration only by placing additional files
+ into this directory. (Closes bug #157)
+ - Fix use-after-free in the Lists_CheckReason() function, which is used
+ to check if a client is a member of a particular ban/invite/... list.
+ - Xcode: fix detection of host OS, vendor, and CPU type.
+ - OS X PackageMaker: use relative path names in project files and package
+ with correct file permissions (requires root privileges on "make").
+ - Add Travis-CI configuration file (".travis.yml") to project.
+ - Look for possible cloaked Masks in Lists. Users with +x usermode can
+ be banned with their cloaked hostname now.
+ - Don't read SSL client data before DNS resolver is finished which could
+ have resulted in discarding the resolved client hostname and IDENT
+ reply afterwards, because in some situations (timing dependent) the
+ NICK and USER commands could have already been read in from the client,
+ stored in the buffer, and been processed.
+ Thanks to Julian Brost for reporting the issue and testing, and to
+ Federico G. Schwindt <fgsch@lodoss.net> for helping to debug it!
+ - Increase password length limit to 64 characters. (Closes bug #154)
+ - doc/Services.txt: Update Anope status and URL.
+ - Clean up Xcode project file, remove outdated files, add missing ones.
+ - Update Doxygen configuration file.
+ - configure: search for iconv_open as well as libiconv_open, because
+ on some installations iconv_open() is actually libiconv_open().
+ iconv_open() is the glibc version while libiconv_open() is the
+ libiconv version, now both variants are supported. (Closes bug #151)
+ - ngIRCd now accepts user names including "@" characters, saves the
+ unmodified name for authentication but stores only the part in front
+ of the "@" character as "IRC user name". And the latter is how
+ ircd2.11, Bahamut, and irc-seven behave as well. (Closes bug #155)
+ - Lots of IRC "information functions" like ADMIN, INFO, ... now accept
+ server masks and names of connected users (in addition to server names)
+ for specifying the target server of the command. (Closes bug #153)
+ - Implement a new configuration option "IdleTimeout" in the "[Limits]"
+ section of the configuration file which can be used to set a timeout
+ in seconds after which the whole daemon will shutdown when no more
+ connections are left active after handling at least one client.
+ The default is 0, "never".
+ This can be useful for testing or when ngIRCd is started using "socket
+ activation" with systemd(8), for example.
+ - Implement support for systemd(8) "socket activation".
+ - contrib/README: add description for more files.
+ - Enable WHOIS to display information about IRC Services using the new
+ numeric 310(RPL_WHOISSERVICE) This numeric is used for this purpose by
+ InspIRCd, for example -- but as usual, other numerics are in use, too,
+ like 613 in UltimateIRCd ...
+ Please note that neither the Operator (+o) not the "bot status" (+B)
+ of an IRC service id displayed in the output.
+ - Exit message: use singular & plural :-)
+ - autogen.sh: Check for autoconf/automake wrapper scripts
+ - Add missing punctuation marks in log messages, adjust some severity
+ levels, and make SSL-related messages more readable.
+ - AUTHORS file: Update list of contributors.
+ - Update systemd(8) example configuration files in ./contrib/ directory:
+ the "ngircd.service" file now uses the "forking" service type which
+ enhances the log messages shown by "systemctl status ngircd.service",
+ and the new "ngircd.socket" file configures a systemd socket that
+ configures a socket for ngIRCd and launches the daemon on demand.
+ - Enhance help system and the HELP command: now a "help text file" can be
+ set using the new configuration option "HelpFile" ("global" section),
+ which is read in and parsed on server startup and configuration reload,
+ and then is used to output individual help texts to specific topics.
+ Please see the file ./doc/Commands.txt for details.
+
+ngIRCd 20.3 (2013-08-23)
+
+ - Security: Fix a denial of service bug (server crash) which could happen
+ when the configuration option "NoticeAuth" is enabled (which is NOT the
+ default) and ngIRCd failed to send the "notice auth" messages to new
+ clients connecting to the server (CVE-2013-5580).
+
+ngIRCd 20.2 (2013-02-15)
+
+ - Security: Fix a denial of service bug in the function handling KICK
+ commands that could be used by arbitrary users to to crash the daemon
+ (CVE-2013-1747).
+ - WHO command: Use the currently "displayed hostname" (which can be cloaked!)
+ for hostname matching, not the real one. In other words: don't display all
+ the cloaked users on a specific real hostname!
+ - configure: The header file "netinet/in_systm.h" already is optional in
+ ngIRCd, so don't require it in the configure script. Now ngIRCd can be
+ built on Minix 3 again :-)
+ - Return better "Connection not registered as server link" errors: Now ngIRCd
+ returns a more specific error message for numeric ERR_NOTREGISTERED(451)
+ when a regular user tries to use a command that isn't allowed for users but
+ for servers.
+ - Don't report ERR_NEEDMOREPARAMS(461) when a MDOE command with more modes
+ than nicknames is handled, as well as for channel limit and key changes
+ without specifying the limit or key parameters.
+ This is how a lot (all?) other IRC servers behave, including ircd2.11,
+ InspIRCd, and ircd-seven. And because of clients (tested with Textual and
+ mIRC) sending bogus MODE commands like "MODE -ooo nick", end-users got the
+ expected result as well as correct but misleading error messages ...
+ - Correctly detect when SSL subsystem must be initialized and take
+ outgoing connections (server links!) into account, too.
+ - autogen.sh: Enforce serial test harness on GNU automake >=1.13. The
+ new parallel test harness which is enabled by default starting with
+ automake 1.13 isn't compatible with our test suite.
+ And don't use "egrep -o", instead use "sed", because it isn't portable
+ and not available on OpenBSD, for example.
+
ngIRCd 20.1 (2013-01-02)
- Allow ERROR command on server and service links only, ignore them and
- Allow user names ("INDENT") up to 20 characters when ngIRCd has not
been configured for "strict RFC mode". This is useful if you are using
- external (PAM) authenticaion mechanisms that require longer user names.
+ external (PAM) authentication mechanisms that require longer user names.
Patch suggested by Brett Smith <brett@w3.org>, see
<http://arthur.barton.de/pipermail/ngircd-ml/2012-October/000579.html>.