ngIRCd - Next Generation IRC Server
http://ngircd.barton.de/
- (c)2001-2013 Alexander Barton and Contributors.
+ (c)2001-2014 Alexander Barton and Contributors.
ngIRCd is free software and published under the
terms of the GNU General Public License.
-- ChangeLog --
-ngIRCd 21
-
+ngIRCd 22
+
+ - Match all list patterns case-insensitive: this affects the invite-,
+ ban-, and except lists, as well as G-Lines an K-Lines.
+ Problem pointed out by "wowaname" on #ngircd, thanks!
+
+ ngIRCd 22~rc1 (2014-09-29)
+ - Sync "except lists" between servers: Up to now, ban, invite, and G-Line
+ lists have been synced between servers while linking -- but obviously
+ nobody noticed that except list have been missing ever since. Until now.
+ Thanks to "j4jackj", who reported this issue in #ngircd.
+ - Allow longer user names (up to 63 characters) for authentication.
+ - Correctly check that a server has a valid hostname and port, thanks to
+ David Binderman <dcb314@hotmail.com> who reported this bug.
+ - Fix the function which generates complete "IRC masks" from user input,
+ don't destroy the source buffer and use all provided parts (nick, user,
+ host name). This fixes GLINEs/KLINEs from not working in some situations.
+ - Increase MAX_SERVERS from 16 to 64: There are installations out there
+ that would like to configure more than 16 links per server, so increase
+ this limit. Best would be to get rid of MAX_SERVERS altogether and make
+ if fully dynamic, but start with this quick and dirty hack ...
+ - Debian: Don't adjust path names that are correct by default and correctly
+ set and use "docdir".
+ - Update config.guess and config.sub to recent versions.
+ - Test suite/platformtest.sh: Detect when tests have been skipped.
+ - doc/Bopm.txt: Update "connregex" and "kline" for current ngIRCd.
+ - Allow "DefaultUserModes" to set all possible modes, including modes only
+ settable by IRC Operators.
+ - Spoofed prefixes: Really kill connection on non-server links.
+ - Implement user mode "F": "relaxed flood protection". Clients with mode "F"
+ set are allowed to send data to the daemon. This mode is only settable by
+ IRC Operators and can cause problems in the network -- so be careful and
+ only set it on "trusted" clients!
+ User mode "F" is used by Bahamut for this purpose, for example.
+ - Handle "throttling" in a single function: ngIRCd implements "command
+ throttling" and "bps throttling" (bytes per second). The states are
+ detected in different functions, Conn_Handler() and Read_Request(), but
+ handle the actual "throttling" in a common function: this enables us to
+ guarantee consistent behavior and to disable throttling for special
+ connections in only one place
+ - Use server password when PAM is compiled in but disabled.
+ - Streamline punctuation of log messages.
+ - Return ISUPPORT(005) numerics on "VERSION". This is how ircd-seven,
+ Charybdis, Hybrid, and InspIRCd behave, for example.
+ - configure: Only link "contrib/Debian" if it exists, which isn't the case
+ on "VPATH builds", for example.
+ - Show the account name in WHOIS. This uses the same numeric as Charybdis
+ and ircu families: WHOISLOGGEDIN(330).
+ - Pattern matching: Remove "range matching" in our pattern matching code
+ using the "[...]" syntax, because [ and ] are valid characters in nick
+ names and one has to quote them currently using the "\" character, which
+ is quite unexpected for users.
+ - platformtest.sh: New option "-x", don't regenerate build system and
+ allow using separate source and build trees.
+ - Test suite: explicitly enable glibc memory checking.
+ - Make "MODE -k" handling more robust and compatible, send "fake '*' key"
+ in all replies.
+ - Update configure.ng: ngIRCd requires GNU autoconf 2.61 for generating its
+ build system, so update the build system accordingly and implement all
+ changes that autoupdate(1) suggests: Update AC_PREREQ and AC_INIT, use
+ AC_LINK_IFELSE, AC_RUN_IFELSE, and AC_COMPILE_IFELSE, and remove
+ AC_TYPE_SIGNAL (we don't use RETSIGTYPE).
+ - portabtest: Actually test the functions snprintf(), strlcpy(), strlcat(),
+ and vsnprintf() for correctness, not only existence (which was quite
+ useless, because if they weren't available, the program could not have
+ been linked at all ...).
+ - Implement new configuration option "Network": it is used to set the
+ (completely optional) "network name", to which this instance of the
+ daemon belongs. When set, this name is used in the ISUPPORT(005) numeric
+ which is sent to all clients connecting to the server after logging in.
+ - Update doc/Platforms.txt.
+ - Various code cleanups, remove unused code, streamline error handling.
+ Remove all imp.h and exp.h header files, support non-standard vsnprintf()
+ return codes, and fix some K&R C portability issues. Streamline
+ DEBUG_ARRAY, DEBUG_BUFFER, DEBUG_IO, DEBUG_ZIP definitions.
+ - Increase penalty time to 10 seconds when handling OPER commands with an
+ invalid password.
+
+ngIRCd 21.1 (2014-03-25)
+
+ - Don't ignore but use the server password when PAM is compiled in but
+ disabled. Thanks to Roy Sindre Norangshol <roy.sindre@norangshol.no>!
+ - doc/Platforms.txt: Update from master branch.
+ - Really kill connections that send "spoofed prefixes" on non-server links.
+ This fixes commit 6cbe1308 which only killed the connection when the
+ spoofed prefix itself belonged to a non-server client.
+ - CHARCONV command: Fix handling conversion errors, don't overwrite already
+ converted text!
+ - doc/Services.txt: Update information for Anope 2.x.
+ - Correctly use cloaked IRC masks on "INVITE nickname": The cloaked IRC mask
+ of a user is his visible mask, so the daemon has to use it for generating
+ the "one time" entries for the invite list of the given channel, and not
+ the "real" mask which will never match while the target client is "+x", and
+ even worse, will disclose the real mask on "MODE #channel +I" commands :-/
+ Bug reported by Cahata on #ngircd, thanks!
+ - configure: Only link "contrib/Debian" if it exists. This isn't the case on
+ "VPATH builds", for example.
+ - Use $(MKDIR_P) instead of $(mkinstalldirs) in Makefile's and test for
+ "mkdir -p" using AC_PROG_MKDIR_P in "configure".
+ - Fix configure script and "make check" for TCP Wrappers (problems spotted on
+ OpenBSD): add missing #include's and static variables, and add libwrap at
+ the end of the configure run because if libwrap becomes added earlier,
+ other tests may fail.
+ - configure: add support for the LDFLAGS_END and LIBS_END variables to add
+ linker flags and libraries at the end of the configure run (CFLAGS_END has
+ been implemented already).
+ - platformtest.sh and Makefile.am: Don't use "test -e", it isn't portable.
+ - Update Copyright notices for 2014 :-)
+ - Fix permanent {G|K}LINES (with a timeout of 0 seconds).
+ - WEBIRC: Don't set the hostname received by the WEBIRC command when DNS
+ lookups are disabled, but use the IP address instead.
+ Reported by Toni Spets <toni.spets@iki.fi>, thanks!
+ - Check for working getaddrinfo() function: At least AIX 4.3.3 and 5.1 have a
+ broken implementation of getaddrinfo() which doesn't handle "0" as numeric
+ service correctly. This patch adds a configure check for this case and
+ changes all calling functions to only use getaddrinfo() if it "works".
+ See <http://www.stacken.kth.se/lists/heimdal-discuss/2004-05/msg00059.html>
+ - Only use the unsetenv() function when it is available (AIX 4.3 doesn't
+ support it, for example).
+ - Make sure that the source code is still compatible with the "ansi2knr" tool
+ and builds using non-ANSI K&R C compilers. Tested with Apple C on A/UX.
+ - Fix building ngIRCd without support for ZLIB compression. Reported by
+ "der_baer" on #ngircd, thanks!
+
+ngIRCd 21 (2013-10-30)
+
+ - ./contrib/Debian/ngircd.init: Make sure no stale PID file is left over
+ when (re-)starting ngIRCd.
+ - Change ./contrib/platformtest.sh and update ./doc/Platforms.txt to
+ allow user names up to 8 characters.
+ - Call arc4random_stir() in forked subprocesses, when available. This
+ is required by FreeBSD <10 and current NetBSD at least to correctly
+ initialize the "arc4" random number generator on these platforms.
+ - Update our own Debian package configuration and fix the default path
+ of the "HelpFile" of the "full" package variants.
+
+ ngIRCd 21~rc2 (2013-10-20)
+ - Report the correct configuration file name on configuration errors,
+ support longer configuration lines, and warn when lines are truncated.
+ - Use arc4random() function to generate "random" numbers, when available.
+ - platformtest.sh: Detect clang compiler, and clean up GIT source tree
+ before building (when possible).
+ - Update (date of) manual pages.
+ - Update "Upgrade Information" in INSTALL file, add more systems to
+ doc/Platforms.txt, and fix spelling in NEWS and ChangeLog files =:)
+ - Fix remaining compiler warnings on OpenBSD.
+
+ ngIRCd 21~rc1 (2013-10-05)
+ - Actually KILL clients on GLINE/KLINE. (Closes bug #156)
+ - Adjust log messages for invalid and spoofed prefixes, which cleans up
+ logging of commands related to already KILL'ed clients. And don't
+ forward KILL commands for (already) unknown clients any more to prevent
+ unnecessary duplicates.
+ - Add support to show all user links using the "STATS L" (uppercase)
+ command (restricted to IRC Operators).
+ - Fixed blocking of server reconnects in some error configurations.
+ - Don't ignore SSL-related errors during startup any more: abort startup
+ when SSL is requested by the configuration but can't be initialized and
+ don't continue only listening on plain text communication ports.
+ (Closes bug #163)
+ - Implement configurable SSL cipher list selection for GnuTLS and OpenSSL
+ using the new configuration option "CipherList". In addition, this
+ changes the defaults to more secure values: "HIGH:!aNULL:@STRENGTH" for
+ OpenSSL, and "SECURE128" for GnuTLS.
+ - Fix "TRACE": Correctly return ERR_NEEDMOREPARAMS(461) (which basically
+ is "syntax error") when there are too many parameters.
+ - Clean up lots of permission and parameter checks in functions handling
+ IRC commands; and more consistently add penalty times on errors.
+ - Fix error numeric of WHOIS when no nick name has been provided:
+ as per RFC it should be ERR_NONICKNAMEGIVEN(431).
+ - Only log "IDENT ... no result" messages when an IDENT looked took place
+ and didn't return any data, not when IDENT has been disabled.
+ - Show connection flag "s" (SSL) in RPL_TRACE{LINK|SERVER} messages: now
+ you can check if a server-to-server link is SSL-encrypted or not using
+ the IRC "TRACE" command.
+ - Correctly discard supplementary groups on server startup.
+ - Save client IP address text for "WebIRC" users and correctly display
+ it on WHOIS, for example. (Closes bug #159)
+ - Implement the new configuration option "DefaultUserModes" which lists
+ user modes that become automatically set on new local clients right
+ after login. Please note that only modes can be set that the client
+ could set on itself, so you can't set "a" (away) or "o" (IRC Op),
+ for example! User modes "i" (invisible) or "x" (cloaked) etc. are
+ "interesting", though. (Closes bug #160)
+ - Add support for the new METADATA "account" property, which allows
+ services to automatically identify users after netsplits and across
+ service restarts.
+ - Enforce "penalty times" on error conditions more consistently and in
+ more places. Now most error codes sent back from the IRC server to the
+ client should result in a 2 second "penalty".
- Implement a new configuration option "AllowedChannelTypes" that lists
all allowed channel types (channel prefixes) for newly created channels
on the local server. By default, all supported channel types are allowed.
If set to the empty string, local clients can't create new channels at
all, which equals the old "PredefChannelsOnly = yes" setting.
This change deprecates the "PredefChannelsOnly" variable, too, but it is
- still supported and translated to the apropriate "AllowedChannelTypes"
+ still supported and translated to the appropriate "AllowedChannelTypes"
setting. When the old "PredefChannelsOnly" variable is processed, a
warning message is logged. (Closes bug #152)
- Add support for "client certificate fingerprinting". When a client
into this directory. (Closes bug #157)
- Fix use-after-free in the Lists_CheckReason() function, which is used
to check if a client is a member of a particular ban/invite/... list.
- - Xcode: fix detection of host OS, vendor, and CPU type.
+ - Xcode: fix detection of host OS, vendor, and CPU type, and update
+ project settings for Xcode 5.
- OS X PackageMaker: use relative path names in project files and package
with correct file permissions (requires root privileges on "make").
- Add Travis-CI configuration file (".travis.yml") to project.
- - Look for possible cloaked Masks in Lists. Users with +x usermode can
+ - Look for possible cloaked Masks in Lists. Users with +x user mode can
be banned with their cloaked hostname now.
- Don't read SSL client data before DNS resolver is finished which could
have resulted in discarding the resolved client hostname and IDENT
InspIRCd, for example -- but as usual, other numerics are in use, too,
like 613 in UltimateIRCd ...
Please note that neither the Operator (+o) not the "bot status" (+B)
- of an IRC service id displayed in the output.
+ of an IRC service is displayed in the output.
- Exit message: use singular & plural :-)
- autogen.sh: Check for autoconf/automake wrapper scripts
- - Add missing punctuation marks in log messages and adjust some
- severity levels.
+ - Add missing punctuation marks in log messages, adjust some severity
+ levels, and make SSL-related messages more readable.
- AUTHORS file: Update list of contributors.
- Update systemd(8) example configuration files in ./contrib/ directory:
the "ngircd.service" file now uses the "forking" service type which
and then is used to output individual help texts to specific topics.
Please see the file ./doc/Commands.txt for details.
+ngIRCd 20.3 (2013-08-23)
+
+ - Security: Fix a denial of service bug (server crash) which could happen
+ when the configuration option "NoticeAuth" is enabled (which is NOT the
+ default) and ngIRCd failed to send the "notice auth" messages to new
+ clients connecting to the server (CVE-2013-5580).
+
ngIRCd 20.2 (2013-02-15)
- Security: Fix a denial of service bug in the function handling KICK
the hash function. When "CloakHostSalt" is not set (the default), a
random salt will be generated after each server restart. (Closes #133)
-ngIRCd Release 19.2 (2012-06-19)
+ngIRCd 19.2 (2012-06-19)
- doc/Capabilities.txt: document "multi-prefix" capability
- Fix: Don't ignore "permission denied" errors when enabling chroot.
- FAQ: enhance description of chroot setup.
-ngIRCd Release 19.1 (2012-03-19)
+ngIRCd 19.1 (2012-03-19)
- Fix gcc warning (v4.6.3), initialize "list" variable to NULL.
- Fix typos: "recieved" -> "received", "Please not" -> "Please note",
- getpid.sh: Fix test case error for Debian using sbuild(1).
- Don't log "ngIRCd hello message" two times when starting up.
-ngIRCd Release 19 (2012-02-29)
+ngIRCd 19 (2012-02-29)
- Update build system: bump config.guess and config.sub files used by
GNU autoconf/automake to recent versions.
asynchronous nature of the IRC protocol. So don't break server-
links, only log a message and ignore the command. (Closes #113)
-ngIRCd Release 18 (2011-07-10)
+ngIRCd 18 (2011-07-10)
- Update timestamp of ngircd(8) manual page.
- Add preliminary ngIRCd protocol module for Anope 1.9 to contrib/Anope/.
only relevant when a trusted server on a server-server link sends invalid
commands).
-ngIRCd Release 17.1 (2010-12-19)
+ngIRCd 17.1 (2010-12-19)
- --configtest: remember if MOTD is configured by file or phrase
- Enhance log messages when establishing server links a little bit
- New numeric 329: get channel creation time on "MODE #chan" commands
- Save channel creation time; new function Channel_CreationTime()
-ngIRCd Release 17 (2010-11-07)
+ngIRCd 17 (2010-11-07)
- doc: change path names in sample-ngircd.conf depending on sysconfdir
- Fix up generation and distribution of sample-ngircd.conf
- Fix "beeing" typo ...
- SSL/TLS: fix bogus "socket closed" error message.
-ngIRCd Release 16 (2010-05-02)
+ngIRCd 16 (2010-05-02)
- doc/SSL: remove line continuation marker
every channel, and c) remote clients using a server not supporting this
mode are not checked either and therefore always allowed to join.
-ngIRCd Release 15 (2009-11-07)
+ngIRCd 15 (2009-11-07)
- "ngircd --configtest": print SSL configuration options even when unset.
- Fix a few error handling glitches for SSL/TLS connections.
- Minor fixes to manual pages and documentation.
-ngIRCd Release 14.1 (2009-05-05)
+ngIRCd 14.1 (2009-05-05)
- Security: fix remotely triggerable crash in SSL/TLS code.
- BSD start script contrib/ngircd.sh has been renamed to ngircd-bsd.sh.
- Fix server list announcement.
- Do not remove host names from info text.
-ngIRCd Release 14 (2009-04-20)
+ngIRCd 14 (2009-04-20)
- Display IPv6 addresses as "[<addr>]" when accepting connections.
- Fix handling of channels containing dots.
(closes ug #93, reported by Gonosz Csiga)
-ngIRCd Release 13 (2008-12-25)
+ngIRCd 13 (2008-12-25)
- Updated documentation, especially doc/Services.txt and doc/SSL.txt.
- Make the test suite work on OpenSolaris.
ngIRCd 0.11.0-pre2 (2008-01-07)
- SECURITY: IRC_PART could reference invalid memory, causing
ngircd to crash [from HEAD]. (CVE-2008-0285)
-
+
ngIRCd 0.11.0-pre1 (2008-01-02)
- Use dotted-decimal IP address if host name is >= 64.
- Add support for /STAT u (server uptime) command.
- SECURITY: IRC_PART could reference invalid memory, causing
ngircd to crash [from HEAD]. (CVE-2008-0285)
-
+
ngIRCd 0.10.3 (2007-08-01)
- SECURITY: Fixed a severe bug in handling JOIN commands, which could
- Documentation is now installed in $(datadir)/doc/ngircd.
- Enhanced handling of NJOIN in case of nick collisions.
-ngIRCd 0.6.1, 2003-01-21
+ngIRCd 0.6.1 (2003-01-21)
- Fixed KILL: you can't crash the server by killing yourself any more,
ngIRCd no longer sends a QUIT to other servers after the KILL, and you
Older changes (sorry, only available in german language):
-ngIRCd 0.6.0, 2002-12-24
+ngIRCd 0.6.0, 24.12.2002
- ngIRCd 0.6.0-pre2, 2002-12-23
+ ngIRCd 0.6.0-pre2, 23.12.2002
- neuer Numeric 005 ("Features") beim Connect.
- LUSERS erweitert: nun wird die maximale Anzahl der lokalen und globalen
Clients, die dem Server bzw. im Netzwerk seit dem letzten (Re-)Start
dem Server gleichzeitig bekannt waren, angezeigt.
- ngIRCd 0.6.0-pre1, 2002-12-18
+ ngIRCd 0.6.0-pre1, 18.12.2002
- beim Schliessen einer Verbindung zeigt der Server nun vor dem ERROR
noch eine Statistik ueber die empfangene und gesendete Datenmenge an.
- der Server wartet bei einer eingehenden Verbindung nun laenger auf den
ngIRCd 0.5.4, 24.11.2002
- - Fehler-Handling von connect() gefixed: der Server kann sich nun auch
+ - Fehler-Handling von connect() gefixed: der Server kann sich nun auch
unter A/UX wieder zu anderen verbinden.
- in den Konfigurationsvariablen ServerUID und ServerGID kann nun nicht
nur die numerische ID, sondern auch der Name des Users bzw. der Gruppe
- ADMIN-Befehl implementiert. Die Daten hierzu werden in der Konfig-Datei
im [Global]-Abschnitt mit den Variablen "AdminInfo1", "AdminInfo2" und
"AdminEMail" konfiguriert.
-
+
ngIRCd 0.4.3, 11.06.2002
- Bei PRIVMSG und NOTICE hat der ngIRCd nicht ueberpruft, ob das Ziel
projects / ngircd-alex.git / blobdiff