-- ChangeLog --
+ngIRCd 21~rc1 (2013-10-05)
+
+ - Actually KILL clients on GLINE/KLINE. (Closes bug #156)
+ - Adjust log messages for invalid and spoofed prefixes, which cleans up
+ logging of commands related to already KILL'ed clients. And don't
+ forward KILL commands for (already) unknown clients any more to prevent
+ unnecessary duplicates.
+ - Add support to show all user links using the "STATS L" (uppercase)
+ command (restricted to IRC Operators).
+ - Fixed blocking of server reconnects in some error confitions.
+ - Don't ignore SSL-related errors during startup any more: abort startup
+ when SSL is requested by the configuration but can't be initialized and
+ don't continue only listening on plain text communicaiton ports.
+ (Closes bug #163)
+ - Implement configurable SSL cipher list selection for GnuTLS and OpenSSL
+ using the new configuration option "CipherList". In addition, this
+ changes the defaults to more secure values: "HIGH:!aNULL:@STRENGTH" for
+ OpenSSL, and "SECURE128" for GnuTLS.
+ - Fix "TRACE": Correctly return ERR_NEEDMOREPARAMS(461) (which basically
+ is "syntax error") when there are too many parameters.
+ - Clean up lots of permission and parameter checks in functions handling
+ IRC commands; and more consistently add penalty times on errors.
+ - Fix error numeric of WHOIS when no nick namename has been provided:
+ as per RFC it shoud be ERR_NONICKNAMEGIVEN(431).
+ - Only log "IDENT ... no result" messages when an IDENT looked took place
+ and didn't return any data, not when IDENT has been disabled.
+ - Show connection flag "s" (SSL) in RPL_TRACE{LINK|SERVER} messages: now
+ you can check if a server-to-server link is SSL-encrypted or not using
+ the IRC "TRACE" command.
+ - Correctly discard supplementary groups on server startup.
+ - Save client IP address text for "WebIRC" users and correctly display
+ it on WHOIS, for example. (Closes bug #159)
+ - Implement the new configuration option "DefaultUserModes" which lists
+ user modes that become automatically set on new local clients right
+ after login. Please note that only modes can be set that the client
+ could set on itself, so you can't set "a" (away) or "o" (IRC Op),
+ for example! User modes "i" (invisible) or "x" (cloaked) etc. are
+ "interesting", though. (Closes bug #160)
+ - Add support for the new METADATA "account" property, which allows
+ services to automatically identify users after netsplits and across
+ service restarts.
+ - Enforce "penalty times" on error conditions more consistently and in
+ more places. Now most error codes sent back from the IRC server to the
+ client should result in a 2 second "penalty".
+ - Implement a new configuration option "AllowedChannelTypes" that lists
+ all allowed channel types (channel prefixes) for newly created channels
+ on the local server. By default, all supported channel types are allowed.
+ If set to the empty string, local clients can't create new channels at
+ all, which equals the old "PredefChannelsOnly = yes" setting.
+ This change deprecates the "PredefChannelsOnly" variable, too, but it is
+ still supported and translated to the appropriate "AllowedChannelTypes"
+ setting. When the old "PredefChannelsOnly" variable is processed, a
+ warning message is logged. (Closes bug #152)
+ - Add support for "client certificate fingerprinting". When a client
+ passes an SSL certificate to the server, the "fingerprint" will be
+ forwarded in the network which enables IRC services to identify the
+ user using this certificate and not using passwords.
+ - IRC Operator names, as defined in ngircd.conf, are logged now when
+ handling successful OPER commands.
+ - Some error conditions while handling IRC commands, like "permission
+ denied" or "need more parameters", result in more penalty times.
+ - The numeric replies of some commands became split too early which
+ resulted in more numeric reply lines than necessary.
+ - Implement a new configuration option "IncludeDir" in the "[Options]"
+ section that can be used to specify a directory which can contain
+ further configuration files and configuration file snippets matching
+ the pattern "*.conf". These files are read in after the main server
+ configuration file ("ngircd.conf" by default) has been read in and
+ parsed. The default is "$SYSCONFDIR/ngircd.conf.d", so that it is
+ possible to adjust the configuration only by placing additional files
+ into this directory. (Closes bug #157)
+ - Fix use-after-free in the Lists_CheckReason() function, which is used
+ to check if a client is a member of a particular ban/invite/... list.
+ - Xcode: fix detection of host OS, vendor, and CPU type, and update
+ project settings for Xcode 5.
+ - OS X PackageMaker: use relative path names in project files and package
+ with correct file permissions (requires root privileges on "make").
+ - Add Travis-CI configuration file (".travis.yml") to project.
+ - Look for possible cloaked Masks in Lists. Users with +x usermode can
+ be banned with their cloaked hostname now.
+ - Don't read SSL client data before DNS resolver is finished which could
+ have resulted in discarding the resolved client hostname and IDENT
+ reply afterwards, because in some situations (timing dependent) the
+ NICK and USER commands could have already been read in from the client,
+ stored in the buffer, and been processed.
+ Thanks to Julian Brost for reporting the issue and testing, and to
+ Federico G. Schwindt <fgsch@lodoss.net> for helping to debug it!
+ - Increase password length limit to 64 characters. (Closes bug #154)
+ - doc/Services.txt: Update Anope status and URL.
+ - Clean up Xcode project file, remove outdated files, add missing ones.
+ - Update Doxygen configuration file.
+ - configure: search for iconv_open as well as libiconv_open, because
+ on some installations iconv_open() is actually libiconv_open().
+ iconv_open() is the glibc version while libiconv_open() is the
+ libiconv version, now both variants are supported. (Closes bug #151)
+ - ngIRCd now accepts user names including "@" characters, saves the
+ unmodified name for authentication but stores only the part in front
+ of the "@" character as "IRC user name". And the latter is how
+ ircd2.11, Bahamut, and irc-seven behave as well. (Closes bug #155)
+ - Lots of IRC "information functions" like ADMIN, INFO, ... now accept
+ server masks and names of connected users (in addition to server names)
+ for specifying the target server of the command. (Closes bug #153)
+ - Implement a new configuration option "IdleTimeout" in the "[Limits]"
+ section of the configuration file which can be used to set a timeout
+ in seconds after which the whole daemon will shutdown when no more
+ connections are left active after handling at least one client.
+ The default is 0, "never".
+ This can be useful for testing or when ngIRCd is started using "socket
+ activation" with systemd(8), for example.
+ - Implement support for systemd(8) "socket activation".
+ - contrib/README: add description for more files.
+ - Enable WHOIS to display information about IRC Services using the new
+ numeric 310(RPL_WHOISSERVICE) This numeric is used for this purpose by
+ InspIRCd, for example -- but as usual, other numerics are in use, too,
+ like 613 in UltimateIRCd ...
+ Please note that neither the Operator (+o) not the "bot status" (+B)
+ of an IRC service is displayed in the output.
+ - Exit message: use singular & plural :-)
+ - autogen.sh: Check for autoconf/automake wrapper scripts
+ - Add missing punctuation marks in log messages, adjust some severity
+ levels, and make SSL-related messages more readable.
+ - AUTHORS file: Update list of contributors.
+ - Update systemd(8) example configuration files in ./contrib/ directory:
+ the "ngircd.service" file now uses the "forking" service type which
+ enhances the log messages shown by "systemctl status ngircd.service",
+ and the new "ngircd.socket" file configures a systemd socket that
+ configures a socket for ngIRCd and launches the daemon on demand.
+ - Enhance help system and the HELP command: now a "help text file" can be
+ set using the new configuration option "HelpFile" ("global" section),
+ which is read in and parsed on server startup and configuration reload,
+ and then is used to output individual help texts to specific topics.
+ Please see the file ./doc/Commands.txt for details.
+
+ngIRCd 20.3 (2013-08-23)
+
+ - Security: Fix a denial of service bug (server crash) which could happen
+ when the configuration option "NoticeAuth" is enabled (which is NOT the
+ default) and ngIRCd failed to send the "notice auth" messages to new
+ clients connecting to the server (CVE-2013-5580).
+
ngIRCd 20.2 (2013-02-15)
- Security: Fix a denial of service bug in the function handling KICK
- commands that could be used by arbitrary users to to crash the daemon.
+ commands that could be used by arbitrary users to to crash the daemon
+ (CVE-2013-1747).
- WHO command: Use the currently "displayed hostname" (which can be cloaked!)
for hostname matching, not the real one. In other words: don't display all
the cloaked users on a specific real hostname!
- autogen.sh: Enforce serial test harness on GNU automake >=1.13. The
new parallel test harness which is enabled by default starting with
automake 1.13 isn't compatible with our test suite.
- And don't use "egrep -o", insetead use "sed", because it isn't portable
+ And don't use "egrep -o", instead use "sed", because it isn't portable
and not available on OpenBSD, for example.
ngIRCd 20.1 (2013-01-02)
- Allow user names ("INDENT") up to 20 characters when ngIRCd has not
been configured for "strict RFC mode". This is useful if you are using
- external (PAM) authenticaion mechanisms that require longer user names.
+ external (PAM) authentication mechanisms that require longer user names.
Patch suggested by Brett Smith <brett@w3.org>, see
<http://arthur.barton.de/pipermail/ngircd-ml/2012-October/000579.html>.
projects / ngircd-alex.git / blobdiff