ngIRCd - Next Generation IRC Server
http://ngircd.barton.de/
- (c)2001-2012 Alexander Barton and Contributors.
+ (c)2001-2013 Alexander Barton and Contributors.
ngIRCd is free software and published under the
terms of the GNU General Public License.
-- ChangeLog --
-ngIRCd
-
+ngIRCd 21 (2013-10-30)
+
+ - ./contrib/Debian/ngircd.init: Make sure no stale PID file is left over
+ when (re-)starting ngIRCd.
+ - Change ./contrib/platformtest.sh and update ./doc/Platforms.txt to
+ allow usernames up to 8 characters.
+ - Call arc4random_stir() in forked subprocesses, when available. This
+ is required by FreeBSD <10 and current NetBSD at least to correctly
+ initialize the "arc4" random number generator on these platforms.
+ - Update our own Debian package configuration and fix the default path
+ of the "HelpFile" of the "full" package variants.
+
+ ngIRCd 21~rc2 (2013-10-20)
+ - Report the correct configuration file name on configuration errors,
+ support longer configuration lines, and warn when lines are truncated.
+ - Use arc4random() function to generate "random" numbers, when available.
+ - platformtest.sh: Detect clang compiler, and clean up GIT source tree
+ before building (when possible).
+ - Update (date of) manual pages.
+ - Update "Upgrade Information" in INSTALL file, add more systems to
+ doc/Platforms.txt, and fix spelling in NEWS and ChangeLog files =:)
+ - Fix remaining compiler warnings on OpenBSD.
+
+ ngIRCd 21~rc1 (2013-10-05)
+ - Actually KILL clients on GLINE/KLINE. (Closes bug #156)
+ - Adjust log messages for invalid and spoofed prefixes, which cleans up
+ logging of commands related to already KILL'ed clients. And don't
+ forward KILL commands for (already) unknown clients any more to prevent
+ unnecessary duplicates.
+ - Add support to show all user links using the "STATS L" (uppercase)
+ command (restricted to IRC Operators).
+ - Fixed blocking of server reconnects in some error configurations.
+ - Don't ignore SSL-related errors during startup any more: abort startup
+ when SSL is requested by the configuration but can't be initialized and
+ don't continue only listening on plain text communication ports.
+ (Closes bug #163)
+ - Implement configurable SSL cipher list selection for GnuTLS and OpenSSL
+ using the new configuration option "CipherList". In addition, this
+ changes the defaults to more secure values: "HIGH:!aNULL:@STRENGTH" for
+ OpenSSL, and "SECURE128" for GnuTLS.
+ - Fix "TRACE": Correctly return ERR_NEEDMOREPARAMS(461) (which basically
+ is "syntax error") when there are too many parameters.
+ - Clean up lots of permission and parameter checks in functions handling
+ IRC commands; and more consistently add penalty times on errors.
+ - Fix error numeric of WHOIS when no nick name has been provided:
+ as per RFC it should be ERR_NONICKNAMEGIVEN(431).
+ - Only log "IDENT ... no result" messages when an IDENT looked took place
+ and didn't return any data, not when IDENT has been disabled.
+ - Show connection flag "s" (SSL) in RPL_TRACE{LINK|SERVER} messages: now
+ you can check if a server-to-server link is SSL-encrypted or not using
+ the IRC "TRACE" command.
+ - Correctly discard supplementary groups on server startup.
+ - Save client IP address text for "WebIRC" users and correctly display
+ it on WHOIS, for example. (Closes bug #159)
+ - Implement the new configuration option "DefaultUserModes" which lists
+ user modes that become automatically set on new local clients right
+ after login. Please note that only modes can be set that the client
+ could set on itself, so you can't set "a" (away) or "o" (IRC Op),
+ for example! User modes "i" (invisible) or "x" (cloaked) etc. are
+ "interesting", though. (Closes bug #160)
+ - Add support for the new METADATA "account" property, which allows
+ services to automatically identify users after netsplits and across
+ service restarts.
+ - Enforce "penalty times" on error conditions more consistently and in
+ more places. Now most error codes sent back from the IRC server to the
+ client should result in a 2 second "penalty".
+ - Implement a new configuration option "AllowedChannelTypes" that lists
+ all allowed channel types (channel prefixes) for newly created channels
+ on the local server. By default, all supported channel types are allowed.
+ If set to the empty string, local clients can't create new channels at
+ all, which equals the old "PredefChannelsOnly = yes" setting.
+ This change deprecates the "PredefChannelsOnly" variable, too, but it is
+ still supported and translated to the appropriate "AllowedChannelTypes"
+ setting. When the old "PredefChannelsOnly" variable is processed, a
+ warning message is logged. (Closes bug #152)
+ - Add support for "client certificate fingerprinting". When a client
+ passes an SSL certificate to the server, the "fingerprint" will be
+ forwarded in the network which enables IRC services to identify the
+ user using this certificate and not using passwords.
+ - IRC Operator names, as defined in ngircd.conf, are logged now when
+ handling successful OPER commands.
+ - Some error conditions while handling IRC commands, like "permission
+ denied" or "need more parameters", result in more penalty times.
+ - The numeric replies of some commands became split too early which
+ resulted in more numeric reply lines than necessary.
+ - Implement a new configuration option "IncludeDir" in the "[Options]"
+ section that can be used to specify a directory which can contain
+ further configuration files and configuration file snippets matching
+ the pattern "*.conf". These files are read in after the main server
+ configuration file ("ngircd.conf" by default) has been read in and
+ parsed. The default is "$SYSCONFDIR/ngircd.conf.d", so that it is
+ possible to adjust the configuration only by placing additional files
+ into this directory. (Closes bug #157)
+ - Fix use-after-free in the Lists_CheckReason() function, which is used
+ to check if a client is a member of a particular ban/invite/... list.
+ - Xcode: fix detection of host OS, vendor, and CPU type, and update
+ project settings for Xcode 5.
+ - OS X PackageMaker: use relative path names in project files and package
+ with correct file permissions (requires root privileges on "make").
+ - Add Travis-CI configuration file (".travis.yml") to project.
+ - Look for possible cloaked Masks in Lists. Users with +x user mode can
+ be banned with their cloaked hostname now.
+ - Don't read SSL client data before DNS resolver is finished which could
+ have resulted in discarding the resolved client hostname and IDENT
+ reply afterwards, because in some situations (timing dependent) the
+ NICK and USER commands could have already been read in from the client,
+ stored in the buffer, and been processed.
+ Thanks to Julian Brost for reporting the issue and testing, and to
+ Federico G. Schwindt <fgsch@lodoss.net> for helping to debug it!
+ - Increase password length limit to 64 characters. (Closes bug #154)
+ - doc/Services.txt: Update Anope status and URL.
+ - Clean up Xcode project file, remove outdated files, add missing ones.
+ - Update Doxygen configuration file.
+ - configure: search for iconv_open as well as libiconv_open, because
+ on some installations iconv_open() is actually libiconv_open().
+ iconv_open() is the glibc version while libiconv_open() is the
+ libiconv version, now both variants are supported. (Closes bug #151)
+ - ngIRCd now accepts user names including "@" characters, saves the
+ unmodified name for authentication but stores only the part in front
+ of the "@" character as "IRC user name". And the latter is how
+ ircd2.11, Bahamut, and irc-seven behave as well. (Closes bug #155)
+ - Lots of IRC "information functions" like ADMIN, INFO, ... now accept
+ server masks and names of connected users (in addition to server names)
+ for specifying the target server of the command. (Closes bug #153)
+ - Implement a new configuration option "IdleTimeout" in the "[Limits]"
+ section of the configuration file which can be used to set a timeout
+ in seconds after which the whole daemon will shutdown when no more
+ connections are left active after handling at least one client.
+ The default is 0, "never".
+ This can be useful for testing or when ngIRCd is started using "socket
+ activation" with systemd(8), for example.
+ - Implement support for systemd(8) "socket activation".
+ - contrib/README: add description for more files.
+ - Enable WHOIS to display information about IRC Services using the new
+ numeric 310(RPL_WHOISSERVICE) This numeric is used for this purpose by
+ InspIRCd, for example -- but as usual, other numerics are in use, too,
+ like 613 in UltimateIRCd ...
+ Please note that neither the Operator (+o) not the "bot status" (+B)
+ of an IRC service is displayed in the output.
+ - Exit message: use singular & plural :-)
+ - autogen.sh: Check for autoconf/automake wrapper scripts
+ - Add missing punctuation marks in log messages, adjust some severity
+ levels, and make SSL-related messages more readable.
+ - AUTHORS file: Update list of contributors.
+ - Update systemd(8) example configuration files in ./contrib/ directory:
+ the "ngircd.service" file now uses the "forking" service type which
+ enhances the log messages shown by "systemctl status ngircd.service",
+ and the new "ngircd.socket" file configures a systemd socket that
+ configures a socket for ngIRCd and launches the daemon on demand.
+ - Enhance help system and the HELP command: now a "help text file" can be
+ set using the new configuration option "HelpFile" ("global" section),
+ which is read in and parsed on server startup and configuration reload,
+ and then is used to output individual help texts to specific topics.
+ Please see the file ./doc/Commands.txt for details.
+
+ngIRCd 20.3 (2013-08-23)
+
+ - Security: Fix a denial of service bug (server crash) which could happen
+ when the configuration option "NoticeAuth" is enabled (which is NOT the
+ default) and ngIRCd failed to send the "notice auth" messages to new
+ clients connecting to the server (CVE-2013-5580).
+
+ngIRCd 20.2 (2013-02-15)
+
+ - Security: Fix a denial of service bug in the function handling KICK
+ commands that could be used by arbitrary users to to crash the daemon
+ (CVE-2013-1747).
+ - WHO command: Use the currently "displayed hostname" (which can be cloaked!)
+ for hostname matching, not the real one. In other words: don't display all
+ the cloaked users on a specific real hostname!
+ - configure: The header file "netinet/in_systm.h" already is optional in
+ ngIRCd, so don't require it in the configure script. Now ngIRCd can be
+ built on Minix 3 again :-)
+ - Return better "Connection not registered as server link" errors: Now ngIRCd
+ returns a more specific error message for numeric ERR_NOTREGISTERED(451)
+ when a regular user tries to use a command that isn't allowed for users but
+ for servers.
+ - Don't report ERR_NEEDMOREPARAMS(461) when a MDOE command with more modes
+ than nicknames is handled, as well as for channel limit and key changes
+ without specifying the limit or key parameters.
+ This is how a lot (all?) other IRC servers behave, including ircd2.11,
+ InspIRCd, and ircd-seven. And because of clients (tested with Textual and
+ mIRC) sending bogus MODE commands like "MODE -ooo nick", end-users got the
+ expected result as well as correct but misleading error messages ...
+ - Correctly detect when SSL subsystem must be initialized and take
+ outgoing connections (server links!) into account, too.
+ - autogen.sh: Enforce serial test harness on GNU automake >=1.13. The
+ new parallel test harness which is enabled by default starting with
+ automake 1.13 isn't compatible with our test suite.
+ And don't use "egrep -o", instead use "sed", because it isn't portable
+ and not available on OpenBSD, for example.
+
+ngIRCd 20.1 (2013-01-02)
+
+ - Allow ERROR command on server and service links only, ignore them and
+ add a penalty time on all other link types.
+ - Enforced mode setting by IRC Operators: Only check the channel user
+ modes of the initiator if he is joined to the channel and not an IRC
+ operator enforcing modes (which requires the configuration option
+ "OperCanUseMode" to be enabled), because trying to check channel user
+ modes of a non-member results in an assertion when running with debug
+ code or could crash the daemon otherwise. This closes bug #147, thanks
+ to James Kirwill <james.kirwill@bk.ru> for tracking this down!
+ - Fix build system to cope with spaces in path names.
+ - Code cleanups, mostly to fix build warnings on Cygwin.
+
+ngIRCd 20 (2012-12-17)
+
+ - Allow user names ("INDENT") up to 20 characters when ngIRCd has not
+ been configured for "strict RFC mode". This is useful if you are using
+ external (PAM) authentication mechanisms that require longer user names.
+ Patch suggested by Brett Smith <brett@w3.org>, see
+ <http://arthur.barton.de/pipermail/ngircd-ml/2012-October/000579.html>.
+
+ ngIRCd 20~rc2 (2012-12-02)
+ - Rework cloaked hostname handling and implement the "METADATA cloakhost"
+ subcommand: Now ngIRCd uses two fields internally, one to store the
+ "real" hostname and one to save the "cloaked" hostname. This allows
+ "foreign servers" (aka "IRC services") to alter the real and cloaked
+ hostnames of clients without problems, even when the user itself issues
+ additional "MODE +x" and "MODE -x" commands.
+ - RPL_UMODEIS: send correct target name, even on server links.
+ - Update platformtest.sh to follow autoconf changes and only generate
+ the "configure" script when it is missing.
+ - Fix the test suite to correctly execute test scripts even when stdout
+ is redirected.
+ - Fix some compiler warnings on NetBSD and OpenBSD.
+
+ ngIRCd 20~rc1 (2012-11-11)
+ - Update doc/Services.txt: describe the upcoming version of Anope 1.9.8,
+ then including a protocol module for ngIRCd. And remove our own patches
+ in ./contrib/Anope because they aren't supported any more ...
+ - Implement new "METADATA" command which can be used by remote servers
+ and IRC services to update client metadata like the client info text
+ ("real name"), user name, and hostname, and use this command to
+ configure an cloaked hostname (user mode "+x") on remote servers:
+ This prevents "double cloaking" of hostnames and even cloaked
+ hostnames are in sync on all servers supporting "METADATA" now.
+ - Fix error message when trying to join non-predefined channels and the
+ "PredefChannelsOnly" configuration option is set.
+ - Implement new IRC "SVSNICK" command to allow remote servers (and IRC
+ services) to change nicknames of already registered users. The SVSNICK
+ command itself doesn't change the nickname, but it becomes forwarded
+ to the server to which the user is connected to. And then this server
+ initiates the real nickname changing using regular NICK commands.
+ This allows to run mixed networks with old servers not supporting the
+ SVSNICK command, because SVSNICK commands for nicknames on such servers
+ are silently ignored and don't cause a desynchronization of the network.
+ - Make server reconnect time a little bit more random, so that two
+ servers trying to connect to each other asynchronously don't try this
+ in exactly the same time periods and kick each other off ...
+ - Don't accept connections for servers already being linked: there was a
+ time frame that could result in one connection overwriting the other,
+ e. g. the incoming connection overwriting the status of the outgoing
+ one. And this could lead to all kind of weirdness (even crashes!) later
+ on: now such incoming connections are dropped.
+ - New configuration option "MaxListSize" to configure the maximum number
+ of channels returned by a LIST command. The default is 100, as before.
- Implement user mode "b", "block messages": when a user has set mode "b",
all private messages and notices to this user are blocked if they don't
originate from a registered user, an IRC Op, server or service. The
the hash function. When "CloakHostSalt" is not set (the default), a
random salt will be generated after each server restart. (Closes #133)
-ngIRCd Release 19.2 (2012-06-19)
+ngIRCd 19.2 (2012-06-19)
- doc/Capabilities.txt: document "multi-prefix" capability
- Fix: Don't ignore "permission denied" errors when enabling chroot.
- FAQ: enhance description of chroot setup.
-ngIRCd Release 19.1 (2012-03-19)
+ngIRCd 19.1 (2012-03-19)
- Fix gcc warning (v4.6.3), initialize "list" variable to NULL.
- Fix typos: "recieved" -> "received", "Please not" -> "Please note",
- getpid.sh: Fix test case error for Debian using sbuild(1).
- Don't log "ngIRCd hello message" two times when starting up.
-ngIRCd Release 19 (2012-02-29)
+ngIRCd 19 (2012-02-29)
- Update build system: bump config.guess and config.sub files used by
GNU autoconf/automake to recent versions.
and receiver are on the same channel. This prevents private flooding
by completely unknown clients.
- New RPL_WHOISREGNICK_MSG(307) numeric in WHOIS command replies: it
- indicates if a nick name is registered (if user mode 'R' set).
+ indicates if a nickname is registered (if user mode 'R' set).
- Limit channel invite, ban, and exception lists to 50 entries and fix
duplicate check and error messages when adding already listed entries
or deleting no (longer) existing ones.
limit reached), but report an error and continue. And don't check
the channel limit and don't report with "too many channels" when
trying to join a channel that the client already is a member of.
- - ISON command: reply with the correct upper-/lowercase nick names.
+ - ISON command: reply with the correct upper-/lowercase nicknames.
- New configuration option "PAMIsOptional": when set, clients not
sending a password are still allowed to connect: they won't become
"identified" and keep the "~" character prepended to their supplied
The bug has been introduced starting with ngIRCd 17 ... :-(
(commit ID 6ebb31ab35e)
- Added doc/Modes.txt: document modes supported by ngIRCd.
- - Implement user mode "R": indicates that the nick name of this user
+ - Implement user mode "R": indicates that the nickname of this user
is "registered". This mode isn't handled by ngIRCd itself, but must
be set and unset by IRC services like Anope.
- Implement channel mode "R": only registered users (having the user
- Handle channel user modes 'a', 'h', and 'q' from remote servers.
These channel user modes aren't used for anything at the moment,
but ngIRCd knows that these three modes are "channel user modes"
- and not "channel modes", that is that these modes take an "nick name"
+ and not "channel modes", that is that these modes take an "nickname"
argument. Like unknown user and channel modes, these modes are saved
and forwarded to other servers, but ignored otherwise.
- Correctly inform clients when other servers change their user modes.
asynchronous nature of the IRC protocol. So don't break server-
links, only log a message and ignore the command. (Closes #113)
-ngIRCd Release 18 (2011-07-10)
+ngIRCd 18 (2011-07-10)
- Update timestamp of ngircd(8) manual page.
- Add preliminary ngIRCd protocol module for Anope 1.9 to contrib/Anope/.
- New configuration option "CloakHost": when set, this host name is used for
every client instead of the real DNS host name (or IP address).
- New configuration option "CloakUserToNick": when enabled, ngIRCd sets
- every clients' user name to their nick name and hides the user name
+ every clients' user name to their nickname and hides the user name
supplied by the IRC client.
- doc/Protocol.txt: Update description of the CHANINFO and WEBIRC commands.
- Doxygen'ify (document) much more source files; code cleanup ...
only relevant when a trusted server on a server-server link sends invalid
commands).
-ngIRCd Release 17.1 (2010-12-19)
+ngIRCd 17.1 (2010-12-19)
- --configtest: remember if MOTD is configured by file or phrase
- Enhance log messages when establishing server links a little bit
- New numeric 329: get channel creation time on "MODE #chan" commands
- Save channel creation time; new function Channel_CreationTime()
-ngIRCd Release 17 (2010-11-07)
+ngIRCd 17 (2010-11-07)
- doc: change path names in sample-ngircd.conf depending on sysconfdir
- Fix up generation and distribution of sample-ngircd.conf
- Fix "beeing" typo ...
- SSL/TLS: fix bogus "socket closed" error message.
-ngIRCd Release 16 (2010-05-02)
+ngIRCd 16 (2010-05-02)
- doc/SSL: remove line continuation marker
every channel, and c) remote clients using a server not supporting this
mode are not checked either and therefore always allowed to join.
-ngIRCd Release 15 (2009-11-07)
+ngIRCd 15 (2009-11-07)
- "ngircd --configtest": print SSL configuration options even when unset.
- Fix a few error handling glitches for SSL/TLS connections.
- Minor fixes to manual pages and documentation.
-ngIRCd Release 14.1 (2009-05-05)
+ngIRCd 14.1 (2009-05-05)
- Security: fix remotely triggerable crash in SSL/TLS code.
- BSD start script contrib/ngircd.sh has been renamed to ngircd-bsd.sh.
- Fix server list announcement.
- Do not remove host names from info text.
-ngIRCd Release 14 (2009-04-20)
+ngIRCd 14 (2009-04-20)
- Display IPv6 addresses as "[<addr>]" when accepting connections.
- Fix handling of channels containing dots.
(closes ug #93, reported by Gonosz Csiga)
-ngIRCd Release 13 (2008-12-25)
+ngIRCd 13 (2008-12-25)
- Updated documentation, especially doc/Services.txt and doc/SSL.txt.
- Make the test suite work on OpenSolaris.
- New [Server] configuration Option "Bind" allows to specify
the source IP address to use when connecting to remote server.
- New configuration option "MaxNickLength" to specify the allowed maximum
- length of user nick names. Note: must be unique in an IRC network!
+ length of user nicknames. Note: must be unique in an IRC network!
- Enhanced the IRC+ protocol to support an enhanced "server handshake" and
enable server to recognize numeric 005 (ISUPPORT) and 376 (ENDOFMOTD).
See doc/Protocol.txt for details.
- Documentation is now installed in $(datadir)/doc/ngircd.
- Enhanced handling of NJOIN in case of nick collisions.
-ngIRCd 0.6.1, 2003-01-21
+ngIRCd 0.6.1 (2003-01-21)
- Fixed KILL: you can't crash the server by killing yourself any more,
ngIRCd no longer sends a QUIT to other servers after the KILL, and you
Older changes (sorry, only available in german language):
-ngIRCd 0.6.0, 2002-12-24
+ngIRCd 0.6.0, 24.12.2002
- ngIRCd 0.6.0-pre2, 2002-12-23
+ ngIRCd 0.6.0-pre2, 23.12.2002
- neuer Numeric 005 ("Features") beim Connect.
- LUSERS erweitert: nun wird die maximale Anzahl der lokalen und globalen
Clients, die dem Server bzw. im Netzwerk seit dem letzten (Re-)Start
dem Server gleichzeitig bekannt waren, angezeigt.
- ngIRCd 0.6.0-pre1, 2002-12-18
+ ngIRCd 0.6.0-pre1, 18.12.2002
- beim Schliessen einer Verbindung zeigt der Server nun vor dem ERROR
noch eine Statistik ueber die empfangene und gesendete Datenmenge an.
- der Server wartet bei einer eingehenden Verbindung nun laenger auf den
projects / ngircd-alex.git / blobdiff