-- ChangeLog --
-ngIRCd 21
-
+ngIRCd 21~rc1 (2013-10-05)
+
+ - Actually KILL clients on GLINE/KLINE. (Closes bug #156)
+ - Adjust log messages for invalid and spoofed prefixes, which cleans up
+ logging of commands related to already KILL'ed clients. And don't
+ forward KILL commands for (already) unknown clients any more to prevent
+ unnecessary duplicates.
+ - Add support to show all user links using the "STATS L" (uppercase)
+ command (restricted to IRC Operators).
+ - Fixed blocking of server reconnects in some error configurations.
+ - Don't ignore SSL-related errors during startup any more: abort startup
+ when SSL is requested by the configuration but can't be initialized and
+ don't continue only listening on plain text communication ports.
+ (Closes bug #163)
+ - Implement configurable SSL cipher list selection for GnuTLS and OpenSSL
+ using the new configuration option "CipherList". In addition, this
+ changes the defaults to more secure values: "HIGH:!aNULL:@STRENGTH" for
+ OpenSSL, and "SECURE128" for GnuTLS.
+ - Fix "TRACE": Correctly return ERR_NEEDMOREPARAMS(461) (which basically
+ is "syntax error") when there are too many parameters.
+ - Clean up lots of permission and parameter checks in functions handling
+ IRC commands; and more consistently add penalty times on errors.
+ - Fix error numeric of WHOIS when no nick name has been provided:
+ as per RFC it should be ERR_NONICKNAMEGIVEN(431).
+ - Only log "IDENT ... no result" messages when an IDENT looked took place
+ and didn't return any data, not when IDENT has been disabled.
+ - Show connection flag "s" (SSL) in RPL_TRACE{LINK|SERVER} messages: now
+ you can check if a server-to-server link is SSL-encrypted or not using
+ the IRC "TRACE" command.
+ - Correctly discard supplementary groups on server startup.
+ - Save client IP address text for "WebIRC" users and correctly display
+ it on WHOIS, for example. (Closes bug #159)
+ - Implement the new configuration option "DefaultUserModes" which lists
+ user modes that become automatically set on new local clients right
+ after login. Please note that only modes can be set that the client
+ could set on itself, so you can't set "a" (away) or "o" (IRC Op),
+ for example! User modes "i" (invisible) or "x" (cloaked) etc. are
+ "interesting", though. (Closes bug #160)
+ - Add support for the new METADATA "account" property, which allows
+ services to automatically identify users after netsplits and across
+ service restarts.
+ - Enforce "penalty times" on error conditions more consistently and in
+ more places. Now most error codes sent back from the IRC server to the
+ client should result in a 2 second "penalty".
- Implement a new configuration option "AllowedChannelTypes" that lists
all allowed channel types (channel prefixes) for newly created channels
on the local server. By default, all supported channel types are allowed.
If set to the empty string, local clients can't create new channels at
all, which equals the old "PredefChannelsOnly = yes" setting.
This change deprecates the "PredefChannelsOnly" variable, too, but it is
- still supported and translated to the apropriate "AllowedChannelTypes"
+ still supported and translated to the appropriate "AllowedChannelTypes"
setting. When the old "PredefChannelsOnly" variable is processed, a
warning message is logged. (Closes bug #152)
- Add support for "client certificate fingerprinting". When a client
into this directory. (Closes bug #157)
- Fix use-after-free in the Lists_CheckReason() function, which is used
to check if a client is a member of a particular ban/invite/... list.
- - Xcode: fix detection of host OS, vendor, and CPU type.
+ - Xcode: fix detection of host OS, vendor, and CPU type, and update
+ project settings for Xcode 5.
- OS X PackageMaker: use relative path names in project files and package
with correct file permissions (requires root privileges on "make").
- Add Travis-CI configuration file (".travis.yml") to project.
- - Look for possible cloaked Masks in Lists. Users with +x usermode can
+ - Look for possible cloaked Masks in Lists. Users with +x user mode can
be banned with their cloaked hostname now.
- Don't read SSL client data before DNS resolver is finished which could
have resulted in discarding the resolved client hostname and IDENT
InspIRCd, for example -- but as usual, other numerics are in use, too,
like 613 in UltimateIRCd ...
Please note that neither the Operator (+o) not the "bot status" (+B)
- of an IRC service id displayed in the output.
+ of an IRC service is displayed in the output.
- Exit message: use singular & plural :-)
- autogen.sh: Check for autoconf/automake wrapper scripts
- - Add missing punctuation marks in log messages and adjust some
- severity levels.
+ - Add missing punctuation marks in log messages, adjust some severity
+ levels, and make SSL-related messages more readable.
- AUTHORS file: Update list of contributors.
- Update systemd(8) example configuration files in ./contrib/ directory:
the "ngircd.service" file now uses the "forking" service type which
and then is used to output individual help texts to specific topics.
Please see the file ./doc/Commands.txt for details.
+ngIRCd 20.3 (2013-08-23)
+
+ - Security: Fix a denial of service bug (server crash) which could happen
+ when the configuration option "NoticeAuth" is enabled (which is NOT the
+ default) and ngIRCd failed to send the "notice auth" messages to new
+ clients connecting to the server (CVE-2013-5580).
+
ngIRCd 20.2 (2013-02-15)
- Security: Fix a denial of service bug in the function handling KICK
projects / ngircd-alex.git / blobdiff