ngIRCd - Next Generation IRC Server
http://ngircd.barton.de/
- (c)2001-2020 Alexander Barton and Contributors.
+ (c)2001-2024 Alexander Barton and Contributors.
ngIRCd is free software and published under the
terms of the GNU General Public License.
-- NEWS --
-ngIRCd 26
+ngIRCd 27
+
+ ngIRCd 27~rc1 (2024-04-13)
+ - Validate certificates on server links. Up to now, ngIRCd optionally used
+ SSL/TLS encrypted server-server links but never checked and validated any
+ certificates. Now ngIRCd validates SSL/TLS certificates on outgoing
+ server-server links by default and drops(!) connections when the remote
+ certificate is invalid (for example self-signed, expired, not matching the
+ host name, ...). Therefore you have to make sure that all relevant
+ *certificates are valid* (or to disable certificate validation on this
+ connection using the new `SSLVerify = false` setting in the affected
+ `[Server]` block, where the remote certificate is not valid and you can not
+ fix this issue).
+ The original patch for OpenSSL dates back to 2009 and was written by Florian
+ Westphal and was extended for GnuTLS in 2014 by Christoph Biedl. But it took
+ us another 10 years to bring it to life ... oh my! Many thanks to both
+ Florian and Christoph!
+ Closes #120.
+ - Add support for the "sd_notify" protocol of systemd(8): Periodically
+ "ping" the service manager (every 3 seconds) and set a status message
+ showing current connection statistics which then is included in "systemctl
+ status ngircd.service" output. In addition, this enables using the
+ systemd(8) watchdog functionality ("WatchdogSec") for the "ngircd.service"
+ unit and allows it to use the "notify" service type, which results in
+ better status tracking by the service manager.
+ - Try to set file descriptor limit to its maximum and show info on startup:
+ The number of possible parallel connections is limited by the file
+ descriptor limit of the process (among other things). Therefore try to
+ upgrade the current "soft" limit to its "hard" maximum (but limited to
+ 100000 instead of "infinite"), and show an information or even warning when
+ the limit is still less than the configured "MaxConnections" setting. Please
+ note that ngIRCd and its linked libraries (like PAM) need file descriptors
+ not only for incoming and outgoing IRC connections, but for reading files
+ and inter-process communication, too! Therefore the actual connection limit
+ is less(!) than the file descriptor limit!
+ - Add a "Docker file" (contrib/Dockerfile) and corresponding documentation
+ (doc/Container.md) to the project. The resulting container is based on the
+ latest Debian "stable-slim" container and built using a "build container".
+ - No longer use a default built-in value for the "IncludeDir" directive when
+ a configuration file was explicitly specified on the command line using
+ "--config"/"-f": This way no default include directory is scanned when a
+ possibly non-default configuration file is used which (intentionally) did
+ not specify an "IncludeDir" directive. So now you can use "-f /dev/null"
+ for checking all built-in defaults, regardless of any local configuration
+ files in the default drop-in directory (which would have been read in
+ until this change).
+ - The server "Name" in the "[Global]" section of the configuration file no
+ longer needs to be set: When not set (or empty), ngIRCd now tries to
+ deduce a valid IRC server name from the local host name ("node name"),
+ possibly adding a ".host" extension when the host name does not contain a
+ dot (".") which is required in an IRC server name ("ID").
+ This new behavior, with all configuration parameters now being optional,
+ allows running ngIRCd without any configuration file at all.
+ - Autodetect support for IPv6 by default: Until now, IPv6 support was disabled
+ by default, which seems a bit outdated in 2024. Note: You still can pass
+ "--enable-ipv6"/"--disable-ipv6" to the ./configure script to forcefully
+ activate or deactivate IPv6 support.
+ - Do IDENT requests even when DNS lookups are disabled: Up to now disabling
+ DNS in the configuration disabled IDENT lookups as well (for no good
+ reason). Now you can activate/deactivate DNS lookups and IDENT requests
+ completely separately. Thanks for reporting this, Miniontoby!
+ Closes #291.
+ - Allow SSL client-only configurations without keys/certificates: You don't
+ need to configure certificates/keys as long as you don't configure
+ SSL-enabled listening ports. This can make sense when you want to only link
+ your local daemon to an uplink server using SSL and only have clients on
+ your local host or in your fully trusted network, where SSL is not required.
+ - Respect "SSLConnect" option for incoming connections and do not accept
+ incoming plain-text ("non SSL") server connections for servers configured
+ with "SSLConnect" enabled. This change prevents an authenticated
+ client-server being able to force the server-server to send its password
+ on a plain-text connection when SSL/TLS was intended.
+ - Add a new option "Autojoin" to [Channel] blocks: When it is set, ngIRCd
+ automatically joins all local users to this channel on connect. Note: The
+ users must have permissions to access the channel, otherwise joining them
+ will fail!
+ Thanks Ivan Agarkov <i_agarkov@wargaming.net> for the initial patch!
+ - Hide invisible (+i) users on "WHOIS <pattern>": Let's behave like most(?)
+ other IRC daemons (at least ircd2.11) and hide all +i users when WHOIS is
+ used with a pattern. Otherwise privacy of this users is not guaranteed and
+ the +i mode a bit useless ...
+ Reported by Cahata on #ngircd, thanks!
+ - Make the debug log level ("--debug"/-"d" command line option) always
+ available, not only when ./configure'd with "--enable-debug": the latter
+ now only enables additional checks (like the tests done using assert(2))
+ and is signalled by adding "+DEBUG" to the version "feature string". This
+ change enables everyone to get even more detailed logging when required.
+ - Allow IRC Operators to use the WHO command on any channel.
+ - Send the NAMES list and channel topic to users "forcefully" joined to a
+ channel using NJOIN, like they joined on their own using JOIN, and
+ streamline the order of NAMES list and channel topic messages.
+ Closes #288.
+ - Added a new command line option "-y"/"--syslog", with which logging to
+ syslog can be activated/deactivated separately from running on the console
+ (using "--nodaemon") or in the background.
+ Thanks Katherine Peeters for the patch and pull request!
+ Closes #294.
+ - Update, enhance and extend our documentation in README.md, INSTALL.md,
+ doc/HowToRelease.txt and the manual pages ngircd(8) and ngircd.conf(5), add
+ a new doc/QuickStart.md document, and convert some more documentation files
+ to Markdown (AUTHORS.md, contrib/README.md, doc/FAQ.md, doc/SSL.md).
+
+ngIRCd 26.1 (2021-01-02)
+
+ - This release is a bugfix release only, without new features.
+
+ngIRCd 26 (2020-06-20)
+
+ ngIRCd 26~rc2 (2020-06-11)
+ - Add AppStream metadata file (contrib/de.barton.ngircd.metainfo.xml).
+ - Various bug fixes, see the ChangeLog. No new or changed functionality.
ngIRCd 26~rc1 (2020-05-10)
- Allow up to 512 characters per line in MOTD and help text files (but keep
data from the network (which most probably would overflow the read buffer
of this connection soon).
- Log G-/K-Line changes only when not initiated by a server: this prevents
- the log from becomming spammed during "net bursts".
+ the log from becoming spammed during "net bursts".
- Update test suite to include SSL tests, including checking for reloading
certificates during runtime.
- Add support for GnuTLS certificate reload, which is quite handy when using
"error" before). Exit with code 2 ("command line error") for all other
invalid command line options, and show the error message itself on stderr
(instead of stdout and exit code 1, "generic error", as before).
- This new behaviour is more in line with the GNU "coding standards",
+ This new behavior is more in line with the GNU "coding standards",
see <https://www.gnu.org/prep/standards/html_node/_002d_002dhelp.html>.
- Add ./contrib/nglog.sh: This script parses the log output of ngircd(8),
and colorizes the messages according to their log level. Example usage:
ngIRCd 25~rc1 (2018-08-11)
- Only send TOPIC updates to a channel when the topic actually changed:
- This prevents the channel from becoming flooded by unecessary TOPIC update
+ This prevents the channel from becoming flooded by unnecessary TOPIC update
messages, that can happen when IRC services try to enforce a certain topic
but which is already set (at least on the local server), for example.
Therefore still forward it to all servers, but don't inform local clients
projects / ngircd-alex.git / blobdiff