X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd-alex.git;a=blobdiff_plain;f=ChangeLog;h=95f67f10a97098b5d473721f1b29f3fd9356b9cd;hp=08d337fa72e47940a87f34f74ded362ece29f23e;hb=20b52fe33dc3387d50790ed6da8c47c34277527a;hpb=65359ff8f722efdf24700ce05011afc0fef28924 diff --git a/ChangeLog b/ChangeLog index 08d337fa..95f67f10 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,10 +9,173 @@ -- ChangeLog -- +ngIRCd 21 (2013-10-30) + + - ./contrib/Debian/ngircd.init: Make sure no stale PID file is left over + when (re-)starting ngIRCd. + - Change ./contrib/platformtest.sh and update ./doc/Platforms.txt to + allow usernames up to 8 characters. + - Call arc4random_stir() in forked subprocesses, when available. This + is required by FreeBSD <10 and current NetBSD at least to correctly + initialize the "arc4" random number generator on these platforms. + - Update our own Debian package configuration and fix the default path + of the "HelpFile" of the "full" package variants. + + ngIRCd 21~rc2 (2013-10-20) + - Report the correct configuration file name on configuration errors, + support longer configuration lines, and warn when lines are truncated. + - Use arc4random() function to generate "random" numbers, when available. + - platformtest.sh: Detect clang compiler, and clean up GIT source tree + before building (when possible). + - Update (date of) manual pages. + - Update "Upgrade Information" in INSTALL file, add more systems to + doc/Platforms.txt, and fix spelling in NEWS and ChangeLog files =:) + - Fix remaining compiler warnings on OpenBSD. + + ngIRCd 21~rc1 (2013-10-05) + - Actually KILL clients on GLINE/KLINE. (Closes bug #156) + - Adjust log messages for invalid and spoofed prefixes, which cleans up + logging of commands related to already KILL'ed clients. And don't + forward KILL commands for (already) unknown clients any more to prevent + unnecessary duplicates. + - Add support to show all user links using the "STATS L" (uppercase) + command (restricted to IRC Operators). + - Fixed blocking of server reconnects in some error configurations. + - Don't ignore SSL-related errors during startup any more: abort startup + when SSL is requested by the configuration but can't be initialized and + don't continue only listening on plain text communication ports. + (Closes bug #163) + - Implement configurable SSL cipher list selection for GnuTLS and OpenSSL + using the new configuration option "CipherList". In addition, this + changes the defaults to more secure values: "HIGH:!aNULL:@STRENGTH" for + OpenSSL, and "SECURE128" for GnuTLS. + - Fix "TRACE": Correctly return ERR_NEEDMOREPARAMS(461) (which basically + is "syntax error") when there are too many parameters. + - Clean up lots of permission and parameter checks in functions handling + IRC commands; and more consistently add penalty times on errors. + - Fix error numeric of WHOIS when no nick name has been provided: + as per RFC it should be ERR_NONICKNAMEGIVEN(431). + - Only log "IDENT ... no result" messages when an IDENT looked took place + and didn't return any data, not when IDENT has been disabled. + - Show connection flag "s" (SSL) in RPL_TRACE{LINK|SERVER} messages: now + you can check if a server-to-server link is SSL-encrypted or not using + the IRC "TRACE" command. + - Correctly discard supplementary groups on server startup. + - Save client IP address text for "WebIRC" users and correctly display + it on WHOIS, for example. (Closes bug #159) + - Implement the new configuration option "DefaultUserModes" which lists + user modes that become automatically set on new local clients right + after login. Please note that only modes can be set that the client + could set on itself, so you can't set "a" (away) or "o" (IRC Op), + for example! User modes "i" (invisible) or "x" (cloaked) etc. are + "interesting", though. (Closes bug #160) + - Add support for the new METADATA "account" property, which allows + services to automatically identify users after netsplits and across + service restarts. + - Enforce "penalty times" on error conditions more consistently and in + more places. Now most error codes sent back from the IRC server to the + client should result in a 2 second "penalty". + - Implement a new configuration option "AllowedChannelTypes" that lists + all allowed channel types (channel prefixes) for newly created channels + on the local server. By default, all supported channel types are allowed. + If set to the empty string, local clients can't create new channels at + all, which equals the old "PredefChannelsOnly = yes" setting. + This change deprecates the "PredefChannelsOnly" variable, too, but it is + still supported and translated to the appropriate "AllowedChannelTypes" + setting. When the old "PredefChannelsOnly" variable is processed, a + warning message is logged. (Closes bug #152) + - Add support for "client certificate fingerprinting". When a client + passes an SSL certificate to the server, the "fingerprint" will be + forwarded in the network which enables IRC services to identify the + user using this certificate and not using passwords. + - IRC Operator names, as defined in ngircd.conf, are logged now when + handling successful OPER commands. + - Some error conditions while handling IRC commands, like "permission + denied" or "need more parameters", result in more penalty times. + - The numeric replies of some commands became split too early which + resulted in more numeric reply lines than necessary. + - Implement a new configuration option "IncludeDir" in the "[Options]" + section that can be used to specify a directory which can contain + further configuration files and configuration file snippets matching + the pattern "*.conf". These files are read in after the main server + configuration file ("ngircd.conf" by default) has been read in and + parsed. The default is "$SYSCONFDIR/ngircd.conf.d", so that it is + possible to adjust the configuration only by placing additional files + into this directory. (Closes bug #157) + - Fix use-after-free in the Lists_CheckReason() function, which is used + to check if a client is a member of a particular ban/invite/... list. + - Xcode: fix detection of host OS, vendor, and CPU type, and update + project settings for Xcode 5. + - OS X PackageMaker: use relative path names in project files and package + with correct file permissions (requires root privileges on "make"). + - Add Travis-CI configuration file (".travis.yml") to project. + - Look for possible cloaked Masks in Lists. Users with +x user mode can + be banned with their cloaked hostname now. + - Don't read SSL client data before DNS resolver is finished which could + have resulted in discarding the resolved client hostname and IDENT + reply afterwards, because in some situations (timing dependent) the + NICK and USER commands could have already been read in from the client, + stored in the buffer, and been processed. + Thanks to Julian Brost for reporting the issue and testing, and to + Federico G. Schwindt for helping to debug it! + - Increase password length limit to 64 characters. (Closes bug #154) + - doc/Services.txt: Update Anope status and URL. + - Clean up Xcode project file, remove outdated files, add missing ones. + - Update Doxygen configuration file. + - configure: search for iconv_open as well as libiconv_open, because + on some installations iconv_open() is actually libiconv_open(). + iconv_open() is the glibc version while libiconv_open() is the + libiconv version, now both variants are supported. (Closes bug #151) + - ngIRCd now accepts user names including "@" characters, saves the + unmodified name for authentication but stores only the part in front + of the "@" character as "IRC user name". And the latter is how + ircd2.11, Bahamut, and irc-seven behave as well. (Closes bug #155) + - Lots of IRC "information functions" like ADMIN, INFO, ... now accept + server masks and names of connected users (in addition to server names) + for specifying the target server of the command. (Closes bug #153) + - Implement a new configuration option "IdleTimeout" in the "[Limits]" + section of the configuration file which can be used to set a timeout + in seconds after which the whole daemon will shutdown when no more + connections are left active after handling at least one client. + The default is 0, "never". + This can be useful for testing or when ngIRCd is started using "socket + activation" with systemd(8), for example. + - Implement support for systemd(8) "socket activation". + - contrib/README: add description for more files. + - Enable WHOIS to display information about IRC Services using the new + numeric 310(RPL_WHOISSERVICE) This numeric is used for this purpose by + InspIRCd, for example -- but as usual, other numerics are in use, too, + like 613 in UltimateIRCd ... + Please note that neither the Operator (+o) not the "bot status" (+B) + of an IRC service is displayed in the output. + - Exit message: use singular & plural :-) + - autogen.sh: Check for autoconf/automake wrapper scripts + - Add missing punctuation marks in log messages, adjust some severity + levels, and make SSL-related messages more readable. + - AUTHORS file: Update list of contributors. + - Update systemd(8) example configuration files in ./contrib/ directory: + the "ngircd.service" file now uses the "forking" service type which + enhances the log messages shown by "systemctl status ngircd.service", + and the new "ngircd.socket" file configures a systemd socket that + configures a socket for ngIRCd and launches the daemon on demand. + - Enhance help system and the HELP command: now a "help text file" can be + set using the new configuration option "HelpFile" ("global" section), + which is read in and parsed on server startup and configuration reload, + and then is used to output individual help texts to specific topics. + Please see the file ./doc/Commands.txt for details. + +ngIRCd 20.3 (2013-08-23) + + - Security: Fix a denial of service bug (server crash) which could happen + when the configuration option "NoticeAuth" is enabled (which is NOT the + default) and ngIRCd failed to send the "notice auth" messages to new + clients connecting to the server (CVE-2013-5580). + ngIRCd 20.2 (2013-02-15) - Security: Fix a denial of service bug in the function handling KICK - commands that could be used by arbitrary users to to crash the daemon. + commands that could be used by arbitrary users to to crash the daemon + (CVE-2013-1747). - WHO command: Use the currently "displayed hostname" (which can be cloaked!) for hostname matching, not the real one. In other words: don't display all the cloaked users on a specific real hostname! @@ -35,7 +198,7 @@ ngIRCd 20.2 (2013-02-15) - autogen.sh: Enforce serial test harness on GNU automake >=1.13. The new parallel test harness which is enabled by default starting with automake 1.13 isn't compatible with our test suite. - And don't use "egrep -o", insetead use "sed", because it isn't portable + And don't use "egrep -o", instead use "sed", because it isn't portable and not available on OpenBSD, for example. ngIRCd 20.1 (2013-01-02) @@ -56,7 +219,7 @@ ngIRCd 20 (2012-12-17) - Allow user names ("INDENT") up to 20 characters when ngIRCd has not been configured for "strict RFC mode". This is useful if you are using - external (PAM) authenticaion mechanisms that require longer user names. + external (PAM) authentication mechanisms that require longer user names. Patch suggested by Brett Smith , see . @@ -211,7 +374,7 @@ ngIRCd 20 (2012-12-17) the hash function. When "CloakHostSalt" is not set (the default), a random salt will be generated after each server restart. (Closes #133) -ngIRCd Release 19.2 (2012-06-19) +ngIRCd 19.2 (2012-06-19) - doc/Capabilities.txt: document "multi-prefix" capability @@ -241,7 +404,7 @@ ngIRCd Release 19.2 (2012-06-19) - Fix: Don't ignore "permission denied" errors when enabling chroot. - FAQ: enhance description of chroot setup. -ngIRCd Release 19.1 (2012-03-19) +ngIRCd 19.1 (2012-03-19) - Fix gcc warning (v4.6.3), initialize "list" variable to NULL. - Fix typos: "recieved" -> "received", "Please not" -> "Please note", @@ -251,7 +414,7 @@ ngIRCd Release 19.1 (2012-03-19) - getpid.sh: Fix test case error for Debian using sbuild(1). - Don't log "ngIRCd hello message" two times when starting up. -ngIRCd Release 19 (2012-02-29) +ngIRCd 19 (2012-02-29) - Update build system: bump config.guess and config.sub files used by GNU autoconf/automake to recent versions. @@ -401,7 +564,7 @@ ngIRCd Release 19 (2012-02-29) asynchronous nature of the IRC protocol. So don't break server- links, only log a message and ignore the command. (Closes #113) -ngIRCd Release 18 (2011-07-10) +ngIRCd 18 (2011-07-10) - Update timestamp of ngircd(8) manual page. - Add preliminary ngIRCd protocol module for Anope 1.9 to contrib/Anope/. @@ -511,7 +674,7 @@ ngIRCd Release 18 (2011-07-10) only relevant when a trusted server on a server-server link sends invalid commands). -ngIRCd Release 17.1 (2010-12-19) +ngIRCd 17.1 (2010-12-19) - --configtest: remember if MOTD is configured by file or phrase - Enhance log messages when establishing server links a little bit @@ -527,7 +690,7 @@ ngIRCd Release 17.1 (2010-12-19) - New numeric 329: get channel creation time on "MODE #chan" commands - Save channel creation time; new function Channel_CreationTime() -ngIRCd Release 17 (2010-11-07) +ngIRCd 17 (2010-11-07) - doc: change path names in sample-ngircd.conf depending on sysconfdir - Fix up generation and distribution of sample-ngircd.conf @@ -608,7 +771,7 @@ ngIRCd Release 17 (2010-11-07) - Fix "beeing" typo ... - SSL/TLS: fix bogus "socket closed" error message. -ngIRCd Release 16 (2010-05-02) +ngIRCd 16 (2010-05-02) - doc/SSL: remove line continuation marker @@ -648,7 +811,7 @@ ngIRCd Release 16 (2010-05-02) every channel, and c) remote clients using a server not supporting this mode are not checked either and therefore always allowed to join. -ngIRCd Release 15 (2009-11-07) +ngIRCd 15 (2009-11-07) - "ngircd --configtest": print SSL configuration options even when unset. @@ -674,7 +837,7 @@ ngIRCd Release 15 (2009-11-07) - Fix a few error handling glitches for SSL/TLS connections. - Minor fixes to manual pages and documentation. -ngIRCd Release 14.1 (2009-05-05) +ngIRCd 14.1 (2009-05-05) - Security: fix remotely triggerable crash in SSL/TLS code. - BSD start script contrib/ngircd.sh has been renamed to ngircd-bsd.sh. @@ -687,7 +850,7 @@ ngIRCd Release 14.1 (2009-05-05) - Fix server list announcement. - Do not remove host names from info text. -ngIRCd Release 14 (2009-04-20) +ngIRCd 14 (2009-04-20) - Display IPv6 addresses as "[]" when accepting connections. @@ -711,7 +874,7 @@ ngIRCd Release 14 (2009-04-20) - Fix handling of channels containing dots. (closes ug #93, reported by Gonosz Csiga) -ngIRCd Release 13 (2008-12-25) +ngIRCd 13 (2008-12-25) - Updated documentation, especially doc/Services.txt and doc/SSL.txt. - Make the test suite work on OpenSolaris. @@ -1142,7 +1305,7 @@ ngIRCd 0.7.0 (2003-05-01) - Documentation is now installed in $(datadir)/doc/ngircd. - Enhanced handling of NJOIN in case of nick collisions. -ngIRCd 0.6.1, 2003-01-21 +ngIRCd 0.6.1 (2003-01-21) - Fixed KILL: you can't crash the server by killing yourself any more, ngIRCd no longer sends a QUIT to other servers after the KILL, and you @@ -1163,15 +1326,15 @@ ngIRCd 0.6.1, 2003-01-21 Older changes (sorry, only available in german language): -ngIRCd 0.6.0, 2002-12-24 +ngIRCd 0.6.0, 24.12.2002 - ngIRCd 0.6.0-pre2, 2002-12-23 + ngIRCd 0.6.0-pre2, 23.12.2002 - neuer Numeric 005 ("Features") beim Connect. - LUSERS erweitert: nun wird die maximale Anzahl der lokalen und globalen Clients, die dem Server bzw. im Netzwerk seit dem letzten (Re-)Start dem Server gleichzeitig bekannt waren, angezeigt. - ngIRCd 0.6.0-pre1, 2002-12-18 + ngIRCd 0.6.0-pre1, 18.12.2002 - beim Schliessen einer Verbindung zeigt der Server nun vor dem ERROR noch eine Statistik ueber die empfangene und gesendete Datenmenge an. - der Server wartet bei einer eingehenden Verbindung nun laenger auf den