X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd-alex.git;a=blobdiff_plain;f=ChangeLog;h=95f67f10a97098b5d473721f1b29f3fd9356b9cd;hp=33536007c320ce7d29fbf1994f48813e38ff4e4b;hb=20b52fe33dc3387d50790ed6da8c47c34277527a;hpb=09968ee8435bfd18b6b0219b2b5b05a1a9484a5c diff --git a/ChangeLog b/ChangeLog index 33536007..95f67f10 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,17 +1,940 @@ ngIRCd - Next Generation IRC Server + http://ngircd.barton.de/ - (c)2001-2008 Alexander Barton, - alex@barton.de, http://www.barton.de/ - + (c)2001-2013 Alexander Barton and Contributors. ngIRCd is free software and published under the terms of the GNU General Public License. -- ChangeLog -- -ngIRCd 0.12.0-pre1 (2008-04-20) - +ngIRCd 21 (2013-10-30) + + - ./contrib/Debian/ngircd.init: Make sure no stale PID file is left over + when (re-)starting ngIRCd. + - Change ./contrib/platformtest.sh and update ./doc/Platforms.txt to + allow usernames up to 8 characters. + - Call arc4random_stir() in forked subprocesses, when available. This + is required by FreeBSD <10 and current NetBSD at least to correctly + initialize the "arc4" random number generator on these platforms. + - Update our own Debian package configuration and fix the default path + of the "HelpFile" of the "full" package variants. + + ngIRCd 21~rc2 (2013-10-20) + - Report the correct configuration file name on configuration errors, + support longer configuration lines, and warn when lines are truncated. + - Use arc4random() function to generate "random" numbers, when available. + - platformtest.sh: Detect clang compiler, and clean up GIT source tree + before building (when possible). + - Update (date of) manual pages. + - Update "Upgrade Information" in INSTALL file, add more systems to + doc/Platforms.txt, and fix spelling in NEWS and ChangeLog files =:) + - Fix remaining compiler warnings on OpenBSD. + + ngIRCd 21~rc1 (2013-10-05) + - Actually KILL clients on GLINE/KLINE. (Closes bug #156) + - Adjust log messages for invalid and spoofed prefixes, which cleans up + logging of commands related to already KILL'ed clients. And don't + forward KILL commands for (already) unknown clients any more to prevent + unnecessary duplicates. + - Add support to show all user links using the "STATS L" (uppercase) + command (restricted to IRC Operators). + - Fixed blocking of server reconnects in some error configurations. + - Don't ignore SSL-related errors during startup any more: abort startup + when SSL is requested by the configuration but can't be initialized and + don't continue only listening on plain text communication ports. + (Closes bug #163) + - Implement configurable SSL cipher list selection for GnuTLS and OpenSSL + using the new configuration option "CipherList". In addition, this + changes the defaults to more secure values: "HIGH:!aNULL:@STRENGTH" for + OpenSSL, and "SECURE128" for GnuTLS. + - Fix "TRACE": Correctly return ERR_NEEDMOREPARAMS(461) (which basically + is "syntax error") when there are too many parameters. + - Clean up lots of permission and parameter checks in functions handling + IRC commands; and more consistently add penalty times on errors. + - Fix error numeric of WHOIS when no nick name has been provided: + as per RFC it should be ERR_NONICKNAMEGIVEN(431). + - Only log "IDENT ... no result" messages when an IDENT looked took place + and didn't return any data, not when IDENT has been disabled. + - Show connection flag "s" (SSL) in RPL_TRACE{LINK|SERVER} messages: now + you can check if a server-to-server link is SSL-encrypted or not using + the IRC "TRACE" command. + - Correctly discard supplementary groups on server startup. + - Save client IP address text for "WebIRC" users and correctly display + it on WHOIS, for example. (Closes bug #159) + - Implement the new configuration option "DefaultUserModes" which lists + user modes that become automatically set on new local clients right + after login. Please note that only modes can be set that the client + could set on itself, so you can't set "a" (away) or "o" (IRC Op), + for example! User modes "i" (invisible) or "x" (cloaked) etc. are + "interesting", though. (Closes bug #160) + - Add support for the new METADATA "account" property, which allows + services to automatically identify users after netsplits and across + service restarts. + - Enforce "penalty times" on error conditions more consistently and in + more places. Now most error codes sent back from the IRC server to the + client should result in a 2 second "penalty". + - Implement a new configuration option "AllowedChannelTypes" that lists + all allowed channel types (channel prefixes) for newly created channels + on the local server. By default, all supported channel types are allowed. + If set to the empty string, local clients can't create new channels at + all, which equals the old "PredefChannelsOnly = yes" setting. + This change deprecates the "PredefChannelsOnly" variable, too, but it is + still supported and translated to the appropriate "AllowedChannelTypes" + setting. When the old "PredefChannelsOnly" variable is processed, a + warning message is logged. (Closes bug #152) + - Add support for "client certificate fingerprinting". When a client + passes an SSL certificate to the server, the "fingerprint" will be + forwarded in the network which enables IRC services to identify the + user using this certificate and not using passwords. + - IRC Operator names, as defined in ngircd.conf, are logged now when + handling successful OPER commands. + - Some error conditions while handling IRC commands, like "permission + denied" or "need more parameters", result in more penalty times. + - The numeric replies of some commands became split too early which + resulted in more numeric reply lines than necessary. + - Implement a new configuration option "IncludeDir" in the "[Options]" + section that can be used to specify a directory which can contain + further configuration files and configuration file snippets matching + the pattern "*.conf". These files are read in after the main server + configuration file ("ngircd.conf" by default) has been read in and + parsed. The default is "$SYSCONFDIR/ngircd.conf.d", so that it is + possible to adjust the configuration only by placing additional files + into this directory. (Closes bug #157) + - Fix use-after-free in the Lists_CheckReason() function, which is used + to check if a client is a member of a particular ban/invite/... list. + - Xcode: fix detection of host OS, vendor, and CPU type, and update + project settings for Xcode 5. + - OS X PackageMaker: use relative path names in project files and package + with correct file permissions (requires root privileges on "make"). + - Add Travis-CI configuration file (".travis.yml") to project. + - Look for possible cloaked Masks in Lists. Users with +x user mode can + be banned with their cloaked hostname now. + - Don't read SSL client data before DNS resolver is finished which could + have resulted in discarding the resolved client hostname and IDENT + reply afterwards, because in some situations (timing dependent) the + NICK and USER commands could have already been read in from the client, + stored in the buffer, and been processed. + Thanks to Julian Brost for reporting the issue and testing, and to + Federico G. Schwindt for helping to debug it! + - Increase password length limit to 64 characters. (Closes bug #154) + - doc/Services.txt: Update Anope status and URL. + - Clean up Xcode project file, remove outdated files, add missing ones. + - Update Doxygen configuration file. + - configure: search for iconv_open as well as libiconv_open, because + on some installations iconv_open() is actually libiconv_open(). + iconv_open() is the glibc version while libiconv_open() is the + libiconv version, now both variants are supported. (Closes bug #151) + - ngIRCd now accepts user names including "@" characters, saves the + unmodified name for authentication but stores only the part in front + of the "@" character as "IRC user name". And the latter is how + ircd2.11, Bahamut, and irc-seven behave as well. (Closes bug #155) + - Lots of IRC "information functions" like ADMIN, INFO, ... now accept + server masks and names of connected users (in addition to server names) + for specifying the target server of the command. (Closes bug #153) + - Implement a new configuration option "IdleTimeout" in the "[Limits]" + section of the configuration file which can be used to set a timeout + in seconds after which the whole daemon will shutdown when no more + connections are left active after handling at least one client. + The default is 0, "never". + This can be useful for testing or when ngIRCd is started using "socket + activation" with systemd(8), for example. + - Implement support for systemd(8) "socket activation". + - contrib/README: add description for more files. + - Enable WHOIS to display information about IRC Services using the new + numeric 310(RPL_WHOISSERVICE) This numeric is used for this purpose by + InspIRCd, for example -- but as usual, other numerics are in use, too, + like 613 in UltimateIRCd ... + Please note that neither the Operator (+o) not the "bot status" (+B) + of an IRC service is displayed in the output. + - Exit message: use singular & plural :-) + - autogen.sh: Check for autoconf/automake wrapper scripts + - Add missing punctuation marks in log messages, adjust some severity + levels, and make SSL-related messages more readable. + - AUTHORS file: Update list of contributors. + - Update systemd(8) example configuration files in ./contrib/ directory: + the "ngircd.service" file now uses the "forking" service type which + enhances the log messages shown by "systemctl status ngircd.service", + and the new "ngircd.socket" file configures a systemd socket that + configures a socket for ngIRCd and launches the daemon on demand. + - Enhance help system and the HELP command: now a "help text file" can be + set using the new configuration option "HelpFile" ("global" section), + which is read in and parsed on server startup and configuration reload, + and then is used to output individual help texts to specific topics. + Please see the file ./doc/Commands.txt for details. + +ngIRCd 20.3 (2013-08-23) + + - Security: Fix a denial of service bug (server crash) which could happen + when the configuration option "NoticeAuth" is enabled (which is NOT the + default) and ngIRCd failed to send the "notice auth" messages to new + clients connecting to the server (CVE-2013-5580). + +ngIRCd 20.2 (2013-02-15) + + - Security: Fix a denial of service bug in the function handling KICK + commands that could be used by arbitrary users to to crash the daemon + (CVE-2013-1747). + - WHO command: Use the currently "displayed hostname" (which can be cloaked!) + for hostname matching, not the real one. In other words: don't display all + the cloaked users on a specific real hostname! + - configure: The header file "netinet/in_systm.h" already is optional in + ngIRCd, so don't require it in the configure script. Now ngIRCd can be + built on Minix 3 again :-) + - Return better "Connection not registered as server link" errors: Now ngIRCd + returns a more specific error message for numeric ERR_NOTREGISTERED(451) + when a regular user tries to use a command that isn't allowed for users but + for servers. + - Don't report ERR_NEEDMOREPARAMS(461) when a MDOE command with more modes + than nicknames is handled, as well as for channel limit and key changes + without specifying the limit or key parameters. + This is how a lot (all?) other IRC servers behave, including ircd2.11, + InspIRCd, and ircd-seven. And because of clients (tested with Textual and + mIRC) sending bogus MODE commands like "MODE -ooo nick", end-users got the + expected result as well as correct but misleading error messages ... + - Correctly detect when SSL subsystem must be initialized and take + outgoing connections (server links!) into account, too. + - autogen.sh: Enforce serial test harness on GNU automake >=1.13. The + new parallel test harness which is enabled by default starting with + automake 1.13 isn't compatible with our test suite. + And don't use "egrep -o", instead use "sed", because it isn't portable + and not available on OpenBSD, for example. + +ngIRCd 20.1 (2013-01-02) + + - Allow ERROR command on server and service links only, ignore them and + add a penalty time on all other link types. + - Enforced mode setting by IRC Operators: Only check the channel user + modes of the initiator if he is joined to the channel and not an IRC + operator enforcing modes (which requires the configuration option + "OperCanUseMode" to be enabled), because trying to check channel user + modes of a non-member results in an assertion when running with debug + code or could crash the daemon otherwise. This closes bug #147, thanks + to James Kirwill for tracking this down! + - Fix build system to cope with spaces in path names. + - Code cleanups, mostly to fix build warnings on Cygwin. + +ngIRCd 20 (2012-12-17) + + - Allow user names ("INDENT") up to 20 characters when ngIRCd has not + been configured for "strict RFC mode". This is useful if you are using + external (PAM) authentication mechanisms that require longer user names. + Patch suggested by Brett Smith , see + . + + ngIRCd 20~rc2 (2012-12-02) + - Rework cloaked hostname handling and implement the "METADATA cloakhost" + subcommand: Now ngIRCd uses two fields internally, one to store the + "real" hostname and one to save the "cloaked" hostname. This allows + "foreign servers" (aka "IRC services") to alter the real and cloaked + hostnames of clients without problems, even when the user itself issues + additional "MODE +x" and "MODE -x" commands. + - RPL_UMODEIS: send correct target name, even on server links. + - Update platformtest.sh to follow autoconf changes and only generate + the "configure" script when it is missing. + - Fix the test suite to correctly execute test scripts even when stdout + is redirected. + - Fix some compiler warnings on NetBSD and OpenBSD. + + ngIRCd 20~rc1 (2012-11-11) + - Update doc/Services.txt: describe the upcoming version of Anope 1.9.8, + then including a protocol module for ngIRCd. And remove our own patches + in ./contrib/Anope because they aren't supported any more ... + - Implement new "METADATA" command which can be used by remote servers + and IRC services to update client metadata like the client info text + ("real name"), user name, and hostname, and use this command to + configure an cloaked hostname (user mode "+x") on remote servers: + This prevents "double cloaking" of hostnames and even cloaked + hostnames are in sync on all servers supporting "METADATA" now. + - Fix error message when trying to join non-predefined channels and the + "PredefChannelsOnly" configuration option is set. + - Implement new IRC "SVSNICK" command to allow remote servers (and IRC + services) to change nicknames of already registered users. The SVSNICK + command itself doesn't change the nickname, but it becomes forwarded + to the server to which the user is connected to. And then this server + initiates the real nickname changing using regular NICK commands. + This allows to run mixed networks with old servers not supporting the + SVSNICK command, because SVSNICK commands for nicknames on such servers + are silently ignored and don't cause a desynchronization of the network. + - Make server reconnect time a little bit more random, so that two + servers trying to connect to each other asynchronously don't try this + in exactly the same time periods and kick each other off ... + - Don't accept connections for servers already being linked: there was a + time frame that could result in one connection overwriting the other, + e. g. the incoming connection overwriting the status of the outgoing + one. And this could lead to all kind of weirdness (even crashes!) later + on: now such incoming connections are dropped. + - New configuration option "MaxListSize" to configure the maximum number + of channels returned by a LIST command. The default is 100, as before. + - Implement user mode "b", "block messages": when a user has set mode "b", + all private messages and notices to this user are blocked if they don't + originate from a registered user, an IRC Op, server or service. The + originator gets an error numeric sent back in this case, + ERR_NONONREG_MSG (486), which is used by UnrealIRCd, too. (Closes #144) + - WHOIS: Not only show RPL_WHOISHOST_MSG to local IRC operators, but show + it to all IRC operators in the network. And don't show it to anybody if + the "more privacy" configuration option is enabled. (Closes #134) + - Test suite: make expect scripts more verbose displaying dots for each + reply of the server that it is waiting for. + - WHOIS: Implement numeric RPL_WHOISMODES_MSG (379) and show user modes in + the reply of the WHOIS command for the user himself or, if MorePrivacy + isn't set, for request initiated by an IRC operator. (Closes #129) + - Implement channel mode "V" (invite disallow): If the new channel mode + "V" is set, the INVITE command becomes invalid and all clients get the + new ERR_NOINVITE_MSG (518) reply. (Closes #143) + - KICK-protect IRC services. + - Implement channel mode "Q" and user mode "q": Both modes protect users + from channel kicks: only IRC operators and servers can kick users having + mode "q" or in channels with mode "Q". (Closes #141) + - Debian: require "telnet" or "telnet-ssl" for building and enable + CHARCONV in ngircd-full[-dbg] variants. + - Send RPL_REHASHING (382) numeric if a REHASH command was accepted. + - Fix spelling and variable names in some log messages. + - Allow users to "cloak" their hostname only when the configuration + variable "CloakHostModeX" (introduced in 19.2) is set. Otherwise, only + IRC operators, other servers, and services are allowed to set the user + mode "+x": this prevents regular users from changing their hostmask to + the name of the IRC server itself, which confused quite a few people ;-) + (Closes #133) + - New configuration option "OperChanPAutoOp": If disabled, IRC operators + don't become channel operators in persistent channels when joining. + Enabled by default, which has been the behavior of ngIRCd up to this + patch. (Closes #135) + - Allow IRC operators to see secret (+s) channels in LIST command as long + as the "MorePrivacy" configuration option isn't enabled in the + configuration file. (Closes #136) + - Enhance build system: Support new (>=1.12) and old (<=1.11) GNU automake + versions, update checks for required and optional features, enable + colored test output of automake (if available), rename configure.in to + more modern configure.ac, include .mailmap and all build-system files in + distribution archives and no longer require a GIT tree to detect the + correct version string. + - Update documentation: add doc/Contributing.txt and include version + numbers in doc/Modes.txt. + - Free all listen ports on initialization: now listen ports can be + reconfigured on runtime using a configuration reload. + - Initialize SSL when needed only, and disable SSL on errors. + - Implement new (optional) IRC+ "CHARCONV" command to set a client + character set that the server translates all messages to/from UTF-8. + This feature requires the "libiconv" library and must be enabled using + the new "--with-iconv" option of the ./configure script. See + doc/Protocol.txt for details. (Closes #109) + - Allow limited punctuation in usernames, for better PAM integration. + - Correctly re-initialize signal handlers on RESTART commands. + - Show a warning on startup if the configuration file is not a full path: + ngIRCd is a long-running process and changes its working directory to + "/" to not block mounted filesystems and the like when running as daemon + ("not in the foreground"); therefore the path to the configuration file + must be relative to "/" (or the chroot() directory), which basically is + "not relative", to ensure that "kill -HUP" and the "REHASH" command work + as expected later on. (Closes #127) + - Make the "&SERVER" channel definable in a [Channel] configuration block, + which enables server operators to overwrite the built-in topic and + channel modes. (Closes #131) + - Don't limit list size of "WHO #channel" commands, because it makes no + sense to not return all the users in that channel, so I removed the + check. But if there are more than MAX_RPL_WHO(25) replies, the client + requesting the list will be "penalized" one second more, then 2 in + total. (Closes #125) + - Make ngIRCd buildable using the kqueue() IO interface on FreeBSD 4.x. + - Fix the "NoticeAuth" configuration option when using SSL connections and + enhance the message to show the hostname and IDENT reply of the client. + - Introduce numeric RPL_HOSTHIDDEN_MSG (396): This numeric is sent to the + client each time it changes its displayed hostname using "MODE +/-x", + and if "CloakHost" is set right after the MOTD has been sent. + - Fix USERHOST not displaying the correctly cloaked hostname. + - Implement user mode "B" ("Bot flag"): it is settable and unsettable by + every (non-restricted) client. This is how Unreal and InspIRCd do + behave, and so do we :-) + - Dynamically allocate memory for connection passwords: This a) saves + memory for clients not using passwords at all and b) allows for + "arbitrarily" long passwords. + - Implement channel mode "M": Only the server, identified users and IRC + operators are able to talk in such a channel. + - Block nicknames that are reserved for services and are defined using the + configuration variable "ServiceMask" in "Server" blocks; And this + variable now can handle more than one mask separated by commas. + - Now "make uninstall" removes the installed "ngircd.conf" file, if it is + still equal to our "sample-ngircd.conf" file and therefore hasn't been + modified by the user. If it has been modified, it isn't removed and a + notice is displayed to the user. And "make install" now displays a + message when no ngircd.conf file exists and the "sample-ngircd.conf" + file will be installed as a starting point. + - Add contrib/ngircd.service, a systemd service file for ngircd. + - Implemented XOP channel user modes: "Half Op" ("+h", prefix "%") can set + the channel modes +imntvIbek and kick all +v and normal users; "Admin" + ("+a", prefix "&") can set channel modes +imntvIbekoRsz and kick all +o, + +h, +v and normal users; and "Owner" ("+q", prefix "~") can set channel + modes +imntvIbekoRsz and kick all +a, +o, +h, +v and normal users. + - Implement hashed cloaked hostnames for both the "CloakHost" and + "CloakHostModeX" configuration options: now the admin can use the new + '%x' placeholder to insert a hashed version of the clients hostname, + and the new configuration option "CloakHostSalt" defines the salt for + the hash function. When "CloakHostSalt" is not set (the default), a + random salt will be generated after each server restart. (Closes #133) + +ngIRCd 19.2 (2012-06-19) + + - doc/Capabilities.txt: document "multi-prefix" capability + + ngIRCd 19.2~rc1 (2012-06-13) + - New configuration option "CloakHostModeX" to configure the hostname + that gets used for IRC clients which have user mode "+x" enabled. + Up to now, the name of the IRC server itself has been used for this, + which still is the default when "CloakHostModeX" isn't set. + - Correctly handle asynchronously re-established server links: a race + condition could let the daemon loose track of an already re-established + incoming server link while preparing its own outgoing connection. + Peers that both try to connect each other could have been affected. + - Log a debug message when SIGUSR2 is handled in debug mode. + - Only allow alphanumeric characters in user-supplied user names of + USER command and IDENT replies. + - Change wording of "TLS initialized" message to make it more consistent. + - Don't leak file descriptors on error path when creating "PID files". + - Add missing mode "r" to CHANMODES in 005 "ISUPPORT" numeric. + - Update doc/Modes.txt and doc/Platforms.txt documents. + - contrib/platformtest.sh: correctly detect Open64 C compiler and handle + "CC=xxx MAKE=yyy ./platformtest.sh" calling convention. + - Add instructions for setting up Atheme IRC services. + - Implement support for IRC capability handling, the new "CAP" command, + and capablity "multi-prefix" which allows both the NAME and WHO command + handlers to return more than one "class prefix" to the client. + - Update Xcode project files: reference missing documentation files. + - Fix: Don't ignore "permission denied" errors when enabling chroot. + - FAQ: enhance description of chroot setup. + +ngIRCd 19.1 (2012-03-19) + + - Fix gcc warning (v4.6.3), initialize "list" variable to NULL. + - Fix typos: "recieved" -> "received", "Please not" -> "Please note", + and fix lintian(1) warning ""hyphen-used-as-minus-sign", too. + - Really include _all_ patches to build the Anope module into the + distribution archive ... ooops! + - getpid.sh: Fix test case error for Debian using sbuild(1). + - Don't log "ngIRCd hello message" two times when starting up. + +ngIRCd 19 (2012-02-29) + + - Update build system: bump config.guess and config.sub files used by + GNU autoconf/automake to recent versions. + - Fix configuration file parser: don't accept "[SSL]" blocks in the + configuration file when no SSL support is built in ngIRCd. + - Fix building ngIRCd with old gcc versions (e. g. 2.7.2). + - Correctly re-open syslog logging after reading of configuration + file: Syslog logging has been initialized before reading the + configuration, so ngIRCd always used the default facility and ignored + the "SyslogFacility" configuration option ... + Thanks to Patrik Schindler for reporting this issue! + + ngIRCd 19~rc1 (2012-02-12) + - Enhance command limits for server links: the limit now is dependent + on the number of users connected in the network and higher while + servers are joining the network to make the login of servers faster. + - Log more information about server synchronization. + - Update preliminary ngIRCd protocol module for Anope 1.9.6, which now + is the only supported version. + - New numeric RPL_WHOISHOST_MSG(378), which returns the DNS host name + (if available) and the IP address of a client in the WHOIS reply. + Only the user itself and local IRC operators get this numeric. + - Implement channel exception list (mode 'e'). This allows a channel + operator to define exception masks that allow users to join the + channel even when a "ban" would match and prevent them from joining: + the exception list (e) overrides the ban list (b). + - PRIVMSG and NOTICE: Handle nick!user@host masks case-insensitive. + - Implement user mode 'C': If the target user of a PRIVMSG or NOTICE + command has the user mode 'C' set, it is required that both sender + and receiver are on the same channel. This prevents private flooding + by completely unknown clients. + - New RPL_WHOISREGNICK_MSG(307) numeric in WHOIS command replies: it + indicates if a nickname is registered (if user mode 'R' set). + - Limit channel invite, ban, and exception lists to 50 entries and fix + duplicate check and error messages when adding already listed entries + or deleting no (longer) existing ones. + - Fix both ERR_SUMMONDISABLED(445) and ERR_USERSDISABLED(446) replies. + - MODE command: correctly return ERR_UNKNOWNMODE(472) numeric for + unknown channel modes, instead of ERR_UMODEUNKNOWNFLAG(501). + - ISUPPORT(005) numeric: add "O", "R", and "z" modes to "CHANMODES", + add "EXCEPTS=e" and "INVEX=I", add "MAXLIST=beI:50". + - Limit the number of list items in the reply of LIST (100), WHO (25), + WHOIS (10), and WHOWAS (25) commands. + - LIST command: compare pattern case insensitive. + - Limit the MODE command to handle a maximum number of 5 channel modes + that require an argument (+Ibkl) per call and report this number + in the ISUPPORT(005) numeric: "MODES=5". + - Fix handling of channel mode sequence with/without arguments. + For example, don't generate wrong error messages when handling + "MODE #chan +IIIIItn *!aa@b *!bb@c *!cc@d *!dd@e *!ee@f". + - When sending data on a connection, only try to get the type of + the client if there still is one assigned. This could trigger an + assertion and end the daemon in some error paths. + - Don't try to close already closed/invalid sockets to forked child + processes. This could potentially crash the daemon in some cases + with IDENT lookups enabled. + - WHOIS command: make sure that the reply ends with RPL_ENDOFWHOIS, + don't answer queries for IRC servers, make sure mask matching is + case-insensitive, and that RPL_ENDOFWHOIS numeric is sent with the + unmodified mask (like it has been received from the client). + - LINKS command: support parameter to limit the reply. + - Add 1 second penalty for every further target on PRIVMSG/NOTICE + commands: this reduces the possibility of flooding channels with + commands like "PRIVMSG/NOTICE #a,#n,#c,... :message" a little bit. + Problem noticed by Cahata, thanks! + - Display correct error message when "Server{UID|GID}" variable in the + configuration file is invalid (not a number and no existing user). + - Update Copyright notices for 2012 :-) + - JOIN command: don't stop handling of channel lists when a single + channel cannot be joined (because of bad name, wrong key or channel + limit reached), but report an error and continue. And don't check + the channel limit and don't report with "too many channels" when + trying to join a channel that the client already is a member of. + - ISON command: reply with the correct upper-/lowercase nicknames. + - New configuration option "PAMIsOptional": when set, clients not + sending a password are still allowed to connect: they won't become + "identified" and keep the "~" character prepended to their supplied + user name. See "man 5 ngircd.conf" for details. + - Fixed handling of WHO commands. This fixes two bugs: "WHO " + returned nothing at all if the user was "+i" (reported by Cahata, + thanks) and "WHO " returned channel names instead + of "*" when the user was member of a (visible) channel. + - Fixed some spelling errors in documentation and code comments + (Thanks to Christoph Biedl). + - contrib/Debian/control: Update and complete "Build-Depends" and + update our Debian package descriptions with "official" ones. + - Fixed typo in two error messages. + - LUSERS reply: only count channels that are visible to the requesting + client, so the existence of secret channels is no longer revealed by + using LUSERS. Reported by Cahata, thanks! + - Unknown user and channel modes no longer stop the mode parser, but + are simply ignored. Therefore modes after the unknown one are now + handled. This is how ircd2.10/ircd2.11/ircd-seven behave, at least. + Reported by Cahata, thanks! + - README: Update list of implemented commands. + - Log better error messages when rejecting clients. + - Implement IRC commands "GLINE" and "KLINE" to ban users. G-Lines are + synchronized between server on peering, K-Lines are local only. + If you use "*!@" or "*!*@" masks, these connections + are blocked even before the user is fully logged in (before PASS, + NICK, and USER commands have been processed) and before the child + processes for authentication are forked, so resource usage is smaller. + - Xcode: update project file for Xcode 4.2 and define HAVE_GAI_STRERROR + for Mac OS X Xcode builds. + - ./configure: Fix logic and quoting of poll() detection code: only use + poll() when poll.h exists as well. + - Suppress 'Can't create pre-defined channel: invalid name: ""' message. + - whois-test: handle local host name = "localhost.localdomain" using the + pattern "localhost*" for valid local host names. + - sample-ngircd.conf: show correct default for "PAM" variable: The + default of "PAM" is "yes" when ngIRCd has been configured to use it, + so show the correct default value in the sample configuration file. + (Closes #119) + - Update GPL 2 license text to current version. + - Only close "unrelated" sockets in forked child processes: This fixes + the problem that ngIRCd can't do any IDENT lookups because of the + socket has already been closed in the child process. + The bug has been introduced starting with ngIRCd 17 ... :-( + (commit ID 6ebb31ab35e) + - Added doc/Modes.txt: document modes supported by ngIRCd. + - Implement user mode "R": indicates that the nickname of this user + is "registered". This mode isn't handled by ngIRCd itself, but must + be set and unset by IRC services like Anope. + - Implement channel mode "R": only registered users (having the user + mode "R" set) are allowed to join this channel. + - Test suite: bind to loopback (127.0.0.1) interface only. + - New 2nd message "Nickname too long" for error code 432. + - Xcode: Mac OS X config.h: support 10.5 as well as 10.6/10.7 SDK. + - Xcode: exclude more Xcode 4 specific directories in ".gitignore". + - Disconnect directly linked servers sending QUIT. Without this, + the server becomes removed from the network and the client list, + but the connection isn't shut down at all ... + - contrib/ngindent: detect "gindent" as GNU indent. + - Handle unknown user and channel modes: these modes are saved and + forwarded to other servers, but ignored otherwise. + - Handle channel user modes 'a', 'h', and 'q' from remote servers. + These channel user modes aren't used for anything at the moment, + but ngIRCd knows that these three modes are "channel user modes" + and not "channel modes", that is that these modes take an "nickname" + argument. Like unknown user and channel modes, these modes are saved + and forwarded to other servers, but ignored otherwise. + - Correctly inform clients when other servers change their user modes. + This is required for some services to work correctly. + - Test suite: make getpid.sh work even when run as root. + - Spoofed prefixes: close connection on non-server links only. + On server-links, spoofed prefixes can happen because of the + asynchronous nature of the IRC protocol. So don't break server- + links, only log a message and ignore the command. (Closes #113) + +ngIRCd 18 (2011-07-10) + + - Update timestamp of ngircd(8) manual page. + - Add preliminary ngIRCd protocol module for Anope 1.9 to contrib/Anope/. + - Don't register WHOWAS information when "MorePrivacy" option is in effect. + + ngIRCd 18~rc2 (2011-06-29) + - Update documentation, fix some wording, and use a spellchecker :-) + - ngircd.conf.5: strip "SSL" prefix from variables in [SSL] section. + - ngircd.8: document debugging options. + - GnuTLS: use 1024 bits as minimum size of the DH prime. This enables + ngIRCd to accept incoming connections from other servers and clients + that "only" use at least 1024 bits again, like ngIRCd 17 did (and no + longer requires 2048 bits for incoming connections). + + ngIRCd 18~rc1 (2011-06-27) + - PAM warning message: make clear which "Password" config option is ignored. + - New configuration option "MorePrivacy" to "censor" some user information. + When enabled, signon time and idle time is left out. Part and quit + messages are made to look the same. WHOWAS requests are silently dropped. + All of this is useful if one wish to conceal users that access the ngircd + servers from TOR or I2P. + - New configuration option "ScrubCTCP" to scrub incoming CTCP commands. If + activated, the server silently drops incoming CTCP requests from both + other servers and from users. The server that scrubs CTCP will not forward + the CTCP requests to other servers in the network either, which can spell + trouble if not every oper knows about the CTCP-scrubbing. Scrubbing CTCP + commands also means that it is not possible to send files between users. + There is one exception to the CTCP scrubbing performed: ACTION ("/me + commands") requests are not scrubbed. + - Display configuration errors more prominent on "--configtest". + - Restructure ngIRCd configuration file: introduce new [Limits], [Options], + and [SSL] sections. The intention of this restructuring is to make the + [Global] section much cleaner, so that it only contains variables that + most installations must adjust to the local requirements. All the optional + variables are moved to [Limits], for configurable limits and timers of + ngIRCd, and [Options], for optional features. All SSL-related variables + are moved to [SSL] and the "SSL"-prefix is stripped. The old variables in + the [Global] section are deprecated now, but are still recognized. + => Don't forget to check your configuration, use "ngircd --configtest"! + - New documentation "how to contribute": doc/Contributing.txt. + - Slightly fix error handling when connecting to remote servers. + - GnuTLS: bump DH-bitsize to 2048: this solves the problem that some clients + refuse to connect to severs that only offer 1024. For interoperability it + would be best to just use 4096 bits, but that takes minutes, even on + current hardware ... + - contrib/platformtest.sh: fix gcc version detection. + - Avoid needlessly scary 'buffer overflow' messages: When the write buffer + space grows too large, ngIRCd has to disconnect the client to avoid + wasting too much memory, which is logged with a scary 'write buffer + overflow' message. Change this to a more descriptive wording. + - Require server prefixes for most commands on RFC2812 links. RFC1459 links + (often used by services, for example) are not affected. + - Mac OS X: update installer functionality, texts, and add our logo :-) + - New configuration option "RequireAuthPing": PING-PONG on login. When + enabled, this configuration option lets ngIRCd send a PING with an numeric + "token" to clients logging in; and it will not become registered in the + network until the client responds with the correct PONG. + - New configuration option "NoticeAuth": send NOTICE AUTH on connect. When + active, ngircd will send "NOTICE AUTH" messages on client connect time + like e.g. snircd (QuakeNet) does. + - Generate WALLOPS message on SQUIT from IRC operators; so SQUIT now behaves + like CONNECT and DISCONNECT commands, when called by an IRC operator. + - Allow servers to send more commands in the first 10 seconds ("burst"). This + helps to speed up server login and network synchronization. + - Add support for up to 3 targets in WHOIS queries, also allow up to one + wildcard query from local hosts. Follows ircd 2.10 implementation rather + than RFC 2812. At most 10 entries are returned per wildcard expansion. + - ngircd.conf(5) manual page: describe types of configuration variables + (booleans, text strings, integer numbers) and add type information to each + variable description. + - Don't use "the.net" in sample-ngircd.conf, use "example.net". + - Terminate incoming connections on HTTP commands "GET" and "POST". + - New configuration option "CloakHost": when set, this host name is used for + every client instead of the real DNS host name (or IP address). + - New configuration option "CloakUserToNick": when enabled, ngIRCd sets + every clients' user name to their nickname and hides the user name + supplied by the IRC client. + - doc/Protocol.txt: Update description of the CHANINFO and WEBIRC commands. + - Doxygen'ify (document) much more source files; code cleanup ... + - Make write buffers bigger, but flush early. Before this change, a client + got disconnected if the buffer flushing at 4k failed, now regular clients + can store up to 32k and servers up 64k even if flushing is not possible at + the moment. This enhances reliability on slow links. + - Don't access possibly free'd CLIENT structure. Ooops. + - Allow "Port = 0" in [Server] blocks. Port number 0 marks remote servers + that try to connect to this daemon, but where this daemon never tries to + establish a connection on its own: only incoming connections are allowed. + - Configuration: fix 'Value of "..." is not a number!' for negative values. + - Enable WHOIS command to return information about services. + - Implement channel mode 'O': "IRC operators only". This channel mode is + used on DALnet (bahamut), for example. + - Remove support for ZeroConf/Bonjour/Rendezvous service registration + including the "[No]ZeroConf" configuration option. + - TOPIC command: test for channel admin rights correctly: this enables other + servers, services and IRC operators to change channel topics, even when + the client is not joined to this channel. + - Deprecate NoXX-Options in ngircd.conf and move new variants into our new + [Options] section: 'NoDNS=no' => 'DNS=yes', 'NoIdent=no' => 'Ident=yes', + 'NoPAM=no' => 'PAM=yes', and 'NoZeroConf=no' => 'ZeroConf=yes' (and + vice-versa). The defaults are adjusted accordingly and the old variables + in [Global] are still accepted, so there is no functional change. + - Fix confusing "adding to invite list" debug messages: adding entries to + ban list produced 'invite list' debug output ... + - Don't throttle services and servers being registered. + - Xcode: correctly sort files :-) + - Don't assert() when searching a client for an invalid server token (this is + only relevant when a trusted server on a server-server link sends invalid + commands). + +ngIRCd 17.1 (2010-12-19) + + - --configtest: remember if MOTD is configured by file or phrase + - Enhance log messages when establishing server links a little bit + - Reset ID of outgoing server link on DNS error correctly + - Don't log critical (or worse) messages to stderr + - Manual page ngircd(8): add SIGNALS section + - Manual pages: update and simplify AUTHORS section + - Remove "error file" when compiled with debug code enabled + - README: Updated list of implemented commands + - add doc/README-Interix.txt and doc/Bopm.txt to distribution tarball + - Merge branch 'numeric-329' + - add doc/PAM.txt to distribution tarball + - New numeric 329: get channel creation time on "MODE #chan" commands + - Save channel creation time; new function Channel_CreationTime() + +ngIRCd 17 (2010-11-07) + + - doc: change path names in sample-ngircd.conf depending on sysconfdir + - Fix up generation and distribution of sample-ngircd.conf + - contrib/ngircd-redhat.init: updated email address of Naoya Nakazawa + - contrib/platformtest.sh: make command name quoting consistent + + ngIRCd 17~rc3 (2010-10-27) + - Xcode builds: detect version number correctly, updateed project file + to use the Mac OS X 10.5.x SDK, disable pam_fail_delay() because it + is only available starting with Mac OS X 10.6, and generate a default + PAM configuration for the Mac OS X Installer.app package of ngIRCd. + - Debian: updated standards version to 3.9.1, added libpam0g-dev to the + dependencies, and install a default /etc/pam.d/ngircd allowing all logins. + - Make contrib/platformtest.sh more portable. + - Fix connect attempts to further IP addresses of outgoing server links. + + ngIRCd 17~rc2 (2010-10-25) + - ZeroConf: include header files missing since commit a988bbc86a. + - Generate ngIRCd version number from GIT tag. + - Make sourcecode compatible with ansi2knr again. This allows to compile + ngIRCd using a pre-ANSI K&R C compiler again. + - ./configure: check if C compiler can compile ISO Standard C. + - ./configure: check support for C prototypes again. + - Don't use PARAMS() macro for function implementations. + - Added m68k/apple/aux3.0.1 (gcc 2.7.2) to doc/Platforms.txt. + - Only try to set FD_CLOEXEC if this flag is defined. + - Only use "__attribute__ ((unused))" if GCC >=2.8 is used. + - doc/Makefile.am: don't set docdir, automake handles it already. + + ngIRCd 17~rc1 (2010-10-11) + - New configuration option "NoZeroConf" to disable service registration at + runtime even if ngIRCd is compiled with support for ZeroConf (e.g. using + Howl, Avahi or on Mac OS X). + - New configuration option "SyslogFacility" to define the syslog "facility" + (the "target"), to which ngIRCd should send its log messages. + Possible values are system dependant, but most probably "auth", "daemon", + "user" and "local1" through "local7" are possible values; see syslog(3). + Default is "local5" for historical reasons. + - Dump the "internal server state" (configured servers, established + connections and known clients) to the console or syslog when receiving + the SIGUSR2 signal and debug mode is enabled. + - Enable the daemon to disable and enable "debug mode" on runtime using + signal SIGUSR1, when debug code is compiled in, not only on startup + using the command line parameters. + - Signal handler: added new 'delayed' signal handlers, including fallback + to deprecated sysv API. And removed global NGIRCd_SignalRehash variable. + - IO: add io_cloexec() to set close-on-exec flag. + - ng_ipaddr.h: include required assert.h header. + - Conn_SyncServerStruct(): test all connections; and work case insensitive + - configure script: correctly indent IPv6 yes/no summary output. + - Don't reset My_Connections[Idx].lastping when reading data, so the + client lag debug-output is working again. + - Implement user mode "x": host name cloaking (closes: #102). + - Make configure switch "--docdir" work (closes: #108). + - Reformat and update FAQ.txt a little bit. + - INSTALL: mention SSL, IPv6, and changed handling of MotdFile. + - Change MOTD file handling: ngIRCd now caches the contens of the MOTD + file, so the daemon now requires a HUP signal or REHASH command to + re-read the MOTD file when its content changed. + - Startup: open /dev/null before chroot'ing the daemon. + - Allow IRC ops to change channel modes even without OperServerMode set. + - Allow IRC operators to use MODE command on any channel (closes: #100). + - Added mailmap file for git-[short]log and git-blame. + - Authenticated users should be registered without the "~" mark. + - Set NoPAM=yes in configuration files used for the testsuite. + - New configuration option "NoPAM" to disable PAM. + - Implement asynchronous user authentication using PAM, please see the + file doc/PAM.txt for details. + - Resolver: Implement signal handler and catch TERM signals. + - Don't set a penalty time when doing DNS lookups. + - Add some documentation for using BOPM with ngIRCd, see doc/Bopm.txt. + - Implement user mode "c": receive connect/disconnect NOTICEs. Note that + this new mode requires the user to be an IRC operator. + - ngircd.init: require "$network" and "$remote_fs" when stopping ngircd. + - Show SSL status in WHOIS output, numeric 275. + - Include correct header files when testing for arpa/inet.h (Closes: #105). + - Don't access already freed memory in IRC_KILL(). + - Fix "beeing" typo ... + - SSL/TLS: fix bogus "socket closed" error message. + +ngIRCd 16 (2010-05-02) + + - doc/SSL: remove line continuation marker + + ngIRCd 16~rc2 (2010-04-25) + - Updated some more copyright notices, it's 2010 already :-) + - Only compile in Get_Error() if really needed + - Fix gcc warning "ignoring return value of ..." + - Include netinet/in_systm.h alongside netinet/ip.h + - Include netinet/{in.h, in_systm.h} when checking for netinet/ip.h + - Only include if it exists + - Updated doc/Platforms.txt + - Enhace connection statistics counters: display total number of served + connections on daemon shutdown and when a new client connects using + the new numeric RPL_STATSCONN (250). + + ngIRCd 16~rc1 (2010-03-25) + - Various fixes to the build system and code cleanups. + - contrib/platformtest.sh: Only show latest commit. + - Updatet doc/Platforms.txt, added new README-Interix.txt documenting + how to tun ngIRCd on Microsoft Services for UNIX (MS SFU, MS SUA). + - Updated links to the ngIRCd homepage (bug tracker, mailing list). + - Added missing modes to USERMODES #define + - Show our name (IRCD=ngIRCd) in ISUPPORT (005) numeric + - Quote received messages of ERROR commands in log output. + - ngircd.conf manual page: document missing "Password" variable. + - Implement WEBIRC command used by some Web-IRC frontends. The password + required to secure this command must be configured using the new + "WebircPassword" variable in the ngircd.conf file. + - Don't use port 6668 as example for both "Ports" and "SSLPorts". + - Remove limit on max number of configured irc operators. + - Only link "nsl" library when really needed. + - A new channel mode "secure connections only" (+z) has been implemented: + Only clients using a SSL encrypted connection to the server are allowed + to join such a channel. + But please note three things: a) already joined clients are not checked + when setting this mode, b) IRC operators are always allowed to join + every channel, and c) remote clients using a server not supporting this + mode are not checked either and therefore always allowed to join. + +ngIRCd 15 (2009-11-07) + + - "ngircd --configtest": print SSL configuration options even when unset. + + ngIRCd 15~rc1 (2009-10-15) + - Do not add default listening port (6667) if SSL ports were specified, so + ngIRCd can be configured to only accept SSL-encrypted connections now. + - Enable IRC operators to use the IRC command SQUIT (insted of the already + implemented but non-standard DISCONNECT command). + - New configuration option "AllowRemoteOper" (disabled by default) that + enables remote IRC operators to use the IRC commands SQUIT and CONNECT + on the local server. + - Mac OS X: fix test for packagemaker(1) tool in Makefile and use gcc 4.0 + for Mac OS X 10.4 compatibility in the Xcode project file. + - Fix --with-{openssl|gnutls} to accept path names. + - Fix LSB header of Debian init script. + - Updated doc/Platforms.txt and include new script contrib/platformtest.sh + to ease generating platform reports. + - Fix connection information for already registered connections. + - Enforce upper limit on maximum number of handled commands. This implements + a throttling scheme: an IRC client can send up to 3 commands or 256 bytes + per second before a one second pause is enforced. + - Fix connection counter. + - Fix a few error handling glitches for SSL/TLS connections. + - Minor fixes to manual pages and documentation. + +ngIRCd 14.1 (2009-05-05) + + - Security: fix remotely triggerable crash in SSL/TLS code. + - BSD start script contrib/ngircd.sh has been renamed to ngircd-bsd.sh. + - New start/stop script for RedHat-based distributions: + contrib/ngircd-redhat.init, thanks to Naoya Nakazawa . + - Doxygen: update source code repository link to GIT. + - Debian: build ngircd-full-dbg package. + - Allow ping timeout quit messages to show the timeout value. + - Fix error handling on compressed links. + - Fix server list announcement. + - Do not remove host names from info text. + +ngIRCd 14 (2009-04-20) + + - Display IPv6 addresses as "[]" when accepting connections. + + ngIRCd 14~rc1 (2009-03-29) + - Updated Debian/Linux init script (see contrib/Debian/ngircd.init). + - Allow creation of persistent modeless channels. + - The INFO command reports the compile time now (if available). + - Spell check and enhance ngIRCd manual pages. + - Channel mode changes: break on syntax errors in MODE command. + - Support individual channel keys for pre-defined channels: introduce + new configuration variable "KeyFile" in [Channel] sections in ngircd.conf, + here a file can be configured for each pre-defined channel which contains + individual channel keys for different users. + - Remove limit on maximum number of predefined channels in ngircd.conf. + - Updated ngircd.spec file for building RPM packages. + - Add new and missing files to Mac OS X Xcode project, and update project. + - Reject masks with wildcard after last dot. + - TLS/SSL: remove useless error message when ssl connection is closed. + - Fix memory leak when a encrypted and compressed server link goes down. + (closes bug #95, reported by Christoph, fiesh@fiesh.homeip.net) + - Fix handling of channels containing dots. + (closes ug #93, reported by Gonosz Csiga) + +ngIRCd 13 (2008-12-25) + + - Updated documentation, especially doc/Services.txt and doc/SSL.txt. + - Make the test suite work on OpenSolaris. + + ngIRCd 13~rc1 (2008-11-21): + - New version number scheme :-) + - Initial support for IRC services, using a RFC1459 style interface, + tested with IRCServices (http://www.ircservices.za.net/) version 5.1.13. + For this to work, ngIRCd now supports server-server links conforming + to RFC 1459. New ngircd.conf(5) option: ServiceMask. + - Support for SSL-encrypted server-server and client-server links using + OpenSSL (configure: --with-openssl) or GNUTLS (configure: --with-gnutls). + New ngircd.conf(5) options: SSLPorts, SSLKeyFile, SSLKeyFilePassword, + SSLCertFile, SSLDHFile, and SSLConnect. + - Server local channels have been implemented, prefix "&", that are only + visible to users of the same server and are not visible in the network. + In addition ngIRCd creates a "special" channel &SERVER on startup and logs + all the messages to it that a user with mode +s receives. + - New make target "osxpkg" to build a Mac OS X installer package. + - Debug mode: enable support for GNU libc memory tracing (see mtrace(3)). + - SysV init script: use LSB logging functions, if available. + - Added some more FAQ entries (regarding logging and IRC operators). + - Allow IRC operators to overwrite channel limits. + - Support for enhanced PRIVMSG and NOTICE message targets. + - More tests have been added to the test-suite ("make check"), and two + servers are started for testing server-server linking. + - Added a timestamp to log messages to the console. + - New configuration option "NoIdent" to disable IDENT lookups even if the + daemon is compiled with IDENT support. + +ngIRCd 0.12.1 (2008-07-09) + + - Allow mixed line terminations (CR+LF/CR/LF) in non-RFC-compliant mode + - Don't allow stray \r or \n in command parameters + - --configtest: return non-zero exit code if there are errors + - Update ngIRCd manual pages + - Add option aliases -V (for --version) and -h (for --help). + - Fix 'no-ipv6' compile error. + - Make Listen parameter a comma-separated list of addresses. This also + obsoletes ListenIPv4 and ListenIPv6 options. If Listen is unset, it + is treated as Listen="::,0.0.0.0". + Note: ListenIPv4 and ListenIPv6 options are still recognized, + but ngircd will print a warning if they are used in the config file. + +ngIRCd 0.12.0 (2008-05-13) + + - Fix Bug: 85: "WHO #SecretChannel" that user is not a member of now returns + proper RPL_ENDOFWHO_MSG instead of nothing. (Ali Shemiran) + - Fix compile on FreeBSD 5.4 and AIX. + - If bind() fails, also print IP address and not just the port number. + + ngIRCd 0.12.0-pre2 (2008-04-29) + - IPv6: Add config options to disable ipv4/ipv6 support. + - Don't include doc/CVS.txt in distribution archive, use doc/GIT.txt now! + - Documentation: get rid of some more references to CVS, switch to GIT. + - Get rid of cvs-version.* and CVSDATE definition. + - Report ERR_NOTONCHANNEL when trying to part a channel one is not member of. + - Testsuite: remove erroneous ConfUID setting in config file. + + ngIRCd 0.12.0-pre1 (2008-04-20) - Include Mac OS X Xcode project in distribution archives. - Do not exit on SIGHUP or /REHASH if the config file cannot opened. - Add IPv6 support. @@ -21,7 +944,7 @@ ngIRCd 0.12.0-pre1 (2008-04-20) - RPL_WHOREPLY messages generated by IRC_WHO didn't include flags (*,@,+). (Dana Dahlstrom) - IRC_WHO now supports search patterns and will test this against user - nickname/servername/hostname, etc. as required by RFC 2812, Section 3.6.1. + nickname/server name/host name, etc. as required by RFC 2812, Section 3.6.1. (reported by Dana Dahlstrom) - Add test cases for "WHO" command. (Dana Dahlstrom) - Implement RFC 2812 handling of "0" argument to 'JOIN': must be treated @@ -41,17 +964,17 @@ ngIRCd 0.11.0 (2008-01-15) ngIRCd 0.11.0-pre2 (2008-01-07) - SECURITY: IRC_PART could reference invalid memory, causing - ngircd to crash [from HEAD]. + ngircd to crash [from HEAD]. (CVE-2008-0285) ngIRCd 0.11.0-pre1 (2008-01-02) - - Use dotted-decimal IP address if hostname is >= 64. + - Use dotted-decimal IP address if host name is >= 64. - Add support for /STAT u (server uptime) command. - New [Server] configuration Option "Bind" allows to specify - the source ip adress to use when connecting to remote server. + the source IP address to use when connecting to remote server. - New configuration option "MaxNickLength" to specify the allowed maximum - length of user nick names. Note: must be unique in an IRC network! + length of user nicknames. Note: must be unique in an IRC network! - Enhanced the IRC+ protocol to support an enhanced "server handshake" and - enable server to recognice numeric 005 (ISUPPORT) and 376 (ENDOFMOTD). + enable server to recognize numeric 005 (ISUPPORT) and 376 (ENDOFMOTD). See doc/Protocol.txt for details. - Re-added doc/SSL.txt to distribution -- got lost somewhere!? - Fixes the wrong logging output when nested servers are introduced @@ -75,12 +998,13 @@ ngIRCd 0.11.0 (2008-01-15) ngIRCd 0.10.4 (2008-01-07) - SECURITY: IRC_PART could reference invalid memory, causing - ngircd to crash [from HEAD]. + ngircd to crash [from HEAD]. (CVE-2008-0285) ngIRCd 0.10.3 (2007-08-01) - SECURITY: Fixed a severe bug in handling JOIN commands, which could cause the server to crash. Thanks to Sebastian Vesper, . + (CVE-2007-6062) ngIRCd 0.10.2 (2007-06-08) @@ -215,13 +1139,13 @@ ngIRCd 0.8.3 (2005-02-03) - Fixed a bug that could case a root exploit when the daemon is compiled to do IDENT lookups and is logging to syslog. Bug discovered by CoKi, , thanks a lot! - (http://www.nosystem.com.ar/advisories/advisory-11.txt) + (CVE-2005-0226; http://www.nosystem.com.ar/advisories/advisory-11.txt) ngIRCd 0.8.2 (2005-01-26) - Added doc/SSL.txt to distribution. - Fixed a buffer overflow that could cause the daemon to crash. Bug found - by Florian Westphal, . + by Florian Westphal, . (CVE-2005-0199) - Fixed a possible buffer underrun when reading the MOTD file. Thanks to Florian Westphal, . - Fixed detection of IRC lines which are too long to send. Detected by @@ -269,7 +1193,7 @@ ngIRCd 0.8.0 (2004-06-26) original ircd exactly: the unnecessary but missing ":" before the last parameter has been added. - Fixed TRACE: don't output "Serv" lines for ourself; display more info. - - Results of the resolver (hostnames and IDENT names) are discarded after + - Results of the resolver (host names and IDENT names) are discarded after the client is successfully registered with the server. - Better logging while establishing and shutting down connections. - The type of service (TOS) of all sockets is set to "interactive" now. @@ -379,9 +1303,9 @@ ngIRCd 0.7.0 (2003-05-01) - Better error reporting to clients on connect. - Enhanced manual pages ngircd(8) and ngircd.conf(5). - Documentation is now installed in $(datadir)/doc/ngircd. - - Enhanced hanling of NJOIN in case of nick collisions. + - Enhanced handling of NJOIN in case of nick collisions. -ngIRCd 0.6.1, 2003-01-21 +ngIRCd 0.6.1 (2003-01-21) - Fixed KILL: you can't crash the server by killing yourself any more, ngIRCd no longer sends a QUIT to other servers after the KILL, and you @@ -402,15 +1326,15 @@ ngIRCd 0.6.1, 2003-01-21 Older changes (sorry, only available in german language): -ngIRCd 0.6.0, 2002-12-24 +ngIRCd 0.6.0, 24.12.2002 - ngIRCd 0.6.0-pre2, 2002-12-23 + ngIRCd 0.6.0-pre2, 23.12.2002 - neuer Numeric 005 ("Features") beim Connect. - LUSERS erweitert: nun wird die maximale Anzahl der lokalen und globalen Clients, die dem Server bzw. im Netzwerk seit dem letzten (Re-)Start dem Server gleichzeitig bekannt waren, angezeigt. - ngIRCd 0.6.0-pre1, 2002-12-18 + ngIRCd 0.6.0-pre1, 18.12.2002 - beim Schliessen einer Verbindung zeigt der Server nun vor dem ERROR noch eine Statistik ueber die empfangene und gesendete Datenmenge an. - der Server wartet bei einer eingehenden Verbindung nun laenger auf den @@ -428,7 +1352,7 @@ ngIRCd 0.6.0, 2002-12-24 werden (beide Server versuchen sich dann gegenseitig zu connectieren). - Test-Suite und Dokumentation an A/UX angepasst. - unter HP-UX definiert das configure-Script nun _XOPEN_SOURCE_EXTENDED. - - Server identifizieren sich nun mit asyncronen Passwoertern, d.h. das + - Server identifizieren sich nun mit asynchronen Passwoertern, d.h. das Passwort, welches A an B schickt, kann ein anderes sein als das, welches B als Antwort an A sendet. In der Konfig.-Datei, Abschnitt "Server", wurde "Password" dazu durch "MyPassword" und "PeerPassword" ersetzt. @@ -558,7 +1482,7 @@ ngIRCd 0.5.0, 20.09.2002 - Protokoll- und Server-ID bei PASS-Befehlen auf neues Format umgestellt; bei empfangenen PASS-Befehlen werden diese zudem nun auch ausgewertet. Die unterstuetzten Flags sind in doc/Protocol.txt beschrieben. - - mit dem neuen Befehl CHANINFO syncronisieren Server, die das IRC+- + - mit dem neuen Befehl CHANINFO synchronisieren Server, die das IRC+- Protokoll unterstuetzen, Channel-Modes und Topics. - neue Option "--disable-ircplus" fuer das configure-Script, um das IRC+-Protokoll abzuschalten (per Default ist es aktiviert). @@ -663,7 +1587,7 @@ ngIRCd 0.3.0, 02.03.2002 - PRIVMSG beachtet nun die Channel-Modes "n" und "m". - AWAY implementiert. PRIVMSG, MODE, USERHOST und WHOIS angepasst. - der ngIRCd unterstuetzt nun Channel-Topics (TOPIC-Befehl). - - ausgehende Server-Verbindungen werden nun asyncron connectiert und + - ausgehende Server-Verbindungen werden nun asynchron connectiert und blockieren nicht mehr den ganzen Server, wenn die Gegenseite nicht erreicht werden kann (bis zum Timeout konnten Minuten vergehen!). - Wert der Konfigurations-Variable "ConnectRetry" wird besser beachtet. @@ -742,7 +1666,7 @@ ngIRCd 0.0.2, 06.01.2002 - NICK kann nun die Gross- und Kleinschreibung eines Nicks aendern. - ein Server-Passwort ist nun konfigurierbar. - neue Befehle: ERROR, SERVER, NJOIN (nur als "Fake"), SQUIT. - - Asyncroner Resolver Hostname->IP implementiert. + - Asynchroner Resolver Hostname->IP implementiert. - Server-Links teilweise implementiert: bisher kann der ngIRCd jedoch nur "leafed server" sein, d.h. keine "Client-Server" haben. Einige Befehle sind auch noch nicht (optimal) angepasst: PRIVMSG funktioniert