X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd-alex.git;a=blobdiff_plain;f=ChangeLog;h=95f67f10a97098b5d473721f1b29f3fd9356b9cd;hp=4c825acb1de8550b6d7cdf173898009ea084661b;hb=fe73835666238247809d6390661f66df10362a6e;hpb=0a26079af2f5ee2bf5d0c67d1c701abf77d3cd56 diff --git a/ChangeLog b/ChangeLog index 4c825acb..95f67f10 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,14 +2,240 @@ ngIRCd - Next Generation IRC Server http://ngircd.barton.de/ - (c)2001-2012 Alexander Barton and Contributors. + (c)2001-2013 Alexander Barton and Contributors. ngIRCd is free software and published under the terms of the GNU General Public License. -- ChangeLog -- -ngIRCd +ngIRCd 21 (2013-10-30) + + - ./contrib/Debian/ngircd.init: Make sure no stale PID file is left over + when (re-)starting ngIRCd. + - Change ./contrib/platformtest.sh and update ./doc/Platforms.txt to + allow usernames up to 8 characters. + - Call arc4random_stir() in forked subprocesses, when available. This + is required by FreeBSD <10 and current NetBSD at least to correctly + initialize the "arc4" random number generator on these platforms. + - Update our own Debian package configuration and fix the default path + of the "HelpFile" of the "full" package variants. + + ngIRCd 21~rc2 (2013-10-20) + - Report the correct configuration file name on configuration errors, + support longer configuration lines, and warn when lines are truncated. + - Use arc4random() function to generate "random" numbers, when available. + - platformtest.sh: Detect clang compiler, and clean up GIT source tree + before building (when possible). + - Update (date of) manual pages. + - Update "Upgrade Information" in INSTALL file, add more systems to + doc/Platforms.txt, and fix spelling in NEWS and ChangeLog files =:) + - Fix remaining compiler warnings on OpenBSD. + + ngIRCd 21~rc1 (2013-10-05) + - Actually KILL clients on GLINE/KLINE. (Closes bug #156) + - Adjust log messages for invalid and spoofed prefixes, which cleans up + logging of commands related to already KILL'ed clients. And don't + forward KILL commands for (already) unknown clients any more to prevent + unnecessary duplicates. + - Add support to show all user links using the "STATS L" (uppercase) + command (restricted to IRC Operators). + - Fixed blocking of server reconnects in some error configurations. + - Don't ignore SSL-related errors during startup any more: abort startup + when SSL is requested by the configuration but can't be initialized and + don't continue only listening on plain text communication ports. + (Closes bug #163) + - Implement configurable SSL cipher list selection for GnuTLS and OpenSSL + using the new configuration option "CipherList". In addition, this + changes the defaults to more secure values: "HIGH:!aNULL:@STRENGTH" for + OpenSSL, and "SECURE128" for GnuTLS. + - Fix "TRACE": Correctly return ERR_NEEDMOREPARAMS(461) (which basically + is "syntax error") when there are too many parameters. + - Clean up lots of permission and parameter checks in functions handling + IRC commands; and more consistently add penalty times on errors. + - Fix error numeric of WHOIS when no nick name has been provided: + as per RFC it should be ERR_NONICKNAMEGIVEN(431). + - Only log "IDENT ... no result" messages when an IDENT looked took place + and didn't return any data, not when IDENT has been disabled. + - Show connection flag "s" (SSL) in RPL_TRACE{LINK|SERVER} messages: now + you can check if a server-to-server link is SSL-encrypted or not using + the IRC "TRACE" command. + - Correctly discard supplementary groups on server startup. + - Save client IP address text for "WebIRC" users and correctly display + it on WHOIS, for example. (Closes bug #159) + - Implement the new configuration option "DefaultUserModes" which lists + user modes that become automatically set on new local clients right + after login. Please note that only modes can be set that the client + could set on itself, so you can't set "a" (away) or "o" (IRC Op), + for example! User modes "i" (invisible) or "x" (cloaked) etc. are + "interesting", though. (Closes bug #160) + - Add support for the new METADATA "account" property, which allows + services to automatically identify users after netsplits and across + service restarts. + - Enforce "penalty times" on error conditions more consistently and in + more places. Now most error codes sent back from the IRC server to the + client should result in a 2 second "penalty". + - Implement a new configuration option "AllowedChannelTypes" that lists + all allowed channel types (channel prefixes) for newly created channels + on the local server. By default, all supported channel types are allowed. + If set to the empty string, local clients can't create new channels at + all, which equals the old "PredefChannelsOnly = yes" setting. + This change deprecates the "PredefChannelsOnly" variable, too, but it is + still supported and translated to the appropriate "AllowedChannelTypes" + setting. When the old "PredefChannelsOnly" variable is processed, a + warning message is logged. (Closes bug #152) + - Add support for "client certificate fingerprinting". When a client + passes an SSL certificate to the server, the "fingerprint" will be + forwarded in the network which enables IRC services to identify the + user using this certificate and not using passwords. + - IRC Operator names, as defined in ngircd.conf, are logged now when + handling successful OPER commands. + - Some error conditions while handling IRC commands, like "permission + denied" or "need more parameters", result in more penalty times. + - The numeric replies of some commands became split too early which + resulted in more numeric reply lines than necessary. + - Implement a new configuration option "IncludeDir" in the "[Options]" + section that can be used to specify a directory which can contain + further configuration files and configuration file snippets matching + the pattern "*.conf". These files are read in after the main server + configuration file ("ngircd.conf" by default) has been read in and + parsed. The default is "$SYSCONFDIR/ngircd.conf.d", so that it is + possible to adjust the configuration only by placing additional files + into this directory. (Closes bug #157) + - Fix use-after-free in the Lists_CheckReason() function, which is used + to check if a client is a member of a particular ban/invite/... list. + - Xcode: fix detection of host OS, vendor, and CPU type, and update + project settings for Xcode 5. + - OS X PackageMaker: use relative path names in project files and package + with correct file permissions (requires root privileges on "make"). + - Add Travis-CI configuration file (".travis.yml") to project. + - Look for possible cloaked Masks in Lists. Users with +x user mode can + be banned with their cloaked hostname now. + - Don't read SSL client data before DNS resolver is finished which could + have resulted in discarding the resolved client hostname and IDENT + reply afterwards, because in some situations (timing dependent) the + NICK and USER commands could have already been read in from the client, + stored in the buffer, and been processed. + Thanks to Julian Brost for reporting the issue and testing, and to + Federico G. Schwindt for helping to debug it! + - Increase password length limit to 64 characters. (Closes bug #154) + - doc/Services.txt: Update Anope status and URL. + - Clean up Xcode project file, remove outdated files, add missing ones. + - Update Doxygen configuration file. + - configure: search for iconv_open as well as libiconv_open, because + on some installations iconv_open() is actually libiconv_open(). + iconv_open() is the glibc version while libiconv_open() is the + libiconv version, now both variants are supported. (Closes bug #151) + - ngIRCd now accepts user names including "@" characters, saves the + unmodified name for authentication but stores only the part in front + of the "@" character as "IRC user name". And the latter is how + ircd2.11, Bahamut, and irc-seven behave as well. (Closes bug #155) + - Lots of IRC "information functions" like ADMIN, INFO, ... now accept + server masks and names of connected users (in addition to server names) + for specifying the target server of the command. (Closes bug #153) + - Implement a new configuration option "IdleTimeout" in the "[Limits]" + section of the configuration file which can be used to set a timeout + in seconds after which the whole daemon will shutdown when no more + connections are left active after handling at least one client. + The default is 0, "never". + This can be useful for testing or when ngIRCd is started using "socket + activation" with systemd(8), for example. + - Implement support for systemd(8) "socket activation". + - contrib/README: add description for more files. + - Enable WHOIS to display information about IRC Services using the new + numeric 310(RPL_WHOISSERVICE) This numeric is used for this purpose by + InspIRCd, for example -- but as usual, other numerics are in use, too, + like 613 in UltimateIRCd ... + Please note that neither the Operator (+o) not the "bot status" (+B) + of an IRC service is displayed in the output. + - Exit message: use singular & plural :-) + - autogen.sh: Check for autoconf/automake wrapper scripts + - Add missing punctuation marks in log messages, adjust some severity + levels, and make SSL-related messages more readable. + - AUTHORS file: Update list of contributors. + - Update systemd(8) example configuration files in ./contrib/ directory: + the "ngircd.service" file now uses the "forking" service type which + enhances the log messages shown by "systemctl status ngircd.service", + and the new "ngircd.socket" file configures a systemd socket that + configures a socket for ngIRCd and launches the daemon on demand. + - Enhance help system and the HELP command: now a "help text file" can be + set using the new configuration option "HelpFile" ("global" section), + which is read in and parsed on server startup and configuration reload, + and then is used to output individual help texts to specific topics. + Please see the file ./doc/Commands.txt for details. + +ngIRCd 20.3 (2013-08-23) + + - Security: Fix a denial of service bug (server crash) which could happen + when the configuration option "NoticeAuth" is enabled (which is NOT the + default) and ngIRCd failed to send the "notice auth" messages to new + clients connecting to the server (CVE-2013-5580). + +ngIRCd 20.2 (2013-02-15) + + - Security: Fix a denial of service bug in the function handling KICK + commands that could be used by arbitrary users to to crash the daemon + (CVE-2013-1747). + - WHO command: Use the currently "displayed hostname" (which can be cloaked!) + for hostname matching, not the real one. In other words: don't display all + the cloaked users on a specific real hostname! + - configure: The header file "netinet/in_systm.h" already is optional in + ngIRCd, so don't require it in the configure script. Now ngIRCd can be + built on Minix 3 again :-) + - Return better "Connection not registered as server link" errors: Now ngIRCd + returns a more specific error message for numeric ERR_NOTREGISTERED(451) + when a regular user tries to use a command that isn't allowed for users but + for servers. + - Don't report ERR_NEEDMOREPARAMS(461) when a MDOE command with more modes + than nicknames is handled, as well as for channel limit and key changes + without specifying the limit or key parameters. + This is how a lot (all?) other IRC servers behave, including ircd2.11, + InspIRCd, and ircd-seven. And because of clients (tested with Textual and + mIRC) sending bogus MODE commands like "MODE -ooo nick", end-users got the + expected result as well as correct but misleading error messages ... + - Correctly detect when SSL subsystem must be initialized and take + outgoing connections (server links!) into account, too. + - autogen.sh: Enforce serial test harness on GNU automake >=1.13. The + new parallel test harness which is enabled by default starting with + automake 1.13 isn't compatible with our test suite. + And don't use "egrep -o", instead use "sed", because it isn't portable + and not available on OpenBSD, for example. + +ngIRCd 20.1 (2013-01-02) + + - Allow ERROR command on server and service links only, ignore them and + add a penalty time on all other link types. + - Enforced mode setting by IRC Operators: Only check the channel user + modes of the initiator if he is joined to the channel and not an IRC + operator enforcing modes (which requires the configuration option + "OperCanUseMode" to be enabled), because trying to check channel user + modes of a non-member results in an assertion when running with debug + code or could crash the daemon otherwise. This closes bug #147, thanks + to James Kirwill for tracking this down! + - Fix build system to cope with spaces in path names. + - Code cleanups, mostly to fix build warnings on Cygwin. + +ngIRCd 20 (2012-12-17) + + - Allow user names ("INDENT") up to 20 characters when ngIRCd has not + been configured for "strict RFC mode". This is useful if you are using + external (PAM) authentication mechanisms that require longer user names. + Patch suggested by Brett Smith , see + . + + ngIRCd 20~rc2 (2012-12-02) + - Rework cloaked hostname handling and implement the "METADATA cloakhost" + subcommand: Now ngIRCd uses two fields internally, one to store the + "real" hostname and one to save the "cloaked" hostname. This allows + "foreign servers" (aka "IRC services") to alter the real and cloaked + hostnames of clients without problems, even when the user itself issues + additional "MODE +x" and "MODE -x" commands. + - RPL_UMODEIS: send correct target name, even on server links. + - Update platformtest.sh to follow autoconf changes and only generate + the "configure" script when it is missing. + - Fix the test suite to correctly execute test scripts even when stdout + is redirected. + - Fix some compiler warnings on NetBSD and OpenBSD. ngIRCd 20~rc1 (2012-11-11) - Update doc/Services.txt: describe the upcoming version of Anope 1.9.8, @@ -148,7 +374,7 @@ ngIRCd the hash function. When "CloakHostSalt" is not set (the default), a random salt will be generated after each server restart. (Closes #133) -ngIRCd Release 19.2 (2012-06-19) +ngIRCd 19.2 (2012-06-19) - doc/Capabilities.txt: document "multi-prefix" capability @@ -178,7 +404,7 @@ ngIRCd Release 19.2 (2012-06-19) - Fix: Don't ignore "permission denied" errors when enabling chroot. - FAQ: enhance description of chroot setup. -ngIRCd Release 19.1 (2012-03-19) +ngIRCd 19.1 (2012-03-19) - Fix gcc warning (v4.6.3), initialize "list" variable to NULL. - Fix typos: "recieved" -> "received", "Please not" -> "Please note", @@ -188,7 +414,7 @@ ngIRCd Release 19.1 (2012-03-19) - getpid.sh: Fix test case error for Debian using sbuild(1). - Don't log "ngIRCd hello message" two times when starting up. -ngIRCd Release 19 (2012-02-29) +ngIRCd 19 (2012-02-29) - Update build system: bump config.guess and config.sub files used by GNU autoconf/automake to recent versions. @@ -338,7 +564,7 @@ ngIRCd Release 19 (2012-02-29) asynchronous nature of the IRC protocol. So don't break server- links, only log a message and ignore the command. (Closes #113) -ngIRCd Release 18 (2011-07-10) +ngIRCd 18 (2011-07-10) - Update timestamp of ngircd(8) manual page. - Add preliminary ngIRCd protocol module for Anope 1.9 to contrib/Anope/. @@ -448,7 +674,7 @@ ngIRCd Release 18 (2011-07-10) only relevant when a trusted server on a server-server link sends invalid commands). -ngIRCd Release 17.1 (2010-12-19) +ngIRCd 17.1 (2010-12-19) - --configtest: remember if MOTD is configured by file or phrase - Enhance log messages when establishing server links a little bit @@ -464,7 +690,7 @@ ngIRCd Release 17.1 (2010-12-19) - New numeric 329: get channel creation time on "MODE #chan" commands - Save channel creation time; new function Channel_CreationTime() -ngIRCd Release 17 (2010-11-07) +ngIRCd 17 (2010-11-07) - doc: change path names in sample-ngircd.conf depending on sysconfdir - Fix up generation and distribution of sample-ngircd.conf @@ -545,7 +771,7 @@ ngIRCd Release 17 (2010-11-07) - Fix "beeing" typo ... - SSL/TLS: fix bogus "socket closed" error message. -ngIRCd Release 16 (2010-05-02) +ngIRCd 16 (2010-05-02) - doc/SSL: remove line continuation marker @@ -585,7 +811,7 @@ ngIRCd Release 16 (2010-05-02) every channel, and c) remote clients using a server not supporting this mode are not checked either and therefore always allowed to join. -ngIRCd Release 15 (2009-11-07) +ngIRCd 15 (2009-11-07) - "ngircd --configtest": print SSL configuration options even when unset. @@ -611,7 +837,7 @@ ngIRCd Release 15 (2009-11-07) - Fix a few error handling glitches for SSL/TLS connections. - Minor fixes to manual pages and documentation. -ngIRCd Release 14.1 (2009-05-05) +ngIRCd 14.1 (2009-05-05) - Security: fix remotely triggerable crash in SSL/TLS code. - BSD start script contrib/ngircd.sh has been renamed to ngircd-bsd.sh. @@ -624,7 +850,7 @@ ngIRCd Release 14.1 (2009-05-05) - Fix server list announcement. - Do not remove host names from info text. -ngIRCd Release 14 (2009-04-20) +ngIRCd 14 (2009-04-20) - Display IPv6 addresses as "[]" when accepting connections. @@ -648,7 +874,7 @@ ngIRCd Release 14 (2009-04-20) - Fix handling of channels containing dots. (closes ug #93, reported by Gonosz Csiga) -ngIRCd Release 13 (2008-12-25) +ngIRCd 13 (2008-12-25) - Updated documentation, especially doc/Services.txt and doc/SSL.txt. - Make the test suite work on OpenSolaris. @@ -1079,7 +1305,7 @@ ngIRCd 0.7.0 (2003-05-01) - Documentation is now installed in $(datadir)/doc/ngircd. - Enhanced handling of NJOIN in case of nick collisions. -ngIRCd 0.6.1, 2003-01-21 +ngIRCd 0.6.1 (2003-01-21) - Fixed KILL: you can't crash the server by killing yourself any more, ngIRCd no longer sends a QUIT to other servers after the KILL, and you @@ -1100,15 +1326,15 @@ ngIRCd 0.6.1, 2003-01-21 Older changes (sorry, only available in german language): -ngIRCd 0.6.0, 2002-12-24 +ngIRCd 0.6.0, 24.12.2002 - ngIRCd 0.6.0-pre2, 2002-12-23 + ngIRCd 0.6.0-pre2, 23.12.2002 - neuer Numeric 005 ("Features") beim Connect. - LUSERS erweitert: nun wird die maximale Anzahl der lokalen und globalen Clients, die dem Server bzw. im Netzwerk seit dem letzten (Re-)Start dem Server gleichzeitig bekannt waren, angezeigt. - ngIRCd 0.6.0-pre1, 2002-12-18 + ngIRCd 0.6.0-pre1, 18.12.2002 - beim Schliessen einer Verbindung zeigt der Server nun vor dem ERROR noch eine Statistik ueber die empfangene und gesendete Datenmenge an. - der Server wartet bei einer eingehenden Verbindung nun laenger auf den