X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd-alex.git;a=blobdiff_plain;f=ChangeLog;h=ce1736792232a627ecdfd7ddeeb4723e5d1ae2e6;hp=976a9f49e93acd0338a9df69b905b6c90ae985a4;hb=45d3e6aa91295bee056df8be5c3ed224420fba02;hpb=11240376a5008dea9e970f40df659931d1321e8b

diff --git a/ChangeLog b/ChangeLog
index 976a9f49..ce173679 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -9,8 +9,67 @@
                                -- ChangeLog --
 
 
-ngIRCd 21
-
+ngIRCd 21~rc1 (2013-10-05)
+
+  - Actually KILL clients on GLINE/KLINE. (Closes bug #156)
+  - Adjust log messages for invalid and spoofed prefixes, which cleans up
+    logging of commands related to already KILL'ed clients. And don't
+    forward KILL commands for (already) unknown clients any more to prevent
+    unnecessary duplicates.
+  - Add support to show all user links using the "STATS L" (uppercase)
+    command (restricted to IRC Operators).
+  - Fixed blocking of server reconnects in some error configurations.
+  - Don't ignore SSL-related errors during startup any more: abort startup
+    when SSL is requested by the configuration but can't be initialized and
+    don't continue only listening on plain text communication ports.
+    (Closes bug #163)
+  - Implement configurable SSL cipher list selection for GnuTLS and OpenSSL
+    using the new configuration option "CipherList". In addition, this
+    changes the defaults to more secure values: "HIGH:!aNULL:@STRENGTH" for
+    OpenSSL, and "SECURE128" for GnuTLS.
+  - Fix "TRACE": Correctly return ERR_NEEDMOREPARAMS(461) (which basically
+    is "syntax error") when there are too many parameters.
+  - Clean up lots of permission and parameter checks in functions handling
+    IRC commands; and more consistently add penalty times on errors.
+  - Fix error numeric of WHOIS when no nick name has been provided:
+    as per RFC it should be ERR_NONICKNAMEGIVEN(431).
+  - Only log "IDENT ... no result" messages when an IDENT looked took place
+    and didn't return any data, not when IDENT has been disabled.
+  - Show connection flag "s" (SSL) in RPL_TRACE{LINK|SERVER} messages: now
+    you can check if a server-to-server link is SSL-encrypted or not using
+    the IRC "TRACE" command.
+  - Correctly discard supplementary groups on server startup.
+  - Save client IP address text for "WebIRC" users and correctly display
+    it on WHOIS, for example. (Closes bug #159)
+  - Implement the new configuration option "DefaultUserModes" which lists
+    user modes that become automatically set on new local clients right
+    after login. Please note that only modes can be set that the client
+    could set on itself, so you can't set "a" (away) or "o" (IRC Op),
+    for example! User modes "i" (invisible) or "x" (cloaked) etc. are
+    "interesting", though. (Closes bug #160)
+  - Add support for the new METADATA "account" property, which allows
+    services to automatically identify users after netsplits and across
+    service restarts.
+  - Enforce "penalty times" on error conditions more consistently and in
+    more places. Now most error codes sent back from the IRC server to the
+    client should result in a 2 second "penalty".
+  - Implement a new configuration option "AllowedChannelTypes" that lists
+    all allowed channel types (channel prefixes) for newly created channels
+    on the local server. By default, all supported channel types are allowed.
+    If set to the empty string, local clients can't create new channels at
+    all, which equals the old "PredefChannelsOnly = yes" setting.
+    This change deprecates the "PredefChannelsOnly" variable, too, but it is
+    still supported and translated to the appropriate "AllowedChannelTypes"
+    setting. When the old "PredefChannelsOnly" variable is processed, a
+    warning message is logged. (Closes bug #152)
+  - Add support for "client certificate fingerprinting". When a client
+    passes an SSL certificate to the server, the "fingerprint" will be
+    forwarded in the network which enables IRC services to identify the
+    user using this certificate and not using passwords.
+  - IRC Operator names, as defined in ngircd.conf, are logged now when
+    handling successful OPER commands.
+  - Some error conditions while handling IRC commands, like "permission
+    denied" or "need more parameters", result in more penalty times.
   - The numeric replies of some commands became split too early which
     resulted in more numeric reply lines than necessary.
   - Implement a new configuration option "IncludeDir" in the "[Options]"
@@ -23,11 +82,12 @@ ngIRCd 21
     into this directory. (Closes bug #157)
   - Fix use-after-free in the Lists_CheckReason() function, which is used
     to check if a client is a member of a particular ban/invite/... list.
-  - Xcode: fix detection of host OS, vendor, and CPU type.
+  - Xcode: fix detection of host OS, vendor, and CPU type, and update
+    project settings for Xcode 5.
   - OS X PackageMaker: use relative path names in project files and package
     with correct file permissions (requires root privileges on "make").
   - Add Travis-CI configuration file (".travis.yml") to project.
-  - Look for possible cloaked Masks in Lists. Users with +x usermode can
+  - Look for possible cloaked Masks in Lists. Users with +x user mode can
     be banned with their cloaked hostname now.
   - Don't read SSL client data before DNS resolver is finished which could
     have resulted in discarding the resolved client hostname and IDENT
@@ -65,10 +125,11 @@ ngIRCd 21
     InspIRCd, for example -- but as usual, other numerics are in use, too,
     like 613 in UltimateIRCd ...
     Please note that neither the Operator (+o) not the "bot status" (+B)
-    of an IRC service id displayed in the output.
+    of an IRC service is displayed in the output.
   - Exit message: use singular & plural :-)
-  - Add missing punctuation marks in log messages and adjust some
-    severity levels.
+  - autogen.sh: Check for autoconf/automake wrapper scripts
+  - Add missing punctuation marks in log messages, adjust some severity
+    levels, and make SSL-related messages more readable.
   - AUTHORS file: Update list of contributors.
   - Update systemd(8) example configuration files in ./contrib/ directory:
     the "ngircd.service" file now uses the "forking" service type which
@@ -81,6 +142,13 @@ ngIRCd 21
     and then is used to output individual help texts to specific topics.
     Please see the file ./doc/Commands.txt for details.
 
+ngIRCd 20.3 (2013-08-23)
+
+  - Security: Fix a denial of service bug (server crash) which could happen
+    when the configuration option "NoticeAuth" is enabled (which is NOT the
+    default) and ngIRCd failed to send the "notice auth" messages to new
+    clients connecting to the server (CVE-2013-5580).
+
 ngIRCd 20.2 (2013-02-15)
 
   - Security: Fix a denial of service bug in the function handling KICK