X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd-alex.git;a=blobdiff_plain;f=NEWS;h=38f6029c5b32b397d3522d258da919f74aa109df;hp=a4c1a11f434b3dbd45fdc7149cf4672cb43a9707;hb=25b19e08e2083f7b1972820ca4c096687d7eeaca;hpb=4833f9e5c8cdc9440fa86ed53ca50099b7139a18 diff --git a/NEWS b/NEWS index a4c1a11f..38f6029c 100644 --- a/NEWS +++ b/NEWS @@ -1,18 +1,300 @@ ngIRCd - Next Generation IRC Server + http://ngircd.barton.de/ - (c)2001-2010 Alexander Barton, - alex@barton.de, http://www.barton.de/ - + (c)2001-2013 Alexander Barton and Contributors. ngIRCd is free software and published under the terms of the GNU General Public License. -- NEWS -- -ngIRCd Release 17 - - - Implement user mode "x": hostname cloaking (closes: #102). +ngIRCd 20.2 (2013-02-15) + + - This release is a bugfix release only, without new features. + - Security: Fix a denial of service bug in the function handling KICK + commands that could be used by arbitrary users to to crash the daemon. + +ngIRCd 20.1 (2013-01-02) + + - This release is a bugfix release only, without new features. + +ngIRCd 20 (2012-12-17) + + - Allow user names ("INDENT") up to 20 characters when ngIRCd has not + been configured for "strict RFC mode". This is useful if you are using + external (PAM) authenticaion mechanisms that require longer user names. + Patch suggested by Brett Smith , see + . + + ngIRCd 20~rc2 (2012-12-02) + - Rework cloaked hostname handling and implement the "METADATA cloakhost" + subcommand: Now ngIRCd uses two fields internally, one to store the + "real" hostname and one to save the "cloaked" hostname. This allows + "foreign servers" (aka "IRC services") to alter the real and cloaked + hostnames of clients without problems, even when the user itself issues + additional "MODE +x" and "MODE -x" commands. + + ngIRCd 20~rc1 (2012-11-11) + - Update doc/Services.txt: describe the upcoming version of Anope 1.9.8, + then including a protocol module for ngIRCd. And remove our own patches + in ./contrib/Anope because they aren't supported any more ... + - Implement new "METADATA" command which can be used by remote servers + and IRC services to update client metadata like the client info text + ("real name"), user name, and hostname, and use this command to + configure an cloaked hostname (user mode "+x") on remote servers: + This prevents "double cloaking" of hostnames and even cloaked + hostnames are in sync on all servers supporting "METADATA" now. + - Implement new IRC "SVSNICK" command to allow remote servers (and IRC + services) to change nicknames of already registered users. The SVSNICK + command itself doesn't change the nickname, but it becomes forwarded + to the server to which the user is connected to. And then this server + initiates the real nickname changing using regular NICK commands. + This allows to run mixed networks with old servers not supporting the + SVSNICK command, because SVSNICK commands for nicknames on such servers + are silently ignored and don't cause a desynchronization of the network. + - New configuration option "MaxListSize" to configure the maximum number + of channels returned by a LIST command. The default is 100, as before. + - Implement user mode "b", "block messages": when a user has set mode "b", + all private messages and notices to this user are blocked if they don't + originate from a registered user, an IRC Op, server or service. The + originator gets an error numeric sent back in this case, + ERR_NONONREG_MSG (486), which is used by UnrealIRCd, too. (Closes #144) + - Implement channel mode "V" (invite disallow): If the new channel mode + "V" is set, the INVITE command becomes invalid and all clients get the + new ERR_NOINVITE_MSG (518) reply. (Closes #143) + - Implement channel mode "Q" and user mode "q": Both modes protect users + from channel kicks: only IRC operators and servers can kick users having + mode "q" or in channels with mode "Q". (Closes #141) + - Allow users to "cloak" their hostname only when the configuration + variable "CloakHostModeX" (introduced in 19.2) is set. Otherwise, only + IRC operators, other servers, and services are allowed to set the user + mode "+x": this prevents regular users from changing their hostmask to + the name of the IRC server itself, which confused quite a few people ;-) + (Closes #133) + - New configuration option "OperChanPAutoOp": If disabled, IRC operators + don't become channel operators in persistent channels when joining. + Enabled by default, which has been the behavior of ngIRCd up to this + patch. (Closes #135) + - Allow IRC operators to see secret (+s) channels in LIST command as long + as the "MorePrivacy" configuration option isn't enabled in the + configuration file. (Closes #136) + - Implement new (optional) IRC+ "CHARCONV" command to set a client + character set that the server translates all messages to/from UTF-8. + This feature requires the "libiconv" library and must be enabled using + the new "--with-iconv" option of the ./configure script. See + doc/Protocol.txt for details. (Closes #109) + - Implement user mode "B" ("Bot flag"): it is settable and unsettable by + every (non-restricted) client. This is how Unreal and InspIRCd do + behave, and so do we :-) + - Implement channel mode "M": Only the server, identified users and IRC + operators are able to talk in such a channel. + - Block nicknames that are reserved for services and are defined using the + configuration variable "ServiceMask" in "Server" blocks; And this + variable now can handle more than one mask separated by commas. + - Implemented XOP channel user modes: "Half Op" ("+h", prefix "%") can set + the channel modes +imntvIbek and kick all +v and normal users; "Admin" + ("+a", prefix "&") can set channel modes +imntvIbekoRsz and kick all +o, + +h, +v and normal users; and "Owner" ("+q", prefix "~") can set channel + modes +imntvIbekoRsz and kick all +a, +o, +h, +v and normal users. + - Implement hashed cloaked hostnames for both the "CloakHost" and + "CloakHostModeX" configuration options: now the admin can use the new + '%x' placeholder to insert a hashed version of the clients hostname, + and the new configuration option "CloakHostSalt" defines the salt for + the hash function. When "CloakHostSalt" is not set (the default), a + random salt will be generated after each server restart. + +ngIRCd Release 19.2 (2012-06-19) + + ngIRCd 19.2~rc1 (2012-06-13) + - New configuration option "CloakHostModeX" to configure the hostname + that gets used for IRC clients which have user mode "+x" enabled. + Up to now, the name of the IRC server itself has been used for this, + which still is the default when "CloakHostModeX" isn't set. + - Add instructions for setting up Atheme IRC services. + - Implement support for IRC capability handling, the new "CAP" command, + and capablity "multi-prefix" which allows both the NAME and WHO command + handlers to return more than one "class prefix" to the client. + +ngIRCd Release 19.1 (2012-03-19) + + - Really include _all_ patches to build the Anope module into the + distribution archive ... ooops! + +ngIRCd Release 19 (2012-02-29) + + ngIRCd 19~rc1 (2012-02-12) + - Update preliminary ngIRCd protocol module for Anope 1.9.6, which now + is the only supported version. + - New numeric RPL_WHOISHOST_MSG(378), which returns the DNS host name + (if available) and the IP address of a client in the WHOIS reply. + Only the user itself and local IRC operators get this numeric. + - Implement channel exception list (mode 'e'). This allows a channel + operator to define exception masks that allow users to join the + channel even when a "ban" would match and prevent them from joining: + the exception list (e) overrides the ban list (b). + - Implement user mode 'C': If the target user of a PRIVMSG or NOTICE + command has the user mode 'C' set, it is required that both sender + and receiver are on the same channel. This prevents private flooding + by completely unknown clients. + - New RPL_WHOISREGNICK_MSG(307) numeric in WHOIS command replies: it + indicates if a nickname is registered (if user mode 'R' set). + - Limit channel invite, ban, and exception lists to 50 entries and fix + duplicate check and error messages when adding already listed entries + or deleting no (longer) existing ones. + - Limit the number of list items in the reply of LIST (100), WHO (25), + WHOIS (10), and WHOWAS (25) commands. + - Limit the MODE command to handle a maximum number of 5 channel modes + that require an argument (+Ibkl) per call and report this number + in the ISUPPORT(005) numeric: "MODES=5". + - LINKS command: support parameter to limit the reply. + - Add 1 second penalty for every further target on PRIVMSG/NOTICE + commands: this reduces the possibility of flooding channels with + commands like "PRIVMSG/NOTICE #a,#n,#c,... :message" a little bit. + Problem noticed by Cahata, thanks! + - New configuration option "PAMIsOptional": when set, clients not + sending a password are still allowed to connect: they won't become + "identified" and keep the "~" character prepended to their supplied + user name. See "man 5 ngircd.conf" for details. + - Fixed handling of WHO commands. This fixes two bugs: "WHO " + returned nothing at all if the user was "+i" (reported by Cahata, + thanks) and "WHO " returned channel names instead + of "*" when the user was member of a (visible) channel. + - LUSERS reply: only count channels that are visible to the requesting + client, so the existence of secret channels is no longer revealed by + using LUSERS. Reported by Cahata, thanks! + - Unknown user and channel modes no longer stop the mode parser, but + are simply ignored. Therefore modes after the unknown one are now + handled. This is how ircd2.10/ircd2.11/ircd-seven behave, at least. + Reported by Cahata, thanks! + - Implement IRC commands "GLINE" and "KLINE" to ban users. G-Lines are + synchronized between server on peering, K-Lines are local only. + If you use "*!@" or "*!*@" masks, these connections + are blocked even before the user is fully logged in (before PASS, + NICK, and USER commands have been processed) and before the child + processes for authentication are forked, so resource usage is smaller. + - Added doc/Modes.txt: document modes supported by ngIRCd. + - Implement user mode "R": indicates that the nickname of this user + is "registered". This mode isn't handled by ngIRCd itself, but must + be set and unset by IRC services like Anope. + - Implement channel mode "R": only registered users (having the user + mode "R" set) are allowed to join this channel. + - Test suite: bind to loopback (127.0.0.1) interface only. + - Handle unknown user and channel modes: these modes are saved and + forwarded to other servers, but ignored otherwise. + - Handle channel user modes 'a', 'h', and 'q' from remote servers. + These channel user modes aren't used for anything at the moment, + but ngIRCd knows that these three modes are "channel user modes" + and not "channel modes", that is that these modes take an "nickname" + argument. Like unknown user and channel modes, these modes are saved + and forwarded to other servers, but ignored otherwise. + +ngIRCd Release 18 (2011-07-10) + + - Add preliminary ngIRCd protocol module for Anope 1.9 to contrib/Anope/. + + ngIRCd 18~rc2 (2011-06-29) + - GnuTLS: use 1024 bits as minimum size of the DH prime. This enables + ngIRCd to accept incoming connections from other servers and clients + that "only" use at least 1024 bits again, like ngIRCd 17 did (and no + longer requires 2048 bits for incoming connections). + + ngIRCd 18~rc1 (2011-06-27) + - New configuration option "MorePrivacy" to "censor" some user information. + When enabled, signon time and idle time is left out. Part and quit + messages are made to look the same. WHOWAS requests are silently dropped. + All of this is useful if one wish to conceal users that access the ngircd + servers from TOR or I2P. + - New configuration option "ScrubCTCP" to scrub incoming CTCP commands. If + activated, the server silently drops incoming CTCP requests from both + other servers and from users. The server that scrubs CTCP will not forward + the CTCP requests to other servers in the network either, which can spell + trouble if not every oper knows about the CTCP-scrubbing. Scrubbing CTCP + commands also means that it is not possible to send files between users. + There is one exception to the CTCP scrubbing performed: ACTION ("/me + commands") requests are not scrubbed. + - Restructure ngIRCd configuration file: introduce new [Limits], [Options], + and [SSL] sections. The intention of this restructuring is to make the + [Global] section much cleaner, so that it only contains variables that + most installations must adjust to the local requirements. All the optional + variables are moved to [Limits], for configurable limits and timers of + ngIRCd, and [Options], for optional features. All SSL-related variables + are moved to [SSL] and the "SSL"-prefix is stripped. The old variables in + the [Global] section are deprecated now, but are still recognized. + => Don't forget to check your configuration, use "ngircd --configtest"! + - New documentation "how to contribute": doc/Contributing.txt. + - Avoid needlessly scary 'buffer overflow' messages: When the write buffer + space grows too large, ngIRCd has to disconnect the client to avoid + wasting too much memory, which is logged with a scary 'write buffer + overflow' message. Change this to a more descriptive wording. + - New configuration option "RequireAuthPing": PING-PONG on login. When + enabled, this configuration option lets ngIRCd send a PING with an numeric + "token" to clients logging in; and it will not become registered in the + network until the client responds with the correct PONG. + - New configuration option "NoticeAuth": send NOTICE AUTH on connect. When + active, ngircd will send "NOTICE AUTH" messages on client connect time + like e.g. snircd (QuakeNet) does. + - Add support for up to 3 targets in WHOIS queries, also allow up to one + wildcard query from local hosts. Follows ircd 2.10 implementation rather + than RFC 2812. At most 10 entries are returned per wildcard expansion. + - ngircd.conf(5) manual page: describe types of configuration variables + (booleans, text strings, integer numbers) and add type information to each + variable description. + - Terminate incoming connections on HTTP commands "GET" and "POST". + - New configuration option "CloakHost": when set, this host name is used for + every client instead of the real DNS host name (or IP address). + - New configuration option "CloakUserToNick": when enabled, ngIRCd sets + every clients' user name to their nickname and hides the user name + supplied by the IRC client. + - Make write buffers bigger, but flush early. Before this change, a client + got disconnected if the buffer flushing at 4k failed, now regular clients + can store up to 32k and servers up 64k even if flushing is not possible at + the moment. This enhances reliability on slow links. + - Allow "Port = 0" in [Server] blocks. Port number 0 marks remote servers + that try to connect to this daemon, but where this daemon never tries to + establish a connection on its own: only incoming connections are allowed. + - Enable WHOIS command to return information about services. + - Implement channel mode 'O': "IRC operators only". This channel mode is + used on DALnet (bahamut), for example. + - Remove support for ZeroConf/Bonjour/Rendezvous service registration + including the "[No]ZeroConf" configuration option. + - Deprecate NoXX-Options in ngircd.conf and move new variants into our new + [Options] section: 'NoDNS=no' => 'DNS=yes', 'NoIdent=no' => 'Ident=yes', + 'NoPAM=no' => 'PAM=yes', and 'NoZeroConf=no' => 'ZeroConf=yes' (and + vice-versa). The defaults are adjusted accordingly and the old variables + in [Global] are still accepted, so there is no functional change. + +ngIRCd Release 17.1 (2010-12-19) + + - Don't log critical (or worse) messages to stderr + - Remove "error file" when compiled with debug code enabled + - New numeric 329: get channel creation time on "MODE #chan" commands + +ngIRCd Release 17 (2010-11-07) + + - doc: change path names in sample-ngircd.conf depending on sysconfdir + + ngIRCd 17~rc2 (2010-10-25) + - Generate ngIRCd version number from GIT tag. + - Make sourcecode compatible with ansi2knr again. This allows to compile + ngIRCd using a pre-ANSI K&R C compiler again. + + ngIRCd 17~rc1 (2010-10-11) + - New configuration option "NoZeroConf" to disable service registration at + runtime even if ngIRCd is compiled with support for ZeroConf (e.g. using + Howl, Avahi or on Mac OS X). + - New configuration option "SyslogFacility" to define the syslog "facility" + (the "target"), to which ngIRCd should send its log messages. + Possible values are system dependant, but most probably "auth", "daemon", + "user" and "local1" through "local7" are possible values; see syslog(3). + Default is "local5" for historical reasons. + - Dump the "internal server state" (configured servers, established + connections and known clients) to the console or syslog when receiving + the SIGUSR2 signal and debug mode is enabled. + - Enable the daemon to disable and enable "debug mode" on runtime using + signal SIGUSR1, when debug code is compiled in, not only on startup + using the command line parameters. + - Implement user mode "x": host name cloaking (closes: #102). - Change MOTD file handling: ngIRCd now caches the contens of the MOTD file, so the daemon now requires a HUP signal or REHASH command to re-read the MOTD file when its content changed. @@ -21,6 +303,7 @@ ngIRCd Release 17 - New configuration option "NoPAM" to disable PAM. - Implement asynchronous user authentication using PAM, please see the file doc/PAM.txt for details. + - Add some documentation for using BOPM with ngIRCd, see doc/Bopm.txt. - Implement user mode "c": receive connect/disconnect NOTICEs. Note that this new mode requires the user to be an IRC operator. - Show SSL status in WHOIS output, numeric 275. @@ -116,7 +399,7 @@ ngIRCd 0.12.0 (2008-05-13) - Implemented IRC commands INFO, SUMMON (dummy), and USERS (dummy) and enhanced test suite to check these commands. (Dana Dahlstrom) - IRC_WHO now supports search patterns and will test this against user - nickname/servername/hostname, etc. as required by RFC 2812, Section 3.6.1. + nickname/server name/host name, etc. as required by RFC 2812, Section 3.6.1. (reported by Dana Dahlstrom) - Implement RFC 2812 handling of "0" argument to 'JOIN': must be treated as if the user had sent PART commands for all channels the user is a @@ -129,7 +412,7 @@ ngIRCd 0.11.0 (2008-01-15) - New [Server] configuration Option "Bind" allows to specify the source IP address to use when connecting to remote server. - New configuration option "MaxNickLength" to specify the allowed maximum - length of user nick names. Note: must be unique in an IRC network! + length of user nicknames. Note: must be unique in an IRC network! - Numeric 317: implemented "signon time" (displayed in WHOIS result). - Added new server configuration option "Passive" for "Server" blocks to disable automatic outgoing connections (similar to -p option to ngircd, @@ -249,7 +532,7 @@ ngIRCd 0.6.0, 2002-12-24 ausgehende Verbindung zu diesem auufzubauen. Dadurch kann nun auf beiden Servern in der Konfiguration ein Port fuer den Connect konfiguriert werden (beide Server versuchen sich dann gegenseitig zu connectieren). - - Server identifizieren sich nun mit asyncronen Passwoertern, d.h. das + - Server identifizieren sich nun mit asynchronen Passwoertern, d.h. das Passwort, welches A an B schickt, kann ein anderes sein als das, welches B als Antwort an A sendet. In der Konfig.-Datei, Abschnitt "Server", wurde "Password" dazu durch "MyPassword" und "PeerPassword" ersetzt. @@ -275,7 +558,7 @@ ngIRCd 0.5.0, 20.09.2002 Konfiguration "sample-ngircd.conf") und bleiben auch dann bestehen, wenn kein User mehr im Channel ist. - neue IRC-Befehle: KICK, INVITE, ADMIN, CHANINFO; LIST wurde erweitert. - Mit dem neuen Befehl CHANINFO syncronisieren Server, die das IRC+- + Mit dem neuen Befehl CHANINFO synchronisieren Server, die das IRC+- Protokoll unterstuetzen, Channel-Modes und Topics. Fuer den ADMIN-Befehl gibt es neue Konfigurationsoptionen (Sektion "Global"): "AdminInfo1", "AdminInfo2" und "AdminEMail". @@ -361,7 +644,3 @@ ngIRCd 0.0.2, 06.01.2002 ngIRCd 0.0.1, 31.12.2001 - erste oeffentliche Version von ngIRCd als "public preview" :-) - - --- -$Id: NEWS,v 1.88 2008/02/26 22:05:42 fw Exp $