+ngIRCd 27 (2024-04-26)
+
+ - Add an example filter file for "Fail2Ban": contrib/ngircd-fail2ban.conf.
+
+ ngIRCd 27~rc1 (2024-04-13)
+ - Validate certificates on server links. Up to now, ngIRCd optionally used
+ SSL/TLS encrypted server-server links but never checked and validated any
+ certificates. Now ngIRCd validates SSL/TLS certificates on outgoing
+ server-server links by default and drops(!) connections when the remote
+ certificate is invalid (for example self-signed, expired, not matching the
+ host name, ...). Therefore you have to make sure that all relevant
+ *certificates are valid* (or to disable certificate validation on this
+ connection using the new `SSLVerify = false` setting in the affected
+ `[Server]` block, where the remote certificate is not valid and you can not
+ fix this issue).
+ The original patch for OpenSSL dates back to 2009 and was written by Florian
+ Westphal and was extended for GnuTLS in 2014 by Christoph Biedl. But it took
+ us another 10 years to bring it to life ... oh my! Many thanks to both
+ Florian and Christoph!
+ Closes #120.
+ - Add support for the "sd_notify" protocol of systemd(8): Periodically
+ "ping" the service manager (every 3 seconds) and set a status message
+ showing current connection statistics which then is included in "systemctl
+ status ngircd.service" output. In addition, this enables using the
+ systemd(8) watchdog functionality ("WatchdogSec") for the "ngircd.service"
+ unit and allows it to use the "notify" service type, which results in
+ better status tracking by the service manager.
+ - Try to set file descriptor limit to its maximum and show info on startup:
+ The number of possible parallel connections is limited by the file
+ descriptor limit of the process (among other things). Therefore try to
+ upgrade the current "soft" limit to its "hard" maximum (but limited to
+ 100000 instead of "infinite"), and show an information or even warning when
+ the limit is still less than the configured "MaxConnections" setting. Please
+ note that ngIRCd and its linked libraries (like PAM) need file descriptors
+ not only for incoming and outgoing IRC connections, but for reading files
+ and inter-process communication, too! Therefore the actual connection limit
+ is less(!) than the file descriptor limit!
+ - Add a "Docker file" (contrib/Dockerfile) and corresponding documentation
+ (doc/Container.md) to the project. The resulting container is based on the
+ latest Debian "stable-slim" container and built using a "build container".
+ - No longer use a default built-in value for the "IncludeDir" directive when
+ a configuration file was explicitly specified on the command line using
+ "--config"/"-f": This way no default include directory is scanned when a
+ possibly non-default configuration file is used which (intentionally) did
+ not specify an "IncludeDir" directive. So now you can use "-f /dev/null"
+ for checking all built-in defaults, regardless of any local configuration
+ files in the default drop-in directory (which would have been read in
+ until this change).
+ - The server "Name" in the "[Global]" section of the configuration file no
+ longer needs to be set: When not set (or empty), ngIRCd now tries to
+ deduce a valid IRC server name from the local host name ("node name"),
+ possibly adding a ".host" extension when the host name does not contain a
+ dot (".") which is required in an IRC server name ("ID").
+ This new behavior, with all configuration parameters now being optional,
+ allows running ngIRCd without any configuration file at all.
+ - Autodetect support for IPv6 by default: Until now, IPv6 support was disabled
+ by default, which seems a bit outdated in 2024. Note: You still can pass
+ "--enable-ipv6"/"--disable-ipv6" to the ./configure script to forcefully
+ activate or deactivate IPv6 support.
+ - Do IDENT requests even when DNS lookups are disabled: Up to now disabling
+ DNS in the configuration disabled IDENT lookups as well (for no good
+ reason). Now you can activate/deactivate DNS lookups and IDENT requests
+ completely separately. Thanks for reporting this, Miniontoby!
+ Closes #291.
+ - Allow SSL client-only configurations without keys/certificates: You don't
+ need to configure certificates/keys as long as you don't configure
+ SSL-enabled listening ports. This can make sense when you want to only link
+ your local daemon to an uplink server using SSL and only have clients on
+ your local host or in your fully trusted network, where SSL is not required.
+ - Respect "SSLConnect" option for incoming connections and do not accept
+ incoming plain-text ("non SSL") server connections for servers configured
+ with "SSLConnect" enabled. This change prevents an authenticated
+ client-server being able to force the server-server to send its password
+ on a plain-text connection when SSL/TLS was intended.
+ - Add a new option "Autojoin" to [Channel] blocks: When it is set, ngIRCd
+ automatically joins all local users to this channel on connect. Note: The
+ users must have permissions to access the channel, otherwise joining them
+ will fail!
+ Thanks Ivan Agarkov <i_agarkov@wargaming.net> for the initial patch!
+ - Hide invisible (+i) users on "WHOIS <pattern>": Let's behave like most(?)
+ other IRC daemons (at least ircd2.11) and hide all +i users when WHOIS is
+ used with a pattern. Otherwise privacy of this users is not guaranteed and
+ the +i mode a bit useless ...
+ Reported by Cahata on #ngircd, thanks!
+ - Make the debug log level ("--debug"/-"d" command line option) always
+ available, not only when ./configure'd with "--enable-debug": the latter
+ now only enables additional checks (like the tests done using assert(2))
+ and is signalled by adding "+DEBUG" to the version "feature string". This
+ change enables everyone to get even more detailed logging when required.
+ - Allow IRC Operators to use the WHO command on any channel.
+ - Send the NAMES list and channel topic to users "forcefully" joined to a
+ channel using NJOIN, like they joined on their own using JOIN, and
+ streamline the order of NAMES list and channel topic messages.
+ Closes #288.
+ - Added a new command line option "-y"/"--syslog", with which logging to
+ syslog can be activated/deactivated separately from running on the console
+ (using "--nodaemon") or in the background.
+ Thanks Katherine Peeters for the patch and pull request!
+ Closes #294.
+ - Update, enhance and extend our documentation in README.md, INSTALL.md,
+ doc/HowToRelease.txt and the manual pages ngircd(8) and ngircd.conf(5), add
+ a new doc/QuickStart.md document, and convert some more documentation files
+ to Markdown (AUTHORS.md, contrib/README.md, doc/FAQ.md, doc/SSL.md).
+
+ngIRCd 26.1 (2021-01-02)
+
+ - This release is a bugfix release only, without new features.
+
+ngIRCd 26 (2020-06-20)
+
+ ngIRCd 26~rc2 (2020-06-11)
+ - Add AppStream metadata file (contrib/de.barton.ngircd.metainfo.xml).
+ - Various bug fixes, see the ChangeLog. No new or changed functionality.
+
+ ngIRCd 26~rc1 (2020-05-10)
+ - Allow up to 512 characters per line in MOTD and help text files (but keep
+ in mind that lines can't get that long, because they have to be prefixed
+ before being sent to the client). But this allows for more fancy MOTDs :-)
+ Closes #271.
+ - Show the actually allowed channel types in the ISUPPORT(005) numeric which
+ are configured by the "AllowedChannelTypes" configuration variable.
+ Closes #273.
+ - Handle commands in the read buffer before reading more data and don't wait
+ for the network in this case: If there are more bytes in the read buffer
+ already than a single valid IRC command can get long (513 bytes), wait for
+ this/those command(s) to be handled first and don't try to read even more
+ data from the network (which most probably would overflow the read buffer
+ of this connection soon).
+ - Log G-/K-Line changes only when not initiated by a server: this prevents
+ the log from becoming spammed during "net bursts".
+ - Update test suite to include SSL tests, including checking for reloading
+ certificates during runtime.
+ - Add support for GnuTLS certificate reload, which is quite handy when using
+ Let's Encrypt, for example. Until now this was only supported when linked
+ with OpenSSL. Thanks a lot, Hilko Bengen <bengen@hilluzination.de>!
+ - Allow setting arbitrary channel modes in the configuration file by handling
+ them like in MODE commands, and allow multiple "Modes =" lines per [Channel]
+ section. Thanks to Michi <michi+ngircd@dataswamp.org>!
+ Closes #55.
+ - Add "FNC" (forced nick changes) to ISUPPORT(005) numeric. Most probably
+ this doesn't make any difference to any client, but it seems correct.
+ See <http://www.irc.org/tech_docs/005.html> for details.
+ - Enhance handling of command line errors, and return with exit code 0 ("no
+ error") when "--help" or "--version" is used (which resulted in exit code 1,
+ "error" before). Exit with code 2 ("command line error") for all other
+ invalid command line options, and show the error message itself on stderr
+ (instead of stdout and exit code 1, "generic error", as before).
+ This new behavior is more in line with the GNU "coding standards",
+ see <https://www.gnu.org/prep/standards/html_node/_002d_002dhelp.html>.
+ - Add ./contrib/nglog.sh: This script parses the log output of ngircd(8),
+ and colorizes the messages according to their log level. Example usage:
+ ngircd -f $PWD/doc/sample-ngircd.conf -np | ./contrib/nglog.sh
+ - Enlarge buffers of info texts to 128 bytes. This includes:
+ - "Real name" of a client (4th filed of the USER command).
+ - Server info text ("Info" configuration option).
+ - Admin info texts and email address ("AdminInfo1", "AdminInfo2" and
+ "AdminEmail" configuration options).
+ - Network name ("Network" configuration option).
+ The limit was 64 bytes before ...
+ Closes #258.
+ - Streamline handling of invalid and unset server name: Don't exit during
+ runtime (REHASH command, HUP signal), because the server name can't be
+ changed in this case anyway and the new invalid name will be ignored.
+ - Slightly reorder startup steps, and enhance logging:
+ - Show name of configuration file at the beginning of start up.
+ - Add a message when ngIRCd is ready, including its host name.
+ - Show name of configuration file on REHASH (SIGHUP), too.
+ - Change level of "done message" to NOTICE, like "starting" & "ready".
+ - Initialize IO functions before channels, connections, clients, ...
+ - configure.ng: OpenSSL can depends on lz or latomic so use pkg-config to
+ find those dependencies and fallback to existing mechanism.
+ Closes #256.
+
+ngIRCd 25 (2019-01-23)
+
+ - Implement new configuration option "MaxPenaltyTime", which configures the
+ maximum penalty time increase in seconds, per penalty event. Set to -1 for
+ no limit (the default), 0 to disable penalties altogether. ngIRCd doesn't
+ use penalty increases higher than 2 seconds during normal operation, so
+ values higher than 1 rarely make sense.
+ Disabling (or reducing) penalties can greatly speed up "make check" runs
+ for example, see below, but are mostly a debugging feature and normally
+ not meant to be used on production systems!
+ Some example timings running "make check" from my macOS workstation:
+ - MaxPenaltyTime not set: 4:41,79s
+ - "MaxPenaltyTime = 1": 3:14,71s
+ - "MaxPenaltyTime = 0": 25,46s
+ Closes #249 and #251.
+ - Update Xcode project for latest Xcode version (10.0)
+ - Allow a 5th parameter in WEBIRC. Thanks to "ItsOnlyBinary".
+ Closes #247.
+
+ ngIRCd 25~rc1 (2018-08-11)
+ - Only send TOPIC updates to a channel when the topic actually changed:
+ This prevents the channel from becoming flooded by unnecessary TOPIC update
+ messages, that can happen when IRC services try to enforce a certain topic
+ but which is already set (at least on the local server), for example.
+ Therefore still forward it to all servers, but don't inform local clients
+ (still update setter and timestamp information, though!).
+ - Update Xcode project for latest Xcode version (9.2). This includes adding
+ missing and deleting obsolete file references.
+ - Handle user mode "C" ("Only users that share a channel are allowed to send
+ messages") like user mode "b" ("block private messages and notices"): allow
+ messages from servers, services, and IRC Operators, too. Change proposed by
+ "wowaname" back in 2015 in #ngircd, thanks!
+ - Allow IRC Ops and remote servers to KILL service clients: such clients
+ behave like regular users, therefore IRC operators and servers should be
+ able to KILL them: for example to resolve nick collisions.
+ Closes #242.
+
+ngIRCd 24 (2017-01-20)
+
+ ngIRCd 24~rc1 (2017-01-07)
+ - Log privilege violations and failed OPER request with log level "error"
+ and send it to the "&SERVER" channel, too.
+ - Immediately shut down connection when receiving an "ERROR" command,
+ don't wait for the peer to close the connection. This allows the daemon
+ to forward the received "ERROR" message in the network, instead of the
+ very generic "client closed connection" message.
+ - Explicitly forbid remote servers to modify "x-lines" (G-LINES) when the
+ "AllowRemoteOper" configuration option isn't set, even when the command
+ seems to originate from the remote server itself: this prevents GLINE's
+ to become set during server handshake in this case (what wouldn't be
+ possible during regular runtime when a remote IRC Op sends the command)
+ and what can't be undone by IRC Ops later on (because of the missing
+ "AllowRemoteOper" option) ...
+ - Update Xcode project for latest Xcode version (8.0), and fix "duplicate
+ symbols" error messages when building (linking) the binary.
+ - Add "Documentation" variables to systemd configuration files.
+ - Make sure that SYSCONFDIR is always set, which can be handy when
+ using source code linters when ./configure hasn't been run already.
+ - Add the new "PAMServiceName" configuration option to specify the name
+ used as PAM service name. This setting allows to run multiple ngIRCd
+ instances with different PAM configurations for each instance.
+ Thanks to Christian Aistleitner <christian@quelltextlich.at> for the
+ patch, closes #226.
+ - Add an ".editorconfig" file to the project.
+ - Limit the number of message target, and suppress duplicates: This
+ prevents an user from flooding the server using commands like this:
+ "PRIVMSG nick1,nick1,nick1,...".
+ Duplicate targets are suppressed silently (channels and clients).
+ In addition, the maximum number of targets per PRIVMSG, NOTICE, ...
+ command are limited to MAX_HNDL_TARGETS (25). If there are more, the
+ daemon sends the new 407 (ERR_TOOMANYTARGETS_MSG) numeric, containing
+ the first target that hasn't been handled any more. Closes #187.
+ - Make contrib/platformtest.sh script more portable, and only show
+ "runs=Y" when the test suite really has been passed successfully.
+
+ngIRCd 23 (2015-11-16)
+
+ ngIRCd 23~rc1 (2015-09-06)
+ - Use "NOTICE *" before registration instead of "NOTICE AUTH". "AUTH" is
+ a valid nickname so sending notices to it is probably not a good idea.
+ Use "*" as the target instead as done with numerics when the nick is not
+ available. This mimics the behavior in Charybdis, IRCD-Hybrid, InspIRCd
+ 2.2, Plexus 4, etc. Closes #217.
+ The "NoticeAuth" configuration variable (ngircd.conf) has been renamed
+ to "NoticeBeforeRegistration" accordingly, but the old name is still
+ supported for compatibility reasons.
+ - Implement new channel mode "N" (regular users can't change their nick
+ name while on this channel). Closes #214.
+ - Keep track of who placed bans, invites, and excepts.
+ Idea and implementation by LucentW, Thanks! Closes #203.
+ - Implement numeric RPL_LISTSTART(321). lightIRC and other clients
+ expecting RPL_LISTSTART should now behave correctly.
+ Idea and implementation by LucentW, Thanks! Closes #207.
+ - Streamline the effect of "MorePrivacy" option: Update documentation
+ in ngircd.conf(5); don't hide channels for IRC Ops on LIST and don't
+ hide IP addresses/hostnames on WHOIS when "MorePrivacy" is in effect.
+ This closes #198.
+ - IRC operators now can kick anyone when "OperCanMode" is set.
+ Idea and implementation by LucentW, Thanks! Closes #202.
+ - Implement user mode "I": Hide channels on WHOIS: this mode prevents
+ ngIRCd from showing channels on WHOIS (IRC Operators can always see
+ the channel list).
+ Idea and implementation by LucentW, Thanks! Closes #197.
+ - INVITE command: Implement ERR_USERNOTONSERV(504) numeric and make sure
+ that the target user is on the same server when inviting other users
+ to local ("&") channels.
+ Idea by Cahata, thanks! Closes #183.
+ - MODE command: Always report channel creation time. Up to now when
+ receiving a MODE command, ngIRCd only reported the channel creation
+ time to clients that were members of the channel. This patch reports
+ the channel creation time to all clients, regardless if they are joined
+ to that channel or not. At least ircd-seven behaves like this.
+ This closes #188. Reported by Cahata, thanks!
+
+ngIRCd 22.1 (2015-04-06)
+
+ - Update "CipherList" to not enable SSLv3 by default. Idea, initial patch,
+ and testing by Christoph Biedl <ngircd.anoy@manchmal.in-ulm.de>.
+ - Change ngIRCd test suite not to use DNS lookups: Different operating
+ systems do behave quite differently when doing DNS lookups, for example
+ "127.0.0.1" sometimes resolves to "localhost" and sometimes to
+ "localhost.localdomain" (for example OpenBSD). And other OS resolve
+ "localhost" to the real host name (for example Cygwin). So not using
+ DNS at all makes the test site much more portable.
+
+ngIRCd 22 (2014-10-11)
+
+ - Match all list patterns case-insensitive: this affects the invite-,
+ ban-, and except lists, as well as G-Lines an K-Lines.
+ Problem pointed out by "wowaname" on #ngircd, thanks!
+
+ ngIRCd 22~rc1 (2014-09-29)
+ - Sync "except lists" between servers: Up to now, ban, invite, and G-Line
+ lists have been synced between servers while linking -- but obviously
+ nobody noticed that except list have been missing ever since. Until now.
+ Thanks to "j4jackj", who reported this issue in #ngircd.
+ - Allow longer user names (up to 63 characters) for authentication.
+ - Increase MAX_SERVERS from 16 to 64: There are installations out there
+ that would like to configure more than 16 links per server, so increase
+ this limit. Best would be to get rid of MAX_SERVERS altogether and make
+ if fully dynamic, but start with this quick and dirty hack ...
+ - Test suite/platformtest.sh: Detect when tests have been skipped.
+ - Allow "DefaultUserModes" to set all possible modes, including modes only
+ settable by IRC Operators.
+ - Implement user mode "F": "relaxed flood protection". Clients with mode
+ "F" set are allowed to rapidly send data to the daemon. This mode is only
+ settable by IRC Operators and can cause problems in the network -- so be
+ careful and only set it on "trusted" clients!
+ User mode "F" is used by Bahamut for this purpose, for example.
+ - Use server password when PAM is compiled in but disabled.
+ - Streamline punctuation of log messages.
+ - Return ISUPPORT(005) numerics on "VERSION". This is how ircd-seven,
+ Charybdis, Hybrid, and InspIRCd behave, for example.
+ - configure: Only link "contrib/Debian" if it exists, which isn't the case
+ on "VPATH builds", for example.
+ - Show the account name in WHOIS. This uses the same numeric as Charybdis
+ and ircu families: WHOISLOGGEDIN(330).
+ - Pattern matching: Remove "range matching" in our pattern matching code
+ using the "[...]" syntax, because [ and ] are valid characters in nick
+ names and one has to quote them currently using the "\" character, which
+ is quite unexpected for users.
+ - platformtest.sh: New option "-x", don't regenerate build system and
+ allow using separate source and build trees.
+ - Test suite: explicitly enable glibc memory checking.
+ - Make "MODE -k" handling more robust and compatible, send "fake '*' key"
+ in all replies.
+ - portabtest: Actually test the functions snprintf(), strlcpy(), strlcat(),
+ and vsnprintf() for correctness, not only existence (which was quite
+ useless, because if they weren't available, the program could not have
+ been linked at all ...).
+ - Implement new configuration option "Network": it is used to set the
+ (completely optional) "network name", to which this instance of the
+ daemon belongs. When set, this name is used in the ISUPPORT(005) numeric
+ which is sent to all clients connecting to the server after logging in.
+ - Update doc/Platforms.txt.
+ - Various code cleanups, remove unused code, streamline error handling.
+ Remove all imp.h and exp.h header files, support non-standard vsnprintf()
+ return codes, and fix some K&R C portability issues. Streamline
+ DEBUG_ARRAY, DEBUG_BUFFER, DEBUG_IO, DEBUG_ZIP definitions.
+ - Increase penalty time to 10 seconds when handling OPER commands with an
+ invalid password.
+
+ngIRCd 21.1 (2014-03-25)
+
+ - Don't ignore but use the server password when PAM is compiled in but
+ disabled. Thanks to Roy Sindre Norangshol <roy.sindre@norangshol.no>!
+ - doc/Platforms.txt: Update from master branch.
+ - doc/Services.txt: Update information for Anope 2.x.
+ - configure: add support for the LDFLAGS_END and LIBS_END variables to add
+ linker flags and libraries at the end of the configure run (CFLAGS_END has
+ been implemented already).
+ - Update Copyright notices for 2014 :-)
+
+ngIRCd 21 (2013-10-30)
+
+ - Call arc4random_stir() in forked subprocesses, when available. This
+ is required by FreeBSD <10 and current NetBSD at least to correctly
+ initialize the "arc4" random number generator on these platforms.
+
+ ngIRCd 21~rc2 (2013-10-20)
+ - Report the correct configuration file name on configuration errors,
+ support longer configuration lines, and warn when lines are truncated.
+
+ ngIRCd 21~rc1 (2013-10-05)
+ - Actually KILL clients on GLINE/KLINE. (Closes bug #156)
+ - Add support to show all user links using the "STATS L" (uppercase)
+ command (restricted to IRC Operators).
+ - Implement configurable SSL cipher list selection for GnuTLS and OpenSSL
+ using the new configuration option "CipherList". In addition, this
+ changes the defaults to more secure values: "HIGH:!aNULL:@STRENGTH" for
+ OpenSSL, and "SECURE128" for GnuTLS.
+ - Show connection flag "s" (SSL) in RPL_TRACE{LINK|SERVER} messages: now
+ you can check if a server-to-server link is SSL-encrypted or not using
+ the IRC "TRACE" command.
+ - Implement the new configuration option "DefaultUserModes" which lists
+ user modes that become automatically set on new local clients right
+ after login. Please note that only modes can be set that the client
+ could set on itself, so you can't set "a" (away) or "o" (IRC Op),
+ for example! User modes "i" (invisible) or "x" (cloaked) etc. are
+ "interesting", though. (Closes bug #160)
+ - Add support for the new METADATA "account" property, which allows
+ services to automatically identify users after netsplits and across
+ service restarts.
+ - Implement a new configuration option "AllowedChannelTypes" that lists
+ all allowed channel types (channel prefixes) for newly created channels
+ on the local server. By default, all supported channel types are allowed.
+ If set to the empty string, local clients can't create new channels at
+ all, which equals the old "PredefChannelsOnly = yes" setting.
+ This change deprecates the "PredefChannelsOnly" variable, too, but it is
+ still supported and translated to the appropriate "AllowedChannelTypes"
+ setting. When the old "PredefChannelsOnly" variable is processed, a
+ warning message is logged. (Closes bug #152)
+ - Add support for "client certificate fingerprinting". When a client
+ passes an SSL certificate to the server, the "fingerprint" will be
+ forwarded in the network which enables IRC services to identify the
+ user using this certificate and not using passwords.
+ - Implement a new configuration option "IncludeDir" in the "[Options]"
+ section that can be used to specify a directory which can contain
+ further configuration files and configuration file snippets matching
+ the pattern "*.conf". These files are read in after the main server
+ configuration file ("ngircd.conf" by default) has been read in and
+ parsed. The default is "$SYSCONFDIR/ngircd.conf.d", so that it is
+ possible to adjust the configuration only by placing additional files
+ into this directory. (Closes bug #157)
+ - Add Travis-CI configuration file (".travis.yml") to project.
+ - ngIRCd now accepts user names including "@" characters, saves the
+ unmodified name for authentication but stores only the part in front
+ of the "@" character as "IRC user name". And the latter is how
+ ircd2.11, Bahamut, and irc-seven behave as well. (Closes bug #155)
+ - Lots of IRC "information functions" like ADMIN, INFO, ... now accept
+ server masks and names of connected users (in addition to server names)
+ for specifying the target server of the command. (Closes bug #153)
+ - Implement a new configuration option "IdleTimeout" in the "[Limits]"
+ section of the configuration file which can be used to set a timeout
+ in seconds after which the whole daemon will shutdown when no more
+ connections are left active after handling at least one client.
+ The default is 0, "never".
+ This can be useful for testing or when ngIRCd is started using "socket
+ activation" with systemd(8), for example.
+ - Implement support for systemd(8) "socket activation".
+ - Enable WHOIS to display information about IRC Services using the new
+ numeric 310(RPL_WHOISSERVICE) This numeric is used for this purpose by
+ InspIRCd, for example -- but as usual, other numerics are in use, too,
+ like 613 in UltimateIRCd ...
+ Please note that neither the Operator (+o) not the "bot status" (+B)
+ of an IRC service is displayed in the output.
+ - Update systemd(8) example configuration files in ./contrib/ directory:
+ the "ngircd.service" file now uses the "forking" service type which
+ enhances the log messages shown by "systemctl status ngircd.service",
+ and the new "ngircd.socket" file configures a systemd socket that
+ configures a socket for ngIRCd and launches the daemon on demand.
+ - Enhance help system and the HELP command: now a "help text file" can be
+ set using the new configuration option "HelpFile" ("global" section),
+ which is read in and parsed on server startup and configuration reload,
+ and then is used to output individual help texts to specific topics.
+ Please see the file ./doc/Commands.txt for details.
+
+ngIRCd 20.3 (2013-08-23)
+
+ - This release is a bugfix release only, without new features.
+ - Security: Fix a denial of service bug (server crash) which could happen
+ when the configuration option "NoticeAuth" is enabled (which is NOT the
+ default) and ngIRCd failed to send the "notice auth" messages to new
+ clients connecting to the server (CVE-2013-5580).
+
+ngIRCd 20.2 (2013-02-15)
+
+ - This release is a bugfix release only, without new features.
+ - Security: Fix a denial of service bug in the function handling KICK
+ commands that could be used by arbitrary users to crash the daemon
+ (CVE-2013-1747).
+
+ngIRCd 20.1 (2013-01-02)
+
+ - This release is a bugfix release only, without new features.
+
+ngIRCd 20 (2012-12-17)
+
+ - Allow user names ("INDENT") up to 20 characters when ngIRCd has not
+ been configured for "strict RFC mode". This is useful if you are using
+ external (PAM) authentication mechanisms that require longer user names.
+ Patch suggested by Brett Smith <brett@w3.org>, see
+ <http://arthur.barton.de/pipermail/ngircd-ml/2012-October/000579.html>.
+
+ ngIRCd 20~rc2 (2012-12-02)
+ - Rework cloaked hostname handling and implement the "METADATA cloakhost"
+ subcommand: Now ngIRCd uses two fields internally, one to store the
+ "real" hostname and one to save the "cloaked" hostname. This allows
+ "foreign servers" (aka "IRC services") to alter the real and cloaked
+ hostnames of clients without problems, even when the user itself issues
+ additional "MODE +x" and "MODE -x" commands.