-- ChangeLog --
+ngIRCd 21 (2013-10-30)
+
+ - ./contrib/Debian/ngircd.init: Make sure no stale PID file is left over
+ when (re-)starting ngIRCd.
+ - Change ./contrib/platformtest.sh and update ./doc/Platforms.txt to
+ allow usernames up to 8 characters.
+ - Call arc4random_stir() in forked subprocesses, when available. This
+ is required by FreeBSD <10 and current NetBSD at least to correctly
+ initialize the "arc4" random number generator on these platforms.
+ - Update our own Debian package configuration and fix the default path
+ of the "HelpFile" of the "full" package variants.
+
+ ngIRCd 21~rc2 (2013-10-20)
+ - Report the correct configuration file name on configuration errors,
+ support longer configuration lines, and warn when lines are truncated.
+ - Use arc4random() function to generate "random" numbers, when available.
+ - platformtest.sh: Detect clang compiler, and clean up GIT source tree
+ before building (when possible).
+ - Update (date of) manual pages.
+ - Update "Upgrade Information" in INSTALL file, add more systems to
+ doc/Platforms.txt, and fix spelling in NEWS and ChangeLog files =:)
+ - Fix remaining compiler warnings on OpenBSD.
+
+ ngIRCd 21~rc1 (2013-10-05)
+ - Actually KILL clients on GLINE/KLINE. (Closes bug #156)
+ - Adjust log messages for invalid and spoofed prefixes, which cleans up
+ logging of commands related to already KILL'ed clients. And don't
+ forward KILL commands for (already) unknown clients any more to prevent
+ unnecessary duplicates.
+ - Add support to show all user links using the "STATS L" (uppercase)
+ command (restricted to IRC Operators).
+ - Fixed blocking of server reconnects in some error configurations.
+ - Don't ignore SSL-related errors during startup any more: abort startup
+ when SSL is requested by the configuration but can't be initialized and
+ don't continue only listening on plain text communication ports.
+ (Closes bug #163)
+ - Implement configurable SSL cipher list selection for GnuTLS and OpenSSL
+ using the new configuration option "CipherList". In addition, this
+ changes the defaults to more secure values: "HIGH:!aNULL:@STRENGTH" for
+ OpenSSL, and "SECURE128" for GnuTLS.
+ - Fix "TRACE": Correctly return ERR_NEEDMOREPARAMS(461) (which basically
+ is "syntax error") when there are too many parameters.
+ - Clean up lots of permission and parameter checks in functions handling
+ IRC commands; and more consistently add penalty times on errors.
+ - Fix error numeric of WHOIS when no nick name has been provided:
+ as per RFC it should be ERR_NONICKNAMEGIVEN(431).
+ - Only log "IDENT ... no result" messages when an IDENT looked took place
+ and didn't return any data, not when IDENT has been disabled.
+ - Show connection flag "s" (SSL) in RPL_TRACE{LINK|SERVER} messages: now
+ you can check if a server-to-server link is SSL-encrypted or not using
+ the IRC "TRACE" command.
+ - Correctly discard supplementary groups on server startup.
+ - Save client IP address text for "WebIRC" users and correctly display
+ it on WHOIS, for example. (Closes bug #159)
+ - Implement the new configuration option "DefaultUserModes" which lists
+ user modes that become automatically set on new local clients right
+ after login. Please note that only modes can be set that the client
+ could set on itself, so you can't set "a" (away) or "o" (IRC Op),
+ for example! User modes "i" (invisible) or "x" (cloaked) etc. are
+ "interesting", though. (Closes bug #160)
+ - Add support for the new METADATA "account" property, which allows
+ services to automatically identify users after netsplits and across
+ service restarts.
+ - Enforce "penalty times" on error conditions more consistently and in
+ more places. Now most error codes sent back from the IRC server to the
+ client should result in a 2 second "penalty".
+ - Implement a new configuration option "AllowedChannelTypes" that lists
+ all allowed channel types (channel prefixes) for newly created channels
+ on the local server. By default, all supported channel types are allowed.
+ If set to the empty string, local clients can't create new channels at
+ all, which equals the old "PredefChannelsOnly = yes" setting.
+ This change deprecates the "PredefChannelsOnly" variable, too, but it is
+ still supported and translated to the appropriate "AllowedChannelTypes"
+ setting. When the old "PredefChannelsOnly" variable is processed, a
+ warning message is logged. (Closes bug #152)
+ - Add support for "client certificate fingerprinting". When a client
+ passes an SSL certificate to the server, the "fingerprint" will be
+ forwarded in the network which enables IRC services to identify the
+ user using this certificate and not using passwords.
+ - IRC Operator names, as defined in ngircd.conf, are logged now when
+ handling successful OPER commands.
+ - Some error conditions while handling IRC commands, like "permission
+ denied" or "need more parameters", result in more penalty times.
+ - The numeric replies of some commands became split too early which
+ resulted in more numeric reply lines than necessary.
+ - Implement a new configuration option "IncludeDir" in the "[Options]"
+ section that can be used to specify a directory which can contain
+ further configuration files and configuration file snippets matching
+ the pattern "*.conf". These files are read in after the main server
+ configuration file ("ngircd.conf" by default) has been read in and
+ parsed. The default is "$SYSCONFDIR/ngircd.conf.d", so that it is
+ possible to adjust the configuration only by placing additional files
+ into this directory. (Closes bug #157)
+ - Fix use-after-free in the Lists_CheckReason() function, which is used
+ to check if a client is a member of a particular ban/invite/... list.
+ - Xcode: fix detection of host OS, vendor, and CPU type, and update
+ project settings for Xcode 5.
+ - OS X PackageMaker: use relative path names in project files and package
+ with correct file permissions (requires root privileges on "make").
+ - Add Travis-CI configuration file (".travis.yml") to project.
+ - Look for possible cloaked Masks in Lists. Users with +x user mode can
+ be banned with their cloaked hostname now.
+ - Don't read SSL client data before DNS resolver is finished which could
+ have resulted in discarding the resolved client hostname and IDENT
+ reply afterwards, because in some situations (timing dependent) the
+ NICK and USER commands could have already been read in from the client,
+ stored in the buffer, and been processed.
+ Thanks to Julian Brost for reporting the issue and testing, and to
+ Federico G. Schwindt <fgsch@lodoss.net> for helping to debug it!
+ - Increase password length limit to 64 characters. (Closes bug #154)
+ - doc/Services.txt: Update Anope status and URL.
+ - Clean up Xcode project file, remove outdated files, add missing ones.
+ - Update Doxygen configuration file.
+ - configure: search for iconv_open as well as libiconv_open, because
+ on some installations iconv_open() is actually libiconv_open().
+ iconv_open() is the glibc version while libiconv_open() is the
+ libiconv version, now both variants are supported. (Closes bug #151)
+ - ngIRCd now accepts user names including "@" characters, saves the
+ unmodified name for authentication but stores only the part in front
+ of the "@" character as "IRC user name". And the latter is how
+ ircd2.11, Bahamut, and irc-seven behave as well. (Closes bug #155)
+ - Lots of IRC "information functions" like ADMIN, INFO, ... now accept
+ server masks and names of connected users (in addition to server names)
+ for specifying the target server of the command. (Closes bug #153)
+ - Implement a new configuration option "IdleTimeout" in the "[Limits]"
+ section of the configuration file which can be used to set a timeout
+ in seconds after which the whole daemon will shutdown when no more
+ connections are left active after handling at least one client.
+ The default is 0, "never".
+ This can be useful for testing or when ngIRCd is started using "socket
+ activation" with systemd(8), for example.
+ - Implement support for systemd(8) "socket activation".
+ - contrib/README: add description for more files.
+ - Enable WHOIS to display information about IRC Services using the new
+ numeric 310(RPL_WHOISSERVICE) This numeric is used for this purpose by
+ InspIRCd, for example -- but as usual, other numerics are in use, too,
+ like 613 in UltimateIRCd ...
+ Please note that neither the Operator (+o) not the "bot status" (+B)
+ of an IRC service is displayed in the output.
+ - Exit message: use singular & plural :-)
+ - autogen.sh: Check for autoconf/automake wrapper scripts
+ - Add missing punctuation marks in log messages, adjust some severity
+ levels, and make SSL-related messages more readable.
+ - AUTHORS file: Update list of contributors.
+ - Update systemd(8) example configuration files in ./contrib/ directory:
+ the "ngircd.service" file now uses the "forking" service type which
+ enhances the log messages shown by "systemctl status ngircd.service",
+ and the new "ngircd.socket" file configures a systemd socket that
+ configures a socket for ngIRCd and launches the daemon on demand.
+ - Enhance help system and the HELP command: now a "help text file" can be
+ set using the new configuration option "HelpFile" ("global" section),
+ which is read in and parsed on server startup and configuration reload,
+ and then is used to output individual help texts to specific topics.
+ Please see the file ./doc/Commands.txt for details.
+
+ngIRCd 20.3 (2013-08-23)
+
+ - Security: Fix a denial of service bug (server crash) which could happen
+ when the configuration option "NoticeAuth" is enabled (which is NOT the
+ default) and ngIRCd failed to send the "notice auth" messages to new
+ clients connecting to the server (CVE-2013-5580).
+
+ngIRCd 20.2 (2013-02-15)
+
+ - Security: Fix a denial of service bug in the function handling KICK
+ commands that could be used by arbitrary users to to crash the daemon
+ (CVE-2013-1747).
+ - WHO command: Use the currently "displayed hostname" (which can be cloaked!)
+ for hostname matching, not the real one. In other words: don't display all
+ the cloaked users on a specific real hostname!
+ - configure: The header file "netinet/in_systm.h" already is optional in
+ ngIRCd, so don't require it in the configure script. Now ngIRCd can be
+ built on Minix 3 again :-)
+ - Return better "Connection not registered as server link" errors: Now ngIRCd
+ returns a more specific error message for numeric ERR_NOTREGISTERED(451)
+ when a regular user tries to use a command that isn't allowed for users but
+ for servers.
+ - Don't report ERR_NEEDMOREPARAMS(461) when a MDOE command with more modes
+ than nicknames is handled, as well as for channel limit and key changes
+ without specifying the limit or key parameters.
+ This is how a lot (all?) other IRC servers behave, including ircd2.11,
+ InspIRCd, and ircd-seven. And because of clients (tested with Textual and
+ mIRC) sending bogus MODE commands like "MODE -ooo nick", end-users got the
+ expected result as well as correct but misleading error messages ...
+ - Correctly detect when SSL subsystem must be initialized and take
+ outgoing connections (server links!) into account, too.
+ - autogen.sh: Enforce serial test harness on GNU automake >=1.13. The
+ new parallel test harness which is enabled by default starting with
+ automake 1.13 isn't compatible with our test suite.
+ And don't use "egrep -o", instead use "sed", because it isn't portable
+ and not available on OpenBSD, for example.
+
ngIRCd 20.1 (2013-01-02)
- Allow ERROR command on server and service links only, ignore them and
- Allow user names ("INDENT") up to 20 characters when ngIRCd has not
been configured for "strict RFC mode". This is useful if you are using
- external (PAM) authenticaion mechanisms that require longer user names.
+ external (PAM) authentication mechanisms that require longer user names.
Patch suggested by Brett Smith <brett@w3.org>, see
<http://arthur.barton.de/pipermail/ngircd-ml/2012-October/000579.html>.
the hash function. When "CloakHostSalt" is not set (the default), a
random salt will be generated after each server restart. (Closes #133)
-ngIRCd Release 19.2 (2012-06-19)
+ngIRCd 19.2 (2012-06-19)
- doc/Capabilities.txt: document "multi-prefix" capability
- Fix: Don't ignore "permission denied" errors when enabling chroot.
- FAQ: enhance description of chroot setup.
-ngIRCd Release 19.1 (2012-03-19)
+ngIRCd 19.1 (2012-03-19)
- Fix gcc warning (v4.6.3), initialize "list" variable to NULL.
- Fix typos: "recieved" -> "received", "Please not" -> "Please note",
- getpid.sh: Fix test case error for Debian using sbuild(1).
- Don't log "ngIRCd hello message" two times when starting up.
-ngIRCd Release 19 (2012-02-29)
+ngIRCd 19 (2012-02-29)
- Update build system: bump config.guess and config.sub files used by
GNU autoconf/automake to recent versions.
asynchronous nature of the IRC protocol. So don't break server-
links, only log a message and ignore the command. (Closes #113)
-ngIRCd Release 18 (2011-07-10)
+ngIRCd 18 (2011-07-10)
- Update timestamp of ngircd(8) manual page.
- Add preliminary ngIRCd protocol module for Anope 1.9 to contrib/Anope/.
only relevant when a trusted server on a server-server link sends invalid
commands).
-ngIRCd Release 17.1 (2010-12-19)
+ngIRCd 17.1 (2010-12-19)
- --configtest: remember if MOTD is configured by file or phrase
- Enhance log messages when establishing server links a little bit
- New numeric 329: get channel creation time on "MODE #chan" commands
- Save channel creation time; new function Channel_CreationTime()
-ngIRCd Release 17 (2010-11-07)
+ngIRCd 17 (2010-11-07)
- doc: change path names in sample-ngircd.conf depending on sysconfdir
- Fix up generation and distribution of sample-ngircd.conf
- Fix "beeing" typo ...
- SSL/TLS: fix bogus "socket closed" error message.
-ngIRCd Release 16 (2010-05-02)
+ngIRCd 16 (2010-05-02)
- doc/SSL: remove line continuation marker
every channel, and c) remote clients using a server not supporting this
mode are not checked either and therefore always allowed to join.
-ngIRCd Release 15 (2009-11-07)
+ngIRCd 15 (2009-11-07)
- "ngircd --configtest": print SSL configuration options even when unset.
- Fix a few error handling glitches for SSL/TLS connections.
- Minor fixes to manual pages and documentation.
-ngIRCd Release 14.1 (2009-05-05)
+ngIRCd 14.1 (2009-05-05)
- Security: fix remotely triggerable crash in SSL/TLS code.
- BSD start script contrib/ngircd.sh has been renamed to ngircd-bsd.sh.
- Fix server list announcement.
- Do not remove host names from info text.
-ngIRCd Release 14 (2009-04-20)
+ngIRCd 14 (2009-04-20)
- Display IPv6 addresses as "[<addr>]" when accepting connections.
- Fix handling of channels containing dots.
(closes ug #93, reported by Gonosz Csiga)
-ngIRCd Release 13 (2008-12-25)
+ngIRCd 13 (2008-12-25)
- Updated documentation, especially doc/Services.txt and doc/SSL.txt.
- Make the test suite work on OpenSolaris.
- Documentation is now installed in $(datadir)/doc/ngircd.
- Enhanced handling of NJOIN in case of nick collisions.
-ngIRCd 0.6.1, 2003-01-21
+ngIRCd 0.6.1 (2003-01-21)
- Fixed KILL: you can't crash the server by killing yourself any more,
ngIRCd no longer sends a QUIT to other servers after the KILL, and you
Older changes (sorry, only available in german language):
-ngIRCd 0.6.0, 2002-12-24
+ngIRCd 0.6.0, 24.12.2002
- ngIRCd 0.6.0-pre2, 2002-12-23
+ ngIRCd 0.6.0-pre2, 23.12.2002
- neuer Numeric 005 ("Features") beim Connect.
- LUSERS erweitert: nun wird die maximale Anzahl der lokalen und globalen
Clients, die dem Server bzw. im Netzwerk seit dem letzten (Re-)Start
dem Server gleichzeitig bekannt waren, angezeigt.
- ngIRCd 0.6.0-pre1, 2002-12-18
+ ngIRCd 0.6.0-pre1, 18.12.2002
- beim Schliessen einer Verbindung zeigt der Server nun vor dem ERROR
noch eine Statistik ueber die empfangene und gesendete Datenmenge an.
- der Server wartet bei einer eingehenden Verbindung nun laenger auf den