X-Git-Url: https://arthur.barton.de/gitweb/?p=ngircd-alex.git;a=blobdiff_plain;f=ChangeLog;h=75adf7011dbc750190aa1d873d94a5a079678ac1;hp=bd6536649d339780dfc4cf284451cb8a2913f00f;hb=HEAD;hpb=03e656807930cffc34a76a31635e4d3ad79c4378 diff --git a/ChangeLog b/ChangeLog index bd653664..0744e250 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,12 +2,576 @@ ngIRCd - Next Generation IRC Server http://ngircd.barton.de/ - (c)2001-2015 Alexander Barton and Contributors. + (c)2001-2024 Alexander Barton and Contributors. ngIRCd is free software and published under the terms of the GNU General Public License. -- ChangeLog -- +ngIRCd 27 (2024-04-26) + + - Update ChangeLog, NEWS, AUTHORS.md & doc/Platforms.txt for ngIRCd 27. + - Clarify in the sample configuration file and the ngircd.conf(5) manual + page that the "CAFile" option is unset by default. + - Fix channel symbol returned in the RPL_NAMREPLY(353) numeric of NAMES + commands for secret (mode +s) channels: this should be "@", not "=". + Thanks Val Lorentz for the patch! + Closes #313. + - Add an example filter file for "Fail2Ban": contrib/ngircd-fail2ban.conf. + - Don't abort startup when setgid/setuid() fails with EINVAL: Both setgid(2) + as well as setuid(2) can fail with EINVAL in addition to EPERM, their + manual pages state "EINVAL: The user/group ID specified in uid/gid is not + valid in this user namespace ". So not only treat EPERM as an "acceptable + error" and continue with logging the error, but do the same for EINVAL. + This was triggered by the Void Linux xbps-uunshare(1) tool used for + building "XBPS source packages" and reported by luca in #ngircd. Thanks! + - Test suite: Don't use "pgrep -u" when LOGNAME and USER are not set + Thanks for reporting this on IRC, luca! + + ngIRCd 27~rc1 (2024-04-13) + - Validate certificates on server links. Up to now, ngIRCd optionally used + SSL/TLS encrypted server-server links but never checked and validated any + certificates. Now ngIRCd validates SSL/TLS certificates on outgoing + server-server links by default and drops(!) connections when the remote + certificate is invalid (for example self-signed, expired, not matching the + host name, ...). Therefore you have to make sure that all relevant + *certificates are valid* (or to disable certificate validation on this + connection using the new `SSLVerify = false` setting in the affected + `[Server]` block, where the remote certificate is not valid and you can not + fix this issue). + The original patch for OpenSSL dates back to 2009 and was written by Florian + Westphal and was extended for GnuTLS in 2014 by Christoph Biedl. But it took + us another 10 years to bring it to life ... oh my! Many thanks to both + Florian and Christoph! + Closes #120. + - Add support for the "sd_notify" protocol of systemd(8): Periodically + "ping" the service manager (every 3 seconds) and set a status message + showing current connection statistics which then is included in "systemctl + status ngircd.service" output. In addition, this enables using the + systemd(8) watchdog functionality ("WatchdogSec") for the "ngircd.service" + unit and allows it to use the "notify" service type, which results in + better status tracking by the service manager. + - Try to set file descriptor limit to its maximum and show info on startup: + The number of possible parallel connections is limited by the file + descriptor limit of the process (among other things). Therefore try to + upgrade the current "soft" limit to its "hard" maximum (but limited to + 100000 instead of "infinite"), and show an information or even warning when + the limit is still less than the configured "MaxConnections" setting. Please + note that ngIRCd and its linked libraries (like PAM) need file descriptors + not only for incoming and outgoing IRC connections, but for reading files + and inter-process communication, too! Therefore the actual connection limit + is less(!) than the file descriptor limit! + - Update and fix the logcheck(8) rules file. + - METADATA: Fix unsetting the "cloakhost" hostname, which did not result in + the original hostname being restored, but actually resulted in an empty + string being used as the client hostname -- which is a protocol violation. + - Update the "rpm" make target to use the rpmbuild(8) command. + - Add a "Docker file" (contrib/Dockerfile) and corresponding documentation + (doc/Container.md) to the project. The resulting container is based on the + latest Debian "stable-slim" container and built using a "build container". + - Remove outdated, unsupported and broken support for splint(1). + - Don't show the default config file name on config errors: The configuration + can be set in drop-in files in the include directory, too, so it is not + clear in which file it is actually missing. + - No longer use a default built-in value for the "IncludeDir" directive when + a configuration file was explicitly specified on the command line using + "--config"/"-f": This way no default include directory is scanned when a + possibly non-default configuration file is used which (intentionally) did + not specify an "IncludeDir" directive. So now you can use "-f /dev/null" + for checking all built-in defaults, regardless of any local configuration + files in the default drop-in directory (which would have been read in + until this change). + - No longer log channel keys ("passwords") for predefined channels. + - The server "Name" in the "[Global]" section of the configuration file no + longer needs to be set: When not set (or empty), ngIRCd now tries to + deduce a valid IRC server name from the local host name ("node name"), + possibly adding a ".host" extension when the host name does not contain a + dot (".") which is required in an IRC server name ("ID"). + This new behavior, with all configuration parameters now being optional, + allows running ngIRCd without any configuration file at all. + - Silence some compiler warnings. + - autogen.sh: Prefer automake 1.11 over other releases because this is the + last release supporting "de-ANSI-fication" using the included ansi2knr tool. + And because we _want_ to support old K&R platforms, we try hard to use this + release of automake when available to generate our build system. + Note: This is only relevant for you if you are building from Git sources. + - Autodetect support for IPv6 by default: Until now, IPv6 support was disabled + by default, which seems a bit outdated in 2024. Note: You still can pass + "--enable-ipv6"/"--disable-ipv6" to the ./configure script to forcefully + activate or deactivate IPv6 support. + - Do IDENT requests even when DNS lookups are disabled: Up to now disabling + DNS in the configuration disabled IDENT lookups as well (for no good + reason). Now you can activate/deactivate DNS lookups and IDENT requests + completely separately. Thanks for reporting this, Miniontoby! + Closes #291. + - Update config.guess (2023-08-22) and config.sub (2023-09-19) files. + - Fix Channel Admins being able to to set Channel Owner status! "Sarah" + reported this back in April 2021 and proposed a patch, thanks a lot! + - Test suite: Update for OpenSSL 3.x, some command outputs changed, clean up + shell scripts and make the getpid.sh script more robust. + - Allow SSL client-only configurations without keys/certificates: You don't + need to configure certificates/keys as long as you don't configure + SSL-enabled listening ports. This can make sense when you want to only link + your local daemon to an uplink server using SSL and only have clients on + your local host or in your fully trusted network, where SSL is not required. + - Remove the unmaintained contrib/MacOSX/ folder: this includes the Xcode + project as well as the outdated macOS "Package Maker" configuration. The + sample launchd(8) configuration properties list file was moved to + "contrib/de.barton.ngircd.plist" and kept. + - Fix showing the "Ident" option in "--configtest" output which was never + shown because of a coding error. Whoops! + - Change GnuTLS "slot handling" messages to debug level: Those messages are + about an internal implementation detail, not relevant for an administrator + of ngIRCd. + - Enlarge buffer for log messages: For example, SSL/TLS certificate + information can easily get longer than 256 characters. So enlarge the log + buffer to 1 KB to avoid cutting off relevant information. + - Respect "SSLConnect" option for incoming connections and do not accept + incoming plain-text ("non SSL") server connections for servers configured + with "SSLConnect" enabled. This change prevents an authenticated + client-server being able to force the server-server to send its password + on a plain-text connection when SSL/TLS was intended. + - Always try to close a connection with errors immediately, but try hard + to avoid too much recursion. Without this patch, an outgoing server + connection could get stuck in an "endless" state trying to write out data + over and over again. + - Add "hopm.service" to "Wants" and "Before" dependencies in the sample + systemd unit file (Hopm is the successor of Bopm). + - Update Debian package configuration using current "dh_make", package + dependencies and build rules. And no longer build 3 different versions, + only build "ngircd" which now includes support for IDENT, PAM (disabled in + the ngircd.conf installed by the package), SSL (OpenSSL), ZLib and IPv6. + - Return ERR_NOTEXTTOSEND on empty PRIVMSG content, which matches the + behavior of other servers. + - Add a new option "Autojoin" to [Channel] blocks: When it is set, ngIRCd + automatically joins all local users to this channel on connect. Note: The + users must have permissions to access the channel, otherwise joining them + will fail! + Thanks Ivan Agarkov for the initial patch! + - Hide invisible (+i) users on "WHOIS ": Let's behave like most(?) + other IRC daemons (at least ircd2.11) and hide all +i users when WHOIS is + used with a pattern. Otherwise privacy of this users is not guaranteed and + the +i mode a bit useless ... + Reported by Cahata on #ngircd, thanks! + - Update the final "closing connection" message: Add some more information + like nick name, user name, host name and bring it in line with some other + implementations (at least ircd2.11 and Hybrid). + - Fix RPL_INVITING message: All numeric replies must originate from an IRC + server, never from a client. Thanks "tommyrot" for reporting this! + Closes #307. + - Enhance some log messages, for example for errors when accepting new + connections. + - Make the debug log level ("--debug"/-"d" command line option) always + available, not only when ./configure'd with "--enable-debug": the latter + now only enables additional checks (like the tests done using assert(2)) + and is signalled by adding "+DEBUG" to the version "feature string". This + change enables everyone to get even more detailed logging when required. + - Always report an error when a parameter is missing in a channel "MODE +k" + or "MODE +l" command, and better validate their parameters: return the new + numeric ERR_INVALIDMODEPARAM_MSG(696) on errors. + Thanks Val Lorentz for reporting this! + Closes #290. + - Allow IRC Operators to use the WHO command on any channel. + - Add configuration for "ngIRCd CI" GitHub Action, no longer use Travis-CI. + - Send the NAMES list and channel topic to users "forcefully" joined to a + channel using NJOIN, like they joined on their own using JOIN, and + streamline the order of NAMES list and channel topic messages. + Closes #288. + - Fix (invalid) error messages when setting modes on local channels which + are defined in the configuration file. + - Fix handling of G-Lines/K-Lines with cloaked host names. + - Streamline logging of debug messages. + - Added a new command line option "-y"/"--syslog", with which logging to + syslog can be activated/deactivated separately from running on the console + (using "--nodaemon") or in the background. + Thanks Katherine Peeters for the patch and pull request! + Closes #294. + - Fix a possible race condition while introducing new clients in the network. + - Update, enhance and extend our documentation in README.md, INSTALL.md, + doc/HowToRelease.txt and the manual pages ngircd(8) and ngircd.conf(5), add + a new doc/QuickStart.md document, and convert some more documentation files + to Markdown (AUTHORS.md, contrib/README.md, doc/FAQ.md, doc/SSL.md). + +ngIRCd 26.1 (2021-01-02) + + - Fix a "format string" compiler warning (detected on OpenBSD). + - No longer set "AI_ADDRCONFIG" when resolving host names, even when it + exists: with this option set, on an IPv6-only host, we prevent 127.0.0.1 + to get translated properly, even when the loopback interface has this + address configured! And as the test suite uses 127.0.0.1, it was broken + on IPv6-only hosts. + The drawback is that the resolver possibly returns more addresses now, + even of an unsupported/not connected address family; but this shouldn't + do much harm in practice, as ngIRCd iterates over all returned addresses + while trying to establish an outgoing connection. + Closes #281. + - Revert "Show allowed channel types in ISUPPORT(005) numeric only", which + was introduced in 26~rc1: This lead to some IRC clients assuming "oh, no + channel prefix characters at all, so no channels at all, so no PRIVMSG can + go to any channel" when "AllowedChannelTypes" was set to the empty string + ("") -- which is not the case when there are pre-defined channel set up or + other servers still having channels! + So "allowed channel types" != "supported channel types", and we always have + to list all supported ones in the ISUPPORT(005) numeric! + Closes #285. + - Test suite: Wait 2 seconds after reloading the daemon, which is required + because on reload, all listening ports are closed, configuration updated, + and then opened again. This lead to subsequent tests running while the + daemon isn't listening on any ports, and that's why some tests could fail. + Closes #280. + - platformtest.sh: Try to mangle CLang name more intelligently. + - Documentation: Fixed URLs of Atheme IRC services, updated all mentions + from CVS to Git, and updated Platforms.txt -- Oh, and it is 2021 now! ;-) + +ngIRCd 26 (2020-06-20) + + ngIRCd 26~rc2 (2020-06-11) + - Add AppStream metadata file (contrib/de.barton.ngircd.metainfo.xml). + - Don't send invalid CHANINFO commands when a channel has mode +k set but no + key is known to the server. This can happen with a misconfigured predefined + channel, for example, and looked like this: "CHANINFO #test +Pk 0 :" -- + note the unset key represented by the two spaces. Fix this by sending a + "*" in this case and update the CHANINFO documentation, too. + - ngircd.spec: Fix names of README.md and INSTALL.md, add ".md" extension. + - Update description texts in the README.md file, the RPM and Debian package + files and the manual page: bring them in line with the updated homepage. + - Server-Server protocol: Fix use-after-free when unregistering a directly + connected server sending a SQUIT for itself. + - Server-Server protocol: Detect bogus SERVER commands lacking a prefix. + Thanks Hilko Bengen (hillu) for finding & reporting this as well for the + patch & pull request (even if fixed differently). + Closes #275. + - Fix the PING-PONG logic: In ngIRCd 26~rc1 this was completely broken (while + trying to fix timeouts during server handshakes in bigger networks): the + daemon never disconnected any stale peers but kept sending out PINGs over + and over again ... + - Test suite: Add missing files needed to test SSL support to "EXTRA_DIST", + so that they are included in distribution archives: in rc1, "make check" + fails when using sources from an archive and enabling SSL support. + Thanks to Hilko Bengen for the patch! + + ngIRCd 26~rc1 (2020-05-10) + - Tweak & update doc/HowToRelease.txt, .mailmap and AUTHORS files. + - Allow up to 512 characters per line in MOTD and help text files (but keep + in mind that lines can't get that long, because they have to be prefixed + before being sent to the client). But this allows for more fancy MOTDs :-) + Closes #271. + - Show the actually allowed channel types in the ISUPPORT(005) numeric which + are configured by the "AllowedChannelTypes" configuration variable. + Closes #273. + - Handle commands in the read buffer before reading more data and don't wait + for the network in this case: If there are more bytes in the read buffer + already than a single valid IRC command can get long (513 bytes), wait for + this/those command(s) to be handled first and don't try to read even more + data from the network (which most probably would overflow the read buffer + of this connection soon). + - Update Travis-CI configuration, "sudo" is deprecated. + - Log G-/K-Line changes only when not initiated by a server: this prevents + the log from becoming spammed during "net bursts". + - Update test suite to include SSL tests, including checking for reloading + certificates during runtime. + - Makefile.am: Replace "make" with "${MAKE}". This fixes warnings like this: + "warning: jobserver unavailable: using -j1. Add `+' to parent make rule." + Thanks to Sam James (sam_c) ! + Closes #270. + - Add support for GnuTLS certificate reload, which is quite handy when using + Let's Encrypt, for example. Until now this was only supported when linked + with OpenSSL. Thanks a lot, Hilko Bengen ! + - Remove deprecated legacy configuration options and related functions that + have been marked for removal for quite some time: + - PredefChannelsOnly (v22) + - NoticeAuth (v24) + - NoXXX (v19) + - Old '[GLOBAL]' section handling (v19) + Thanks to Michi for the patch! + - Fix recursion bug on write errors: Depending on the stack size, too many + clients on the same channel quitting at the same time would trigger a crash + due to too many recursive calls to Conn_Close(). Thanks to Michi + for the patch! + - Fix builds using GCC option -fno-common, which is the default starting with + GCC 10. Thanks to Michi for the patch! + Closes #266. + - Convert INSTALL and README files to Markdown. + - Allow setting arbitrary channel modes in the configuration file by handling + them like in MODE commands, and allow multiple "Modes =" lines per [Channel] + section. Thanks to Michi ! + Closes #55. + - Add "FNC" (forced nick changes) to ISUPPORT(005) numeric. Most probably + this doesn't make any difference to any client, but it seems correct. + See for details. + - Reuse old SSL key if loading a new one failed. + - Remove outdated OpenBSD/NetBSD systrace.policy. + - Enhance handling of command line errors, and return with exit code 0 ("no + error") when "--help" or "--version" is used (which resulted in exit code 1, + "error" before). Exit with code 2 ("command line error") for all other + invalid command line options, and show the error message itself on stderr + (instead of stdout and exit code 1, "generic error", as before). + This new behavior is more in line with the GNU "coding standards", + see . + - Fix and update Xcode project: Reference correct contrib/Makefile.am file, + correctly sort contrib/nglog.sh and add "ORGANIZATIONNAME" setting. + - contrib/ngindent.sh: Add more GNU indent options for better results, and + add the ".sh" suffix to bring this script in line with the others in the + contrib/ folder. + - Add ./contrib/nglog.sh: This script parses the log output of ngircd(8), + and colorizes the messages according to their log level. Example usage: + ngircd -f $PWD/doc/sample-ngircd.conf -np | ./contrib/nglog.sh + - Log received signals with their names using strsignal(3), when available. + - Make test suite compatible with Haiku OS. + - Fix host mask cloaking bug, don't cloak multiple times: Previously, each + server would cloak every user's host mask. The problem is that if a network + has more than one server, then a user's host mask would get cloaked twice. + This patch ensures that a server only cloaks the host mask if it has not yet + been cloaked (the period indicates it's still an IP address). Thanks to + JRMU for the patch! + Closes #228. + - Enlarge buffers of info texts to 128 bytes. This includes: + - "Real name" of a client (4th filed of the USER command). + - Server info text ("Info" configuration option). + - Admin info texts and email address ("AdminInfo1", "AdminInfo2" and + "AdminEmail" configuration options). + - Network name ("Network" configuration option). + The limit was 64 bytes before ... + Closes #258. + - Streamline handling of invalid and unset server name: Don't exit during + runtime (REHASH command, HUP signal), because the server name can't be + changed in this case anyway and the new invalid name will be ignored. + - Fix and extend documentation: Fix some typos, fix syntax of LINKS and LIST + commands, whitespace and spelling fixes, update dependencies and add some + more information about IRCv3 support. + Thanks to Thanks Windree, Étienne Mollier and + Christoph Biedl . + Closes #264. + - Slightly reorder startup steps, and enhance logging: + - Show name of configuration file at the beginning of start up. + - Add a message when ngIRCd is ready, including its host name. + - Show name of configuration file on REHASH (SIGHUP), too. + - Change level of "done message" to NOTICE, like "starting" & "ready". + - Initialize IO functions before channels, connections, clients, ... + - configure.ng: OpenSSL can depends on lz or latomic so use pkg-config to + find those dependencies and fallback to existing mechanism. + Closes #256. + - ngircd.conf.5: Fix wording as suggested by lintian. + +ngIRCd 25 (2019-01-23) + + - Fix documentation of MotdPhrase length, which actually is 126 characters: + update sample configuration file as well as the man page. Thanks to + shankari . + Closes #254. + - Implement new configuration option "MaxPenaltyTime", which configures the + maximum penalty time increase in seconds, per penalty event. Set to -1 for + no limit (the default), 0 to disable penalties altogether. ngIRCd doesn't + use penalty increases higher than 2 seconds during normal operation, so + values higher than 1 rarely make sense. + Disabling (or reducing) penalties can greatly speed up "make check" runs + for example, see below, but are mostly a debugging feature and normally + not meant to be used on production systems! + Some example timings running "make check" from my macOS workstation: + - MaxPenaltyTime not set: 4:41,79s + - "MaxPenaltyTime = 1": 3:14,71s + - "MaxPenaltyTime = 0": 25,46s + Closes #249 and #251. + - Fix compilation without deprecated OpenSSL APIs. Thanks to Rosen Penev + for the patch! + Closes #252. + - Update Xcode project for latest Xcode version (10.0) + - Fix some compiler warnings of Apple Xcode/Clang + - Allow a 5th parameter in WEBIRC. Thanks to "ItsOnlyBinary". + Closes #247. + - Update some more documentation files and source code comments. + - Platforms.txt: Add and update systems. + + ngIRCd 25~rc1 (2018-08-11) + - Update config.guess (2018-03-08) and config.sub (2018-03-08) files. + - Correctly retry to establish an outgoing connections when forking of the + resolver sub-process failed (for example because of lack of free memory). + Until now, such a connection was never retried once this error was hit. + Thanks to Robert Obermeier for reporting this bug! + Closes #243. + - Fix a "use after free" bug which can be triggered on a newly established + connection when the daemon handles an ERROR command received from the peer + during client login. Thanks a lot to Joseph Bisch + for discovering and reporting this issue! + - Only send TOPIC updates to a channel when the topic actually changed: + This prevents the channel from becoming flooded by unnecessary TOPIC update + messages, that can happen when IRC services try to enforce a certain topic + but which is already set (at least on the local server), for example. + Therefore still forward it to all servers, but don't inform local clients + (still update setter and timestamp information, though). + - Update Xcode project for latest Xcode version (9.2). This includes adding + missing and deleting obsolete file references. + - Handle user mode "C" ("Only users that share a channel are allowed to send + messages") like user mode "b" ("block private messages and notices"): allow + messages from servers, services, and IRC Operators, too. Change proposed by + "wowaname" back in 2015 in #ngircd, thanks! + - Fix some compiler warnings. + - Add contrib/ngircd.logcheck: Some sample logcheck(8) rules. + - Allow IRC Ops and remote servers to KILL service clients: such clients + behave like regular users, therefore IRC operators and servers should be + able to KILL them: for example to resolve nick collisions. + Closes #242. + - Don't forward KILLs to other servers if they've been blocked locally: + This prevents clients from killing IRC services, for example. + Closes #238 and #239. + - Fix a cross-compiler issue related to the Get_Error() function. + Closes #240 and #241. + - Update ./doc/Services.txt, enhance configuration examples. + +ngIRCd 24 (2017-01-20) + + - Make sure that ./contrib/platformtest.sh aborts when ./autogen.sh fails. + - Update config.guess (2016-10-02) and config.sub (2016-11-04) files. + - Build Debian packages with OpenSSL instead of GnuTLS: OpenSSL allows + to reload used certificates on runtime for example (which is very + useful when using Let's Encrypt), and therefore is preferred. And + explicitly specify the "source format". + - Fix handling of connection pool allocation and enlargement: up to now, + the daemon only enlarged its connection pool when accepting new incoming + client or server connections, not when establishing new outgoing server + links, which could lead to problems when hitting the configured limit, + see "MaxConnections". Thanks to Lukas Braun (k00mi) for reporting this! + Closes #231. + + ngIRCd 24~rc1 (2017-01-07) + - Enhance systemd service file, and install it in Debian package. + - Update configuration of Debian package. + - Log privilege violations and failed OPER request with log level "error" + and send it to the "&SERVER" channel, too. + - Immediately shut down connection when receiving an "ERROR" command, + don't wait for the peer to close the connection. This allows the daemon + to forward the received "ERROR" message in the network, instead of the + very generic "client closed connection" message. + - Fix sending of entry duration (no negative values!) when synchronizing + "x-lines" (G-LINES). + - List expiration (G-LINES): use same log level as when setting, and log + this event to the &SERVER channel, too. + - Explicitly forbid remote servers to modify "x-lines" (G-LINES) when the + "AllowRemoteOper" configuration option isn't set, even when the command + seems to originate from the remote server itself: this prevents GLINE's + to become set during server handshake in this case (what wouldn't be + possible during regular runtime when a remote IRC Op sends the command) + and what can't be undone by IRC Ops later on (because of the missing + "AllowRemoteOper" option) ... + - Make scripts and init-files in ./contrib executable. + - Fix building ngIRCd with OpenSSL 1.1. Thanks to Christoph Biedl + for the patch! + - Fix code indentation warnings of gcc 6.2. + - Update config.guess (2016-04-02) and config.sub (2016-03-30) files. + - Fix warnings of the "shellcheck" linter in autogen.sh, contrib/ngindent + and contrib/platformtest.sh. + - Update Xcode project for latest Xcode version (8.0), and fix "duplicate + symbols" error messages when building (linking) the binary. + - Add "Documentation" variables to systemd configuration files. + - Make sure that SYSCONFDIR is always set, which can be handy when + using source code linters when ./configure hasn't been run already. + - Add the new "PAMServiceName" configuration option to specify the name + used as PAM service name. This setting allows to run multiple ngIRCd + instances with different PAM configurations for each instance. + Thanks to Christian Aistleitner for the + patch, closes #226. + - Add an ".editorconfig" file to the project. + - Travis-CI: use "container-based infrastructure". + - Limit the number of message targets, and suppress duplicates: This + prevents an user from flooding the server using commands like this: + "PRIVMSG nick1,nick1,nick1,...". + Duplicate targets are suppressed silently (channels and clients). + In addition, the maximum number of targets per PRIVMSG, NOTICE, ... + command are limited to MAX_HNDL_TARGETS (25). If there are more, the + daemon sends the new 407 (ERR_TOOMANYTARGETS_MSG) numeric, containing + the first target that hasn't been handled any more. Closes #187. + - Test suite: Add new test for server-server logins. + - contrib/ngindent: Fix shebang line. + - Make contrib/platformtest.sh script more portable, and only show + "runs=Y" when the test suite really has been passed successfully. + - Code cleanup in the NJOIN handler and the function killing clients as + well as the function sending messages to a "mask" (cleaner code, more + fault tolerant, better code comments). + - Update and enhance documentation: README file, doc/Platforms.txt, + doc/Modes.txt, doc/Commands.txt, doc/PAM.txt. + - Fix NJOIN not propagating "half ops" status: ngIRCd tested for the wrong + prefix of "half ops" when processing NJOIN commands and therefore never + classified a remote user as "half op". + Thanks to wowaname for pointing this out on #ngircd! + +ngIRCd 23 (2015-11-16) + + - Explicitly cast time_t to long when printing it out: this prevents + wrong sized data types on platforms where time_t doesn't equal a + long any more, for example on OpenBSD (which would result in garbled + output on those platforms). + - contrib/Debian/changelog: Fix email address. + - Documentation: Spelling fixes; update doc/Platforms.txt. + + ngIRCd 23~rc1 (2015-09-06) + - Add ".clang_complete" file, which is used by the "linter-clang" package + of the Atom editor, for example. + - Make server-to-server protocol more robust: ngIRCd now catches more + errors on the server-to-server (S2S) protocol that could crash the + daemon before. This hasn't been a real problem because the IRC S2S + protocol is "trusted" by design, but the behavior is much better now. + Thanks to wowaname on #ngircd for pointing this out! + - Make platformtest.sh, autogen.sh, and ngircd.init more portable. + - Enables "reproducible builds" for ngIRCd: Use the optional BIRTHTIME + constant while building ngIRCd, which contains a time stamp for the + "Birth Date" information, in seconds since the epoch. + See . + - Update "contrib/ngircd.service" file for systemd. + - INSTALL: Add deprecation notice for "PredefChannelsOnly" variable. + - Use "NOTICE *" before registration instead of "NOTICE AUTH". "AUTH" is + a valid nickname so sending notices to it is probably not a good idea. + Use "*" as the target instead as done with numerics when the nick is not + available. This mimics the behavior in Charybdis, IRCD-Hybrid, InspIRCd + 2.2, Plexus 4, etc. Closes #217. + The "NoticeAuth" configuration variable (ngircd.conf) has been renamed + to "NoticeBeforeRegistration" accordingly, but the old name is still + supported for compatibility reasons. + - Implement new channel mode "N" (regular users can't change their nick + name while on this channel). Closes #214. + - README, AUTHORS: Update mailing list and issue tracker URLs. + - Remove doc/GIT.txt (it is outdated), update doc/Contributing.txt: + ngIRCd uses GitHub, and Git itself is quite common today. So don't + include an own Git "mini HowTo" any longer. + - Specify session context for OpenSSL clients. This enables some OpenSSL + clients, including Pidgin and stunnel 5.06, to reuse a session. + Patch by Tom Ryder , thanks! Closes #182. + - Keep track of who placed bans, invites, and excepts. + Idea and implementation by LucentW, Thanks! Closes #203. + - Make setgroups(3) function optional: For example, Interix is missing + this function, which prevented ngIRCd to build on this platform. When + setgroups(3) isn't available, a warning message is issued on startup. + - Implement numeric RPL_LISTSTART(321). lightIRC and other clients + expecting RPL_LISTSTART should now behave correctly. + Idea and implementation by LucentW, Thanks! Closes #207. + - Update ngircd.conf.5: "CloakUserToNick" hides user _and_ real name. + This closes #208. + - Fix case insensitive pattern matching: Up to now, only the input + string became lowercased and was then compared to the pattern -- which + failed when the pattern itself wasn't all lowercase! + - Streamline the effect of "MorePrivacy" option: Update documentation + in ngircd.conf(5); don't hide channels for IRC Ops on LIST and don't + hide IP addresses/hostnames on WHOIS when "MorePrivacy" is in effect. + This closes #198. + - IRC operators now can kick anyone when "OperCanMode" is set. + Idea and implementation by LucentW, Thanks! Closes #202. + - Implement user mode "I": Hide channels on WHOIS: this mode prevents + ngIRCd from showing channels on WHOIS (IRC Operators can always see + the channel list). + Idea and implementation by LucentW, Thanks! Closes #197. + - INVITE command: Implement ERR_USERNOTONSERV(504) numeric and make sure + that the target user is on the same server when inviting other users + to local ("&") channels. + Idea by Cahata, thanks! Closes #183. + - INVITE command: Enforce 1 second penalty time, which prevents flooding + of the target client. + This closes #186. Reported by Cahata, thanks! + - MODE command: Always report channel creation time. Up to now when + receiving a MODE command, ngIRCd only reported the channel creation + time to clients that were members of the channel. This patch reports + the channel creation time to all clients, regardless if they are joined + to that channel or not. At least ircd-seven behaves like this. + This closes #188. Reported by Cahata, thanks! + - Update Xcode project for latest Xcode version (6.3). ngIRCd 22.1 (2015-04-06) @@ -334,7 +898,7 @@ ngIRCd 20.3 (2013-08-23) ngIRCd 20.2 (2013-02-15) - Security: Fix a denial of service bug in the function handling KICK - commands that could be used by arbitrary users to to crash the daemon + commands that could be used by arbitrary users to crash the daemon (CVE-2013-1747). - WHO command: Use the currently "displayed hostname" (which can be cloaked!) for hostname matching, not the real one. In other words: don't display all @@ -558,7 +1122,7 @@ ngIRCd 19.2 (2012-06-19) "CC=xxx MAKE=yyy ./platformtest.sh" calling convention. - Add instructions for setting up Atheme IRC services. - Implement support for IRC capability handling, the new "CAP" command, - and capablity "multi-prefix" which allows both the NAME and WHO command + and capability "multi-prefix" which allows both the NAME and WHO command handlers to return more than one "class prefix" to the client. - Update Xcode project files: reference missing documentation files. - Fix: Don't ignore "permission denied" errors when enabling chroot. @@ -858,7 +1422,7 @@ ngIRCd 17 (2010-11-07) - contrib/platformtest.sh: make command name quoting consistent ngIRCd 17~rc3 (2010-10-27) - - Xcode builds: detect version number correctly, updateed project file + - Xcode builds: detect version number correctly, updated project file to use the Mac OS X 10.5.x SDK, disable pam_fail_delay() because it is only available starting with Mac OS X 10.6, and generate a default PAM configuration for the Mac OS X Installer.app package of ngIRCd. @@ -870,7 +1434,7 @@ ngIRCd 17 (2010-11-07) ngIRCd 17~rc2 (2010-10-25) - ZeroConf: include header files missing since commit a988bbc86a. - Generate ngIRCd version number from GIT tag. - - Make sourcecode compatible with ansi2knr again. This allows to compile + - Make source code compatible with ansi2knr again. This allows to compile ngIRCd using a pre-ANSI K&R C compiler again. - ./configure: check if C compiler can compile ISO Standard C. - ./configure: check support for C prototypes again. @@ -886,7 +1450,7 @@ ngIRCd 17 (2010-11-07) Howl, Avahi or on Mac OS X). - New configuration option "SyslogFacility" to define the syslog "facility" (the "target"), to which ngIRCd should send its log messages. - Possible values are system dependant, but most probably "auth", "daemon", + Possible values are system dependent, but most probably "auth", "daemon", "user" and "local1" through "local7" are possible values; see syslog(3). Default is "local5" for historical reasons. - Dump the "internal server state" (configured servers, established @@ -907,7 +1471,7 @@ ngIRCd 17 (2010-11-07) - Make configure switch "--docdir" work (closes: #108). - Reformat and update FAQ.txt a little bit. - INSTALL: mention SSL, IPv6, and changed handling of MotdFile. - - Change MOTD file handling: ngIRCd now caches the contens of the MOTD + - Change MOTD file handling: ngIRCd now caches the contents of the MOTD file, so the daemon now requires a HUP signal or REHASH command to re-read the MOTD file when its content changed. - Startup: open /dev/null before chroot'ing the daemon. @@ -943,14 +1507,14 @@ ngIRCd 16 (2010-05-02) - Include netinet/{in.h, in_systm.h} when checking for netinet/ip.h - Only include if it exists - Updated doc/Platforms.txt - - Enhace connection statistics counters: display total number of served + - Enhance connection statistics counters: display total number of served connections on daemon shutdown and when a new client connects using the new numeric RPL_STATSCONN (250). ngIRCd 16~rc1 (2010-03-25) - Various fixes to the build system and code cleanups. - contrib/platformtest.sh: Only show latest commit. - - Updatet doc/Platforms.txt, added new README-Interix.txt documenting + - Updated doc/Platforms.txt, added new README-Interix.txt documenting how to tun ngIRCd on Microsoft Services for UNIX (MS SFU, MS SUA). - Updated links to the ngIRCd homepage (bug tracker, mailing list). - Added missing modes to USERMODES #define @@ -978,7 +1542,7 @@ ngIRCd 15 (2009-11-07) ngIRCd 15~rc1 (2009-10-15) - Do not add default listening port (6667) if SSL ports were specified, so ngIRCd can be configured to only accept SSL-encrypted connections now. - - Enable IRC operators to use the IRC command SQUIT (insted of the already + - Enable IRC operators to use the IRC command SQUIT (instead of the already implemented but non-standard DISCONNECT command). - New configuration option "AllowRemoteOper" (disabled by default) that enables remote IRC operators to use the IRC commands SQUIT and CONNECT @@ -1032,7 +1596,7 @@ ngIRCd 14 (2009-04-20) - Fix memory leak when a encrypted and compressed server link goes down. (closes bug #95, reported by Christoph, fiesh@fiesh.homeip.net) - Fix handling of channels containing dots. - (closes ug #93, reported by Gonosz Csiga) + (closes bug #93, reported by Gonosz Csiga) ngIRCd 13 (2008-12-25) @@ -1262,7 +1826,7 @@ ngIRCd 0.9.0 (2005-07-24) - Fixed ./configure test for TCP Wrappers: now it runs on Mac OS X as well. - Enhanced configure script: now you can pass an (optional) search path to all --with-XXX parameters, e. g. "--with-ident=/opt/ident". - - Removed typedefs for the native C datatypes. + - Removed typedefs for the native C data types. Use stdbool.h / inttypes.h if available. - New configuration option "OperServerMode" to enable a workaround needed when running an network with ircd2 servers and "OperCanUseMode" enabled @@ -1443,7 +2007,7 @@ ngIRCd 0.7.0 (2003-05-01) to add a new server (ngIRCd tries to connect new servers only once!). - Added DISCONNECT command ("DISCONNECT ") to disable servers. - Restructured the documentation: Now the main language is English. The - german documentation has been removed (until there is a maintainer). + German documentation has been removed (until there is a maintainer). - Enhanced killing of users caused by a nickname collision. - Better error detection for status code ("numerics") forwarding. - Moved tool functions to own library: "libngtool". @@ -1484,7 +2048,7 @@ ngIRCd 0.6.1 (2003-01-21) member when changing his channel user modes which could crash ngIRCd. -Older changes (sorry, only available in german language): +Older changes (sorry, only available in German language): ngIRCd 0.6.0, 24.12.2002