-
Notifications
You must be signed in to change notification settings - Fork 71
/
Copy pathChangeLog
2408 lines (2240 loc) · 138 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
ngIRCd - Next Generation IRC Server
http://ngircd.barton.de/
(c)2001-2024 Alexander Barton and Contributors.
ngIRCd is free software and published under the
terms of the GNU General Public License.
-- ChangeLog --
ngIRCd 27 (2024-04-26)
- Update ChangeLog, NEWS, AUTHORS.md & doc/Platforms.txt for ngIRCd 27.
- Clarify in the sample configuration file and the ngircd.conf(5) manual
page that the "CAFile" option is unset by default.
- Fix channel symbol returned in the RPL_NAMREPLY(353) numeric of NAMES
commands for secret (mode +s) channels: this should be "@", not "=".
Thanks Val Lorentz <progval+git@progval.net> for the patch!
Closes #313.
- Add an example filter file for "Fail2Ban": contrib/ngircd-fail2ban.conf.
- Don't abort startup when setgid/setuid() fails with EINVAL: Both setgid(2)
as well as setuid(2) can fail with EINVAL in addition to EPERM, their
manual pages state "EINVAL: The user/group ID specified in uid/gid is not
valid in this user namespace ". So not only treat EPERM as an "acceptable
error" and continue with logging the error, but do the same for EINVAL.
This was triggered by the Void Linux xbps-uunshare(1) tool used for
building "XBPS source packages" and reported by luca in #ngircd. Thanks!
- Test suite: Don't use "pgrep -u" when LOGNAME and USER are not set
Thanks for reporting this on IRC, luca!
ngIRCd 27~rc1 (2024-04-13)
- Validate certificates on server links. Up to now, ngIRCd optionally used
SSL/TLS encrypted server-server links but never checked and validated any
certificates. Now ngIRCd validates SSL/TLS certificates on outgoing
server-server links by default and drops(!) connections when the remote
certificate is invalid (for example self-signed, expired, not matching the
host name, ...). Therefore you have to make sure that all relevant
*certificates are valid* (or to disable certificate validation on this
connection using the new `SSLVerify = false` setting in the affected
`[Server]` block, where the remote certificate is not valid and you can not
fix this issue).
The original patch for OpenSSL dates back to 2009 and was written by Florian
Westphal and was extended for GnuTLS in 2014 by Christoph Biedl. But it took
us another 10 years to bring it to life ... oh my! Many thanks to both
Florian and Christoph!
Closes #120.
- Add support for the "sd_notify" protocol of systemd(8): Periodically
"ping" the service manager (every 3 seconds) and set a status message
showing current connection statistics which then is included in "systemctl
status ngircd.service" output. In addition, this enables using the
systemd(8) watchdog functionality ("WatchdogSec") for the "ngircd.service"
unit and allows it to use the "notify" service type, which results in
better status tracking by the service manager.
- Try to set file descriptor limit to its maximum and show info on startup:
The number of possible parallel connections is limited by the file
descriptor limit of the process (among other things). Therefore try to
upgrade the current "soft" limit to its "hard" maximum (but limited to
100000 instead of "infinite"), and show an information or even warning when
the limit is still less than the configured "MaxConnections" setting. Please
note that ngIRCd and its linked libraries (like PAM) need file descriptors
not only for incoming and outgoing IRC connections, but for reading files
and inter-process communication, too! Therefore the actual connection limit
is less(!) than the file descriptor limit!
- Update and fix the logcheck(8) rules file.
- METADATA: Fix unsetting the "cloakhost" hostname, which did not result in
the original hostname being restored, but actually resulted in an empty
string being used as the client hostname -- which is a protocol violation.
- Update the "rpm" make target to use the rpmbuild(8) command.
- Add a "Docker file" (contrib/Dockerfile) and corresponding documentation
(doc/Container.md) to the project. The resulting container is based on the
latest Debian "stable-slim" container and built using a "build container".
- Remove outdated, unsupported and broken support for splint(1).
- Don't show the default config file name on config errors: The configuration
can be set in drop-in files in the include directory, too, so it is not
clear in which file it is actually missing.
- No longer use a default built-in value for the "IncludeDir" directive when
a configuration file was explicitly specified on the command line using
"--config"/"-f": This way no default include directory is scanned when a
possibly non-default configuration file is used which (intentionally) did
not specify an "IncludeDir" directive. So now you can use "-f /dev/null"
for checking all built-in defaults, regardless of any local configuration
files in the default drop-in directory (which would have been read in
until this change).
- No longer log channel keys ("passwords") for predefined channels.
- The server "Name" in the "[Global]" section of the configuration file no
longer needs to be set: When not set (or empty), ngIRCd now tries to
deduce a valid IRC server name from the local host name ("node name"),
possibly adding a ".host" extension when the host name does not contain a
dot (".") which is required in an IRC server name ("ID").
This new behavior, with all configuration parameters now being optional,
allows running ngIRCd without any configuration file at all.
- Silence some compiler warnings.
- autogen.sh: Prefer automake 1.11 over other releases because this is the
last release supporting "de-ANSI-fication" using the included ansi2knr tool.
And because we _want_ to support old K&R platforms, we try hard to use this
release of automake when available to generate our build system.
Note: This is only relevant for you if you are building from Git sources.
- Autodetect support for IPv6 by default: Until now, IPv6 support was disabled
by default, which seems a bit outdated in 2024. Note: You still can pass
"--enable-ipv6"/"--disable-ipv6" to the ./configure script to forcefully
activate or deactivate IPv6 support.
- Do IDENT requests even when DNS lookups are disabled: Up to now disabling
DNS in the configuration disabled IDENT lookups as well (for no good
reason). Now you can activate/deactivate DNS lookups and IDENT requests
completely separately. Thanks for reporting this, Miniontoby!
Closes #291.
- Update config.guess (2023-08-22) and config.sub (2023-09-19) files.
- Fix Channel Admins being able to to set Channel Owner status! "Sarah"
reported this back in April 2021 and proposed a patch, thanks a lot!
- Test suite: Update for OpenSSL 3.x, some command outputs changed, clean up
shell scripts and make the getpid.sh script more robust.
- Allow SSL client-only configurations without keys/certificates: You don't
need to configure certificates/keys as long as you don't configure
SSL-enabled listening ports. This can make sense when you want to only link
your local daemon to an uplink server using SSL and only have clients on
your local host or in your fully trusted network, where SSL is not required.
- Remove the unmaintained contrib/MacOSX/ folder: this includes the Xcode
project as well as the outdated macOS "Package Maker" configuration. The
sample launchd(8) configuration properties list file was moved to
"contrib/de.barton.ngircd.plist" and kept.
- Fix showing the "Ident" option in "--configtest" output which was never
shown because of a coding error. Whoops!
- Change GnuTLS "slot handling" messages to debug level: Those messages are
about an internal implementation detail, not relevant for an administrator
of ngIRCd.
- Enlarge buffer for log messages: For example, SSL/TLS certificate
information can easily get longer than 256 characters. So enlarge the log
buffer to 1 KB to avoid cutting off relevant information.
- Respect "SSLConnect" option for incoming connections and do not accept
incoming plain-text ("non SSL") server connections for servers configured
with "SSLConnect" enabled. This change prevents an authenticated
client-server being able to force the server-server to send its password
on a plain-text connection when SSL/TLS was intended.
- Always try to close a connection with errors immediately, but try hard
to avoid too much recursion. Without this patch, an outgoing server
connection could get stuck in an "endless" state trying to write out data
over and over again.
- Add "hopm.service" to "Wants" and "Before" dependencies in the sample
systemd unit file (Hopm is the successor of Bopm).
- Update Debian package configuration using current "dh_make", package
dependencies and build rules. And no longer build 3 different versions,
only build "ngircd" which now includes support for IDENT, PAM (disabled in
the ngircd.conf installed by the package), SSL (OpenSSL), ZLib and IPv6.
- Return ERR_NOTEXTTOSEND on empty PRIVMSG content, which matches the
behavior of other servers.
- Add a new option "Autojoin" to [Channel] blocks: When it is set, ngIRCd
automatically joins all local users to this channel on connect. Note: The
users must have permissions to access the channel, otherwise joining them
will fail!
Thanks Ivan Agarkov <i_agarkov@wargaming.net> for the initial patch!
- Hide invisible (+i) users on "WHOIS <pattern>": Let's behave like most(?)
other IRC daemons (at least ircd2.11) and hide all +i users when WHOIS is
used with a pattern. Otherwise privacy of this users is not guaranteed and
the +i mode a bit useless ...
Reported by Cahata on #ngircd, thanks!
- Update the final "closing connection" message: Add some more information
like nick name, user name, host name and bring it in line with some other
implementations (at least ircd2.11 and Hybrid).
- Fix RPL_INVITING message: All numeric replies must originate from an IRC
server, never from a client. Thanks "tommyrot" for reporting this!
Closes #307.
- Enhance some log messages, for example for errors when accepting new
connections.
- Make the debug log level ("--debug"/-"d" command line option) always
available, not only when ./configure'd with "--enable-debug": the latter
now only enables additional checks (like the tests done using assert(2))
and is signalled by adding "+DEBUG" to the version "feature string". This
change enables everyone to get even more detailed logging when required.
- Always report an error when a parameter is missing in a channel "MODE +k"
or "MODE +l" command, and better validate their parameters: return the new
numeric ERR_INVALIDMODEPARAM_MSG(696) on errors.
Thanks Val Lorentz for reporting this!
Closes #290.
- Allow IRC Operators to use the WHO command on any channel.
- Add configuration for "ngIRCd CI" GitHub Action, no longer use Travis-CI.
- Send the NAMES list and channel topic to users "forcefully" joined to a
channel using NJOIN, like they joined on their own using JOIN, and
streamline the order of NAMES list and channel topic messages.
Closes #288.
- Fix (invalid) error messages when setting modes on local channels which
are defined in the configuration file.
- Fix handling of G-Lines/K-Lines with cloaked host names.
- Streamline logging of debug messages.
- Added a new command line option "-y"/"--syslog", with which logging to
syslog can be activated/deactivated separately from running on the console
(using "--nodaemon") or in the background.
Thanks Katherine Peeters for the patch and pull request!
Closes #294.
- Fix a possible race condition while introducing new clients in the network.
- Update, enhance and extend our documentation in README.md, INSTALL.md,
doc/HowToRelease.txt and the manual pages ngircd(8) and ngircd.conf(5), add
a new doc/QuickStart.md document, and convert some more documentation files
to Markdown (AUTHORS.md, contrib/README.md, doc/FAQ.md, doc/SSL.md).
ngIRCd 26.1 (2021-01-02)
- Fix a "format string" compiler warning (detected on OpenBSD).
- No longer set "AI_ADDRCONFIG" when resolving host names, even when it
exists: with this option set, on an IPv6-only host, we prevent 127.0.0.1
to get translated properly, even when the loopback interface has this
address configured! And as the test suite uses 127.0.0.1, it was broken
on IPv6-only hosts.
The drawback is that the resolver possibly returns more addresses now,
even of an unsupported/not connected address family; but this shouldn't
do much harm in practice, as ngIRCd iterates over all returned addresses
while trying to establish an outgoing connection.
Closes #281.
- Revert "Show allowed channel types in ISUPPORT(005) numeric only", which
was introduced in 26~rc1: This lead to some IRC clients assuming "oh, no
channel prefix characters at all, so no channels at all, so no PRIVMSG can
go to any channel" when "AllowedChannelTypes" was set to the empty string
("") -- which is not the case when there are pre-defined channel set up or
other servers still having channels!
So "allowed channel types" != "supported channel types", and we always have
to list all supported ones in the ISUPPORT(005) numeric!
Closes #285.
- Test suite: Wait 2 seconds after reloading the daemon, which is required
because on reload, all listening ports are closed, configuration updated,
and then opened again. This lead to subsequent tests running while the
daemon isn't listening on any ports, and that's why some tests could fail.
Closes #280.
- platformtest.sh: Try to mangle CLang name more intelligently.
- Documentation: Fixed URLs of Atheme IRC services, updated all mentions
from CVS to Git, and updated Platforms.txt -- Oh, and it is 2021 now! ;-)
ngIRCd 26 (2020-06-20)
ngIRCd 26~rc2 (2020-06-11)
- Add AppStream metadata file (contrib/de.barton.ngircd.metainfo.xml).
- Don't send invalid CHANINFO commands when a channel has mode +k set but no
key is known to the server. This can happen with a misconfigured predefined
channel, for example, and looked like this: "CHANINFO #test +Pk 0 :" --
note the unset key represented by the two spaces. Fix this by sending a
"*" in this case and update the CHANINFO documentation, too.
- ngircd.spec: Fix names of README.md and INSTALL.md, add ".md" extension.
- Update description texts in the README.md file, the RPM and Debian package
files and the manual page: bring them in line with the updated homepage.
- Server-Server protocol: Fix use-after-free when unregistering a directly
connected server sending a SQUIT for itself.
- Server-Server protocol: Detect bogus SERVER commands lacking a prefix.
Thanks Hilko Bengen (hillu) for finding & reporting this as well for the
patch & pull request (even if fixed differently).
Closes #275.
- Fix the PING-PONG logic: In ngIRCd 26~rc1 this was completely broken (while
trying to fix timeouts during server handshakes in bigger networks): the
daemon never disconnected any stale peers but kept sending out PINGs over
and over again ...
- Test suite: Add missing files needed to test SSL support to "EXTRA_DIST",
so that they are included in distribution archives: in rc1, "make check"
fails when using sources from an archive and enabling SSL support.
Thanks to Hilko Bengen <bengen@hilluzination.de> for the patch!
ngIRCd 26~rc1 (2020-05-10)
- Tweak & update doc/HowToRelease.txt, .mailmap and AUTHORS files.
- Allow up to 512 characters per line in MOTD and help text files (but keep
in mind that lines can't get that long, because they have to be prefixed
before being sent to the client). But this allows for more fancy MOTDs :-)
Closes #271.
- Show the actually allowed channel types in the ISUPPORT(005) numeric which
are configured by the "AllowedChannelTypes" configuration variable.
Closes #273.
- Handle commands in the read buffer before reading more data and don't wait
for the network in this case: If there are more bytes in the read buffer
already than a single valid IRC command can get long (513 bytes), wait for
this/those command(s) to be handled first and don't try to read even more
data from the network (which most probably would overflow the read buffer
of this connection soon).
- Update Travis-CI configuration, "sudo" is deprecated.
- Log G-/K-Line changes only when not initiated by a server: this prevents
the log from becoming spammed during "net bursts".
- Update test suite to include SSL tests, including checking for reloading
certificates during runtime.
- Makefile.am: Replace "make" with "${MAKE}". This fixes warnings like this:
"warning: jobserver unavailable: using -j1. Add `+' to parent make rule."
Thanks to Sam James (sam_c) <sam@cmpct.info>!
Closes #270.
- Add support for GnuTLS certificate reload, which is quite handy when using
Let's Encrypt, for example. Until now this was only supported when linked
with OpenSSL. Thanks a lot, Hilko Bengen <bengen@hilluzination.de>!
- Remove deprecated legacy configuration options and related functions that
have been marked for removal for quite some time:
- PredefChannelsOnly (v22)
- NoticeAuth (v24)
- NoXXX (v19)
- Old '[GLOBAL]' section handling (v19)
Thanks to Michi <michi+ngircd@dataswamp.org> for the patch!
- Fix recursion bug on write errors: Depending on the stack size, too many
clients on the same channel quitting at the same time would trigger a crash
due to too many recursive calls to Conn_Close(). Thanks to Michi
<michi+ngircd@dataswamp.org> for the patch!
- Fix builds using GCC option -fno-common, which is the default starting with
GCC 10. Thanks to Michi <michi+ngircd@dataswamp.org> for the patch!
Closes #266.
- Convert INSTALL and README files to Markdown.
- Allow setting arbitrary channel modes in the configuration file by handling
them like in MODE commands, and allow multiple "Modes =" lines per [Channel]
section. Thanks to Michi <michi+ngircd@dataswamp.org>!
Closes #55.
- Add "FNC" (forced nick changes) to ISUPPORT(005) numeric. Most probably
this doesn't make any difference to any client, but it seems correct.
See <http://www.irc.org/tech_docs/005.html> for details.
- Reuse old SSL key if loading a new one failed.
- Remove outdated OpenBSD/NetBSD systrace.policy.
- Enhance handling of command line errors, and return with exit code 0 ("no
error") when "--help" or "--version" is used (which resulted in exit code 1,
"error" before). Exit with code 2 ("command line error") for all other
invalid command line options, and show the error message itself on stderr
(instead of stdout and exit code 1, "generic error", as before).
This new behavior is more in line with the GNU "coding standards",
see <https://www.gnu.org/prep/standards/html_node/_002d_002dhelp.html>.
- Fix and update Xcode project: Reference correct contrib/Makefile.am file,
correctly sort contrib/nglog.sh and add "ORGANIZATIONNAME" setting.
- contrib/ngindent.sh: Add more GNU indent options for better results, and
add the ".sh" suffix to bring this script in line with the others in the
contrib/ folder.
- Add ./contrib/nglog.sh: This script parses the log output of ngircd(8),
and colorizes the messages according to their log level. Example usage:
ngircd -f $PWD/doc/sample-ngircd.conf -np | ./contrib/nglog.sh
- Log received signals with their names using strsignal(3), when available.
- Make test suite compatible with Haiku OS.
- Fix host mask cloaking bug, don't cloak multiple times: Previously, each
server would cloak every user's host mask. The problem is that if a network
has more than one server, then a user's host mask would get cloaked twice.
This patch ensures that a server only cloaks the host mask if it has not yet
been cloaked (the period indicates it's still an IP address). Thanks to
JRMU <jrmu@lecturify.com> for the patch!
Closes #228.
- Enlarge buffers of info texts to 128 bytes. This includes:
- "Real name" of a client (4th filed of the USER command).
- Server info text ("Info" configuration option).
- Admin info texts and email address ("AdminInfo1", "AdminInfo2" and
"AdminEmail" configuration options).
- Network name ("Network" configuration option).
The limit was 64 bytes before ...
Closes #258.
- Streamline handling of invalid and unset server name: Don't exit during
runtime (REHASH command, HUP signal), because the server name can't be
changed in this case anyway and the new invalid name will be ignored.
- Fix and extend documentation: Fix some typos, fix syntax of LINKS and LIST
commands, whitespace and spelling fixes, update dependencies and add some
more information about IRCv3 support.
Thanks to Thanks Windree, Étienne Mollier <etienne.mollier@mailoo.org> and
Christoph Biedl <debian.axhn@manchmal.in-ulm.de>.
Closes #264.
- Slightly reorder startup steps, and enhance logging:
- Show name of configuration file at the beginning of start up.
- Add a message when ngIRCd is ready, including its host name.
- Show name of configuration file on REHASH (SIGHUP), too.
- Change level of "done message" to NOTICE, like "starting" & "ready".
- Initialize IO functions before channels, connections, clients, ...
- configure.ng: OpenSSL can depends on lz or latomic so use pkg-config to
find those dependencies and fallback to existing mechanism.
Closes #256.
- ngircd.conf.5: Fix wording as suggested by lintian.
ngIRCd 25 (2019-01-23)
- Fix documentation of MotdPhrase length, which actually is 126 characters:
update sample configuration file as well as the man page. Thanks to
shankari <shankari@eecs.berkeley.edu>.
Closes #254.
- Implement new configuration option "MaxPenaltyTime", which configures the
maximum penalty time increase in seconds, per penalty event. Set to -1 for
no limit (the default), 0 to disable penalties altogether. ngIRCd doesn't
use penalty increases higher than 2 seconds during normal operation, so
values higher than 1 rarely make sense.
Disabling (or reducing) penalties can greatly speed up "make check" runs
for example, see below, but are mostly a debugging feature and normally
not meant to be used on production systems!
Some example timings running "make check" from my macOS workstation:
- MaxPenaltyTime not set: 4:41,79s
- "MaxPenaltyTime = 1": 3:14,71s
- "MaxPenaltyTime = 0": 25,46s
Closes #249 and #251.
- Fix compilation without deprecated OpenSSL APIs. Thanks to Rosen Penev
<rosenp@gmail.com> for the patch!
Closes #252.
- Update Xcode project for latest Xcode version (10.0)
- Fix some compiler warnings of Apple Xcode/Clang
- Allow a 5th parameter in WEBIRC. Thanks to "ItsOnlyBinary".
Closes #247.
- Update some more documentation files and source code comments.
- Platforms.txt: Add and update systems.
ngIRCd 25~rc1 (2018-08-11)
- Update config.guess (2018-03-08) and config.sub (2018-03-08) files.
- Correctly retry to establish an outgoing connections when forking of the
resolver sub-process failed (for example because of lack of free memory).
Until now, such a connection was never retried once this error was hit.
Thanks to Robert Obermeier for reporting this bug!
Closes #243.
- Fix a "use after free" bug which can be triggered on a newly established
connection when the daemon handles an ERROR command received from the peer
during client login. Thanks a lot to Joseph Bisch <joseph.bisch@gmail.com>
for discovering and reporting this issue!
- Only send TOPIC updates to a channel when the topic actually changed:
This prevents the channel from becoming flooded by unnecessary TOPIC update
messages, that can happen when IRC services try to enforce a certain topic
but which is already set (at least on the local server), for example.
Therefore still forward it to all servers, but don't inform local clients
(still update setter and timestamp information, though).
- Update Xcode project for latest Xcode version (9.2). This includes adding
missing and deleting obsolete file references.
- Handle user mode "C" ("Only users that share a channel are allowed to send
messages") like user mode "b" ("block private messages and notices"): allow
messages from servers, services, and IRC Operators, too. Change proposed by
"wowaname" back in 2015 in #ngircd, thanks!
- Fix some compiler warnings.
- Add contrib/ngircd.logcheck: Some sample logcheck(8) rules.
- Allow IRC Ops and remote servers to KILL service clients: such clients
behave like regular users, therefore IRC operators and servers should be
able to KILL them: for example to resolve nick collisions.
Closes #242.
- Don't forward KILLs to other servers if they've been blocked locally:
This prevents clients from killing IRC services, for example.
Closes #238 and #239.
- Fix a cross-compiler issue related to the Get_Error() function.
Closes #240 and #241.
- Update ./doc/Services.txt, enhance configuration examples.
ngIRCd 24 (2017-01-20)
- Make sure that ./contrib/platformtest.sh aborts when ./autogen.sh fails.
- Update config.guess (2016-10-02) and config.sub (2016-11-04) files.
- Build Debian packages with OpenSSL instead of GnuTLS: OpenSSL allows
to reload used certificates on runtime for example (which is very
useful when using Let's Encrypt), and therefore is preferred. And
explicitly specify the "source format".
- Fix handling of connection pool allocation and enlargement: up to now,
the daemon only enlarged its connection pool when accepting new incoming
client or server connections, not when establishing new outgoing server
links, which could lead to problems when hitting the configured limit,
see "MaxConnections". Thanks to Lukas Braun (k00mi) for reporting this!
Closes #231.
ngIRCd 24~rc1 (2017-01-07)
- Enhance systemd service file, and install it in Debian package.
- Update configuration of Debian package.
- Log privilege violations and failed OPER request with log level "error"
and send it to the "&SERVER" channel, too.
- Immediately shut down connection when receiving an "ERROR" command,
don't wait for the peer to close the connection. This allows the daemon
to forward the received "ERROR" message in the network, instead of the
very generic "client closed connection" message.
- Fix sending of entry duration (no negative values!) when synchronizing
"x-lines" (G-LINES).
- List expiration (G-LINES): use same log level as when setting, and log
this event to the &SERVER channel, too.
- Explicitly forbid remote servers to modify "x-lines" (G-LINES) when the
"AllowRemoteOper" configuration option isn't set, even when the command
seems to originate from the remote server itself: this prevents GLINE's
to become set during server handshake in this case (what wouldn't be
possible during regular runtime when a remote IRC Op sends the command)
and what can't be undone by IRC Ops later on (because of the missing
"AllowRemoteOper" option) ...
- Make scripts and init-files in ./contrib executable.
- Fix building ngIRCd with OpenSSL 1.1. Thanks to Christoph Biedl
<ngircd.anoy@manchmal.in-ulm.de> for the patch!
- Fix code indentation warnings of gcc 6.2.
- Update config.guess (2016-04-02) and config.sub (2016-03-30) files.
- Fix warnings of the "shellcheck" linter in autogen.sh, contrib/ngindent
and contrib/platformtest.sh.
- Update Xcode project for latest Xcode version (8.0), and fix "duplicate
symbols" error messages when building (linking) the binary.
- Add "Documentation" variables to systemd configuration files.
- Make sure that SYSCONFDIR is always set, which can be handy when
using source code linters when ./configure hasn't been run already.
- Add the new "PAMServiceName" configuration option to specify the name
used as PAM service name. This setting allows to run multiple ngIRCd
instances with different PAM configurations for each instance.
Thanks to Christian Aistleitner <christian@quelltextlich.at> for the
patch, closes #226.
- Add an ".editorconfig" file to the project.
- Travis-CI: use "container-based infrastructure".
- Limit the number of message targets, and suppress duplicates: This
prevents an user from flooding the server using commands like this:
"PRIVMSG nick1,nick1,nick1,...".
Duplicate targets are suppressed silently (channels and clients).
In addition, the maximum number of targets per PRIVMSG, NOTICE, ...
command are limited to MAX_HNDL_TARGETS (25). If there are more, the
daemon sends the new 407 (ERR_TOOMANYTARGETS_MSG) numeric, containing
the first target that hasn't been handled any more. Closes #187.
- Test suite: Add new test for server-server logins.
- contrib/ngindent: Fix shebang line.
- Make contrib/platformtest.sh script more portable, and only show
"runs=Y" when the test suite really has been passed successfully.
- Code cleanup in the NJOIN handler and the function killing clients as
well as the function sending messages to a "mask" (cleaner code, more
fault tolerant, better code comments).
- Update and enhance documentation: README file, doc/Platforms.txt,
doc/Modes.txt, doc/Commands.txt, doc/PAM.txt.
- Fix NJOIN not propagating "half ops" status: ngIRCd tested for the wrong
prefix of "half ops" when processing NJOIN commands and therefore never
classified a remote user as "half op".
Thanks to wowaname for pointing this out on #ngircd!
ngIRCd 23 (2015-11-16)
- Explicitly cast time_t to long when printing it out: this prevents
wrong sized data types on platforms where time_t doesn't equal a
long any more, for example on OpenBSD (which would result in garbled
output on those platforms).
- contrib/Debian/changelog: Fix email address.
- Documentation: Spelling fixes; update doc/Platforms.txt.
ngIRCd 23~rc1 (2015-09-06)
- Add ".clang_complete" file, which is used by the "linter-clang" package
of the Atom editor, for example.
- Make server-to-server protocol more robust: ngIRCd now catches more
errors on the server-to-server (S2S) protocol that could crash the
daemon before. This hasn't been a real problem because the IRC S2S
protocol is "trusted" by design, but the behavior is much better now.
Thanks to wowaname on #ngircd for pointing this out!
- Make platformtest.sh, autogen.sh, and ngircd.init more portable.
- Enables "reproducible builds" for ngIRCd: Use the optional BIRTHTIME
constant while building ngIRCd, which contains a time stamp for the
"Birth Date" information, in seconds since the epoch.
See <https://wiki.debian.org/ReproducibleBuilds>.
- Update "contrib/ngircd.service" file for systemd.
- INSTALL: Add deprecation notice for "PredefChannelsOnly" variable.
- Use "NOTICE *" before registration instead of "NOTICE AUTH". "AUTH" is
a valid nickname so sending notices to it is probably not a good idea.
Use "*" as the target instead as done with numerics when the nick is not
available. This mimics the behavior in Charybdis, IRCD-Hybrid, InspIRCd
2.2, Plexus 4, etc. Closes #217.
The "NoticeAuth" configuration variable (ngircd.conf) has been renamed
to "NoticeBeforeRegistration" accordingly, but the old name is still
supported for compatibility reasons.
- Implement new channel mode "N" (regular users can't change their nick
name while on this channel). Closes #214.
- README, AUTHORS: Update mailing list and issue tracker URLs.
- Remove doc/GIT.txt (it is outdated), update doc/Contributing.txt:
ngIRCd uses GitHub, and Git itself is quite common today. So don't
include an own Git "mini HowTo" any longer.
- Specify session context for OpenSSL clients. This enables some OpenSSL
clients, including Pidgin and stunnel 5.06, to reuse a session.
Patch by Tom Ryder <tom@sanctum.geek.nz>, thanks! Closes #182.
- Keep track of who placed bans, invites, and excepts.
Idea and implementation by LucentW, Thanks! Closes #203.
- Make setgroups(3) function optional: For example, Interix is missing
this function, which prevented ngIRCd to build on this platform. When
setgroups(3) isn't available, a warning message is issued on startup.
- Implement numeric RPL_LISTSTART(321). lightIRC and other clients
expecting RPL_LISTSTART should now behave correctly.
Idea and implementation by LucentW, Thanks! Closes #207.
- Update ngircd.conf.5: "CloakUserToNick" hides user _and_ real name.
This closes #208.
- Fix case insensitive pattern matching: Up to now, only the input
string became lowercased and was then compared to the pattern -- which
failed when the pattern itself wasn't all lowercase!
- Streamline the effect of "MorePrivacy" option: Update documentation
in ngircd.conf(5); don't hide channels for IRC Ops on LIST and don't
hide IP addresses/hostnames on WHOIS when "MorePrivacy" is in effect.
This closes #198.
- IRC operators now can kick anyone when "OperCanMode" is set.
Idea and implementation by LucentW, Thanks! Closes #202.
- Implement user mode "I": Hide channels on WHOIS: this mode prevents
ngIRCd from showing channels on WHOIS (IRC Operators can always see
the channel list).
Idea and implementation by LucentW, Thanks! Closes #197.
- INVITE command: Implement ERR_USERNOTONSERV(504) numeric and make sure
that the target user is on the same server when inviting other users
to local ("&") channels.
Idea by Cahata, thanks! Closes #183.
- INVITE command: Enforce 1 second penalty time, which prevents flooding
of the target client.
This closes #186. Reported by Cahata, thanks!
- MODE command: Always report channel creation time. Up to now when
receiving a MODE command, ngIRCd only reported the channel creation
time to clients that were members of the channel. This patch reports
the channel creation time to all clients, regardless if they are joined
to that channel or not. At least ircd-seven behaves like this.
This closes #188. Reported by Cahata, thanks!
- Update Xcode project for latest Xcode version (6.3).
ngIRCd 22.1 (2015-04-06)
- Update doc/Platforms.txt and doc/FAQ.txt.
- Fix spelling of RPL_WHOISBOT message text.
- Don't send nick name as default PART reason: No other IRC daemon seems
to do this (today?). Closes #185.
Reported by Cahata in #ngircd, thanks!
- Fix "WHO #<chan>" showing invisible users and hiding all visible, the
logic was reversed! This bug has been introduced by commit c74115f2,
"Simplify mode checking on channels and users within a channel", ngIRCd
releases 21, 21.1, and 22 are affected :-( Problem reported by Cahata
in #ngircd, Thanks!
- Fix typo in src/testsuite/README
- Auth PING: Fix our information text for manual sending of "PONG". Up to
now, ngIRCd doesn't send a valid IRC command at all, oops!
- Auth PING: Fix internal time stamp conversion and don't send a prefix in
our PING command. The prefix confuses WeeChat, at least, which doesn't
send an appropriate PONG in the case ...
Debugging and patch by "wowaname" on #ngircd, thanks!
- Fix syntax of ERR_LISTFULL_MSG(478) numeric. Pointed out by "wowaname"
in #ngircd, thanks!
- Enhance debug messages while sending CHANINFO commands.
- Reset "last try" timer when enabling a passive server. This results in
a new connection attempt as soon as possible.
- Change log message for "Can't resolve address" and for IP address
forgeries.
- doc/HowToRelease.txt: Add note about the bug tracker.
- Update "CipherList" to not enable SSLv3 by default. Idea, initial patch,
and testing by Christoph Biedl <ngircd.anoy@manchmal.in-ulm.de>.
- Change ngIRCd test suite not to use DNS lookups: Different operating
systems do behave quite differently when doing DNS lookups, for example
"127.0.0.1" sometimes resolves to "localhost" and sometimes to
"localhost.localdomain" (for example OpenBSD). And other OS resolve
"localhost" to the real host name (for example Cygwin). So not using
DNS at all makes the test site much more portable.
ngIRCd 22 (2014-10-11)
- Match all list patterns case-insensitive: this affects the invite-,
ban-, and except lists, as well as G-Lines an K-Lines.
Problem pointed out by "wowaname" on #ngircd, thanks!
ngIRCd 22~rc1 (2014-09-29)
- Sync "except lists" between servers: Up to now, ban, invite, and G-Line
lists have been synced between servers while linking -- but obviously
nobody noticed that except list have been missing ever since. Until now.
Thanks to "j4jackj", who reported this issue in #ngircd.
- Allow longer user names (up to 63 characters) for authentication.
- Correctly check that a server has a valid hostname and port, thanks to
David Binderman <dcb314@hotmail.com> who reported this bug.
- Fix the function which generates complete "IRC masks" from user input,
don't destroy the source buffer and use all provided parts (nick, user,
host name). This fixes GLINEs/KLINEs from not working in some situations.
- Increase MAX_SERVERS from 16 to 64: There are installations out there
that would like to configure more than 16 links per server, so increase
this limit. Best would be to get rid of MAX_SERVERS altogether and make
if fully dynamic, but start with this quick and dirty hack ...
- Debian: Don't adjust path names that are correct by default and correctly
set and use "docdir".
- Update config.guess and config.sub to recent versions.
- Test suite/platformtest.sh: Detect when tests have been skipped.
- doc/Bopm.txt: Update "connregex" and "kline" for current ngIRCd.
- Allow "DefaultUserModes" to set all possible modes, including modes only
settable by IRC Operators.
- Spoofed prefixes: Really kill connection on non-server links.
- Implement user mode "F": "relaxed flood protection". Clients with mode
"F" set are allowed to rapidly send data to the daemon. This mode is only
settable by IRC Operators and can cause problems in the network -- so be
careful and only set it on "trusted" clients!
User mode "F" is used by Bahamut for this purpose, for example.
- Handle "throttling" in a single function: ngIRCd implements "command
throttling" and "bps throttling" (bytes per second). The states are
detected in different functions, Conn_Handler() and Read_Request(), but
handle the actual "throttling" in a common function: this enables us to
guarantee consistent behavior and to disable throttling for special
connections in only one place
- Use server password when PAM is compiled in but disabled.
- Streamline punctuation of log messages.
- Return ISUPPORT(005) numerics on "VERSION". This is how ircd-seven,
Charybdis, Hybrid, and InspIRCd behave, for example.
- configure: Only link "contrib/Debian" if it exists, which isn't the case
on "VPATH builds", for example.
- Show the account name in WHOIS. This uses the same numeric as Charybdis
and ircu families: WHOISLOGGEDIN(330).
- Pattern matching: Remove "range matching" in our pattern matching code
using the "[...]" syntax, because [ and ] are valid characters in nick
names and one has to quote them currently using the "\" character, which
is quite unexpected for users.
- platformtest.sh: New option "-x", don't regenerate build system and
allow using separate source and build trees.
- Test suite: explicitly enable glibc memory checking.
- Make "MODE -k" handling more robust and compatible, send "fake '*' key"
in all replies.
- Update configure.ng: ngIRCd requires GNU autoconf 2.61 for generating its
build system, so update the build system accordingly and implement all
changes that autoupdate(1) suggests: Update AC_PREREQ and AC_INIT, use
AC_LINK_IFELSE, AC_RUN_IFELSE, and AC_COMPILE_IFELSE, and remove
AC_TYPE_SIGNAL (we don't use RETSIGTYPE).
- portabtest: Actually test the functions snprintf(), strlcpy(), strlcat(),
and vsnprintf() for correctness, not only existence (which was quite
useless, because if they weren't available, the program could not have
been linked at all ...).
- Implement new configuration option "Network": it is used to set the
(completely optional) "network name", to which this instance of the
daemon belongs. When set, this name is used in the ISUPPORT(005) numeric
which is sent to all clients connecting to the server after logging in.
- Update doc/Platforms.txt.
- Various code cleanups, remove unused code, streamline error handling.
Remove all imp.h and exp.h header files, support non-standard vsnprintf()
return codes, and fix some K&R C portability issues. Streamline
DEBUG_ARRAY, DEBUG_BUFFER, DEBUG_IO, DEBUG_ZIP definitions.
- Increase penalty time to 10 seconds when handling OPER commands with an
invalid password.
ngIRCd 21.1 (2014-03-25)
- Don't ignore but use the server password when PAM is compiled in but
disabled. Thanks to Roy Sindre Norangshol <roy.sindre@norangshol.no>!
- doc/Platforms.txt: Update from master branch.
- Really kill connections that send "spoofed prefixes" on non-server links.
This fixes commit 6cbe1308 which only killed the connection when the
spoofed prefix itself belonged to a non-server client.
- CHARCONV command: Fix handling conversion errors, don't overwrite already
converted text!
- doc/Services.txt: Update information for Anope 2.x.
- Correctly use cloaked IRC masks on "INVITE nickname": The cloaked IRC mask
of a user is his visible mask, so the daemon has to use it for generating
the "one time" entries for the invite list of the given channel, and not
the "real" mask which will never match while the target client is "+x", and
even worse, will disclose the real mask on "MODE #channel +I" commands :-/
Bug reported by Cahata on #ngircd, thanks!
- configure: Only link "contrib/Debian" if it exists. This isn't the case on
"VPATH builds", for example.
- Use $(MKDIR_P) instead of $(mkinstalldirs) in Makefile's and test for
"mkdir -p" using AC_PROG_MKDIR_P in "configure".
- Fix configure script and "make check" for TCP Wrappers (problems spotted on
OpenBSD): add missing #include's and static variables, and add libwrap at
the end of the configure run because if libwrap becomes added earlier,
other tests may fail.
- configure: add support for the LDFLAGS_END and LIBS_END variables to add
linker flags and libraries at the end of the configure run (CFLAGS_END has
been implemented already).
- platformtest.sh and Makefile.am: Don't use "test -e", it isn't portable.
- Update Copyright notices for 2014 :-)
- Fix permanent {G|K}LINES (with a timeout of 0 seconds).
- WEBIRC: Don't set the hostname received by the WEBIRC command when DNS
lookups are disabled, but use the IP address instead.
Reported by Toni Spets <toni.spets@iki.fi>, thanks!
- Check for working getaddrinfo() function: At least AIX 4.3.3 and 5.1 have a
broken implementation of getaddrinfo() which doesn't handle "0" as numeric
service correctly. This patch adds a configure check for this case and
changes all calling functions to only use getaddrinfo() if it "works".
See <http://www.stacken.kth.se/lists/heimdal-discuss/2004-05/msg00059.html>
- Only use the unsetenv() function when it is available (AIX 4.3 doesn't
support it, for example).
- Make sure that the source code is still compatible with the "ansi2knr" tool
and builds using non-ANSI K&R C compilers. Tested with Apple C on A/UX.
- Fix building ngIRCd without support for ZLIB compression. Reported by
"der_baer" on #ngircd, thanks!
ngIRCd 21 (2013-10-30)
- ./contrib/Debian/ngircd.init: Make sure no stale PID file is left over
when (re-)starting ngIRCd.
- Change ./contrib/platformtest.sh and update ./doc/Platforms.txt to
allow user names up to 8 characters.
- Call arc4random_stir() in forked subprocesses, when available. This
is required by FreeBSD <10 and current NetBSD at least to correctly
initialize the "arc4" random number generator on these platforms.
- Update our own Debian package configuration and fix the default path
of the "HelpFile" of the "full" package variants.
ngIRCd 21~rc2 (2013-10-20)
- Report the correct configuration file name on configuration errors,
support longer configuration lines, and warn when lines are truncated.
- Use arc4random() function to generate "random" numbers, when available.
- platformtest.sh: Detect clang compiler, and clean up GIT source tree
before building (when possible).
- Update (date of) manual pages.
- Update "Upgrade Information" in INSTALL file, add more systems to
doc/Platforms.txt, and fix spelling in NEWS and ChangeLog files =:)
- Fix remaining compiler warnings on OpenBSD.
ngIRCd 21~rc1 (2013-10-05)
- Actually KILL clients on GLINE/KLINE. (Closes bug #156)
- Adjust log messages for invalid and spoofed prefixes, which cleans up
logging of commands related to already KILL'ed clients. And don't
forward KILL commands for (already) unknown clients any more to prevent
unnecessary duplicates.
- Add support to show all user links using the "STATS L" (uppercase)
command (restricted to IRC Operators).
- Fixed blocking of server reconnects in some error configurations.
- Don't ignore SSL-related errors during startup any more: abort startup
when SSL is requested by the configuration but can't be initialized and
don't continue only listening on plain text communication ports.
(Closes bug #163)
- Implement configurable SSL cipher list selection for GnuTLS and OpenSSL
using the new configuration option "CipherList". In addition, this
changes the defaults to more secure values: "HIGH:!aNULL:@STRENGTH" for
OpenSSL, and "SECURE128" for GnuTLS.
- Fix "TRACE": Correctly return ERR_NEEDMOREPARAMS(461) (which basically
is "syntax error") when there are too many parameters.
- Clean up lots of permission and parameter checks in functions handling
IRC commands; and more consistently add penalty times on errors.
- Fix error numeric of WHOIS when no nick name has been provided:
as per RFC it should be ERR_NONICKNAMEGIVEN(431).
- Only log "IDENT ... no result" messages when an IDENT looked took place
and didn't return any data, not when IDENT has been disabled.
- Show connection flag "s" (SSL) in RPL_TRACE{LINK|SERVER} messages: now
you can check if a server-to-server link is SSL-encrypted or not using
the IRC "TRACE" command.
- Correctly discard supplementary groups on server startup.
- Save client IP address text for "WebIRC" users and correctly display
it on WHOIS, for example. (Closes bug #159)
- Implement the new configuration option "DefaultUserModes" which lists
user modes that become automatically set on new local clients right
after login. Please note that only modes can be set that the client
could set on itself, so you can't set "a" (away) or "o" (IRC Op),
for example! User modes "i" (invisible) or "x" (cloaked) etc. are
"interesting", though. (Closes bug #160)
- Add support for the new METADATA "account" property, which allows
services to automatically identify users after netsplits and across
service restarts.
- Enforce "penalty times" on error conditions more consistently and in
more places. Now most error codes sent back from the IRC server to the
client should result in a 2 second "penalty".
- Implement a new configuration option "AllowedChannelTypes" that lists
all allowed channel types (channel prefixes) for newly created channels
on the local server. By default, all supported channel types are allowed.
If set to the empty string, local clients can't create new channels at
all, which equals the old "PredefChannelsOnly = yes" setting.
This change deprecates the "PredefChannelsOnly" variable, too, but it is
still supported and translated to the appropriate "AllowedChannelTypes"
setting. When the old "PredefChannelsOnly" variable is processed, a
warning message is logged. (Closes bug #152)
- Add support for "client certificate fingerprinting". When a client
passes an SSL certificate to the server, the "fingerprint" will be
forwarded in the network which enables IRC services to identify the
user using this certificate and not using passwords.
- IRC Operator names, as defined in ngircd.conf, are logged now when
handling successful OPER commands.
- Some error conditions while handling IRC commands, like "permission
denied" or "need more parameters", result in more penalty times.
- The numeric replies of some commands became split too early which
resulted in more numeric reply lines than necessary.
- Implement a new configuration option "IncludeDir" in the "[Options]"
section that can be used to specify a directory which can contain
further configuration files and configuration file snippets matching
the pattern "*.conf". These files are read in after the main server
configuration file ("ngircd.conf" by default) has been read in and
parsed. The default is "$SYSCONFDIR/ngircd.conf.d", so that it is
possible to adjust the configuration only by placing additional files
into this directory. (Closes bug #157)
- Fix use-after-free in the Lists_CheckReason() function, which is used
to check if a client is a member of a particular ban/invite/... list.
- Xcode: fix detection of host OS, vendor, and CPU type, and update
project settings for Xcode 5.
- OS X PackageMaker: use relative path names in project files and package
with correct file permissions (requires root privileges on "make").
- Add Travis-CI configuration file (".travis.yml") to project.
- Look for possible cloaked Masks in Lists. Users with +x user mode can
be banned with their cloaked hostname now.
- Don't read SSL client data before DNS resolver is finished which could
have resulted in discarding the resolved client hostname and IDENT
reply afterwards, because in some situations (timing dependent) the
NICK and USER commands could have already been read in from the client,
stored in the buffer, and been processed.
Thanks to Julian Brost for reporting the issue and testing, and to
Federico G. Schwindt <fgsch@lodoss.net> for helping to debug it!
- Increase password length limit to 64 characters. (Closes bug #154)
- doc/Services.txt: Update Anope status and URL.
- Clean up Xcode project file, remove outdated files, add missing ones.
- Update Doxygen configuration file.
- configure: search for iconv_open as well as libiconv_open, because
on some installations iconv_open() is actually libiconv_open().
iconv_open() is the glibc version while libiconv_open() is the
libiconv version, now both variants are supported. (Closes bug #151)
- ngIRCd now accepts user names including "@" characters, saves the
unmodified name for authentication but stores only the part in front
of the "@" character as "IRC user name". And the latter is how
ircd2.11, Bahamut, and irc-seven behave as well. (Closes bug #155)
- Lots of IRC "information functions" like ADMIN, INFO, ... now accept
server masks and names of connected users (in addition to server names)
for specifying the target server of the command. (Closes bug #153)
- Implement a new configuration option "IdleTimeout" in the "[Limits]"
section of the configuration file which can be used to set a timeout
in seconds after which the whole daemon will shutdown when no more
connections are left active after handling at least one client.
The default is 0, "never".
This can be useful for testing or when ngIRCd is started using "socket
activation" with systemd(8), for example.
- Implement support for systemd(8) "socket activation".
- contrib/README: add description for more files.
- Enable WHOIS to display information about IRC Services using the new
numeric 310(RPL_WHOISSERVICE) This numeric is used for this purpose by
InspIRCd, for example -- but as usual, other numerics are in use, too,
like 613 in UltimateIRCd ...
Please note that neither the Operator (+o) not the "bot status" (+B)
of an IRC service is displayed in the output.
- Exit message: use singular & plural :-)
- autogen.sh: Check for autoconf/automake wrapper scripts
- Add missing punctuation marks in log messages, adjust some severity
levels, and make SSL-related messages more readable.
- AUTHORS file: Update list of contributors.
- Update systemd(8) example configuration files in ./contrib/ directory:
the "ngircd.service" file now uses the "forking" service type which
enhances the log messages shown by "systemctl status ngircd.service",
and the new "ngircd.socket" file configures a systemd socket that
configures a socket for ngIRCd and launches the daemon on demand.
- Enhance help system and the HELP command: now a "help text file" can be
set using the new configuration option "HelpFile" ("global" section),
which is read in and parsed on server startup and configuration reload,
and then is used to output individual help texts to specific topics.
Please see the file ./doc/Commands.txt for details.
ngIRCd 20.3 (2013-08-23)
- Security: Fix a denial of service bug (server crash) which could happen
when the configuration option "NoticeAuth" is enabled (which is NOT the
default) and ngIRCd failed to send the "notice auth" messages to new
clients connecting to the server (CVE-2013-5580).
ngIRCd 20.2 (2013-02-15)
- Security: Fix a denial of service bug in the function handling KICK
commands that could be used by arbitrary users to crash the daemon
(CVE-2013-1747).
- WHO command: Use the currently "displayed hostname" (which can be cloaked!)
for hostname matching, not the real one. In other words: don't display all
the cloaked users on a specific real hostname!
- configure: The header file "netinet/in_systm.h" already is optional in
ngIRCd, so don't require it in the configure script. Now ngIRCd can be
built on Minix 3 again :-)
- Return better "Connection not registered as server link" errors: Now ngIRCd
returns a more specific error message for numeric ERR_NOTREGISTERED(451)
when a regular user tries to use a command that isn't allowed for users but
for servers.
- Don't report ERR_NEEDMOREPARAMS(461) when a MDOE command with more modes
than nicknames is handled, as well as for channel limit and key changes
without specifying the limit or key parameters.
This is how a lot (all?) other IRC servers behave, including ircd2.11,
InspIRCd, and ircd-seven. And because of clients (tested with Textual and
mIRC) sending bogus MODE commands like "MODE -ooo nick", end-users got the
expected result as well as correct but misleading error messages ...
- Correctly detect when SSL subsystem must be initialized and take
outgoing connections (server links!) into account, too.
- autogen.sh: Enforce serial test harness on GNU automake >=1.13. The
new parallel test harness which is enabled by default starting with
automake 1.13 isn't compatible with our test suite.
And don't use "egrep -o", instead use "sed", because it isn't portable
and not available on OpenBSD, for example.
ngIRCd 20.1 (2013-01-02)
- Allow ERROR command on server and service links only, ignore them and
add a penalty time on all other link types.
- Enforced mode setting by IRC Operators: Only check the channel user
modes of the initiator if he is joined to the channel and not an IRC
operator enforcing modes (which requires the configuration option
"OperCanUseMode" to be enabled), because trying to check channel user
modes of a non-member results in an assertion when running with debug
code or could crash the daemon otherwise. This closes bug #147, thanks
to James Kirwill <james.kirwill@bk.ru> for tracking this down!
- Fix build system to cope with spaces in path names.
- Code cleanups, mostly to fix build warnings on Cygwin.
ngIRCd 20 (2012-12-17)
- Allow user names ("INDENT") up to 20 characters when ngIRCd has not
been configured for "strict RFC mode". This is useful if you are using
external (PAM) authentication mechanisms that require longer user names.
Patch suggested by Brett Smith <brett@w3.org>, see
<http://arthur.barton.de/pipermail/ngircd-ml/2012-October/000579.html>.
ngIRCd 20~rc2 (2012-12-02)
- Rework cloaked hostname handling and implement the "METADATA cloakhost"
subcommand: Now ngIRCd uses two fields internally, one to store the
"real" hostname and one to save the "cloaked" hostname. This allows
"foreign servers" (aka "IRC services") to alter the real and cloaked
hostnames of clients without problems, even when the user itself issues
additional "MODE +x" and "MODE -x" commands.
- RPL_UMODEIS: send correct target name, even on server links.
- Update platformtest.sh to follow autoconf changes and only generate
the "configure" script when it is missing.
- Fix the test suite to correctly execute test scripts even when stdout
is redirected.
- Fix some compiler warnings on NetBSD and OpenBSD.
ngIRCd 20~rc1 (2012-11-11)
- Update doc/Services.txt: describe the upcoming version of Anope 1.9.8,
then including a protocol module for ngIRCd. And remove our own patches
in ./contrib/Anope because they aren't supported any more ...
- Implement new "METADATA" command which can be used by remote servers
and IRC services to update client metadata like the client info text
("real name"), user name, and hostname, and use this command to
configure an cloaked hostname (user mode "+x") on remote servers:
This prevents "double cloaking" of hostnames and even cloaked
hostnames are in sync on all servers supporting "METADATA" now.
- Fix error message when trying to join non-predefined channels and the
"PredefChannelsOnly" configuration option is set.
- Implement new IRC "SVSNICK" command to allow remote servers (and IRC
services) to change nicknames of already registered users. The SVSNICK
command itself doesn't change the nickname, but it becomes forwarded
to the server to which the user is connected to. And then this server
initiates the real nickname changing using regular NICK commands.
This allows to run mixed networks with old servers not supporting the
SVSNICK command, because SVSNICK commands for nicknames on such servers
are silently ignored and don't cause a desynchronization of the network.
- Make server reconnect time a little bit more random, so that two
servers trying to connect to each other asynchronously don't try this
in exactly the same time periods and kick each other off ...
- Don't accept connections for servers already being linked: there was a
time frame that could result in one connection overwriting the other,
e. g. the incoming connection overwriting the status of the outgoing
one. And this could lead to all kind of weirdness (even crashes!) later
on: now such incoming connections are dropped.
- New configuration option "MaxListSize" to configure the maximum number
of channels returned by a LIST command. The default is 100, as before.
- Implement user mode "b", "block messages": when a user has set mode "b",
all private messages and notices to this user are blocked if they don't
originate from a registered user, an IRC Op, server or service. The
originator gets an error numeric sent back in this case,
ERR_NONONREG_MSG (486), which is used by UnrealIRCd, too. (Closes #144)
- WHOIS: Not only show RPL_WHOISHOST_MSG to local IRC operators, but show
it to all IRC operators in the network. And don't show it to anybody if