diff options
| -rw-r--r-- | ChangeLog | 86 | ||||
| -rw-r--r-- | INSTALL | 27 | ||||
| -rw-r--r-- | NEWS | 59 | ||||
| -rw-r--r-- | config.guess | 8 | ||||
| -rw-r--r-- | config.sub | 15 | ||||
| -rw-r--r-- | contrib/Debian/changelog | 20 | ||||
| -rwxr-xr-x | contrib/Debian/rules | 22 | ||||
| -rw-r--r-- | contrib/ngircd.spec | 2 | ||||
| -rw-r--r-- | doc/HowToRelease.txt | 4 | ||||
| -rw-r--r-- | doc/Platforms.txt | 22 | ||||
| -rw-r--r-- | doc/sample-ngircd.conf.tmpl | 4 | ||||
| -rw-r--r-- | man/ngircd.conf.5.tmpl | 4 | ||||
| -rw-r--r-- | src/ngircd/client.c | 10 | ||||
| -rw-r--r-- | src/ngircd/client.h | 5 | ||||
| -rw-r--r-- | src/ngircd/conf.c | 6 | ||||
| -rw-r--r-- | src/ngircd/conn.c | 2 | ||||
| -rw-r--r-- | src/ngircd/defines.h | 6 | ||||
| -rw-r--r-- | src/ngircd/lists.c | 3 | ||||
| -rw-r--r-- | src/ngircd/numeric.c | 52 |
19 files changed, 264 insertions, 93 deletions
diff --git a/ChangeLog b/ChangeLog index 27e8545c..68cabc58 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,84 @@ -- ChangeLog -- +ngIRCd 22 (2014-10-11) + + - Match all list patterns case-insensitive: this affects the invite-, + ban-, and except lists, as well as G-Lines an K-Lines. + Problem pointed out by "wowaname" on #ngircd, thanks! + + ngIRCd 22~rc1 (2014-09-29) + - Sync "except lists" between servers: Up to now, ban, invite, and G-Line + lists have been synced between servers while linking -- but obviously + nobody noticed that except list have been missing ever since. Until now. + Thanks to "j4jackj", who reported this issue in #ngircd. + - Allow longer user names (up to 63 characters) for authentication. + - Correctly check that a server has a valid hostname and port, thanks to + David Binderman <dcb314@hotmail.com> who reported this bug. + - Fix the function which generates complete "IRC masks" from user input, + don't destroy the source buffer and use all provided parts (nick, user, + host name). This fixes GLINEs/KLINEs from not working in some situations. + - Increase MAX_SERVERS from 16 to 64: There are installations out there + that would like to configure more than 16 links per server, so increase + this limit. Best would be to get rid of MAX_SERVERS altogether and make + if fully dynamic, but start with this quick and dirty hack ... + - Debian: Don't adjust path names that are correct by default and correctly + set and use "docdir". + - Update config.guess and config.sub to recent versions. + - Test suite/platformtest.sh: Detect when tests have been skipped. + - doc/Bopm.txt: Update "connregex" and "kline" for current ngIRCd. + - Allow "DefaultUserModes" to set all possible modes, including modes only + settable by IRC Operators. + - Spoofed prefixes: Really kill connection on non-server links. + - Implement user mode "F": "relaxed flood protection". Clients with mode + "F" set are allowed to rapidly send data to the daemon. This mode is only + settable by IRC Operators and can cause problems in the network -- so be + careful and only set it on "trusted" clients! + User mode "F" is used by Bahamut for this purpose, for example. + - Handle "throttling" in a single function: ngIRCd implements "command + throttling" and "bps throttling" (bytes per second). The states are + detected in different functions, Conn_Handler() and Read_Request(), but + handle the actual "throttling" in a common function: this enables us to + guarantee consistent behavior and to disable throttling for special + connections in only one place + - Use server password when PAM is compiled in but disabled. + - Streamline punctuation of log messages. + - Return ISUPPORT(005) numerics on "VERSION". This is how ircd-seven, + Charybdis, Hybrid, and InspIRCd behave, for example. + - configure: Only link "contrib/Debian" if it exists, which isn't the case + on "VPATH builds", for example. + - Show the account name in WHOIS. This uses the same numeric as Charybdis + and ircu families: WHOISLOGGEDIN(330). + - Pattern matching: Remove "range matching" in our pattern matching code + using the "[...]" syntax, because [ and ] are valid characters in nick + names and one has to quote them currently using the "\" character, which + is quite unexpected for users. + - platformtest.sh: New option "-x", don't regenerate build system and + allow using separate source and build trees. + - Test suite: explicitly enable glibc memory checking. + - Make "MODE -k" handling more robust and compatible, send "fake '*' key" + in all replies. + - Update configure.ng: ngIRCd requires GNU autoconf 2.61 for generating its + build system, so update the build system accordingly and implement all + changes that autoupdate(1) suggests: Update AC_PREREQ and AC_INIT, use + AC_LINK_IFELSE, AC_RUN_IFELSE, and AC_COMPILE_IFELSE, and remove + AC_TYPE_SIGNAL (we don't use RETSIGTYPE). + - portabtest: Actually test the functions snprintf(), strlcpy(), strlcat(), + and vsnprintf() for correctness, not only existence (which was quite + useless, because if they weren't available, the program could not have + been linked at all ...). + - Implement new configuration option "Network": it is used to set the + (completely optional) "network name", to which this instance of the + daemon belongs. When set, this name is used in the ISUPPORT(005) numeric + which is sent to all clients connecting to the server after logging in. + - Update doc/Platforms.txt. + - Various code cleanups, remove unused code, streamline error handling. + Remove all imp.h and exp.h header files, support non-standard vsnprintf() + return codes, and fix some K&R C portability issues. Streamline + DEBUG_ARRAY, DEBUG_BUFFER, DEBUG_IO, DEBUG_ZIP definitions. + - Increase penalty time to 10 seconds when handling OPER commands with an + invalid password. + ngIRCd 21.1 (2014-03-25) - Don't ignore but use the server password when PAM is compiled in but @@ -1011,7 +1089,7 @@ ngIRCd 0.11.0 (2008-01-15) ngIRCd 0.11.0-pre2 (2008-01-07) - SECURITY: IRC_PART could reference invalid memory, causing ngircd to crash [from HEAD]. (CVE-2008-0285) - + ngIRCd 0.11.0-pre1 (2008-01-02) - Use dotted-decimal IP address if host name is >= 64. - Add support for /STAT u (server uptime) command. @@ -1045,7 +1123,7 @@ ngIRCd 0.10.4 (2008-01-07) - SECURITY: IRC_PART could reference invalid memory, causing ngircd to crash [from HEAD]. (CVE-2008-0285) - + ngIRCd 0.10.3 (2007-08-01) - SECURITY: Fixed a severe bug in handling JOIN commands, which could @@ -1431,7 +1509,7 @@ ngIRCd 0.6.0, 24.12.2002 ngIRCd 0.5.4, 24.11.2002 - - Fehler-Handling von connect() gefixed: der Server kann sich nun auch + - Fehler-Handling von connect() gefixed: der Server kann sich nun auch unter A/UX wieder zu anderen verbinden. - in den Konfigurationsvariablen ServerUID und ServerGID kann nun nicht nur die numerische ID, sondern auch der Name des Users bzw. der Gruppe @@ -1543,7 +1621,7 @@ ngIRCd 0.5.0, 20.09.2002 - ADMIN-Befehl implementiert. Die Daten hierzu werden in der Konfig-Datei im [Global]-Abschnitt mit den Variablen "AdminInfo1", "AdminInfo2" und "AdminEMail" konfiguriert. - + ngIRCd 0.4.3, 11.06.2002 - Bei PRIVMSG und NOTICE hat der ngIRCd nicht ueberpruft, ob das Ziel diff --git a/INSTALL b/INSTALL index 998274a6..0aa853c1 100644 --- a/INSTALL +++ b/INSTALL @@ -12,12 +12,21 @@ I. Upgrade Information ~~~~~~~~~~~~~~~~~~~~~~ +Differences to version 22.x + +- The default value of the SSL "CipherList" variable has been changed to + "HIGH:!aNULL:@STRENGTH:!SSLv3" (OpenSSL) and "SECURE128:-VERS-SSL3.0" + (GnuTLS) to disable the old SSLv3 protocol by default. + To enable connections of clients still requiring the weak SSLv3 protocol, + the "CipherList" must be set to its old value (not recommended!), which + was "HIGH:!aNULL:@STRENGTH" (OpenSSL) and "SECURE128" (GnuTLS), see below. + Differences to version 20.x - Starting with ngIRCd 21, the ciphers used by SSL are configurable and - default to HIGH:!aNULL:@STRENGTH (OpenSSL) or SECURE128 (GnuTLS). - Previous version were using the OpenSSL or GnuTLS defaults, DEFAULT - and NORMAL respectively. + default to "HIGH:!aNULL:@STRENGTH" (OpenSSL) or "SECURE128" (GnuTLS). + Previous version were using the OpenSSL or GnuTLS defaults, "DEFAULT" + and "NORMAL" respectively. - When adding GLINE's or KLINE's to ngIRCd 21 (or newer), all clients matching the new mask will be KILL'ed. This was not the case with earlier versions @@ -170,7 +179,7 @@ autogen.sh produces the Makefile.in's, which are necessary for the configure script itself, and some more files for make. To run autogen.sh you'll need GNU autoconf and GNU automake: at least autoconf 2.61 and automake 1.10 are requird, newer is better. But don't use automake 1.12 or newer for creating -distribution archives: it will work but lack "de-ANSI-fucation" support in the +distribution archives: it will work but lack "de-ANSI-fication" support in the generated Makefile's! Stick with automake 1.11.x for this purpose ... So automake 1.11.x and autoconf 2.67+ is recommended. @@ -226,7 +235,7 @@ which will be used to search for the required libraries and header files in the given paths ("<path>/lib/...", "<path>/include/...") in addition to the standard locations. -* Syslog Logging (autodetected by default): +* Syslog Logging (autodetected by default): --with-syslog[=<path>] / --without-syslog Enable (disable) support for logging to "syslog", which should be @@ -237,13 +246,13 @@ standard locations. Enable (disable) support for compressed server-server links. The Z compression library ("libz") is required for this option. - + * IO Backend (autodetected by default): --with-select[=<path>] / --without-select --with-poll[=<path>] / --without-poll --with-devpoll[=<path>] / --without-devpoll --with-epoll[=<path>] / --without-epoll - --with-kqueue[=<path>] / --without-kqueue + --with-kqueue[=<path>] / --without-kqueue ngIRCd can use different IO "backends": the "old school" select() and poll() API which should be supported by most UNIX-like operating systems, or the @@ -261,7 +270,7 @@ standard locations. required for this option. * TCP-Wrappers: - --with-tcp-wrappers[=<path>] + --with-tcp-wrappers[=<path>] Include support for Wietse Venemas "TCP Wrappers" to limit client access to the daemon, for example by using "/etc/hosts.{allow|deny}". @@ -318,7 +327,7 @@ IRC operators of this server are defined in [Operator] blocks, remote servers are configured in [Server] sections, and [Channel] blocks are used to configure pre-defined ("persistent") IRC channels. -The meaning of the variables in the configuration file is explained in the +The meaning of the variables in the configuration file is explained in the "doc/sample-ngircd.conf", which is used as sample configuration file in /usr/local/etc after running "make install" (if you don't already have one) and in the ngircd.conf(5) manual page. diff --git a/NEWS b/NEWS index 1bb7505f..9ec7547e 100644 --- a/NEWS +++ b/NEWS @@ -9,6 +9,63 @@ -- NEWS -- +ngIRCd 22 (2014-10-11) + + - Match all list patterns case-insensitive: this affects the invite-, + ban-, and except lists, as well as G-Lines an K-Lines. + Problem pointed out by "wowaname" on #ngircd, thanks! + + ngIRCd 22~rc1 (2014-09-29) + - Sync "except lists" between servers: Up to now, ban, invite, and G-Line + lists have been synced between servers while linking -- but obviously + nobody noticed that except list have been missing ever since. Until now. + Thanks to "j4jackj", who reported this issue in #ngircd. + - Allow longer user names (up to 63 characters) for authentication. + - Increase MAX_SERVERS from 16 to 64: There are installations out there + that would like to configure more than 16 links per server, so increase + this limit. Best would be to get rid of MAX_SERVERS altogether and make + if fully dynamic, but start with this quick and dirty hack ... + - Test suite/platformtest.sh: Detect when tests have been skipped. + - Allow "DefaultUserModes" to set all possible modes, including modes only + settable by IRC Operators. + - Implement user mode "F": "relaxed flood protection". Clients with mode + "F" set are allowed to rapidly send data to the daemon. This mode is only + settable by IRC Operators and can cause problems in the network -- so be + careful and only set it on "trusted" clients! + User mode "F" is used by Bahamut for this purpose, for example. + - Use server password when PAM is compiled in but disabled. + - Streamline punctuation of log messages. + - Return ISUPPORT(005) numerics on "VERSION". This is how ircd-seven, + Charybdis, Hybrid, and InspIRCd behave, for example. + - configure: Only link "contrib/Debian" if it exists, which isn't the case + on "VPATH builds", for example. + - Show the account name in WHOIS. This uses the same numeric as Charybdis + and ircu families: WHOISLOGGEDIN(330). + - Pattern matching: Remove "range matching" in our pattern matching code + using the "[...]" syntax, because [ and ] are valid characters in nick + names and one has to quote them currently using the "\" character, which + is quite unexpected for users. + - platformtest.sh: New option "-x", don't regenerate build system and + allow using separate source and build trees. + - Test suite: explicitly enable glibc memory checking. + - Make "MODE -k" handling more robust and compatible, send "fake '*' key" + in all replies. + - portabtest: Actually test the functions snprintf(), strlcpy(), strlcat(), + and vsnprintf() for correctness, not only existence (which was quite + useless, because if they weren't available, the program could not have + been linked at all ...). + - Implement new configuration option "Network": it is used to set the + (completely optional) "network name", to which this instance of the + daemon belongs. When set, this name is used in the ISUPPORT(005) numeric + which is sent to all clients connecting to the server after logging in. + - Update doc/Platforms.txt. + - Various code cleanups, remove unused code, streamline error handling. + Remove all imp.h and exp.h header files, support non-standard vsnprintf() + return codes, and fix some K&R C portability issues. Streamline + DEBUG_ARRAY, DEBUG_BUFFER, DEBUG_IO, DEBUG_ZIP definitions. + - Increase penalty time to 10 seconds when handling OPER commands with an + invalid password. + ngIRCd 21.1 (2014-03-25) - Don't ignore but use the server password when PAM is compiled in but @@ -595,7 +652,7 @@ ngIRCd 0.7.5 (2003-07-11) (DoS), the default is 5 connections per client IP. - Added new configuration variable "Listen" to bind all listening sockets of the server to a single IP address. - + ngIRCd 0.7.1 (2003-07-18) - Added support for GNU/Hurd. diff --git a/config.guess b/config.guess index 71f8f7a6..1f5c50c0 100644 --- a/config.guess +++ b/config.guess @@ -2,7 +2,7 @@ # Attempt to guess a canonical system name. # Copyright 1992-2014 Free Software Foundation, Inc. -timestamp='2014-03-13' +timestamp='2014-03-23' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -969,10 +969,10 @@ EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; } ;; - or1k:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + openrisc*:Linux:*:*) + echo or1k-unknown-linux-${LIBC} exit ;; - or32:Linux:*:*) + or32:Linux:*:* | or1k*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; padre:Linux:*:*) diff --git a/config.sub b/config.sub index 092cff00..d654d03c 100644 --- a/config.sub +++ b/config.sub @@ -2,7 +2,7 @@ # Configuration validation subroutine script. # Copyright 1992-2014 Free Software Foundation, Inc. -timestamp='2014-01-01' +timestamp='2014-05-01' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -283,8 +283,10 @@ case $basic_machine in | mips64vr5900 | mips64vr5900el \ | mipsisa32 | mipsisa32el \ | mipsisa32r2 | mipsisa32r2el \ + | mipsisa32r6 | mipsisa32r6el \ | mipsisa64 | mipsisa64el \ | mipsisa64r2 | mipsisa64r2el \ + | mipsisa64r6 | mipsisa64r6el \ | mipsisa64sb1 | mipsisa64sb1el \ | mipsisa64sr71k | mipsisa64sr71kel \ | mipsr5900 | mipsr5900el \ @@ -296,8 +298,7 @@ case $basic_machine in | nds32 | nds32le | nds32be \ | nios | nios2 | nios2eb | nios2el \ | ns16k | ns32k \ - | open8 \ - | or1k | or32 \ + | open8 | or1k | or1knd | or32 \ | pdp10 | pdp11 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle \ | pyramid \ @@ -402,8 +403,10 @@ case $basic_machine in | mips64vr5900-* | mips64vr5900el-* \ | mipsisa32-* | mipsisa32el-* \ | mipsisa32r2-* | mipsisa32r2el-* \ + | mipsisa32r6-* | mipsisa32r6el-* \ | mipsisa64-* | mipsisa64el-* \ | mipsisa64r2-* | mipsisa64r2el-* \ + | mipsisa64r6-* | mipsisa64r6el-* \ | mipsisa64sb1-* | mipsisa64sb1el-* \ | mipsisa64sr71k-* | mipsisa64sr71kel-* \ | mipsr5900-* | mipsr5900el-* \ @@ -415,6 +418,7 @@ case $basic_machine in | nios-* | nios2-* | nios2eb-* | nios2el-* \ | none-* | np1-* | ns16k-* | ns32k-* \ | open8-* \ + | or1k*-* \ | orion-* \ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ @@ -1376,7 +1380,7 @@ case $os in | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ - | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*) + | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* | -tirtos*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) @@ -1594,9 +1598,6 @@ case $basic_machine in mips*-*) os=-elf ;; - or1k-*) - os=-elf - ;; or32-*) os=-coff ;; diff --git a/contrib/Debian/changelog b/contrib/Debian/changelog index f8332365..46e42112 100644 --- a/contrib/Debian/changelog +++ b/contrib/Debian/changelog @@ -1,3 +1,23 @@ +ngircd (22-0ab1) unstable; urgency=low + + * New "upstream" release: ngIRCd 22. + + -- Alexander Barton <alex@barton.de> Sat, 11 Oct 2014 20:29:03 +0200 + +ngircd (22~rc1-0ab1) unstable; urgency=low + + * New "upstream" release candidate 1 for ngIRCd Release 22. + + -- Alexander Barton <alex@barton.de> Mon, 29 Sep 2014 17:07:55 +0200 + +ngircd (21.1-0ab2) unstable; urgency=low + + * Use correct package name in pathname to "HelpFile" (Command.txt) + in "ngircd-full" and "ngircd-full-dbg" packages. + * Don't adjust path names that are correct by default. + + -- Alexander Barton <alex@barton.de> Mon, 14 Jul 2014 11:20:17 +0200 + ngircd (21.1-0ab1) unstable; urgency=low * New "upstream" release: ngIRCd 21.1. diff --git a/contrib/Debian/rules b/contrib/Debian/rules index 4df0609c..1630a015 100755 --- a/contrib/Debian/rules +++ b/contrib/Debian/rules @@ -1,7 +1,7 @@ #!/usr/bin/make -f # # ngIRCd -- The Next Generation IRC Daemon -# Copyright (c)2001-2012 Alexander Barton (alex@barton.de) and Contributors +# Copyright (c)2001-2014 Alexander Barton (alex@barton.de) and Contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -42,6 +42,7 @@ configure-ngircd: configure --prefix=/usr \ --sysconfdir=/etc/ngircd \ --mandir=\$${prefix}/share/man \ + --docdir=\$${prefix}/share/doc/ngircd \ --with-syslog --with-zlib configure-ngircd-full: configure @@ -52,6 +53,7 @@ configure-ngircd-full: configure --prefix=/usr \ --sysconfdir=/etc/ngircd \ --mandir=\$${prefix}/share/man \ + --docdir=\$${prefix}/share/doc/ngircd-full \ --with-syslog --with-zlib \ --with-gnutls --with-iconv --with-ident --with-tcp-wrappers \ --with-pam \ @@ -65,6 +67,7 @@ configure-ngircd-full-dbg: configure --prefix=/usr \ --sysconfdir=/etc/ngircd \ --mandir=\$${prefix}/share/man \ + --docdir=\$${prefix}/share/doc/ngircd-full-dbg \ --enable-debug --enable-sniffer \ --with-syslog --with-zlib \ --with-gnutls --with-iconv --with-ident --with-tcp-wrappers \ @@ -141,7 +144,6 @@ install-ngircd: build-ngircd cat $(CURDIR)/debian/ngircd/usr/share/doc/ngircd/sample-ngircd.conf | \ sed -e "s|;ServerUID = 65534|ServerUID = irc|g" | \ sed -e "s|;ServerGID = 65534|ServerGID = irc|g" | \ - sed -e "s|;MotdFile = /usr/local/etc/ngircd.motd|MotdFile = |/etc/ngircd/ngircd.motd|g" | \ sed -e "s|;PidFile = /var/run/ngircd/ngircd.pid|PidFile = /var/run/ircd/ngircd.pid|g" \ >$(CURDIR)/debian/ngircd/etc/ngircd/ngircd.conf touch $(CURDIR)/debian/ngircd/etc/ngircd/ngircd.motd @@ -153,16 +155,12 @@ install-ngircd-full: build-ngircd-full # Add here commands to install the "full" package into debian/ngircd-full: $(MAKE) install DESTDIR=$(CURDIR)/debian/ngircd-full - rm $(CURDIR)/debian/ngircd-full/usr/share/doc/ngircd/INSTALL* - rm $(CURDIR)/debian/ngircd-full/usr/share/doc/ngircd/COPYING* - mv $(CURDIR)/debian/ngircd-full/usr/share/doc/ngircd \ - $(CURDIR)/debian/ngircd-full/usr/share/doc/ngircd-full + rm $(CURDIR)/debian/ngircd-full/usr/share/doc/ngircd-full/INSTALL* + rm $(CURDIR)/debian/ngircd-full/usr/share/doc/ngircd-full/COPYING* mkdir -p $(CURDIR)/debian/ngircd-full/var/run/ircd cat $(CURDIR)/debian/ngircd-full/usr/share/doc/ngircd-full/sample-ngircd.conf | \ sed -e "s|;ServerUID = 65534|ServerUID = irc|g" | \ sed -e "s|;ServerGID = 65534|ServerGID = irc|g" | \ - sed -e "s|;MotdFile = /usr/local/etc/ngircd.motd|MotdFile = /etc/ngircd/ngircd.motd|g" | \ - sed -e "s|;HelpFile = /usr/share/doc/ngircd/Commands.txt|HelpFile = /usr/share/doc/ngircd-full/Commands.txt|g" | \ sed -e "s|;PidFile = /var/run/ngircd/ngircd.pid|PidFile = /var/run/ircd/ngircd.pid|g" \ >$(CURDIR)/debian/ngircd-full/etc/ngircd/ngircd.conf touch $(CURDIR)/debian/ngircd-full/etc/ngircd/ngircd.motd @@ -176,16 +174,12 @@ install-ngircd-full-dbg: build-ngircd-full-dbg # Add here commands to install the "full" package into debian/ngircd-full: $(MAKE) install DESTDIR=$(CURDIR)/debian/ngircd-full-dbg - rm $(CURDIR)/debian/ngircd-full-dbg/usr/share/doc/ngircd/INSTALL* - rm $(CURDIR)/debian/ngircd-full-dbg/usr/share/doc/ngircd/COPYING* - mv $(CURDIR)/debian/ngircd-full-dbg/usr/share/doc/ngircd \ - $(CURDIR)/debian/ngircd-full-dbg/usr/share/doc/ngircd-full-dbg + rm $(CURDIR)/debian/ngircd-full-dbg/usr/share/doc/ngircd-full-dbg/INSTALL* + rm $(CURDIR)/debian/ngircd-full-dbg/usr/share/doc/ngircd-full-dbg/COPYING* mkdir -p $(CURDIR)/debian/ngircd-full-dbg/var/run/ircd cat $(CURDIR)/debian/ngircd-full-dbg/usr/share/doc/ngircd-full-dbg/sample-ngircd.conf | \ sed -e "s|;ServerUID = 65534|ServerUID = irc|g" | \ sed -e "s|;ServerGID = 65534|ServerGID = irc|g" | \ - sed -e "s|;MotdFile = /usr/local/etc/ngircd.motd|MotdFile = /etc/ngircd/ngircd.motd|g" | \ - sed -e "s|;HelpFile = /usr/share/doc/ngircd/Commands.txt|HelpFile = /usr/share/doc/ngircd-full-dbg/Commands.txt|g" | \ sed -e "s|;PidFile = /var/run/ngircd/ngircd.pid|PidFile = /var/run/ircd/ngircd.pid|g" \ >$(CURDIR)/debian/ngircd-full-dbg/etc/ngircd/ngircd.conf touch $(CURDIR)/debian/ngircd-full-dbg/etc/ngircd/ngircd.motd diff --git a/contrib/ngircd.spec b/contrib/ngircd.spec index c49eff68..63adba91 100644 --- a/contrib/ngircd.spec +++ b/contrib/ngircd.spec @@ -1,5 +1,5 @@ %define name ngircd -%define version 21.1 +%define version 22 %define release 1 %define prefix %{_prefix} diff --git a/doc/HowToRelease.txt b/doc/HowToRelease.txt index 429c3d84..c965b798 100644 --- a/doc/HowToRelease.txt +++ b/doc/HowToRelease.txt @@ -74,4 +74,6 @@ l) Upload and distribute the newly generated ngIRCd release archive(s) m) Write an announcement to the mailing list, freshmeat, Twitter, ... -n) Relax :-) +n) Update the list of releases in our bug tracker. + +o) Relax :-) diff --git a/doc/Platforms.txt b/doc/Platforms.txt index 4555e229..95f21b07 100644 --- a/doc/Platforms.txt +++ b/doc/Platforms.txt @@ -30,8 +30,10 @@ alpha/unknown/netbsd3.0 gcc 3.3.3 CVSHEAD 06-05-07 fw Y Y Y Y 3 armv6l/unk./linux-gnueabi gcc 4.7.2 20.2 13-03-08 goetz Y Y Y Y 5 armv6l/unk./linux-gnueabihf gcc 4.6.3 21~rc2 13-10-26 pi Y Y Y Y 5 armv7l/unk./linux-gnueabi gcc 4.4.3 19.1 12-04-29 goetz Y Y Y Y 5 +armv7l/unk./linux-gnueabihf gcc 4.6.3 22~rc1-3 14-10-10 alex Y Y Y Y 5 +armv7l/unk./linux-gnueabihf gcc 4.8.2 21.1 14-07-15 goetz Y Y Y Y 5 hppa/unknown/openbsd3.5 gcc 2.95.3 CVSHEAD 04-05-25 alex Y Y Y Y -hppa/unknown/openbsd5.4 gcc 4.2.1 21 13-11-10 alex Y Y Y Y 3 +hppa/unknown/openbsd5.4 gcc 4.2.1 22~rc1-3 14-10-10 alex Y Y y Y 3 hppa1.1/unknown/linux-gnu gcc 3.3.3 0.8.0 04-05-30 alex Y Y Y Y hppa2.0/unknown/linux-gnu gcc 3.3.5 13~rc1 08-12-02 alex Y Y Y Y hppa2.0w-hp-hpux11.11 gcc 4.2.3 14.1 09-07-22 goetz Y Y Y Y @@ -45,7 +47,7 @@ i386/unknown/freebsd6.2 gcc 3.4.6 20~rc1 12-11-13 alex Y Y Y Y 3 i386/unknown/freebsd7.3 gcc 4.2.1 20~rc1 12-11-13 alex Y Y Y Y 3 i686/pc/minix gcc 4.4.6 21~rc2 13-10-27 alex Y Y N N i686/unknown/gnu0.3 gcc 4.4.5 19 12-02-29 alex Y Y Y Y -i686/unknown/gnu0.5 gcc 4.8.2 21 14-02-09 alex Y Y Y Y +i686/unknown/gnu0.5 gcc 4.9.1 22~rc1-3 14-10-11 alex Y Y Y Y i686/unkn./kfreebsd7.2-gnu gcc 4.3.4 15 09-12-02 alex Y Y Y Y 3 i386/unknown/netbsdelf1.5.2 egcs-1.1.2 21 13-11-25 goetz Y Y N Y i386/unknown/netbsdelf1.6.2 gcc 2.95.3 18 11-07-10 goetz Y Y Y Y @@ -59,11 +61,12 @@ i386/unknown/openbsd5.3 gcc 4.2.1 21 13-11-28 goetz Y Y Y Y 3 i386/unknown/openbsd5.4 gcc 4.2.1 21 13-11-28 goetz Y Y Y Y 3 i586/pc/haiku gcc 2.95.3 19.2~138 12-10-11 user Y Y N N i586/pc/interix3.5 gcc 3.3 19 12-02-29 alex Y Y N Y -i686/pc/cygwin gcc 4.8.2 21 14-01-02 alex Y Y N Y +i686/pc/cygwin gcc 4.8.3 22~rc1-3 14-10-10 alex Y Y N Y i686/pc/linux-gnu gcc 2.7.2 21~38 14-01-06 goetz Y Y Y Y 1 i686/pc/linux-gnu gcc 2.95.4 0.8.0 04-05-30 alex Y Y Y Y 1 i686/pc/linux-gnu gcc 3.3.5 14.1 09-08-04 alex Y Y Y Y 1 i386/pc/linux-gnu gcc 4.1.2 13~rc1 08-12-05 alex Y Y Y Y 1 +i386/pc/linux-gnu gcc 4.4.5 22~rc1-3 14-10-10 alex Y Y Y Y 1 i686/pc/linux-gnu gcc 4.3.2 14.1 09-08-04 alex Y Y Y Y 1 m68k/apple/aux3.0.1 gcc 2.7.2 17 10-11-07 alex Y Y N Y m68k/apple/aux3.0.1 Orig. A/UX 17 10-11-07 alex Y Y N Y 2 @@ -86,19 +89,26 @@ sparc/unknown/openbsd5.5 gcc 4.2.1 21.1 14-05-03 goetz Y Y Y Y 3 x86_64/apple/darwin10.8.0 gcc 4.2.1 21~rc2 13-10-30 alex Y Y Y Y 3 x86_64/apple/darwin12.3.0 gcc 4.2.1 20.2 13-04-01 alex Y Y Y Y 3 x86_64/apple/darwin13.0.0 A-clang 5.0 21 14-01-02 alex Y Y Y Y 3 +x86_64/apple/darwin14.0.0 A-clang 6.0 22~rc1-3 14-10-10 alex Y Y Y Y 3 x86_64/unknown/dragonfly3.4 gcc 4.7.2 21 13-11-12 goetz Y Y N Y 3 -x86_64/unknown/freebsd8.4 gcc 4.2.1 21 14-01-02 alex Y Y Y Y 3 -x86_64/unknown/freebsd9.1 gcc 4.2.1 21 14-01-02 alex Y Y Y Y 3 +x86_64/unknown/freebsd8.4 gcc 4.2.1 22~rc1-3 14-10-10 alex Y Y y Y 3 +x86_64/unknown/freebsd9.2 gcc 4.2.1 22~rc1-3 14-10-10 alex Y Y Y Y 3 +x86_64/unknown/freebsd10.0 F-clang 3.3 22~rc1-3 14-10-10 alex Y Y Y Y 3 x86_64/unkn./freebsd8.1-gnu gcc 4.4.5 19 12-02-26 alex Y Y Y Y 3 x86_64/unknown/linux-gnu clang 3.3 21 14-01-07 alex Y Y Y Y 1 +x86_64/unknown/linux-gnu clang 3.4 22~rc1-3 14-10-11 alex Y Y Y Y 1 +x86_64/unknown/linux-gnu gcc 4.4.5 22~rc1-3 14-10-10 alex Y Y Y Y 1 +x86_64/unknown/linux-gnu gcc 4.7.2 22~rc1-3 14-10-10 alex Y Y Y Y 1 x86_64/unknown/linux-gnu gcc 4.8.2 21 13-12-29 alex Y Y Y Y 1 +x86_64/unknown/linux-gnu gcc 4.9.1 22~rc1-3 14-10-10 alex Y Y Y Y 1 x86_64/unknown/linux-gnu nwcc 0.8.2 21 13-12-01 goetz Y Y Y Y 1 x86_64/unknown/linux-gnu Open64 21.1 14-03-27 goetz Y Y Y Y 1 x86_64/unknown/linux-gnu Sun C 5.12 21.1 14-03-27 goetz Y Y Y Y 1 x86_64/unknown/linux-gnu tcc 0.9.25 21.1 14-03-27 goetz Y Y Y Y 1 x86_64/unknown/openbsd4.7 gcc 3.3.5 20~rc1 12-02-26 alex Y Y Y Y 3 -x86_64/unknown/openbsd4.8 gcc 4.2.1 21 13-12-28 alex Y Y Y Y 3 +x86_64/unknown/openbsd4.8 gcc 4.2.1 22~rc1-3 14-10-10 alex Y Y y Y 3 x86_64/unknown/openbsd5.1 gcc 4.2.1 21 13-12-28 alex Y Y Y Y 3 +x86_64/unknown/openbsd5.5 gcc 4.2.1 22~rc1-3 14-10-10 alex Y Y Y Y 3 * Notes diff --git a/doc/sample-ngircd.conf.tmpl b/doc/sample-ngircd.conf.tmpl index 1d07822c..b5db1d9e 100644 --- a/doc/sample-ngircd.conf.tmpl +++ b/doc/sample-ngircd.conf.tmpl @@ -259,9 +259,9 @@ # See 'man 1ssl ciphers' (OpenSSL) or 'man 3 gnutls_priority_init' # (GnuTLS) for details. # For OpenSSL: - ;CipherList = HIGH:!aNULL:@STRENGTH + ;CipherList = HIGH:!aNULL:@STRENGTH:!SSLv3 # For GnuTLS: - ;CipherList = SECURE128 + ;CipherList = SECURE128:-VERS-SSL3.0 # Diffie-Hellman parameters ;DHFile = :ETCDIR:/ssl/dhparams.pem diff --git a/man/ngircd.conf.5.tmpl b/man/ngircd.conf.5.tmpl index 9b2ed082..0d57f902 100644 --- a/man/ngircd.conf.5.tmpl +++ b/man/ngircd.conf.5.tmpl @@ -1,7 +1,7 @@ .\" .\" ngircd.conf(5) manual page template .\" -.TH ngircd.conf 5 "Jan 2014" ngIRCd "ngIRCd Manual" +.TH ngircd.conf 5 "Oct 2014" ngIRCd "ngIRCd Manual" .SH NAME ngircd.conf \- configuration file of ngIRCd .SH SYNOPSIS @@ -375,7 +375,7 @@ SSL Certificate file of the private server key. .TP \fBCipherList\fR (string) Select cipher suites allowed for SSL/TLS connections. This defaults to -"HIGH:!aNULL:@STRENGTH" (OpenSSL) or "SECURE128" (GnuTLS). +"HIGH:!aNULL:@STRENGTH:!SSLv3" (OpenSSL) or "SECURE128:-VERS-SSL3.0" (GnuTLS). Please see 'man 1ssl ciphers' (OpenSSL) and 'man 3 gnutls_priority_init' (GnuTLS) for details. .TP diff --git a/src/ngircd/client.c b/src/ngircd/client.c index 9795662e..07d448fd 100644 --- a/src/ngircd/client.c +++ b/src/ngircd/client.c @@ -427,7 +427,7 @@ Client_SetOrigUser(CLIENT UNUSED *Client, const char UNUSED *User) assert(Client != NULL); assert(User != NULL); -#if defined(PAM) && defined(IDENTAUTH) +#if defined(PAM) strlcpy(Client->orig_user, User, sizeof(Client->orig_user)); #endif } /* Client_SetOrigUser */ @@ -731,15 +731,7 @@ Client_User( CLIENT *Client ) */ GLOBAL char * Client_OrigUser(CLIENT *Client) { -#ifndef IDENTAUTH - char *user = Client->user; - - if (user[0] == '~') - user++; - return user; -#else return Client->orig_user; -#endif } /* Client_OrigUser */ #endif diff --git a/src/ngircd/client.h b/src/ngircd/client.h index c6fcec07..4185d217 100644 --- a/src/ngircd/client.h +++ b/src/ngircd/client.h @@ -52,8 +52,9 @@ typedef struct _CLIENT char *cloaked; /* cloaked hostname of the client */ char *ipa_text; /* textual representaton of IP address */ char user[CLIENT_USER_LEN]; /* user name ("login") */ -#if defined(PAM) && defined(IDENTAUTH) - char orig_user[CLIENT_USER_LEN];/* user name supplied by USER command */ +#if defined(PAM) + char orig_user[CLIENT_AUTHUSER_LEN]; + /* original user name supplied by USER command */ #endif char info[CLIENT_INFO_LEN]; /* long user name (user) / info text (server) */ char modes[CLIENT_MODE_LEN]; /* client modes */ diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c index 2f234dad..5f8c3929 100644 --- a/src/ngircd/conf.c +++ b/src/ngircd/conf.c @@ -88,10 +88,10 @@ static void Init_Server_Struct PARAMS(( CONF_SERVER *Server )); #endif #ifdef HAVE_LIBSSL -#define DEFAULT_CIPHERS "HIGH:!aNULL:@STRENGTH" +#define DEFAULT_CIPHERS "HIGH:!aNULL:@STRENGTH:!SSLv3" #endif #ifdef HAVE_LIBGNUTLS -#define DEFAULT_CIPHERS "SECURE128" +#define DEFAULT_CIPHERS "SECURE128:-VERS-SSL3.0" #endif #ifdef SSL_SUPPORT @@ -806,8 +806,8 @@ Set_Defaults(bool InitServers) Conf_PAM = false; #endif Conf_PAMIsOptional = false; -#ifdef SYSLOG Conf_ScrubCTCP = false; +#ifdef SYSLOG #ifdef LOG_LOCAL5 Conf_SyslogFacility = LOG_LOCAL5; #else diff --git a/src/ngircd/conn.c b/src/ngircd/conn.c index 5c175dfd..62561544 100644 --- a/src/ngircd/conn.c +++ b/src/ngircd/conn.c @@ -1904,7 +1904,7 @@ Check_Servers(void) for (i = 0; i < MAX_SERVERS; i++) { if (Conf_Server[i].conn_id != NONE) continue; /* Already establishing or connected */ - if (!Conf_Server[i].host[0] || !Conf_Server[i].port > 0) + if (!Conf_Server[i].host[0] || Conf_Server[i].port <= 0) continue; /* No host and/or port configured */ if (Conf_Server[i].flags & CONF_SFLAG_DISABLED) continue; /* Disabled configuration entry */ diff --git a/src/ngircd/defines.h b/src/ngircd/defines.h index 4acdc477..456c4c93 100644 --- a/src/ngircd/defines.h +++ b/src/ngircd/defines.h @@ -53,7 +53,7 @@ /* Size of structures */ /** Max. count of configurable servers. */ -#define MAX_SERVERS 16 +#define MAX_SERVERS 64 /** Max. number of WHOWAS list items that can be stored. */ #define MAX_WHOWAS 64 @@ -109,6 +109,10 @@ #else # define CLIENT_USER_LEN 10 #endif +/** Max. length of user names saved for authentication (used by PAM) */ +#ifdef PAM +# define CLIENT_AUTHUSER_LEN 64 +#endif /** Max. length of "real names" (including NULL). */ #define CLIENT_NAME_LEN 32 diff --git a/src/ngircd/lists.c b/src/ngircd/lists.c index 563dfa47..247344e5 100644 --- a/src/ngircd/lists.c +++ b/src/ngircd/lists.c @@ -285,6 +285,7 @@ Lists_MakeMask(const char *Pattern, char *mask, size_t len) strlcpy(mask, Pattern, len - 5); strlcat(mask, "!*@", len); strlcat(mask, at, len); + at--; *at = '@'; } else { /* All parts (nick, user and domain name) are given */ strlcpy(mask, Pattern, len); @@ -325,7 +326,7 @@ Lists_CheckReason(struct list_head *h, CLIENT *Client, char *reason, size_t len) while (e) { next = e->next; - if (Match(e->mask, Client_MaskCloaked(Client))) { + if (MatchCaseInsensitive(e->mask, Client_MaskCloaked(Client))) { if (len && e->reason) strlcpy(reason, e->reason, len); if (e->valid_until == 1) { diff --git a/src/ngircd/numeric.c b/src/ngircd/numeric.c index da863e4d..b0ceeef8 100644 --- a/src/ngircd/numeric.c +++ b/src/ngircd/numeric.c @@ -145,7 +145,27 @@ Announce_Server(CLIENT * Client, CLIENT * Server) #ifdef IRCPLUS /** - * Synchronize invite, ban, G- and K-Line lists between servers. + * Send a specific list to a remote server. + */ +static bool +Send_List(CLIENT *Client, CHANNEL *Chan, struct list_head *Head, char Type) +{ + struct list_elem *elem; + + elem = Lists_GetFirst(Head); + while (elem) { + if (!IRC_WriteStrClient(Client, "MODE %s +%c %s", + Channel_Name(Chan), Type, + Lists_GetMask(elem))) { + return DISCONNECTED; + } + elem = Lists_GetNext(elem); + } + return CONNECTED; +} + +/** + * Synchronize invite, ban, except, and G-Line lists between servers. * * @param Client New server. * @return CONNECTED or DISCONNECTED. @@ -173,30 +193,12 @@ Synchronize_Lists(CLIENT * Client) c = Channel_First(); while (c) { - /* ban list */ - head = Channel_GetListBans(c); - elem = Lists_GetFirst(head); - while (elem) { - if (!IRC_WriteStrClient(Client, "MODE %s +b %s", - Channel_Name(c), - Lists_GetMask(elem))) { - return DISCONNECTED; - } - elem = Lists_GetNext(elem); - } - - /* invite list */ - head = Channel_GetListInvites(c); - elem = Lists_GetFirst(head); - while (elem) { - if (!IRC_WriteStrClient(Client, "MODE %s +I %s", - Channel_Name(c), - Lists_GetMask(elem))) { - return DISCONNECTED; - } - elem = Lists_GetNext(elem); - } - + if (!Send_List(Client, c, Channel_GetListExcepts(c), 'e')) + return DISCONNECTED; + if (!Send_List(Client, c, Channel_GetListBans(c), 'b')) + return DISCONNECTED; + if (!Send_List(Client, c, Channel_GetListInvites(c), 'I')) + return DISCONNECTED; c = Channel_Next(c); } return CONNECTED; |