]> jfr.im git - irc/freenode/solanum.git/blob - NEWS.md
Stop using chm_nosuch as a sentinel value (#53)
[irc/freenode/solanum.git] / NEWS.md
1 # News
2
3 This is solanum 1.0-dev.
4 See LICENSE for licensing details (GPL v2).
5
6 ## solanum-1.0
7
8 Includes changes from charybdis-4.1.3-dev.
9
10 **This release includes breaking changes from charybdis 4.x.** Please pay close attention to
11 bolded warnings in the full release notes below.
12
13 ### build
14 - Add `--with-asan` to configure to produce an ASan instrumented build
15
16 ### server protocol
17 - OPER is now propagated globally, as :operator OPER opername privset
18
19 ### user
20 - **Breaking:** invite-notify is now enabled by loading the invite-notify extension
21 - Prioritise older, more important client capabilities for clients that can only accept
22 one line of CAP LS
23 - Add the solanum.chat/realhost vendor capability (provided by extensions/cap\_realhost)
24 - Add the solanum.chat/identify-msg vendor capability (provided by extensions/identify\_msg)
25 - Server-side aliases preserve protocol framing characters
26 - Add the +G user mode for soft callerid (implicitly allow users with a common channel)
27 - /invite no longer punches through callerid
28 - invite-notify now works
29 - Rejectcached users are now sent the reason of the ban that caused their reject in most cases
30 - Rejectcache entries expire when their corresponding K-lines do
31 - One-argument /stats and zero-argument /motd are no longer ratelimited
32 - Channel bans don't see through IP spoofs
33 - Global /names now respects userhost-in-names
34 - The `$j` extban is no longer usable inside ban exceptions
35 - TLSv1 connections are accepted. They can still be disabled using OpenSSL config if you don't
36 want them. TLSv1 existing is not thought to be a threat to up-to-date clients.
37
38 ### oper
39 - **Breaking:** Kick immunity for override is now its own extension, override\_kick\_immunity
40 - **Breaking:** /stats A output now follows the same format as other stats letters
41 - **Breaking:** helpops now uses +h instead of +H
42 - **Breaking:** sno\_whois and the spy\_ extensions have been removed
43 - Opers now have their privset (identified by name) on remote servers
44 - Oper-only umodes are refreshed after rehash and /grant
45 - Extension modules can be reloaded
46 - Override no longer spams about being enabled/disabled. It continues to spam on each use.
47 - Add /testkline, which has the same syntax as /testline but doesn't check if the mask is ilined
48 - /privs is now remote-capable and can respond with more than one line
49 - Most commands now respect oper hiding
50 - Massnotice (notice/privmsg to $$.../$#...) now alerts opers
51 - Massnotice no longer imposes any restrictions on the target mask
52 - /kline and /dline are hardened to invalid inputs
53 - K/D-lines are more consistent about checking for encoded ipv4-in-ipv6 addresses
54 - Add extensions/drain to reject new connections
55 - Add extensions/filter to filter messages, parts and quits with a Hyperscan database
56 - Add extensions/sasl\_usercloak to interpolate SASL account names into I-line spoofs
57
58 ### conf
59 - **Breaking:** Completely overhaul oper privs. All privset configs will need to be rewritten.
60 See reference.conf for details.
61 - Add the `kline_spoof_ip` I-line flag to make any spoof opaque to K-line matching
62 - Add general::hide\_tkline\_duration to remove durations from user-visible ban reasons
63 - Add general::hide\_opers, which behaves as if all opers have oper:hidden
64 - Add general::post\_registration\_delay
65 - Add general::tls\_ciphers\_oper\_only to hide TLS cipher details in /whois
66 - Add channel::opmod\_send\_statusmsg to send messages allowed by +z to @#channel
67 - Add class::max\_autoconn, with the behaviour of class::max\_number for servers prior to
68 charybdis 4
69 - Add `secure {}` blocks. Networks listed in a secure block gain +Z and can match `need_ssl` I-
70 and O-lines.
71 - Remove general::kline\_delay
72 - If m\_webirc is loaded, connections that try to use a webirc auth block as their I-line will
73 be disconnected on registration
74
75 ### misc
76 - **Breaking:** WEBIRC now processes the "secure" option as specified by IRCv3. Web gateways that
77 do not set this option will need to be updated or their connections will show as insecure.
78 - Successfully changing IP with WEBIRC now drops an identd username
79
80 ### code
81 - Channel lists are now kept sorted. A for-loop macro, `ITER_COMM_CHANNELS`, is introduced to
82 efficiently compare two such lists.
83
84
85 ## charybdis-4.1.2
86
87 ### user
88 - src/s\_user.c: don't corrupt usermodes on module unload/reload
89
90 ## charybdis-4.1.1
91
92 ### security
93 - Fix an issue with the PASS command and duplicate server instances.
94
95 ### misc
96 - Fix connection hang with blacklist/opm when ident is disabled.
97 - Improve SASL CAP notification when the services server disconnects.
98 - MbedTLS: Support ChaCha20-Poly1305 in default cipher suites.
99
100 ## charybdis-4.1
101
102 ### misc
103 - SCTP is now supported for server connections (and optionally, user connections)
104
105 ## charybdis-4.0.1
106
107 ### server protocol
108 - SJOIN messages were being constructed in a 1024 byte buffer and truncated to 512 bytes
109 when sending. This caused channels with more than 50 users to fail to propagate all of
110 them during a net join.
111
112 ## charybdis-4.0
113
114 ### build
115 - Build system has been converted to libtool + automake for sanity reasons.
116 - The compile date is now set at configure time rather than build time, allowing for
117 reproducible builds. (#148, #149)
118 - Support for GNUTLS 3.4 has been added.
119
120 ### user
121 - Import the ability to exceed MAXCHANNELS from ircd-seven.
122 - Implement IRCv3.2 enhanced capability negotiation (`CAP LS 302`).
123 - Implement support for receiving and sending IRCv3 message tags.
124 - Implement IRCv3.2 capabilities: (#141)
125 - account-tag
126 - echo-message
127 - invite-notify
128 - sasl
129 - server-time
130 - SASL: certificate fingerprints are now always sent to the SASL agent, allowing for
131 the certificate to be used as a second authentication factor.
132
133 ### oper
134 - Merge several features from ircd-seven:
135 - Implement support for remote DIE/RESTART.
136 - Implement support for remote MODLOAD et al commands.
137 - Add the GRANT command which allows for temporarily opering a client.
138 - Implement the hidden oper-only channel modes framework.
139 - Implement a channel mode that disallows kicking IRC operators (+M).
140 - Enhance the oper override system, allowing more flexibility and detail
141 in network-wide notices.
142 - DNS, ident, and blacklist lookups have been moved to a dedicated daemon known
143 as authd. Some cosmetic changes to blacklist statistics and rejection notices
144 have resulted.
145 - An experimental OPM scanner has been added to authd. Plaintext SOCKS4,
146 SOCKS5, and HTTP CONNECT proxies can be checked for.
147 - The LOCOPS command has been moved from core to an extension.
148 - All core modules in charybdis have descriptions, which are shown in MODLIST.
149 - Suffixes should not be used when doing /MODLOAD, /MODUNLOAD, /MODRELOAD, etc.
150
151 ### misc
152 - Support for WebSocket has been added, use the listen::wsock option to switch
153 a listener into websocket mode.
154
155 ### conf
156 - Add the ability to strip color codes from topics unconditionally.
157 - The obsolete hub option from server info has been removed.
158
159 ### docs
160 - The documentation has been cleaned up; obsolete files have been purged, and
161 files have been renamed and shuffled around to be more consistent.
162
163 ### code
164 - `common.h` is gone. Everything useful in it was moved to `ircd_defs.h`.
165 - `config.h` is gone; the few remaining knobs in it were not for configuration
166 by mere mortals, and mostly existed as a 2.8 relic. Most of the knobs live in
167 `defaults.h`, but one is well-advised to stay away unless they know exactly
168 what they are doing.
169 - A new module API has been introduced, known as AV2. It includes things such as
170 module datecodes (to ensure modules don't fall out of sync with the code),
171 module descriptions, and other fun things.
172 - Alias and module commands are now in m_alias and m_modules, respectively, and
173 can be reloaded if need be. For sanity reasons, m_modules is a core module,
174 and cannot be unloaded.
175 - irc_dictionary and irc_radixtree related functions are now in librb, and
176 prefixed accordingly. Typedefs have been added for consistency with existing
177 data structures. For example, now you would write `rb_dictionary *foo` and
178 `RB_DICTIONARY_FOREACH`.
179 - C99 bools are now included and used in the code. Don't use ints as simple true
180 or false flags anymore. In accordance with this change, the `YES`/`NO` and
181 `TRUE`/`FALSE` macros have been removed.
182 - Return types from command handlers have been axed, as they have been useless
183 for years.
184 - libratbox has been renamed to librb, as we have diverged from upstream long
185 ago.
186 - Almost all 2.8-style hashtable structures have been moved to dictionaries or
187 radix trees, resulting in significant memory savings.
188 - The block allocator has been disabled and is no longer used.
189 - The ratbox client capabilities have been ported to use the ircd capabilities
190 framework, allowing for modules to provide capabilities.
191 - Support for restarting ssld has been added. ssld processes which are still
192 servicing clients will remain in use, but not service new connections, and
193 are garbage collected when they are no longer servicing connections.
194 - Support for ratbox-style 'iodebug' hooks has been removed.
195 - New channel types may be added by modules, see `extensions/chantype_dummy.c`
196 for a very simple example.
197
198 ## charybdis-3.5.0
199
200 ### server protocol
201 - Fix propagation of ip_cloaking hostname changes (only when setting or
202 unsetting the umode after connection).
203 - Fix a remote-triggerable crash triggered by the CAPAB parsing code.
204 - As per the TS6 spec, require QS and ENCAP capabilities.
205 - Require EX and IE capabilities (+e and +I cmodes).
206 - Check that UIDs start with the server's SID.
207
208 ### user
209 - Allow mode queries on mlocked modes. In particular, allow /mode #channel f
210 to query the forward channel even if +f is mlocked.
211 - Strip colours from channel topics in /list.
212 - If umode +D or +g are oper-only, don't advertise them in 005.
213 - If MONITOR is not enabled, don't advertise it in 005.
214 - Add starttls as per ircv3.
215 - Abort a whowas listing when it would exceed SendQ, which would previously
216 disconnect the user.
217 - Reject nicks with '~' in them, rather than truncating at the '~'.
218 - Remove CHARSET=ascii from ISUPPORT
219 - Use the normal rules for IP visibility in /whowas.
220 - Cmode +c now strips '\x0F' (^O, formatting off), fixing weird rendering in
221 some clients that internally use mIRC formatting such as highlighted
222 messages in HexChat.
223 - Indicate join failure because of the chm_sslonly extension (cmode +S) using
224 the same 480 numeric as ircd-ratbox.
225 - Do not allow SASL authentication when the configured SASL agent is unavailable.
226 - Automatically add unidentified users to the ACCEPT list when a user is set +R,
227 as we do when the user is set +g.
228 - Implement IRCv3.2 capabilities:
229 - cap-notify
230 - chghost
231 - userhost-in-names
232 - Implement the $&, $| and $m extban types:
233 - $& combines 1 or more child extbans as an AND expression
234 - $| combines 1 or more child extbans as an OR expression
235 - $m provides normal hostmask matching as an extban for the above
236 - Do not allow STARTTLS if a connection is already using TLS.
237 - Display an operator's privilege set in WHOIS.
238 - The $o extban now matches against privilege set names as well as individual
239 privileges. Privilege set names are preferred over individual privileges.
240
241 ### oper
242 - Fix a crash with /testline.
243 - Complain to opers if a server that isn't a service tries to
244 SU/RSFNC/NICKDELAY/SVSLOGIN.
245 - Turn off umode +p (override) when deopering.
246 - Make listener error messages (e.g. port already in use) visible by default
247 instead of only on snomask +d and in ioerrorlog.
248 - Remove snotes on +r about GET/PUT/POST commands ("HTTP Proxy disconnected").
249 - Add DNSBL snotes on snomask +r.
250
251 ### config
252 - Add hide_uncommon_channels extension to hide uncommon channel memberships in WHOIS,
253 like in ircd-seven.
254 - Add chm_nonotice extension, cmode +T to reject notices.
255 - Add restrict-unauthenticated extension, prevents unauthenticated users from
256 doing anything as channel operator.
257 - Add no_kill_services extension, prevents local opers from killing services.
258 - Allow matching specific replies of DNSBLs, using the new matches option.
259 - Remove blowfish crypt since it has the BSD advertising clause.
260 - Fix SHA256 ($5$) crypt.
261 - Make the channel::channel_target_change option actually work (it used to be
262 always on).
263 - SSL/TLS listeners now have defer_accept unconditionally enabled on them.
264 - The method used for certificate fingerprints (CertFP) is now configurable.
265 SHA1, SHA256 and SHA512 are available options.
266 - The minimum user threshold for channels in default /list output is now
267 configurable.
268
269 ### misc
270 - Work around timerfd/signalfd brokenness on OpenVZ.
271 - Fix a compilation issue in libratbox/src/sigio.c with recent glibc.
272 - Extend documentation slightly.
273 - Remove a BSD advertising clause that permission was granted to remove.
274 - Add support for hooking PRIVMSG/NOTICE.
275 - Reenable and fix the GnuTLS support.
276 - Add mbedTLS backend for SSL/TLS.
277 - Remove EGD support.
278 - Try other DNS servers if errors or corrupt replies are encountered.
279 - Rename genssl.sh script to genssl.
280 - Choose more secure SSL/TLS algorithms.
281 - Fix reconnecting with SSL/TLS with some clients such as ChatZilla (see
282 https://bugzilla.mozilla.org/show_bug.cgi?id=858394#c34 for details.)
283 - Improve error messages about the configuration file.
284 - Fix a crash when compiled with recent clang on 32-bit systems.
285 - Fix various memory leaks in rehash.
286 - Fix various code quality issues.
287 - Add --with-shared-sqlite to allow distribution packages to link to a shared
288 sqlite library. Using this is not recommended for on-server compilation.
289 - ISUPPORT tokens which are actually provided by modules have been moved to their
290 respective modules.
291
292 ## charybdis-3.4.0
293
294 ### server protocol
295 - Allow overriding opers (with the new extension) to op themselves on channels.
296 - Allow RSFNC to change a nickname's capitalization only.
297 - Add channel ban forwarding <mask>$<channel> much like ircd-seven. Local use
298 of this is controlled by the channel::use_forward config option.
299 - Add ENCAP TGINFO to propagate IP addresses that exceeded target change
300 limits (these get a lower limit when they reconnect).
301
302 ### user
303 - Consider bogus CTCP ACTION messages (without action text) CTCP (for
304 cmode +C).
305 - Send ERR_TOOMANYCHANNELS for each channel join that fails due to channel
306 limits.
307 - Add account-notify client capability to notify clients about logins and
308 logouts of users in common channels. See doc/account-notify.txt.
309 - Add extended-join client capability to add account name and ircname to JOIN.
310 - Add topic TS and channel TS constraints for /LIST (T<, T>, C<, C>
311 parameters as in some other servers).
312 - Disallow wildcarded nicknames in "hunted" parameters like /stats and /motd.
313 - Disallow mIRC italics in channel names when disable_fake_channels.
314 - Add AUTHENTICATE EXTERNAL support, allows SASL authentication using a
315 certificate fingerprint.
316 - Allow channel::kick_on_split_riding to protect channels with mlocked keys.
317 - The NICKLEN token in 005 now only specifies the maximum usable nick length.
318 The MAXNICKLEN token specifies the maximum nick length any user can have.
319 - Disallow $ in usernames as this may cause problems with ban forwarding.
320 - Add an error message (numeric 743) if a ban mask is invalid.
321 - Extract the underlying IPv4 address from 6to4 and Teredo IPv6 addresses.
322 Show it in a remote /whois and check channel bans, quiets, D:lines and
323 K:lines against it. Note that ban exceptions and auth{} blocks are not
324 checked.
325 - Allow normal users to perform /privs on themselves, showing some privileges
326 from the auth{} block.
327 - Add away-notify client capability, see doc/away-notify.txt.
328 - Add rate limit for high-bandwidth commands, in particular /who <channel>.
329 - Rate limit /away to help avoid flooding via away-notify.
330 - Apply colour stripping (cmode +c) and CTCP checking (cmode +C) to messages
331 to @/+ channel as well.
332 - Channel mode +c (and other places that disallow colour codes) now also strip
333 ASCII 4 (a different kind of colour code).
334
335 ### oper
336 - Add operspy for /list.
337 - Add a server notice to snomask +b if a user exceeds target change limits.
338 - Add missing server notice for kills from RSFNC and SVSLOGIN.
339 - Add /stats C to show information about dynamically loaded server
340 capabilities.
341
342 ### config
343 - Add support for linking using SSL certificate fingerprints as the link
344 credential rather than the traditional password pair.
345 - Add m_roleplay extension, provides various roleplay commands.
346 - Add override extension, umode +p oper override for opers with oper:override
347 permission, with accountability notices and timeout. Note that opers cannot
348 op themselves if there are older servers on the network.
349 - Add channel::disable_local_channels config option.
350 - Add support for IPv6 DNSBLs. A new "type" option specifies the IP version(s)
351 for which each DNSBL should be checked.
352 - Make flood control settings configurable by those who know exactly what they
353 are doing.
354 - Add serverinfo::nicklen config option to limit the nick length for local
355 users. Different values of this option do not break the server protocol.
356 - Add extb_usermode extension, $m:+-<modes> extban matching against umodes.
357 - Extend extb_oper extension to allow matching against oper privileges.
358 - Add m_remove extension, /remove command as in ircd-seven.
359 - Add general::away_interval to allow configuring /away rate limiting.
360 - Add listener::defer_accept to delay accepting a connection until the client
361 sends data. This depends on kernel support. It may break BOPM checking.
362
363 ### misc
364 - In mkpasswd, default to SHA512-based crypt instead of MD5-based crypt.
365 - Add --with-custom-branding and --with-custom-version configure options to
366 help forks/patchsets distinguish themselves.
367 - Change version control from Mercurial to GIT.
368 - Ensure SIGHUP and SIGINT keep working after a SIGINT restart.
369 - Add --enable-fhs-paths configure option to allow installing into a more
370 FHS-like hierarchy.
371 - Remove broken GnuTLS support. SSL/TLS is now only provided using OpenSSL.
372
373 ## charybdis-3.3.0
374
375 ### server protocol
376 - Add new BAN command, for propagated network-wide bans (K/X:lines and RESVs).
377 These will burst to new servers as they are introduced, and will stay in sync
378 across the whole network (new BAN capab).
379 - Add new MLOCK command, to implement ircd-side channel mode locks. This allows
380 services to send out a list of mode letters for a given channel which may not
381 be changed, preventing mode fights between services and client bots (new MLOCK
382 capab).
383
384 ### user
385 - New RPL_QUIETLIST(728) and RPL_ENDOFQUIETLIST(729) numerics are used for the
386 quiet (+q) list, instead of overloading the ban list numerics.
387 - Users may no longer change the topic of a -t channel if they cannot send to
388 it.
389 - Add help for EXTBAN, describing the syntax of extended bans in general, as
390 well as the most common types.
391 - Changed AWAY messages are now propagated to other servers. Previously, AWAY
392 was only propagated when the user was not already away.
393 - Channel mode +c (and other places that disallow colour codes) now also strip
394 ASCII 29 (mIRC 7 italics).
395 - Add auto-accept for user mode +g (callerid): Messaging a user while set +g
396 will automatically add them to your accept list.
397 - Add target change for channels. It applies to unopped, unvoiced and unopered
398 users. This has the effect of stopping spambots which join, message and part
399 many channels at a time.
400 - Show RPL_WHOISLOGGEDIN in /whowas as well as in /whois entries. This adds at
401 most an additional 0.5MB of memory usage.
402 ### config
403 - Add general::use_propagated_bans to switch the new BAN system on or off.
404 - Add general::default_ident_timeout, to control the timeout for identd (auth)
405 connections.
406 - Add channel::channel_target_change to switch the new channel target change limits
407 on or off.
408 - Fix class::number_per_ident so that it also applies to connections without
409 identd.
410 - Change the example sslport option to 6697, which is more standard than 9999.
411 ### misc
412 - The custom channel mode API has been rewritten, allowing these modules to work
413 correctly when reloaded, or loaded from the config file.
414 - The EFNet RBL is now recommended, instead of DroneBL.
415 - Remove the unsupported modules directory.
416 - Numerous bug fixes and code cleanups.
417 - In mkpasswd, default to MD5 crypt instead of insecure DES.
418
419 ## charybdis-3.2.0
420
421 ### server protocol
422 - Apply +z to messages blocked by +b and +q as well. (new EOPMOD capab)
423 - Add new topic command ETB, allowing services to set topic+setter+ts always.
424 (new EOPMOD capab)
425 - The slash ('/') character is now allowed in spoofs.
426
427 ### user
428 - Add can_kick hook, based on the ircd-seven one.
429 - Add cmode +C (no CTCP) from ircd-seven.
430 - Flood checking has been reworked.
431 - Fix op-moderate (cmode +z) for channel names with '@'.
432 - Add CERTFP support, allowing users to connect with an SSL client
433 certificate and propagating the certificate fingerprint to other servers.
434 Services packages can use this to identify users based on client
435 certificates.
436 - Maintain the list of recently used targets (for the target change
437 anti-spam system) in most-recently-used order, overwriting the least
438 recently used target with a new one. This should be friendlier to users
439 without giving spambots anything.
440 - Do not require target change slots for replying to the last five users to
441 send a private message, notice or invite.
442 - Apply target change restrictions to /invite.
443 - Apply umode +g/+R restrictions to /invite, with the difference that
444 instead of sending "<user> is messaging you" the invite is let through
445 since that is just as noisy.
446
447 ### oper
448 - Add /rehash throttles to clear throttling.
449 - Send all server notices resulting from a remote /rehash to the oper.
450 - '\s' for space is now part of the matching, not a substitution at xline
451 time, fixing various issues with it.
452 - Display o:line "nickname" in oper-up server notices.
453 - Fix sendq exceeded snotes for servers.
454 - SCAN UMODES: default list-max to 500, like a global WHO.
455 - Ignore directory names in MODRELOAD to avoid crashing if it is a core
456 module and the path is incorrect.
457 - Tweaks to spambot checks.
458
459 ### config
460 - Add channel::only_ascii_channels config option to restrict channel names
461 to printable ascii only.
462 - Add channel::resv_forcepart, forcibly parts local users on channel RESV,
463 default enabled.
464
465 ### misc
466 - New mkpasswd from ircd-ratbox.
467 - Check more system calls for errors and handle the errors.
468 - Various ssld/libratbox bugfixes from ircd-ratbox. [some MERGED]
469 - Fix fd passing on FreeBSD/amd64 and possibly Solaris/sparc. [MERGED]
470 - Various documentation improvements. [some MERGED]
471 - Fix some crash issues. [MERGED]
472 - Add bandb from ircd-ratbox, which stores permanent dlines/klines/xlines/resvs
473 in an sqlite database instead of a flatfile and does the storage in a
474 helper process. Use bin/bantool -i to import your old bans into the
475 database.
476
477 ## charybdis-3.1.0
478
479 - Remove TS5 support. No TS5 servers are permitted in a network with
480 charybdis 3.1.0 or newer, except jupes.
481 - Replace oper flags by privilege sets (privsets). This adds an extra
482 level of indirection between oper flags and operator blocks. /stats O
483 (capital O) shows the configured privsets.
484 - Update libratbox and ssld from upstream and use it better.
485 - Add auth_user to auth{}. This allows specifying a username:password instead
486 of just a password in PASS, so that a fixed user@host is not necessary
487 for a specific auth{} block.
488 - Add need_ssl to auth{} and operator{}. This makes these blocks reject
489 the user if not connected via SSL.
490 - Allow modules to provide simple channel modes without parameter.
491 - Remove restrictions on CNAME in the resolver.
492 - Make the resolver remember nonresponsive nameservers.
493 - Move nick collision notices from +s to +k.
494 - Add additional information to various server notices about server
495 connections.
496 - Show throttle information in /stats t.
497 - Show rejectcache and throttle information in /testline.
498 - Show oper reason in /testline.
499 - Allow opers to see other users' umodes with /mode <nick>.
500 - SCAN UMODES GLOBAL NO-LIST MASK <mask> is no longer an operspy command.
501 - Also apply floodcount to messages to remote clients (except services).
502 - Remove user@server messages to local users. Sending such messages to
503 remote servers is still possible, for securely messaging pseudoservers
504 whether service{}'ed or not. The special oper-only syntax opers@server
505 remains as well.
506 - Allow /list on a named +p channel. A full /list already included +p channels.
507 - Add operspy /topic.
508 - For remote rehashes, send error messages to the requesting oper as well.
509 - Disable autoconnect for a server with excessive TS delta.
510 - Disallow invites to juped channels.
511 - Warn about certain duplicate and redundant auth blocks.
512 - Make PRIVMSG/NOTICE behave as CPRIVMSG/CNOTICE automatically if possible.
513 - Allow +z messages from outside if a channel is -n.
514 - Allow coloured part reasons in -c channels.
515 - Add ircu-like WHOX support. This allows requesting specific information
516 in /who and allows obtaining services login name for all users in a
517 channel. XChat/Conspire use WHOX to update away status more efficiently.
518 - Allow opers and shide_exempt users to see hopcounts even if flatten_links
519 is on.
520 - Rework ip_cloaking.
521 - Add the IP address to userlog, as in ircd-ratbox 3.0.
522 - Split cidr_bitlen into cidr_ipv4_bitlen and cidr_ipv6_bitlen.
523 - Allow using ziplinks with SSL connections. This is not as efficient as
524 using OpenSSL's built in compression, but also works with older versions
525 of OpenSSL.
526 - Fix an off by one error with zipstats processing, which could overwrite
527 a variable with NULL causing a crash on some systems.
528 - Document some extensions in charybdis-oper-guide.
529 - Add more server protocol documentation.
530 - Add m_sendbans extension, SENDBANS command to propagate xlines and resvs
531 manually.
532 - Add chm_sslonly extension, cmode +S for SSL/TLS only channels.
533 - Add chm_operonly extension, cmode +O for IRCop only channels.
534 - Add chm_adminonly extension, cmode +A for server admin only channels.
535 - Various code cleanups.
536
537 ## charybdis-3.0.4
538
539 - Fix a crash on certain recent versions of Ubuntu.
540 - Allow 127.x.y.z for DNSBL replies instead of just 127.0.0.x.
541 - Various documentation improvements.
542
543 ## charybdis-3.0.3
544
545 - Fix IPv6 D:lines
546 - Fix rejectcache and unknown_count.
547 - Fix genssl.sh.
548 - Fix ident for SSL/TLS connections.
549 - Fix SSL/TLS bugs for servers with more than about 100 connections.
550 - Small bugfixes.
551
552 ## charybdis-3.0.2
553
554 - Improve OLIST extension error messages.
555 - Improve some kline error checking.
556 - Avoid timing out clients if we are still waiting for a DNSBL lookup.
557 - Fix resolver hangs with epoll.
558 - Fix compilation without zlib.
559
560 ## charybdis-3.0.1
561
562 - Fix occasional hung clients with kqueue.
563 - Fix a rare ssld crash.
564 - Fix a bug that could cause incorrect connect failure reasons to be
565 reported.
566 - Make the IRCd work on MacOS X again.
567
568 ## charybdis-3.0.0
569
570 - Port the IRCd to libratbox, which has improved our portability and allows
571 us to reuse low-level code instead of maintaining our own.
572 - Change configuration of maximum number of clients to ircd-ratbox 3 way.
573 - Add adminwall from ircd-ratbox, as an extension.
574 - Add client and server-to-server SSL, read example.conf for setup.
575 - Replace servlink with ssld (also for ziplinks).
576 - A new extban, $z, has been added for ssl users (extensions/extb_ssl.so).
577 - A new compatibility channel mode, +R, has been added, it sets
578 +q/-q $~a (extensions/chm_operonly_compat.so). This is similar to
579 the +R seen in ircd-seven.
580 - A new compatibility channel mode, +S, has been added, it sets
581 +b/-b $~z (extensions/chm_sslonly_compat.so).
582 - A new compatibility channel mode, +O, has been added, it sets
583 +iI/-iI $o (extensions/chm_operonly_compat.so).
584 - Add remote D:lines. Note that these are not enabled by default.
585 - Remove EFnet-style G:lines. Noone appears to use these.
586 - Remove idle time checking (auto disconnecting users idle too long).
587 - Display a notice to clients when the IRCd is shut down using SIGTERM.
588 - Some error messages have been clarified to enhance usability.
589 - Close the link to servers that send invalid nicks (e.g. nicklen mismatches).
590 Formerly the users were killed from the network.
591 - Enable topicburst by default in connect{}.
592 - Fix a potential desync which can happen with oper override.
593 - Remove "deopped" flag (TS5 legacy).
594 - Use 127.0.0.1 as nameserver if none can be found in /etc/resolv.conf.
595 - Only accept 127.0.0.x as a dnsbl listing.
596 - Change cloaking module (same as 2.2.1, different from 2.2.0).
597 - Make some more server notices about failed remote connect attempts
598 network wide.
599 - Make some server notices about flooders and TS delta network wide.
600 - Remove redundant "<server> had been connected for <time>" server notice.
601 - Add resv oper privilege to control /resv, /unresv and cmode +L and +P,
602 enabled by default.
603 - Add mass_notice oper privilege to control global notices and /wallops,
604 enabled by default.
605 - Rework unkline/undline/unxline/unresv so they show the exact item removed
606 and do not rehash bans.
607 - Show opers a list of recently (<24hrs) split servers in /map.
608 - Add /privs command, shows effective privileges of a client.
609
610 ## charybdis-2.2.0
611
612 - The I/O code has been reworked, file descriptor metadata is stored in a
613 hashtable and the maximum number of clients can now be set in ircd.conf.
614 - Improve error checking and error messages for kline/dline/xline/resv files.
615 - Allow kline ipv6:address, unkline some.host and unkline ipv6:address
616 without *@.
617 - Add accountability (wallops, log) to OKICK extension.
618 - Add opernick to OPME/OMODE/OJOIN log messages.
619 - Add use_forward option, allows disabling cmode +fFQ and umode +Q.
620 - Add keyword substitution to DNSBL reasons, making it possible to show
621 things like the user's IP address in the reason.
622 - Use sendto_one_notice() more.
623 - Server notices about kills now include the victim's nick!user@host instead
624 of just nick.
625 - Include real hostname in Closing Link message for unknown connections
626 that have sent USER, in particular banned users.
627 - Add some documentation about the SASL client protocol.
628 - Change spambot, flooder and jupe joiner notices from host to orighost.
629 - Remove the last remains of server hostmasking (this made it possible to
630 have multiple servers with similar names appear as a single server).
631 - Keep bitmasks of modularized umodes reserved forever to the letter,
632 avoiding problems when reloading umode modules in a different order.
633 - Fix -logfile.
634 - Update to the new revision (v8) of the TS6 spec, this fixes problems with
635 joins reversing certain mode changes crossing them. This interoperates
636 with older versions.
637 - Put "End of Channel Quiet List" at the end of +q lists.
638 - Fix invisible count getting desynched from reality if the act of opering
639 up sets -i or +i.
640 - Don't leak auth{} spoofed IP addresses in +f notices.
641 - Shorten quit/part/kick reasons to avoid quit reasons overflowing the
642 client exiting server notice (from TOPICLEN to 260).
643 - Fix some cases where 10 char usernames lose their final character.
644 - Move username check after xline and dnsbl checks, so it will not complain
645 to opers about clients who are xlined or blacklisted anyway (both of
646 which silently reject).
647 - Remove invite_ops_only config option, forcing it to YES.
648 - Allow /invite (but not invex) to override +r, +l, +j in addition to +i.
649 - Add several new extensions, such as createoperonly.
650 - Merge whois notice extensions into one and move it from snomask +y to +W.
651
652 ## charybdis-2.1.2
653
654 - Fix bug that could cause all hostmangled users to be exempted when a
655 single ban exception existed on a channel.
656 - Tweak \s code a little.
657 - Add a minor clarification to the SGML docs.
658 - Avoid truncation in ip_cloaking (by removing components on the other side).
659 Note that this may cause channel +bqeI modes set on such very long hosts
660 to no longer match.
661
662 ## charybdis-2.1.1
663
664 - Search the shortest list (user's/channel's) when looking up channel
665 memberships.
666 - Make the SID-collision notice look right under all conditions.
667 - Move kills from services from +s to +k snomask.
668 - When no_tilde is present on an auth{} block, check the non-tilde version
669 of the user@host against k:lines as well.
670 - Put full reason in the SQUIT reason when a server is rejected for
671 insufficient parameters being passed to a command.
672 - Don't redirect users to an existing domain, irc.fi.
673 - Improve communication of servlink-related error messages.
674
675 ## charybdis-2.1.0
676
677 - Our official website is now http://www.ircd-charybdis.org/.
678 - Make RPL_ISUPPORT (005 numeric) modularizable.
679 - Also do forwarding if the channel limit (+l) is exceeded.
680 - Don't count opers on service{} servers in /lusers.
681 - Allow servers to send to @#chan and +#chan.
682 - Allow +S clients (services) to send to channels and @/+ channels always.
683 - Allow normal match() on IP address also in /masktrace.
684 - Add new testmask from ratbox 2.2. Allows matches on nick, ip and gecos
685 in addition to user and host, and is fully analogous to masktrace.
686 The numeric has changed from 724 to 727 and fields in it have changed.
687 - Show IP addresses to opers in /whowas.
688 - Add extb_extgecos extban option ($x:nick!user@host#gecos), from sorcery
689 modules.
690 - Add extb_canjoin extban option ($j:#channel), matches if the user is banned
691 from the other channel.
692 - Allow opers to /who based on realhost.
693 - Allow opers to /masktrace, /testmask based on realhost.
694 - Add general::operspy_dont_care_user_info, limits operspy accountability to
695 channel-related information.
696 - Make host mangling more reliable.
697 - Prevent ban evasion by enabling/disabling host mangling.
698 - Add EUID, sends real host and services account in the same command as other
699 user information.
700 - Make it possible to send CHGHOST without ENCAP (fixes problems with old
701 services).
702 - Allow service{} servers to manipulate the nick delay table (for "nickserv
703 enforcement", aka SVSHOLD).
704 - Send server notices about connections initiated by remote opers network wide.
705 - Fix too early truncation of JOIN channel list.
706 - Make the newconf system available to modules.
707 - Add /stats s to the hurt module to list active hurts.
708 - Add general::servicestring, shown in /whois for opered services (+oS).
709 - Show real host/IP behind dynamic spoof in /whois to the user themselves
710 and opers.
711 - Document option to disable nick delay.
712 - Improve logging of server connections.
713 - Clean up handling of hostnames in connect blocks.
714 - Remove support for resolving ip6.int, people should be using ip6.arpa.
715 - Unbreak --disable-balloc (useful for debugging with tools like valgrind).
716 - Make Solaris 10 I/O ports code compile.
717 - Add WEBIRC module to allow showing the real host/IP of CGI:IRC users.
718 - Comment out blacklist{} block in example confs, as AHBL requires
719 notification before use.
720 - Fix some bugs relating to the resolver.
721
722 ## charybdis-2.0.0
723
724 - Replace ADNS with a new smaller resolver from ircu and hybrid.
725 - Make services shortcuts (/chanserv etc) configurable in ircd.conf.
726 - Add extban: extensible +bqeI matching via modules. Syntax is
727 $<type>[:<data>]. By default no modules are loaded.
728 - Add DNS blacklist checking.
729 - Change operator{} block user@host from host to orighost. This means that
730 services/+h spoofs do not work in operator{} blocks; auth{} spoofs still
731 work. Check your operator{} blocks!
732 - Split contrib/ into extensions/ and unsupported/.
733 - Change CHGHOST do show the change to all other clients on common channels
734 with quit/join/mode.
735 - Add /rehash nickdelay to clear out the nickdelay tables.
736 - Glines are now disabled in the example confs.
737 - Show more error messages on stderr.
738 - Add OMODE command to extensions/ for easier oper mode hacking.
739 - Add HURT system to extensions/; this shuns clients matching certain host/ip
740 unless and until they identify to services. Mainly intended for SorceryNet.
741 - Show SASL success and failure counts in /stats t.
742 - Allow more frequent autoconnects to servers.
743 - Messaging services by nickname no longer uses target change slots.
744 - Only accept SASL from servers in a service{} block.
745 - New auth{} flag need_sasl to reject users who haven't done SASL
746 authentication.
747 - Expand blah.blah and blah:blah to *!*@... instead of ...!*@* for bans
748 - Don't allow opers to fake locops/operwall to +w.
749 - Documentation updates.
750 - Many bugfixes.
751
752 ## charybdis-1.1.0
753
754 - Implement SAFELIST.
755 - Incorporate ircu's match() algorithm.
756 - Improve usermode modularization.
757 - Seperate server notices into a seperate snomask, freeing up many
758 usermodes to be used.
759 - Add support for SIGNON originating from Hyperion2.
760 - Modularize many server notices into seperate modules.
761 - Add hooks for can_join and can_create_channel.
762 - Add support for SASL authentication.
763 - Add introduce_user hook for adding new messages when a user is bursted.
764 - Move a large part of the ircd into libcharybdis.
765 - Don't complain "unknown user mode" if a user tries to unset
766 a mode they do not have access to.
767 - Update our challenge specification to the challenge implementation in
768 ratbox 2.2 for interoperability.
769 - Make +f notices network-wide (local host, global host,
770 global user@host, local class), other notices tied to +f remain local.
771 - Allow ENCAP REALHOST outside of netburst.
772 - Add general::global_snotices option to make server notices be
773 network-wide or not.
774 - Add sno_farconnect.c to contrib, provides farconnect support.
775 Could be useful for BOPM.
776 - Add sno_routing.c which displays information about netsplits, netjoins
777 and the clients affected by them.
778 - Add CHANTRACE and TRACEMASK commands from ratbox 3.0
779 - Use IsOperAdmin() instead of IsAdmin() when sending admin-only messages,
780 that way hidden admins get them too.
781 - Add m_error to core_module_table, somehow it was missing.
782 - Correct a format string bug that occurs when a read error is
783 received.
784 - Add some logging in places where we drop servers and only notify
785 server operators.
786 - Track hostmask limits based on a client's original host, if
787 available.
788 - Move HIDE_SPOOF_IPS into the general {} block in ircd.conf
789
790 ## charybdis-1.0.3
791
792 - Fix /invite UID leak. (Found by logiclrd@EFnet.)
793 - Incorporate ratbox bugfixes for the MONITOR system.
794 - Made show_ip() less braindead.
795 - Show real errno if we fail to connect to a server.
796 - Don't disclose server IP's when a connection fails.
797 - Do not show the channels a service is sitting in.
798 - Reverted the aline code from hybrid-7.2
799 - Make sure TS6 services are recognized properly if connected remotely.
800 - Tweak something in services support for cyrix boxes.
801
802 ## charybdis-1.0.2
803
804 - Fix propagation of an empty SJOIN (permanant channels).
805 - Fix an exploit involving a malformed /trace request.
806 - Don't display a blank RPL_WHOISCHANNELS in a remote whois request.
807 - Allow modules to provide new usermodes.
808 - On a nickname collision, change the collided nick to their unique ID,
809 if general::collision_fnc is enabled in the config.
810 - Don't allow UID lookups in /monitor + and /monitor s
811 - Fix a garbage issue with channel mode +j.
812 - Apply proper capability flags to the proper server in me_gcap().
813 - Use find_named_person() instead of find_person() in a nick collision.
814 - Prevent UID disclosure in cmode setting.
815 - Prevent UID disclosure to remote clients in /kick.
816 - Do not allow users to query via /whois <server> <UID>.
817 - Don't allow local users to use UID's in local usermode changes.
818 - Propagate +q lists on netjunction.
819 - Clear +q lists on a lowerTS SJOIN.
820 - Ported a generic k/d/x-line parser from hybrid-7.2 which resulted in
821 duplicate code reduction.
822 - Fix linebuf raw code to not truncate lines longer than 512 bytes;
823 improves ziplink reliability on net junction.
824 - Use find_named_person() vs find_person() in services alias code.
825 - Fix issue where channel forwarding token can be lost on net junction.
826 - Fix empty channel desync issues involving +P.
827 - Remove unused non-ENCAP CHGHOST support.
828 - Use TS6 form for SQUIT wallops.
829 - Propagate nickname changes for remote clients in TS6 form if possible,
830 even if sent in TS5 format.
831 - Only clear oper_only_umodes for local clients on deoper.
832
833 ## charybdis-1.0.1
834
835 - Display logged in status on non-local clients too.
836 - Documentation updates
837 - Fix a bug with forward target authorization.
838 - Fix a bug with mode propagation (+Q/+F).
839 - Change ERR_NOSUCHNICK to ERR_SERVICESOFFLINE in services aliases.
840 - Add remote rehashing.
841 - Document service { } blocks (u:lines on ircu).
842 - Document identify_service and identify_command in reference.conf.
843
844 ## charybdis-1.0
845
846 - Implement channel mode +L for channel list limit exemptions.
847 - Implement channel mode +P primarily as a status mode, permanant
848 channel -- this is usually enforced via services registrations.
849 - Change behaviour of /stats p: now displays all staff members instead
850 of local ones only.
851 - Make oper_list global, add local_oper_list for local traffic.
852 - Strip control codes from parts and quits.
853 - Add channel mode +c which strips control codes from messages sent to
854 the channel.
855 - Add channel mode +g which enables free use of the /invite command.
856 - Add channel mode +z which sends rejected messages to channel ops.
857 Could be useful for Q&A sessions or other similar events.
858 - Add channel quietmasks. These are recommended over the use of channel
859 bans used to remove a user's ability to participate in the channel.
860 - Add channel join throttling mode, +j. Used to throttle channel join
861 traffic, i.e. join/part flood attacks. Syntax: +j <joins>:<timeslice>
862 - Improvements to channel_modes(), from shadowircd -- allows for
863 better construction of the mode string.
864 - Use the undernet throttle notice instead of bancache message when
865 dealing with rejected clients. (stolen from ircu2.10.12)
866 - Add channel forwarding, via channel mode +f, behaves similarly to
867 dancer-ircd version.
868 - Update example.conf to reflect AthemeNET changes. Original ratbox
869 config is now reference.conf.
870 - Services account names are now tracked globally.
871 - Add channel mode +Q which disables the effects of channel forwarding
872 on a temporary basis.
873 - Add channel mode +F which allows anybody to disable forwarding target
874 authorisation, voluntarily on their channels.
875 - Make wallops behave like normal wallops.
876 - Add services aliases: /ns, /cs, /os, /nickserv, /chanserv, /operserv.
877 - Add simple hack that enables use of server password for automatic
878 identify.