The default value for the -nameopt option changed in OpenSSL 3.2 from
`oneline' to `utf8'. The `oneline' option also included a space around
the fields which is not the case for `utf8'. This means that
CN = my.first.domain.tld
changed to
CN=my.first.domain.tld
and is now longer recognized, leading to test failure.
This can be fixed by either going back to `oneline' or keeping `utf8'
and adding additionally `space_eq'. Anoter way would be to teach the
expect that the space is optional.
Add explicit -nameopt option with `utf8,space_eq' which is understood by
by OpenSSL 3.2 and earlier to make explicit. Remove the wildcard.
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
This makes sense because the package is build with SSL support enabled,
and we set and enable "CAFile" in commit ae9cfade -- which results in an
error when this is not in an enabled(!) [SSL] section ...
Move most information regarding configuring ngIRCd into the
doc/QuickStart.md document, only describe building and installing ngIRCd
in the INSTALL.md file. Don't duplicate content!
Add references where this makes sense.
No longer use a default built-in value for the "IncludeDir" directive
when a configuration file was explicitly specified on the command line
using "--config"/"-f": This way no default include directory is scanned
when a possibly non-default configuration file is used which
(intentionally) did not specify an "IncludeDir" directive.
With this patch you now can use "-f /dev/null" for checking all built-in
defaults, regardless of any local configuration files in the default
drop-in directory (which would have been read in until this change).
The "Info" option in the "[Global]" section is optional (so comment it
out in the sample configuration file) and set to the server software
name and its version when not set (so add this information to the sample
configuration file and the ngircd.conf(5) manual page).
The server "Name" in the "[Global]" section of the configuration file is
optional now: When not set (or empty), ngIRCd now tries to deduce a
valid IRC server name from the local host name ("node name"), possibly
adding a ".host" extension when the host name does not contain a dot
(".") which is required in an IRC server name ("ID").
This new behaviour, with all configuration parameters now being
optional, allows running ngIRCd without any configuration file at all.
Basically this is unnecessary, as Channel_UserModes() always returns a
valid pointer and strchr() can deal with an empty (NULL-terminated)
string perfectly fine, bit it makes the code a bit more obvious and
silences the following warning:
In function ‘Channel_UserHasMode’,
inlined from ‘Channel_Kick’ at channel.c:384:7:
channel.c:784:16: warning: ‘strchr’ reading 1 or more bytes from a region
of size 0 [-Wstringop-overread]
784 | return strchr(Channel_UserModes(Chan, Client), Mode) != NULL;
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This was seen with "gcc (Debian 12.2.0-14) 12.2.0" at least.
- Rewrite using current dh_make.
- Standards-Version: 4.6.2.
- No longer build 3 different packages; only build "ngircd" which now
includes support for IDENT, PAM (disabled in the ngircd.conf installed
by the package), SSL (OpenSSL), ZLib and IPv6.
- Update package description accordingly.
- No longer install a SysV init file, only install ngircd.service unit.
This affects targets for Apple Xcode and Package Maker, which both are
no longer supported/included in the ngIRCd distribution.
See commits 0652c99b and 07219281, this is a leftover ...
Clang does not know the -Wno-format-truncation option of (current) GCC,
but accepts unknown -W... options (exit core 0) but issues a warning
message on every invocation. So for example on macOS, where Clang is
used as "gcc", a new warning message was shown for every file to
compile, since we enabled -Wno-format-truncation in commit 1d527eaf:
warning: unknown warning option '-Wno-format-truncation' [-Wunknown-warning-option]
Clang no longer acceps unknown -W... options by enabling -Werror, which
this patch adds to the CFLAGS while testing for -Wno-format-truncation,
which fixes this issue.
This fixes commit 1d527eaf.
Add a "/* fall through */" annotation to "case" statements which
actually should "fall through" to silences GCC warning like this:
hash.c: In function ‘jenkins_hash’:
hash.c:110:27: warning: this statement may fall through
[-Wimplicit-fallthrough=]
110 | case 12: c+=((UINT32)k[11])<<24;
| ~^~~~~~~~~~~~~~~~~~~~~
Pass -Wno-format-truncation when this is supported by GCC so silence
warnings like this:
conf.c: In function ‘Read_Config’:
conf.c:985:60: warning: ‘snprintf’ output may be truncated before
the last format character [-Wformat-truncation=]
985 | snprintf(file, sizeof(file), "%s/%s",
| ^
conf.c:985:25: note: ‘snprintf’ output 2 or more bytes (assuming 257)
into a destination of size 256
985 | snprintf(file, sizeof(file), "%s/%s",
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
986 | Conf_IncludeDir, entry->d_name);
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The warning is correct, but this is basically why we use snprintf() in
the first place.
GNU automake 1.11 is the last release supporting "de-ANSI-fication"
using the included ansi2knr tool. And becuase we _want_ to support old
K&R platforms, we try hard to use this release of automake when
available to generate our build system.
Until now, IPv6 support was disabled by default, which seems a bit
outdated in 2024. Note: You still can pass "--enable-ipv6" or
"--disable-ipv6" to the ./configure script to forcefully activate or
deactivate IPv6 support.
Without this patch, disabling DNS in the configuration disabled IDENT
lookups as well (for no good reason).
This patch allows enabling/disabling DNS lookups and IDENT requests
completely separately and enhances the messages sent to the client when
"NoticeBeforeRegistration" is enabled, too.
Thanks for reporting this, Miniontoby!
Closes#291.
This was reported back in April 2021, thanks Sarah!
Subject: NGIRCD bug report
Date: April 28 2021, 14:30:08 MESZ
To: alex@barton.de
Hello,
I am writing to you to report a bug in ngircd.
In any give channel, if an user is with mode +a (admin), he/she can
sets mode +/-q(owner) to any other user. This is not inline with the
documentation.
I've looked into the code irc-mode.c, apparently an if block is
missing. Below are the code snippets that I believe fixes the bug.
This patch is what Sarah sent in. Thanks a lot!
You don't need to configure certificates/keys as long as you don't
configure SSL-enabled listening ports.
This can make sense when you want to only link your local daemon to an
uplink server using SSL and only have clients on your local host or in
you fully trusted network, where SSL is not required.
This includes removing the Xcode project.
The sample launchd(8) configuration properties list file was moved to
"contrib/de.barton.ngircd.plist" and kept.
Don't accept incoming plain-text ("non SSL") server connections for
servers configured with "SSLConnect" enabled.
If "SSLConnect" is not set for an incoming connection the server still
accepts both plain-text and encrypted connections.
This change prevents an authenticated client-server being able to force
the server-server to send its password on a plain-text connection when
SSL/TLS was intended.
Always try to close a connection with errors immediately, but try hard
to avoid too much recursion.
Without this patch, an outgoing server connection could get stuck in an
"endless" state trying to write out data over and over again.
This tries to fix 04de1423eb.