[Unreal-users] UnrealIRCd 3.4-alpha4 released

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi all,

A few days ago we released 3.4-alpha4. This will be (almost?) the last alpha 
release for UnrealIRCd 3.4.x. After that we will move to beta.

The oper privilege system received a complete makeover in this release, 
allowing you to grant/restrict oper privileges in a very fine manner. More 
work is on the way but it looks nice already.

More things (user modes, all extended bans, ..) have been moved to modules.
Have a look at the new improved modules.default.conf to see what modules you 
can enable/disable. There are 150 modules now!
(Note: if you upgrade from 3.4-alpha3 to 3.4-alpha4 then be sure to use 
'modules.default.conf' and not alpha3's old 'modules.conf')

Another major change is the new directory structure.
On *NIX you no longer put your configuration files (and other files) in your 
just-compiled-Unreal3.4 directory. Instead UnrealIRCd installs to 
/home/yourusername/unrealircd by default. This allows for a clear 'source' 
and 'installed' directory separation.
On all OS's we then enforce the following directory structure:
conf/    for configuration files
logs/    for log files
etc. etc.

Similarly, on *NIX you now have to start UnrealIRCd from the installed 
directory via the 'unrealircd' script:
cd /home/yourusername/unrealircd
./unrealircd start
(NOTE: the script is called 'unrealircd' now, previously it was 'unreal')

Finally, the UnrealIRCd 3.4.x documentation is now online at:
https://www.unrealircd.org/docs/UnrealIRCd_3.4.x_documentation
https://www.unrealircd.org/docs/FAQ
As you can see we use a wiki now for all (3.4.x) documentation.
The wiki is available for translation as well. At this point about half of 
the pages are open for translation, but more is on the way:
https://www.unrealircd.org/docs/Translating_UnrealIRCd_wiki_pages
The old unreal32docs.*html files have been removed from 3.4.x.

Full release notes below:

Unreal3.4-alpha4 Release Notes
===============================

This is the fourth 'alpha' version of UnrealIRCd 3.4. We plan to move to
'beta' stage in a month to have a stable 3.4.x release later in 2015.

IMPORTANT REMARKS as long as UnrealIRCd 3.4.x is in alpha stage:
* Because this is an alpha version it is far more likely to crash or hang.
* Security issues are handled as regular issues (no security advisories!)
* Linking with 3.2.x servers is supported but highly untested.
* Things are likely to change between alpha versions. Including but not
   limited to: configuration, command syntax, location of files, etc.

Therefore:
* You should never run 3.4-alpha4 as a production server
* You should not link 3.4-alpha4 with a production 3.2.x network

Please do:
* Install 3.4-alpha4 to play around, show to your friends, have fun with
   the latest features and improvements, test things.
* Report any problems, bugs, issues and other feedback on
   https://bugs.unrealircd.org/ so we can improve 3.4.x!

Finally:
* If you are moving from 3.2.x then be sure to read 'CONFIGURATION CHANGES'
   which explains the new directory structure and how to make UnrealIRCd
   convert your existing 3.2.x configuration file to the 3.4.x format.

==[ DOCUMENTATION ]==
UnrealIRCd 3.4.x documentation is now located in a wiki online at:
* https://www.unrealircd.org/docs/
The old unreal32docs.*html files have been removed.

==[ CONFIGURATION CHANGES ]==
Starting with 3.4-alpha4 we use a new directory structure.

*NIX: If you are not on Windows then this means you must now choose a
       target directory to install UnrealIRCd to. ./Config will ask this
       and it's ~/unrealircd by default (eg: /home/nerd/unrealircd).
       You also need to run 'make install' after 'make' now.
       After compiling, you should leave your Unreal3.4-alphaX directory
       and change to ~/unrealircd as everything takes place there.
       For example to start UnrealIRCd you run './unrealircd start'
       (again, from the /home/xxxx/unrealircd directory).

The new directory structure is as follows (both on Windows and *NIX):
conf/      contains all configuration files
logs/      for log files
modules/   all modules (.so files on *NIX, .dll files on Windows)
tmp/       temporary files
data/      persistent data such as ircd.tune
cache/     cached remote includes

It is possible to use your existing 3.2.x configuration file, but it needs
to be 'upgraded' to the new 3.4.x syntax. UnrealIRCd can do this for you.
Simply place your unrealircd.conf (and any other .conf's you use) in the
conf/ directory and then:
* On *NIX run './unrealircd upgrade-conf' (from /home/xxxx/unrealircd)
* On Windows simply try to boot and watch all the errors, click OK and
   you will be asked if UnrealIRCd should upgrade your configuration file.
On either OS, after running the step from above, simply start UnrealIRCd
again and it should boot up fine with your converted configuration file(s).

Note: UnrealIRCd can only convert *working* 3.2.x configuration files!
If your 3.2.x configuration contains mistakes or errors then the upgrade
process will likely fail or the resulting config file will fail to load.

You may still be interested in the configuration changes, they are
listed on: https://www.unrealircd.org/docs/Upgrading_from_3.2.x

==[ GENERAL INFORMATION ]==
* Below you will see a summary of all changes. Changes may be tagged when
   a change was made in a specific version, e.g. "(A3)" means 3.4-alpha3.
   For a complete list of changes (600+) use 'git log' or have a look at
   https://github.com/unrealircd/unrealircd/commits/unreal34

==[ NEW ]==
* We moved a lot of functionality, including most channel modes, user
   modes and all extended bans into 145 separate modules.
   This makes it...
   A) possible to fully customize what exact functionality you want to load.
      You could even strip down UnrealIRCd to get something close to the
      basic RFC1459 features from the 1990s. (No idea why you would want
      that, but it's possible)
   B) easier for coders to see all source code related to a specific feature
   C) possible to fix bugs and just reload rather than restart the IRCd.

   Have a look at modules.default.conf which contains the "default" set of
   modules that you can load if you just want to load all functionality.
   If you want to customize the list of modules to load then simply make
   a copy of that file, give it a different name, and include that one
   instead. Since the file is fully documented, you can just comment out
   or delete the loadmodule lines of things you don't want to load.
* Oper permissions have changed completely: (A4)
   * All previous oper levels/ranks no longer exist (Netadmin, Admin, ..)
   * oper::flags has been removed. Instead you must specify an operclass
     in oper::operclass (for example, 'operclass netadmin').
   * In operclass block(s) you define the privileges. You can now control
     exactly what an IRCOp can and cannot do. (This process is on-going)
     Have a look at operclass.default.conf which ships with UnrealIRCd,
     it contains a number of default operclass blocks suitable for the
     most common situations. See also the operclass block documentation:
     https://www.unrealircd.org/docs/Operclass_block
   * If you ask UnrealIRCd to convert your 3.2.x configuration file then
     it will try to select a suitable operclass for the oper. This will
     not always 100% match your current oper block rights, though.
   * Channel Mode +A (Admin Only) has been removed. You can use the new
     extended ban ~O:<operclass>. This allows you to, for example, create
     an operclass 'netadmin' only channel: /MODE #chan +iI ~O:netadmin*
   * set::hosts has been removed, use oper::vhost instead.
   * Since oper levels have been removed you no longer see things like
     "OperX is a Network Administrator" in /WHOIS by default.
     If you want that, then you can set oper::swhois to
     "is a Network Administrator" (or any other text).
* Entirely rewritten I/O and event loop. This allows the IRCd to scale
   more easily to tens of thousands of clients by using kernel-evented I/O
   mechanisms such as epoll and kqueue.
* Memory pooling has been added to improve memory allocation efficiency
   and performance.
* The local nickname length can be modified without recompiling the IRCd
* Channel Mode +d: This will hide joins/parts for users who don't say
   anything in a channel. Whenever a user speaks for the first time they
   will appear to join. Chanops will still see everyone joining normally
   as if there was no +d set.
* If you connect with SSL/TLS then your SSL Fingerprint (SHA256 hash) can
   be seen by yourself and others through /WHOIS. The fingerprint is also
   shared (broadcasted) with all servers on the network. In alpha3 we
   will add more features that will use SSL fingerprints. (A2)
* bcrypt has been added as a password hashing algorithm and is now the
   preferred algorithm (A3)
* './unreal mkpasswd' will now prompt you for the password to hash (A3)
* Protection against SSL renegotiation attacks (A3)
* When you link two servers the current timestamp is exchanged. If the
   time differs more than 60 seconds then servers won't link and it will
   show a message that you should fix your clock(s). This requires
   version 3.4-alpha3 (or later) on both ends of the link (A3)
* Configuration file converter that will upgrade your 3.2.x conf to 3.4.x.
   On *NIX run './unreal upgrade-conf'. On Windows simply try to boot and
   after the config errors screen UnrealIRCd offers the conversion. (A3)

==[ CHANGED ]==
* Numerics have been removed. Instead we now use SIDs (Server ID's) and
   UIDs (User ID's). SIDs work very similar to server numerics and UIDs
   help us to fix a number of lag-related race conditions / bugs.
* The module commands.so / commands.dll has been removed. All commands
   (those that are modular) are now in their own module.
* Self-signed certificates are now generated using 4096 bits, a SHA256
   hash and validity of 10 years. (A2)
* Building with SSL (OpenSSL) is now mandatory (A2)
* The link { } block has been restructured, see
   https://www.unrealircd.org/docs/Upgrading_from_3.2.x#Link_block (A3)
* Better yet, check out our secure server linking tutorial:
   https://www.unrealircd.org/docs/Tutorial:_Linking_servers
* If you have no set::throttle block you now get a default of 3:60 (A3)
* password entries in the conf no longer require specifying an auth-type
   like password "..." { md5; };. UnrealIRCd will now auto-detect. (A3)
* You will now see a warning when you link to a non-SSL server. (A3)
* Previously we used POSIX Regular expressions in spamfilters and at
   some other places. We have now moved to PCRE Regular expressions.
   They look very similar, but PCRE is a lot faster.
   For backwards-compatibility we still compile with both regex engines. (A3)
* Spamfilter command syntax has been changed, it now has an extra option
   to indicate the matching method:
   /SPAMFILTER [add|del|remove|+|-] [method] [type] ....
   Where 'method' can be one of:
   * -regex: this is the new fast PCRE2 regex engine
   * -simple: supports just strings and ? and * wildcards (super fast)
   * -posix: the old regex engine for compatibility with 3.2.x.  (A3)
* If you have both 3.2.x and 3.4.x servers on your network then the
   3.4.x server will only send spamfilters of type 'posix' to the 3.2.x
   servers because 3.2.x servers don't support the other two types.
   So in a mixed network you probably want to keep using 'posix' for
   a while until all your UnrealIRCd servers are on 3.4.x. (A3)
* set::oper-only-stats now defaults to "*"
* oper::from::userhost and vhost::from::userhost are now called
   oper::mask and vhost::mask. The usermask@ part is now optional and
   it supports two syntaxes. For one entry you can use: mask 1.2.3.*;
   For multiple entries the syntax is: mask { 192.168.*; 10.*; };
* Because having both allow::ip and allow::hostname in the same allow
   block was highly confusing (it was an OR-match) you must now choose
   between either allow::ip OR allow::hostname. (A3)
* cgiirc block is renamed to webirc and the syntax has changed (A4)
* set::pingpong-warning is removed, warning always off now (A4)
* More helpful configuration file parse error messages (A4)
* You can use '/OPER username' without password if you use SSL
   certificate (fingerprint) authentication. The same is true for
   '/VHOST username'. (A4)
* You must now always use 'make install' on *NIX (A4)
* Changed (default) directory structure entirely, see the section
   titled 'CONFIGURATION CHANGES' about 100 lines up. (A4)
* badword quit { } is removed, we use badword channel for it. (A4)
* badwords.*.conf is now just one badwords.conf
* To load all default modules you now include modules.default.conf.
   This file was called modules.conf in earlier alpha's.
   The file has been split up in sections and a lot of comments have
   been added to aid the user in deciding whether to load or not to
   load each module. (A4)
* Snomask +s is now (always) IRCOp-only. (A4)
* There's now actually an idea behind HalfOp permissions. The idea
   is that halfops should be able to help out in case of a flood but
   not be able to
* Previously there was little logic behind what modes halfops could
   set. Now the idea is as follows: halfops should be able to help out
   in case of a flood but not be able to change any 'policy decission
   modes' such as +G, +S, +c, +s. Due to this change halfops can now
   set modes +beiklmntIMKNCR (was: +beikmntI).

==[ MODULE CODERS / DEVELOPERS ]==
* A lot of technical documentation for module coders has been added
   at https://www.unrealircd.org/docs/ describing things like how to
   write a module from scratch, the User & Channel Mode System, Commands,
   Command Overrides, Hooks, attaching custom-data to users/channels,
   and more. (A2+)
* Added MOD_OPT_PERM_RELOADABLE which permits reloading (eg: upgrades)
   but disallows unloading of a module (A3)
* There have been *a lot* of source code cleanups (ALL)

==[ MAJOR BUGS FIXED ]==
* Crash bug on-boot in alpha1 (A2)
* IRCOp commands such as /GLINE were not always working (A2)
* link::outgoing::options::autoconnect did not work (A4)
* This is still an alpha release, so likely contains major issues
* If the IRCd could not bind to any ports it started anyway (A4)
* alpha3 did not compile on x86 (32 bit) systems (A4)

==[ MINOR BUGS FIXED ]==
* Errors in example configuration files (A2)
* Some fixes in delayjoin (Channel mode +d) (A2)
* Deal with services who allow you to log in by account name (A3)
* Detect "IRCd not running" situations better (A4)
* './unrealircd restart' will now always try to start UnrealIRCd,
   so also if it wasn't running previously. (A4)

==[ REMOVED / DROPPED ]==
* Numeric server IDs, see above. (A1)
* PROTOCTL TOKEN and SJB64 are no longer implemented. (A1)
* Ziplinks have been removed. (A1)
* WebTV support. (A3)
* User mode +h (helpop). This user mode only added a line in /WHOIS
   saying the user "is available for help". You can use a vhost block
   with a vhost::swhois as a replacement. Or oper::swhois. (A4)

Have fun with the development release!

Bram

-- 
Bram Matthys
Software developer/IT consultant        sy...@vu...
Website:                                  www.vulnscan.org
PGP key:                       www.vulnscan.org/pubkey.asc
PGP fp: EBCA 8977 FCA6 0AB0 6EDB  04A7 6E67 6D45 7FE1 99A6