UnrealIRCd 4.0.8 released
Status: Beta
Brought to you by:
wildchild
Menu
▾
▴
UnrealIRCd 4.0.8 released
|
From: Bram M. <sy...@un...> - 2016-11-11 10:04:08
|
Hi everyone,
UnrealIRCd 4.0.8 is out. On *NIX this version brings security enhancements. On
Windows releases are now signed. It also fixes one major and one minor issue.
*Changes between version 4.0.7 and 4.0.8
*Improvements
* *NIX: As part of defense-in-depth UnrealIRCd now compiles with several
hardening options by default. This makes several type of exploits more
difficult and in some cases even impossible. Tech: this enables full RELRO
(GOT and PLT being read-only), everything compiled as PIE making ASLR
possible, stack protector canaries are added, etc.
* Windows: releases are now signed. If you download the UnrealIRCd installer
the publisher will now show as "Open Source Developer, Bram Matthys"
rather than "Unknown publisher". Similarly all the EXE and DLL files have
been signed which should make it easy for anti virus software to see if
something is an official UnrealIRCd release file or not.
Major issues fixed
* Possible crash if you have several blacklist blocks
Minor issues fixed
* User mode +d (deaf) did not work
*Other changes*
* We've always printed big warnings when running UnrealIRCd as root. In this
version we still do, but in future versions we will simply refuse to boot.
https://www.unrealircd.org/docs/Do_not_run_as_root
* System c-ares is preferred over our own shipped c-ares
* System cURL is preferred over ~/curl (if it has AsynchDNS)
* Our shipped libraries are no longer built as static
* Now that shipped libraries are dynamic they need to be installed somewhere
(if used). The default location is ~/unrealircd/lib and can be changed via
--with-privatelibdir. (Although, if you are a package builder then you
will probably use --with-system-xxx and then private libraries are not
used at all)
*What's new in UnrealIRCd 4
*A short overview of the most important changes:*
*
* <https://www.unrealircd.org/docs/Modules>You decide what to load
<https://www.unrealircd.org/docs/Modules>. We have moved as much
functionality as possible to 150+ individually loadable modules (commands
<https://www.unrealircd.org/docs/User_%26_Oper_commands>, user modes
<https://www.unrealircd.org/docs/User_modes>, channel modes
<https://www.unrealircd.org/docs/Channel_modes>, extbans
<https://www.unrealircd.org/docs/Extended_bans>, snomasks, ..). You decide
which features your UnrealIRCd should have.
* Fine-grained IRCOp privileges
<https://www.unrealircd.org/docs/Operclass_block>. The way IRCOp
privileges are granted has been redone entirely. This allows you to
configure oper privileges on a very detailed level. You don't want
OperOverride? You don't want opers to see secret channels? Or you want an
oper with a very minimal set of privileges? This is all possible.
* Wiki <https://www.unrealircd.org/docs/UnrealIRCd_4_documentation>. All
documentation has been moved to a wiki <https://www.unrealircd.org/docs/>.
It's even better than before and more accessible to people who are new to
IRCd's. The wiki also allows easy translation
<https://www.unrealircd.org/docs/Translating_UnrealIRCd_wiki_pages> by
community members.
* New directory structure
<https://www.unrealircd.org/docs/UnrealIRCd_files_and_directories>. On
*NIX the IRCd is now always installed to a different directory than where
you compile from (~/unrealircd by default). No more mess. On both *NIX and
Windows configuration files go in conf/, modules go in modules/, etc..
Configuration files can be identical on Windows and *NIX. This new
directory structure also allows easier packaging.
* New I/O system using kqueue & epoll. The IRCd can now handle thousands of
users more easily.
* Improved SSL/TLS support. SSL has always been a major feature in
UnrealIRCd but has been enhanced. UnrealIRCd is now always built with SSL
support (both on *NIX and Windows). SSL client certificate fingerprints
are visible in /WHOIS, a new certfp extban
<https://www.unrealircd.org/docs/Extended_bans>
(~S:certificatefingerprint), better defaults including 4096 bit keys and
Perfect forward secrecy <https://en.wikipedia.org/wiki/Forward_secrecy>, etc.
* DNS Blacklist support <https://www.unrealircd.org/docs/Blacklist_block>
(DNSBL/RBL). Great for combating drones and other abusers.
* Better and more helpful error messages. Especially regarding the
configuration file.
* More modern server-to-server protocol.
<https://www.unrealircd.org/docs/Server_protocol:Changes> Such as using
UID/SID's. Resulting in less desynch. issues.
* Lowering the bar for Spamfilter
<https://www.unrealircd.org/docs/Spamfilter#Block_simple_spam>. You can
now choose between 'regex' and 'simple' matching. Simple matching allows
using the usual '?' and '*' wildcards that everyone knows about. The regex
engine has been moved from TRE to PCRE (=about twice as fast).
* Configuration is more logical
<https://www.unrealircd.org/docs/Upgrading_from_3.2.x>. Around 30% of the
configuration blocks have been restructured. Don't worry, we include an
UnrealIRCd 3.2.x to 4.x configuration file converter.
* Easier 3rd party module management. On *NIX you now just put your 3rd
party modules in /src/modules/third/ and then each time you run 'make'
they will be compiled if needed.
* Easier upgrading. On *NIX, when upgrading to a new version, ./Config will
ask you to import settings from a previous installation, remembering your
installation directory and other settings. It will also copy the 3rd party
modules from the old to the new installation and re-compile them.
* More secure. Even better secure defaults, more warnings about insecure
behavior, ..
* *IPv6 now also on Windows* <https://www.unrealircd.org/docs/Ipv6>.
For developers:
* Easier source navigation. Because we moved almost everything to modules,
it's now much easier to see all the code for a particular feature.
* Cleaner code. There have been a lot of source code cleanups. Code has been
restructured or rewritten. Old irrelevant code has been deleted.
* Development documentation can be found on the wiki
<https://www.unrealircd.org/docs/Main_Page>. We explain how to write a
module in C and list all the details on the various Module API's such as
how to write commands, channel modes, plug-in by using Hooks, etc...
*Upgrading from 3.2.x**to UnrealIRCd 4*
If you are upgrading from 3.2.x to 4.x then there are three important things
to know:
*1) New file locations*
In UnrealIRCd 4 the location of the configuration files and other files have
been changed. On *NIX the directory where you compile the IRCd from
(previously 'Unreal3.2.X', now 'unrealircd-4.0.0') is no longer the same as
the directory where the IRCd will be running from.
By default the IRCd is installed to //home/yourusername/unrealircd/ on *NIX.
On Windows UnrealIRCd will install to /C:\Program Files (x86\UnrealIRCd 4/.
The new directory structure is as follows (both on Windows and *NIX):
conf/ contains all configuration files
logs/ for log files
modules/ all modules (.so files on *NIX, .dll files on Windows)
*2) Configuration file changes
*There have also been changes in various configuration blocks and settings.
Don't worry, UnrealIRCd can convert your existing 3.2.x configuration files to
UnrealIRCd 4 format. There's no need to start from scratch.
Please read https://www.unrealircd.org/docs/Upgrading_from_3.2.x for more
information on the config file conversion.
*3) Third party modules*
If you are using 3rd party modules (modules not developed by the UnrealIRCd
team) then they will require an update before they can run on UnrealIRCd 4.
Contact your developer for a new version or ask on our Modules forum
<https://forums.unrealircd.org/viewforum.php?f=52> where someone may be kind
enough to convert the module for you if you ask nicely. Due to the many core
changes in UnrealIRCd 4 it was simply impossible to make 3.2.x modules work
out-of-the-box on 4.x as well.
*Running a mixed 3.2.x / 4.x network*
You can run a mixed 3.2.x <-> 4.x network if you a follow a few simple rules
<https://www.unrealircd.org/docs/Running_a_mixed_UnrealIRCd_3.2_and_UnrealIRCd_4_network>.
*End of the 3.2.x series*
With the release of UnrealIRCd 4.0.0 we have deprecated the previous series.
All support for the 3.2.x series will stop after December 31, 2016.
See https://www.unrealircd.org/docs/UnrealIRCd_3.2.x_deprecated
*Download*
As always, you can download UnrealIRCd from https://www.unrealircd.org/
All releases are signed with our PGP key (short key id 0x108FF4A9 and long id
0xA7A21B0A108FF4A9)
Please report all bugs and feature suggestions at https://bugs.unrealircd.org/
--
Bram Matthys
Software developer/IT con...@vu...
Website:www.vulnscan.org
PGP key:www.vulnscan.org/pubkey.asc
PGP fp: EBCA 8977 FCA6 0AB0 6EDB 04A7 6E67 6D45 7FE1 99A6
|
