UnrealIRCd 4.0.16 released
Status: Beta
Brought to you by:
wildchild
Menu
▾
▴
UnrealIRCd 4.0.16 released
|
From: Bram M. <sy...@un...> - 2017-11-12 07:07:56
|
(You can unsubscribe from this list here <https://sourceforge.net/projects/unreal/lists/unreal-notify/unsubscribe>) Hi everyone, UnrealIRCd 4.0.16 (stable) is now available for download. This release consists of a huge amount of enhancements and other changes. Thanks to everyone who previously tested the release candidate. *Changes between version 4.0.15 and 4.0.16 *Improvements * There's now an easy method to remove spamfilters. '/SPAMFILTER del' will show a list of spamfilters along with the appropriate command to remove them (by id). * CAP v3.2 support. * CAP 'cap-notify': notify users of any CAP changes. * CAP 'extended-join': show account and gecos in JOIN. * CAP 'chghost': notify on user/host changes. Note that if you use set::allow-userhost-change force-rejoin then clients which support CAP 'chghost' will not see the PART+JOIN+MODE sequence as it is unnecessary. They already receive a "CHGHOST" message as part of CAP 'chghost' instead. * Updated CAP 'sasl' to specification 3.2 (includes mechlist). * Automatically discover SASL server if saslmechlist is sent by services and set::sasl-server is not set by the administrator. This should help to get more networks to support SASL automatically (if you run up to date services, of course) * We send "CAP DEL sasl" if set::sasl-server squits and a "CAP NEW" message when the server returns (to cap-notify and CAPv3.2 clients). * Added password::type 'spkifp'. It's similar to 'sslclientcertfp' but is a hash based on the public TLS key rather than the certificate. The benefit of this is that the 'spkifp' can stay the same even if you get a new certificate from Let's Encrypt. Note that 'certbot' does not re-use keys by default so you will still get a different spkifp every 60-90 days. Consider using another (3rd party) client or tell the certbot guys to finally implement --reuse-key at https://github.com/certbot/certbot/issues/3788 * The command './unrealircd spkifp' will output the SPKI fingerprint (this is now used in the updated Linking servers tutorial <https://www.unrealircd.org/docs/Tutorial:_Linking_servers>) * New option set::handshake-delay will delay the handshake (when a user is connecting) up to this amount of time. * If you have any blacklist { } block then UnrealIRCd will set an set::handshake-delay of 2 seconds by default. This will allow (most) DNSBL checking to be finished before the user comes online (and thus get bad users killed before they appear), while still allowing a smooth user experience. If your DNS(BL) is slow then you could raise this setting slightly. * You can now have multiple webirc { } blocks with the same mask. This permits multiple blocks like.. webirc { mask *; password "....." { sslclientcertfp; }; }; ..should you need it. In other words: we don't stop matching upon an authentication failure. * Move CONNECTTIMEOUT to set::handshake-timeout <https://www.unrealircd.org/docs/Set_block#set::handshake-timeout>. * Move MAXUNKNOWNCONNECTIONSPERIP to set::max-unknown-connections-per-ip <https://www.unrealircd.org/docs/Set_block#set::max-unknown-connections-per-ip>. * Add set { cloak-method ip; }; which will make cloaking only be done on the IP and thus result in an XX.YY.ZZ.IP cloaked host. This so you can have "IP cloaking" without disabling DNS lookups. GLINES on hosts still work and IRCOps (and yourself) can still see the host in /WHOIS. * New option set { ban-include-username yes; }; which will make bans placed by spamfilters (and some other systems) to be placed not on *@ip but on user@ip. Note that this won't work for ZLINE/GZLINE since no no ident/username lookups are done in such cases. Major issues fixed * None Minor issues fixed * Gracefully handle incorrect server-to-server messages. These no longer cause UnrealIRCd to crash. Note that this does not mean you can now go send random RAW messages from a trusted server connection. Doing so can cause desynchs, KILLs and SQUITs. We just try not to crash anymore. * A small memory leak upon 'DNS i' (IRCOp only command) *Removed* * Various old config.h settings that didn't have any effect. * A few config.h settings that should never be turned off have been removed altogether (eg: NO_FLOOD_AWAY is now always on). * The deprecated and unused commands "CAP CLEAR" and "CAP ACK". *Other changes * * When linking servers and not having any certificate validation, UnrealIRCd will give you specific instructions on how to use password::spkifp or verify-certificate. This to fix a possible Man-in-the-Middle attack. Note that you'll only see this message when linking two servers that are 4.0.16+. * When a user does a nick change from a registered nick you will now see the user mode -r. Previously this happened invisibly. * The default oper snomask now includes 'S' (spamfilter notices). *For module coders* * API change for HOOKTYPE_PRE_INVITE: int hook_pre_invite(aClient *sptr, aClient *target, aChannel *chptr, int *override) Modules must now send the error message instead of only returning HOOK_DENY. Also check for operoverride and set *override=1. * Please use the following procedure in case of an user/host change: userhost_save_current(acptr); /* now do what you need to do: like change username or hostname */ userhost_changed(acptr); This function will take care of notifying other clients about the userhost change, such as doing PART+JOIN+MODE if force-rejoin is enabled, and sending :xx CHGHOST user host messages to "CAP chghost" capable clients. *For services coders:* * If you provide SASL then please send the mechlist like this: MD client your.services.server saslmechlist :EXTERNAL,PLAIN * Don't forget to send an EOS (End Of Synch) at the end of the handshake, if you are not doing so already. It's important: :your.services.server EOS *Download* As always, you can download UnrealIRCd from https://www.unrealircd.org/ All releases are signed with our PGP key (key id 0xA7A21B0A108FF4A9) *Bug reports and feature enhancements *Please report all bugs and feature suggestions at https://bugs.unrealircd.org/ Our GitHub repository is available on https://github.com/unrealircd/unrealircd/ -- Bram Matthys Security researcher sy...@vu... Website: www.vulnscan.org PGP key: www.vulnscan.org/pubkey.asc PGP fp: EBCA 8977 FCA6 0AB0 6EDB 04A7 6E67 6D45 7FE1 99A6 |
