UnrealIRCd 4.0.17 released
Status: Beta
Brought to you by:
wildchild
Menu
▾
▴
UnrealIRCd 4.0.17 released
|
From: Bram M. <sy...@un...> - 2017-12-22 09:51:58
|
(You can unsubscribe from this list here <https://sourceforge.net/projects/unreal/lists/unreal-notify/unsubscribe>) Hi everyone, UnrealIRCd 4.0.17 (stable) is now available for download. The most visible changes are experimental utf8 support in set::allowed-nickchars and two new (optional) modules "timed bans" (remove ban after X minutes) and "msgbypass". *Changes between version 4.0.16(.1) and 4.0.17 *Improvements * Two optional modules. These are not loaded by default. To use them, include modules.optional.conf, or add these loadmodule lines: loadmodule "extbans/timedban"; loadmodule "extbans/msgbypass"; o Timed bans: ~t:duration:mask These are bans that are automatically removed by the server. The duration is in minutes and the mask can be any ban mask. Some examples: + A 5 minute ban on a host: /+b ~t:5:*!*@host/ + A 5 minute quiet ban on a host (unable to speak):/+b ~t:5:~q:*!*@host/ + An invite exception for 1440m/24hrs: /+I ~t:1440:*!*@host/ + A temporary exempt ban for a services account: /+e ~t:1440:~a:Account/ + Allows someone to speak through +m for the next 24hrs: /+e ~t:1440:~m:moderated:*!*@host/ + And any other crazy ideas you can come up with... o New ban exception ~m:type:mask which allows bypassing of message restrictions. Valid types are: 'external' (bypass +n), moderated (bypass +m/+M), 'filter' (bypass +G), 'color' (bypass +S/+c) and 'notice' (bypass +T). Some examples: + Let LAN users bypass +m: /+e ~m:moderated:*!*@192.168.*/ + Let ops in #otherchan bypass +m in this channel: /+e ~m:moderated:~c:@#otherchan/ + Make GitHub commit bot bypass +n: /+e ~m:external:*!*@ipmask/ + Allow a services account to use color: /+e ~m:color:~a:ColorBot/ * Timedban support in +f [5t#b2]:10 (set 2 minute ban on text flood). This is only available if the previously mentioned extbans/timedban module is loaded. * Added experimental UTF8 support in set::allowed-nickchars. See https://www.unrealircd.org/docs/Nick_Character_Sets /Example: set { allowed-nickchars { latin-utf8; }; }; / Important remarks: o All your servers must be on UnrealIRCd 4.0.17+ o Most services do not support this, so users using UTF8 nicknames won't be able to register at NickServ. o In set::allowed-nickchars you must either choose an utf8 language or a non-utf8 character set. You cannot combine the two. o You also cannot combine multiple scripts/alphabets, such as: latin, greek, cyrillic and hebrew. You must choose one. o If you are already using set::allowed-nickchars on your network (eg: 'latin1') then be careful when migrating (to eg: 'latin-utf8'): + Your clients may still assume non-UTF8 + If users registered nicks with accents or other special characters at NickServ then they may not be able to access their old account after the migration to UTF8. o There is no CASEMAPPING or "visually identical character"-checking. + Just like in the old (non-utf8) charsys this means there is no lower/uppercase checking for allowed-nickchars nicks. So a nick with "O with accent" can be online at the same time as "o with accent". They are treated as two different users. + The identical character looking issue is particular noticeable in Cyrillic script where for example cyrillic "A" looks identical to latin "A" and thus can be used to impersonate a user. + Improved CASEMAPPING and "visually similar character"-checking is part of ongoing research. * Ability to customize the reject connection messages: set { reject-message { password-mismatch "Password mismatch"; too-many-connections "Too many connections from your IP"; server-full "This server is full."; unauthorized "You are not authorized to connect to this server"; }; }; * Added optional AppArmor profile in extras/security/apparmor/unrealircd (see Using AppArmor with UnrealIRCd <https://www.unrealircd.org/docs/Using_AppArmor_with_UnrealIRCd>) Major issues fixed * Crash when using OperOverride (*NIX only) * Fix hang in (outgoing) server linking * Fix crash when linking anope over SSL from non-localhost * '/SPAMFILTER del <id>' did not remove the spamfilter on other servers Minor issues fixed * set::restrict-extendedbans was not always applied (when stacked) *Other changes * * UnrealIRCd will no longer give user mode +z to users on WEBIRC gateways using SSL/TLS IRC, unless the WEBIRC gateway gives us some assurance that the client<->webirc gateway connection is also secure (eg: https). This is the regular WEBIRC format: WEBIRC password gateway hostname ip This indicates a secure client connection (NEW): WEBIRC password gateway hostname ip :secure Naturally, WEBIRC gateways MUST NOT send the "secure" option if the client is using http or some other insecure protocol. *For module coders* * New hook HOOKTYPE_CAN_BYPASS_CHANNEL_MESSAGE_RESTRICTION <https://www.unrealircd.org/docs/Dev:Hook_API#HOOKTYPE_CAN_BYPASS_CHANNEL_MESSAGE_RESTRICTION> *For services coders:* * Don't forget to send an EOS (End Of Synch) at the end of the handshake, if you are not doing so already. It's important: :your.services.server EOS *Download* As always, you can download UnrealIRCd from https://www.unrealircd.org/ All releases are signed with our PGP key (key id 0xA7A21B0A108FF4A9) *Bug reports and feature enhancements *Please report all bugs and feature suggestions at https://bugs.unrealircd.org/ Our GitHub repository is available on https://github.com/unrealircd/unrealircd/ -- Bram Matthys Security researcher sy...@vu... Website: www.vulnscan.org PGP key: www.vulnscan.org/pubkey.asc PGP fp: EBCA 8977 FCA6 0AB0 6EDB 04A7 6E67 6D45 7FE1 99A6 |
