Re: UnrealIRCd 4.2.1 released

[Bram M. <sy...@un...>]

There was a small mistake in the UnrealIRCd 4.2.1 release:
SAJOIN/SAPART/SAMODE did not work (/Permission denied/). The 4.2.1
download has now been replaced with a fixed version.

If you already downloaded 4.2.1 in the past 36 hours then you can easily
apply the fix without a restart since it's just a typo in a
configuration file:
Open /conf/operclass.default.conf/ and replace "sacmds" with "sacmd" at
two places. Save and /REHASH. That's it.

Sorry for this!

On 27/12/2018 09:25, Bram Matthys wrote:
> UnrealIRCd 4.0.0 released (You can unsubscribe from this list here
> <https://sourceforge.net/projects/unreal/lists/unreal-notify/unsubscribe>)
>
> Hi everyone,
>
> UnrealIRCd 4.2.1 (stable) is now available for download. This version
> enhances support for authentication
> <https://www.unrealircd.org/docs/Authentication>. Also new is a module
> to combat mixed UTF8 character spam, a rewrite of the operclass
> privileges and more secure password hashing with Argon2.
>
> If you missed the 4.2.0 release, then consider looking at the previous
> release announcement
> <https://forums.unrealircd.org/viewtopic.php?f=1&t=8843> as well.
>
> NOTE: There will be no further 4.0.x releases. Current stable is
> 4.2.x. For more information, see the FAQ item: Questions about the new
> 4.2.x series
> <https://www.unrealircd.org/docs/FAQ#Questions_about_the_new_4.2.x_series>.
>
> *Changes between version 4.2.0 and 4.2.1
> *Improvements
>
>   * Support for authentication prompt
>     <https://www.unrealircd.org/docs/Authentication>:
>     Since 4.2.0 you can require specific users to authenticate
>     themselves with their nickname and password via SASL. We now offer
>     a new experimental module called 'authprompt' which will help
>     non-SASL users by showing a notice and asking them to authenticate
>     to their account via /AUTH <user>:<pass>. See the new
>     authentication article
>     <https://www.unrealircd.org/docs/Authentication> on the wiki for
>     an overview and set::authentication-prompt
>     <https://www.unrealircd.org/docs/Set_block#set::authentication-prompt>
>     for specific information on the module.
>   * New optional module 'antimixedutf8' to combat mixed UTF8 character
>     spam (also called freenode spam) that has been plaguing networks.
>     See the set::antimixedutf8 docs
>     <https://www.unrealircd.org/docs/Set_block#set::antimixedutf8> for
>     more information.
>   * Support for Argon2 password hashing, which is more resilient
>     against brute force cracking (/mkpasswd argon2 passwd)
>   * Indicate 's' in WHO reply flags if the user is secure (SSL/TLS).
>
> Configuration changes
>
>   * The require sasl { } block is now called require authentication { }
>   * The operclass privileges have been redone.
>     There were too many changes to list them here. If, like 99% of the
>     users, you use default operclasses such as "globop" and
>     "admin-with-override" then you don't need to do anything.
>     However, if you have custom operclass { } blocks then the
>     privileges will have to be redone. See here
>     <https://www.unrealircd.org/docs/FAQ#New_operclass_permissions>
>     for more information on the conversion process.
>     See also the new list of permissions
>     <https://www.unrealircd.org/docs/Operclass_permissions>, with much
>     better naming and grouping.
>   * In the configuration file you can now use } instead of };
>     Both forms are accepted. There's no need to change if you don't
>     like it.
>   * A /* comment in the configuration file is now terminated at the
>     first occurrence of */, instead of two /* /* requiring two */ */.
>     Most people will be unaffected. But if you are, see the FAQ:
>     nesting comments
>     <https://www.unrealircd.org/docs/FAQ#Nesting_comments> for more
>     information.
>
> Major issues fixed
>
>   * The blacklist module
>     <https://www.unrealircd.org/docs/Blacklist_block> did not act on
>     IPv6 users listed in DNSBLs.
>
> *Minor issues fixed
> *
>
>   * By default a user shouldn't be allowed to change to a banned nick,
>     unless (s)he has +hoaq in the channel. This was broken since 4.0.0.
>     This feature can be disabled via set { check-target-nick-bans no; };
>   * Rehash error messages sent to opers regarding remote includes now
>     no longer include authentication information (replaced with ***:***).
>
> *Deprecated
> *
>
>   * The authentication types 'md5', 'sha1' and 'ripemd160' have been
>     deprecated because they can be cracked at high speeds. They still
>     work, but a warning will be shown on boot and on rehash.
>     Please use the new 'argon2' type instead: Type /MKPASSWD argon2
>     passwd on IRC, or ./unrealircd mkpasswd argon2 on the command line
>     to generate the password hash.
>
> *For module coders*
>
>   * Priorities in command overrides were reversed (was added in 4.2.0)
>
> *Future versions (heads up):*
>
>   * We intend to change the default plaintext oper policy from /warn/
>     to /deny/ in the year 2019. This will deny /OPER when issued from
>     a non-SSL connection.
>     For security, IRC Operators should really use SSL/TLS when
>     connecting to an IRC server!
>
> *Download*
> As always, you can download UnrealIRCd from https://www.unrealircd.org/
> All releases are signed with our PGP key (key id 0xA7A21B0A108FF4A9)
>
> *Bug reports and feature enhancements
> *Please report all bugs and feature suggestions at
> https://bugs.unrealircd.org/
> Our GitHub repository is available on
> https://github.com/unrealircd/unrealircd/
> -- 
> Bram Matthys
> Security researcher                     sy...@vu...
> Website:                                  www.vulnscan.org
> PGP key:                       www.vulnscan.org/pubkey.asc
> PGP fp: EBCA 8977 FCA6 0AB0 6EDB  04A7 6E67 6D45 7FE1 99A6