UnrealIRCd 6.0.4 released

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi everyone,

I'm happy to announce UnrealIRCd 6.0.4 (stable). This release comes with 
lots of features and enhancements. In particular, security groups and 
mask items now allow you to write cleaner and more flexible 
configuration files. There are also JSON logging enhancements and 
several bug fixes. Thanks a lot to everyone who tested the release 
candidates!

      Enhancements:

  * Show security groups in |WHOIS|
  * The security-group block
    <https://www.unrealircd.org/docs/Security-group_block> has been
    expanded and the same functionality is now available in mask items
    <https://www.unrealircd.org/docs/Mask_item> too:
      o This means the existing options like |identified|, |webirc|,
        |tls| and |reputation-score| can be used in |allow::mask| etc.
      o New options (in both security-group and mask) are:
          + |connect-time|: time a user is connected to IRC
          + |security-group|: to check another security group
          + |account|: services account name
          + |country|: country code, as found by GeoIP
          + |realname|: realname (gecos) of the user
          + |certfp|: certificate fingerprint
      o Every option also has an exclude- variant, eg.
        |exclude-country|. If a user matches any |exclude-| option then
        it is considered not a match.
      o The modules connthrottle
        <https://www.unrealircd.org/docs/Connthrottle>,
        restrict-commands
        <https://www.unrealircd.org/docs/Set_block#set::restrict-commands>
        and antirandom
        <https://www.unrealircd.org/docs/Set_block#set::antirandom> now
        use the new |except| sub-block which is a mask item. The old
        syntax (eg |set::antirandom::except-webirc|) is still accepted
        by UnrealIRCd and converted to the appropriate new setting
        behind the scenes (|set::antirandom::except::webirc|).
      o The modules blacklist
        <https://www.unrealircd.org/docs/Blacklist_block> and
        antimixedutf8
        <https://www.unrealircd.org/docs/Set_block#set::antimixedutf8>
        now also support the |except| block (a mask item).
      o Other than that the extended functionality is available in these
        blocks: |allow|, |oper|, |tld|, |vhost|, |deny channel|, |allow
        channel|.
      o Example of direct use in a ::mask item:

        |/* Spanish MOTD for Spanish speaking countries */ tld { mask {
        country { ES; AR; BO; CL; CO; CR; DO; EC; SV; GT; HN; MX; NI;
        PA; PY; PE; PR; UY; VE; } } motd "motd.es.txt"; rules
        "rules.es.txt"; } |

      o Example of defining a security group and using it in a mask item
        later:

        |security-group irccloud { mask { ip1; ip2; ip3; ip4; } } allow
        { mask { security-group irccloud; } class clients; maxperip 128;
        } except ban { mask { security-group irccloud; } type {
        blacklist; connect-flood; handshake-data-flood; } } |

  * Because the mask item is so powerful now, the |password| in the oper
    block <https://www.unrealircd.org/docs/Oper_block> is optional now.
  * We now support oper::auto-login, which means the user will become
    IRCOp automatically if they match the conditions on-connect. This
    can be used in combination with certificate fingerprint
    <https://www.unrealircd.org/docs/Certificate_fingerprint>
    authentication for example:

    |security-group Syzop { certfp "1234etc."; } oper Syzop { auto-login
    yes; mask { security-group Syzop; } operclass
    netadmin-with-override; class opers; } except ban { mask {
    security-group Syzop; } type all; } |

  * For JSON logging <https://www.unrealircd.org/docs/JSON_logging> a
    number of fields were added when a client is expanded:
      o |geoip|: with subitem |country_code| (eg. |NL|)
      o |tls|: with subitems |cipher| and |certfp|
      o Under subitem |users|:
          + |vhost|: if the visible host differs from the realhost then
            this is set (thus for both vhost and cloaked host)
          + |cloakedhost|: this is always set (except for eg. services
            users), even if the user is not cloaked so you can easily
            search on a cloaked host.
          + |idle_since|: last time the user has spoken (local clients only)
          + |channels|: list of channels (array), with a maximum of 384
            chars.
  * The JSON logging now also strips ASCII below 32, so color- and
    control codes.
  * Support IRCv3 |+draft/channel-context|
  * Add |example.es.conf| (Spanish example configuration file)
  * The country of users is now communicated in the message-tag
    <https://www.unrealircd.org/docs/Message_tags>
    |unrealircd.org/geoip| (only to IRCOps).
  * Add support for linking servers via UNIX domain sockets
    (|link::outgoing::file|).

      Fixes:

  * Crash in |except ban| with |~security-group:xyz|
  * Crash if hideserver module was loaded but |LINKS| was not blocked.
  * Crash on Windows when using the "Rehash" GUI option.
  * Infinite loop if one security-group referred to another.
  * Duplicate entries in the |+beI| lists of |+P| channels.
  * Regular users were able to -o a service bot (that has umode +S)
  * Module manager did not stop on compile error
  * |set::modes-on-join|
    <https://www.unrealircd.org/docs/Set_block#set::modes-on-join> did
    not work with |+f| + timed bans properly, eg |[3t#b1]:10|
  * Several log messages were missing some information.
  * Reputation syncing across servers had a small glitch. Fix is mostly
    useful for servers that were not linked to the network for days or
    weeks.

      Changes:

  * Clarified that UnrealIRCd is licensed as "GPLv2 or later"
  * Fix use of variables in |set::reject-message|
    <https://www.unrealircd.org/docs/Set_block#set::reject-message> and
    in |blacklist::reason|
    <https://www.unrealircd.org/docs/Blacklist_block>: previously short
    forms of variables were (unintentionally) expanded as well, such as
    |$serv| for |$server|. This is no longer supported, you need to use
    the correct full variable names.

      Developers and protocol:

  * The |creationtime| is now communicated of users. Until now this
    information was only known locally (the thing that was communicated
    that came close was "last nick change" but that is not the same).
    This is synced via (early) moddata across servers. Module coders can
    use |get_connected_time()|.
  * The |RPL_HOSTHIDDEN| is now sent from |userhost_changed()| so you
    don't explicitly send it yourself anymore.
  * The |SVSO| command is back, so services can make people IRCOp again.
    See |HELPOP SVSO| or the commit
    <https://github.com/unrealircd/unrealircd/commit/50e5d91c798e7d07ca0c68d9fca302a6b6610786>
    for more information.
  * Due to last change the |HOOKTYPE_LOCAL_OPER| parameters were changed.
  * Module coders can enhance the JSON logging
    <https://www.unrealircd.org/docs/JSON_logging> expansion items for
    clients and channels via new hooks like
    |HOOKTYPE_JSON_EXPAND_CLIENT|. This is used by the geoip and tls
    modules.

You can download UnrealIRCd from https://www.unrealircd.org/

-- 
Bram Matthys
Security and software eng...@vu...
Website:www.vulnscan.org
PGP key:www.vulnscan.org/pubkey.asc
PGP fp: EBCA 8977 FCA6 0AB0 6EDB  04A7 6E67 6D45 7FE1 99A6