UnrealIRCd 6.0.5-rc1 available for testing

[Bram M. <sy...@un...>]

(You can unsubscribe from this list here 
<https://sourceforge.net/projects/unreal/lists/unreal-notify/unsubscribe>)

Hi everyone,

The release candidate for 6.0.5 is now available for testing. You can 
help us by testing and reporting any issues at 
https://bugs.unrealircd.org/ <https://bugs.unrealircd.org/>.

This release adds experimental JSON-RPC support which can be used by a 
web panel or other interface (this is work in progress). There's a new 
TLINE command to test *LINES, useful for e.g. /TLINE ~C:NL. Logging to 
files has been improved and some other enhancements. One notable change 
is that by default we now require TLSv1.2 (or higher) for IRC clients 
and a modern cipher. This should be no problem for clients using any 
reasonably new SSL/TLS library (from 2014 or later). Another notable 
change is that servers with websockets now also need to load the 
"webserver" module. Full release notes with all details are below.

Also a correction: in the release notes of 6.0.4.2 from 2 weeks ago it 
was claimed that a crash with server linking was fixed. Unfortunately 
the actual fix was not included (my mistake). The fix is included in 
this 6.0.5-rc1 and will be in 6.0.5. Since the crash only affects a 
limited number of people there is not another 6.0.4.x release planned to 
rectify this, especially since 6.0.5 stable will be released in the next 
3-6 weeks.


      Enhancements:

  * Internally the websocket module has been split up into 3 modules:
    |websocket_common|, |webserver| and |websocket|. The
    |websocket_common| one is loaded by default via
    modules.default.conf, the other two are not.
    *Important:* if you use websockets then you need to load two modules
    now (instead of only one):

    |loadmodule "websocket"; loadmodule "webserver"; |

  * JSON-RPC <https://www.unrealircd.org/docs/JSON-RPC> API for
    UnrealIRCd. This is work in progress.
  * New |TLINE| command to test *LINEs. This can be especially useful
    for checking how many people match an extended server ban
    <https://www.unrealircd.org/docs/Extended_server_bans> such as
    |TLINE ~C:NL|
  * Logging to a file <https://www.unrealircd.org/docs/Log_block> now
    creates a directory structure if needed.
      o You could already use:

        |log { source { !debug; all; } destination { file
        "ircd.%Y-%m-%d.log"; } } |

      o But now you can also use:

        |log { source { !debug; all; } destination { file
        "%Y-%m-%d/ircd.log"; } } |

        This is especially useful if you output to multiple log files
        and then want them grouped by date in a directory.
  * When an IRCOp is outside the channel and does |MODE #channel| they
    will now get to see the mode parameters too. This depends on the
    |channel:see:mode:remote| operclass permission
    <https://www.unrealircd.org/docs/Operclass_permissions> which all
    IRCOps have by default if you use the default operclasses.
  * Add additional variables in blacklist::reason
    <https://www.unrealircd.org/docs/Blacklist_block>:
      o |$blacklist|: name of the blacklist block
      o |$dnsname|: the blacklist::dns::name
      o |$dnsreply|: the DNS reply code
  * Resolved technical issue so opers can |REHASH| from Websocket
    connections <https://www.unrealircd.org/docs/WebSocket_support>.
  * In the TLD block <https://www.unrealircd.org/docs/Tld_block> the use
    of |tld::motd| and |tld::rules| is now optional.


      Changes:

  * SSL/TLS: By default we now require TLSv1.2 or later and a modern
    cipher with forward secrecy. Otherwise the connection is refused.
      o Since UnrealIRCd 4.2.2 (March 2019) users see an on-connect
        notice with a warning when they use an outdated TLS protocol or
        cipher that does not meet these requirements.
      o This move also reflects the phase out of TLSv1.2 that happened
        in browsers in 2020/2021.
      o In practice on the client-side this requires at least:
          + OpenSSL 1.0.1 (released in 2012)
          + GnuTLS 3.2.6 (2013)
          + Android 4.4.2 (2013)
          + Or presumably any other SSL/TLS library that is not 9+ years old
      o If you want to revert back to the previous less secure settings,
        then look under ''Previous less secure setting'' in TLS Ciphers
        and protocols
        <https://www.unrealircd.org/docs/TLS_Ciphers_and_protocols>.
  * The code for handling |set::anti-flood::everyone::connect-flood|
    <https://www.unrealircd.org/docs/Anti-flood_settings#connect-flood>
    is now in its own module |connect-flood|. This module is loaded by
    default, no changes needed in your configuration file.
  * Similarly, |set:max-unknown-connections-per-ip|
    <https://www.unrealircd.org/docs/Set_block#set::max-unknown-connections-per-ip>
    is now handled by the new module |max-unknown-connections-per-ip|.
    This module is loaded by default as well, no changes needed in your
    configuration file.
  * Shipped PCRE2 library is now 10.41, curl-ca-bundle is now
    2022-10-11, also LibreSSL has been updated in the Windows build


      Fixes:

  * Fix crash when linking. This requires a certain sequence of events:
    first a server is linked in successfully, then we need to REHASH,
    and then a new link attempt has to come in with the same server name
    (for example because there is a network issue and the old link has
    not timed out yet). If all that happens, then an UnreaIRCd 6 server
    may crash, but not always.
  * Snomask |+j| <https://www.unrealircd.org/docs/Snomasks> was not
    showing remote joins, even though it did show remote parts and kicks.


      Developers and protocol:

  * Add |CALL_CMD_FUNC(cmd_func_name)| for calling commands in the same
    module, see this commit
    <https://github.com/unrealircd/unrealircd/commit/dc55c3ec9f19e5ed284e5a786f646d0e6bb60ef9>.
    Benefit of this is that it will keep working if we ever change
    command paramters.
  * Add |CALL_NEXT_COMMAND_OVERRIDE()| which can be used instead of
    |CallCommandOverride()|, see also this commit
    <https://github.com/unrealircd/unrealircd/commit/4e5598b6cf0986095f757f31a2540b03e4d235dc>.
    This too, will keep working if we ever change command parameters.
  * During loading and rehash we now set |loop.config_status| to one of
    |CONFIG_STATUS_*| so modules (and core) can see at what step we are
    during configuration file and module processing.
  * New RPC API. See the |src/modules/rpc/| directory for examples.
  * New function |get_nvplist(NameValuePrioList *list, const char *name)|

You can download UnrealIRCd from https://www.unrealircd.org/

-- 
Bram Matthys
Security and software eng...@vu...
Website:www.vulnscan.org
PGP key:www.vulnscan.org/pubkey.asc
PGP fp: EBCA 8977 FCA6 0AB0 6EDB  04A7 6E67 6D45 7FE1 99A6