Unreal3.2.5 released
Status: Beta
Brought to you by:
wildchild
Menu
▾
▴
Unreal3.2.5 released
|
From: Bram M. (Syzop) <sy...@un...> - 2006-06-17 20:53:32
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 A new Unreal3.2* version is out: 3.2.5 This release comes with several new features such as CGI:IRC host spoofing and time synchronization support. It also fixes a couple of important bugs. This is a recommended release. I would like to use this opportunity to do a call for help for UnrealIRCd, or more specifically: Unreal3.3*. A wiki for this has been created at http://dev.unrealircd.com/wiki/ Since we need fresh blood in the team, we are organizing a coders contest, for more info check out http://dev.unrealircd.com/wiki/Coders_Contest Special thanks for helping with this 3.2.5 release go to our testers team (and everyone else who tested) which helped testing the 3.2.5 release candidates, and to Dukat for recoding the testers site when we badly needed it. Release notes follow.. Unreal3.2.5 Release Notes ========================== If you are upgrading, please take a minute to read these release notes. *NIX Users: PREFIX_AQ is now enabled by default. See under 'CHANGED' below. ==[ GENERAL INFORMATION ]== - If you are upgrading on *NIX, make sure you run 'make clean' and './Config' first before doing 'make' - The official UnrealIRCd documentation is doc/unreal32docs.html online version at: http://www.vulnscan.org/UnrealIRCd/unreal32docs.html FAQ: http://www.vulnscan.org/UnrealIRCd/faq/ Read them before asking for help. - Report bugs at http://bugs.unrealircd.org/ - When upgrading a network, we assume you are upgrading from the previous version (3.2.4). Upgrading from 3.2.3 is ok as well. However, if you have a network running with servers that are several versions behind (eg: 3.2.1) then you might experience small (desynch) problems. Please also minimize the time you have multiple versions running, a few days or one week is generally not a problem, but having mixed versions on a network for several weeks or months is not recommended. ==[ NEW ]== - CGI:IRC Host spoofing support. This means you can mark certain CGI:IRC gateways as trusted, and then the IRCd will show the real IP/host everywhere for those users, instead of the IP/host of the CGI:IRC gateway. See docs section 4.36. - Time synchronization support. This is enabled by default and will synch the IRCd clock when Unreal is started. This should get rid of most time differences, though the clock can still be off 1-3 seconds. If for some reason no reply from the time servers is received within 3 seconds, then the IRCd will continue to boot as usual. Several set::timesynch::* settings have been added, including set::timesynch::enabled which you can set to 'no' to disable time synching (eg: because you already run ntpd). - NAMESX support. This (mostly) fixes a long-standing IRC protocol bug. If, for example, a user was +vo and then deops (-o), other clients could not always know the user was then still +v, now they can. Supported by XChat and newest mIRC. - Chained SSL certificates support - Russian doc/example.ru.conf and Turkish doc/unreal32docs.tk.html ==[ CHANGED ]== - PREFIX_AQ (the ~ and & symbols for +q and +a) are now ENABLED BY DEFAULT on *NIX. They have always been enabled on Windows, so it made sense to do the same for *NIX. Pretty much all major clients support it now (mIRC, xchat, irssi, epic, PJIRC, CGI:IRC, etc). - If DNS info (*NIX: /etc/resolv.conf, Win: registry) is updated, a '/REHASH -dns' now rereads this info, no restart needed anymore. - me::numeric can now be changed without a restart, if no servers are linked. - Improved windows crash info: we now create minidumps, this should aid debugging. - '/quote dns i' (as an oper) now shows nameserver info again - Local oper may now use /TRACE - If channel is +m but -t, you now need at least voice (+v) to change the topic. - When checking if someone is banned, we now always verify bans against the cloaked host, even if the user has a vhost and the cloaked host is not visible / unused. - Extra binary compatibility checks: (gcc) compiler version - Allow /*LINE'ing of literalident@* (eg: gline clones@*). Things like *clones@* are still denied though, and this will not be changed. Use services AKILL instead. - Command aliases: made empty parameters work if the alias allows it (eg, the alias uses .* as a regex and not .+) - Moved another 2K lines from core to modules, this means 31K lines are now in modules and can be upgraded on the fly. - Real Command Aliases: This makes it possible to, for example, alias '/GLINEBOT' to 'GLINE <param> 2d Bots are not permitted on this network, etcetc'. For more information, see the docs on the alias block and/or search for "glinebot" in doc/example.conf. - /etc/hosts is no longer checked (it never did before 3.2.3 either) ==[ MAJOR BUGS FIXED ]== - Spamfilter was not always working properly - MS Visual studio 2005 (8.x) was unable to compile Unreal and/or caused crashes - Certain IPv6 listen blocks could crash the ircd on-boot/on-rehash ==[ MINOR BUGS FIXED ]== - "Looking up your hostname" message was missing if set::options::show-connect-notice was enabled (other messages, like "looking up ident" were shown, however) - It was sometimes impossible to update a link { } block: all old settings would still be used, this happened if connfreq was low. This might also have caused crashes. - Netsynch problem, which could cause the wrong modes to be applied to a channel in some rare cases. - Setting set::maxdccallow to 0 (or lower) still allowed one entry to be added - Spamfilter oversized-checking is no longer done when removing a spamfilter - Operator count bug (there might still be others...) - Some chinese-* charsets could not be selected individually - No longer requiring a C++ compiler (was caused by resolver in 3.2.4) - Added workaround for "make: Permission denied" bug in some FreeBSD's ==[ REMOVED ]== - MS Visual Studio 6 support, but this did not work anymore anyway... ==[ KNOWN ISSUES ]== - Windows 2003: Crashes directly on-boot have been reported, while other W2003 servers work perfectly fine (including the one we used for testing). No pattern in this has been found yet, but the bug is somewhere in the resolver (c-ares). - Regexes: Be careful with backreferences (\1, etc), certain regexes can slow the IRCd down considerably and even bring it to a near-halt. In the spamfilter user target it's usually safe though. - Regexes: Possessive quantifiers such as, for example, "++" (not to be confused with "+") are not safe to use, they can easily freeze the IRCd. - Windows: The /RESTART command will work, but the second time you do a /RESTART the IRCd will "crash" with a dialogbox. ==[ CHANGELOG ]== Changes since 3.2.4: - Updated autoconf/configure.in to make newer autoconf's work (developers only), reported and patch provided by Xuefer (#0002798). Also rebuilt ./configure from configure.in with autoconf 2.59 from my own machine. - Updated autoconf/configure.in again (does not produce different ./configure output) - When set::options-show-connect-notice was enabled the "*** Looking up your hostname..." message was not being shown (all others were). Reported by fbi (#0002820). - Updated win32 compiling instructions; mention the free MS stuff that can be used to compile UnrealIRCd (untested though). - Added CGI:IRC host spoofing support. This means you can mark specific CGI:IRC gateways as "trusted" and the IRCd will show the users' _real_ host/ip everywhere on IRC, instead of the host/ip of the CGI:IRC-gateway. To do so you must set 'realhost_as_password' to 1 in your cgiirc.conf. And add the CGI:IRC gateway(s) you fully trust to set::cgiirc::hosts. - Fixed win32 compile problem due to CGI:IRC support, reported by therock247uk (#0002821). - Redid whole CGI:IRC support. Configuration is now moved to cgiirc { } blocks. We now support the webirc ('webirc_password' in CGI:IRC) method, which is kinda superior to the older method ('realhost_as_password'). See the Unreal documentation (section '4.36 - Cgiirc Block') for details on how to configure. - Changed quoting color in unreal32docs.. looks better now IMO (only English docs updated). - Fixed *BSD compile problem caused by changes of above, reported by 3rror (#0002823). - Added error message if c-ares failed to initialize, might help in case something is buggy (either with Unreal or the OS/environment). - Fixed (serious) bug in CGI:IRC code, IP's were often not right, reported by 3rror (#2824). - Fixed bug in currently unused code, reported by DeadNotBuried (#0002835). - Modulized NAMES command (can now be upgraded on the fly, if ever needed). - Added NAMESX support, seeing both mIRC (6.17) and XChat support this. What this does is send all rights of all users on the channel in the NAMES reply (eg: @+Syzop if the user is +ov) instead of only the highest one (@Syzop in previous example). We only do so if the client explicitly requested this via a NAMESX in a PROTOCTL message (eg: 'PROTOCTL NAMESX'). Note that there is a glitch: since most clients only send the PROTOCTL NAMESX after they see NAMESX listed in the 005 announce message this has the effect that if there are set::auto-join channels present (where users are automatically joined to by the server) the extended NAMES reply will not be sent for those channels, because from the IRC server' point of view the join happened before the PROTOCTL and hence it does not know the client wanted NAMESX at that point (the result is not catastrophic: the old-style NAMES is sent for those channels). Anyway, for all non-autojoin channels this works great. So still worth adding IMO. Originally suggested in #0000606. Side note: this does not mean we dropped the idea of (also) having a challenge-response system for good ;). - Updated win32 makefile due to m_names modulization, reported by Trocotronic (#0002838). - Actually committed src/modules/m_names.c... This tends to help with the compiling process. - Fixed possible netsplit problem (#0002790). - Partially redid m_message, moved some stuff to a subroutine, etc to avoid duplicate code - Rephrased/editted part of example.conf and unreal32docs to make it a littttttle bit easier for beginners / try to mention the FAQ a bit more explicitly. - CGI:IRC: gzlines, zlines, throttling, and unknown connect floods are now all checked for clients connecting trough a CGI:IRC gateway that is in cgiirc { }. This might also fix a bug where (g)zlines were not applied to CGI:IRC clients, reported by devil (#0002850). - Changed default PREFIX_AQ behavior to ON instead of OFF. Since basically all major IRC clients support it now (mIRC, xchat, epic, eggdrop, Klient, PJIRC, irssi, CGI:IRC, etc). It has always been weird that win32 had it ON by default and *NIX OFF, anyway. Naturally this change will be mentioned clearly in next release notes. - Fixed (unimportant) DNS resolver problem if using some LAN domains with digits at end, reported by Bock (#0002843). - Added minidump support for crashes to aid debugging a bit. - Added chained SSL certificates support, patch provided by justdave (#0002848). - Local opers may now use /TRACE (local only), suggested by GSF19 (#0002365). - Removed some odd code causing a 'my port is' message to appear in (f.e.) syslog, reported by rsc (#0002853). - Fixed CHROOTDIR compilation problem, reported by toshio (#0002854). - Improved CHROOTDIR documentation in include/config.h - Added error if CHROOTDIR is defined but IRC_UID isn't (in include/config.h). - Hide stats request if requested by an U-lined client. Suggested by vonitsanet (#0002865). - Made it so if the channel is +m but -t, you need at least voice (+v) to change the topic. Reported by aquanight (#0002233). - Made the windows installer better compress things (SolidCompression=true), suggested by Trocotronic (#0002877). - Added support for URL redirections in curl (if version >=7.15.1), suggested by Trocotronic (#0002879). - Made doc/compiling_win32.txt a bit more ugly (mention that only vstudio 7.x actually works at this moment). - c-ares (currently, a forked off version) enhancements: - '/quote dns i' now shows the nameserver settings (which is taken from /etc/resolv.conf on *NIX, and from the registry on Windows) - We no longer depend on a C++ compiler (was useless c-ares dependency caused by libtool) - '/REHASH -dns' now rereads the resolver data from resolv.conf/registry, no IRCd restart needed anymore. It's currently kinda experimental however, but I *think* it will work ok. Unfortunately the above features required some ugly hacks if curl was enabled, so if you use curl (Remote includes), feel free to test on your OS (Linux, but especially FreeBSD and the other *NIXes) to see if things still compile (make clean; ./Config && make). - Made the IRCd calculate the cloaked host only once upon connect, and store (cache) it. - When checking if a user is banned, we always check the cloakhost too. Previously we could not do this if the user had a /VHOST (=a minority of the cases, but still...). In short, this is some extra protection to combat ban evasion. - Performance of is_banned() *slightly* improved (just 1-2 usec, but 7 usec if no bans). - [Module coders] For extban routines, we now offer a routine extban_is_banned_helper(buf) which can be used instead of the ban_realhost/etc static chars stuff, see extban_modeq_is_banned for a (real-life) example of how this is used. - [Services coders!] Added PROTOCTL CLK (requires NICKv2) which adds an extra field in the NICK command (when a user connects) right before the infofield (gecos). The added field contains the cloaked host, that is: the masked host if +x would have been set. This field is ALWAYS sent, regardless of whether the user is actually +x or not. Services can then store this field in memory, to know the host of the user if the user is set +x (+x-t). This is a (better) alternative to PROTOCTL VHP, with no race conditions, and avoids some other VHP problems. VHP will stay supported though... so it's not mandatory to switch over. - Fixed set::maxdccallow setting to <=0 still allowing one entry to be set, reported by RSCruiser (#0002883). - Fixed Microsoft Visual Studio 2005 (8.x) unable to compile, and, after fixing that, causing a lot of crashes. Both are now fixed. Reported by Zell, Yamake, and others (#2875, #2704). Fix provided by Xuefer. This also gets rid of some annoying and useless compile warnings as well. Also thanks to Zell for his help. - Fixed null pointer config parser crash, reported by alkalinex (#0002894). - Added compiler version checking to "module binary incompatability"-check. This should fix some more odd problems from people (eg: people switching from GCC 3.x to 4.x and wondering why they are crashing or getting other errors). - Module coders: For cloaking, added a new callback type CALLBACKTYPE_CLOAK_EX (which is an enhanced version of CALLBACKTYPE_CLOAK). This passes 'aClient *sptr, char *host' instead of only 'char *host' to the cloaking module, which can be useful if you need to cloak on something other than IP/host. Suggested by fez (#0002275). Module may still provide only CALLBACKTYPE_CLOAK though, in fact this is what the official cloaking module does. So no updating of cloaking modules needed. If you do write a module with the new *_EX callback, you only need the *_EX one and not the CALLBACKTYPE_CLOAK as well (though it's currently np if both are present). A side-effect of this "extra cloaking" callback is that we needed to change make_virthost() which now has an extra parameter in front, and another side-effect is that calling the CALLBACKTYPE_CLOAK may not work since only *_EX might be available. To my knowledge there are very few modules (only 1 I know) that will have a problem due to this, so sounds like an affordable tradeoff. - Updated sendnotice() so it sends a proper notice if the user is in pre-connect stage. - Fixed bug with chinese-* charsets not getting detected properly by config parser. Reported and patch provided by Xuefer (#0002891). - Made it so me::numeric can be changed (when not linked to any servers) so no server restart is needed anymore (#0002896). - set::ssl::egd does not require a parameter per-se (bug caused few days ago), reported by Trocotronic (#0002899). - (multiple?) IPv6 listen blocks could cause a crash in config parser. Reported by Robby22 (#0002868). - Added error checking to (main) setuid/setgid calls. - Fixed implicit declaration compiler warning if compiling for ipv6. - Fixed some small memory leak on rehash. - Removed spamfilter-oversized-checking when trying to REMOVE one.. duh.. reported by satmd (#00029160). - Allow *lining of literalident@* such as clones@* (but not *clones@*), this is also as far as we want to go with regards to relaxing "too broad" checking... Just continue to use services AKILL for (other) "too broad cases", as many people (correctly) do. Change suggested by salama (#0002911). - Made empty command aliases work (no more "no text to send" error) if the alias finds it ok, which basically means if it allows .*. If you want to require a parameter, use .+ (or anything other in regex that requires at least one character). Suggested and patch provided by Nazzy (#0002722). - Fixed oper count bug which happened on /mode, this was our fault (can't blame services in this case ;p). Reported by KnAseN and many others (#0002581). There might still be other operator count bugs, but these are triggered by a different bug and may or may not be caused by services. - Added MINIMAL time synchronization support. This is enabled by default and will try to synchronize the IRCd clock (TSOffset) with a few good time servers. It currently only does this on-boot, but it will hopefully help a lot of people with most of their time differences. I still keep recommending anyone who can to run proper time-synchronization software such as ntpd/ntpdate on their servers. To disable time synchronization (eg: because you are already running ntp), you can simply set set::timesynch::enabled to no. The boot timeout for the timeserver response (=causes boot delay) can be configured via set::timesynch::timeout and is set to 3 seconds by default (range is 1s-5s), there should be no reason to change this. The time server can be configured by setting set::timesynch::server, the default is to use 3 time servers on 3 continents (US, EU, AU) which should be sufficient for anyone but if you got a good one near you you can use that one instead. The time protocol we use is (S)NTP v4. - Fixed some compile warnings for Windows - Updated windows compile instructions again. - Updated release notes - Added 'real' aliases, this are aliases that map to real commands, so you can for example map the command '/GLINEBOT <x>' to 'GLINE <x> 2d Bots are not allowed on this server, blabla'. See the documentation on the alias block for more information. doc/example.conf contains an example as well (search for "glinebot"). - Modulized: badwords system (src/badwords.c is now gone) and StripColors/StripControlCodes to m_message, multiple netsynch routines to m_server, send_list to m_list, a certain mode routine to m_svsmode, all /MSG IRC.. webtv stuff to src/modules/webtv.c which is compiled with m_message. This means another ~1500 lines of code are now in modules (and thus can be upgraded on the fly), which brings the total of modulized lines at 32K. - Fixed compilation error on FreeBSD and others caused by timesynch, reported by tigra (#0002921). - Fixed win32 compile problem cause by timesynch. - Updated release notes: more modulization and real command alias support. - Fixed crash in /STATS Z (possibly rare), reported by yasinbey (#0002929). - Win32 makefile/installer updates for new curl/ssl - Updated versions everywhere, bumped protocol to 2308 ** 3.2.5-rc1 release ** - Added doc/example.ru.conf, translated by Bock. - Deal with unsupported regexes added by remote servers (possible crash otherwise) - Fixed crash problem on win32 if TKL times were <0. Obviously it's hard to protect from such invalid server traffic, but figured in this case it might be a good idea since *NIX does not crash. - Made a note about possessive quantifiers, they are scary :P. - Made the "voice needed when channel is +m but -t" actually work, reported by Trystan and Ron2K (#0002940). - #undef STRIPBADWORDS did not work, reported by penna (#0002944). - Made the resolver no longer check /etc/hosts, since that's how it used to be and should be. Saves some useless file reads. - Fixed compile (well, configure) problem on FreeBSD if compiling with remote includes enabled. Reported by psadi (#0002941). - Added translated Turkish docs (doc/unreal32docs.tk.html), translated by tt` and Timaeus. - Fixed problem with IRCd using old link block settings if using a low connfreq, this made it for example near-impossible to remove autoconnect for such a server. Reported by mixx941 (#0002836). - Fixed problem if c-ares library is already installed system-wide, reported by Trystan. - Updated release notes a bit (will be updated more later): backrefs (\1) in regexes are kinda scary, or at least at the moment. - Removed PATCH5 from module version incompatibility system, so it can be used if we ever need to update stuff and not enforce modules to recompile.. Might be useful one day ;p - Updated list of donators ** 3.2.5-rc2 release ** - Updated release notes, bleh.. I forgot :P - Got rid of qline notice that could happen if using services holds (semi-race condition), reported and bugfix provided by tabrisnet (#0002950). - Made opers with can_override able to change the topic again if not chanop and banned/+m-t, reported by vonitsanet (#0002952). - Disable /RESTART if running chrooted since that won't work anyway, reported by kayelem (#0002956). - On certain (newer?) FreeBSD's you get "make: Permission denied" after ./Config, but when you do 'cd ..' and then 'cd -' again, make works just fine. This is going to be the most stupid workaround in history... Reported by vonitsanet and others (#0002926). ** 3.2.5-rc3 release ** - Updated doc/technical/005.txt - Mass version change (no code changes) ** 3.2.5 release ** As usual, you can get it from http://www.unrealircd.com/ All our releases are PGP signed (well, with GPG) with our releases key: rel...@un... [0x1C8A554E] which you can grab from http://www.unrealircd.com/pgp/release_key.asc This is the same release key that was used for signing 3.2.3 and 3.2.4. More info about this is shown when downloading. We no longer provide MD5/SHA1 checksums because we feel they are too insecure. Thank you for using UnrealIRCd! The UnrealIRCd Team. - -- Bram Matthys Software developer/IT consultant sy...@vu... PGP key: www.vulnscan.org/pubkey.asc PGP fp: 8DD4 437E 9BA8 09AA 0A8D 1811 E1C3 D65F E6ED 2AA2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (MingW32) iD8DBQFElGvU4cPWX+btKqIRAmZ1AJ44Mp0/Mndp3639zDySnd8TPL7T9QCfQW8Q qKImAnOUCdt5b21TM8eM/yk= =O1P3 -----END PGP SIGNATURE----- |
