UnrealIRCd 6.1.9 released

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

UnrealIRCd 6.1.9 is now available. This release fixes a number of bugs, 
such as IPv6 hosts not resolving in UnrealIRCd 6.1.8/6.1.8.1 and 100% 
CPU usage in some circumstances. It also changes the SSL/TLS defaults to 
make things a little safer/better. Unless major issues are found this 
should be the last release of 2024. Next stable release is expected in 
January/February 2025.

As always, you can download UnrealIRCd from unrealircd.org 
<https://www.unrealircd.org/> and on *NIX you can upgrade with 
./unrealircd upgrade. Do you like UnrealIRCd? Consider making a donation 
<https://www.unrealircd.org/index/donations> or order something from the 
shop <https://shop.unrealircd.org>.

      Enhancements:

  * SSL/TLS:
      o Change default TLS ciphers
        <https://www.unrealircd.org/docs/TLS_Ciphers_and_protocols> to
        only allow AES in GCM mode and no longer in CBC mode.
      o When using cURL for remote includes
        <https://www.unrealircd.org/docs/Remote_includes> we now
        explicitly set the minimum required version to TLSv1.2 and set
        our default ciphers and ciphersuites. Note that by default in
        UnrealIRCd 6 the built-in (non-cURL) implementation is used for
        remote includes, which already used these defaults. Also note
        that most distros, like Ubuntu and Debian, already required
        TLSv1.2 or later effectively in cURL.
      o Regarding default ecdh-curves: we now try to set the curves list
        to |x25519:secp521r1:secp384r1:prime256v1| first, and if that
        fails then we try |secp521r1:secp384r1:prime256v1|. The former
        could fail due to SSL library restrictions (old library or when
        in FIPS mode). Previously we were also supposed to do it like
        that, but due to a bug always had X25519 turned off.

      Fixes:

  * IPv6 hosts not resolving in UnrealIRCd 6.1.8 and 6.1.8.1.
  * 100% CPU usage in some (rare) circumstances. The IRCd is still fully
    responsive, but of course high CPU usage is never good.
  * Crash in |STATS S| (IRCOp-only) if having vhosts with autologin (and
    no vhost::login).
  * The Windows version did not allow tweaking of set::tls::ecdh-curves.

      Changes:

  * Update shipped libraries: c-ares to 1.34.3
  * Update Windows libraries: c-ares to 1.34.3, curl to 8.11.0 and
    LibreSSL to 4.0.0.
  * Added |HELPOP EXTSERVERBANS| to explain Extended server bans
    <https://www.unrealircd.org/docs/Extended_server_bans>
  * Added new UnrealIRCd PGP release signing key
    <https://forums.unrealircd.org/viewtopic.php?p=40832>

      Developers and protocol:

  * No changes, other than the SSL/TLS changes mentioned earlier.