unreal-users

[Unreal-users] UnrealIRCd survey - give your feedback, and help us decide where to work on

[Bram M. <sy...@un...>]

Hi everyone,

We've launched an UnrealIRCd survey at http://survey.unrealircd.com/

The purpose of this survey is to give us a good idea of what people think
about UnrealIRCd, how it's being used, and - even more important - in what
areas we should improve.

The results of the survey will help us decide where to work on, mainly with
regards to the development of the new Unreal3.4.x series, but also in other
areas.

If you're satisfied with UnrealIRCd, not satisfied at all, or anywhere in
between, now is the time to tell us.

Thanks a lot in advance for your time!

Bram Matthys (Syzop) / The UnrealIRCd team.

-- 
Bram Matthys
Software developer/IT consultant        sy...@vu...
Website:                                  www.vulnscan.org
PGP key:                       www.vulnscan.org/pubkey.asc
PGP fp: EBCA 8977 FCA6 0AB0 6EDB  04A7 6E67 6D45 7FE1 99A6

Re: [Unreal-users] please help me aoubt bot.motd

[Brett K. <br...@th...>]

----- Original Message -----
From: "Allen.Zhen" gmail.com>
To: unr...@li...
Sent: Saturday, January 26, 2013 12:33:16 PM
Subject: [Unreal-users] please  help me aoubt  bot.motd

>Sorry,maybe my smtp config error,cause I received bounce.

I got your first email from the mailing list. ;)

>Hi everybody,
>Could u help me about bot.motd guide?
>I used UnrealIRCd 3.2 and I wanna set up a IRC bot for my server!
>But http://www.unrealircd.com/files/docs/unreal32docs.html just told me
>I need a file "bot.motd" and I should append on the unrealircd.conf
>"files" section. Nothing more.

You do not need to append anything on the conf file if you have the bot.motd file in the default directory.
You should place your bot.motd file in the same place as your ircd.motd, (where your unrealircd.conf file is) that also goes for ircd.rules if you use that. Make the file, put whatever you want into it, rehash, then check it by doing /botmotd when connected.

>And the BOPM - http://blitzed.org/bopm/ returned 404 - Not found.
You can download BOPM here: http://static.blitzed.org/www.blitzed.org/bopm/files/

Sincerely,
Brett

MCForge.net Network Admin
Proud Atheme Services User

Re: [Unreal-users] please help me aoubt bot.motd

[tabris <ta...@ta...>]

On 01/26/2013 07:35 AM, Allen.Zhen wrote:
> Hi everybody,
> Could u help me about bot.motd guide?
> I used UnrealIRCd 3.2 and I wanna set up a IRC bot for my server!
> But http://www.unrealircd.com/files/docs/unreal32docs.html just told me
> I need a file "bot.motd" and I should append on the unrealircd.conf
> "files" section. Nothing more.
> And the BOPM - http://blitzed.org/bopm/ returned 404 - Not found.
>
> Warmest Regards,
> Allen Zhen
>

There's nothing specifically required in a bot.motd. I don't even think
it's _required_ to exist.


but in either case, ircd.motd and bot.motd are basically plaintext files
(plus some colour/formatting possible).

[Unreal-users] Fwd: please help me aoubt bot.motd

[Allen.Zhen <zd...@gm...>]

Sorry,maybe my smtp config error,cause I received bounce.
I wanna set up a IRC bot.
Could you tell me the format about the bot.motd?

Hi everybody,
Could u help me about bot.motd guide?
I used UnrealIRCd 3.2 and I wanna set up a IRC bot for my server!
But http://www.unrealircd.com/files/docs/unreal32docs.html just told me
I need a file "bot.motd" and I should append on the unrealircd.conf
"files" section. Nothing more.
And the BOPM - http://blitzed.org/bopm/ returned 404 - Not found.

Warmest Regards,
Allen Zhen

[Unreal-users] please help me aoubt bot.motd

[Allen.Zhen <zd...@gm...>]

Hi everybody,
Could u help me about bot.motd guide?
I used UnrealIRCd 3.2 and I wanna set up a IRC bot for my server!
But http://www.unrealircd.com/files/docs/unreal32docs.html just told me
I need a file "bot.motd" and I should append on the unrealircd.conf
"files" section. Nothing more.
And the BOPM - http://blitzed.org/bopm/ returned 404 - Not found.

Warmest Regards,
Allen Zhen

[Unreal-users] Unreal3.2.10 released & Unreal3.4 development

[Bram M. <sy...@un...>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Happy Holidays everyone!

We have released UnrealIRCd 3.2.10. This release contains quite a number of
new features, but also a couple of minor bugs have been fixed. For a summary
of the changes, see the Release Notes below.

I would also like to announce that we have started development on UnrealIRCd
3.4. This means we now have two branches:
Unreal3.4 is where all (experimental) development takes place. The goal is
to have a lot of major changes and new features in 3.4, and after a while
start releasing beta's so we can have a 3.4 stable release somewhere in 2014.
Until then, Unreal3.2 will remain our stable branch, and bugfixes from 3.4
will be backported to 3.2.
The UnrealIRCd 3.2.x series will continue to be maintained until the 3.4
version has been declared stable, and for some time after that too.

To help us actually achieve this, nenolod has been added as a developer for
3.4.x. Other developers will hopefully hop in later. If you are a C
developer and interested in helping out, then send an e-mail to
sy...@un... or hop by in #unreal3-devel @ irc.unrealircd.com.

As always, you can download UnrealIRCd from http://www.unrealircd.com/

Release Notes:

==[ NEW ]==
* Improved socket engine. This brings some performance improvements and
  also makes it easier to configure a system to hold more than 1024
  clients (no more editing of header files on Linux!).
* ESVID support: services can communicate the account name of the user
  back to the IRCd. This only works on ESVID-capable services:
  * Extban ~a:<accountname>: matches users who are logged in to services
    with that account name.
  * Show account name in /WHOIS
* CAP support: this enables clients to enable certain features more easily.
  Can be disabled through set::options::disable-cap.
* Now that STARTTLS is advertised in CAP it is likely to be used more often.
* away-notify: informs clients of AWAY state changes of users on the same
  channels, for clients that support this.
* account-notify: similar to away-notify, inform clients of changes in the
  login status and account name used by other clients on the same channels.
* SASL support. To use this, and if your services support this, you point
  set::sasl-server to your services server.
* Server-side MLOCK support: the IRCd will prevent channel mode changes
  depending on the MLOCK setting in services. Requires special support
  from services for this feature.
* User Mode +I (IRCOp only): hide idle time
* auth-method 'sslclientcertfp': authenticate users using an SSL client
  certificate by the SHA256 fingerprint of that certificate.
  The documentation has a new section (3.19) called 'Authentication Types'
  which contains an (improved) example of how to use SSL client certificate
  authentication instead of regular passwords.
* oper::require-modes: an optional setting, which can be used to require
  users to have certain user modes (such as 'z') before they can /OPER up.
* allow/deny channel: you can now optionally specify a class here as an
  extra filter.
* doc/example.es.conf: Spanish translation of example configuration file.
* There have also been some behavior changes, which can be considered NEW,
  see next section (CHANGED).

==[ CHANGED ]==
* Anti-spoof protection (ping cookies) can now be enabled/disabled at
  run-time through set::ping-cookie [yes|no]. The default is 'yes' (enabled)
* A quit with 'Ping timeout' now shows the number of seconds since the ping.
* Print out a warning if we can't write to a log file.
* Refuse to boot if we can't write to ANY log file.
* Windows: if an SSL certificate exists, then uncheck the 'generate SSL
  certificate' checkbox by default.
* *NIX with SSL: We now ask in ./Config if you want to generate an SSL
  certificate. The certificate is then copied when you run 'make install'.

==[ MAJOR BUGS FIXED ]==
* Windows SSL crash (this issue was already fixed in 3.2.9-SSL-fix)
* Other than that, none?

==[ MINOR BUGS FIXED ]==
* Various compile problems, in particular with remote includes enabled.
* Windows: the installer sometimes insisted that the Visual C++ 2008
  redistributable package was not installed, when it actually was there.
* Windows: MOTD file date/time was always showing up as 1/1/1970.
* And more... see Changelog

==[ REMOVED / DROPPED ]==
* Windows 9X is no longer supported
* The networks/ directory has been removed

==[ FULL CHANGELOG ]==
For the full list of changes, see 'FULL CHANGELOG' at
http://www.unrealircd.com/txt/unreal3_2_10_release_notes.txt


- -- 
Bram Matthys
Software developer/IT consultant        sy...@vu...
Website:                                  www.vulnscan.org
PGP key:                       www.vulnscan.org/pubkey.asc
PGP fp: EBCA 8977 FCA6 0AB0 6EDB  04A7 6E67 6D45 7FE1 99A6

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)

iF4EAREIAAYFAlDcTR8ACgkQbmdtRX/hmaYMggD8DlYWqh4DhqYnd4dNRo4jaE9z
odRmXcD9+2iogjhrsV8A/Anpw7ND5KydRAPIVTHO2KbZIugOtx8r5NVf5XBvZgYi
=bHtO
-----END PGP SIGNATURE-----

[Unreal-users] Security: DoS issue in UnrealIRCd 3.2.9 Windows SSL version

[Bram M. <sy...@un...>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

SECURITY ADVISORY
==================

A serious issue has been found in the Windows SSL versions of UnrealIRCd
3.2.9 and 3.2.10-rc1. This issue allows someone to remotely crash the server.

Admins of affected systems should upgrade immediately.

Note that only Windows versions with SSL support are affected.

==[ AFFECTED VERSIONS ]==
Vulnerable versions:
* 3.2.9 on Windows with SSL support
* 3.2.10-rc1 on Windows with SSL support
Not vulnerable:
* 3.2.9 and 3.2.10-rc1 on *NIX (Linux, FreeBSD, ..)
* 3.2.9 and 3.2.10-rc1 on Windows without SSL support
* 3.2.9-winsslfix and 3.2.10-rc1-winsslfix
* 3.2.8.1 and earlier

If you are unsure which version you are using, then follow this procedure:
Type /VERSION on IRC (on some clients you might have to type /QUOTE VERSION)
This should return a string like:
Unreal3.2.9. server.name FhinWXeOoZE
This contains the version number, the server name, and the compile flags.
You are vulnerable if ALL these three conditions are met:
* The version is 'Unreal3.2.9' or 'Unreal3.2.10-rc1'
* The compile flags contain a 'W' (this means you're on Windows)
* The compile flags contain a lower case 'e' (this means you're using the
SSL version)

Fixed Windows SSL versions can be identified by having 'winsslfix' in their
version name.

==[ SHOULD I UPGRADE? ]==
If you are using any of the vulnerable versions then you should upgrade
immediately as this is a serious issue.
Unfortunately there are no mitigating factors: even if you don't actually
use SSL, or if you have password-protected your server or hub, then you are
still vulnerable to this particular attack.

==[ FIXED VERSIONS ]==
New Windows SSL versions are available from:
http://www.unrealircd.com/

There's no update for *NIX or the non-SSL Windows version, as these are safe
and thus do not require any update.

==[ IMPACT ]==
This issue will result in a direct server crash.
There's no possibility to execute any code, nor is there any information
disclosure.

==[ CVSS ]==
CVSS v2.0 report:

Confidentiality Impact:  None
Integrity Impact:        None
Availability Impact:     Complete

Access Vector:           Network
Access Complexity:       Low
Authentication:          None

CVSS Base Score:         7.8

Availability of exploit: Proof of concept code[*]
Type of fix available:   Official fix

CVSS Temporal Score:     6.1

[*] Proof of concept / exploit is currently not public. This is expected to
change soon after the release of this security bulletin.

==[ TIMELINE ]==
Times are in UTC
2012-11-11 19:20    Bug reported
2012-11-12 11:03    Bug confirmed by developer
2012-11-12 11:22    Bug traced
2012-11-12 13:45    Fixed versions compiled and packaged
2012-11-12 14:00    Security announcement

==[ SOURCE ]==
This advisory (and updates to it, if any) is posted to:
http://www.unrealircd.com/txt/unrealsecadvisory.20121112.txt


- -- 
Bram Matthys
Software developer/IT consultant        sy...@vu...
Website:                                  www.vulnscan.org
PGP key:                       www.vulnscan.org/pubkey.asc
PGP fp: EBCA 8977 FCA6 0AB0 6EDB  04A7 6E67 6D45 7FE1 99A6

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)

iF4EAREIAAYFAlChAioACgkQbmdtRX/hmaaJagD/SeYBCHWPLYKsCVnrQXCFZ6Kh
AKiFc9rTkZQlo1O3lw4A/0eBASkAWWiaBVTGw1oOiwUk44vzRYO3KSbD3cuv0mBk
=JKvV
-----END PGP SIGNATURE-----

[Unreal-users] Unreal3.2.9 released

[Bram M. <sy...@un...>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all,

It has been more than 2 years since last stable release (3.2.8.1) and
4 months since last release candidate. Now, finally, UnrealIRCd 3.2.9 is out!
There have been 212 changes since previous release which is almost the same
as previous THREE stable releases combined.
The changes consist of the usual amount of bugfixes, however also a
substantial amount of new features have been added.
See the Release Notes below for a summary of the changes.

As usual, you can download UnrealIRCd from http://www.unrealircd.com/

MD5 checksums:
520df93a0f82b33a21f650ad7a8a2eda  Unreal3.2.9-SSL.exe
fb10daa6d4b37cba2e57ecae4b4fdec3  Unreal3.2.9.exe
bde023695347969f545ce5f2a9ac9aed  Unreal3.2.9.tar.gz

SHA1 checksums:
1ab39b4166bb796fc22a0bd0bff300142592372a  Unreal3.2.9-SSL.exe
1d5704e44182d35849fbca498e2aa72b40286fec  Unreal3.2.9.exe
0bb9d84ce6e4a395fda86e7d6250b7016cfeb913  Unreal3.2.9.tar.gz

Special thanks go to binki, who did a considerable amount of work to
make this release possible.

Also thanks to everyone who contributed to UnrealIRCd, whether it is
by doing support, reporting bugs, or just by using our software,
helping us to maintain our position as the most widely used IRCd.

Thanks,

	Syzop / The UnrealIRCd Team.

Unreal3.2.9 Release Notes
==========================

==[ GENERAL INFORMATION ]==
* If you are upgrading on *NIX, make sure you run 'make clean' and './Config'
  first, before doing 'make'
* The official UnrealIRCd documentation is doc/unreal32docs.html
  online version at: http://www.vulnscan.org/UnrealIRCd/unreal32docs.html
  FAQ: http://www.vulnscan.org/UnrealIRCd/faq/
  Read them before asking for help.
* Report bugs at http://bugs.unrealircd.org/
* When upgrading a network, we assume you are upgrading from the previous
  version (3.2.8/3.2.8.1). Upgrading from 3.2.6 or 3.2.7 should also be no problem.
* The purpose of the sections below (NEW, CHANGED, MINOR, etc) is to be a SUMMARY
  of the changes in this release. There have been 160+ changes, twice as much
  as usual for a release, hence this summary is a bit long too.
  For the FULL list of changes, see the Changelog.
* If you previously used CVS to access the development version of UnrealIRCd,
  you now need to use Mercurial, see see http://www.unrealircd.com/hgmove

==[ NEW ]==
* Extban ~j: this only prevents a user from joining, once in he can speak freely.
* Extban ~R:<nick>: this ban only matches if <nick> is a registered user (has
  identified to services). Especially useful in cases like: +e ~R:TrustedUser.
* Stacked Extended Bans:
  * Extbans are now split in two groups:
    * Ones that specify which user actions are affected (group 1):
      ~q (quiet), ~n (nick change), ~j (join)
    * Ones that introduce new criteria that can be used (group 2):
      ~c (channel), ~r (realname), ~R (registered)
  * With stacked extbans you can combine an extban of the first group with the second
    For example: ~q:~c:#lamers would quiet all users who are also in #lamers
* Extended Invex: very much like extended bans, but for +I (Invite Exception).
  Currently supported are: ~c (channel, ~r (realname) and ~R (registered) [=group 2]
  Possible useful uses are setting a channel +i (invite only) and then setting
  +I ~c:#trustedchan (or even: +I ~c:+#trustedchan) while still retaining the ability
  to easily ban users through +b.
* Channel Mode +Z: indicates whether a channel is 'secure' or not.
  This channel mode works in conjunction with +z (lower case z).
  While +z (normally) prevents new non-SSL users from joining, sometimes they
  can still join, like when after a netsplit the channels merge again.
  When all users on the channel are connected through SSL, the channel is set +Z
  by the server. Whenever an insecure user joins, the channel is put -Z.
* Remote MOTD support: you can now specify an URL instead of a file
* Automatic installation of curl (w/c-ares) if you answer 'Yes' to remote includes
* One can now rehash ALL servers with the command '/REHASH -global'. This can be
  particularly useful if you use remote includes or MOTD's. NetAdmin only command.
* files { } block by which you can configure the location of the tune file, pid, etc
* STARTTLS: On an IRCd compiled with SSL support this allows a client to start a SSL
  session on a regular non-SSL port (like 6667). Only supported by a few IRC clients.
  Can be disabled by setting set::ssl::options::no-starttls
* set::uhnames: this allows one to turn UHNAMES off ('no'), which can be a good idea
  if you have channels with more than 1000 users, as otherwise the nicklist can take
  several seconds to load. Defaults to on ('yes').
* IPv6 clones detection support: allow::ipv6-clone-mask determines the number of bits
  used when comparing two IPv6 addresses to determine if allow::maxperip is exceeded.
  This allows an admin to recognize that most IPv6 blocks are allocated to individuals,
  who might each get a /64 IPv6 block. set::default-ipv6-clone-mask defaults to 64 and
  provides default value for the allow blocks.
* The m_nopost module is now part of Unreal: this defends against the Firefox/
  Javascript 'XPS attack' which uses HTTP POST to create dummy IRC bots.
* There have also been some behavior changes, which can be considered NEW, see
  next section (CHANGED).

==[ CHANGED ]==
* Channel Mode +z: due to the +z/+Z changes, some things have changed:
  * +z can now be set even when insecure users are present
    (the channel will then be set +Z when the last insecure user leaves)
  * An oper previously had to invite himself and then join the channel
    with the key 'override' to set -z. This is no longer needed.
    The channel stays +z, but will be set -Z when the oper joins.
* Remote includes: if a remote include fails to load (eg: webserver down) then
  the most recent (cached) version of that remote include will be used, and the
  IRCd will still boot and be able to REHASH. This means it is now 'safe' to
  use remote includes on a network, without risking problems like unable to
  rehash in case of webserver problems.
* set::level-on-join now supports voice/halfop/protect/owner
* Backslashes (\) in MOTD/RULES files are no longer considered special, this
  might mean that you have to change some escaped backslashes (\\) to \.
* '/REHASH -motd' really rehashes ALL MOTD/OPERMOTD/BOTMOTD/RULES files, both
  the 'normal' files and the ones in tld { } blocks.
* The 'Compile as hub/leaf' choice is now gone, as it didn't do anything.
* Better document 'sslclientcert' in the Oper Block documentation.
  This allows one to authenticate against a SSL certificate for /OPER, instead
  of using a password.

==[ MAJOR BUGS FIXED ]==
* If you have autoconnect with a low connfreq, previously you often risked getting
  'Server exists' errors and 'breaking' the network. Now, the server handshake has
  been redesigned which means this will no longer happen. You can now safely have
  a low connfreq of - for example - 10 seconds.
* Windows: 'Permission denied' errors when starting Unreal
* A crash on some new Linux systems when replacing .so files
* Solaris & QNX: Compile problems
* IPv6: admins no longer have to tweak sysctl, like on FreeBSD & newer Linux systems
* IPv6: IPv4 ip's in link::bind-ip did not work properly which made the IRCd either
  not bind to the correct IP, or - like on FreeBSD - made it unable to link at all.
* A very rare crash on outgoing connect

==[ MINOR BUGS FIXED ]==
* autoconnect not working if TS offset was negative (for the duration of the offset)
* CGI:IRC & IPv6: sometimes a users' IP was incorrectly formatted, causing 'ghosts'
* Mac OS X: permission problems
* Several installation issues with curl
* SSL: No more 'Underlying syscall error', the actual error is now shown
* And many more... see Changelog

==[ KNOWN ISSUES ]==
* Regexes: Be careful with backreferences (\1, etc), certain regexes can slow the
  IRCd down considerably and even bring it to a near-halt. In the spamfilter user
  target it's usually safe though. Slow spamfilter detection can help prevent the
  slowdown/freeze, but might not work in worst-case scenario's.
* Regexes: Possessive quantifiers such as, for example, "++" (not to be confused
  with "+") are not safe to use, they can easily freeze the IRCd.

==[ CHANGELOG ]==
Full list of changes since previous release (3.2.8.1):
* Fixed compile issue on Solaris regarding c-ares (-lrt), reported and
  test shell provided by fraggeln (#0003854).
* Improved automatic SSL detection on Solaris (/usr/sfw), reported by
  fraggeln (also #0003854).
* Don't do show-connect-info on serversonly ports
* Fixed crash on Linux (with a 'new' dynamic linker) when a module has
  been updated and then reloaded. From now on we just copy to a tempfile,
  and never hardlink. (bug #3557).
* Print out an error if a user uses standard ./configure stuff instead of
  ./Config. Won't catch all cases, but will definitely catch most problems.
* Update some urls
* Added ./configure option called --with-system-tre by which you can specify
  a path to the TRE library (instead of using the TRE we ship with Unreal).
  Patch provided by ohnobinki (#0003842).
* Applied another patch from ohnobinki which adds --with-system-cares
  (#0003847).
* Comitted Windows Installer fix that was put in 3.2.8.1, fixing
  #0003845 and #0003809 (MS Visual Studio Redistributable package automatic
  installation).
* Fix /VERSION output on Windows, especially for Vista and newer Windows,
  patch from BuHHunyx and Bock (#0003846).
* Fixed issue where a negative time offset (either caused by ircd.tune or
  timesynch) made autoconnect not work for the duration of the offset
  (eg: -60 would make autoconnect wait 60 seconds after boot, instead of
  autoconnecting almost immediately). Reported by aragon (#0003853).
* class name 'default' is reserved. Using it caused the ircd to crash
  on-boot, reported by Dragon_Legion (#0003864).
* Fixed IPv4 ip's in link::bind-ip on IPv6 builds. This caused issues ranging
  from not binding to that ip when linking, to not being able to link at
  all. Also fixed a very small memory leak upon /REHASH. Bug reported by
  Mr_Smoke (#0003858).
* Applied patch from k4be (#0003866) which introduces a new packet hook
  (HOOKTYPE_PACKET). Replacing the 'text to be sent' to a client is
  supported, which allows character(set) conversion in a module.
  Note that modifying an incoming message by the hook is not supported.
* Applied patch from ohnobinki (#0003863) which makes run-time configuration
  of files (tune, pid, motd) possible.
* Fixed bug reported by mut80r (#0003867) where locops didn't get a
  proper vhost when set::hosts::local had a 'user@host' syntax instead of
  just 'host'. Also fixed a bug with regards to +x on-oper with locops.
* When an incorrect command line argument is passed, the IRCd will no longer
  boot. Previously it said 'Server not started' but started anyway.
  Reported and patch provided by ohnobinki (#0003870).
* Added special caching of remote includes. When a remote include fails to
  load (for example when the webserver is down), then the most recent
  version of that remote include will be used, and the ircd will still boot
  and be able to rehash. Even though this is quite a simple feature, it
  can make a key difference when deciding to roll out remote includes on
  your network. Previously, servers would be unable to boot or rehash when
  the webserver was down, which would be a big problem (often unacceptable).
  The latest version of fetched urls are cached in the cache/ directory as
  cache/<md5 hash of url>.
  Obviously, if there's no 'latest version' and an url fails, the ircd will
  still not be able to boot. This would be the case if you added or changed
  the path of a remote include and it's trying to fetch it for the first time.
  To disable this new behavior, check out REMOTEINC_SPECIALCACHE in
  include/config.h.
* set::level-on-join now also supports voice, halfop, protect and owner.
  Requested by katsklaw (#0003852). Partial patch provided by katsklaw and
  morpheus_pl.
* Added initial support for "stacked" extbans. Please see the Changelog item
  further down (250 lines or so) for more information, as it was heavily
  reworked later on and the API was changed.
* Misc fix for disabling stacked extbans, should've done stuff in our autoconf
  stuff instead of hacking configure directly :P .
* Made the timesynch log output more clear and understandable.
* Added an 'UnrealIRCd started' log message on startup.
* Added support for STARTTLS. This allows users to switch to SSL without
  having to use a special SSL-only port, they can simply switch to SSL on
  any port. This is currently only supported by few clients (such as KVIrc 4).
  This functionality can be disabled by setting set::ssl::options::no-starttls,
  for example if you don't want to offer SSL to your users and only want it
  to be used for server to server links.
  Naturally, the IRCd must be compiled with SSL support for STARTTLS to work.
* Fixed SSL_ERROR_WANT_READ in IRCd_ssl_write()
* Use RPL_STARTTLS/ERR_STARTTLS numerics
* Removed log target 'kline' from documentation, as it didn't do anything
  (use 'tkl' instead). Reported by nephilim and Stealth (#0003849).
* Server protocol: added PROTOCTL EAUTH=servername, which allows us to
  authenticate the server very early in the handshake process. That way,
  certain commands and PROTOCTL tokens can 'trust' the server.
  See doc/technical/protoctl.txt for details.
* Server protocol: between new Unreal servers we now do the handshake a
  little bit different, so it waits with sending the SERVER command until
  the first PROTOCTL is received. Needed for next.
* Server protocol: added PROTOCTL SERVERS=1,2,3,4,etc by which a server can
  inform the other server which servers (server numeric, actually) it has
  linked. See doc/technical/protoctl.txt and next for details.
* When our server was trying to link to some server, and at the same time
  another server was also trying to link with us, this would lead to a
  server collision: the server would link (twice) ok at first, but then a
  second later or so both would quit with 'Server Exists' with quite some
  mess as a result. This isn't unique to Unreal, btw.
  This happened more often when you had a low connfreq in your link blocks
  (aka: quick reconnects), or had multiple hubs on autoconnect (with same
  connfreq), or when you (re)started all servers at the same time.
  This should now be solved by a new server handshake design, which detects
  this race condition and solves it by closing one of the two (or more)
  connections to avoid the issue.
  This also means that it should now be safe to have multiple hubs with low
  connfreq's (eg: 10s) without risking that your network falls apart.
  This new server handshake (protocol updates, etc) was actually quite some
  work, especially for something that only happened sporadically. I felt it
  was needed though, because (re)linking stability is extremely important.
  This new feature/design/fix requires extensive testing.
  This feature can be disabled by: set { new-linking-protocol 0; };
* Made ./Config description about remote includes a bit more clear.
* When you now answer Yes to Remote includes in ./Config and $HOME/curl does
  not exist, it now asks you if you want to automatically download and
  install curl (which is done by ./curlinstall).
  This has been tested on Linux, further testing on f.e. FreeBSD is required.
* Fixed a /RESTART issue on Linux: Unreal did not properly close all file-
  descriptors. Because of this, Unreal did not restart properly as you would
  get an "Address already in use" error. This only seemed to happen when
  logging to syslog, or when there was something wrong with syslogd.
  Reported by Mouse (#0003882).
* Fixed a similar issue with syslog (and debugmode) and closing fd's as well:
  the first port we listened on would not open up, ircd did not log any error.
* Added set::uhnames setting which can be used to disable uhnames by setting
  it to 'no', the default is 'yes' (on). Requested by Robin (#0003885) as
  UHNAMES may increase the time of the nick list being loaded from 1 to 4
  seconds when joining several channels with more than 1000 users. As this
  problem is only present on some networks, we keep UHNAMES enabled by default.
* Added patch from ohnobinki (#0003888), only slightly edited, which improves
  curl detection, added checks to see if curl actually works (print out a
  clear curl error during configure, instead of getting an error during
  'make'), and we now error when using --enable-libcurl without
  --with-system-cares if the system curl depends on c-ares. This is because
  this can cause ABI incompatability between curl's c-ares and our c-ares,
  which leads to odd issues such as:
  Could not resolve host: www.example.net (Successful completion)
  And possibly other weird issues, perhaps even crashes.
* Patch from above is (temp.) reverted, Unreal wouldn't compile without curl.
* Reverted the revert and updated one line to fix the fix.
* Fix for --with-system-cares, reported and patch provided by ohnobinki
  (#0003890).
* Another c-ares fix for Solaris 10, this time it had to do with
  PATH_SEPARATOR, the exact error was: error: PATH_SEPARATOR not set.
  Reported by j0inty, patch provided by ohnobinki (#0003887).
* Updated pkg-config m4 macro (now 0.23) for configure, patch from ohnobinki
  (#0003889).
* Better document /REHASH flags. No longer document some flags as they are
  redundant and confusing. Also removed an old statement saying k-lines would
  be erased on rehash which is not true. Documented '/rehash -dns'.
  Reported by ohnobinki (#0003881).
* We now no longer treat \ (backslash) in *MOTD and RULES files as special.
  Previously this caused some really odd behavior. Backslashes are now
  treated as-is, so no special escaping is necessary. Reported by DelGurth
  (#0003002).
* Removed old dgets() and crc32 function (code cleanup)
* Updated ./Config description for NOSPOOF, it already said it protects
  against HTTP POST proxies, now added some extra text to say it also
  protects against the Firefox XPS IRC Attack. Also made NOSPOOF enabled by
  default on *NIX (this was already the case on Windows).
* Updated ./Config description for DPATH. Seems quite some people answer
  this question wrong, and when that happens, you only get some obscure
  error when running './unreal start'.
* Fixed 'unreal' script to give a better error if it cannot find the IRCd
  binary.
* Made '/REHASH -motd' really rehash *all* MOTD, OPERMOTD, BOTMOTD and RULES
  files. Reported by bitmaster (#0003894).
* IPv6: it seems some recent Linux dists decided to make IPv6 sockets
  IPv6-only, instead of accepting both IPv4&IPv6 on them like until now.
  FreeBSD (and other *BSD's) already did that move a few years back,
  requiring server admins to sysctl.
  We now make use of a new option to explicitly disable "IPv6-only".
  This should work fine on Linux.
  Whether it provides a complete solution for FreeBSD, I don't know, testing
  is welcome! In theory setting net.inet6.ip6.v6only to 0 should no longer
  be needed, but you might still need to enable ipv6_ipv4mapping.
* Fix stupid issue where current CVS would no longer link TO an earlier
  Unreal server (eg: outgoing connect to a 3.2.8 hub). Reported by ohnobinki
  (#0003901).
* Update Unreal.nfo with information about new support network setup (#0003904)
* Remove the ``Compile as hub/leaf'' concept as I'm quite sure this doesn't
  actually do anything (#0003891)
* Clarify/expand alias block documentation, especially for alias::type=command;
  (#0003902)
* Fix -DDEFAULT_PERMISSIONS=0 support. Previously, support.c:unreal_copyfile()
  would create files with no permissions, breaking loadmodule. (#0003905)
* Remove m_addline from commands.so
* Removed ugly ``files {} got initialized!'' message.
* SVSMODE now triggers HOOKTYPE_UMODE_CHANGE and HOOKTYPE_REMOTE_CHANMODE.
* Added chmode +r to HTML documentation.
* ./Config now remembers extra/custom ./configure parameters.
* Fixed bug in CVS where the ban exempt (+e) handling was reversed: if a
  non-matching +e was present, one could walk through bans. Reported by
  tabrisnet (#0003909). Bug was caused by stacked extbans.
* Partially fixed bug where IPv4 addresses were randomly mishandled by the
  cgiirc code, resulting in the sockhost/hostmask being set to something like
  ::ffff:127.0.0.1, which confused the s2s protocol. Reported by tabrisnet
  (#0003907). Also, reject incorrectly formed hostnames from WEBIRC command.
* More strict sockhost (hostmask) checking in m_nick.c:_register_user(). Fixed
  some bad string handling as well. See comments in bug (#0003907).
* Throw out old USE_POLL code which 1. has no buildsystem support and 2.
  has comments which claim it doesn't work.
* Removed extraneous apostrophe from a module loader error message.
* Added error message for unknown directives in the "files" block
* Remote MOTD support. Not adequately tested. Required restructuring of the
  asynchronous download callback and handler. (#)
* Added some consts throughout url.c, etc.
* Fix segfault where the an include directive specifies a URL and cURL follows
  redirects, resulting in a different resultant URL. The remote includes code
  would look for the an include block using the resultant URL and assume that
  it would be found. The new code searches differently, has new checks, and
  ignores the resultant URL.
* Removed duplicated m_motd() and friends that were both in modules and s_serv.c.
  The copies in s_serv.c (core) were overriding the in-module functions.
* Forgot to commit the REMOTEINC_SPECIALCACHE stuff to config.h which means
  it wasn't actually enabled until now...
* Fix typo
* Fix files::shortmotd to by accepted by unrealircd like the docs say it is.
* Fix remote includes download handling which I broke for remote includes ;-).
* Recursively add more consts.
* Rename configure.in to configure.ac and modernize AC_INIT.
* Handle bad flags in set::ssl::options better (#0003896).
* When removing a SHUN, check if users who were blocked by this SHUN are still
  blocked by another SHUN. Previously, if multiple shuns covered a single user,
  removing one of these shuns would mark the user as un-SHUN-ed. (#0003906)
* Fixed race condition / reference count issue where an outgoing server connect
  would cause the IRCd to crash. Reported by Monk (#0003913).
* Replaced some co...@li... references with bugs.unrealircd.org
* Fixed desynchronized prototype.
* Fixed a few trivial compilation warnings.
* Move configure.ac to the project's root.
* Separate m4 macros into *.m4 files (it is much easier to run aclocal now).
* Remove unused DOMAINNAME macro and --with-hostname= options as the DOMAINNAME
  macro isn't used anywheres and its use shouldn't be encouraged.
* autogen.sh to bootstrap the buildsystem. We now maintain setup.h with autoheader.
* --disable-blah now does the opposite of --enable-blah. The same for --with-blah
  and --without-blah. (This makes Gentoo users happier).
* Attempt to make up for Windows not having mode_t and not complying to POSIX.
* Fix references in src/win32 to aMotd to now be to aMotdFile.
* Fix references to motd and friends in src/win32. (#0003918)
* Remove include/nameser.h and reference to nameser.h from s_bsd.c. The associated
  functionality has been provided by c-ares for a long time.
* Remove remaining nameser.h references from Makfiles.
* Prevent stacked bans (like +b ~q:~q:~n:~c:#chanel) from crashing unrealircd due
  to over-recycling a static buffer. Discovered by syzop.
* helpop documentation for stacked extbans.
* Updated doc/coding-guidelines
* Fixed some odd behavior with SVSMODE and +z/-z, reported by TehRes (#0003498),
  fixed a strange SVSMODE +d <non-number> bug where it would act as a +x too.
* The patch from #0003888 made ./Config favor the curl in /usr, even if it
  was not compiled with c-ares, which is clearly a bad idea as then the
  entire IRCd can hang for several seconds or more...
  We now check if they support asynch DNS, and skip them if they don't.
* Remove extraneous `I' from configure.ac, run ./autogen.sh. (#3930)
* Added some checks in ./Config which (often) ensures that the self-compiled
  curl version is new enough and is not using a c-ares which is binary
  incompatible. If the self-compiled curl version is (too) outdated, then we
  now suggest to rename it and have the installer re-download and compile
  it automatically. This avoids some potential crashes.
* Give more clear error to users who use ``make custommodule'' without
  MODULEFILE. (#3935)
* Support compiling with a bundled c-ares again, the hacky way. (#3931)
* The configure.ac change silently changed the nospoof parameter in
  ./configure. This meant that the answer to NOSPOOF in ./Config was ignored
  and it was always enabled.
* Initialize ARG parameter properly in ./Config, otherwise everything fails.
* Fixed similar bug like nospoof with ./Config, but now with prefixaq.
* Same for IPv6
* Now define _SOLARIS, USE_LIBCURL, and ZIP_LINKS in setup.h instead
  of the Makefiles. This means better automatic rebuilds if the latter
  settings change.
* Updated unreal32docs:
  * Remove browser compatibility listing.
  * Added information about ``oper::password::auth-type sslclientcert''
    and the same for link::password-receive::auth-type.
  * A little bit more of interlinking and using id="" instead of a name=""
  * Some minor tweaks
* Fix the detection for curl-without-c-ares a little (#0003940).
* Add an extban of the schema +b ~j:*!*@* which _only_ prevents a user
  from joining a channel. (#3192)
* Fix src/Makefile's lack of depencencies for modules.c, related to
  #3938.
* Fix a few compiler warnings with some double-casting and another
  const. (#3939)
* Define intptr_t in win32's setup.h. (#3939)
* Upgraded c-ares to 1.7.3. API seems compatible with
  c-ares-1.6.0. (#3932)
* Force compilation with bundled c-ares to statically link using more
  sed hackery in configure.ac.
* Remove extras/c-ares before each time c-ares is compiled.
* Uniform naming for 'stacked extbans' in Changelog/etc.
* Make extended bans documentation more clear by splitting the extbans in
  two groups: one that specifies ban actions (~q/~n/~j) and one that
  introduces new criteria (~c/~r). Also added documentation for ~R which
  does not exist yet, but will soon...
* This is actually an update of earlier code from CVS, but now it works ok:
* Added support for "stacked" extbans. Put simply this allows extban combinations
  such as ~q:~c:#test to only silence users on #test, for example. This feature
  is enabled by default, but can be disabled during ./Config -advanced.
  This feature was suggested by Shining Phoenix (#0003193), was then coded
  by aquanight for U3.3, and later on backported and partially redone by Syzop.
  Module coders:
  In an extban ~x:~y:something where we call ~x the 1st, and ~y the 2nd extban:
  Since stacked extbans only makes sense where the 1st one is an action
  extended ban like ~q/~n/~j, most modules won't have to be changed, as
  their extban never gets extended (just like ~c:~q: makes no sense).
  However, you may still want to indicate in some cases that the extban your
  module introduces also shouldn't be used as 2nd extban.
  For example with a textban extban ~T it makes no sense to have ~n:~T.
  The module can indicate this by setting EXTBOPT_NOSTACKCHILD in
  the ExtbanInfo struct used by ExtbanAdd().
  For completeness I note that action modifier extbans are indicated by
  EXTBOPT_ACTMODIFIER. However, note that we currently assume all such
  extbans use the extban_is_ok_nuh_extban and extban_conv_param_nuh_or_extban
  functions. If you don't use these and use EXTBOPT_ACTMODIFIER, then things
  will go wrong with regards to stack-counting.
  Module coders should also note that stacked extbans are not available if
  DISABLE_STACKED_EXTBANS is defined.
* Added extended ban ~R:<nick>, which only matches if <nick> is a registered
  user (has identified to services). This is really only useful in ban
  exemptions, like: +e ~R:Nick would allow Nick to go through all bans if he
  has identified to NickServ. This is often safer than using +e n!u@h.
* Added Extended Invex. This is very much like extended bans, in fact it
  supports some of the same flags. Syntax: +I ~character:mask
  Currently supported are: ~c (channel), ~r (realname) and ~R (registered).
  This can be useful when setting a channel invite only (+i) and then
  setting invite exceptions such as +I ~c:#chan (or even ~c:+#chan), while
  still being able to ban users.
  Because action modifiers (~q/~n/~j) make no sense here, extended invex
  stacking (+I ~a:~b:c) makes no sense either, and is not supported.
  Suggested by DanPMK (#0002817), parts based on patch from ohnobinki.
  Module coders: set EXTBOPT_INVEX in the ExtbanInfo struct used by
  ExtbanAdd() to indicate that your extban may also be used in +I.
* Invex (+I) now always checks cloaked hosts as well. Just like with bans,
  it checks them also when the user is not currently cloaked (eg: did -x, or
  is currently using some VHOST).
* Fixed client desynch caused by (un)banning, reported by Sephiroth (#2837).
* IPv6 clones detection support (#2321). allow::ipv6-clone-mask determines
  the number of bits used when comparing two IPv6 addresses to determine if
  allow::maxperip is exceeded. This allows an admin to recognize that most
  IPv6 blocks are allocated to individuals, who might each get a /64 IPv6
  block. set::default-ipv6-clone-mask defaults to 64 and provides default
  value for the allow blocks.
* Upgrade to tre-0.8.0, adding hack similar to the one for c-ares to
  ensure that the bundled tre is compiled against even when a system
  libtre is installed. (#3916)
* Install ircdcron scripts. (#2620)
* Autogenerate ircdcron/ircd.cron based on ./configure settings.
* Get rid of any setsockopt(IPV6_V6ONLY) errors in ircd.log (#3944).
* Actually initialize m_starttls when it's included into commands.so.
* Prepend a `0' to the begining of --with-permission, working around a
  Mac OS X bug and hiding the fact that chmod()'s params are octal
  from users. (#3189)
* Warn users against running UnrealIRCd as root without setting
  IRC_USER. (#3053 reported by Stealth)
* Remove snomasks upon deopering when it seems like the user shouldn't
  have snomasks. (#3329)
* Fix /msg IRC WHOIS response for persons with secure connections. (#3947)
* Fix segfault by checking if RESTRICT_USERMODES is NULL in the code
  for bug #3329.
* Don't use sys/errno.h, as it's not POSIX and breaks on QNX-6.5.0. (#3955)
* Fixed another compile problem on QNX, reported by chotaire (#3955 too).
* Fixed incorrect messages regarding clock going backwards on QNX 6 and
  later, reported by chotaire (#0003956).
* Reverted an IPv6/Config fix I did on July 17. Reported by chotaire (#3958).
* Document the badword block more explicitly and clearly. (#3959)
* Add the m_nopost module written by syzop and compile it into
  commands.so. This module was written to help IRCd maintainers deal
  with some sort of ``XPS'' attack in which javascript-initiated HTTP
  POST form submissions were able to act as dummy IRC bots. These
  simple bots were the cause of much spam. Note that enabling NOSPOOF,
  which was the default on Windows and is now also the default on *NIX,
  already stops the troublemakers from getting on IRC. However, the nopost
  module kills them right away, rather than have them idle for 30 seconds
  which could consume all your connections, preventing (legit) users
  from being able to connect (#3893).
* Add a modules section to the documentation. This was created to put
  all documentation specific to the m_post module in one, easy to find
  place. The documentation on m_post is likely incomplete, however.
* Fixed notices to opers about server delinks not being broadcasted to all
  other servers if they were on SSL links. Reported by chotaire (#0003957).
* SSL errors are now more descriptive. In some cases, like server to server
  links it was still showing 'Underlying syscall error', this has now been
  replaced to show the actual (surprise!) underlying syscall error instead.
  Reported by vonitsanet, patch from ohnobinki (#0003157).
* Fix ordering of ``9. FAQ'' and ``10. Modules'' in HTML docs.
* Always display the real host of successful OPERing up. Reported by
  Josh. (#3950)
* Fixed braindamage in stacked bans.
* Add m_nopost to makefile.win32 in the hopes that it may work (#3961).
* Document spamfilter 'warn' action in unreal32docs.
* Fix missing OperOverride notices for +u and +L if not chanowner, reported
  by Mareo (#0003358), partial patch from goldenwolf.
* Updated doc/compiling_win32.txt with current free MS SDK information,
  patch from goldenwolf.
* And another m_nopost makefile.win32 fix.
* Some small updates to the extended channel mode system: it now has minimal
  support for 'local channel modes'. This is really only meant for channel
  mode +Z (upcase z), see next.
* Added Channel Mode Z which indicates if a channel is 'secure' or not.
  This mode works in conjunction with +z (lower case z).
  If +z is set ('only secure users may join'), then the IRCd scans to see
  if everyone in the channel is connected through SSL. If so, then the
  channel is set +Z as well ('channel is secure').
  Whenever an insecure user manages to join, the channel is -Z. And whenever
  all insecure users leave, the channel is set +Z.
  The 'insecure user being present in a +z channel' can be because:
  - An IRCOp joined the channel, and he's not secure
  - When servers link together and a user on the other side is not secure
    This only happens on net merge (equal time stamp).
    On different time stamp, we still kick insecure users on the new side.
  - At the time when +z is set, there are insecure users present.
  This feature was implemented after a heavy discussion in bug #3720 by fez
  and others, and was suggested by Stealth.
  Tech note: +Z/-Z is handled locally by each server. Any attempt to
  remotely set +Z/-Z (eg: by services) will be ignored.
* As mentioned above, +z can now be set even if any insecure users are
  present. Previously, this was not permitted. Now, as soon as the last
  non-SSL user leaves, the channel will be set +Z.
* An oper not connected through SSL previously had to /INVITE himself
  to a channel and then /JOIN the channel with the key 'override'.
  This 'override' key is no longer required, a simple JOIN will suffice.
* Sorted channel modes in /HELPOP ?CHMODES
* Re-enabled 'fishy timestamp' errors in MODE. For some reason this was
  commented out, even though the (more annoying and less useful) code in
  JOIN was enabled so that did not make a lot of sense. It also now logs to
  ircd.log (or whatever you configure). This enables people to easier find
  the cause of any timestamp issues (which usually is badly coded services).
* Win32 installer: Make it so a user can no longer accidentally check both
  'install as service' and 'encrypt SSL certificate', as they are
  incompatible (a service cannot ask a user to enter a password).
  Reported by HotFusionMan (#0003848).
* Win32 installer: Fixed long outstanding problem with some Vista / Windows 7
  installations, which has to do with file permissions of the Unreal3.2
  folder. Symptoms were error messages such as:
  Unable to create file 'tmp/10D9D743.commands.dll': Permission denied
  But also failing to create SSL certificates, nothing being logged, etc.
  This is now fixed by setting write access on the Unreal3.2 folder to the
  user running the install, unless the user chooses not to use this new
  option (it can be unchecked), in which case the user is warned that he
  should take care of this himself.
  Reported by various persons, special thanks to Bock and goldenwolf for
  helping us to track down this issue (#0003943).
* Little tweak to +Z: when the last insecure user parts and the channel is
  set +Z (secure), the parting user saw the MODE too, which was silly.
  Reported by Robby22 (#0003720).
* Added '/REHASH -global' command which will rehash all servers on the
  network. You can also specify options like '/REHASH -global -motd' to
  rehash only the MOTD/RULES/etc. Just like /REHASH <servername> this is a
  NetAdmin-only command. This command is fully backwards compatible with
  older UnrealIRCd version in the sense that it will also REHASH old
  Unreal's. Suggested by 'P' in #0001522.
* Clarified the difference between 'except ban' (which exempts from KLINE
  and ZLINE) and 'except tkl' (which can exempt from GLINE, GZLINE, SHUN,
  QLINE and GQLINE). Reported by Digerati (#0002535).
* Added except tkl::type 'all', which exempts from all TKL types (except
  KLINE).
* Added set::options::allow-insane-bans which makes it possible to set
  really broad bans such as *@*.xx. Needless to say this can be very
  dangerous. Reported and patch provided by Stealth (#0003963).
* Windows: When trying to load a module (DLL) windows can give us the
  mysterious error 'The specified module could not be found' even though the
  file exists. This usually means that it depends on another DLL, but
  apparently Microsoft decided not to mention that in the error message.
  We now append some small text when such an error happens, saying that it
  could be because of a missing dependency. Reported by Phil.
* Fixed Windows compile problem with current CVS due to m_issecure,
  reported and fix provided by therock247uk (#3970).
* Added release notes.
* Error on zero sendq in class::sendq, reported by jonbeard.
* Fix return values in src/auth.c on Win32.
* Win32: Attempt to move to 100% winsock2 (the include, to be precise),
  this means includes have to be in a very particular order (!)
* Win32: #define _WIN32_WINNT 0x0501 and force our own inet_ntop/pton,
  otherwise you get an ntop runtime error on XP and earlier.
* Win32: Get rid of c-ares includes and library in our tree, and use the
  DLL instead of static LIB, just like we do for ssl and zlib.
* Win32: Get rid of TRE lib and includes
* Win32: reorder includes to fix winsock errors with curl
* Win32: show missing /INFO in GUI
** 3.2.9-rc1 release **
* Enable parallel building of modules.
* Fixed bug with curl not finding libcares, reported by katslaw.
* Added workaround for 'curl-config' depending on 'bc'.
* Fix typo 'alias::spampfilter' in German docs, reported by seraphim (#3978).
* Fix missing #include <stdint.h>. Fixes compile error on OpenBSD
  reported by CuleX (#3977).
* Fix invalid use of 'wc -l' when detecting the AsynchDNS feature of
  libcurl which breaks compilation on FreeBSD; instead use 'grep
  -q'. Reported by Jobe (#3981), solution proposed by satmd.
* Fix bundled TRE compilation error on OpenBSD with pkg-config-0.21
  where pkg-config can't find 'tre.pc'. Reported by CuleX. (#3982)
  Also properly escape the sed expression used in the pkg-config call.
* Fix remote MOTDs for URLs whose path components contain
  subdirectories, in the process much simplifying my remote MOTD
  code. Reported by goldenwolf (#3986).
* Windows installer: if an SSL certificate already exists, then don't check
  the 'create SSL certificate' by default. Patch from goldenwolf (#3965).
* Update doc/compiling_win32.txt a bit (#3975).
* Updated credits a bit (#3980).
* Fix set::ssl::options::no-starttls not being recognized.
* Fix pointer handling in remote MOTD code, fixing a crash on REHASH
  reported by goldenwolf (#3992).
* Bump server protocol version to 2310, due to the various changes and so
  you can use deny link { } blocks if you want to deny older versions than
  this release.
* Fix documentation about channel mode +t and halfops, thanks warg (#4007).
* Fix empty/nonexistent short MOTD being shown instead of the full
  MOTD on user registration. Thanks WakiMiko (#4011).
* Module coders: Added HOOKTYPE_HANDSHAKE which is called before the client
  handshake, IOTW: as soon as the connection is established. This can be used
  to do things prior to accepting any commands, such as sending some text.
* Moved from cvs to hg (thanks binki!), this means cvs from this point in
  time should no longer be used (the lastest CVS version will not compile,
  this has been done on-purpose).
  The new way to access the development version of UnrealIRCd is:
  hg clone http://hg.unrealircd.org/unreal
  If you get something like 'hg: command not found' then you need to
  install mercurial. Most *NIX systems have such a 'mercurial' package,
  but if you don't, or you are on Windows or Mac OS X, then grab it at
  http://mercurial.selenic.com/
* Updated doc/compiling_win32.txt a bit.
* The unreal32docs translations in Greek, Spanish and Dutch are marked as
  out of date.
* CRLF conversion of unreal32docs.gr.html
* Zip links: once a link was zipped, the error message when closing the
  connection was never actually sent (due to buffering). Hence, things like
  the /SQUIT reason was never seen on the other side (just 'server closed
  the connection'). This has now been fixed.
* Fix compile failure introduced by last change when zip links are
  disabled.
* Check that the automatically-generated cloak keys fit unrealircd's
  own criteria before printing them out. (#4017)
* Added aliases/atheme.conf, provided by katsklaw (#0003990).
* Support installing the ircd binary for people who set
  --with-spath=<dpath>/bin/ircd.
* Add missing quotation to doc/help.fr.conf (#4026 by MewT).
* Remove temporary message (Unreal3.2.1) regarding cloaking modules.
* Add a self-documented and commented files {} block to example.conf.
* Another fix-for-fix of zip links buffering from a few weeks ago.
  Reported by fbi (#0004030).
* Win32: fix rehash from the command line not working, reported by Platzii
  (#0004028).
* Update curl-ca-bundle.crt
** 3.2.9-rc2 release **
* Updated credits (donations)
* Updated credits (supporters, coders)
** 3.2.9 release **

- --
Bram Matthys
Software developer/IT consultant        sy...@vu...
Website:                                  www.vulnscan.org
PGP key:                       www.vulnscan.org/pubkey.asc
PGP fp: BBBC E14E 3D9B 3655 7BE1 24A0 E3A8 A873 9DF4 E5AF
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)

iD8DBQFOtVEX46ioc5305a8RAjPOAKDgvJwR0i2l0PAoSH9UEziPngnjiwCff6YA
Uy485DnKUbJmub3X6eCICeo=
=ZPW8
-----END PGP SIGNATURE-----

Re: [Unreal-users] Custom oper flags

[Nathan P. B. <ohn...@oh...>]

On Wed, Sep 01, 2010 at 03:39:01PM -0700, James Hozier wrote:
> In the oper block of the .conf you can add something like "netadmin" for an oper user and it will give them a whole bunch of flags by default. Same as if you gave a user mode +O or something, it'll give them a whole bunch of other + flags automatically.
> 
> How do I make my own oper flags, like if I put "supporter" in the oper bock of the .conf, it'll already include the flags that I specify by default like "netadmin" has flags by default, and if I give a user +T (which is unused in 3.2.1 right) it will add a whole bunch of other + flags for this user I put +T mode.

I'm pretty sure it's not possible to define your own oper levels without modifying unrealircd's sourcecode yourself, which we do not support. Same with adding usermodes.

It'd make much more sense to me to just use the existing netadmin oper level and /oper for opering up instead of adding a usermode.

Also, why are you still using 3.2.1? :-p

-- 
binki

Look out for missing apostrophes!

[Unreal-users] Custom oper flags

[James H. <gui...@ya...>]

In the oper block of the .conf you can add something like "netadmin" for an oper user and it will give them a whole bunch of flags by default. Same as if you gave a user mode +O or something, it'll give them a whole bunch of other + flags automatically.

How do I make my own oper flags, like if I put "supporter" in the oper bock of the .conf, it'll already include the flags that I specify by default like "netadmin" has flags by default, and if I give a user +T (which is unused in 3.2.1 right) it will add a whole bunch of other + flags for this user I put +T mode.


      

[Unreal-users] Custom oper flags

[James H. <gui...@ya...>]

In the oper block of the .conf you can add something like "netadmin" for an oper user and it will give them a whole bunch of flags by default. Same as if you gave a user mode +O or something, it'll give them a whole bunch of other + flags automatically.

How do I make my own oper flags, like if I put "supporter" in the oper bock of the .conf, it'll already include the flags that I specify by default like "netadmin" has flags by default, and if I give a user +T (which is unused in 3.2.1 right) it will add a whole bunch of other + flags for this user I put +T mode.


      

[Unreal-users] countermeasures

[Bram M. (Syzop) <sy...@vu...>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all,

After receiving many questions of what we are doing with regards to the hack
incident, here's my reply:

First, we now PGP/GPG sign releases. Our GPG key is rel...@un...
(0x9FF03937). When downloading UnrealIRCd you will be given instructions on
how to verify the integrity of the file.

Second, we're now isolating/shielding the main site from the rest, and making
parts unmodifiable, to prevent catastrophes in case of a break-in.

Third, we added several methods of detection when files and other data is
modified.

Fourth, we'll only serve the files from the main site for now. While the
mirror admins did not have any blame in this, it does mean we only have to
protect our own site(s).

And finally we did some other things which I won't mention here.

In short: we've really tightened security since the break-in to make sure this
will never ever happen again. As you may understand, we really can't afford a
repeat of this incident.

On an unrelated side note, I find the claims in various media that this
security incident indicates that Linux and Open Source cannot be trusted and
that Microsoft and closed-software is better really silly. It lacks any
foundation. A hacker, once in, could just as easily have inserted the backdoor
in Windows software. In fact, it is *THANKS* to it being Open Source that this
backdoor got noticed, though - I fully agree - much too late.

- --
Bram Matthys
Software developer/IT consultant        sy...@vu...
PGP key:                       www.vulnscan.org/pubkey.asc
PGP fp: BBBC E14E 3D9B 3655 7BE1 24A0 E3A8 A873 9DF4 E5AF
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)

iD8DBQFMFosK46ioc5305a8RAmDEAKDTuw29yKIBaX5d0ps8HZWh+SZ11ACgwEES
3YAEvVlHmpWtxDSMHlbpvyI=
=1guj
-----END PGP SIGNATURE-----

[Unreal-users] Security: some versions of Unreal3.2.8.1.tar.gz contain a backdoor (trojan)

[Bram M. (Syzop) <sy...@vu...>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all,

This is very embarrassing...

We found out that the Unreal3.2.8.1.tar.gz file on our mirrors has been
replaced quite a while ago with a version with a backdoor (trojan) in it.
This backdoor allows a person to execute ANY command with the privileges of
the user running the ircd. The backdoor can be executed regardless of any user
restrictions (so even if you have passworded server or hub that doesn't allow
any users in).

It appears the replacement of the .tar.gz occurred in November 2009 (at least
on some mirrors). It seems nobody noticed it until now.

Obviously, this is a very serious issue, and we're taking precautions so this
will never happen again, and if it somehow does that it will be noticed quickly.
We will also re-implement PGP/GPG signing of releases. Even though in practice
(very) few people verify files, it will still be useful for those people who do.

Safe versions
==============

The Windows (SSL and non-ssl) versions are NOT affected.

CVS is also not affected.

3.2.8 and any earlier versions are not affected.

Any Unreal3.2.8.1.tar.gz downloaded BEFORE October 11 2009 should be safe, but
you should really double-check, see next.

How to check if you're running the backdoored version
======================================================
Two ways:

One is to check if the Unreal3.2.8.1.tar.gz you have is good or bad by running
'md5sum Unreal3.2.8.1.tar.gz' on it.
Backdoored version (BAD) is: 752e46f2d873c1679fa99de3f52a274d
Official version (GOOD) is: 7b741e94e867c0a7370553fd01506c66

The other way is to run this command in your Unreal3.2 directory:
grep DEBUG3_DOLOG_SYSTEM include/struct.h
If it outputs two lines, then you're running the backdoored/trojanized version.
If it outputs nothing, then you're safe and there's nothing to do.

What to do if you're running the backdoored version
====================================================
Obviously, you only need to do this if you checked you are indeed running the
backdoored version, as mentioned above. Otherwise there's no point in
continuing, as the version on our website is (now back) the good one from
April 13 2009 and nothing 'new'.

Solution:
* Re-download from http://www.unrealircd.com/
* Verify MD5 (or SHA1) checksums, see next section (!)
* Recompile and restart UnrealIRCd

The backdoor is in the core, it is not possible to 'clean' UnrealIRCd without
a restart or through a module.

How to verify that the release is the official version
=======================================================
You can check by running 'md5sum Unreal3.2.8.1.tar.gz', it should output:
7b741e94e867c0a7370553fd01506c66  Unreal3.2.8.1.tar.gz

For reference, here are the md5sums for ALL proper files:
7b741e94e867c0a7370553fd01506c66  Unreal3.2.8.1.tar.gz
5a6941385cd04f19d9f4241e5c912d18  Unreal3.2.8.1.exe
a54eafa6861b6219f4f28451450cdbd3  Unreal3.2.8.1-SSL.exe

These are the EXACT same MD5sums as mentioned on April 13 2009 in the initial
3.2.8.1 announcement to the unreal-notify and unreal-users mailing list.
<http://sourceforge.net/mailarchive/forum.php?thread_name=49E341E0.3000702%40vulnscan.org&forum_name=unreal-notify>

Finally
========
Again, I would like to apologize about this security breach.
We simply did not notice, but should have.
We did not check the files on all mirrors regularly, but should have.
We did not sign releases through PGP/GPG, but should have done so.

This advisory (and updates to it, if any) is posted to:
http://www.unrealircd.com/txt/unrealsecadvisory.20100612.txt

Hope you'll all continue to support UnrealIRCd.

- --
Bram Matthys
Software developer/IT consultant        sy...@vu...
PGP key:                       www.vulnscan.org/pubkey.asc
PGP fp: BBBC E14E 3D9B 3655 7BE1 24A0 E3A8 A873 9DF4 E5AF

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)

iD8DBQFME09+46ioc5305a8RApKHAKCWZNS0tDToLXBZdpQni2VmDq+N3ACgjh5R
MkQ3RNlvQQy0J4gmpBgS0YQ=
=i+W6
-----END PGP SIGNATURE-----

Re: [Unreal-users] Help me, Please i have an error :(

[tabris <ta...@ta...>]

Chat Protect wrote:
>
>
> Hello Admins,
>
> Well, I am a Tech Admin of server Java-Chat with 12000-14000 clients.
> the server version is:Unreal3.2.1.
> i dont have any access to the confinng; SSH, rAdmin, VNC, or other
> option without Addline command.
> 2 ours ago i tried to add Q:line to the confing and i was forgot wrote
> ( ; ) after the reason.בוכה
> Example:
> ban nick {
> mask "www*;
> reason "Not_Allowd"
> };
>
> and when i used rehash, the server show me an Error.
> [00:10:34] -irc.nana.com- *** Notice -- error: unrealircd.conf:1351:
> ban nick::reason missing
> -
> [00:10:34] -irc.nana.com- *** Notice -- unrealircd.conf:1359: unknown
> directive reason
> -
> [00:10:34] -irc.nana.com- *** Notice -- error: 1 errors encountered
> -
> [00:10:34] -irc.nana.com- *** Notice -- error: IRCd configuration
> failed to pass testing
> -
> The server is now runing, but one of some days he make a RESTART.
> i can't going to the servers office because its in the other side of
> my country
> what shoud i do? pleasee help me, its my job :(בוכהצעקה
>
> ------------------------------------------------------------------------
>
>  
>
First, why are you still running 3.2.1? 3.2.8 is current. use it.
Second, using addline is dangerous. if you fsck up, you're lost. Sorry,
but there is no effective 'del line'

go find your netadmin or someone else with shell access to fix it.

[Unreal-users] Security: Buffer overflow in UnrealIRCd when using allow::options::noident

[Bram M. (Syzop) <sy...@vu...>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SECURITY ADVISORY
==================

A serious buffer overflow issue has been discovered in UnrealIRCd. This
issue can cause the IRC server to crash. It is not clear if this issue can
lead to remote code execution.

==[ AFFECTED VERSIONS ]==
This bug can ONLY be triggered if allow::options::noident is in use. By
default, this is not the case, and it's not a very common option to use.
To check for this, you can search for "noident" (without quotes) in your
config files (such as unrealircd.conf). If you don't use this option, you
are safe, and there's no need to upgrade.
If you use the noident option, and you're using Unreal3.2.8 or earlier (this
issue goes back to 3.2beta11), then you are affected.

==[ PROBLEM ]==
A buffer in the code which handles user authorization is copied without
sufficient length checks, causing a buffer overflow.
This bug happens BEFORE the user is online. In other words: even if you have
a password protected server, or only allow certain ip/hosts in, and you use
allow::options::noident, then this bug can still be triggered.

There has been one report of this bug being abused by "bad guys" to crash
the server, so if you're using allow::options::noident then it's highly
recommended to either implement the WORKAROUND or FIX as soon as possible.

==[ WORKAROUND ]==
The workaround is simply to remove noident from the allow::options and /REHASH.
For example, if you have:
allow {
        ip "*abc@*";
        hostname "*abc@*";
        class clients;
        maxperip 3;
        options { noident; }; // MARK
};
Then simply remove the line marked with MARK, and /REHASH the IRCd.

Naturally, if you rely on the noident feature on your network/IRCd, then
this may not be an option for you. Check out the FIX in next section, instead.

==[ FIX ]==
Thanks to having a (partially) modular IRC server, we have created a "hot
fix" utility that will fix the issue WITHOUT requiring a server restart. All
you will have to do is install it and rehash.
This patch can be used on UnrealIRCd versions 3.2.3 - 3.2.8.
If you are using any older version (unsupported), then we suggest you to
upgrade to the latest version or implement the workaround.

*NIX:
 Download and run the hotfix utility, available from these locations:
 http://www.unrealircd.com/upd/unrealpatch328
 http://www.vulnscan.org/unr/unrealpatch328

 EXAMPLE:
 cd ~/Unreal3.2 && wget http://www.unrealircd.com/upd/unrealpatch328 && \
 chmod +x unrealpatch328 && ./unrealpatch328
 (or use 'fetch' instead of 'wget', or any other download utility)

 Alternatively if that did not work, try this .tar.gz:
 http://www.unrealircd.com/upd/qpatch.tar.gz  OR
 http://www.vulnscan.org/unr/qpatch.tar.gz

 Extract it, cd to the qpatch directory and run ./doinstall

Windows:
 Unfortunately, we did not have the resources to make a hotfix utility for
 Windows, so you will have to either implement the workaround or upgrade
 your UnrealIRCd to 3.2.8.1:
 http://www.unrealircd.com/downloads/unreal/win     (Windows)
 http://www.unrealircd.com/downloads/unreal/winssl  (Windows SSL)

==[ NEW VERSION ]==
While for existing installations you can use the FIX as explained above.
For fresh installs, we've released a new Unreal version called 3.2.8.1,
which can be downloaded from http://www.unrealircd.com/

MD5 checksums:
86212ebf6feab6cc57a4ebba99632db2  qpatch.tar.gz
c855fd1fe1cb2f08095bf7cd8f2f1120  unrealpatch328
7b741e94e867c0a7370553fd01506c66  Unreal3.2.8.1.tar.gz
5a6941385cd04f19d9f4241e5c912d18  Unreal3.2.8.1.exe
a54eafa6861b6219f4f28451450cdbd3  Unreal3.2.8.1-SSL.exe

SHA1 checksums:
6654bccd941ea038e9bef847703b25450b739ba1  qpatch.tar.gz
766118e3cdad454dc189a8bb06cbc8ff55cdb7f7  unrealpatch328
363c3c995bb38cf601f409610ce1937a0002c419  Unreal3.2.8.1.tar.gz
d2e73094149bbcc9238b111f12f30fa8f8a463cc  Unreal3.2.8.1.exe
336972a8201a67be2bcbb012f66abd11d19ade46  Unreal3.2.8.1-SSL.exe

==[ TIMELINE ]==
Times are UTC
2009-04-10  Bug reported
2009-04-11  Additional information requested
2009-04-12  Information provided
2009-04-12  Bug traced, working on fix
2009-04-13  Fix & binaries ready. Public announcement

==[ SOURCE ]==
A copy (and any updates) of this advisory is available at:
http://www.unrealircd.com/txt/unrealsecadvisory.20090413.txt

- --
Bram Matthys
Software developer/IT consultant        sy...@vu...
PGP key:                       www.vulnscan.org/pubkey.asc
PGP fp: 8DD4 437E 9BA8 09AA 0A8D  1811 E1C3 D65F E6ED 2AA2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)

iD8DBQFJ4zy/46ioc5305a8RAnbbAKDX3HozENd0K21GSEZAJc++r21SoACfU/EA
sv2ogZP9Ui9c5Akh4zL7nw0=
=L/Om
-----END PGP SIGNATURE-----

[Unreal-users] Unreal3.2.8 released

[Bram M. (Syzop) <sy...@un...>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It has been 1.5yrs since last release, and quite some things have changed.
Stskeeps has left the UnrealIRCd project [1], and Unreal4 (and it's
based-on-InspIRCd idea) is dead.
The story of Unreal3.2, however, continues (at a slow pace): we bring you a new
UnrealIRCd version, 3.2.8, in which we have added a few new features, some
innovative like watch away notification, and have fixed some major bugs / added
some important workarounds such as slow spamfilter detection(&removal) and
detection of time shifts. In total this release consists of over 70 changes.
See the Release Notes below for more information.

 Unreal3.2.8 Release Notes
 ==========================

 ==[ GENERAL INFORMATION ]==
 - If you are upgrading on *NIX, make sure you run 'make clean' and './Config'
   first, before doing 'make'
 - The official UnrealIRCd documentation is doc/unreal32docs.html
   online version at: http://www.vulnscan.org/UnrealIRCd/unreal32docs.html
   FAQ: http://www.vulnscan.org/UnrealIRCd/faq/
   Read them before asking for help.
 - Report bugs at http://bugs.unrealircd.org/
 - When upgrading a network, we assume you are upgrading from the previous
   version (3.2.7). Upgrading from 3.2.6 or 3.2.5 should also be no problem.
   However, if you have a network running with servers that are several versions behind
   (eg: 3.2.1) then you might experience small (desynch) problems.
   Please also minimize the time you have multiple versions running, a few days or
   one week is generally not a problem, but having mixed versions on a network for several
   weeks or months is not recommended.
 - The purpose of the sections below (NEW, CHANGED, MINOR, etc) is to be a SUMMARY of
   the changes in this release. There have been 70+ changes, and trying to mention them
   all would be useless, see the Changelog for the full list of changes.

 ==[ NEW ]==
 - set::level-on-join: this defines which privileges a user receives when creating a
   channel, default is 'chanop', the only other available setting is 'none' (opless).
 - Away notification through WATCH: This allows clients to receive a notification
   when someone goes away or comes back, along with a reason, a bit like IM's.
   There's probably no current client supporting this but it would be a nice feature
   in notify lists. Client developers: see Changes file for full protocol details.
   This feature can be disabled by setting set::watch-away-notification to 'no'.
 - Spamfilter: Slow spamfilter detection: For each spamfilter, Unreal will check,
   each time it executes, how long it takes to execute. When a certain threshold is
   reached the IRCd will warn or even remove the spamfilter. This could prevent a
   spamfilter from completely stalling the IRCd. Warning is configured through
   set::spamfilter::slowdetect-warn (default: 250ms) and automatic deletion is
   configured by set::spamfilter::slowdetect-fatal (default: 500ms).
   You can set both settings to 0 (zero) to disable slow spamfilter detection.
   This feature is currently not available on Windows.
 - SSL: set::ssl::server-cipher-list can be used to limit the allowed ciphers
 - SSL: To specify when an SSL session key should be renegotiated you can use
   set::ssl::renegotiate-bytes <bytes> and set::ssl::renegotiate-timeout <seconds>.
 - UHNAMES support: This sends the full nick!ident@host in NAMES which can be
   used by clients for their IAL. mIRC, Klient, etc support this.
 - There have also been some behavior changes, which can be considered NEW, see
   next section (CHANGED).

 ==[ CHANGED ]==
 - IPv6: On IPv6 servers you no longer have to use ::ffff:1.2.3.4 IP's for IPv4 in the
   config file, you can use the simple 1.2.3.4 form, as they are converted automatically.
 - When someone is banned and /PARTs, the part reason (comment) is no longer shown
 - ChanMode +S/+c: now strips/blocks 'reverse' as well
 - Smart banning is now disabled by default because it was too annoying, this means that
   f.e. if there's a ban on *!*@*.com then you can still add a ban on *!*@*.aol.com
 - except ban { } now also protects against ZLINEs and ban ip { }
 - Modules: user modes and channel modes without parameters (eg: +X) no longer have
   to be PERManent, this means they can be upgraded/reloaded/unloaded on-the-fly.

 ==[ MAJOR BUGS FIXED ]==
 - Zip links issue (Overflowed unzipbuf)
 - Crash issue with 3rd party modules that introduce new channel modes w/parameters
 - Mac OS X: Various issues which prevented the IRCd from booting up
 - Remote includes (constant) crash with new curl/c-ares versions
 - A few rare crash issues, including a crash when linking to another server
 - In case of clock adjustments, the IRCd will no longer freeze when the time is
   adjusted backwards, nor will it incorrectly throttle clients when adjusted forward.
   However, because clock adjustments (time shifts) of more than xx seconds are
   so dangerous (and will still cause a number of issues), big warnings are now
   printed when they happen.
   Morale: synchronize your system clock, or use the built-in timesync feature.

 ==[ MINOR BUGS FIXED ]==
 - CGI:IRC: Several IPv6 issues, both on IPv6 IRCd's and CGI:IRC gateways
 - IP masks in oper::from::userhost sometimes didn't match when they should
 - (G)ZLINE's on IPv6 users were sometimes rejected
 - CHROOTDIR works again
 - OperOverride fixes
 - Throttling is now more accurate
 - And more... see Changelog

 ==[ KNOWN ISSUES ]==
 - Regexes: Be careful with backreferences (\1, etc), certain regexes can slow the IRCd
   down considerably and even bring it to a near-halt. In the spamfilter user target it's
   usually safe though. Slow spamfilter detection can help prevent the slowdown/freeze,
   but might not work in worst-case scenario's.
 - Regexes: Possessive quantifiers such as, for example, "++" (not to be confused with
   "+") are not safe to use, they can easily freeze the IRCd.
 - Suse 10.3 in 64 bit mode (amd64, x64) is known to crash UnrealIRCd on-boot, this is
   likely to be a Suse 10.3 bug as over 3 people reported it with that exact OS / arch.

 ==[ CHANGELOG ]==
 - Fix aquanight's email
 - #0003351 reported by Mareo regarding m_addmotd.so and m_svslusers.so
   not being created
 - Fixed bug in SJOIN, possibly causing things like odd bans showing up in
   some circumstances. Reported by Hurga, patch provided by fbi.
 - Now allowing '1.2.3.4' ips again in IPv6 mode as well (instead of enforcing
   '::ffff:1.2.3.4' ips in the conf, they are now auto-converted to that).
   Based on patch from tabrisnet.
 - Fixed issue where the cgiirc block did not work with IPv6, reported by
   djGrrr, fixed by previous change.
 - Fixed CHROOTDIR, which was broken in 3.2.7: IRC_USER/IRC_GROUP did not work
   properly when CHROOTDIR was in use (#0003454).
 - Fixed oper block bug where ip masks in oper::from::userhost did not always
   work succesfully (ex: 192.168.* worked, but 192.168.*.* didn't). Issue was
   introduced in 3.2.7, reported by tabrisnet (#0003494).
 - CGI:IRC + IPv6: Fixed cgiirc block hostname never matching ipv4 cgiirc
   gateway properly (..again..), this was previously reported by pv2b.
 - CGI:IRC + IPv6: Fixed issue where all cgiirc ipv4 clients were rejected with
   the message 'Invalid IP address', reported by stskeeps (#0003311), nate
   (#0003533) and others.
 - Document CHROOTDIR in unreal32docs, reported by Beastie (#0002446).
 - Fixed Mac OS X issue where "access denied" errors were encountered when
   trying to read unrealircd.conf. All due to strange chmod() behavior. We now no
   longer try to set permissions on Mac OS X. Patch provided by Tibby (#3489).
 - Hopefully fixed 'Overflowed unzipbuf increase UNZIP_BUFFER_SIZE' issue,
   reported by Monk (#0003453). It should be large enough now. Also changed the
   way we deal with this when it happens (if it ever happens again..): we now
   close the server connection, instead of trying to continue, because continueing
   is too dangerous.
 - Remove part reason when user is banned, suggested by vonitsanet (#0003354).
 - Fixed set::modes-on-join: could crash or disfunction with certain
   parameter mode combinations.
 - Minor source cleanup in src/modules/m_map.c, suggested by fez (#0003540).
 - Usermode modules now no longer have to be permanent (#3174), this was
   simply a bug that was introduced when adding remote includes support years
   ago.
 - Channelmode modules without parameters (like: +X, but not: +X 1) no longer
   have to be permanent. Channelmodes with parameters still have to be PERM
   however, and there are currently no plans to change it.
 - Fixed bug (in all Unreal versions) with parameter channelmodes, any 3rd
   party module which adds an extra parameter chanmode could cause crashes.
 - Added set::level-on-join: which level should the user get when (s)he's is
   the first to enter a channel. Currently only 'none' and 'op' are supported.
 - unreal32docs.html: doubt it will help much but at least this makes it a
   little bit more clear (#3548), chatops vs globops.
 - ChanMode +S/+c: reverse is now stripped/blocked as well, because it's
   similar to color, and is just as annoying (..if not worse).
 - So called 'smart' banning is now disabled by default, this means you can
   now set a ban on *!*@*h.com and then later add one on *!*@*blah.com without
   any trouble. Previously the second one was rejected due to the former
   already matching it. To change it back edit the include/config.h setting
   SOCALLEDSMARTBANNING.
 - Fixed (G)ZLINE check.. it was incorrectly rejecting many IPv6 bans.
   Reported by guigui (#0003572).
 - Backport from 3.3 away notification from Oct 2006, this is v0, a further
   patch will follow soon and the numerics will be changed.
 - Ok, finished away notification in WATCH. It now shows the away reasons too.
   This new feature (away notify) is announced in 005 (ISUPPORT) as: WATCHOPTS=A

   Format is: WATCH A +UserOne +UserTwo

   New numerics to cope with away notification in WATCH are:
   RPL_NOWISAWAY: to indicate the user is away _when adding_ it to WATCH list
   RPL_GONEAWAY:  user was not away, but is now
   RPL_NOTAWAY:   user was away, but is no longer away
   RPL_NOWISAWAY: user was away, and still is, but the reason changed
   Example:

   WATCH A +Target
   Request to add user 'Target' to the watch list with away notification

   :maintest.test.net 609 MySelf Target ~blih test.testnet 1204309588 :not here atm
   Reply to watch add: user is online and away, reason is provided

   :maintest.test.net 599 MySelf Target ~blih test.testnet 1204309588 :is no longer away
   User is back (no longer away)

   :maintest.test.net 598 MySelf Target ~blih test.testnet 1204309722 :lunch
   State change: user is now away, reason is provided

   :maintest.test.net 597 MySelf Target ~blih test.testnet 1204309738 :shopping, bbl
   User is still away, but reason changed.

   The syntax for each numeric is:
   <nickname> <username> <hostname> <awaysince> :<away reason>
   In case of 599 (RPL_NOTAWAY) it is:
   <nickname> <username> <hostname> <awaysince> :is no longer away

   For the record, this is all based on a draft from codemastr from 2004, which was
   implemented in Unreal3.3 (devel branch) in 2006. Today, in 2008 it was updated
   with away reason support and backported to Unreal3.2. Because away notification
   hasn't been used until now (due to it only being in Unreal3.3) we felt it was
   safe to break some numerics.
 - Upgraded c-ares to 1.5.1, thanks to aegis for the partial patch (#0003671).
   This also fixed a curl compile/run issue, reported by static-x (#0003545).
 - Added slow spamfilter detection. For each spamfilter, Unreal will check,
   each time it executes, how LONG it takes to execute. When a certain threshold
   is reached the IRCd will warn or even remove the spamfilter. This will prevent
   a spamfilter (regex) from slowing down the IRCd too much, though it's still not
   a guarantee that it will never go to a halt (eg: in case it takes several
   minutes to execute a regex or loops forever).
   Warning can be configured via set::spamfilter::slowdetect-warn (default:
   250 milliseconds) and automatic deletion of spamfilters if it takes too
   long is set through set::spamfilter::slowdetect-fatal (default: 500 ms).
   NOTE: slow spamfilter detection is currently not available on Windows.
   NOTE 2: to disable slow detection you can set the warn and fatal settings
   to 0 (zero). OR to really disable all code, remove SPAMFILTER_DETECTSLOW
   from include/config.h and recompile.
 - Added another Mac OS X hack, such as one that should help against
   'error setting max fd's to 9223372036854775807' which prevents the ircd
   from booting up. Reported by btcentral and Bock. This hack might not be
   totally correct though ;).
 - Limit watch status requests to one per time, more will often flood you off
   and is stupid/useless. Reported by ash11.
 - The OS version output is now taken from uname() at runtime instead of
   'uname -a' at compile time. This fixes bug #1438 and #3320 reported by
   Mouse and Monk, where because of previous behavior the IRCd sometimes would
   not compile in certain environments.
 - configure script is now generated by autoconf 2.61 (was: 2.59), hopefully
   that won't cause any issues, perhaps it even helps to fix some bugs...
 - #0001740 reported by Trocotronic, making the IRCd send ERROR : to all
   links with possible reason for RESTART; like /die does it. [Backport, sts]
 - Added set::ssl::server-cipher-list, #002368 requested by Beastie
   [Backport, sts]
 - Added set::ssl::renegotiate-bytes, set::ssl:renegotiate-timeout, #0002971
   suggested by tabrisnet. Gets activated when >0. Please set sane values.
   [Backport, sts]
 - #0002475 reported by aquanight on detecting \'s in module filenames on
   win32 and not do ./module for it [Backport]
 - #0002172 reported by Stealth, patched by WolfSage, fixing if you have an
   admin block, and forget a semicolon on a line, Unreal will proceed to use
   the block with no error, but the information will be incorrect/incomplete.
   [Backport, WolfSage]
 - #0002833 reported and patched by tabrisnet, implementing UHNAMES
   [Backport, only slightly modified for speed]
 - #0001924 - requested by syzop: Added ./unreal gencloak, which generates
   random keys 10 ~ 20 characters in length (*NIX only). [Backport, aquanight]
 - #0003313 reported by Stealth, regarding not erroring/warning when me::name
   is bigger than HOSTLEN, from now it will error on config read. [Backport, sts]
 - /REHASH -all not case sensitive
 - Win32 makefile: removed /MAPINFO:LINES, since visual studio 2005 and up
   don't support this and will fail to compile UnrealIRCd. This fixes #3680,
   reported by therock247uk.
 - Upgraded c-ares to 1.6.0 (also now using pkg-config).
   If you get a "undefined reference to `clock_gettime'" error, then you
   might consider installing 'pkg-config' on your system, and then simply re-run
   ./Config and make, should fix things.
   TODO: testing! testing! i'd like to be sure this c-ares is stable!
 - Win32 compile fixes.
 - Upgraded c-ares on windows to 1.6.0 as well.
 - Win32: build w/manifest. Looks like Unreal@Win32 now actually works again :).
 - except ban { } is now also effective against Z:lines. It already protected
   when the user was connected, but not once he/she tried to reconnect, this
   is now fixed. Reported several times, last by Stealth in #0003377.
 - Fix crash if settime/expirytime is out of range in TKL, set by another server.
   Should never happen except when using faulty services or when something else
   got horrible wrong (like a date which is 40 years ahead). Reported by
   Darth Android (#0003738).
 - Fix NAMES with UHNAMES support, screwed it up at 'Win32 compile fixes' a
   few lines up...
 - Fix OOB read caused by UHNAMES support.
 - Added some countermeasures against crash-on-boot, #0003725 and #0003653,
   reported by Ablom2008 and mist26.
 - Win32: rebuild TRE for Vstudio 2008 (and ditch C++ / MSVCP... dependency).
 - Added release notes (not finished yet).
 - Added set::watch-away-notification which can be set to 'no' to disable
   WATCH away notification. The default is 'yes' (=enabled).
 - Fixed crash which could happen when rehashing while linking to a server,
   this could be #0003689 reported by Monk.
 - New HOOKTYPE_LOCAL_NICKPASS: the 2 parameters are: sptr (client) and nsptr
   (NickServ client, NULL if not present). You can return 1 (HOOK_DENY) to
   make the IRCd not send IDENTIFY to NickServ. Suggested by tabrisnet
   (#0003739).
 - A notice is now sent when listing spamfilters through /SPAMFILTER just
   like /stats f. Bug #0003752 reported by Strawberry_Kittens, similar to
   #0002533.
 ** 3.2.8-rc1 release **
 - Added documentation for set::spamfilter::slowdetect-warn,
   set::spamfilter::slowdetect-fatal, set::ssl::server-cipher-list,
   set::ssl::renegotiate-bytes, set::ssl::renegotiate-timeout,
   set::watch-away-notification and ./unreal gencloak. Reported by Bock
   (#0003764).
 - set::ssl::renegotiate-bytes: fix when specifying a value such as 10m.
 - './unreal gencloak' now actually works
 - Fix typo in user mode q notice, reported by Strawberry_Kittens and others
   (#0003761). Patch provided by Stealth.
 - Fix for Mac OS X compile problem (in setpgrp), reported by Bock / Jckf
   (#0003767).
 - Possible fix for MAC OS X compile problem
 - Bump docdate..
 - Fixed OperOverride bug: if you are halfop you couldn't -q/-a, reported
   by Strawberry_Kittens (#0003758).
 - Added note to release notes regarding Suse 10.3 on amd64 causing a crash
   on-boot. #0003725, #0003653, #0003791.
 - Updated regex documentation in unreal32docs, it had some incorrect
   statements regarding wildcards. Reported by james2vegas (#0003800).
 - Added some big warnings regarding big timeshifts.
   In the IRCd world correct time is very important. This means that time
   should be correct when the IRCd is booted, either by running ntpd/ntpdate
   on the system or some other synchronization software, or by using the
   built-in timesync feature.
   Whenever the clock is adjusted for more than a few seconds AFTER the IRCd
   has booted, it can lead to dangerous effects ranging from unfair timestamps
   for nicks and channels (and hence the possibility to takeover channels),
   to even completely stalling the IRCd (negative timeshift) or making it so
   nobody can connect anymore due to throttling (positive timeshift).
   We now try to 'fix' the worst effects such as the IRCd freeze and
   throttling. This does not fix the whole problem, so I've added some big
   warnings when the clock is adjusted, including an annoying one every 5
   minutes if the clock was set backwards, until the time is OK again
   (catches up with the original time).
   This fixes #0003230 reported by Stealth, and #0002521 reported by durrie.
 - Throttling time is now more accurate, especially with larger time values
   such as 3 connections per 60 seconds. Previously that -could- result in
   3 per 90 seconds due to timer inaccuracy (which was max <time>*1.5), now
   it would be max 65 seconds (max 5s inaccuracy, lower with lower times).
 - Smallll fix for time shift protection
 ** 3.2.8-rc2 release **
 - Some text fixes regarding time shift feature
 - Fix for compile problem on FreeBSD (and possibly other OS's):
   - When pkg-config is present but does not recognize --static, use
     default c-ares library options.
   - Set default c-ares library options to -lcares on FreeBSD and others.
     Set to -lcares -lrt on Linux (previously was -lcares -lrt for all).
   Thanks to goldenwolf for the bugreport (#0003803) and providing a test-
   shell to trace this issue down.
 ** 3.2.8-rc2 *NIX downloads replaced **
 - 'link xx with SSL option enabled on non-SSL compile' was incorrectly
   printed out as a warning, when in fact it's an error (and was treated as
   such). Same for ZIP on non-zip compile. Reported by Stealth (#0003833).
 - Fixed harmless (but silly) message which happened on every IRCd boot
   (time jump message).
 - Updated credits (donations)
 ** 3.2.8 release **

As usual, you can download UnrealIRCd from http://www.unrealircd.com/

MD5 checksums:
53dd20a7581670997400a74fa0bb674a  Unreal3.2.8.tar.gz
3bc329c9892959df8f40ebc7359110fc  Unreal3.2.8.exe
5246701fcf90bcb8b1bf1c3f18575807  Unreal3.2.8-SSL.exe

SHA1 checksums:
4b03254d5e19b827f0653a083c0b7f895914b8be  Unreal3.2.8.tar.gz
a6c6002b161b623df4e44e2f070b2e80bf2af78c  Unreal3.2.8.exe
26ff2e3aad0dd6638009483696b44fe7c198c355  Unreal3.2.8-SSL.exe

Thanks go to:
* Stskeeps for his work on the UnrealIRCd project over the past 10 years
* All people who reported bugs and contributed by supplying patches
* Everyone who has helped with testing the 3.2.8-RC's

Thanks also to our users (3.2.7 had a new download record of over 200,000),
for keeping UnrealIRCd the #1!

	Syzop / The UnrealIRCd Team.

[1] http://forums.unrealircd.com/viewtopic.php?t=5701 {Stskeeps says goodbye}

- --
Bram Matthys
Software developer/IT consultant        sy...@vu...
PGP key:                       www.vulnscan.org/pubkey.asc
PGP fp: 8DD4 437E 9BA8 09AA 0A8D  1811 E1C3 D65F E6ED 2AA2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)

iD8DBQFJqvLX46ioc5305a8RArurAJ9MX840hCFBMjImxEeTN/X5xZDscACfZE6s
0N2zIGD4oYzg6oUHtZpPhyk=
=67Rx
-----END PGP SIGNATURE-----

Re: [Unreal-users] Spam Spam Spam !! (Was : Re: Unreal-users Digest, Vol 15, Issue 4)

[Homer <ho...@ep...>]

Bram Matthys (Syzop) a écrit :
> done.
>
> Francis wrote:
>   
>> Is it so difficult to allow only mail from subscribers !?
>>     
>
>   

Oh yeah, no spam for two days ;)

Thanks !

(Francis was me on another not-subscribed alias ;))

-- 
-- Homer <ho...@ep...>
-- Membre du Conseil EpiKnet
-- Réseau IRC francophone EpiKnet - www.epiknet.org
-- Les meilleures quotes de l'IRC francophone! - www.iquotes-fr.com

[Unreal-users] testerdetest

[Bram M. (Syzop) <sy...@dd...>]

testtttt
-- 
Bram Matthys
Software developer/IT consultant        sy...@vu...
PGP key:                       www.vulnscan.org/pubkey.asc
PGP fp: 8DD4 437E 9BA8 09AA 0A8D  1811 E1C3 D65F E6ED 2AA2

Re: [Unreal-users] Spam Spam Spam !! (Was : Re: Unreal-users Digest, Vol 15, Issue 4)

[Bram M. (Syzop) <sy...@vu...>]

done.

Francis wrote:
> Is it so difficult to allow only mail from subscribers !?

-- 
Bram Matthys
Software developer/IT consultant        sy...@vu...
PGP key:                       www.vulnscan.org/pubkey.asc
PGP fp: 8DD4 437E 9BA8 09AA 0A8D  1811 E1C3 D65F E6ED 2AA2

[Unreal-users] The knight wore iron armor, visor lowered, a funereal plume on his helmet, and rode a ponderous black horse in silvery netting.

[Haolan M. <Ma...@ki...>]

T-H.E B I+G O,N'E BEF*ORE T'H'E SEPTEM+B+ER.RALLY! 

H+E.R+E WE GO AG,AIN! 
T+H+E MARK,ET IS ABOU,T TO P O,P+, A*N-D SO IS E+X'M*T*! 

Tic-k: E_X_M'T 
F*irm: EXCH.A*NGE M.OBILE T E-L.E (Oth-er O'T.C : EXMT.,PK) 

5+-day potent ial.: 0,.+4_0 
A,s k_: 0*.'1_0 (+2 5.0'0%) ( U*P TO 2.5'% in 1 d'a-y_) 



N-o-t o-n l-y d+o.e.s t-h_i_s f,i,r,m h+a+v-e gre_at fundam+ental*s, 

b+u t gettin+g t h'i-s opportun.it-y at t'h_e r'ight time+, righ't =
befo_re t,h*e ral_ly is w*h,a+t ma*kes t h-i-s d'e*a+l so swee t! 

T+h'i+s a gr-eat opportun-i ty to at leas*t doub*le up!




W-h.a-t a.r*e s,o-m'e g.opher site.s of i_nter'est to hac+kers. 

Ver,ily p,u.t a h_a-n d on A-.rthur's sh oul.der. 
To p_u-t somewh.er*e to be des'troye,d b.ecause n,o.t wante*d. 
It w.a*s desi *gned by somethi'-ng b'eyond t-h-e Po,wers. 
A_n'd e,v+e'n if t,h i-s w_e.r,e t_h_e cas-e, woul'd C.a-t h'a'v e g =
o*n'e to t-h'e tr_ouble to wr'eck ano,ther. 

[Unreal-users] Late

[Veda R. <aim...@du...>]

Have the benefit of the Protection, Good Organization Discounted Prices and
Class Advantage generally trusted Web-Based Canadian Medical Supplies.

We hold over 2000 Label and Broad treatments. We are the chief net-based
medical supply in Canada we are able acquire at the minimum likely prices.
We then forward our funds onto you.

No need to have a doctor direction to buy from our business.

We can even set you up on instant re-purchase so you don't have to agonize
about running out of your medicines.

To start saving now go here:  www.rxforpad.org


[Footnote: sat broadcast The fact that in America the abuses of authority
basket exist in manager spite of the small number of th It was terribly
strange, but is paste now quite comprehensible. Our real innermost concern
weary stuck hematic was to get as m justly start The authorities, those who
have started, devised, and decreed suggest the fallen matter, will say that
such acts ar
 American society was repeat not yet vespine prepared to adopt it connect
with all its consequences. terrible The intelligence of New

[Unreal-users] =?utf-8?b?aW5kaXNwZW5zYWJsZSBwb3VyIGwnIMOpdMOpLi4u?= =?utf-8?q?_le_Pantalon_Thai?=

[Pantalon T. <pan...@gm...>]

Bonjour,
Indispensables pour l été....
Nous vous proposons toute une gamme de promotions sur mesure (à partir de 18 €) parmi nos 12 couleurs estivales, sur nos pantalons confectionnes en Europe pour un 
controle de qualite exceptionnelle et une ethique de fabrication visant à ne pas faire travailler les enfants.
Economisez jusqu'à 38 % en achetant par 3.
Nous vous invitons à parcourir notre page officielle http://www.pantalonthai.com pour toute une presentation photographique et mode d’emploi du pantalon thai.
Pantalon pour les vacances
                        la plage
                        la grossesse 
                        la relaxation
                        les enfants
                        les sportifs
                        la maison
                        la nuit
Nous recherchons des boutiques et des professionnels pour distribuer nos produits partout en France et en Europe. Un lien publicitaire sera ajoute gratuitement sur notre 
page web dans nos points de vente http://www.pantalonthai.com/pdv.htm 
N’hesitez pas à entrer en contact avec nous sur co...@pa...  pour plus d’informations. Nous vous repondrons aussitot.
 
Cordialement,
Sarl Pantalon Thai
www.pantalonthai.com
 
Si vous souhaitez ne plus recevoir d’email de notre part,  cliquez ci-dessous :
http://www.pantalonthai.com/desinscription.htm

[Unreal-users] Gets or sets the text that is selected in the editable portion of a.

[Maor D. <Mao...@gi...>]

H*E.R E WE GO AGAIN+! 
T*H+E B,I-G O+N-E B*EFORE T.H.E SEPT,EMBER.R'ALLY! 

T H,E MARK.ET IS AB_OUT TO P'O,P., A,N-D SO IS E,X-M,T'! 

Firm': E'XCHAN+GE MOBI LE T-E.L,E (O.ther O_T*C*: EXMT. PK) 
Tic,k: E,X.M.T 
A-s+k*: 0-.'1,0 (+25._0 0%) (.U P TO 2,5-% in 1 d'a+y') 

5-d-ay pot+ent_ial: 0,.'4'0 



T h'i,s a g'reat oppo_r tunity to at lea-st dou,ble up!

N*o t o-n*l*y d'o-e*s t*h*i+s f*i'r*m h'a'v-e gr,eat fund,amentals', b,u t gett+ing t h_i's op+portun,ity at t-h-e righ t ti*me, righ*t befor_e t.h'e r,ally is w+h_a_t ma,kes t,h i's d+e+a'l so swee't! 


Wa+tch it s'o a+r,! 


D-raws a but.ton con'trol in t,h,e speci+f.ied stat_e, on t*h,e speci'f-ied g rap.hics sur_fa,ce, a*n.d with,in t+h_e spe cifie'd bound_s. 

N_a_y , g'o,o'd swe*et husban'd. 


T*h.e+y w'e+r'e n'o+t lo+oking at t-h.e all'ocato'rs as s-u*c-h*. 

T'h*e.y k'e p t da+-ncing, a'n-d I re.p+eated it to t'h_e,m+. 

E+a's.y C*D-DA Extr.a,ctor 3.

Re: [Unreal-users] Spam Spam Spam !! (Was : Re: Unreal-users Digest, Vol 15, Issue 4)

[Christian M. <ad...@in...>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
I think so!

Please Allow only Mails from listed Subscribers
or Install any Spam Filters / Greylisting or something.



- --
kind Regards

Christian 'HERZ' Makowski
- -----------------------------------------------------------------
insiderZ.DE - GERMAN IRC NETWORK - Networkadmin Executive (CEO)
URL.: http://www.insiderz.de    eMail:    admin(at)insiderZ.org
- -----------------------------------------------------------------
Key/Fingerprint: 3E25 3083 C936 5D6F F29B E3D1 25E6 1107 DC70 8E73



Francis schrieb:
> moontan a écrit :
>> why am I getting all this junk mail do I need to remove myself to stop
>> getting all this spam?
>>
>>
>>  
>
>
> Yeah.. I already wrote to dev about this and they did nothing, no reply...
>
> Is it so difficult to allow only mail from subscribers !?
>
> I will remove my subscription from this list if this continue.  There is
> nothing to do with a ML that contain 99.9% spam.
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)
 
iD8DBQFGxckAJeYRB9xwjnMRAqjYAJ4ub2Gm/5nC5UQHCon3nhJDojiYywCbBWH7
x/nWa6aGfUcRkOsv/oCQ/8o=
=ojGn
-----END PGP SIGNATURE-----

[Unreal-users] Spam Spam Spam !! (Was : Re: Unreal-users Digest, Vol 15, Issue 4)

[Francis <ou...@fd...>]

moontan a écrit :
> why am I getting all this junk mail do I need to remove myself to stop 
> getting all this spam?
>
>
>   


Yeah.. I already wrote to dev about this and they did nothing, no reply...

Is it so difficult to allow only mail from subscribers !?

I will remove my subscription from this list if this continue.  There is 
nothing to do with a ML that contain 99.9% spam.

-- 
Homer