1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-04 07:43:12 +02:00
Commit Graph

6001 Commits

Author SHA1 Message Date
Bram Matthys 69e651aa40 Running ./autogen.sh helps. 2016-10-30 13:17:43 +01:00
Bram Matthys 2f3c34fe9f Lol. Duh :D 2016-10-30 13:16:45 +01:00
Bram Matthys 45545ac3d2 4.0.8-rc1 2016-10-30 13:04:03 +01:00
Bram Matthys d504fbe04c Send PREFIX= in PROTOCTL to servers (#4772). 2016-10-30 11:56:59 +01:00
Bram Matthys 8e149bd503 Fix potential crash in blacklist module if you have several DNSBLs (#4770). 2016-10-22 09:42:41 +02:00
Bram Matthys abb3e225aa Fix regression caused by 6e4cc3e235 2016-10-21 19:04:03 +02:00
Bram Matthys 23c14e56ad If system-wide cURL is OK for us and user has a previous setting of ~/curl
then change the default value to /usr (or similar) during ./Config and
output a warning.
We do this since system-wide cURL is under almost all circumstances
preferred as it is maintained by your OS/distro and hence receives bug
fixes and security updates on a regular basis (or should, anyway).
Experience shows that ~/curl is rarely kept up to date since "it works".

In the past, many years ago, system wide cURL did not have AsynchDNS.
Nowadays nearly all distros build cURL with some sort of AsynchDNS
which makes things much more useable.
2016-10-21 18:27:01 +02:00
Bram Matthys eabf436c2a Use has_system_cares (=reliable result) rather than with_system_cares (=merely requested). 2016-10-21 18:13:04 +02:00
Bram Matthys ebd6e8e1cd Delete libcares from private lib dir when using system-c-ares. 2016-10-21 17:57:13 +02:00
Bram Matthys f526a485c8 Update configure 2016-10-21 17:51:36 +02:00
Bram Matthys 8859cca6b2 Remove old cares/curl hack. 2016-10-21 17:51:08 +02:00
Bram Matthys c133dfd31e Use system c-ares when available (IOTW: --with-system-cares is the default
and hence we now have --without-system-cares if you don't want this)
2016-10-21 17:46:26 +02:00
Bram Matthys 770bb6ac98 Forgot to commit these files, they belong to the hardening patch. 2016-10-21 17:24:13 +02:00
Bram Matthys 6e4cc3e235 During ./Config when configuring with remote includes support for the first
time (and we need to suggest paths) we no longer suggest ~/curl if system-
curl already provides everything we need.
2016-10-21 17:21:42 +02:00
Bram Matthys d51d23e5cb Until now we refused a build with system-curl without --with-system-cares,
this on the basis that cURL may be using one c-ares version and UnrealIRCd
another c-ares version, something which obviously can lead to failure due
to ABI differences..
Many years have passed since then and cURL is now frequently build with
AsynchDNS support but without the help of c-ares (eg: on Debian). We can
support this configuration without requiring --with-system-cares since
c-ares is not used by cURL and there's no conflict.
2016-10-21 17:15:37 +02:00
Bram Matthys bae1dcf147 For increased security UnrealIRCd is now compiled with several hardening
options by default. This enables full RELRO (GOT and PLT being read-only),
stack protection and address space layout randomization (by enabling PIE,
the actual ASLR is left up to kernel).

Will cleanup some silly stuff later.. and have a go at the libs stuff..
2016-10-20 19:16:18 +02:00
Bram Matthys fd35f965a2 Use dynamic linking for our shipped private libraries (c-ares, tre, pcre2). Work in progress, may revert. 2016-10-20 19:02:55 +02:00
Bram Matthys 9be628450c Moved to https://www.unrealircd.org/docs/Compiling_UnrealIRCd_on_Windows 2016-10-20 09:55:48 +02:00
Bram Matthys 8b21562c37 Replace old reference to use md5, should be bcrypt. + some internal dev stuff (bin/unrealircd -s) 2016-10-19 18:38:07 +02:00
Bram Matthys 2d09d18135 Remove some unnecessary stuff to shave 1Mb off our download (PDF developers documentation in c-ares) 2016-10-09 09:40:46 +02:00
Bram Matthys 7e05a29aca ** 4.0.7 ** 2016-10-09 09:25:12 +02:00
Bram Matthys 4e71b31a29 Update curl-ca-bundle to certificate data from Mozilla as of Sep 14 03:12:05 2016 plus CACERT 2016-10-09 09:22:44 +02:00
Bram Matthys 338d874f75 Module coders: fix silly long-standing bug in MOD_LOAD/MOD_UNLOAD so you can use 'modinfo' again, just like you already could in MOD_INIT. 2016-10-03 16:01:23 +02:00
Bram Matthys b9c5254e2b Merge pull request #57 from binki/unreal40-gitignore
Add editor and ./autogen.sh-generated files to .gitignore.
2016-10-01 11:50:56 +02:00
Bram Matthys 11a510843b Import config settings/modules from earlier versions 2016-10-01 11:48:11 +02:00
Bram Matthys 6d63b39d93 +* Windows: remote includes now support IPv6 2016-10-01 11:29:07 +02:00
Bram Matthys 52df9937be Re-indent / conform to existing code style 2016-10-01 10:20:01 +02:00
Bram Matthys 5bc9b63855 Delayjoin (+D): JOIN user before message and not after. 2016-10-01 10:15:04 +02:00
Bram Matthys 2eafff6a51 On Windows cURL is now built with IPv6 enabled, so use updated library path 2016-10-01 09:46:48 +02:00
Bram Matthys e8272e28c2 Updates for LibreSSL 2.5.0 (hmm should be moved to build options I guess) 2016-10-01 09:45:34 +02:00
Bram Matthys 58f4690b03 Don't overwrite the conf files from #4755 on Windows either. 2016-10-01 08:54:01 +02:00
Bram Matthys 1cd0cdcd18 Use Windows' _stricmp/_strnicmp 2016-10-01 08:50:48 +02:00
Bram Matthys f2d21943fe Bump version to 4.0.7-rc1 2016-09-30 15:53:36 +02:00
Bram Matthys 7aaf14c138 Show PCRE2 version on ./unrealircd start and in /VERSION on IRC if oper. 2016-09-30 15:42:19 +02:00
Bram Matthys fbde68ef4a Update pcre2 library from 10.21 to 10.22 2016-09-30 15:31:08 +02:00
Bram Matthys 74ea7af9b7 Upgrade c-ares library to 1.12.0. Add CPPFLAGS support. 2016-09-30 15:23:34 +02:00
Bram Matthys ea3ac462d1 Don't overwrite spamfilter.conf, badwords.conf and dccallow.conf during
'make install'. Reported by ivanp (#4755).
2016-09-30 13:41:44 +02:00
Bram Matthys 64b5d89a98 Remove support for CHROOTDIR, IRC_USER and IRC_GROUP as these caused too much
code clutter and was broken anyway (especially CHROOTDIR)...
For a CHROOTDIR replacement we suggest using AppArmor, SELinux, FreeBSD jails, ..
For a IRC_USER/IRC_GROUP replacement you can use start-stop-daemon or similar.
2016-09-29 20:12:28 +02:00
Bram Matthys 603adb8ec2 Fix "dh" setting requiring absolute path. Reported by capitaine (#4738). 2016-09-29 19:17:49 +02:00
Bram Matthys a7f98af6ed ./Config may show an empty SSL prompt. Reported by ohnobinki (#4749). 2016-09-29 19:11:31 +02:00
Bram Matthys ee97298f4d Fix bug in duplicate ban detection. With +b ~r:xyz you could not set +b ~R:xyz,
reported by ShaneDiamond (#4712). We now have special handling for extbans.
2016-09-29 19:02:19 +02:00
Bram Matthys b4306842b2 Remove SOCALLEDSMARTBANNING config.h option which nobody uses anyway (for good reasons) 2016-09-29 19:01:48 +02:00
Bram Matthys 490abc76c1 Fix crash due to commit from yesterday 2016-09-27 07:37:09 +02:00
Bram Matthys 2de0c4ec80 Use server-side cipher selection and set a reasonable default ciphersuite list
taking into account compatibility with older clients. See the wiki/docs article
https://www.unrealircd.org/docs/SSL_Ciphers_and_protocols for more information
2016-09-26 16:03:24 +02:00
Bram Matthys 9203ee1748 set::ssl::server-cipher-list is now called set::ssl::ciphers (old name still works too) 2016-09-26 15:01:54 +02:00
Bram Matthys 4fe7203091 Use cipher list for connections to other servers as well 2016-09-26 14:58:16 +02:00
Bram Matthys 7f703d8991 Add the ability to enable/disable TLS versions via set::ssl::protocols
Accepted values are: All (enable all), TLSv1, TLSv1.1, TLSv1.2
You can use + and - modifiers, in fact you are encouraged to.
Example: set { ssl { protocols "All,-TLSv1,-TLSv1.1"; }; };
This will only allow TLSv1.2 at time of writing, and later whenever
TLSv1.3 is released it will allow TLSv1.2 and TLSv1.3.
Note that 'SSLv2' and 'SSLv3' do not exist, as UnrealIRCd 4.x never
supported these old versions (and never will).
2016-09-26 14:47:45 +02:00
Bram Matthys bbca690d48 Fix issue with instable SSL connections on FreeBSD (especially server links)
Reported by CoreDuo and weekend (#4720). Thanks weekend for providing a shell
to debug this issue.
2016-09-26 10:26:47 +02:00
Bram Matthys a9db5b8981 DEBUGMODE: improve freebsd kevent debug messages 2016-09-26 10:23:00 +02:00
Bram Matthys f71b173f07 Turn DEBUG_IOENGINE off by default (and move to include/config.h) 2016-09-17 10:06:33 +02:00