===================================================================
RCS file: /home/cmunk/ircsystems/cvsroot/unreal/Changes,v
retrieving revision 1.1.1.1.2.1.2.1.2.2414
diff -u -r1.1.1.1.2.1.2.1.2.2414 Changes
--- Changes 30 May 2007 21:10:04 -0000 1.1.1.1.2.1.2.1.2.2414
+++ Changes 4 Jun 2007 17:21:12 -0000
@@ -1726,3 +1726,5 @@
"UnrealIRCd is not running" as opposed to "kill: 3426: no such process" etc.
- #0003368 patched by Stealth giving users access to do /module on remote
servers
+- #0002677 reported by aquanight, removing listen::options::remoteadmin,
+ listen::options::mask, set::options::no-stealth
===================================================================
RCS file: /home/cmunk/ircsystems/cvsroot/unreal/Changes,v
retrieving revision 1.1.1.1.2.1.2.1.2.2406
diff -u -r1.1.1.1.2.1.2.1.2.2406 Changes
--- Changes 17 May 2007 11:38:07 -0000 1.1.1.1.2.1.2.1.2.2406
+++ Changes 17 May 2007 13:22:05 -0000
@@ -1710,3 +1710,6 @@
- Added set::ssl::server-cipher-list, #002368 requested by Beastie
- Added set::ssl::renegotiate-bytes, set::ssl:renegotiate-timeout, #0002971
suggested by tabrisnet. Gets activated when >0. Please set sane values.
+- Added set::ssl::dh to indicate DH parameters. These are needed to support
+ DSA certificates and should probably make them work from now on. Code
+ originally by the inspircd team.
===================================================================
RCS file: /home/cmunk/ircsystems/cvsroot/unreal/Changes,v
retrieving revision 1.1.1.1.2.1.2.1.2.2404
diff -u -r1.1.1.1.2.1.2.1.2.2404 Changes
--- Changes 17 May 2007 09:56:42 -0000 1.1.1.1.2.1.2.1.2.2404
+++ Changes 17 May 2007 10:52:33 -0000
@@ -1707,3 +1707,4 @@
through this under load, and speeding up connection).
- IRCd now also sets the &me fd as being non blocking (wasn't before, that
was odd..)
+- Added set::ssl::server-cipher-list, #002368 requested by Beastie
===================================================================
RCS file: /home/cmunk/ircsystems/cvsroot/unreal/Changes,v
retrieving revision 1.1.1.1.2.1.2.1.2.2399
diff -u -r1.1.1.1.2.1.2.1.2.2399 Changes
--- Changes 14 May 2007 14:14:08 -0000 1.1.1.1.2.1.2.1.2.2399
+++ Changes 14 May 2007 14:22:31 -0000
@@ -1692,3 +1692,5 @@
- Changed IRCCommand::friend into IRCCommand::partner
- Removed an odd declaration in common.h regarding find_user_link
- Changed make_virthost prototype to not include a C++ keyword
+- More cleanup - this may potentially break some OS'es, but let us catch
+ this in testing
- DOMAINNAME is removed from ./Config reported by satmd (#0003063).
- THROTTLING and FAST_BADWORD_REPLACE cannot be configured in config.h reported by raymondvrolijk (#0002937).
- /sqline supports sqlining for channels. #*ble* will forbid channels and *ble* will forbid only nicks (not channels).
Forbid message showed by numeric ERR_FORBIDDENCHANNEL (448) reported by aragon and Jase (#0000935, #0003012).
- conf_deny NOTICE message is replace by ERR_FORBIDDENCHANNEL.
- Fixed set::dns::bind-ip directive seen as duplicate, reported by aegis (#0003074).
- set::dns::* block is now no longer mandatory. All info has always been read from
/etc/resolv.conf (*NIX) or the registry (Win32), and the set::dns block is ignored
(except for set::dns::bind-ip, but that's a special case). Suggested by many including
djGrrr to make things slightly more logical (#0003019).
- As a consequence of the above, set::dns blocks were removed from doc/example*conf.
- Added two more characters to Catalan charset, reported by rmh (#0002995).
- Added set::pingpong-warning [yes|no] which decides whether to send the "** If you are
having problems connecting due to ping timeouts, please type /quote pong .." message
to each client when NOSPOOF is enabled (usually on Win32). The default is NO.
Previously this message was always sent if NOSPOOF was on, which often caused
confusion among users. The message was intended for non-confirming clients, but these
should be fixed by now, and those that were not fixed (self-made bots/etc) did often
not understand the message anyway. Anyway, you can still turn it on ;). (#2680).
As a consequence of this the last parameter you get in your hook is now 'oldnick' rather
than 'newnick'. So the new nick is in sptr->name now and oldnick in last parameter.
- Added HOOKTYPE_PRE_CHANMSG, this should now be used for blocking/morphing text.
It has the parameters: sptr, chptr, text, notice
- HOOKTYPE_CHANMSG now no longer allows one to block the text (use HOOKTYPE_PRE_CHANMSG for
that). It's also moved to after the message was actually sent.
- Added HOOKTYPE_KNOCK (sptr, chptr)
- Added HOOKTYPE_MODECHAR_FIXME. Internal for now, will be replaced with a proper
HOOKTYPE_MODECHAR later (and arguments will change). It's just an internal hack for
chmode +f for now ;).
- Updated indent.pro to use length=110. It still does not indent how I want it to be though,
so don't use it yet ;).
- Moved channel mode +f to src/modules/chanmodes/chmode_f.c, interestingly enough this took
longer than recoding extcmodes paramter support and moving chan mode +j.
It's not only looking like a complex channel mode, it actually *IS* one ;).
TODO: make sure it actually works, and fix sjoining (partly not implemented yet->crash) ;p
in a netjoin when there was no need to (nothing to synch).
- Added spamfilter::except which allows you to specify targets
(eg: channels) where spamfilter should not take action. Requested by Fury
(#0001586). Ex: set { spamfilter { except "#spamreport,#help"; }; };
- Fixed a few wrong macro's (ircstrdup/ircfree) in s_conf.c causing
very weird behavior... This also fixes a bug where set::spamfilter::ban-reason
would have the value of ban-time.
- Improved spamfilter again.
- The new syntax is:
/spamfilter [what] [type] [action] [tkltime] [reason] [regex]
[tkltime] specifies the duration of any *lines placed by this rule.
[reason] specifies the *line, kill and/or block reason.. no spaces
allowed, but '_' will be escaped to a space.
In both cases you can simply use '-' to skip and use the default.
Ex: /spamfilter add p block - - Come watch me on my webcam
/spamfilter add p gline 3h Please_go_to_www.viruscan.xx/
nicepage/virus=blah Come watch me on my webcam
- A message is now shown if the msg/notice/dcc is blocked.
- There are 2 new spamfilter action types:
'dccblock' will mark the user so (s)he's unable to send any files by DCC.
'viruschan' will part the user from all channels and join
set::spamfilter::virus-help-channel (default: #help).
this action might be improved to do more later.
- Internal: added EXTTKL PROTOCTL, this determinates if 10 parameters
instead of 8 are supported for m_tkl (used by spamfilter add).
This new system needs some testing... :)
If set to 'yes' or '1' it will strip all part comments,
if set to something else it will use that as a part comment.
- Partial cleanup of m_part (hopefully I didn't destroy anything).
- Minor stats compile warning fixed
- Added 'action' field to ban version { } which can be: kill: kills the user (default),
tempshun: shun the specific connection only, kline/zline/gline/gzline/shun: place
a ban on *@IP. Time of those bans can be specified in set::ban-version-tkl-time.
It's up to the admin to take a good decision, sometimes zlines are best (=won't use
much sockets but will reconnect quite quickly), sometimes tempshun (=will use 1 socket
but generates nearly no network traffic), sometimes klines/glines, etc..
- Added checks for /sethost&/chghost to same host.
- Added remove-chanmode-after-X-minutes in +f.
The format is +f [30j#R5]:15, where 5 is the "do -R after 5 minutes". For a default
action like +i you would have to do the same: +f [30j#i5]:15 (remove 'i' after 5 minutes).
Additionally, 2 config items are added:
- set::modef-default-unsettime, if this is set to for example '5' then things like
+f [30j]:15 will be transormed into +f [30j#i5]:15. It's just a default, the user can still
override it. By default this feature is not used.
- set::modef-max-unsettime, specifies the maximum amount of time for the <time> parameter,
by default this is set to 60 (=1 hour), the value should be between 0 and 255.
I didn't do the extended tests I usually do but it seems stable, also the docs are updated
but are probably updated again later to make it a bit more readable.
Feel free to report any bugs as soon as you discover them.
The only thing I could think of is: _usually_ only 1 server will have the -i/-R/.. timer
running, so if that server splits (or even worse dies) it will only be -i/-R/.. at that server
and when they sync back they merge chanmodes so +i/+R is set again.
I don't consider this a huge problem but maybe it can be inconveniently, if people have
a lot of trouble with this I'll have to consider a 50% recode of the +f system :/.
===
- Internal code cleanups: EOS var rename, got rid of old UnknownUser structs, moved
anti away flood to new flood struct.
- Changed away flood configuration to set::anti-flood::away-flood <count>:<period>.
- Added nickflood protection, can be set in set::anti-flood::away-flood <count>:<period>
to allow max 'count' nickchanges per 'period' seconds. The default is 3 per 60s.
As usual, the nickchange limiting does not apply to ircops.
This is more usefull than the no nameserver + useip solution since with this no resolving
is done for incomming clients, but connecting to other servers (with hostnames) still works fine ;P.
+ fail-if-no-clientcert - If SSL client connects and doesn't provide a client certificate, abort connection immediately
+ verify-certificate - Check the certificate's validity using X509 methods, check if we trust CA's, etc.
+ It however does slip self signed certificates through UNLESS
+ no-self-signed - Don't allow self-signed certificates through (requires verify-certificate)
+- Made conf parser mention if we make a link->options with CONNECT_SSL if we don't support SSL (and remove the CONNECT_SSL flag)
+- Made conf parser mention if we make a SSL listener and we don't support SSL
+- Added set::ssl::trusted-ca-file, if enabled, it will point the SSL stuff to use that file as trusted CA's (for verify-certificate)
+- Made conf _not_ bitch that it doesn't know set::ssl
+- Removed some leftover client certificate stuff
this allows the admin to decide a standard custom quit for users. so they
won't be able to make their own quits. This affects set::prefix-quit and
ANTI_SPAM_QUIT_TIME - it simply replaces it with the message if enabled