1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-06-29 21:16:38 +02:00
Commit Graph

1985 Commits

Author SHA1 Message Date
Bram Matthys 5a02d4f52c Get rid of the *@unrealircd.com mask in the example vhost as it is commented out
now anyway. And thus, get rid of the related comment as well.
2025-09-28 10:41:00 +02:00
Bram Matthys e78a6a6dbf isupport & extended-isupport module, work in progress.
This is mostly from Valware PR https://github.com/unrealircd/unrealircd/pull/310
Will do more changes in later commits..
2025-09-20 14:34:28 +02:00
Bram Matthys f22f8d0dcd Add set::utf8-only: if set to 'yes' this means all IRC traffic is UTF only.
See https://www.unrealircd.org/docs/Set_block#set::utf8-only and the
UTF8ONLY specification at https://ircv3.net/specs/extensions/utf8-only
for more information.

Reported by PeGaSuS, who reported it based on a #unreal-support message
from uMut, who reported it based on a message from itsonlybinary.
This closes https://bugs.unrealircd.org/view.php?id=6458

This feature still needs to go through our internal tests.
2025-09-20 09:00:52 +02:00
Bram Matthys 0c17276039 Move https_new_ctx() from src/url_unreal.c to src/tls.c so it is
always available (also w/cURL) so it can be used by the crash
reporter. And delete duplicate code crashreport_init_tls()
function since it is now unused.

As always, duplicate code causes problems when one is changed and
the other is not. This also happened here, where the curves or
TLS groups where set in url_unreal but not in the crash reporter.
Now that one is minor, but the danger is clear.
2025-09-17 19:57:03 +02:00
Bram Matthys 1685d5243f Write some early release notes
[skip ci]
2025-09-17 13:05:00 +02:00
Bram Matthys b2d0ec1af3 Move/add local_port & server_port to ModData, so remote clients can be tracked.
This is sent over the wire as early moddata, just like "operlogin" and "operclass"
2025-09-14 17:03:34 +02:00
Bram Matthys f73dbfd7ee Remove previous UnrealIRCd PGP key from doc/KEYS (key expired and succeeded) 2025-09-14 15:41:54 +02:00
Bram Matthys 13217cc6ff Bump version to 6.2.1-git 2025-09-14 14:57:43 +02:00
Bram Matthys 9042dd21c0 ** UnrealIRCd 6.2.0.2 ** 2025-09-14 14:21:47 +02:00
Bram Matthys 4cc51af280 ** UnrealIRCd 6.2.0.1 **
This version (only) fixes some incorrect "best practices" warnings
2025-09-12 07:55:33 +02:00
Bram Matthys 74538e77d4 Another best practices fix: this one is with listen-nontls-port.
It could cause a spurious
"Your config has NO errors, but you received some best practices tips above, in summary"
even though no best practices were displayed... which was a bit mysterious.

Also, ::listen-nontls-port was actually meant to be called ::listen-tls-only
so accept both forms from now on. The reason it was supposed to be like that
is that all best-practices options are... best practices...
hashed passwords, trusted cert, trusted cert with valid hostname,
listening on a nontls port... ? NOPE! listen-tls-only! Aaaaa.
2025-09-10 16:45:52 +02:00
Bram Matthys bc27eb48fb ** UnrealIRCd 6.2.0 ** 2025-09-09 18:10:49 +02:00
Bram Matthys 399dfde33e Update curl-ca-bundle.crt to Tue Aug 12 03:12:01 2025 GMT 2025-09-08 20:10:11 +02:00
Bram Matthys 256308a707 Switch back to OpenSSL for the Windows build:
* In 2016 we switched from OpenSSL to LibreSSL because the OpenSSL
  codebase was in a bit of bad shape and LibreSSL promised to be a
  more modern codebase. Now, almost a decade later, OpenSSL has had
  many code cleanups and is more security aware (code audits etc),
  especially since OpenSSL v3 things are looking OK and it seems
  LibreSSL doesn't have much progress nowadays. Which is understandable
  as they have a lot fewer coders available but has an effect on things
  like how long it took for TLSv1.3 to appear and for other new things
  like PQC. It also seems like security fixes are now slower than
  OpenSSL instead of the other way around. Anyway, I think they did their
  job well (together with other people) in "triggering" the OpenSSL
  project to get things back on track. Let's switch back now.
* For context: it seems several Linux distro's that used to do go for
  LibreSSL have also switched back to OpenSSL.
* LibreSSL is still and will continue to be a supported library to
  use with UnrealIRCd (especially with OpenBSD and FreeBSD in mind).
  So, if there are any issues (compile problems, configuration problems,
  some feature not detected), then please report it on our bug tracker
  at https://bugs.unrealircd.org/ ! We will have to rely more on such
  user-reports now that the main devs will likely only work with OpenSSL.

Also... i have cleaned up the Makefile.windows a bit to be more consistent
Hopefully i didn't make a mistake there...

[skip ci]
2025-09-08 17:02:56 +02:00
Bram Matthys 7603317c9b Fix some potentially confusing wording in release notes.
Just in case someone thinks we are going to msg users on plaintext ports
by default, no we don't that, or at least not this year.
This is purely a "best practices" advice to admins on config load.
[skip ci]
2025-08-01 12:09:30 +02:00
Bram Matthys 5b2c9a9890 Re-order some release notes items (mention spamfilter enhancements earlier)
[skip ci]
2025-08-01 11:43:46 +02:00
Bram Matthys aa8a8ee135 ** UnrealIRCd 6.2.0-beta3 **
This one will also be announced on the mailing list (beta1 and beta2 were not)
2025-08-01 11:28:37 +02:00
Bram Matthys 24fde4f889 Fix crash on "REHASH -dns" (IRCOp only)
Reported by vectr0n in https://bugs.unrealircd.org/view.php?id=6538
2025-07-31 17:53:40 +02:00
Bram Matthys 5e6bcaea33 After netsplit, wait for class::connfreq seconds before connecting to server.
Isn't that what it was supposed to do? Well, yes and no, previously
it only guaranteed that between reconnects (so the 2nd try not being
before class::connfreq than the 1st try), but there were no guarantees
for the first time period directly after a squit.

* When a netsplit happens and
  [set::server-linking::autoconnect-strategy](https://www.unrealircd.org/docs/Set_block#set::server-linking)
  is `sequential` (which is the default) or `sequential-fallback`
  (which is a good value for leafs) then we now consistently wait for
  [class::connfreq](https://www.unrealircd.org/docs/Class_block)
  seconds before trying to connect to the (same or next) server.
  By default this is 15 seconds in the example configuration
  server class. The reason for this is to provide a consistent behavior.
  Previously we waited semi-randomly for 0 to class::connfreq seconds.
  The previous behavior caused the picking of 'next server to try' to
  be inconsistent, which especially caused issues for `sequential-fallback`.
  If you want quicker recovery times in case of a netsplit, simply lower
  the value of [class::connfreq](https://www.unrealircd.org/docs/Class_block)
  in your configuration file, e.g. to 5 instead of 15 seconds.

Oh yeah and for connect-strategy 'parallel' things stay as is, with
the wait of 0 to class::connfreq per-server, which seems fine for that.
Unless you want a 'BOOM!' effect of mass reconnects instantly, in
which case you can just set class::connfreq very low.
2025-07-30 09:10:22 +02:00
Bram Matthys 5abea8d4d2 Update release notes a bit with recent changes
[skip ci]
2025-07-27 09:52:37 +02:00
Bram Matthys d468473876 Add a comment about port 6667 in example.conf
/* Standard IRC port 6667:
 * Insecure plaintext (NOT for production servers)
 * This listen block is here only for quick testing.
 * Delete or comment out this listen block on production servers
 * and use TLS on port 6697 instead.
 */

Also throw it in translated example*conf's (in English),
the translators can translate it.
2025-07-26 14:45:09 +02:00
Bram Matthys 6178e2b94f *** UnrealIRCd 6.2.0-beta2 *** 2025-07-25 10:31:44 +02:00
Bram Matthys 11ba1edff1 Update release notes on the Post-quantum cryptography (PQC) enhancements:
* [set::tls](https://www.unrealircd.org/docs/TLS_Ciphers_and_protocols):
    Rename `ecdh-curves` to `groups` (the old name will continue to work)
  * Add (and prefer) the `X25519MLKEM768` hybrid group, which is a mix
    of `X25519` that is commonly used today and quantum-safe `ML-KEM-768`.
    This to protect against
    ["harvest now, decrypt later"](https://en.wikipedia.org/wiki/Harvest_now,_decrypt_later).
  * To benefit from this, OpenSSL 3.5.0 or later (released April 2025)
    is required on the server, and similarly a client that supports this.
    At the time of writing, almost all Linux distros don't have such an
    OpenSSL version yet (which is not a problem, this new feature will simply
    not be available). Notably Debian 13 (when released in August
    2025) will have it. LibreSSL does not support it either yet, so our
    Windows build does not have this feature.
  * Also, change the TLS information on-connect and in WHOIS etc. from
    something like `TLSv1.3-TLS_CHACHA20_POLY1305_SHA256` to
    `TLSv1.3/X25519/TLS_CHACHA20_POLY1305_SHA256`. In other words: using
    slashes as separators and showing the group / key exchange in the middle.
    The group is only shown on newer OpenSSL versions. If someone would
    use the new PQC hybrid group mentioned above then their TLS info would
    start with `TLSv1.3/X25519MLKEM768/`.
  * TL;DR: better secrecy against future quantum attacks, even though
    not many clients or servers support it at the moment.

[skip ci]
2025-07-24 16:00:03 +02:00
Bram Matthys 9035859f0e Channel flood protection is now on by default. You can use +F to override.
[Channel flood protection by default](https://www.unrealircd.org/docs/Channel_anti-flood_settings):
This is an important change that IRCOps and chanops should know about:
* By default we now apply the anti-flood profile "normal", which should be fine for most channels.
* If a chanop does not want this they can override this by setting
  `MODE +F` with [another profile](https://www.unrealircd.org/docs/Channel_anti-flood_settings#Channel_mode_F_profiles).
* For example, for a channel with hundreds of users and lots of activity
  `+F relaxed` may be more appropriate. Or, chanops can turn anti-flood
  off entirely by setting `+F off`
* The reason for this change is that many admins and chanops in practice
  don't seem to use `+f` or `+F`. With this change they are now protected "by default"
  when no MODE `+f` or `+F` is set.
* Advanced users can can grab the detailed effective settings with `MODE #test F`
2025-07-16 14:59:42 +02:00
Bram Matthys 31d51fbb04 * UnrealIRCd can now be used if your OpenSSL does not provide MD5
(there will be an error if you use `cloak_md5`, but everything
  will work fine if you use `cloak_sha256`).

We phased out MD5 usage years ago, so it is only contained to
the old cloaking module. In fact that was the only reason we
started to provide the SHA256 cloaking module, simply so it
isn't using old MD5.

Of course, for module coders this means they should not call
DoMD5() or md5hash(), but that would be rare. Currently zero
modules in unrealircd contrib do this and it makes no sense
to start using it nowadays anyway.
2025-07-15 19:09:32 +02:00
Bram Matthys a911497290 Mention Text Analysis in release notes
[skip ci]
2025-07-14 18:48:48 +02:00
Bram Matthys e8b5a831e1 ** UnrealIRCd 6.2.0-beta1 **
(Possibly some Windows build fixes after this, but..)
2025-07-13 11:39:00 +02:00
Bram Matthys 76358d3f0b Some more release notes updates
[skip ci]
2025-07-13 11:07:23 +02:00
Bram Matthys f85f5899dc Update release notes a bit
[skip ci]
2025-07-13 11:03:08 +02:00
Bram Matthys af9014dbd3 Update release notes
[skip ci]
2025-07-12 17:42:52 +02:00
Bram Matthys d81817622a Update doc/unrealircd_wiki.zim (current wiki) 2025-06-25 09:55:27 +02:00
Rafael Grether 12927bca43 Update example.pt.conf to the latest changes (#309) 2025-04-14 15:29:18 +00:00
Bram Matthys f7fd5b013f Update some release notes (no code changes)
[skip ci]
2025-03-30 17:19:28 +02:00
Bram Matthys 9b3d219743 Add utf8functions with utf8_convert_confusables() from July 16 2023.
I started work on this back then but didn't finalize it. Now I
have to figure out what was left to be done :D. Other than the
obvious case of seeing some debugging code that prints out for
every converted character. Not yet visible / usable by end-users!
2025-03-22 07:56:11 +01:00
Bram Matthys 8c21472d03 Move allow::maxperip to its own module (maxperip), add HOOKTYPE_ALLOW_CLIENT.
Also fix documentation for ~10 hooks to mention the hook name.

Obviously, the maxperip module is loaded by default (in modules.default.conf)
but it is nice to have the 400+ lines contained in a separate module
rather than being in the nick module that does NICK/UID handling.
Will look at moving more later..
2025-03-22 07:42:00 +01:00
Bram Matthys d15c82346e Pass ClientContext in CMD_FUNC() and friends. So extra arg. Breaking change.
It now passes 'clictx' which at the moment only has clictx->cmd which
points to the command handler. So only useful in very few cases where
you have like a generic command handler and thus have no idea for which
command you are being called. In the future, with this new ClientContext
struct, we can simply add new fields to the struct without breaking
things in the core and in (third party) modules.

If you use the magic functions in your modules CMD_FUNC(cmd_mycmd),
OVERRIDE_FUNC(myoverride), CALL_NEXT_COMMAND_OVERRIDE() and such then
you shouldn't have any compile errors as these will use the correct
prototypes and variable names automatically. In a few cases you can't
use these, in which case you will need to update your modules.
2025-03-21 15:40:42 +01:00
Bram Matthys 5d733d50e5 Bump version to 6.2.0-git 2025-03-21 15:31:44 +01:00
Bram Matthys 53febc0faa ** UnrealIRCd 6.1.10 ** 2025-03-07 14:41:41 +01:00
Bram Matthys 8028ca9c4a ** UnrealIRCd 6.1.10-rc1 ** 2025-02-16 09:24:43 +01:00
Bram Matthys e7ec191bf1 Fix crash by IRCOp upon SPAMREPORT <ip> when centralblocklist is loaded.
Reported by Balthazar in https://bugs.unrealircd.org/view.php?id=6497
2025-02-16 08:52:32 +01:00
Bram Matthys d06f797422 Update release notes on the two new spamfilter { } options.
[skip ci]
2025-02-15 12:38:49 +01:00
Bram Matthys 72af36d2a3 Fix problem with upcoming GCC 15 that assumes C23.
GCC 15 is not released yet and is scheduled for April/May 2025.

We now have a ./configure check. If a func() declaration is interpreted
as meaning 0 arguments, so C23 style, then we now add -std=gnu17 to
CFLAGS. If not, then we don't set an explicit C standard version.

Closes https://bugs.unrealircd.org/view.php?id=6495
2025-02-10 11:31:47 +01:00
Bram Matthys aa31afe388 Update release notes a bit, nothing exciting
[skip ci]
2025-02-08 09:16:03 +01:00
TehPeGaSuS 8b8520a183 Update help.conf (#306)
Because we can give access to users with [set::hide-idle-time](https://www.unrealircd.org/docs/Set_block#set::hide-idle-time), I think this wording is more correct.
2025-01-25 16:26:07 +00:00
Bram Matthys 0887a5a4bd example conf: comment out link { } and ulines { } as well
These are optional after all. Not everyone links multiple servers
and not everyone uses Services. Fits with the rest that is //'ed
out now. Indirectly suggested by jwheare.
2025-01-03 17:56:30 +01:00
Bram Matthys a2b42b081f Update example.tr.conf & help.tr.conf by Serkan Sepetçi
Co-authored-by: Serkan Sepetçi <diablo@unrealircd.org>
2024-12-23 08:46:58 +01:00
Bram Matthys a09320886b Add JSON logging block to example.conf.
In addition to regular logging, also add a JSON log file.
This includes lots of information about every event so is great
for auditing purposes and is machine readable. It is, however
less readable for humans.
2024-12-04 18:54:19 +01:00
Bram Matthys 453729068e Add UnrealIRCd documentation wiki as doc/unrealircd_wiki.zim
This so there is an offline version of the documentation from
https://www.unrealircd.org/docs/.

I'm not 100% satisfied with the layout but it is workable.
The ZIM file can be opened with tools liki Kiwix.
https://en.wikipedia.org/wiki/ZIM_(file_format)
https://en.wikipedia.org/wiki/Kiwix

This does add 1.5 megabyte to the repository (and .tar.gz) but I
doubt anyone cares about that nowadays. The upside is that each
UnrealIRCd release will have the documentation of that time point
included, which can be used for historical purposes but also if
you don't have an internet connection or when for some other
reason the unrealircd wiki is unreachable.

The idea is that the .zim file is rebuild before each release,
i use mwoffliner (dev version) for that.
2024-12-04 13:18:37 +01:00
Bram Matthys 48a69151ef Update example.conf a little to indicate required changes with "CHANGE THIS".
People should preferrably go through the example conf line by line, but
if they are in a hurry or just want to get started quickly initially they
could CTRL+F on that.
2024-11-25 16:34:11 +01:00
Bram Matthys 47e81fe7d3 Set version to 6.1.10-git 2024-11-24 09:46:21 +01:00