These are optional after all. Not everyone links multiple servers
and not everyone uses Services. Fits with the rest that is //'ed
out now. Indirectly suggested by jwheare.
In addition to regular logging, also add a JSON log file.
This includes lots of information about every event so is great
for auditing purposes and is machine readable. It is, however
less readable for humans.
This so there is an offline version of the documentation from
https://www.unrealircd.org/docs/.
I'm not 100% satisfied with the layout but it is workable.
The ZIM file can be opened with tools liki Kiwix.
https://en.wikipedia.org/wiki/ZIM_(file_format)https://en.wikipedia.org/wiki/Kiwix
This does add 1.5 megabyte to the repository (and .tar.gz) but I
doubt anyone cares about that nowadays. The upside is that each
UnrealIRCd release will have the documentation of that time point
included, which can be used for historical purposes but also if
you don't have an internet connection or when for some other
reason the unrealircd wiki is unreachable.
The idea is that the .zim file is rebuild before each release,
i use mwoffliner (dev version) for that.
People should preferrably go through the example conf line by line, but
if they are in a hurry or just want to get started quickly initially they
could CTRL+F on that.
pub rsa4096 2024-11-18 [SC] [expires: 2030-11-17]
36E6F65706E36B0937280299101001DAF48BB56D
uid UnrealIRCd releases and patches (for verification of software downloads only!) <releases@unrealircd.org>
The old key is still valid until 2025-06-29:
pub rsa4096 2015-07-02 [SC] [expires: 2025-06-29]
1D2D2B03A0B68ED11D68A24BA7A21B0A108FF4A9
uid UnrealIRCd releases (for verification of software downloads only!) <releases@unrealircd.org>
The new key is signed by the old key and uploaded to keyserver.ubuntu.com.
The old key will still be used for signing releases for now. Somewhere around
the summer of 2025 i will switch to the new key.
Posted in https://forums.unrealircd.org/viewtopic.php?t=9397 for transparency
and set our default ciphers and ciphersuites. Note that by default in
UnrealIRCd 6 the built-in (non-cURL) implementation is used for remote
includes, which already uses the same defaults since 6.0.0. Also note
that most distros, like Ubuntu and Debian, already disabled TLSv1.2
in the default openssl conf and thus it was already disabled in cURL.
In config.h we had a:
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
#define UNREALIRCD_DEFAULT_ECDH_CURVES "X25519:secp521r1:secp384r1:prime256v1"
#else
#define UNREALIRCD_DEFAULT_ECDH_CURVES "secp521r1:secp384r1:prime256v1"
#endif
...which is fine in theory, but openssl headers are not included at that point,
so OPENSSL_VERSION_NUMBER was not defined.
From now on, we have:
#define UNREALIRCD_DEFAULT_ECDH_CURVES_PRIMARY "X25519:secp521r1:secp384r1:prime256v1"
#define UNREALIRCD_DEFAULT_ECDH_CURVES_SECONDARY "secp521r1:secp384r1:prime256v1"
...and we try them in that order. If both fail, we exit with an error (like before).
This because X25519 is not available in OpenSSL before 1.1.0 (so really old)
and may also not be available when running in FIPS mode.
... and make set::max-inherit-extended-bans::ban-exception default to 0
because that functionality is not implemented
The +e's are already checked when using +b ~inherit though..
* [Security group blocks](https://www.unrealircd.org/docs/Security-group_block)
are now hidden in lists by default. If you want the security group to be shown
in things like `MODE #channel +b ~security-group:x` (which shows a list)
then you need to use `public yes;`. The default security groups
like known-users, webirc-users, etc. are public by default.
* Convert to use module-based config handling
* Split part of VHOST command into do_vhost() for later
* Use AppendListItem instead of AddListItem so they are in config-order.
This is not really important atm but will matter later if we go auto.
* No other code changes at this point
Several notes:
* This only checks on-JOIN (not on nick change, message, etc)
for performance reasons
* If the #channel in ~inherit:#channel also contains ~inherit
entries then those are not processed (no recursion and no looping)
* Only a limited number of ~inherit entries is permitted.
This will be moved to set:: items in a future commit so you
can set different amounts for +b/+e/+I ~inherit.
* This is work in progress, UnrealIRCd or the entire world could explode
* Documentation will follow later
Developers:
* Sadly, clean_ban_mask() needed to be changed to have two more
parameters, 'ban_type' and 'channel' were added at different positions.
This because the module needs the ban type (EXBTYPE_BAN, EXBTYPE_EXCEPT,
EXBTYPE_INVEX) and channel because it rejects based on number of
existing ~inherit entries in the channel... and while is_ok() is called
for local clients and has all this information, for services clients
is_ok() is not called so the only way to reject the +beI is through
xxx_conv_param() which comes from clean_ban_mask().
6.1.7.2 does not exist in git and will be:
* Version bumped from 6.1.7.1 to 6.1.7.2
* 5092fa985d (cbl-timeout-fix)
* 624d1d189c (remove curlinstall)
[skip ci]
TehPeGaSuS