1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-01 14:46:38 +02:00
Commit Graph

8204 Commits

Author SHA1 Message Date
Bram Matthys dbdac4e304 ** UnrealIRCd 5.2.2 ** 2021-10-03 15:59:13 +02:00
Bram Matthys 98fa3a63c8 Update release notes a bit more
[skip ci]
2021-10-03 15:54:06 +02:00
Bram Matthys 8e3c3a1bd7 Also mention possible OpenBSD c-ares fix in release notes
[skip ci]
2021-10-03 12:17:05 +02:00
Bram Matthys d48acf638a Update text a bit
[skip ci]
2021-10-03 12:13:26 +02:00
Bram Matthys 82c8c9aed4 BuildBot: FreeBSD hangs with ASan enabled, in OPENSSL_init_ssl(),
which calls qsort(). So disable it in the build tests (wtf?).
[skip ci]
2021-10-03 12:12:47 +02:00
Bram Matthys 3715ae6789 Update release notes
[skip ci]
2021-10-03 11:02:19 +02:00
Bram Matthys a21168928f Update shipped c-ares from 1.17.1 to 1.17.2 (10-aug-2021) 2021-10-03 10:37:03 +02:00
Bram Matthys 745f3fbb06 Update release notes, get ready for 5.2.2. 2021-10-03 10:33:14 +02:00
Bram Matthys d2ef328147 Update curl-ca-bundle.crt to version of Thu Sep 30 03:12:05 2021 GMT
from https://curl.se/ca/cacert.pem. Has a few changes, but the most
notable change is that they removed DST Root CA X3. This fixes
verifying Let's Encrypt certificates if you use the "DST Root CA X3"
chain (which is currently the default in certbot and all) on:
* OpenSSL 1.0.2 or earlier (old but in use on eg: Debian 8, Ubuntu 16.04, ..)
* LibreSSL below 3.3.5/3.2.7 (so until a day ago)

This only affects outgoing connections, so for remote includes and
for server linking. Server linking is only affected if you use the
link::verify-certificate option, which most people don't use.

On a side note, ISRG Root X1, so the "real root" for Let's Encrypt is
already included since August 2017 (c8a67f9436)
2021-10-03 10:13:40 +02:00
Bram Matthys 3feac27c43 Put arabic-utf8 in the correct group and #if out the hard errror
when mixing UTF8 groups, make it a general warning again as it
may or may not be an issue.
2021-09-22 09:31:47 +02:00
Bram Matthys c51a3d96be Add support for arabic-utf8 in set::allowed-nickchars. Supplied by Sensiva
in https://bugs.unrealircd.org/view.php?id=3734
2021-09-22 09:20:19 +02:00
Bram Matthys 871b581a06 Module coders: add UNREAL_VERSION so you can more easily check UnrealIRCd
versions in #ifdef's. Eg: #if UNREAL_VERSION > 0x05020100 to check if >5.2.1
2021-08-10 14:32:32 +02:00
Bram Matthys 41d8a13b19 Fix crash in set::server-linking::autoconnect-strategy sequential-fallback
when a remote server links to another server.
2021-08-08 15:56:29 +02:00
Bram Matthys 0593dc4b73 Allow SVSLOGIN also if set::sasl-server is not set.
Because yeah... why not.
2021-07-15 10:30:23 +02:00
k4bek4be c5a6f3c549 Make CHATHISTORY subcommands case-insensitive. (#157) 2021-07-11 09:24:56 +02:00
Ramiro Bou 0985728662 Adding sequential-fallback autoconnect strategy (#151)
After successful server connection it will restart from the beginning of the link blocks again.
2021-07-11 09:24:14 +02:00
Val Lorentz 67bfd41e44 chathistory: Use more explicit messages on INVALID_TARGET failure message (#150) 2021-07-11 09:09:18 +02:00
Bram Matthys d726c3aadd Bump version to 5.2.2-git as this is git / work in progress. 2021-07-10 10:03:46 +02:00
Bram Matthys d3c98c73c2 Fix issue where saslmechlist could not be set by services server.
This broke SASL services autodetection and also sasl=x,y,z in CAP.
Reported by Valware in https://bugs.unrealircd.org/view.php?id=5960

Of course the easiest solution would be just to set .remote_write=1
for this, which is what I've just done for the 5.2.1.1 release.
But there seems to be a pattern here. When a server wants to write
its own object (irc1.example.net writing to the MD object of
irc1.example.net) we have the problem that that object is both
"our client" and from the other server POV it is "themselves".
On one hand you may want to allow that (eg for 'saslmechlist'), on
the other hand a server writing its own 'certfp' sounds like a bad
idea in principle.
So we now add a new option for the 'self' case and make some MD
objects use it. In fact, in the core we now have zero MD objects
using remote_write. We keep the option available though, for example
for k4be's geoip modules and possibly future features.

Module API change:
* .self_write added which allows a server to write to its own object
  (irc1.example.net writing to the MD object of irc1.example.net)
* .remote_write still exists too if you want to allow remote servers
  to write to your own objects
* Note that in all cases, servers can always write to their own
  (child) client objects.

Changes:
* The link-security MD changed from .remote_write=1 to .self_write=1
* The salmechslist MD now has .self_write=1, this fixes the actual bug
2021-07-10 09:14:18 +02:00
Bram Matthys 8322a48026 ** UnrealIRCd 5.2.1 ** 2021-07-08 17:42:52 +02:00
Bram Matthys 0971cf7d70 modules.optional.conf: example set::antirandom block: Use CIDR
instead of standard wildcard.
In this case, since it's antirandom, it is not really important
as someone is not going to add DNS records specially to avoid
triggering antirandom. That makes no sense since it is much
easier to avoid using a random looking name.
Main reason of changing it here is to set a good example.
2021-07-07 14:20:15 +02:00
Bram Matthys b398c3d101 Change default exempt from 127.* to 127.0.0.0/8 so it does not match
arbitrary hosts that have a host starting with "127.". A rather stupid
oversight on my part, really.

In the meantime, if this happens, then you can still resort to using
ZLINE/GZLINE as a workaround to ban such a user. (The exemption won't
match against the host because DNS lookups are not done for zlines)

Reported by armyn in https://bugs.unrealircd.org/view.php?id=5957
2021-07-07 09:21:17 +02:00
Bram Matthys 141dd8acd0 Load settings from 5.2.0.x dot releases as well 2021-07-03 15:18:47 +02:00
Bram Matthys 94993a03ca ** UnrealIRCd 5.2.1-rc1 ** 2021-07-03 14:42:34 +02:00
Bram Matthys 1d62ca1153 Send account tag to recipient on INVITE.
Reported by ProgVal in https://bugs.unrealircd.org/view.php?id=5951
2021-07-03 14:18:15 +02:00
Bram Matthys 527726be41 Take message tags into account when calculating fake lag.
This was more of a oversight because the cmdbytes calculation happens
in a different function after message tags have already been processed.
Also, wasn't really important up to now since we only allow quite short
tags at the moment.

Instead of just counting these in cmdbytes, as would be the most logical
and easiest fix, we use a different strategy:
We use a separate counter for message-tags so clients benefit from the
"rounding down rule". In other words: the first xyz bytes give you
no extra penalty compared to before (eg they are "free"). Useful for
clients who use eg @label heavily.
By default this is 90 bytes for unknown-users and 180 bytes for
known-users. See lag-penalty-bytes in set::anti-flood.
2021-07-03 09:33:19 +02:00
Bram Matthys ee9db59d36 Fix two more small memory leaks on REHASH.
Now we are at zero leaks again with ASan, or so it seems.
2021-07-02 11:42:58 +02:00
Bram Matthys 12299b45bf Fix small memory leak on REHASH (<1kb): free set::anti-flood block 2021-07-02 10:56:51 +02:00
Bram Matthys abaed84190 Order CHATHISTORY TARGETS response in descending order (newest first)
https://bugs.unrealircd.org/view.php?id=5904
2021-07-02 10:42:40 +02:00
Bram Matthys 35f8598f3f Fix crash if using persistent channel history: if you had ANY rehash error
(often completely unrelated to channel history) and you then rehashed again
UnrealIRCd would crash. Reported by gh0st.
May be the same issue as reported by adamus1red in
https://bugs.unrealircd.org/view.php?id=5943

This has to do with SavePersistentPointer/LoadPersistentPointer calls
which normally work fine but this particular module uses it in MOD_TEST
causing a certain sequence of events causing a double free or read-
after-free if you do it slightly differently.
2021-07-02 09:16:58 +02:00
Bram Matthys f0db0735a8 Update release notes a bit
[skip ci]
2021-06-30 13:32:20 +02:00
Bram Matthys 696d5f05fb Last argument in fd_open() is now used to indicate what should be done on a
later fd_close() call. This also removes fd_map() since fd_open w/FDCLOSE_NONE
now does that.

* If you use fd_socket() or fd_accept(), then no change.
  When fd_close() is called we call close() on *NIX and closesocket() on Win.
* If you use fd_fileopen(), then no change.
  When fd_close() is called we will call close() on both *NIX and Win.
* If you used fd_open() and then fd_unmap() because you didn't want us
  to close the socket, then use fd_open() with FDCLOSE_NONE and
  just call fd_close() instead of fd_unmap().
  We will not actually close the fd in fd_close() (FDCLOSE_NONE).
* If you called fd_open() with other intentions then either specify a
  FDCLOSE_SOCKET / FDCLOSE_FILE as the last argument, or more likely:
  don't use fd_open() at all and use fd_socket() or fd_fileopen() instead.

For reasons on this change, see previous patch. This way is more sane and
makes it harder to make mistakes even beyond Windows-specific issues.
2021-06-30 11:33:46 +02:00
Bram Matthys 329f48334c I/O engine: track if a fd is a file or socket, needed for Windows.
This fixes a file descriptor leak in Windows that happened in the
logging code. The most visible effect of this was if you had a
log::maxsize set then on Windows you would see:
"Max file size reached, starting new log file"
Every other line, forever (and not actually starting a new log).

fd_close() previously did not close the file descriptor of a file
on Windows because on Windows it needs to call close() for a file
and closesocket() for a socket, and it always did the latter.
On *NIX it's more easy and you can just always close() any fd.
2021-06-30 11:06:44 +02:00
Bram Matthys a44b1cb63e Fix ./unralircd genlinkblock printing out a confusing error message if
you have serversonly listen block without tls.
Reported by Valware in https://bugs.unrealircd.org/view.php?id=5945
2021-06-30 10:06:19 +02:00
Bram Matthys 0bd2cfd0fc Update file_exists() function to work with directories on Windows.
And then let's use the similar (and faster) function on Linux too.
2021-06-28 19:33:14 +02:00
Bram Matthys 137703f04a Add cipherscan profile for OpenSSL 3.0.0. 2021-06-28 15:56:05 +02:00
Bram Matthys c586592516 Add -nodes (no DES) to openssl command so it doesn't ask for a
password on OpenSSL 3.0.0 and later when generating the standard
self-signed certificate.
2021-06-28 13:59:27 +02:00
Bram Matthys 088218817d Whitespace.......
[skip ci]
2021-06-28 13:07:15 +02:00
Bram Matthys 50089d340a Build test updates
[skip ci]
2021-06-28 13:02:36 +02:00
Bram Matthys cf5966cce4 Call early_init_ssl() even more early, fixes './unrealircd module list'
from crashing and other symptoms.
Crash was introduced with the OpenSSL 3.0.0 changes from
a541b8f4ad, so 9 days ago.
2021-06-28 08:18:43 +02:00
Ramiro Bou 26295151a9 Add microsecond precision to TSCTL ALLTIME (#147) 2021-06-28 06:27:02 +02:00
Bram Matthys c667662e9b Windows: Allow UnrealIRCd to be terminated gracefully (without prompt)
via taskill /im unrealircd.exe. Needed for BuildBot.
2021-06-27 19:21:56 +02:00
Bram Matthys ec3407a42f Set -Wno-tautological-compare on clang 3.x (yeah old version),
this to shut up false positives in buildbot.
2021-06-27 18:13:52 +02:00
Bram Matthys 30155ddd7c Only call reinit_tls() when rehashing. 2021-06-27 17:22:15 +02:00
Bram Matthys 79740c4a38 Make "REHASH" and ./unrealircd rehash also run the same code as "REHASH -tls",
if on OpenSSL 1.1.1 or later.

We trust OpenSSL 1.1.1 and later to be good enough to handle all
the reference counting and freeing nowadays, which is something that
was not done correctly in (much) older OpenSSL versions, leading
to crashes on one hand and on memory leaks on the other hand.

In OpenSSL 1.1.0 and earlier we do not rehash tls on simple "REHASH",
since that code has not been vetted. However, nobody should be
running those old OpenSSL versions anyway, since they are out of
official OpenSSL support.
2021-06-27 15:38:40 +02:00
Bram Matthys a8e52fdead Bump sjoin module version to 5.1
[skip ci]
2021-06-27 07:41:21 +02:00
Bram Matthys c37c965506 Fix SJOIN not properly propagated due to a copy-paste error in the SJSBY
vs non-SJSBY code. Reported by puckipedia in
https://bugs.unrealircd.org/view.php?id=5934
2021-06-27 07:39:02 +02:00
Bram Matthys 1347b33c14 Update release notes
[skip ci]
2021-06-26 19:44:47 +02:00
Bram Matthys 2afc57aa38 Use IsLoggedIn() macro everywhere where possible.
Based on previous reports and patches from k4be in
https://github.com/unrealircd/unrealircd/pull/129

Looks much cleaner now.

This also filters out the edge case where user_account_login()
could have been called when a user transitioned from "not logged in"
to "unconfirmed account". It did not cause any issues AFAICT but
it is not really expected either.
2021-06-26 11:47:08 +02:00
Bram Matthys 68d172854d Remove IsARegNick() as we already have IsRegNick() 2021-06-26 11:19:47 +02:00