1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-04 06:23:13 +02:00
Files
unrealircd/doc/RELEASE-NOTES
T
2017-11-20 09:48:25 +01:00

181 lines
8.3 KiB
Plaintext

UnrealIRCd 4.0.17-devel Release Notes
================================
You are looking at the git repository (development version).
UnrealIRCd 4.0.17 is work in progress.
==[ CHANGES BETWEEN 4.0.16 AND 4.0.17-devel ]==
Enhancements:
* Two optional modules. These are not loaded by default. To use them,
include modules.optional.conf, or add these loadmodule lines:
loadmodule "extbans/msgbypass";
loadmodule "extbans/timedban";
* New ban exception ~m:type:mask which allows bypassing of message
restrictions. Valid types are: 'external' (bypass +n),
moderated (bypass +m/+M), 'filter' (bypass +G),
'color' (bypass +S/+c) and 'notice' (bypass +T).
Some examples:
* Let LAN users bypass +m: +e ~m:moderated:*!*@192.168.*
* Let ops in #otherchan bypass +m: +e ~m:moderated:~c:@#otherchan
* Make GitHub commit bot bypass +n: +e ~m:external:*!*@ipmask
* Allow a services account to use color: +e ~m:color:~a:ColorBot
* Timed bans: ~t:duration:mask
These are bans that are automatically removed by the server.
The duration is in minutes and the mask can be any ban mask.
Some examples:
* A 5 minute ban on a host:
+b ~t:5:*!*@host
* A 5 minute quiet ban on a host (unable to speak):
+b ~t:5:~q:*!*@host
* An invite exception for 1440m/24hrs
+I ~t:1440:*!*@host
* A temporary exempt ban for a services account
+e ~t:1440:~a:Account
* Allows someone to speak through +m for the next 24hrs:
+e ~t:1440:~m:moderated:*!*@host
* And any other crazy ideas you can come up with...
* Timedban support in +f [5t#b2]:10 (set 2 minute ban on text flood).
This is only available if the previously mentioned extbans/timedban
module is loaded.
* Ability to customize the reject connection messages:
set {
reject-message {
password-mismatch "Password mismatch";
too-many-connections "Too many connections from your IP";
server-full "This server is full.";
unauthorized "You are not authorized to connect to this server";
};
};
Other:
* UnrealIRCd will no longer give user mode +z to users on WEBIRC
gateways using SSL/TLS IRC, unless the WEBIRC gateway gives us
some assurance that the client<->webirc gateway connection is
also secure (eg: https).
This is the regular WEBIRC format:
WEBIRC password gateway hostname ip
This indicates a secure client connection (NEW):
WEBIRC password gateway hostname ip :secure
Naturally, WEBIRC gateways MUST NOT send the "secure" option if
the client is using http or some other insecure protocol.
Module coders:
* New hook HOOKTYPE_CAN_BYPASS_CHANNEL_MESSAGE_RESTRICTION
https://www.unrealircd.org/docs/Dev:Hook_API#HOOKTYPE_CAN_BYPASS_CHANNEL_MESSAGE_RESTRICTION
Below are the release notes of previous release:
==[ CHANGES BETWEEN 4.0.15 AND 4.0.16 ]==
This is a major release with lots of new features and changes.
Enhancements:
* There's now an easy method to remove spamfilters:
'/SPAMFILTER del' will show a list of spamfilters along
with the appropriate command to remove them (by id).
* CAP v3.2 support.
* CAP 'cap-notify': notify users of any CAP changes.
* CAP 'extended-join': show account and gecos in JOIN.
* CAP 'chghost': notify on user/host changes.
Note that if you use set::allow-userhost-change force-rejoin
then clients which support CAP 'chghost' will not see the
PART+JOIN+MODE sequence as it is unnecessary. They already receive
a "CHGHOST" message as part of CAP 'chghost' instead.
* Updated CAP 'sasl' to specification 3.2 (includes mechlist).
* Automatically discover SASL server if saslmechlist is sent by services
and set::sasl-server is not set by the administrator. This should
help to get more networks to support SASL automatically (if you
run up to date services, of course)
* We send "CAP DEL sasl" if set::sasl-server squits and a "CAP NEW"
message when the server returns (to cap-notify and CAPv3.2 clients).
* Added password::type 'spkifp'. It's similar to 'sslclientcertfp' but
is a hash based on the public TLS key rather than the certificate.
The benefit of this is that the 'spkifp' can stay the same even if
you get a new certificate from Let's Encrypt. Note that 'certbot'
does not re-use keys by default so you will still get a different
spkifp every 60-90 days. Consider using another (3rd party) client
or tell the certbot guys to finally implement --reuse-key at
https://github.com/certbot/certbot/issues/3788
* The command './unrealircd spkifp' will output the SPKI fingerprint
* New option set::handshake-delay will delay the handshake (when a
user is connecting) up to this amount of time.
* If you have any blacklist { } block then UnrealIRCd will set an
set::handshake-delay of 2 seconds by default. This will allow (most)
DNSBL checking to be finished before the user comes online, while
still allowing a smooth user experience.
If your DNS(BL) is slow then you could raise this setting slightly.
* You can now have multiple webirc { } blocks with the same mask.
This permits multiple blocks like..
webirc {
mask *;
password "....." { sslclientcertfp; };
};
..should you need it.
In other words: we don't stop matching upon an authentication failure.
* Move CONNECTTIMEOUT to set::handshake-timeout and document it at
https://www.unrealircd.org/docs/Set_block#set::handshake-timeout
* Move MAXUNKNOWNCONNECTIONSPERIP to set::max-unknown-connections-per-ip
https://www.unrealircd.org/docs/Set_block#set::max-unknown-connections-per-ip
* Add set { cloak-method ip; }; which will make cloaking only be done
on the IP and thus result in an XX.YY.ZZ.IP cloaked host.
This so you can have "IP cloaking" without disabling DNS lookups.
GLINES on hosts still work and IRCOps (and yourself) can still see
the host in /WHOIS.
* New option set { ban-include-username yes; }; which will make bans
placed by spamfilters (and some other systems) to be placed not on *@ip
but on user@ip. Note that this won't work for ZLINE/GZLINE since no
no ident/username lookups are done in such cases.
Major issues fixed:
* None
Minor issues fixed:
* Gracefully handle incorrect server-to-server messages. These no longer
cause UnrealIRCd to crash. Note that this does not mean you can now
go send random RAW messages from a trusted server connection. Doing so
can cause desynchs, KILLs and SQUITs. We just try not to crash anymore.
* A small memory leak upon 'DNS i' (IRCOp only command)
Removed:
* Various old config.h settings that didn't have any effect.
* A few config.h settings that should never be turned off have been
removed altogether (eg: NO_FLOOD_AWAY is now always on).
* The deprecated and unused commands "CAP CLEAR" and "CAP ACK".
Other changes:
* When linking servers and not having any certificate validation,
UnrealIRCd will give you specific instructions on how to use
password::spkifp or verify-certificate. This to fix a possible
Man-in-the-Middle attack. Note that you'll only see this message
when linking two servers that are 4.0.16+.
* When a user does a nick change from a registered nick you will
now see the user mode -r. Previously this happened invisibly.
* The default oper snomask now includes 'S' (spamfilter notices).
* The shipped PCRE2 library has been upgraded to 10.30
Module coders:
* API change for HOOKTYPE_PRE_INVITE:
(aClient *sptr, aClient *target, aChannel *chptr, int *override)
Modules must now send the error message instead of only returning
HOOK_DENY. Also check for operoverride and set *override=1.
* Please use the following procedure in case of an user/host change:
userhost_save_current(acptr);
/* now do what you need to do: like change username or hostname */
userhost_changed(acptr);
This function will take care of notifying other clients about
the userhost change, such as doing PART+JOIN+MODE if force-rejoin
is enabled, and sending :xx CHGHOST user host messages to
"CAP chghost" capable clients.
Services coders:
* If you provide SASL then please send the mechlist like this:
MD client your.services.server saslmechlist :EXTERNAL,PLAIN
* Don't forget to send an EOS (End Of Synch) as part of the handshake,
if you are not doing so already. It's important:
:your.services.server EOS
==[ CHANGES IN OLDER RELEASES ]==
For changes in previous UnrealIRCd releases see doc/RELEASE-NOTES.old or
https://raw.githubusercontent.com/unrealircd/unrealircd/unreal40/doc/RELEASE-NOTES.old