mirror of
https://github.com/unrealircd/unrealircd.git
synced 2026-07-04 06:23:13 +02:00
181 lines
8.3 KiB
Plaintext
181 lines
8.3 KiB
Plaintext
UnrealIRCd 4.0.17-devel Release Notes
|
|
================================
|
|
|
|
You are looking at the git repository (development version).
|
|
UnrealIRCd 4.0.17 is work in progress.
|
|
|
|
==[ CHANGES BETWEEN 4.0.16 AND 4.0.17-devel ]==
|
|
|
|
Enhancements:
|
|
* Two optional modules. These are not loaded by default. To use them,
|
|
include modules.optional.conf, or add these loadmodule lines:
|
|
loadmodule "extbans/msgbypass";
|
|
loadmodule "extbans/timedban";
|
|
* New ban exception ~m:type:mask which allows bypassing of message
|
|
restrictions. Valid types are: 'external' (bypass +n),
|
|
moderated (bypass +m/+M), 'filter' (bypass +G),
|
|
'color' (bypass +S/+c) and 'notice' (bypass +T).
|
|
Some examples:
|
|
* Let LAN users bypass +m: +e ~m:moderated:*!*@192.168.*
|
|
* Let ops in #otherchan bypass +m: +e ~m:moderated:~c:@#otherchan
|
|
* Make GitHub commit bot bypass +n: +e ~m:external:*!*@ipmask
|
|
* Allow a services account to use color: +e ~m:color:~a:ColorBot
|
|
* Timed bans: ~t:duration:mask
|
|
These are bans that are automatically removed by the server.
|
|
The duration is in minutes and the mask can be any ban mask.
|
|
Some examples:
|
|
* A 5 minute ban on a host:
|
|
+b ~t:5:*!*@host
|
|
* A 5 minute quiet ban on a host (unable to speak):
|
|
+b ~t:5:~q:*!*@host
|
|
* An invite exception for 1440m/24hrs
|
|
+I ~t:1440:*!*@host
|
|
* A temporary exempt ban for a services account
|
|
+e ~t:1440:~a:Account
|
|
* Allows someone to speak through +m for the next 24hrs:
|
|
+e ~t:1440:~m:moderated:*!*@host
|
|
* And any other crazy ideas you can come up with...
|
|
* Timedban support in +f [5t#b2]:10 (set 2 minute ban on text flood).
|
|
This is only available if the previously mentioned extbans/timedban
|
|
module is loaded.
|
|
* Ability to customize the reject connection messages:
|
|
set {
|
|
reject-message {
|
|
password-mismatch "Password mismatch";
|
|
too-many-connections "Too many connections from your IP";
|
|
server-full "This server is full.";
|
|
unauthorized "You are not authorized to connect to this server";
|
|
};
|
|
};
|
|
|
|
Other:
|
|
* UnrealIRCd will no longer give user mode +z to users on WEBIRC
|
|
gateways using SSL/TLS IRC, unless the WEBIRC gateway gives us
|
|
some assurance that the client<->webirc gateway connection is
|
|
also secure (eg: https).
|
|
This is the regular WEBIRC format:
|
|
WEBIRC password gateway hostname ip
|
|
This indicates a secure client connection (NEW):
|
|
WEBIRC password gateway hostname ip :secure
|
|
Naturally, WEBIRC gateways MUST NOT send the "secure" option if
|
|
the client is using http or some other insecure protocol.
|
|
|
|
Module coders:
|
|
* New hook HOOKTYPE_CAN_BYPASS_CHANNEL_MESSAGE_RESTRICTION
|
|
https://www.unrealircd.org/docs/Dev:Hook_API#HOOKTYPE_CAN_BYPASS_CHANNEL_MESSAGE_RESTRICTION
|
|
|
|
Below are the release notes of previous release:
|
|
|
|
==[ CHANGES BETWEEN 4.0.15 AND 4.0.16 ]==
|
|
|
|
This is a major release with lots of new features and changes.
|
|
|
|
Enhancements:
|
|
* There's now an easy method to remove spamfilters:
|
|
'/SPAMFILTER del' will show a list of spamfilters along
|
|
with the appropriate command to remove them (by id).
|
|
* CAP v3.2 support.
|
|
* CAP 'cap-notify': notify users of any CAP changes.
|
|
* CAP 'extended-join': show account and gecos in JOIN.
|
|
* CAP 'chghost': notify on user/host changes.
|
|
Note that if you use set::allow-userhost-change force-rejoin
|
|
then clients which support CAP 'chghost' will not see the
|
|
PART+JOIN+MODE sequence as it is unnecessary. They already receive
|
|
a "CHGHOST" message as part of CAP 'chghost' instead.
|
|
* Updated CAP 'sasl' to specification 3.2 (includes mechlist).
|
|
* Automatically discover SASL server if saslmechlist is sent by services
|
|
and set::sasl-server is not set by the administrator. This should
|
|
help to get more networks to support SASL automatically (if you
|
|
run up to date services, of course)
|
|
* We send "CAP DEL sasl" if set::sasl-server squits and a "CAP NEW"
|
|
message when the server returns (to cap-notify and CAPv3.2 clients).
|
|
* Added password::type 'spkifp'. It's similar to 'sslclientcertfp' but
|
|
is a hash based on the public TLS key rather than the certificate.
|
|
The benefit of this is that the 'spkifp' can stay the same even if
|
|
you get a new certificate from Let's Encrypt. Note that 'certbot'
|
|
does not re-use keys by default so you will still get a different
|
|
spkifp every 60-90 days. Consider using another (3rd party) client
|
|
or tell the certbot guys to finally implement --reuse-key at
|
|
https://github.com/certbot/certbot/issues/3788
|
|
* The command './unrealircd spkifp' will output the SPKI fingerprint
|
|
* New option set::handshake-delay will delay the handshake (when a
|
|
user is connecting) up to this amount of time.
|
|
* If you have any blacklist { } block then UnrealIRCd will set an
|
|
set::handshake-delay of 2 seconds by default. This will allow (most)
|
|
DNSBL checking to be finished before the user comes online, while
|
|
still allowing a smooth user experience.
|
|
If your DNS(BL) is slow then you could raise this setting slightly.
|
|
* You can now have multiple webirc { } blocks with the same mask.
|
|
This permits multiple blocks like..
|
|
webirc {
|
|
mask *;
|
|
password "....." { sslclientcertfp; };
|
|
};
|
|
..should you need it.
|
|
In other words: we don't stop matching upon an authentication failure.
|
|
* Move CONNECTTIMEOUT to set::handshake-timeout and document it at
|
|
https://www.unrealircd.org/docs/Set_block#set::handshake-timeout
|
|
* Move MAXUNKNOWNCONNECTIONSPERIP to set::max-unknown-connections-per-ip
|
|
https://www.unrealircd.org/docs/Set_block#set::max-unknown-connections-per-ip
|
|
* Add set { cloak-method ip; }; which will make cloaking only be done
|
|
on the IP and thus result in an XX.YY.ZZ.IP cloaked host.
|
|
This so you can have "IP cloaking" without disabling DNS lookups.
|
|
GLINES on hosts still work and IRCOps (and yourself) can still see
|
|
the host in /WHOIS.
|
|
* New option set { ban-include-username yes; }; which will make bans
|
|
placed by spamfilters (and some other systems) to be placed not on *@ip
|
|
but on user@ip. Note that this won't work for ZLINE/GZLINE since no
|
|
no ident/username lookups are done in such cases.
|
|
|
|
Major issues fixed:
|
|
* None
|
|
|
|
Minor issues fixed:
|
|
* Gracefully handle incorrect server-to-server messages. These no longer
|
|
cause UnrealIRCd to crash. Note that this does not mean you can now
|
|
go send random RAW messages from a trusted server connection. Doing so
|
|
can cause desynchs, KILLs and SQUITs. We just try not to crash anymore.
|
|
* A small memory leak upon 'DNS i' (IRCOp only command)
|
|
|
|
Removed:
|
|
* Various old config.h settings that didn't have any effect.
|
|
* A few config.h settings that should never be turned off have been
|
|
removed altogether (eg: NO_FLOOD_AWAY is now always on).
|
|
* The deprecated and unused commands "CAP CLEAR" and "CAP ACK".
|
|
|
|
Other changes:
|
|
* When linking servers and not having any certificate validation,
|
|
UnrealIRCd will give you specific instructions on how to use
|
|
password::spkifp or verify-certificate. This to fix a possible
|
|
Man-in-the-Middle attack. Note that you'll only see this message
|
|
when linking two servers that are 4.0.16+.
|
|
* When a user does a nick change from a registered nick you will
|
|
now see the user mode -r. Previously this happened invisibly.
|
|
* The default oper snomask now includes 'S' (spamfilter notices).
|
|
* The shipped PCRE2 library has been upgraded to 10.30
|
|
|
|
Module coders:
|
|
* API change for HOOKTYPE_PRE_INVITE:
|
|
(aClient *sptr, aClient *target, aChannel *chptr, int *override)
|
|
Modules must now send the error message instead of only returning
|
|
HOOK_DENY. Also check for operoverride and set *override=1.
|
|
* Please use the following procedure in case of an user/host change:
|
|
userhost_save_current(acptr);
|
|
/* now do what you need to do: like change username or hostname */
|
|
userhost_changed(acptr);
|
|
This function will take care of notifying other clients about
|
|
the userhost change, such as doing PART+JOIN+MODE if force-rejoin
|
|
is enabled, and sending :xx CHGHOST user host messages to
|
|
"CAP chghost" capable clients.
|
|
|
|
Services coders:
|
|
* If you provide SASL then please send the mechlist like this:
|
|
MD client your.services.server saslmechlist :EXTERNAL,PLAIN
|
|
* Don't forget to send an EOS (End Of Synch) as part of the handshake,
|
|
if you are not doing so already. It's important:
|
|
:your.services.server EOS
|
|
|
|
==[ CHANGES IN OLDER RELEASES ]==
|
|
For changes in previous UnrealIRCd releases see doc/RELEASE-NOTES.old or
|
|
https://raw.githubusercontent.com/unrealircd/unrealircd/unreal40/doc/RELEASE-NOTES.old
|