pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/chat/unrealircd unrealircd: update to 5.2.1.1



details:   https://anonhg.NetBSD.org/pkgsrc/rev/9028d8799003
branches:  trunk
changeset: 455949:9028d8799003
user:      nia <nia%pkgsrc.org@localhost>
date:      Thu Jul 15 09:57:47 2021 +0000

description:
unrealircd: update to 5.2.1.1

UnrealIRCd 5.2.1.1 Release Notes
===================================

5.2.1.1 fixes an issue with SASL autodetection and mechlist in 5.2.1

Enhancements:
* The [allow block](https://www.unrealircd.org/docs/Allow_block)
  now uses allow::mask instead of allow::ip and allow::hostname.
  Users upgrading will receive a warning but the server will continue to boot.
* New documentation for [mask items](https://www.unrealircd.org/docs/Mask_item)
  in the configuration file to show how it works with 1 or more mask
  items in a block. Also support for negative matching has been
  improved and we now support
  [extended server ban syntax](https://www.unrealircd.org/docs/Extended_server_bans).
* Combining the new options from above you can do things like:
  * ```allow { mask ~a:TrustedUser; class flooders; maxperip 100; }```
  If TrustedUser authenticates to services using
  [SASL](https://www.unrealircd.org/docs/SASL) then he gets in the
  special class "flooders" with a maxperip of 100.
  * ```allow { mask { ~S:112233etc; ~S:anotherone; }; class clients; maxperip 10; }```
  Users matching one of these
  [certificate fingerprints](https://www.unrealircd.org/docs/Extended_server_bans)
  get a high maximum per ip of 10.
* New block [set::server-linking](https://www.unrealircd.org/docs/Set_block#set::server-linking)
  * For link blocks with autoconnect we now default to the strategy
    'sequential', meaning we will try the 1st link block first,
    then the 2nd, then the 3rd, then the 1st again, etc.
  * We now have different and lower timeouts for the connect and
    the handshake. So we give up a bit more early on servers that
    are currently down or extremely lagged.
* New [security-group block](https://www.unrealircd.org/docs/Security-group_block)
  item called *include-mask*. This can be used to put clients matching
  a [mask](https://www.unrealircd.org/docs/Mask_item) into a security group.
* New option *lag-penalty* and *lag-penalty-bytes* in the
  [set::anti-flood block](https://www.unrealircd.org/docs/Anti-flood_settings).
  * *known-users* can now executes commands at a slightly faster rate than
    *unknown-users*.
  * It can further be used to allow really trusted users/bots to execute
    commands at even higher rates, such as 20 commands per second,
    without making them IRCOp. This explained in
    [FAQ: How to allow users to send more commands per second](https://www.unrealircd.org/docs/FAQ#high-command-rate).
* The [REHASH](https://www.unrealircd.org/docs/Rehashing_the_IRCd) command
  is now sufficient to reload SSL/TLS certificates. You no longer need to
  use ```REHASH -tls```. The same is true for ```./unrealircd rehash```
  which now also does the extra steps in ```./unrealircd reloadtls```.
  The commands will stay, though, in case you only want to reload the
  TLS certificates and not rehash the entire configuration file.
* Support for OpenSSL 3.0.0
* Show microseconds in ```TSCTL ALLTIME```
* The git version id is now shown in the ```INFO``` command on *NIX (ReleaseId).
* [Extban](https://www.unrealircd.org/docs/Extended_bans) ```~a:*``` now matches
  all authenticated users and ```~a:0``` matches all unauthenticated users.
* Allow multiple masks in the [deny link { } block](https://www.unrealircd.org/docs/Deny_link_block)

Fixes:
* When using persistent channel history: if you had ANY rehash error (often
  completely unrelated to channel history) and you then rehashed again
  UnrealIRCd would crash.
* When server syncing larger channels we could accidentally skip over or
  forget to send a few users. These users would then not be shown on the
  other side of the link but are actually in the channel (ghosts)
* When using autoconnect on (very) big networks, the network no longer breaks down
  (with the new default strategy 'sequential')
* The default ban exemption on ```127.*``` was too broad. It also matched
  hostnames that started with it, allowing such users to bypass
  gline/kline/shun (but not zline/gzline).
* Channel mode ```+d``` (so after ```-D```) never took QUITs into account
  properly. This should now fix things, so the channel goes ```-d```
  immediately once it is no longer needed.
* Give a better error message when trying to use an unconfirmed account
  with [authprompt](https://www.unrealircd.org/docs/Set_block#set::authentication-prompt).

Module coders / IRC protocol:
* We now assume all services set the SVID field. If your services only sets
  umode ```+r``` and does not use ```SVSLOGIN``` or ```SVSMODE nick +d SVID```
  then users will not be recognized as authenticated anymore.
* In the ```UID``` command we now validate the UID (parameter 6) to start with
  the SID and contains digits and uppercase only.
* Servers can no longer change moddata of remote clients.
  That is, it is disabled by default, but modules can still allow it for
  certain moddata via mreq.remote_write=1.
  You can use ```#if UNREAL_VERSION_TIME >= 202125``` to detect
  if this new .remote_write option is available.
* Removed ```HCN``` from 005, since nobody uses this anyway.

UnrealIRCd 5.2.0
-----------------

The two main new features in 5.2.0 are: an improved and more flexible
anti-flood block and channel history which can now be stored encrypted
on disk and allows clients to fetch hundreds/thousands of lines.

Upgrading and the 5.0.x series
-------------------------------
UnrealIRCd 5.2.0 is the direct successor to 5.0.9/5.0.9.1.
There will be [no further 5.0.x releases](https://www.unrealircd.org/docs/FAQ#About_the_new_5.2.x_series),
in particular there will be no 5.0.10.

Only four bugs that affect a limited number of people/networks were fixed.
UnrealIRCd 5.2.0 is mostly a feature release.
Admins wishing to take a conservative approach don't need to rush an
upgrade from 5.0.x to 5.2.0, they can wait for a 5.2.1 or 5.2.2 release.

If you are upgrading from 5.0.9(.1) to 5.2.0 then feel free to try the new
```./unrealircd upgrade``` command.

The only configuration change is in the set::anti-flood block (as explained
further down under *Enhancements*). When starting UnrealIRCd will give you
clear instructions if anything needs to be changed (and what).
This process is really minor, the server will usually tell you to just
delete a few old lines from the configuration file.

Enhancements
-------------
* The set::anti-flood block has been redone so you can have different limits
  for *unknown-users* and *known-users*.
  * As a reminder, by default, *known-users* are users who are identified
    to services OR are on an IP that has been connected for over 2 hours
    in the past X days. The exact definition of "known-users" is in the
    [security-group block](https://www.unrealircd.org/docs/Security-group_block).
  * See [here](https://www.unrealircd.org/docs/Anti-flood_settings)
    for more information on the layout of the new set::anti-flood block.
  * All violations of target-flood, nick-flood, join-flood, away-flood,
    invite-flood, knock-flood, max-concurrent-conversations are now
    reported to opers with the snomask ```f``` (flood).
* Add support for database encryption. The way this works
  is that you define an encryption password in a
  [secret { } block](https://www.unrealircd.org/docs/Secret_block).
  Then from the various modules you can refer to this secret
  block, from
  [set::reputation::db-secret](https://www.unrealircd.org/docs/Set_block#set::reputation),
  [set::tkldb::db-secret](https://www.unrealircd.org/docs/Set_block#set::tkldb)
  and [set::channeldb::db-secret](https://www.unrealircd.org/docs/Set_block#set::channeldb).
  This way you can encrypt the reputation, TKL and channel
  database for increased privacy.
* Add optional support for
  [persistent channel history](https://www.unrealircd.org/docs/Set_block#Persistent_channel_history):
  * This stores channel history on disk for channels that have
    both ```+H``` and ```+P``` set.
  * If you enable this then we ALWAYS require you to set an
    encryption password, as we do not allow storing of
    channel history in plain text.
  * If you enable the option, then the history is stored in
    ```data/history/``` in individual .db files. No channel
    names are visible in the filenames for optimal privacy.
  * See [Persistent channel history](https://www.unrealircd.org/docs/Set_block#Persistent_channel_history)
    on how to enable this. By default it is off.
* Add support for IRCv3
  [draft/chathistory](https://ircv3.net/specs/extensions/chathistory).
* The maximums for channel mode ```+H``` have been raised and are now
  different for ```+r``` (registered) and ```-r``` channels. For unregistered
  channels the limit is now 200 lines / 31 days. For registered channels
  the limit is 5000 lines / 31 days. The old limit for both was 200 lines / 7 days.
  These maximums can be changed in the now slightly different
  [set::history::channel::max-storage-per-channel](https://www.unrealircd.org/docs/Set_block#set::history)
  block.
* Add c-ares and libsodium version output to boot screen and /VERSION.
* WHOX now supports displaying the
  [reputation score](https://www.unrealircd.org/docs/Reputation_score).
  If you are an IRCOp then you can use e.g. ```WHO * %cuhsnfmdaRr```.
* Add ability to [spamfilter](https://www.unrealircd.org/docs/Spamfilter)
  message tags via the new ```T``` target. Right now it would be unusual
  to use this, but some day when we have more
  [message tags](https://www.unrealircd.org/docs/Message_tags) it
  may come in handy.
* Support [```+draft/reply```](https://ircv3.net/specs/client-tags/reply) IRCv3
  client tag. Can be used by bots (and others) to indicate to what message
  people are replying to. This module, reply-tag, is loaded by default.
* Send [```draft/bot```](https://ircv3.net/specs/extensions/bot-mode) IRCv3
  message tag if the user has mode ```+B``` set.
* [Websockets](https://www.unrealircd.org/docs/WebSocket_support):
  add support for clients to negotiate an explicit type via
  ```Sec-WebSocket-Protocol```, instead of only the default type from
  [listen::websocket::type](https://www.unrealircd.org/docs/WebSocket_support#2._Enable_websocket_on_the_port).
  This is based on an IRCv3 websocket draft specification.
  Note that UnrealIRCd refuses type text if your configuration allows
  non-UTF8 characters in channel or nick names because it would lead
  to security and compatibility issues.
* [set::restrict-commands](https://www.unrealircd.org/docs/Set_block#set::restrict-commands):
  new option *exempt-tls* which allows SSL/TLS users to bypass a restriction.

Fixes
------
* Server squiting the wrong side. Often harmless, but when (re)connecting
  rapidly to multiple servers with autoconnect this could cause the
  network to fall apart.
* Forbid using [extended server bans](https://www.unrealircd.org/docs/Extended_server_bans)
  in ZLINE/GZLINE since they won't work there.
* Extended server ban ```~a:accname``` was not working for shun, and only
  partially working for kline/gline.
* More accurate /ELINE error message.

Changed
--------
* Channel mode ```+H``` always showed time in minutes (```m```) until now.
  From now on it will show it in minutes (```m```), hours (```h```) or
  days (```d```) depending on the actual value. Eg ```+H 50:7d```.
* If you ran ```./unrealircd stop``` we used to wait only 1 second.
  From now on we will wait up to 10 seconds max. This gives UnrealIRCd
  plenty of time to write database files.
* If you have zero [log blocks](https://www.unrealircd.org/docs/Log_block)
  then we already automatically logged errors to ```ircd.log```.
  From now on we will log everything (not only errors) to that file.

Removed
--------
* Version check for curl and openssl as nowadays they have ABI guarantees.

Module coders / Developers
---------------------------
* New UnrealDB API and disk format, see
  https://www.unrealircd.org/docs/Dev:UnrealDB
* We now use libsodium for file encryption routines as well
  as some helpers to lock/clear passwords in memory.
* Updated ```HOOKTYPE_LOCAL_NICKCHANGE``` and
  ```HOOKTYPE_REMOTE_NICKCHANGE``` to include an
  ```MessageTag *mtags``` argument in the middle.
  You can use ```#if UNREAL_VERSION_TIME>=202115``` to detect this.
* Updated channel mode ```conv_param``` function to
  include a ```Channel *channel``` argument at the end.
  You can use ```#if UNREAL_VERSION_TIME>=202120``` to detect this.
* New: ```ModuleSetOptions(modinfo->handle, MOD_OPT_UNLOAD_PRIORITY, priority);```.
  This can be used for modules to indicate they wish to be unloaded
  before or after others. It is used by for example the channel
  and history modules so they can save their databases before
  channel mode modules or other modules get unloaded.
* New CAP [```draft/chathistory```](https://ircv3.net/specs/extensions/chathistory).
  If a client REQ's this CAP then UnrealIRCd won't send history on-join as
  it assumes the client will fetch it when they feel the need for it.
* New informative CAP:
  [```unrealircd.org/history-backend```](https://www.unrealircd.org/history-backend)

UnrealIRCd 5.0.9.1
-------------------
The only change between 5.0.9 and 5.0.9.1 is:
* Build improvements on *NIX (faster compiling and lower memory requirements)

UnrealIRCd 5.0.9
-----------------
The 5.0.9 release comes with several nice feature enhancements. There are no major bug fixes.

Enhancements:
* Changes to the "Client connecting" notice on IRC (for IRCOps):
  * The format changed slightly, instead of ```{clients}``` it
    now shows ```[class: clients]```
  * SSL/TLS information is still shown via ```[secure]```
  * New: ```[reputation: NNN]``` to show the current
    [reputation score](https://www.unrealircd.org/docs/Reputation_score)
  * New: ```[account: abcdef]``` to show the services account,
    but only if [SASL](https://www.unrealircd.org/docs/SASL) was used.
* In the log file the format also changed slightly:
  * IP information is now added as ```[127.0.0.1]``` in both the
    connect and disconnect log messages.
  * The vhost is logged as ```[vhost: xyz]``` instead of ```[VHOST xyz]```
  * All the other values are now logged as well on-connect,
    similar to the "Client connecting" notice, so: secure, reputation,
    account (if applicable).
* New option [allow::global-maxperip](https://www.unrealircd.org/docs/Allow_block):
  this imposes a global (network-wide) restriction on the number of
  connections per IP address.
  If you don't have a global-maxperip setting in the allow block then it
  will default to maxperip plus one. So, if you currently have an
  allow::maxperip of 3 then global-maxperip will be 4.
* [Handshake delay](https://www.unrealircd.org/docs/Set_block#set::handshake-delay)
  is automatically disabled for users that are exempt from blacklist checking.
* Always exempt 127.* from gline, kline, etc.
* You can now have dated logfiles thanks to strftime formatting.
  For example ```log "ircd.%Y-%m-%d.log" { }``` will create a log
  file like called ircd.2020-01-31.log, a new one every day.

Changes:
* Add ```doc/KEYS``` which contains the public key(s) used to sign UnrealIRCd releases
* The options set::anti-flood::unknown-flood-* have been renamed and
integrated in a new block called
[set::anti-flood::handshake-data-flood](https://www.unrealircd.org/docs/Set_block#set::anti-flood::handshake-data-flood).
The ban-action can now also be changed. Note that almost nobody will have to
change this setting since it has a good default.
* On *NIX bump the default maximum connections from 8192 to 16384.
That is, when in "auto" mode, which is like for 99% of the users.
Note that the system may still limit the actual number of connections
to a lower value, epending on the value of ```ulimit -n -H```.

diffstat:

 chat/unrealircd/Makefile |   6 +++---
 chat/unrealircd/PLIST    |   5 ++++-
 chat/unrealircd/distinfo |  10 +++++-----
 3 files changed, 12 insertions(+), 9 deletions(-)

diffs (69 lines):

diff -r dc21d990a8e4 -r 9028d8799003 chat/unrealircd/Makefile
--- a/chat/unrealircd/Makefile  Thu Jul 15 09:40:43 2021 +0000
+++ b/chat/unrealircd/Makefile  Thu Jul 15 09:57:47 2021 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.77 2021/04/21 13:24:28 adam Exp $
+# $NetBSD: Makefile,v 1.78 2021/07/15 09:57:47 nia Exp $
 
-DISTNAME=      unrealircd-5.0.8
-PKGREVISION=   1
+DISTNAME=      unrealircd-5.2.1.1
 CATEGORIES=    chat
 MASTER_SITES=  https://www.unrealircd.org/downloads/
 
@@ -131,5 +130,6 @@
 .include "../../mk/pthread.buildlink3.mk"
 .include "../../devel/pcre2/buildlink3.mk"
 .include "../../security/argon2/buildlink3.mk"
+.include "../../security/libsodium/buildlink3.mk"
 .include "../../security/openssl/buildlink3.mk"
 .include "../../mk/bsd.pkg.mk"
diff -r dc21d990a8e4 -r 9028d8799003 chat/unrealircd/PLIST
--- a/chat/unrealircd/PLIST     Thu Jul 15 09:40:43 2021 +0000
+++ b/chat/unrealircd/PLIST     Thu Jul 15 09:57:47 2021 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.18 2021/01/25 11:17:36 nia Exp $
+@comment $NetBSD: PLIST,v 1.19 2021/07/15 09:57:47 nia Exp $
 bin/unrealircd
 lib/unrealircd/modules/account-notify.so
 lib/unrealircd/modules/account-tag.so
@@ -11,6 +11,7 @@
 lib/unrealircd/modules/away.so
 lib/unrealircd/modules/batch.so
 lib/unrealircd/modules/blacklist.so
+lib/unrealircd/modules/bot-tag.so
 lib/unrealircd/modules/botmotd.so
 lib/unrealircd/modules/cap.so
 lib/unrealircd/modules/certfp.so
@@ -35,6 +36,7 @@
 lib/unrealircd/modules/chanmodes/stripcolor.so
 lib/unrealircd/modules/channeldb.so
 lib/unrealircd/modules/charsys.so
+lib/unrealircd/modules/chathistory.so
 lib/unrealircd/modules/chghost.so
 lib/unrealircd/modules/chgident.so
 lib/unrealircd/modules/chgname.so
@@ -104,6 +106,7 @@
 lib/unrealircd/modules/plaintext-policy.so
 lib/unrealircd/modules/protoctl.so
 lib/unrealircd/modules/quit.so
+lib/unrealircd/modules/reply-tag.so
 lib/unrealircd/modules/reputation.so
 lib/unrealircd/modules/require-module.so
 lib/unrealircd/modules/restrict-commands.so
diff -r dc21d990a8e4 -r 9028d8799003 chat/unrealircd/distinfo
--- a/chat/unrealircd/distinfo  Thu Jul 15 09:40:43 2021 +0000
+++ b/chat/unrealircd/distinfo  Thu Jul 15 09:57:47 2021 +0000
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.29 2021/01/25 11:17:36 nia Exp $
+$NetBSD: distinfo,v 1.30 2021/07/15 09:57:47 nia Exp $
 
-SHA1 (unrealircd-5.0.8.tar.gz) = a254e3794bca1f330609be7effd6709709dd091a
-RMD160 (unrealircd-5.0.8.tar.gz) = 5180e40f4b6dac30e81a2bf883863eafcf863117
-SHA512 (unrealircd-5.0.8.tar.gz) = 45fc0758a870dbb9c3ff55fc7029d1ecff9dcf65680f31ff331f012efbf9c9bffa60a6fe27b9bab69302d26b8293a1089cfaf1c550a3f2802a549f25e4644770
-Size (unrealircd-5.0.8.tar.gz) = 5013231 bytes
+SHA1 (unrealircd-5.2.1.1.tar.gz) = 67aa2c908f534fd09c3b56f2a1dc88f3ead164d4
+RMD160 (unrealircd-5.2.1.1.tar.gz) = 877d4755bfef29b3018f31a8268df0c8eebc9b99
+SHA512 (unrealircd-5.2.1.1.tar.gz) = d49a5fd9b02d6e43ec13f9195d226c10c4f2a7a7f0ac41c51b02a13fc287fea14c8fd73203fea773e57eb2e969cc4248abfdc24bd643a4f727222de7e4f726fa
+Size (unrealircd-5.2.1.1.tar.gz) = 7174342 bytes
 SHA1 (patch-include_h.h) = 3fa85b08f1d9e317a45cb8f54a61e0560617e72d



Home | Main Index | Thread Index | Old Index