pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/chat/unrealircd unrealircd: update to 5.2.1.1
details: https://anonhg.NetBSD.org/pkgsrc/rev/9028d8799003
branches: trunk
changeset: 455949:9028d8799003
user: nia <nia%pkgsrc.org@localhost>
date: Thu Jul 15 09:57:47 2021 +0000
description:
unrealircd: update to 5.2.1.1
UnrealIRCd 5.2.1.1 Release Notes
===================================
5.2.1.1 fixes an issue with SASL autodetection and mechlist in 5.2.1
Enhancements:
* The [allow block](https://www.unrealircd.org/docs/Allow_block)
now uses allow::mask instead of allow::ip and allow::hostname.
Users upgrading will receive a warning but the server will continue to boot.
* New documentation for [mask items](https://www.unrealircd.org/docs/Mask_item)
in the configuration file to show how it works with 1 or more mask
items in a block. Also support for negative matching has been
improved and we now support
[extended server ban syntax](https://www.unrealircd.org/docs/Extended_server_bans).
* Combining the new options from above you can do things like:
* ```allow { mask ~a:TrustedUser; class flooders; maxperip 100; }```
If TrustedUser authenticates to services using
[SASL](https://www.unrealircd.org/docs/SASL) then he gets in the
special class "flooders" with a maxperip of 100.
* ```allow { mask { ~S:112233etc; ~S:anotherone; }; class clients; maxperip 10; }```
Users matching one of these
[certificate fingerprints](https://www.unrealircd.org/docs/Extended_server_bans)
get a high maximum per ip of 10.
* New block [set::server-linking](https://www.unrealircd.org/docs/Set_block#set::server-linking)
* For link blocks with autoconnect we now default to the strategy
'sequential', meaning we will try the 1st link block first,
then the 2nd, then the 3rd, then the 1st again, etc.
* We now have different and lower timeouts for the connect and
the handshake. So we give up a bit more early on servers that
are currently down or extremely lagged.
* New [security-group block](https://www.unrealircd.org/docs/Security-group_block)
item called *include-mask*. This can be used to put clients matching
a [mask](https://www.unrealircd.org/docs/Mask_item) into a security group.
* New option *lag-penalty* and *lag-penalty-bytes* in the
[set::anti-flood block](https://www.unrealircd.org/docs/Anti-flood_settings).
* *known-users* can now executes commands at a slightly faster rate than
*unknown-users*.
* It can further be used to allow really trusted users/bots to execute
commands at even higher rates, such as 20 commands per second,
without making them IRCOp. This explained in
[FAQ: How to allow users to send more commands per second](https://www.unrealircd.org/docs/FAQ#high-command-rate).
* The [REHASH](https://www.unrealircd.org/docs/Rehashing_the_IRCd) command
is now sufficient to reload SSL/TLS certificates. You no longer need to
use ```REHASH -tls```. The same is true for ```./unrealircd rehash```
which now also does the extra steps in ```./unrealircd reloadtls```.
The commands will stay, though, in case you only want to reload the
TLS certificates and not rehash the entire configuration file.
* Support for OpenSSL 3.0.0
* Show microseconds in ```TSCTL ALLTIME```
* The git version id is now shown in the ```INFO``` command on *NIX (ReleaseId).
* [Extban](https://www.unrealircd.org/docs/Extended_bans) ```~a:*``` now matches
all authenticated users and ```~a:0``` matches all unauthenticated users.
* Allow multiple masks in the [deny link { } block](https://www.unrealircd.org/docs/Deny_link_block)
Fixes:
* When using persistent channel history: if you had ANY rehash error (often
completely unrelated to channel history) and you then rehashed again
UnrealIRCd would crash.
* When server syncing larger channels we could accidentally skip over or
forget to send a few users. These users would then not be shown on the
other side of the link but are actually in the channel (ghosts)
* When using autoconnect on (very) big networks, the network no longer breaks down
(with the new default strategy 'sequential')
* The default ban exemption on ```127.*``` was too broad. It also matched
hostnames that started with it, allowing such users to bypass
gline/kline/shun (but not zline/gzline).
* Channel mode ```+d``` (so after ```-D```) never took QUITs into account
properly. This should now fix things, so the channel goes ```-d```
immediately once it is no longer needed.
* Give a better error message when trying to use an unconfirmed account
with [authprompt](https://www.unrealircd.org/docs/Set_block#set::authentication-prompt).
Module coders / IRC protocol:
* We now assume all services set the SVID field. If your services only sets
umode ```+r``` and does not use ```SVSLOGIN``` or ```SVSMODE nick +d SVID```
then users will not be recognized as authenticated anymore.
* In the ```UID``` command we now validate the UID (parameter 6) to start with
the SID and contains digits and uppercase only.
* Servers can no longer change moddata of remote clients.
That is, it is disabled by default, but modules can still allow it for
certain moddata via mreq.remote_write=1.
You can use ```#if UNREAL_VERSION_TIME >= 202125``` to detect
if this new .remote_write option is available.
* Removed ```HCN``` from 005, since nobody uses this anyway.
UnrealIRCd 5.2.0
-----------------
The two main new features in 5.2.0 are: an improved and more flexible
anti-flood block and channel history which can now be stored encrypted
on disk and allows clients to fetch hundreds/thousands of lines.
Upgrading and the 5.0.x series
-------------------------------
UnrealIRCd 5.2.0 is the direct successor to 5.0.9/5.0.9.1.
There will be [no further 5.0.x releases](https://www.unrealircd.org/docs/FAQ#About_the_new_5.2.x_series),
in particular there will be no 5.0.10.
Only four bugs that affect a limited number of people/networks were fixed.
UnrealIRCd 5.2.0 is mostly a feature release.
Admins wishing to take a conservative approach don't need to rush an
upgrade from 5.0.x to 5.2.0, they can wait for a 5.2.1 or 5.2.2 release.
If you are upgrading from 5.0.9(.1) to 5.2.0 then feel free to try the new
```./unrealircd upgrade``` command.
The only configuration change is in the set::anti-flood block (as explained
further down under *Enhancements*). When starting UnrealIRCd will give you
clear instructions if anything needs to be changed (and what).
This process is really minor, the server will usually tell you to just
delete a few old lines from the configuration file.
Enhancements
-------------
* The set::anti-flood block has been redone so you can have different limits
for *unknown-users* and *known-users*.
* As a reminder, by default, *known-users* are users who are identified
to services OR are on an IP that has been connected for over 2 hours
in the past X days. The exact definition of "known-users" is in the
[security-group block](https://www.unrealircd.org/docs/Security-group_block).
* See [here](https://www.unrealircd.org/docs/Anti-flood_settings)
for more information on the layout of the new set::anti-flood block.
* All violations of target-flood, nick-flood, join-flood, away-flood,
invite-flood, knock-flood, max-concurrent-conversations are now
reported to opers with the snomask ```f``` (flood).
* Add support for database encryption. The way this works
is that you define an encryption password in a
[secret { } block](https://www.unrealircd.org/docs/Secret_block).
Then from the various modules you can refer to this secret
block, from
[set::reputation::db-secret](https://www.unrealircd.org/docs/Set_block#set::reputation),
[set::tkldb::db-secret](https://www.unrealircd.org/docs/Set_block#set::tkldb)
and [set::channeldb::db-secret](https://www.unrealircd.org/docs/Set_block#set::channeldb).
This way you can encrypt the reputation, TKL and channel
database for increased privacy.
* Add optional support for
[persistent channel history](https://www.unrealircd.org/docs/Set_block#Persistent_channel_history):
* This stores channel history on disk for channels that have
both ```+H``` and ```+P``` set.
* If you enable this then we ALWAYS require you to set an
encryption password, as we do not allow storing of
channel history in plain text.
* If you enable the option, then the history is stored in
```data/history/``` in individual .db files. No channel
names are visible in the filenames for optimal privacy.
* See [Persistent channel history](https://www.unrealircd.org/docs/Set_block#Persistent_channel_history)
on how to enable this. By default it is off.
* Add support for IRCv3
[draft/chathistory](https://ircv3.net/specs/extensions/chathistory).
* The maximums for channel mode ```+H``` have been raised and are now
different for ```+r``` (registered) and ```-r``` channels. For unregistered
channels the limit is now 200 lines / 31 days. For registered channels
the limit is 5000 lines / 31 days. The old limit for both was 200 lines / 7 days.
These maximums can be changed in the now slightly different
[set::history::channel::max-storage-per-channel](https://www.unrealircd.org/docs/Set_block#set::history)
block.
* Add c-ares and libsodium version output to boot screen and /VERSION.
* WHOX now supports displaying the
[reputation score](https://www.unrealircd.org/docs/Reputation_score).
If you are an IRCOp then you can use e.g. ```WHO * %cuhsnfmdaRr```.
* Add ability to [spamfilter](https://www.unrealircd.org/docs/Spamfilter)
message tags via the new ```T``` target. Right now it would be unusual
to use this, but some day when we have more
[message tags](https://www.unrealircd.org/docs/Message_tags) it
may come in handy.
* Support [```+draft/reply```](https://ircv3.net/specs/client-tags/reply) IRCv3
client tag. Can be used by bots (and others) to indicate to what message
people are replying to. This module, reply-tag, is loaded by default.
* Send [```draft/bot```](https://ircv3.net/specs/extensions/bot-mode) IRCv3
message tag if the user has mode ```+B``` set.
* [Websockets](https://www.unrealircd.org/docs/WebSocket_support):
add support for clients to negotiate an explicit type via
```Sec-WebSocket-Protocol```, instead of only the default type from
[listen::websocket::type](https://www.unrealircd.org/docs/WebSocket_support#2._Enable_websocket_on_the_port).
This is based on an IRCv3 websocket draft specification.
Note that UnrealIRCd refuses type text if your configuration allows
non-UTF8 characters in channel or nick names because it would lead
to security and compatibility issues.
* [set::restrict-commands](https://www.unrealircd.org/docs/Set_block#set::restrict-commands):
new option *exempt-tls* which allows SSL/TLS users to bypass a restriction.
Fixes
------
* Server squiting the wrong side. Often harmless, but when (re)connecting
rapidly to multiple servers with autoconnect this could cause the
network to fall apart.
* Forbid using [extended server bans](https://www.unrealircd.org/docs/Extended_server_bans)
in ZLINE/GZLINE since they won't work there.
* Extended server ban ```~a:accname``` was not working for shun, and only
partially working for kline/gline.
* More accurate /ELINE error message.
Changed
--------
* Channel mode ```+H``` always showed time in minutes (```m```) until now.
From now on it will show it in minutes (```m```), hours (```h```) or
days (```d```) depending on the actual value. Eg ```+H 50:7d```.
* If you ran ```./unrealircd stop``` we used to wait only 1 second.
From now on we will wait up to 10 seconds max. This gives UnrealIRCd
plenty of time to write database files.
* If you have zero [log blocks](https://www.unrealircd.org/docs/Log_block)
then we already automatically logged errors to ```ircd.log```.
From now on we will log everything (not only errors) to that file.
Removed
--------
* Version check for curl and openssl as nowadays they have ABI guarantees.
Module coders / Developers
---------------------------
* New UnrealDB API and disk format, see
https://www.unrealircd.org/docs/Dev:UnrealDB
* We now use libsodium for file encryption routines as well
as some helpers to lock/clear passwords in memory.
* Updated ```HOOKTYPE_LOCAL_NICKCHANGE``` and
```HOOKTYPE_REMOTE_NICKCHANGE``` to include an
```MessageTag *mtags``` argument in the middle.
You can use ```#if UNREAL_VERSION_TIME>=202115``` to detect this.
* Updated channel mode ```conv_param``` function to
include a ```Channel *channel``` argument at the end.
You can use ```#if UNREAL_VERSION_TIME>=202120``` to detect this.
* New: ```ModuleSetOptions(modinfo->handle, MOD_OPT_UNLOAD_PRIORITY, priority);```.
This can be used for modules to indicate they wish to be unloaded
before or after others. It is used by for example the channel
and history modules so they can save their databases before
channel mode modules or other modules get unloaded.
* New CAP [```draft/chathistory```](https://ircv3.net/specs/extensions/chathistory).
If a client REQ's this CAP then UnrealIRCd won't send history on-join as
it assumes the client will fetch it when they feel the need for it.
* New informative CAP:
[```unrealircd.org/history-backend```](https://www.unrealircd.org/history-backend)
UnrealIRCd 5.0.9.1
-------------------
The only change between 5.0.9 and 5.0.9.1 is:
* Build improvements on *NIX (faster compiling and lower memory requirements)
UnrealIRCd 5.0.9
-----------------
The 5.0.9 release comes with several nice feature enhancements. There are no major bug fixes.
Enhancements:
* Changes to the "Client connecting" notice on IRC (for IRCOps):
* The format changed slightly, instead of ```{clients}``` it
now shows ```[class: clients]```
* SSL/TLS information is still shown via ```[secure]```
* New: ```[reputation: NNN]``` to show the current
[reputation score](https://www.unrealircd.org/docs/Reputation_score)
* New: ```[account: abcdef]``` to show the services account,
but only if [SASL](https://www.unrealircd.org/docs/SASL) was used.
* In the log file the format also changed slightly:
* IP information is now added as ```[127.0.0.1]``` in both the
connect and disconnect log messages.
* The vhost is logged as ```[vhost: xyz]``` instead of ```[VHOST xyz]```
* All the other values are now logged as well on-connect,
similar to the "Client connecting" notice, so: secure, reputation,
account (if applicable).
* New option [allow::global-maxperip](https://www.unrealircd.org/docs/Allow_block):
this imposes a global (network-wide) restriction on the number of
connections per IP address.
If you don't have a global-maxperip setting in the allow block then it
will default to maxperip plus one. So, if you currently have an
allow::maxperip of 3 then global-maxperip will be 4.
* [Handshake delay](https://www.unrealircd.org/docs/Set_block#set::handshake-delay)
is automatically disabled for users that are exempt from blacklist checking.
* Always exempt 127.* from gline, kline, etc.
* You can now have dated logfiles thanks to strftime formatting.
For example ```log "ircd.%Y-%m-%d.log" { }``` will create a log
file like called ircd.2020-01-31.log, a new one every day.
Changes:
* Add ```doc/KEYS``` which contains the public key(s) used to sign UnrealIRCd releases
* The options set::anti-flood::unknown-flood-* have been renamed and
integrated in a new block called
[set::anti-flood::handshake-data-flood](https://www.unrealircd.org/docs/Set_block#set::anti-flood::handshake-data-flood).
The ban-action can now also be changed. Note that almost nobody will have to
change this setting since it has a good default.
* On *NIX bump the default maximum connections from 8192 to 16384.
That is, when in "auto" mode, which is like for 99% of the users.
Note that the system may still limit the actual number of connections
to a lower value, epending on the value of ```ulimit -n -H```.
diffstat:
chat/unrealircd/Makefile | 6 +++---
chat/unrealircd/PLIST | 5 ++++-
chat/unrealircd/distinfo | 10 +++++-----
3 files changed, 12 insertions(+), 9 deletions(-)
diffs (69 lines):
diff -r dc21d990a8e4 -r 9028d8799003 chat/unrealircd/Makefile
--- a/chat/unrealircd/Makefile Thu Jul 15 09:40:43 2021 +0000
+++ b/chat/unrealircd/Makefile Thu Jul 15 09:57:47 2021 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.77 2021/04/21 13:24:28 adam Exp $
+# $NetBSD: Makefile,v 1.78 2021/07/15 09:57:47 nia Exp $
-DISTNAME= unrealircd-5.0.8
-PKGREVISION= 1
+DISTNAME= unrealircd-5.2.1.1
CATEGORIES= chat
MASTER_SITES= https://www.unrealircd.org/downloads/
@@ -131,5 +130,6 @@
.include "../../mk/pthread.buildlink3.mk"
.include "../../devel/pcre2/buildlink3.mk"
.include "../../security/argon2/buildlink3.mk"
+.include "../../security/libsodium/buildlink3.mk"
.include "../../security/openssl/buildlink3.mk"
.include "../../mk/bsd.pkg.mk"
diff -r dc21d990a8e4 -r 9028d8799003 chat/unrealircd/PLIST
--- a/chat/unrealircd/PLIST Thu Jul 15 09:40:43 2021 +0000
+++ b/chat/unrealircd/PLIST Thu Jul 15 09:57:47 2021 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.18 2021/01/25 11:17:36 nia Exp $
+@comment $NetBSD: PLIST,v 1.19 2021/07/15 09:57:47 nia Exp $
bin/unrealircd
lib/unrealircd/modules/account-notify.so
lib/unrealircd/modules/account-tag.so
@@ -11,6 +11,7 @@
lib/unrealircd/modules/away.so
lib/unrealircd/modules/batch.so
lib/unrealircd/modules/blacklist.so
+lib/unrealircd/modules/bot-tag.so
lib/unrealircd/modules/botmotd.so
lib/unrealircd/modules/cap.so
lib/unrealircd/modules/certfp.so
@@ -35,6 +36,7 @@
lib/unrealircd/modules/chanmodes/stripcolor.so
lib/unrealircd/modules/channeldb.so
lib/unrealircd/modules/charsys.so
+lib/unrealircd/modules/chathistory.so
lib/unrealircd/modules/chghost.so
lib/unrealircd/modules/chgident.so
lib/unrealircd/modules/chgname.so
@@ -104,6 +106,7 @@
lib/unrealircd/modules/plaintext-policy.so
lib/unrealircd/modules/protoctl.so
lib/unrealircd/modules/quit.so
+lib/unrealircd/modules/reply-tag.so
lib/unrealircd/modules/reputation.so
lib/unrealircd/modules/require-module.so
lib/unrealircd/modules/restrict-commands.so
diff -r dc21d990a8e4 -r 9028d8799003 chat/unrealircd/distinfo
--- a/chat/unrealircd/distinfo Thu Jul 15 09:40:43 2021 +0000
+++ b/chat/unrealircd/distinfo Thu Jul 15 09:57:47 2021 +0000
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.29 2021/01/25 11:17:36 nia Exp $
+$NetBSD: distinfo,v 1.30 2021/07/15 09:57:47 nia Exp $
-SHA1 (unrealircd-5.0.8.tar.gz) = a254e3794bca1f330609be7effd6709709dd091a
-RMD160 (unrealircd-5.0.8.tar.gz) = 5180e40f4b6dac30e81a2bf883863eafcf863117
-SHA512 (unrealircd-5.0.8.tar.gz) = 45fc0758a870dbb9c3ff55fc7029d1ecff9dcf65680f31ff331f012efbf9c9bffa60a6fe27b9bab69302d26b8293a1089cfaf1c550a3f2802a549f25e4644770
-Size (unrealircd-5.0.8.tar.gz) = 5013231 bytes
+SHA1 (unrealircd-5.2.1.1.tar.gz) = 67aa2c908f534fd09c3b56f2a1dc88f3ead164d4
+RMD160 (unrealircd-5.2.1.1.tar.gz) = 877d4755bfef29b3018f31a8268df0c8eebc9b99
+SHA512 (unrealircd-5.2.1.1.tar.gz) = d49a5fd9b02d6e43ec13f9195d226c10c4f2a7a7f0ac41c51b02a13fc287fea14c8fd73203fea773e57eb2e969cc4248abfdc24bd643a4f727222de7e4f726fa
+Size (unrealircd-5.2.1.1.tar.gz) = 7174342 bytes
SHA1 (patch-include_h.h) = 3fa85b08f1d9e317a45cb8f54a61e0560617e72d
Home |
Main Index |
Thread Index |
Old Index