This release adds experimental JSON-RPC support, a new TLINE command, the ./unrealircd restart
command has been improved to check for config errors, logging to files has been improved and there are several other enhancements.
There are also two important changes: 1) servers that use websockets now also need to load the "webserver" module (so you may need to edit your config file). 2) we now require TLSv1.2 or higher and a modern cipher for IRC clients. This should be no problem for clients using any reasonably new SSL/TLS library (from 2014 or later).
I would also like to take this opportunity to say that we are looking for webdevs to create an UnrealIRCd admin panel. The previous attempt at this failed so we are looking for new people.
See the full release notes below for all changes in more detail.
As usual, on *NIX you can easily upgrade with ./unrealircd upgrade
Enhancements:
- Internally the websocket module has been split up into 3 modules:
websocket_common
,webserver
andwebsocket
. Thewebsocket_common
one is loaded by default via modules.default.conf, the other two are not.
Important: if you use websockets then you need to load two modules now (instead of only one):loadmodule "websocket"; loadmodule "webserver";
- JSON-RPC API for UnrealIRCd. This is work in progress.
- New
TLINE
command to test *LINEs. This can be especially useful for checking how many people match an extended server ban such asTLINE ~C:NL
- The
./unrealircd start
command will now refuse to start if UnrealIRCd is already running. - The
./unrealircd restart
command will validate the configuration file (it will call./unrealircd configtest
). If there is a configuration error then the restart will not go through and the current UnrealIRCd process is kept running. - When an IRCOp is outside the channel and does
MODE #channel
they will now get to see the mode parameters too. This depends on thechannel:see:mode:remote
operclass permission which all IRCOps have by default if you use the default operclasses. - Logging to a file now creates a directory structure if needed.
- You could already use:
log { source { !debug; all; } destination { file "ircd.%Y-%m-%d.log"; } }
- But now you can also use:
log { source { !debug; all; } destination { file "%Y-%m-%d/ircd.log"; } }
- You could already use:
- Add additional variables in blacklist::reason:
$blacklist
: name of the blacklist block$dnsname
: the blacklist::dns::name$dnsreply
: the DNS reply code
- Resolved technical issue so opers can
REHASH
from Websocket connections. - In the TLD block the use of
tld::motd
andtld::rules
is now optional. - Log which oper actually initiated a server link request (
CONNECT
)
Changes:
- SSL/TLS: By default we now require TLSv1.2 or later and a modern cipher with forward secrecy. Otherwise the connection is refused.
- Since UnrealIRCd 4.2.2 (March 2019) users see an on-connect notice with a warning when they use an outdated TLS protocol or cipher that does not meet these requirements.
- This move also reflects the phase out of versions below TLSv1.2 which happened in browsers in 2020/2021.
- In practice on the client-side this requires at least:
- OpenSSL 1.0.1 (released in 2012)
- GnuTLS 3.2.6 (2013)
- Android 4.4.2 (2013)
- Or presumably any other SSL/TLS library that is not 9+ years old
- If you want to revert back to the previous less secure settings, then look under ''Previous less secure setting'' in TLS Ciphers and protocols.
- The code for handling
set::anti-flood::everyone::connect-flood
is now in its own moduleconnect-flood
. This module is loaded by default, no changes needed in your configuration file. - Similarly,
set:max-unknown-connections-per-ip
is now handled by the new modulemax-unknown-connections-per-ip
. This module is loaded by default as well, no changes needed in your configuration file. - Upgrade shipped PCRE2 to 10.41, curl-ca-bundle to 2022-10-11, on Windows LibreSSL to 3.6.1 and cURL to 7.86.0.
- After people do a major upgrade on their Linux distro, UnrealIRCd may no longer start due to an
error while loading shared libraries
. We now print a more helpful message and link to the new FAQ entry about it. - When timing out on the authprompt module, the error (quit message) is now the original (ban) reason for the prompt, instead of the generic
Registration timeout
.
Fixes:
- Crash when linking. This requires a certain sequence of events: first a server is linked in successfully, then we need to REHASH, and then a new link attempt has to come in with the same server name (for example because there is a network issue and the old link has not timed out yet). If all that happens, then an UnreaIRCd 6 server may crash, but not always.
- Warning message about moddata creationtime when linking.
- Snomask
+j
was not showing remote joins, even though it did show remote parts and kicks. - Leak of 1 file descriptor per /REHASH (the control socket).
- Ban letters showing up twice in 005 EXTBAN=
- Setting set::authentication-prompt::enabled to
no
was ignored. The default is stillyes
Lørdag, Desember 31, 2022
Powered by WHMCompleteSolution