See doc/RELEASE-NOTES for the latest release notes. This file (doc/RELEASE-NOTES.old) contains the release notes of OLDER releases for historical purposes. ==[ CHANGES BETWEEN 4.2.2 AND 4.2.3 ]== This UnrealIRCd release adds new modules to combat drones, it bumps the default concurrent user limit, and UnrealIRCd can now easily deal with 1 million *LINE's placed on *@IP without any noticeable performance impact. There is also one important change with regards to old style 'posix' spamfilters (see under "Deprecated"), these will raise a warning but will continue to work for now. Enhancements: * New optional modules 'reputation' and 'connthrottle' to fight drones: * The 'reputation' module will learn what users (IP addresses) are frequently seen on your server and classify these as "known IP's". For every 5 minutes that someone is connected, the IP address receives +1 point. IP's with registered users receive +2 points per 5 minutes. An IRCOp can /WHOIS a user to view this "reputation score". The "/REPUTATION nick" and "/REPUTATION ip" commands are also available. Note that the reputation score is capped at a maximum of 10000 and entries expire if the IP has not been seen online for 30 days (or even sooner for very low reputation scores). * The 'connthrottle' module puts users in one of these two groups: * "known users" with IP addresses that have been online before on your network for some time. By default: 2+ hours past 30 days. * "new users" who have not been seen online before (or too short). Users in the "known users" group can connect without any limitation. Similarly, users who authenticate to services using SASL can also always get in. However, "new users" can be limited, for example at a maximum rate of 20 "new users" per minute. The end result and goal is that in case of a drone attack, 99% of your regular users can still connect as usual. This, while drones and other unknown IP's are limited at, for example, 20 per minute. By limiting the connection rate for drones and other unknown users the damage is limited. It also gives IRCOps a chance to react and take additional countermeasures, if possible. * The modules are not loaded by default. If you want to use them, then have a look at their example configuration in the file conf/modules.optional.conf * The reputation module needs to be running for some time before it contains a meaningful database of "known users". Therefore the connthrottle module will be disabled until the reputation module has gathered sufficient data. This defaults to 1 week. * Full documentation: https://www.unrealircd.org/docs/Connthrottle * On *NIX we now default to 'auto' mode to discover MAXCONNECTIONS. On systems that support it this means UnrealIRCd supports up to 8192 connections by default. It automatically falls back to a lower value such as 2048 or 1024 if the user account has a lower limit or if the OS does not support it. We recommend users to no longer set any specific value in ./Config and just leave it at 'auto'. If you want to see the effective limit, then look at this message when you start the server on the console: "This server can handle XYZ concurrent sockets". * UnrealIRCd now uses a technique that makes KLINE's, GLINE's and (G)ZLINE's placed on individual IP's (*@IP) extremely fast. Just to illustrate: * Previously it took 129 seconds to add 100k ZLINE's, now it takes 2.5 secs. * Checking a connection against 100,000 ZLINE's is now 250 times faster. * Previously 7,500 clients could connect per minute, now 33,560 per minute. * Even with 1 million ZLINE's on *@IP it can handle 30,000 connections p/m. * Rejecting Z-lined users is even faster at 435,000 connections per minute with 100,000 active ZLINE's. Benchmarked on a 2GHz Intel Xeon Skylake CPU with Linux 4.15. To benefit from these speed improvements, just place a *LINE on *@IP. * When the server has just been restarted, many users will reconnect and rejoin channels. We now disable the join flood limit in channel mode +f during the first 75 seconds since startup. This so the channel does not become +i or +R due to "flooding". See: https://www.unrealircd.org/docs/Set_block#set::modef-boot-delay Deprecated: * Spamfilter has 3 matching methods: 'simple', 'regex' and 'posix'. The old method 'posix' is deprecated as this uses the TRE regex library which contains bugs and has not been maintained for more than 10 years. On *NIX the 'make install' script will try to upgrade the example spamfilter.conf. This may not work if you have customizations in that file or if it was originating from 3.2.x. Helpful warnings or error messages are printed when you try to start UnrealIRCd, to guide the user in this upgrade process. For details see: https://www.unrealircd.org/docs/FAQ#spamfilter-posix-deprecated https://www.unrealircd.org/docs/FAQ#old-spamfilter-conf Major issues fixed: * None Minor issues fixed: * Changing the set::anti-flood::invite-flood setting had no effect. * Sometimes when a server (re)links to the network via 2+ connections it could trigger a race condition where the server would be delinked again. Module coders / Developers: * We now compile with a lot more compiler warnings enabled by default. Similarly, our Travis-CI compiles with --with-werror which enables the -Werror compiler option, which you may want to use as well. This enables the compiler to detect more possible bugs and sketchy code. * Some modules still prepend DLLFUNC to functions. This is unnecessary. * Similarly, if (!cep->ce_varname) is unnecessary, it never happens. * The functions del_Command() and such have been removed. You never needed to use this. Just use CommandAdd() and UnrealIRCd takes care of the rest. * For command functions we encourage you to use CMD_FUNC(m_something), this is not new. New is that we now also have something similar for command overrides, namely: CMD_OVERRIDE_FUNC(override_something). This way you don't have to type yourself the int parc, char *parv[] etc. stuff and this way we can also easily change the passed parameters in the future in an automatic way. Eg: provide more variables. * If you use linked lists and you use AddListItem() or DelListItem() then you should always have pointers to prev and next at the beginning of your struct (and in that order!), otherwise you risk memory corruption. Because this is an easy mistake to make we will now abort() we detect such an error at runtime in AddListItem or DelListItem (on *NIX). IRC protocol: * Many things changed in previous release (4.2.2). * No changes in this release. Future versions: * We intend to change the default plaintext oper policy from 'warn' to 'deny' in the summer of 2019. This will deny /OPER when used from a non-SSL connection. For security, IRC Operators should really use SSL/TLS! ==[ CHANGES BETWEEN 4.2.1 AND 4.2.2 ]== This is the stable version of UnrealIRCd 4.2.2. It contains several major enhancements, in particular with regards to flood controls. It also fixes a crash issue in the websocket module. Note that this is module is not loaded by default (only via modules.optional.conf or explicitly via a loadmodule "websocket"). Enhancements: * Quicker connection handshake for clients which use CAP and/or SASL. * With "TOPIC #chan" and "MODE #chan +b" (and +e/+I) you can see who set the topic and bans/exempts/invex. The default is to only show the nick of the person who set the item. This can be changed (not the default) by setting: set { topic-setter nick-user-host; }; set { ban-setter nick-user-host; }; * The 'set by' and 'set at' information for +beI lists are now synchronized when servers link. You still see the MODE originating from the server, however when the banlist is queried you will now be able to see the original nick and time of the bansetter rather than serv.er.name. If you want the OLD behavior you can use set { ban-setter-sync no; }; * The default maximum topic length has been increased from 307 to 360. * You can now set more custom limits. The default settings are shown below: set { topic-length 360; /* maximum: 360 */ away-length 307; /* maximum: 360 */ quit-length 307; /* maximum: 395 */ kick-length 307; /* maximum: 360 */ }; * The message sent to users upon *LINE can now be adjusted completely via set::reject-message::kline and set::reject-message::gline. See https://www.unrealircd.org/docs/Set_block#set::reject-message * New set::anti-flood::max-concurrent-conversations which configures the maximum number of conversations a user can have with other users at the same time. Until now this was hardcoded at limiting /MSG and /INVITE to 20 different users in a 15 second period. The new default is 10 users, which serves as a protection measure against spambots. See https://www.unrealircd.org/docs/Set_block#maxcc for more details. * New set::max-targets-per-command which configures the maximum number of targets accepted for a command, eg /MSG nick1,nick2,nick3,nick4 hi. Also changed the following defaults (previously hardcoded): * PRIVMSG from 20 to 4 targets, to counter /amsg spam * NOTICE from 20 to 1 target, to counter /anotice spam * KICK from 1 to 4 targets, to make it easier for channel operators to quickly kick a large amount of spambots See https://www.unrealircd.org/docs/Set_block#set::max-targets-per-command Technical: the 005 token TARGMAX= is used to communicate this information and the old MAXTARGETS= token has been removed. * Added INVITE and KNOCK flood protection (command rate limiting): * set::anti-flood::invite-flood now defaults to 4 per 60 seconds (previously the effective limit was 1 invite per 6 seconds). * set::anti-flood::knock-flood now defaults to 4 per 120 seconds. * New set::outdated-tls-policy which describes what to do with clients that use outdated SSL/TLS protocols (eg: TLSv1.0) and ciphers. The default settings are to warn in all cases: users connecting, opers /OPER'ing up and servers linking in. The user will see a message telling them to upgrade their IRC client. This should help with migrating such users, since in the future, say one or two years from now, we would want to change the default to only allow TSLv1.2+ with ciphers that provide Forward Secrecy. Instead of rejecting clients without any error message, this provides a way to warn them and give them some time to upgrade their outdated IRC client. https://www.unrealircd.org/docs/Set_block#set::outdated-tls-policy Major issues fixed: * Crash issue in the 'websocket' module. Minor issues fixed: * The advertised "link-security" was incorrectly downgraded from level 2 to 1 if spkifp was used as an authentication method. * In case of a crash, the "./unrealircd backtrace" script was not working correctly in non-English environments, leading to less accurate bug reports. * Various crashes if a server receives incorrect commands from a trusted linked server. * A number of memory leaks on REHASH (about 1K). * SASL was not working post-registration, eg: when services link back in. This is now fixed in UnrealIRCd, but may require a services update as well. Changed: * The noctcp user mode (+T) will now only block CTCP's and not CTCP REPLIES. Also, IRCOps can bypass user mode +T restrictions. * UnrealIRCd will warn if your ulines { } are matching UnrealIRCd servers. * The m_whox module now contains various features that m_who already had. Also, m_whox will try to convert classic UnrealIRCd WHO requests such as "WHO +i 127.0.0.1" to whox style "WHO 127.0.0.1 i". Unfortunately, auto- converting WHO requests this is not always possible. When in doubt the WHOX syntax is assumed. Users are thus (still) encouraged to use the whox style when m_whox is loaded. Deprecated: * None? Removed: * The option to show the topic setter as nick!user@host was previously a config option --with-topicisnuhost and a macro TOPIC_NICK_IS_NUHOST. These are removed, use set::topic-setter "nick-user-host" instead. Module coders: * New hook HOOKTYPE_WELCOME (aClient *acptr, int after_numeric): allows you to send a message at very specific places during the initial welcome https://www.unrealircd.org/docs/Dev:Hook_API#HOOKTYPE_WELCOME * New Isupport functions: IsupportSet, IsupportSetFmt and IsupportDelByName. * The M_ANNOUNCE flag in the command add functions should no longer be used as the CMDS= 005 token is removed. Please update your module. * New "SJSBY" in PROTOCTL, which is used in SJOIN to sync extra data. See https://www.unrealircd.org/docs/Server_protocol:SJOIN_command at the end. * For a command with 2 arguments, eg "PRIVMSG #a :txt", parv[1] is "#a", parv[2] is "txt" and parv[3] is NULL. Any arguments beyond that, such as parv[4] should not be accessed. To help module coders with detecting such bugs we now poison unused parv[] elements that should never be accessed. Note that without this poison your code will also crash, now it just crashes more consistently. IRC protocol: This section is intended for client coders and people interested in IRC protocol technicalities: * Many changes in the tokens used in numeric 005 (RPL_ISUPPORT): * Removed CMDS= because this was an unnecessary abstraction and it was not picked up by any other IRCd. * The tokens KNOCK MAP USERIP have been added (moved from CMDS=..) * STARTTLS is no longer advertised in 005 since doing so would be too late. Also, STARTTLS is not the preferred method of using SSL/TLS. * Added TARGMAX= to communicate set::max-targets-per-command limits. * Removed the MAXTARGETS= token because TARGMAX= replaces it. * Added DEAF=d to signal what user mode is used for "deaf" * Added QUITLEN to communicate the set::quit-length setting (after all, why communicate length for KICK but not for QUIT?) * The 005 tokens are now sorted alphabetically * When hitting the TARGMAX limit (set::max-targets-per-command), for example with "/MSG k001,k002,k003,k004,k005 hi", you will see: :server 407 me k005 :Too many targets. The maximum is 4 for PRIVMSG. * When hitting the set::anti-flood::max-concurrent-conversations limit (so not per command, but per time frame), you will see: :server 439 me k011 :Message target change too fast. Please wait 7 seconds * When hitting the set::anti-flood::invite-flood limit you will get: :server 263 me INVITE :Flooding detected. Please wait a while and try again. * When hitting the set::anti-flood::knock-flood limit you will get: :server 480 me :Cannot knock on #channel (You are KNOCK flooding) * Not a protocol change. But when a server returns from a netsplit and syncs modes such as: :server MODE #chan +b this!is@an.old.ban Then later on you can query the banlist (MODE #chan b) and you may see the actual original setter and timestamp of the ban. So if a user wishes to see the banlist then IRC clients are encouraged to actively query the banlist before displaying it. Fortunately most clients do this. * If the set::topic-setter or set::ban-setter are set to nick-user-host then the "added by" field in numerics that show these entries will contain nick!user@host instead of nick, eg: :server 367 me #channel this!is@some.ban bansetter!user@some.host 1549461765 Future versions: * We intend to change the default plaintext oper policy from 'warn' to 'deny' in the year 2019. This will deny /OPER when used from a non-SSL connection. For security, IRC Operators should really use SSL/TLS! ==[ CHANGES BETWEEN 4.2.1 AND 4.2.1.1 ]== The 4.2.1.1 version includes a compile fix for Debian. ==[ CHANGES BETWEEN 4.2.0 AND 4.2.1 ]== This version enhances support for authentication for clients that do not support SASL. Also new is a module to combat mixed UTF8 character spam, a rewrite of the operclass privileges and more secure password hashing. If you missed the 4.2.0 release, then consider looking at the previous release announcement as well, since it introduced a lot of new features: https://forums.unrealircd.org/viewtopic.php?f=1&t=8843 NOTE: There will be no further 4.0.x releases. Current stable is 4.2.x. https://www.unrealircd.org/docs/FAQ#Questions_about_the_new_4.2.x_series Enhancements: * Support for authentication prompt: Since 4.2.0 you can require specific users to authenticate themselves with their nickname and password via SASL. We now offer a new experimental module called 'authprompt' which will help non-SASL users by showing a notice and asking them to authenticate to their account using the command /AUTH :. See the new authentication article on the wiki for an overview: https://www.unrealircd.org/docs/Authentication and also https://www.unrealircd.org/docs/Set_block#set::authentication-prompt * New optional module 'antimixedutf8' to combat mixed UTF8 character spam (also called freenode spam) that has been plaguing networks. See: https://www.unrealircd.org/docs/Set_block#set::antimixedutf8 * Support for Argon2 password hashing, which is more resilient against brute force cracking. * Indicate 's' in WHO reply flags if the user is secure (SSL/TLS). Configuration changes: * The require sasl { } block is now called require authentication { } * The operclass privileges have been redone. Since there were 50+ changes to the 100+ privileges it makes little sense to list the changes here. If, like 99% of the users, you use default operclasses such as "globop" and "admin-with-override" then you don't need to do anything. However, if you have custom operclass { } blocks then the privileges will have to be redone. For more information on the conversion process, see https://www.unrealircd.org/docs/FAQ#New_operclass_permissions For the new list of permissions, with much better naming and grouping: https://www.unrealircd.org/docs/Operclass_permissions * In the configuration file you can now use } instead of }; Both forms are accepted. There's no need to change if you don't like it. * A /* comment in the configuration file is now terminated at the first occurrence of */, instead of two /* /* requiring two */ */. See https://www.unrealircd.org/docs/FAQ#Nesting_comments Major issues fixed: * The blacklist module did not act on IPv6 users listed in DNSBLs. Minor issues fixed: * By default a user shouldn't be allowed to change to a banned nick, unless (s)he has +hoaq in the channel. This was broken since 4.0.0. This feature can be disabled via set { check-target-nick-bans no; }; * Rehash error messages sent to opers regarding remote includes now no longer include authentication information (replaced with ***:***). Deprecated: * The authentication types 'md5', 'sha1' and 'ripemd160' have been deprecated because they can be cracked at high speeds. They still work, but a warning will be shown on boot and on rehash. Please use the new 'argon2' type instead. Type /MKPASSWD argon2 passwd on IRC, or "./unrealircd mkpasswd argon2" on the command line. Module coders: * Priorities in command overrides were reversed (was added in 4.2.0). Future versions: * We intend to change the default plaintext oper policy from 'warn' to 'deny' in the year 2019. This will deny /OPER when used from a non-SSL connection. For security, IRC Operators should really use SSL/TLS! ==[ CHANGES BETWEEN 4.0.18 AND 4.2.0 ]== There have been so many changes in this and the last few 4.0.x versions, it justifies calling this new release "UnrealIRCd 4.2.0". Marking the beginning of the 4.2 series, this release introduces features such as "soft klines" and "soft actions". A significant number of optional modules are now loaded as default, including timed channel bans and textbans. Also, a lot more smaller changes are included in this release, such as fixes for TLSv1.3 and experimental WHOX support. See further down for a full list of changes. NOTE: Version 4.2.0 is the direct successor to 4.0.18. There will be no further 4.0.x releases (in particular there will be no 4.0.19). https://www.unrealircd.org/docs/FAQ#Questions_about_the_new_4.2.x_series Enhancements: * New option to disable a module: blacklist-module "modulename"; This will cause any 'loadmodule' lines for that module to be ignored. This is especially useful if you only want to disable a few modules that are (normally) automatically loaded by conf/modules.default.conf. https://www.unrealircd.org/docs/Blacklist-module_directive * Next three new features have to do with SASL. More information on SASL in general can be found at https://www.unrealircd.org/docs/SASL * A new require sasl { } block which allows you to force users on the specified hostmask to use SASL. Any unauthenticated users matching the specified hostmask are are rejected. See https://www.unrealircd.org/docs/Require_sasl_block * New "soft kline" and "soft gline". These will not be applied to users that are authenticated to services using SASL. These are just GLINE/KLINE's but prefixed with a percent sign: Example: /GLINE %*@10.* 0 Only SASL allowed from here * New "soft" ban actions for spamfilter, blacklist, antirandom, etc. Actions such as "soft-kline" and "soft-kill" will only be applied to unauthenticated users. Users who are authenticated to services (SASL) are exempt from the corresponding spamfilter/blacklist/antirandom/.. See https://www.unrealircd.org/docs/Actions for the full action list. * WARNING: If your network also contains UnrealIRCd servers below v4.2.0 then it is not recommended to use global soft bans (such as soft gline or any spamfilter with soft-xx actions). There won't be havoc, but the bans won't be effective on parts of the network. * The following extban modules are not new but are now enabled by default: extbans/textban, extbans/timedban and extbans/msgbypass. In case you don't like them, use blacklist-module as mentioned earlier. Just as a reminder, they provide the following functionality: * TextBan: +b ~T:block:*badword* to block sentences with 'badword' * Timed bans: ~t:duration:mask These are bans that are automatically removed by the server. The duration is in minutes and the mask can be any ban mask. Some examples: * A 5 minute ban on a host: +b ~t:5:*!*@host * A 5 minute quiet ban on a host (unable to speak): +b ~t:5:~q:*!*@host * An invite exception for 24 hours (1440 minutes): +I ~t:1440:*!*@host * A temporary exempt ban for a services account: +e ~t:1440:~a:Account * Allows someone to speak through +m for the next 24hrs: +e ~t:1440:~m:moderated:*!*@host * And any other crazy ideas you can come up with... * Ban exception ~m:type:mask to allow bypassing of message restrictions. Valid types are: 'external' (bypass +n), moderated (bypass +m/+M), 'censor' (bypass +G), 'color' (bypass +S/+c) and 'notice' (bypass +T). Some examples: * Let LAN users bypass +m: +e ~m:moderated:*!*@192.168.* * Let ops in #otherchan bypass +m: +e ~m:moderated:~c:@#otherchan * Make GitHub commit bot bypass +n: +e ~m:external:*!*@ipmask * Allow a services account to use color: +e ~m:color:~a:ColorBot * Timedban support in +f [5t#b2]:10 (set 2 minute ban on text flood). * AntiRandom: The module will now (by default) exempt WEBIRC gateways from antirandom checking because they frequently cause false positives. This new behavior can be disabled via: set { antirandom { except-webirc no; }; }; * Server linking attempts and errors are now also put in the log file. * A new module that provides WHOX support, an enhanced and more standard version of WHO (NOTE: the command is still "WHO"). This allows, among other things, the client to request additional information, such as which services account each channel member is using. The module is currently experimental. To use it, add this to your conf: loadmodule "m_whox"; Major issues fixed: * Blacklist: Potential crash issue when concurrently checking DNSBL for the WEBIRC gateway and the spoofed host. * Blacklist: In case of multiple blacklists the 2nd/3rd/.. blacklists were not always checked properly. Minor issues fixed: * Remote includes: ./Config didn't properly detect libcurl on Ubuntu 18 (and possibly other Linux distributions as well) * Timeouts during server linking attempts were not displayed. * Delayjoin: Halfops did not see JOIN's when channel mode +D was set. * IRCOps with minimal privileges lost their user modes on MODE change. * IRCOps could not override channel mode +z (when not using SSL/TLS) * Channel names sometimes truncated if using accents or special chars. * TLSv1.3 ciphersuite setting was changed to reflect OpenSSL's behavior. There is now set::ssl::ciphersuites, specifically for TLSv1.3. Note that the default is perfectly fine so at this point in time it shouldn't need any adjustment (but the option is there...). * Windows: conf\modules.optional.conf was missing. Removed: * allow::options::sasl has been removed. Use the new and more flexible require sasl { } block instead. Other changes: * Windows users may be prompted to install the Visual C++ redistributable package for Visual Studio 2017. This is because we now build on VS 2017 instead of VS 2012. * We now use standard formatted messages for all K-Lines, G-Lines and any other bans that will cause the user to be disconnected. For technical details see the banned_client() function. * The except throttle { } block now also overrides any limitations from set::max-unknown-connection-per-ip. Useful for WEBIRC/cgiirc gateways. * Localhost connections are considered secure, so these can be used even if you have a plaintext-policy of 'deny' or 'warn'. (This was already the case for servers, but now also for users and opers) * Allow slashes in vhost/chghost/sethost/.. (but not through DNS) Module coders: * Windows: Be aware that we now build with Visual Studio 2017. This means 3rd party modules should be compiled with VS 2017 (or VS 2015) as well. Future versions: * We intend to change the default plaintext oper policy from 'warn' to 'deny' later this year. This will deny /OPER when used from a non-SSL connection. For security, IRC Operators should really use SSL/TLS! ==[ CHANGES BETWEEN 4.0.17 AND 4.0.18 ]== Enhancements: * Support for checking IPv6 addresses in DNS blacklists * For SSL/TLS we now set the default ECDH(E) curves to be X25519:secp521r1:secp384r1:prime256v1 if using a recent version of OpenSSL/LibreSSL. This can be overridden via set::ssl::ecdh-curve. * The blacklist module now checks WEBIRC users as well. * You can now require SASL for all clients via the allow block via: allow { ip *; class clients; maxperip 2; options { sasl; }; }; This can be useful for a special sasl-only server which, for example, only permits proxies and tor clients. In a future release the feature will be made more flexible so it can be used for other purposes as well. Major issues fixed: * A number of (potential) security issues were fixed: * Memory leaks: this could allow an attacker to slowly consume all available memory and ultimately cause UnrealIRCd to crash. * Out of bounds read: in practice this does not seem to be exploitable due to the many restrictions that are imposed. * Compile issues on macOS * Bug in blacklist module which could have caused false negatives, allowing bad guys in which should have been denied. * The new optional feature 'set::cloak-method ip' caused identical cloaks Minor issues fixed: * When using '/REHASH -ssl' or './unrealircd reloadtls' it did not reload the SSL certificate/key if you were using ssl-options in listen, sni or link blocks. In short: it only reloaded the ones from set::ssl until now. * m_ircops sent a conflicting numeric, confusing some clients. * Starting UnrealIRCd through a non-interactive(!) ssh session could cause the ssh session to hang. * An upgrade issue with non-system cURL causing compile problems. Other changes: * The built-in time synchronization feature is now disabled by default. TimeSynch was added back in 2006 when lots of operating systems did not ship with time synchronization turned on by default. Since incorrect time severely breaks IRC networks this was a major problem. Nowadays this is completely different with most Linux distro's, OS X, Windows, etc. doing time synchronization out of the box. Since UnrealIRCd's implementation is less precise and lacks authentication it's best left over to the system. You can still re-enable timesynch via: set { timesynch { enabled yes; }; }; .. but you should really use NTP or similar for system-wide time synchronization instead. * For developers there's now the --with-werror compile option which will add -Werror. * Added a lot more Travis-CI tests: various LibreSSL/OpenSSL versions and also test macOS. This to prevent us from releasing broken stuff. * Various code cleanups to get rid of lots of needless casts and to eliminate compiler warnings. * Just as a reminder (this change was already in version 4.0.17): UnrealIRCd will no longer give user mode +z to users on WEBIRC gateways using SSL/TLS IRC, unless the WEBIRC gateway gives us some assurance that the client<->webirc gateway connection is also secure (eg: https). This is the regular WEBIRC format: WEBIRC password gateway hostname ip This indicates a secure client connection (NEW): WEBIRC password gateway hostname ip :secure Naturally, WEBIRC gateways MUST NOT send the "secure" option if the client is using http or some other insecure protocol. Module coders: * HOOKTYPE_CHANNEL_SYNCED prototype changed, the 'merge' and 'removetheirs' is now no longer an 'unsigned short' but an 'int' instead. * HOOKTYPE_MODE_DEOP prototype changed, the 'modechar' is now no longer a 'char' but an 'int' instead. * In addition to safestrdup() there's now also safestrldup() which allows you to specify a maximum allocated length (so including the nul byte). This is used in m_pass.c and m_topic.c. * New hook HOOKTYPE_CAN_BYPASS_CHANNEL_MESSAGE_RESTRICTION https://www.unrealircd.org/docs/Dev:Hook_API#HOOKTYPE_CAN_BYPASS_CHANNEL_MESSAGE_RESTRICTION Future versions: * We intend to change the default plaintext oper policy from 'warn' to 'deny' later this year. This will deny /OPER when used from a non-SSL connection. For security, IRC Operators should really use SSL/TLS! ==[ CHANGES BETWEEN 4.0.16.1 AND 4.0.17 ]== Enhancements: * Two optional modules. These are not loaded by default. To use them, include modules.optional.conf, or add these loadmodule lines: loadmodule "extbans/timedban"; loadmodule "extbans/msgbypass"; * Timed bans: ~t:duration:mask These are bans that are automatically removed by the server. The duration is in minutes and the mask can be any ban mask. Some examples: * A 5 minute ban on a host: +b ~t:5:*!*@host * A 5 minute quiet ban on a host (unable to speak): +b ~t:5:~q:*!*@host * An invite exception for 1440m/24hrs +I ~t:1440:*!*@host * A temporary exempt ban for a services account +e ~t:1440:~a:Account * Allows someone to speak through +m for the next 24hrs: +e ~t:1440:~m:moderated:*!*@host * And any other crazy ideas you can come up with... * New ban exception ~m:type:mask which allows bypassing of message restrictions. Valid types are: 'external' (bypass +n), moderated (bypass +m/+M), 'censor' (bypass +G), 'color' (bypass +S/+c) and 'notice' (bypass +T). Some examples: * Let LAN users bypass +m: +e ~m:moderated:*!*@192.168.* * Let ops in #otherchan bypass +m: +e ~m:moderated:~c:@#otherchan * Make GitHub commit bot bypass +n: +e ~m:external:*!*@ipmask * Allow a services account to use color: +e ~m:color:~a:ColorBot * Timedban support in +f [5t#b2]:10 (set 2 minute ban on text flood). This is only available if the previously mentioned extbans/timedban module is loaded. * Added experimental UTF8 support in set::allowed-nickchars See https://www.unrealircd.org/docs/Nick_Character_Sets Example: set { allowed-nickchars { latin-utf8; }; }; Important remarks: * All your servers must be on UnrealIRCd 4.0.17 (or later) * Most(?) services do not support this, so users using UTF8 nicknames won't be able to register at NickServ. * In set::allowed-nickchars you must either choose an utf8 language or a non-utf8 character set. You cannot combine the two. * You also cannot combine multiple scripts/alphabets, such as: latin, greek, cyrillic and hebrew. You must choose one. * If you are already using set::allowed-nickchars on your network (eg: 'latin1') then be careful when migrating (to eg: 'latin-utf8'): * Your clients may still assume non-UTF8 * If users registered nicks with accents or other special characters at NickServ then they may not be able to access their account after the migration to UTF8. * There is no CASEMAPPING or "visually identical character"-checking. Just like in the old (non-utf8) charsys this means there is no lower/uppercase checking for allowed-nickchars nicks. So a nick with "O with accent" can be online at the same time as "o with accent". They are treated as two different users. The identical character looking issue is particular noticeable in cyrillic script where for example cyrillic "A" looks identical to latin "A" and thus can be used to impersonate a user. Improved CASEMAPPING and "visually similar character"-checking is part of ongoing research at the IRCv3 working group. * Ability to customize the reject connection messages: set { reject-message { password-mismatch "Password mismatch"; too-many-connections "Too many connections from your IP"; server-full "This server is full."; unauthorized "You are not authorized to connect to this server"; }; }; * Added optional AppArmor profile in extras/security/apparmor/unrealircd See https://www.unrealircd.org/docs/Using_AppArmor_with_UnrealIRCd Major issues fixed: * Crash when using OperOverride (*NIX only) * Crash if linking anope with the 'unreal' module from a non-localhost SSL connection. This is rarely done but also acts as a reminder that people should really use the 'unreal4' module in anope (2.0.3+). Minor issues fixed: * set::restrict-extendedbans was not effective for stacked bans * linking if only using link::outgoing caused a 'server name mismatch' Other: * UnrealIRCd will no longer give user mode +z to users on WEBIRC gateways using SSL/TLS IRC, unless the WEBIRC gateway gives us some assurance that the client<->webirc gateway connection is also secure (eg: https). This is the regular WEBIRC format: WEBIRC password gateway hostname ip This indicates a secure client connection (NEW): WEBIRC password gateway hostname ip :secure Naturally, WEBIRC gateways MUST NOT send the "secure" option if the client is using http or some other insecure protocol. Module coders: * New hook HOOKTYPE_CAN_BYPASS_CHANNEL_MESSAGE_RESTRICTION https://www.unrealircd.org/docs/Dev:Hook_API#HOOKTYPE_CAN_BYPASS_CHANNEL_MESSAGE_RESTRICTION ==[ CHANGES BETWEEN 4.0.16 AND 4.0.16.1 ]== An interim release with a couple of backported fixes: * Fix hang in (outgoing) server linking * Fix crash when linking anope over SSL from non-localhost * '/SPAMFILTER del ' did not remove the spamfilter on other servers * set::restrict-extendedbans was not always applied (when stacked) * Update automated build scripts ==[ CHANGES BETWEEN 4.0.15 AND 4.0.16 ]== This is a major release with lots of new features and changes. Enhancements: * There's now an easy method to remove spamfilters: '/SPAMFILTER del' will show a list of spamfilters along with the appropriate command to remove them (by id). * CAP v3.2 support. * CAP 'cap-notify': notify users of any CAP changes. * CAP 'extended-join': show account and gecos in JOIN. * CAP 'chghost': notify on user/host changes. Note that if you use set::allow-userhost-change force-rejoin then clients which support CAP 'chghost' will not see the PART+JOIN+MODE sequence as it is unnecessary. They already receive a "CHGHOST" message as part of CAP 'chghost' instead. * Updated CAP 'sasl' to specification 3.2 (includes mechlist). * Automatically discover SASL server if saslmechlist is sent by services and set::sasl-server is not set by the administrator. This should help to get more networks to support SASL automatically (if you run up to date services, of course) * We send "CAP DEL sasl" if set::sasl-server squits and a "CAP NEW" message when the server returns (to cap-notify and CAPv3.2 clients). * Added password::type 'spkifp'. It's similar to 'sslclientcertfp' but is a hash based on the public TLS key rather than the certificate. The benefit of this is that the 'spkifp' can stay the same even if you get a new certificate from Let's Encrypt. Note that 'certbot' does not re-use keys by default so you will still get a different spkifp every 60-90 days. Consider using another (3rd party) client or tell the certbot guys to finally implement --reuse-key at https://github.com/certbot/certbot/issues/3788 * The command './unrealircd spkifp' will output the SPKI fingerprint * New option set::handshake-delay will delay the handshake (when a user is connecting) up to this amount of time. * If you have any blacklist { } block then UnrealIRCd will set an set::handshake-delay of 2 seconds by default. This will allow (most) DNSBL checking to be finished before the user comes online, while still allowing a smooth user experience. If your DNS(BL) is slow then you could raise this setting slightly. * You can now have multiple webirc { } blocks with the same mask. This permits multiple blocks like.. webirc { mask *; password "....." { sslclientcertfp; }; }; ..should you need it. In other words: we don't stop matching upon an authentication failure. * Move CONNECTTIMEOUT to set::handshake-timeout and document it at https://www.unrealircd.org/docs/Set_block#set::handshake-timeout * Move MAXUNKNOWNCONNECTIONSPERIP to set::max-unknown-connections-per-ip https://www.unrealircd.org/docs/Set_block#set::max-unknown-connections-per-ip * Add set { cloak-method ip; }; which will make cloaking only be done on the IP and thus result in an XX.YY.ZZ.IP cloaked host. This so you can have "IP cloaking" without disabling DNS lookups. GLINES on hosts still work and IRCOps (and yourself) can still see the host in /WHOIS. * New option set { ban-include-username yes; }; which will make bans placed by spamfilters (and some other systems) to be placed not on *@ip but on user@ip. Note that this won't work for ZLINE/GZLINE since no no ident/username lookups are done in such cases. Major issues fixed: * None Minor issues fixed: * Gracefully handle incorrect server-to-server messages. These no longer cause UnrealIRCd to crash. Note that this does not mean you can now go send random RAW messages from a trusted server connection. Doing so can cause desynchs, KILLs and SQUITs. We just try not to crash anymore. * A small memory leak upon 'DNS i' (IRCOp only command) Removed: * Various old config.h settings that didn't have any effect. * A few config.h settings that should never be turned off have been removed altogether (eg: NO_FLOOD_AWAY is now always on). * The deprecated and unused commands "CAP CLEAR" and "CAP ACK". Other changes: * When linking servers and not having any certificate validation, UnrealIRCd will give you specific instructions on how to use password::spkifp or verify-certificate. This to fix a possible Man-in-the-Middle attack. Note that you'll only see this message when linking two servers that are 4.0.16+. * When a user does a nick change from a registered nick you will now see the user mode -r. Previously this happened invisibly. * The default oper snomask now includes 'S' (spamfilter notices). * The shipped PCRE2 library has been upgraded to 10.30 Module coders: * API change for HOOKTYPE_PRE_INVITE: (aClient *sptr, aClient *target, aChannel *chptr, int *override) Modules must now send the error message instead of only returning HOOK_DENY. Also check for operoverride and set *override=1. * Please use the following procedure in case of an user/host change: userhost_save_current(acptr); /* now do what you need to do: like change username or hostname */ userhost_changed(acptr); This function will take care of notifying other clients about the userhost change, such as doing PART+JOIN+MODE if force-rejoin is enabled, and sending :xx CHGHOST user host messages to "CAP chghost" capable clients. Services coders: * If you provide SASL then please send the mechlist like this: MD client your.services.server saslmechlist :EXTERNAL,PLAIN * Don't forget to send an EOS (End Of Synch) as part of the handshake, if you are not doing so already. It's important: :your.services.server EOS ==[ CHANGES BETWEEN 4.0.14 AND 4.0.15 ]== Major issues fixed: * Fix remotely triggerable crash issue in handshake. This allows a user to crash an UnrealIRCd server, even those with restrictions such as password protected hubs. * Fix another remotely triggerable crash issue. This one requires the user to connect, join a channel and have channel operator privileges. ==[ CHANGES BETWEEN 4.0.13 AND 4.0.14 ]== Enhancements: * New set::plaintext-policy configuration settings. This defines what happens to users/ircops/servers that are not using SSL/TLS. The default settings are: set { plaintext-policy { user allow; /* allow any user to connect */ oper warn; /* warn on /OPER if not using SSL/TLS */ server deny; /* deny servers without SSL/TLS, except localhost */ }; }; You can change each of the three classes to 'allow', 'warn' or 'deny'. See: https://www.unrealircd.org/docs/Set_block#set::plaintext-policy If your services do not run on localhost and link without SSL/TLS then you may get an error during linking. In such a case check out: https://www.unrealircd.org/docs/FAQ#ERROR:_Servers_need_to_use_SSL.2FTLS * You can now ask UnrealIRCd to verify certificates of server links by: link irc1.test.net { [..] verify-certificate yes; }; This will verify the certificate of the link, making sure it is valid, issued for the specified name (irc1.test.net) and given out by a trusted Certificate Authority (like Let's Encrypt). Obviously, if you use self-signed certificates then you can't use this. * Introduce a concept called "link security level". This will rate the security of your network from 0 to 2. Whenever security is degraded due to a new server link UnrealIRCd will print a warning about it. See https://www.unrealircd.org/docs/Link_security This also adds a new command /LINKSECURITY (IRCop-only). * The plaintext-policy and link-security is shown in "CAP LS". Major issues fixed: * None Minor issues fixed: * If you had a link block named irc1.example.net and did an outgoing connect to that server, then the server could introduce himself under a different name, such as irc1.other.net. Not a security issue, since all authentication has to be passed, but this could cause confusing autoconnect attempts. * password::sslclientcert did not accept relative paths * Compile problem with LibreSSL (regarding SSL_CTX_get0_param) * set::modes-on-connect: was refusing certain (old) modes like +N Other changes: * The ssl options 'verify-certificate' and 'no-self-signed' have been removed. Use link::verify-certificate instead. It makes no sense to verify certificates or prevent self signed certificates elsewhere such as in vhost or oper, since there is no hostname to match against. * Weak cipher suites such as 3DES and RC4 are disabled by default but previously you could still enable them through set::ssl::ciphers. Now you can no longer, since there is no legitimate reason to do so. * Update cipher suite to work with TLS 1.3. This ensures you can use TLS 1.3 in UnrealIRCd 4.0.14+ when OpenSSL supports it (in the future). * Bump MODDATA_MAX_CLIENT from 8 to 12: needed if you have a lot of 3rd party modules loaded. Also moved MODDATA_MAX_* to include/config.h Module coders: * You can now attach ModData to server objects as well (including &me). * Please do not use UmodeDel, CmdoverrideDel and any other *Del() functions from MOD_UNLOAD. These undocumented functions are unnecessary since 2008 or so. UnrealIRCd takes care of unloading all module objects. It can cause a crash if someone unloads the module in UnrealIRCd 4 (more specifically: double free if unloading modules which use ModData). Attempts to use these functions in future UnrealIRCd versions may result in a compile error. ==[ CHANGES BETWEEN 4.0.12 AND 4.0.13 ]== Enhancements: * Support for Strict Transport Security (draft/sts). See: https://www.unrealircd.org/docs/SSL/TLS#Strict_Transport_Security * Support for Server Name Indication (SNI): See: https://www.unrealircd.org/docs/Sni_block * Add conf/modules.optional.conf. This loads all additional modules that are not in modules.default.conf (m_ircops, m_staff, nocodes, textban, hideserver, antirandom and websocket) Major issues fixed: * 'simple' spamfilters ended up being 'posix' after server linking. * User mode +Z (secureonly) not working properly across server links. * REHASH from WebSocket connection would cause a crash (requires IRCOp privileges) Minor issues fixed: * We now prevent /OPER for oper blocks with a non-existant operclass * Bump MAXCONNECTIONS for Windows, allowing you to hold more clients. * The 'ban too broad' checking was broken. This permitted glines such as 192.168.0.0/1 being set. Now it rejects CIDR of /15 and lower. To disable this safety measure you can (still) use: set { options { allow-insane-bans; }; }; Other changes: * The websocket module now no longer sends \r\n in the websocket data and no longer requires it on incoming messages (but you can still send it if you like). Also version bumped to 1.0.0. * Mark all shipped modules as official (non-3rd-party) * Verify certificate when submitting crash reports * Support --without-privatelibdir for packagers * CACERT has been removed from curl-ca-bundle Module coders: * CAP API changes: * The cap->visible(void) callback is now cap->visible(aClient *) * There is a new cap->parameter(aClient *) callback function, see the cap/sts module for how it can be used. * Various updates to subfunctions to pass 'sptr' (due to the above), including clicap_find(sptr, ...) * New CLICAP_FLAGS_ADVERTISE_ONLY flag (CAP cannot be REQ'd) ==[ CHANGES BETWEEN 4.0.11 AND 4.0.12 ]== Enhancements: * New user mode +Z: Only allow SSL/TLS users to private message you. * Ability to hide all channels in /LIST that you cannot join due to deny channel blocks: set { hide-list { deny-channel }; }; * The optional 'nocodes' module which you can load will make +S/+c also block/strip bold, underline and italic text. (The latter is new) * Add support for 'mask' in allow channel { } and deny channel { } and add some support for negative 'mask'. Probably not very useful on most networks with services since bans/AKICK do the same, but: deny channel { channel "#help*"; }; allow channel { channel "#help-nolan"; mask !192.168.*; }; allow channel { channel "#help-lan"; mask 192.168.*; }; Major issues fixed: * Crash issue if a module using ModData was unloading (not reloading) * Vhosts were not always correctly synched across servers. * The maximum number of clients that a server could accept was decreased by one on every linking attempt if it was both: 1) an outgoing SSL/TLS linking attempt; AND 2) the error was "Connection refused". Minor issues fixed: * Adjustments to channel mode +f were not always effective. * If you have a vhost set and wish to remove it and change to a cloaked host you can now safely use '/MODE yournick -t'. This feature was rarely used so far and it previously had a bug which caused it to still expose the real host/IP to others. This has been resolved. * Channel mode +D (delayjoin): when people are de-oped we now part 'hidden' users to avoid a client desynch. * Bump lag for remote MOTD requests to avoid flooding. Other changes: * More than 95% of the crashes reported to us are due to 3rd party modules (and thus not bugs in our code). We now ask users to unload any recently installed 3rd party modules first, see if the crash issue persists, and only then submit a crash report to us. * UnrealIRCd will now refuse to run as root https://www.unrealircd.org/docs/Do_not_run_as_root Module coders: * Added two functions to search for user modes: has_user_mode(acptr, 'i') // returns 1 / 0 find_user_mode('i') // returns the user mode (as 'long') ==[ UNREALIRCD 4 INTRODUCTION ]== UnrealIRCd 4 is here! We have been working hard over the past few years to replace the successful 3.2.x series with a more modern code base. At the same time we have been incorporating requests from our bug tracker, ideas from ourselves and many suggestions that came up during the UnrealIRCd survey from Q4 2013. UnrealIRCd is far more modular and configurable than before. For a brief overview of what's new in UnrealIRCd 4 have a look at: https://www.unrealircd.org/docs/What's_new_in_UnrealIRCd_4 ==[ DOCUMENTATION ]== All documentation has been moved to our wiki: * Documentation: https://www.unrealircd.org/docs/ * FAQ: https://www.unrealircd.org/docs/FAQ Be sure not to use any other (older) documentation as it isn't fully compatible with UnrealIRCd 4. In particular, do NOT use unreal32docs*html. ==[ UPGRADING FROM 3.2.x ]== If you are upgrading from 3.2.x then there are three important things to know: 1) NEW FILE LOCATIONS In UnrealIRCd 4 the location of the configuration files and other files have been changed. On *NIX the directory where you compile the IRCd from (previously 'Unreal3.2.X', now 'unrealircd-4.0.X') is no longer the same as the directory where the IRCd will be running from. By default the IRCd is installed to /home/yourusername/unrealircd on *NIX On Windows UnrealIRCd will install to C:\Program Files (x86\UnrealIRCd 4 The new directory structure is as follows (both on Windows and *NIX): conf/ contains all configuration files logs/ for log files modules/ all modules (.so files on *NIX, .dll files on Windows) 2) CONFIGURATION FILE CHANGES There have also been changes in various configuration blocks and settings. Don't worry, UnrealIRCd can convert your existing 3.2.x configuration files to UnrealIRCd 4 format. There's no need to start from scratch. Please read https://www.unrealircd.org/docs/Upgrading_from_3.2.x !! 3) THIRD PARTY MODULES If you are using 3rd party modules then they will need an update to run on UnrealIRCd 4. Due to the many core changes in UnrealIRCd 4 it was simply impossible to make 3.2.x modules work out-of-the-box on 4.x. Contact your developer for a new version or ask on our Modules forum where someone may be kind enough to convert the module for you if you ask nicely: https://forums.unrealircd.org/viewforum.php?f=52 ==[ END OF THE 3.2.X SERIES ]== UnrealIRCd 3.2.x is no longer supported after December 31, 2016. See https://www.unrealircd.org/docs/UnrealIRCd_3.2.x_deprecated ==[ SUPPORT ]== Before you seek support, please check our documentation and FAQ: * https://www.unrealircd.org/docs/Main_Page * https://www.unrealircd.org/docs/FAQ For support you have two choices: * Forums: https://forums.unrealircd.org/ * IRC: irc.unrealircd.org / #unreal-support ==[ CHANGES BETWEEN 4.0.10 AND 4.0.11 ]== Major issues fixed: * Fix crash issue that can be triggered by regular users * Fix crash if TOPIC_NICK_IS_NUHOST is enabled (rarely enabled) * Fix crash if services send an incorrect raw command Minor issues fixed: * Now properly support 'z' when used in set::modes-on-join Other changes: * Show a warning if you don't have any SSL listeners ==[ CHANGES BETWEEN 4.0.9 AND 4.0.10 ]== Improvements: * Added "websocket" module. This provides support for WebSocket (RFC6455), allowing JavaScript (internet browsers) to connect directly to IRC without the need of a "gateway". This module is experimental and not loaded by default. See https://www.unrealircd.org/docs/WebSocket_support for more information on the module. For a very crude client example check https://www.unrealircd.org/files/dev/ws/websocket_unrealircd.html This module was sponsored by Aberrant Software Inc. * UnrealIRCd already has the ability to configure SSL settings via the set::ssl block. Now you can also override these settings for a link block and listen block. One possible use for this would be having a long-lived self-signed certificate for server linking on a serversonly port, and a short-lived certificate for your users on the other ports (such as a certificate from Let's Encrypt). Another example would be to force TLSv1.2 for server linking but not for users. Etc. Etc. General settings (already existed) are in the set::ssl block: https://www.unrealircd.org/docs/Set_block#set::ssl::certificate Per-port settings go via listen::ssl-options: https://www.unrealircd.org/docs/Listen_block Per-link block settings go via link::outgoing::ssl-options: https://www.unrealircd.org/docs/Link_block * You can now exempt IP's from (DNSBL) blacklist checking via: except blacklist { mask 1.2.3.4; }; * All free modules from vulnscan.org (by Syzop) are now included in UnrealIRCd itself. Note that only the "privdeaf" and "jumpserver" modules are loaded by default. The others you will need to load explicitly. The new modules are: * extbans/textban - Channel specific word filter (+b ~T:censor:*badword*) https://www.unrealircd.org/docs/Extended_Bans * usermodes/privdeaf - Do not permit PM's from others (User Mode +D) * jumpserver - Redirect users to another server during maintenance www.unrealircd.org/docs/User_%26_Oper_commands#JUMPSERVER * antirandom - Detect drones with random nicks / ident / etc. https://www.unrealircd.org/docs/Set_block#set::antirandom * hideserver - Hide servers in /MAP and /LINKS (Note that this does not truly enhance security) * m_ircops - Show which ircops are online (/IRCOPS command) * m_staff - Show custom file (/STAFF command) * nocodes - Makes chanmode +S/+c also strip/block bold and underline Major issues fixed: * Incorrect bans being added during server linking * Compile fixes for Ubuntu 16 LTS / gcc 5.4.x * Crash if you had an invalid crypt password in your unrealircd.conf * Crash if you did not load the chanmodes/nocolor module or changed the order in which modules were loaded Minor issues fixed: * Delayjoin (channel mode +D) sending QUITs for hidden users, double JOIN, .. * You no longer need to place 'class' blocks before 'allow' blocks * Some error messages were not throttled * WHO now supports multi-prefix * Date in Windows log file for the first few messages was always 1970. For services and module coders: * Services coders: "SVSMODE Nick +d" will now mark a client as deaf. Don't confuse this with "SVSMODE Nick +d ". The parameter makes all the difference. * Module coders: changed return value handling of HOOKTYPE_RAWPACKET_IN -1 indicates to stop parsing (return) and 0 indicates don't parse but proceed to next packet. If you kill a client in this hook then be sure to return -1. ==[ CHANGES BETWEEN 4.0.8.4 AND 4.0.9 ]== * Fix "ghost" bug which could cause annoyed users and a memory leak in UnrealIRCd. For more information see https://forums.unrealircd.org/viewtopic.php?f=1&t=8625 ==[ CHANGES BETWEEN 4.0.8 AND 4.0.8.4 ]== * Fix build on FreeBSD with clang / without gcc * If using remote includes and system curl not available then install it during ./Config and no longer use /home/xyz/curl. * More fixes for self-compiled remote includes * Fix build if --with-system-cares is specified explicitly (which is unnecessary anyway, as system c-ares this is auto-detected). * More build fixes for older GCC compilers ==[ CHANGES BETWEEN 4.0.7 AND 4.0.8 ]== Improvements: * *NIX: As part of defense-in-depth UnrealIRCd now compiles with several hardening options by default. This makes several type of exploits more difficult and in some cases even impossible. Tech: this enables full RELRO (GOT and PLT being read-only), everything compiled as PIE making ASLR possible, stack protector canaries are added, etc. * Windows: releases are now signed. If you download the UnrealIRCd installer you will no longer see "Unknown publisher" but rather "Open Source Developer, Bram Matthys". Similarly all the EXE and DLL module files have been signed which should make it easy for anti virus software to see if something is an official UnrealIRCd release file or not. Major issues fixed: * Possible crash if you have several blacklist blocks Minor issues fixed: * User mode +d (deaf) did not work Other changes: * We've always printed big warnings when running UnrealIRCd as root. In this version we still do, but in future versions we will simply refuse to boot. https://www.unrealircd.org/docs/Do_not_run_as_root * System c-ares is preferred over our own shipped c-ares * System cURL is preferred over ~/curl (if it has AsynchDNS) * Our shipped libraries are no longer built as static * Now that shipped libraries are dynamic they need to be installed somewhere (if used). The default location is ~/unrealircd/lib and can be changed via --with-privatelibdir. (Although, if you are a package builder then you will probably use --with-system-xxx and then private libraries are not used at all) ==[ CHANGES BETWEEN 4.0.6 AND 4.0.7 ]== Improvements: * UnrealIRCd now ships with a default ciphersuite list to have more secure SSL/TLS defaults (rather than relying on your OS/Distro). You can still customize ciphersuites through set::ssl::ciphers. Details: https://www.unrealircd.org/docs/SSL_Ciphers_and_protocols * set::ssl::protocols allows you to specify which SSL/TLS protocols are permitted. The default is (still): TLSv1,TLSv1.1,TLSv1.2. * Windows: remote includes now support IPv6 Major issues fixed: * FreeBSD: unstable SSL links to other servers Minor issues fixed: * It was impossible to set both +b ~r:xyz and +b ~R:xyz Removed the following rarely used build-time options: * CHROOTDIR: Never worked in 4.0.x anyway. You can use AppArmor, SELinux, FreeBSD jails, etc. as an alternative. * IRC_USER/IRC_GROUP: Since this only applies to users installing UnrealIRCd system-wide you should use your system services to do this as well, such as: systemd's User=xx or start-stop-daemon. Other changes: * PCRE2 and c-ares libraries updated to latest versions ==[ CHANGES BETWEEN 4.0.5 AND 4.0.6 ]== Major issues fixed: * Fix SASL security issue with AUTHENTICATE ==[ CHANGES BETWEEN 4.0.4 AND 4.0.5 ]== Major issues fixed: * Crash issue (read-after-free) * Bans on IPv6 cloaked hosts had no effect * Prevent flood from unknown connection (with bugfix) ==[ CHANGES BETWEEN 4.0.4 AND 4.0.3(.1) ]== New: * Italian /HELPOP translation (help.it.conf) * set::options::no-connect-ssl-info to hide SSL-related connect info Major issues fixed: * GLINE/KLINE on usermask@ did not have any effect * Crash if you have a listen block with port 0 * Infinite loop on invalid operclass::parent reference Minor issues fixed: * files { } block only worked with absolute paths * delayjoin: hidden users were not always joined on +vhoaq * Fix small memory leak * Duplicate replies on /VERSION * When doing /VERSION on IRC as an IRCOp it showed the compile-time rather than runtime OpenSSL/LibreSSL version Other changes: * Documentation updates * Prevent installation in the same directory as the source ==[ CHANGES BETWEEN 4.0.3 AND 4.0.3.1 ]== * Fix compile problem on FreeBSD & OpenBSD Note: there is no 4.0.3.1 release for Windows since there were no changes for the Windows version. ==[ CHANGES BETWEEN 4.0.2 AND 4.0.3 ]== Major issues fixed: * Crash on RPING command (IRCOp-only!) * Crash on Windows on failed outgoing server connect * Crash if you had a link { } block with invalid syntax Minor issues fixed: * Windows: Remote includes did not support https Other: * Windows version compiled with Visual Studio 2012 rather than a mix * Windows version now using LibreSSL * Crash reporter produces more useful reports (important for us) ==[ CHANGES BETWEEN 4.0.1 AND 4.0.2 ]== The 4.0.2 release comes with the following new features: * Ability to hide quit messages from *LINEd users (set::hide-ban-reason) * Blacklist hits are now sent to new snomask +b rather than all ircops Major issues fixed: * None Minor issues fixed: * prefix-quit was not working * FreeBSD: fix kevent bug flood in error log * Incorrect server description in /LINKS * Logging to syslog was broken * OS X: Update ./Config to use Homebrew OpenSSL by default * Don't show UID to client in case of a SVSMODE ==[ CHANGES BETWEEN 4.0.0 AND 4.0.1 ]== The 4.0.1 release comes with the following minor improvements: * The blacklist module now supports %ip (=banned IP) in blacklist::reason. * *NIX: You can use cron again, see https://www.unrealircd.org/docs/Cron_job * /MODULE now lists only 3rd party modules by default so you don't get flooded. * *NIX: Added './unrealircd reloadtls' to reload TLS certificate and keys. Major issue fixed: * Crash if you removed a listen { } block with active clients on that port * MODEs set by a server (not by a user) were not always propagated correctly accross the network. In practice this only affected /SAMODE and possibly some services that don't send MODEs from ChanServ/BotServ. Minor issues fixed: * When doing /LIST under mIRC it would hide empty +P channels. * Servers wouldn't link if link::outgoing::hostname was a CNAME. * SSL Certificate fingerprint not communicated properly to servers/services. * *NIX: ./unrealircd [stop|rehash] failed if not installed to ~/unrealircd. * Windows: IRCd could crash after showing the config error screen on startup. ==[ CHANGES BETWEEN 3.2.X AND 4.X ]== Below is a summary of the changes between UnrealIRCd 3.2.x and UnrealIRCd 4. For a complete list of all 1100+ changes you can use 'git log' or have a look at: https://github.com/unrealircd/unrealircd/commits/unreal40 ==[ NEW ]== * We moved a lot of functionality, including most channel modes, user modes and all extended bans into 138 separate modules. This makes it... A) possible to fully customize what exact functionality you want to load. You could even strip down UnrealIRCd to get something close to the basic RFC1459 features from the 1990s. (No idea why you would want that, but it's possible) B) easier for coders to see all source code related to a specific feature C) possible to fix bugs and just reload rather than restart the IRCd. Have a look at modules.default.conf which contains the "default" set of modules that you can load if you just want to load all functionality. If you want to customize the list of modules to load then simply make a copy of that file, give it a different name, and include that one instead. Since the file is fully documented, you can just comment out or delete the loadmodule lines of things you don't want to load. * Oper permissions have changed completely: [A4+] * All previous oper levels/ranks no longer exist (Netadmin, Admin, ..) * oper::flags has been removed. Instead you must specify an operclass in oper::operclass (for example, 'operclass netadmin'). * In operclass block(s) you define the privileges. You can now control exactly what an IRCOp can and cannot do. Have a look at operclass.default.conf which ships with UnrealIRCd, it contains a number of default operclass blocks suitable for the most common situations. See also the operclass block documentation: https://www.unrealircd.org/docs/Operclass_block * If you ask UnrealIRCd to convert your 3.2.x configuration file then it will try to select a suitable operclass for the oper. This will not always 100% match your current oper block rights, though. * Channel Mode +A (Admin Only) has been removed. You can use the new extended ban ~O:. This allows you to, for example, create an operclass 'netadmin' only channel: /MODE #chan +iI ~O:netadmin* * set::hosts has been removed, use oper::vhost instead. * Since oper levels have been removed you no longer see things like "OperX is a Network Administrator" in /WHOIS by default. If you want that, then you can set oper::swhois to "is a Network Administrator" (or any other text). * Entirely rewritten I/O and event loop. This allows the IRCd to scale more easily to tens of thousands of clients by using kernel-evented I/O mechanisms such as epoll and kqueue. * Memory pooling has been added to improve memory allocation efficiency and performance. * On-connect DNSBL/RBL checking via the new blacklist block. [B1] * The Windows version now has IPv6 support too. [B3] * On all OS's we compile with IPv6 support enabled. You can still disable IPv6 at runtime by setting set::options::disable-ipv6. [B3] * The local nickname length can be modified without recompiling the IRCd * Channel Mode +d: This will hide joins/parts for users who don't say anything in a channel. Whenever a user speaks for the first time they will appear to join. Chanops will still see everyone joining normally as if there was no +d set. * If you connect with SSL/TLS with a client certificate then your SSL Fingerprint (SHA256 hash) can be seen by yourself and others through /WHOIS. The fingerprint is also shared with all servers on the network. * ExtBan ~S: for ban exceptions / invex. This can be used like +iI ~S:000000000etc. * bcrypt has been added as a password hashing algorithm and is now the preferred algorithm [A3] * './unreal mkpasswd' will now prompt you for the password to hash [A3] * Protection against SSL renegotiation attacks [A3] * When you link two servers the current timestamp is exchanged. If the time differs more than 60 seconds then servers won't link and it will show a message that you should fix your clock(s). This requires version alpha3 (or later) on both ends of the link [A3] * Configuration file converter that will upgrade your 3.2.x conf to 4.x. On *NIX run './unreal upgrade-conf'. On Windows simply try to boot and after the config errors screen UnrealIRCd offers the conversion. [A3] * The IRCd can now better handle unknown channel modes which expect a parameter. This can be useful in a scenario where you are slowly upgrading all your servers. * If you want to unset a vhost but keep cloaked then use /MODE yournick -t * A "crash reporter" was added. When UnrealIRCd is started it will check if a previous UnrealIRCd instance crashed and (after booting a new instance) it will spit out a report and ask if you want to submit it to the UnrealIRCd developers. Doing so will help us a lot as many bugs are often not reported. Note that UnrealIRCd will always ask before sending any information and never do so automatically. [B3] * SSL: Support for ECDHE has been added to provide "forward secrecy". [B4] ==[ CHANGED ]== * Numerics have been removed. Instead we now use SIDs (Server ID's) and UIDs (User ID's). SIDs work very similar to server numerics and UIDs help us to fix a number of lag-related race conditions / bugs. * The module commands.so / commands.dll has been removed. All commands (those that are modular) are now in their own module. * Self-signed certificates are now generated using 4096 bits, a SHA256 hash and validity of 10 years. [A2] * Building with SSL (OpenSSL) is now mandatory [A2] * The link { } block has been restructured, see https://www.unrealircd.org/docs/Upgrading_from_3.2.x#Link_block [A3] * Better yet, check out our secure server linking tutorial: https://www.unrealircd.org/docs/Tutorial:_Linking_servers * If you have no set::throttle block you now get a default of 3:60 [A3] * password entries in the conf no longer require specifying an auth-type like password "..." { md5; };. UnrealIRCd will now auto-detect. [A3] * You will now see a warning when you link to a non-SSL server. [A3] * Previously we used POSIX Regular expressions in spamfilters and at some other places. We have now moved to PCRE Regular expressions. They look very similar, but PCRE is a lot faster. For backwards-compatibility we still compile with both regex engines. [A3] * Spamfilter command syntax has been changed, it now has an extra option to indicate the matching method: /SPAMFILTER [add|del|remove|+|-] [method] [type] .... Where 'method' can be one of: * -regex: this is the new fast PCRE2 regex engine * -simple: supports just strings and ? and * wildcards (super fast) * -posix: the old regex engine for compatibility with 3.2.x. [A3] * If you have both 3.2.x and 4.x servers on your network then the 4.x server will only send spamfilters of type 'posix' to the 3.2.x servers because 3.2.x servers don't support the other two types. So in a mixed network you probably want to keep using 'posix' for a while until all your servers are running UnrealIRCd 4. [A3] * set::oper-only-stats now defaults to "*" * oper::from::userhost and vhost::from::userhost are now called oper::mask and vhost::mask. The usermask@ part is now optional and it supports two syntaxes. For one entry you can use: mask 1.2.3.*; For multiple entries the syntax is: mask { 192.168.*; 10.*; }; * Because having both allow::ip and allow::hostname in the same allow block was highly confusing (it was an OR-match) you must now choose between either allow::ip OR allow::hostname. [A3] * cgiirc block is renamed to webirc and the syntax has changed [A4] * set::pingpong-warning is removed, warning always off now [A4] * More helpful configuration file parse error messages [A4] * You can use '/OPER username' without password if you use SSL certificate (fingerprint) authentication. The same is true for '/VHOST username'. [A4] * You must now always use 'make install' on *NIX [A4] * Changed (default) directory structure entirely, see the section titled 'CONFIGURATION CHANGES' about 100 lines up. [A4] * badword quit { } is removed, we use badword channel for it. [A4] * badwords.*.conf is now just one badwords.conf * To load all default modules you now include modules.default.conf. This file was called modules.conf in earlier alpha's. The file has been split up in sections and a lot of comments have been added to aid the user in deciding whether to load or not to load each module. [A4] * Snomask +s is now (always) IRCOp-only. [A4] * Previously there was little logic behind what modes halfops could set. Now the idea is as follows: halfops should be able to help out in case of a flood but not be able to change any 'policy decission modes' such as +G, +S, +c, +s. Due to this change halfops can now set modes +beiklmntIMKNCR (was: +beikmntI). [A4] * If no link::hub or link::leaf is specified then assume hub "*". [B1] * SWHOIS (Special whois title) has been extended in a number of ways: * We now "track" who or what set an swhois. This allows us to remove the swhois received via oper/vhost on de-oper/de-vhost. * You can now have multiple swhois lines * Multiple oper::swhois and vhost::swhois items are supported. [B1] * When trying to link two servers without link::outgoing::options::ssl (which is not recommended) we try to use STARTTLS in order to 'upgrade' the connection to use SSL/TLS anyway. This can be disabled via link::outgoing::options::insecure. [B2] * SSLv3 has now been disabled for security. This also means you can only link UnrealIRCd 4 with 3.2.10.3 and later because earlier versions used SSLv3 instead of TLS due to an OpenSSL API mistake. [B4] ==[ MODULE CODERS / DEVELOPERS ]== * A lot of technical documentation for module coders has been added at https://www.unrealircd.org/docs/ describing things like how to write a module from scratch, the User & Channel Mode System, Commands, Command Overrides, Hooks, attaching custom-data to users/channels, and more. [A2+] * For commands: do not read from parv[0] anymore, doing so will lead to a crash. Use sptr->name instead. This change is necessary as the "name" in parv[0] could possibly point to a UID/SID rather than a nick name. Thus, if you would send parv[0] to a non-UID or non-SID capable server this would lead to serious issues (not found errors). * Added MOD_OPT_PERM_RELOADABLE which permits reloading (eg: upgrades) but disallows unloading of a module [A3] * There have been *a lot* of source code cleanups (ALL) * We now use the information from PROTOCTL CHANMODES= for parameter skipping if the channel mode is unknown. Also, when channel modes are loaded or unloaded we re-broadcast PROTOCTL CHANMODES=. [B1] * The server protocol docs have been removed. The protocol is now documented at https://www.unrealircd.org/docs/Server_protocol See also https://www.unrealircd.org/docs/Server_protocol:Changes for a list of changes between the 3.2 and 4.0 server protocol. * GCC typechecking has been added to make sure your HookAdd... calls are adding hook functions with the correct parameter (types). ==[ REMOVED / DROPPED ]== * Numeric server IDs, see above. [A1] * PROTOCTL TOKEN and SJB64 are no longer implemented. [A1] * Ziplinks have been removed. [A1] * WebTV support. [A3] * Channel Mode +j was removed and replaced by the configuration setting set::anti-flood::join-flood (default: 3 per 90 seconds). [B1] * /CHATOPS: use /GLOBOPS instead which does the same /ADCHAT & /NACHAT: gone as we don't have such oper levels anymore Your opers should actually be in an #opers channel. If you also want special classes of oper channels like #admins then use +iI ~O:*admin* * User modes: * +N (Network Administrator): see 'Oper permissions' under NEW as for why * +a (Services Administrator): same * +A (Server Administrator: same * +C (Co Administrator): same * +O (Local IRC Operator): same * +h (HelpOp): all this did was add a line "is available for help" in WHOIS. You can use a vhost block with vhost::swhois as a replacement or for opers just add an oper::swhois item. * +g (failops): we already have snomasks and the +o usermode for this * +v (receive infected DCC SEND rejection notices): moved to snomask +D