-
Notifications
You must be signed in to change notification settings - Fork 0
/
.RELEASE.NOTES
143 lines (128 loc) · 6.8 KB
/
.RELEASE.NOTES
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
Unreal3.2.10.4 Release Notes
=============================
==[ GENERAL INFORMATION ]==
- If you are upgrading on *NIX, then make sure you run 'make clean' and
'./Config' first, before running 'make'.
- The official UnrealIRCd documentation is doc/unreal32docs.html
online version at: http://www.vulnscan.org/UnrealIRCd/unreal32docs.html
FAQ: http://www.vulnscan.org/UnrealIRCd/faq/
Read them before asking for help.
- Report bugs at http://bugs.unrealircd.org/
- The purpose of the sections below (NEW, CHANGED, MINOR, etc) is to be a
SUMMARY of the changes in this release. See the file 'Changes' for a
complete list of all changes.
==[ .4 RELEASE ]==
Two major issues were fixed:
- Compile problems when using clang instead of gcc (such as on FreeBSD & OS X)
- For services who allow you to log in by account name but still allow you to
use a different nick: when you're logged in you are now considered
registered as far as mode +M and +R are concerned.
Tech: whenever services set SVID and it's not * and does not start with a
number, then we consider this user to be 'logged in'.
Whenever a user is set +r (s)he is also considered 'logged in'.
This way it's compatible with both older and new services and doesn't
(or shouldn't) introduce security issues with older services using
servicetimestamp for nick tracking or other means.
Additionally:
- curl-ca-bundle.crt has been updated to use latest certificates
- The Windows libraries (OpenSSL, curl, ..) have been updated.
==[ .3 RELEASE ]==
The following issues have been fixed in 3.2.10.3:
- Crash when SASL is enabled and ping-cookie is disabled
- Compile issue with remote include
- OS X compile problems
- ./unreal backtrace not always working well
Changes:
- For silenced users we now only check the current nick!user@host
- Server to server links now use latest TLS (eg: v1.2) instead of SSLv3
New:
- Added set::spamfilter::stop-on-first-match (default yes). You can change
this to 'no' to have UnrealIRCd continue processing all spamfilters even
after the first match. The spamfilter with the 'gravest action' wins
(eg: gzline wins from block).
==[ .2 RELEASE ]==
The following major issues were present in 3.2.10 & 3.2.10.1 and have
been fixed in this version:
- A remote crash issue when compiled with SSL (NULL pointer dereference)
- A second issue that can potentially lead to a crash (read-after-free)
In addition to these 3.2.10.x fixes there were also some other bugs fixed,
mostly in the area of server linking and flood hardening.
The external libraries of the Windows version have been updated (openssl,
c-ares, zlib). The bundled c-ares source (for *NIX) has been updated too.
==[ .1 RELEASE ]==
The following bugs in version 3.2.10 were fixed in this 3.2.10.1 release:
- Windows only: outgoing connects from Windows caused severe linking issues,
including killing of (ghost) users on the Windows server.
- An issue where user modes were stripped from remote clients, this caused
a problem for Anope BotServ bots.
- A compile problem on OpenBSD.
- '/REHASH -global' did not rehash all servers.
- Some documentation updates.
==[ 3.2.10 RELEASE ]==
Below is a summary of all changes with respect to 3.2.9:
==[ NEW ]==
- Improved socket engine. This brings some performance improvements and
also makes it easier to configure a system to hold more than 1024
clients (no more editing of header files on Linux!).
- ESVID support: services can communicate the account name of the user
back to the IRCd. This only works on ESVID-capable services:
- Extban ~a:<accountname>: matches users who are logged in to services
with that account name.
- Show account name in /WHOIS
- CAP support: this enables clients to enable certain features more easily.
Can be disabled through set::options::disable-cap.
- Now that STARTTLS is advertised in CAP it is likely to be used more often.
- away-notify: informs clients of AWAY state changes of users on the same
channels, for clients that support this.
- account-notify: similar to away-notify, inform clients of changes in the
login status and account name used by other clients on the same channels.
- SASL support. To use this, and if your services support this, you point
set::sasl-server to your services server.
- Server-side MLOCK support: the IRCd will prevent channel mode changes
depending on the MLOCK setting in services. Requires special support
from services for this feature.
- User Mode +I (IRCOp only): hide idle time
- auth-method 'sslclientcertfp': authenticate users using an SSL client
certificate by the SHA256 fingerprint of that certificate.
The documentation has a new section (3.19) called 'Authentication Types'
which contains an (improved) example of how to use SSL client certificate
authentication instead of regular passwords.
- oper::require-modes: an optional setting, which can be used to require
users to have certain user modes (such as 'z') before they can /OPER up.
- allow/deny channel: you can now optionally specify a class here as an
extra filter.
- doc/example.es.conf: Spanish translation of example configuration file.
- There have also been some behavior changes, which can be considered NEW,
see next section (CHANGED).
==[ CHANGED ]==
- Anti-spoof protection (ping cookies) can now be enabled/disabled at
run-time through set::ping-cookie [yes|no]. The default is 'yes' (enabled).
- A quit with 'Ping timeout' now shows the number of seconds since the ping.
- Print out a warning if we can't write to a log file.
- Refuse to boot if we can't write to ANY log file.
- Windows: if an SSL certificate exists, then uncheck the 'generate SSL
certificate' checkbox by default.
- *NIX with SSL: We now ask in ./Config if you want to generate an SSL
certificate. The certificate is then copied when you run 'make install'.
==[ MAJOR BUGS FIXED ]==
- Windows SSL crash (this issue was already fixed in 3.2.9-SSL-fix)
- Other than that, none?
==[ MINOR BUGS FIXED ]==
- Various compile problems, in particular with remote includes enabled.
- Windows: the installer sometimes insisted that the Visual C++ 2008
redistributable package was not installed, when it actually was there.
- Windows: MOTD file date/time was always showing up as 1/1/1970.
- And more... see Changelog
==[ REMOVED / DROPPED ]==
- Windows 9X is no longer supported
- The networks/ directory has been removed
==[ KNOWN ISSUES ]==
- Regexes: Be careful with backreferences (\1, etc), certain regexes can
slow the IRCd down considerably and even bring it to a near-halt.
In the spamfilter user target it's usually safe though.
Slow spamfilter detection can help prevent the slowdown/freeze, but
might not work in worst-case scenario's.
- Regexes: Possessive quantifiers such as, for example, "++" (not to be
confused with "+") are not safe to use, they can easily freeze the IRCd.
==[ ADDITIONAL INFO ]==
- See Changelog for more details