FEDORA-2021-e431852643 created by robert 6 months ago for Fedora 33
stable

UnrealIRCd 5.2.1

Enhancements

  • The allow block now uses allow::mask instead of allow::ip and allow::hostname. Users upgrading will receive a warning but the server will continue to boot.
  • New documentation for mask items in the configuration file to show how it works with 1 or more mask items in a block. Also support for negative matching has been improved and we now support extended server ban syntax.
  • Combining the new options from above you can do things like:
    • allow { mask ~a:TrustedUser; class flooders; maxperip 100; } If TrustedUser authenticates to services using SASL then he gets in the special class "flooders" with a maxperip of 100.
    • allow { mask { ~S:112233etc; ~S:anotherone; }; class clients; maxperip 10; } Users matching one of these certificate fingerprints get a high maximum per ip of 10.
  • New block set::server-linking
    • For link blocks with autoconnect we now default to the strategy 'sequential', meaning we will try the 1st link block first, then the 2nd, then the 3rd, then the 1st again, etc.
    • We now have different and lower timeouts for the connect and the handshake. So we give up a bit more early on servers that are currently down or extremely lagged.
  • New security-group block item called include-mask. This can be used to put clients matching a mask into a security group.
  • New option lag-penalty and lag-penalty-bytes in the set::anti-flood block.
    • known-users can now executes commands at a slightly faster rate than unknown-users.
    • It can further be used to allow really trusted users/bots to execute commands at even higher rates, such as 20 commands per second, without making them IRCOp. This explained in FAQ: How to allow users to send more commands per second.
  • The REHASH command is now sufficient to reload SSL/TLS certificates. You no longer need to use REHASH -tls. The same is true for unrealircdctl rehash which now also does the extra steps in unrealircdctl reloadtls. The commands will stay, though, in case you only want to reload the TLS certificates and not rehash the entire configuration file.
  • Support for OpenSSL 3.0.0
  • Show microseconds in TSCTL ALLTIME
  • The git version id is now shown in the INFO command on *NIX (ReleaseId).
  • Extban ~a:* now matches all authenticated users and ~a:0 matches all unauthenticated users.
  • Allow multiple masks in the deny link { } block

Fixes

  • When using persistent channel history: if you had ANY rehash error (often completely unrelated to channel history) and you then rehashed again UnrealIRCd would crash.
  • When server syncing larger channels we could accidentally skip over or forget to send a few users. These users would then not be shown on the other side of the link but are actually in the channel (ghosts)
  • When using autoconnect on (very) big networks, the network no longer breaks down (with the new default strategy 'sequential')
  • The default ban exemption on 127.* was too broad. It also matched hostnames that started with it, allowing such users to bypass gline/kline/shun (but not zline/gzline).
  • Channel mode +d (so after -D) never took QUITs into account properly. This should now fix things, so the channel goes -d immediately once it is no longer needed.
  • Give a better error message when trying to use an unconfirmed account with authprompt.

Module coders / IRC protocol

  • We now assume all services set the SVID field. If your services only sets umode +r and does not use SVSLOGIN or SVSMODE nick +d SVID then users will not be recognized as authenticated anymore.
  • In the UID command we now validate the UID (parameter 6) to start with the SID and contains digits and uppercase only.
  • Servers can no longer change moddata of remote clients. That is, it is disabled by default, but modules can still allow it for certain moddata via mreq.remote_write=1. You can use #if UNREAL_VERSION_TIME >= 202125 to detect if this new .remote_write option is available.
  • Removed HCN from 005, since nobody uses this anyway.

How to install

sudo dnf upgrade --advisory=FEDORA-2021-e431852643

This update has been submitted for testing by robert.

6 months ago

This update's test gating status has been changed to 'ignored'.

6 months ago

This update's test gating status has been changed to 'waiting'.

6 months ago

robert edited this update.

6 months ago

This update's test gating status has been changed to 'ignored'.

6 months ago

This update has been pushed to testing.

6 months ago
User Icon besser82 commented & provided feedback 6 months ago
karma

Service starts and I can connect. LGTM!

BZ#1978927 unrealircd-5.2.1.1 is available

This update has been submitted for stable by bodhi.

6 months ago

This update has been pushed to stable.

6 months ago

Please login to add feedback.

Metadata
Type
bugfix
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
1
Stable by Time
7 days
Dates
submitted
6 months ago
in testing
6 months ago
in stable
6 months ago
modified
6 months ago
BZ#1978927 unrealircd-5.2.1.1 is available
0
1

Automated Test Results