25 commits
Author | SHA1 | Message | Date | |
---|---|---|---|---|
jperkin
|
26c1bffc9f | *: Recursive revision bump for openssl 1.1.1. | ||
nia
|
2eea600782 | atheme: Avoid requiring git to generate a header file. | ||
nia
|
13026346cf | atheme: Update DESCR | ||
nia
|
5d2a0b4050 |
atheme: Update to 7.2.10.r2
Changes since v7.2.9: Bugfixes and better logic in verify_password() Fix potential NULL dereference in modules/crypto/posix Backport some modules/crypto/pbkdf2v2 improvements from master Backport modules/crypto/argon2d from master Backport Base-64 codec from master Backport some build/configuration system improvements from master Bump E-Mail address maximum length to 254 characters Use flags setter information in modules/chanserv/access & modules/chanserv/flags Fix issue where modules/misc/httpd wasn't closing its listening socket on deinit Fix GroupServ data loss issue when a group was the founder of another group |
||
tnn
|
4cbb38b25b | revbump for converters/qrencode solib major bump | ||
nia
|
ba3f5ffde0 | chat/atheme: Add ldap option, fix build without builtin ldap... | ||
nia
|
89db59648c |
chat/atheme: Update to 7.2.9
Atheme Services 7.2.9 Release Notes =================================== This is a security release fixing use after free that could potentially be abused by an attacker already having the privilege to use SASL impersonation to cause a denial of service. Users of 7.2.8 should update to version 7.2.9; older releases are not affected. Atheme Services 7.2.8 Release Notes =================================== This is a security release fixing a memory leak that could potentially be abused by attackers to cause a denial of service. Users of Atheme 7.2.7 should update to version 7.2.8; older releases are not affected. Atheme Services 7.2.7 Release Notes =================================== Since late February 2016, Atheme is being brought back to development (managed and maintained by a few of the fork maintainers). Atheme 7.2.7 is the first release since that change. It includes various fixes, some backported from the forks. security -------- - [CVE-2014-9773](https://www.cvedetails.com/cve/CVE-2014-9773/): Remote attackers could modify the behavior of the Anope FLAGS compatibility code by registering the keyword nicks LIST, CLEAR, or MODIFY. Reported by ToBeFree. - [CVE-2016-4478](https://www.cvedetails.com/cve/CVE-2016-4478/): Buffer overflow in XMLRPC code. Reported by hc. nickserv -------- - Make `VHOST` set cloak assigner and timestamp the same way HostServ does - Make `INFO` call the `user_info_noexist` hook for queries that don't match an account - Make `REGAIN` log you in if successful. - Allow implementing custom filters for `LIST` - nickserv/multimark: new module which allows multiple MARK entries per nickname. - wallops when vhosting a marked account - nickserv/vhost: update usercloak metadata on vhost removal - nickserv/{enforce,ghost}: respect frozen accounts - nickserv/set_accountname: disallow change if RESTRICTed - nickserv/set_pubkey: new module (keeping backwards compatibility with old syntax) - nickserv/set_nopassword: new module - nickserv/{reset,set,send}pass: various fixes - nickserv/regain: the target user's bannedness shouldn't matter - nickserv: Verify that the nick being regained is valid. - nickserv/enforce: prevent regaining reserved nicks - nickserv/cert: Add CLEAR command - nickserv/set_email: relax verification requirements so that typo'd email addresses can be fixed (closes #441) - nickserv/list: new criterion VACATION - nickserv/info: show "Channels" line if the source user also is the target chanserv -------- - Add a `$server:` exttarget accepting server masks - Add `PUBACL` flag which allows the channel access to be public. - Don't allow `DEOP` or `KICK` of a services bot. - Don't try to expand extbans in various commands. - Allow users with +O or +V flags to op/voice themselves, since they can regain op/voice by cycling the channel anyway. - chanserv/clear_akicks: new module providing a `CLEAR AKICKS` command. - Always move on to the next nick in case of an error in /cs op etc. - Tell the user who they failed to op/voice if they don't have enough privs - +e added to chanserv{} templates and founder_flags - chanserv: remove set_founder - chanserv: use myentity_allow_foundership() to control whether or not an entity can take +F (ref #427) - chanserv/set_*: announce changes via verbose() - chanserv/flags: make Anope FLAGS compatibility an option (addresses CVE-2014-9773) - fix an issue where activating a channel in the moderation queue would op the wrong person - chanserv: move libathemecore component of bouncing mode changes on secure channels to chanserv (closes #449) - chanserv/clone: do not clone HOLD, and ANTIFLOOD AKILL flags - MC_SECURE: do not deop services - help: mention INFO instead of RECOVER gameserv -------- - gameserv/dice: make the maximum roll count configurable. groupserv --------- - Hook into `sasl_may_impersonate` to support group-membership checks - groupserv/set_groupname: new module allowing renaming a groupserv group - Added group_register and group_drop hooks (addresses #428) - groupserv: Rewrite flags parser to use ga_flags - groupserv: Fix incorrect behaviour for flags +* - groupserv: Fix inconsistencies with FLAGS - groupserv/main: allow groups to take +F (ref #427) - Add unverified user check helpserv -------- - helpserv/ticket: optionally accept a close reason and send a memo to an offline user - helpserv/ticket: mention possibility of using close reason in the help file, and log it operserv -------- - operserv/rwatch: allow creation of RWATCH rules which k-line if 'K' is a modifier on the provided regexp. - some commands now use kline_add instead of kline_sts to allow easier management of automated klines saslserv -------- - Add support for SASL authorization identities - Add a `sasl_may_impersonate` hook - The DH-AES and DH-BLOWFISH mechanisms were removed in their entirety. - Add support for IRCv3.2-draft SASL mechanism list caching, implemented by InspIRCd 2.2. - saslserv/ecdsa-nist256p-challenge: add backwards compatibility for old pubkey syntax - saslserv: call bad_password on SASL authentication failure - saslserv: use message source to get the source server - saslserv: try to include source host in SASL failure message - SASL: Log mechanism used by authenticated clients alis ---- - Add a `list ... -showsecret` flag (chan:auspex) to list secret channels perl api -------- - Export SaslServ's `sasl_may_impersonate` hook - Forward compatibility for hooks ircd protocol ------------- - Add user flag for tracking external services clients - inspircd: Hopefully fix ignored account names when linking to the network - inspircd: Various improvements to InspIRCd 2.0 support - inspircd: Remove InspIRCd 1.2 and 2.1beta support - inspircd: Add support for rejoindelay property in InspIRCd 2.2 - inspircd: Change the opertype used from 'Services' to 'Service' - ircnet: Implement oper-wallops, using individual notices - ngircd: Enable +qaohv support - ngircd: Ignore non-# channels for now - ngircd: Implement oper-wallops, using individual notices - unreal: Request MLOCK messages when linking to the network - sporksircd: Nuke obsolete module - clean up the mix of spaces & tabs - convert ircd_t to C99 struct syntax - unreal: fix checking of +f syntax - ts6-generic: add DLINE/UNDLINE implementation - ts6-generic: add support for sending mechlists - unreal: Add support for unreal 4 in a separate module - hybrid: remove obsolete module - undernet: remove obsolete module - ShadowIRCd: remove obsolete module - inspircd: add ZLINE/UNZLINE implementation - inspircd: use DELLINE for XLine removal - inspircd: properly recognize CSTATUS_IMMUNE (+Y) - inspircd: Only set hideoper mode on oper pseudoclients - charybdis: Support chm_nonotice.so (Block channel notices) extension - charybdis: Support cmode +M in charybdis and make it oper-only - charybdis: Setting CMODE_IMMUNE as .oimmune_mode - inspircd: Fix atoi logic error preventing maximum rejoindelay value other ----- - various: Fix quite a few resource leaks and possible null derefs - crypto/pbkdf2: Detect malformed (truncated) hashes - contrib/cap_sasl.pl: Import various fixes from freenode's v1.5 - contrib/cap_sasl.pl: Implement SASL EXTERNAL, ECDSA-NIST256P-CHALLENGE - contrib/cap_sasl.pl: Fix crash if irssi has ICB or SILC plugins loaded - contrib/cap_sasl.pl: Fix crash if disconnected while waiting for SASL reply - transport/jsonrpc: new module implementing JSONRPC transport - contrib/cap_sasl.pl: various other improvements - time_format: show the timezone - exttarget: explicitly disallow foundership for exttargets (closes #427) - help: various updates to reflect changes - help: clarify some behavior - [database] Make services respect an external umask when saving - transport/xmlrpc: Do not copy more bytes than were allocated (addresses CVE-2016-4478) - add a user_can_login(si, mu) hook - Add an option to strip build date for reproducible builds - botserv/set_saycaller: (optionally) give caller-nick - chanfix/fix: stay in log channel after fixes - various: code style fixes, fix some memory leaks and some warnings - i18n: mark more strings as translatable - atheme.conf example: updated to reflect changes - proxyscan/dnsbl: Improve the module and fix multiple crashes - i18n: update po/POTFILES.in crypto ------ - argon2d: New module implementing algorithm that won the Password Hashing Competition (2015). - pbkdf2v2: Newer module implementing PBKDF2-HMAC digest scheme with backward compatibility and limited forward compatibility libathemecore ------------- - add dline/undline core interface - user_is_channel_banned(): respect +e if applicable - user_is_channel_banned(): check for voice/op/etc. - do not allow entities under restriction to take +F at all (closes #439) - fix issue where pretty_mask would return host!*@* - chanacs_user_flags(): do not grant effective flags other than +b to unverified users (closes #416). - flags: update_chanacs_flags(): do not assume that a protocol module is loaded. - try_kick(): add support for inspircd-style per-user kick immunity the right way - entity: add new entity validator for taking +F (ref #427) - logger: use ISO 8601 in log files hostserv -------- - hostserv: Remove group-specific offered vhosts when group dropped - Add DROP command - hostserv/request: Ignore request if requested vhost already set Atheme Services 7.1 Release Notes ================================= In addition to assorted bugfixes in various subsystems from 7.0, the following changes have been introduced in 7.1. ircd protocol ------------- - ngircd: New protocol module. - nefarious: Add Nefarious 2 SASL support. - nefarious: Send account timestamp in svslogin. - elemental-ircd: New protocol module. - dreamforge: Remove protocol module. - inspircd: Add support for server-side MLOCK and TOPICLOCK enforcement - inspircd: Add support for matching extbans modifying matching logic - inspircd: Add +H to channel modes - inspircd: Add +X and +w to list-like mode list - ircd-seven: Support charybdis extension cmodes on ircd-seven as well. - ts6-generic: Add support for serverinfo::hidden - unreal: Add support for extbans. - unreal: Add cmode +P for permanent channel. buildsys -------- - MacOS 10.5 required for OS X builds. - V=1 option to make for verbose output. - Allow parallel building, i.e. with -j option. - Dependencies tracked on a per-sourceunit basis - Allow --disable-rpath to modify buildsys param LDFLAGS_RPATH - Install default email templates - Add --with(out)-libmowgli to force use of internal mowgli chanserv -------- - antiflood: New module to react to channel flooding - quiet: Channel statuses are removed from the target user to ensure that the quiet takes effect. - quiet: Allow unquieting improper masks on the quiet list. - quiet: Notify target user when anything changes about them. - quiet: Honor protected mode like with kick/kickban. - quiet: Support IRCDs with quiet extbans like UnrealIRCd and InspIRCd. - flags: New exempt flag +e, split from +r. Databases should be upgraded automatically. - flags: Require FORCE argument and chan:auspex to oper override. - flags: Allow users with +f and +o (+v) to set +-O (+-V) on self. - access: Do not allow changing +F via ROLE command. - Support multiple users as arguments for owner, op, halfop, voice, and quiet. nickserv -------- - sendpass: Accept grouped nicks. - register: Allow any number of emailexempts. - Do net send 'spam' notice if chanserv does not exist. - Add confirmation for badmail:del - listemail: Match on canonical addresses too - info: Show setpass to services admins with user:auspex - info_lastquit: New module to show last quit message in INFO - resetpass: Allow specifying any grouped nickname. - drop: Request confirmation when dropping an account. - access: Allow TLDs - Log sendpass sender and time - Show entity ID in 'ACC' and 'INFO' commands. groupserv --------- - Restrict +f from +F-ing themselves - Prevent +f-F from removing founders - Prevent removing last founder of a group - Make sure +F always have +f - Notify users when they are invited to a group. sasl ---- - Add ecdsa-nist256p-challenge mechanism - Add dh-aes scheme, intended to replace dh-blowfish. - Disable reload capability on all modules. perl api -------- - Add function to return entity ID - Allow sending wallops - Allow setting vhosts - Allow transferring and dropping channels - Change myuser_find to myuser_find_ext to allow lookups by UID. - Add config.xs to retrieve config values from the Perl API - Add functions to channel.xs to register a channel and to retrieve a limit, key, and ts. - Allow channelregistration.xs to get/set flags and get used time - Add registration and last seen time in account.xs email ----- - Put the network name in the subject field of outgoing emails. - Add a module canonicalizing gmail addresses. - Use canonical email addresses when checking for registration limits. libathemecore ------------- - Allow different send and receive passwords for uplinks - Respect founder_flags config setting during channel succession - Denote default crypt provider in version output. - Include reason with kline expiration messages. - Allow customization of the address for email from services. - Add option to kline user@host instead of *@host - Add qrcode API botserv ------- - Blacklist '/' from various fields. - Monkeypatch notice() to rewrite source from chanserv to botserv. crypto ------ - Rename 'fallback' crypt provider to 'plaintext' - Allow crypto modules to be loaded and the database to be updated to the preferred crypto scheme on the fly. - pbkdf2: New module implementing PBKDF2-HMAC digest scheme. misc ---- - xmlrpc: Add metadata accessor - security/cmdperm: New module which dynamically infers virtual permissions, such as command:chanserv:register - alis: Strip mIRC color/control codes from topics. - operserv/clones: Add option to give a few warning kills before applying a k-line - Codebase is stringref clean (GitHub issue #60) - memoserv/delete: Only accept numeric indexes. - chanfix: Allow admins with chan:admin to register regardless of chanfix score. - memoserv: Make inbox size customizable. - Add dragon, a new, modular, ircd link performance benchmarking toolkit. - Flood k-lines use IP address where available instead of hostname. - Add !snotices and !wallops logging targets. - Record vHost assigner and timestamp, and display in NS INFO output. - Contrib modules have their own git repo. - Add a git .mailmap - gameserv/dice: Ensure loop paramaters are integers limited to 1000 atheme.conf ----------- Be sure to check atheme.conf.example for more information on what each of these settings does. - Add 'registeremail' setting to serverinfo{}, specifying address that services emails should originate from. - Add 'hidden' setting to serverinfo{}, specifying that the services server should be hidden in /links output (limited to some ircds). - Split 'password' setting in uplink{} into 'send_password' and 'receive_password' (optional). - Move 'maxnicks' setting from serverinfo{} to nickserv{} - Move 'maxchans' setting from serverinfo{} to chanserv{} - Add 'antiflood_enforce_method' to chanserv{} for chanserv/antiflood - Add 'maxmemos' setting to memoserv{} - Add !snotices and !wallops logfiles - Add 'permissive_mode' setting to general{}, specifying manner of command denials. - Add 'kline_with_ident' and 'kline_verified_ident' to general{} - Add 'binddn' and 'bindauth' conf items to ldap{} - Document "user" operclass. Atheme Services 7.0 Release Notes ================================= All bugfixes from the 6.0 branch of Atheme are also in 7.0. dbverify -------- - New utility. Performs extensive and complicated consistency checks on your OpenSEX object store. It can find things like: - corrupt AKICK entries (AKICKs with other flags/metadata that shouldn't be there); - duplicate channel ACL entries; - entity ID collisions It can find other stuff too, and will be expanded upon in the future. Think of it like a `fsck(1)` for your object store. ircd protocol ------------- - bahamut: add experimental support for bahamut-2.0 NICKIPSTR capability. - charybdis: Add support for locking of modes provided by extensions modules. - unreal: Add support for changets. - inspircd: Add support for locking the +H channel mode. - ithildin, bircd, plexus and ptlink protocol modules removed. - inspircd: Users are now warned when they attempt to link on a client port instead of a server port. - unreal: Add SASL support. - unreal: Implement full support for mlocking +f. chanfix ------- - New service. Similar to EFNet's chanfix service. chanserv -------- - sync: New module based on cs_sync from contrib. Adds autosync on ACL change (and the ability to turn it off). - channel entrymsgs are now displayed in INFO. - akick: Support added for timed AKICKs. - ban, quiet and akick: Atheme now fills in the parts of a hostmask that are missing with these commands. - access: Various cleanups. - cs_access_alias: New contrib module. Allows level-style pseudo access lists. - clone: New module allowing you to clone a channel's access list, flags and metadata to a new channel. - cs_badwords: New contrib module. Allows channel staff to specify a badwords list for a channel and what action to take when a user says one of the words in the channel. - moderate: New module allowing operators with PRIV_CHAN_ADMIN to moderate channel registrations. This is especially useful in combination with chanfix. It is also useful in maintaining a standard of content correctness for specialized chat systems. exttarget --------- - exttarget/main: a new framework has been added which extends the entity subsystem further, allowing for entities to be dynamically constructed with the purpose of matching against any kind of user or account attribute in channel access lists. these targets can take optional parameters. - exttarget/oper: $oper extended target added. this target allows you to match against all opers on the network in channel access lists. - exttarget/registered: $registered extended target added. this target matches anyone who is logged into services. - exttarget/channel: $channel extended target added. this target allows you to match anyone who is on a channel. groupserv --------- - all groupserv commands are now modules. Your atheme.conf will need to be updated for this change if you use groupserv. - add join_flags config option and SET JOINFLAGS command. These allow changing the group flags a new user will get upon JOINing the group. - add the +b (ban) flag. This prevents accounts matching it from JOINing the group. - fflags: New command. Allows services operators to force a flags change on a group they they do not have access to. - list: Allow refining the list with a pattern. - listchans: New command. Allows group members with the +c flag to see all channels that group has access in. - honor user:regnolimit permission in relation to the maximum number of groups a user may register. (SRV-125) gameserv -------- - many refactorings - calc: new command. Allows doing basic math with GameServ. - gs_roulette: New contrib module. A game of Russian Roulette. - lottery: New module that randomly chooses one user out of the channel members. - happyfarm: New (skeleton) module that's a game like FarmVille! But on IRC! hostserv -------- - added a new host_request hook to catch and do other things with host requests. - reject: Add a optional reason parameter that will be memoed to the user with the rejection notice. memoserv -------- - ms_fsend: new contrib module. Allows sopers to override a target user being set NOMEMO or having the source user on ignore. nickserv -------- - restrict: New module that allows services opers to stop users from using commands that can be abused (hostserv/request, hostserv/take, groupserv/register, etc) - emailexempts: New config option. Lets you specify email addresses that have no limit to the number of accounts they can have registered. - when logging into a new account, users are informed that they will be logged out of their old account. - when doing RELEASE or REGAIN against a user logged into an account, log them out of the account. - old Atheme-1.x-style external logout implemented. Allows logging another user logged into your account out remotely. - listgroups: New module that shows you which groups you have access in. - nevergroup: New module that prevents anyone giving you access to a group. - badmail: New module which allows setting email addresses (or glob patterns) which are not allowed to register accounts on-the-fly. - nickserv now allows passwords longer than 32 characters if the database is being hashed. - subscribe: Removed as it had many flaws and no one used it. - ns_cleannick: new contrib module. Forces a nick change on a user if their nick is 'lame' using case normalisation. operserv -------- - emailexempts and autokline exempts are now shown in INFO. - modreload now rehashes the config if the module requires it and reloads modules that depend on the specified module. - clones: Many cleanups. - clones: Added an option to variable increase the clone limit if a users' clones are identified. - soper: Allow adding a new SOPER with a password (optional, of course). - set: Adds the ability to temporarily modify some config options on-the-fly. - info: Add a new hooks so modules that add config options can also add lines to the operserv/info output. - os_modeall: New contrib module. Allows setting a given mode on all channels. - os_joinmon: New contrib module. Facilitates monitoring certain users and when a monitored user joins a channel, that information will be sent to the services log channel. - os_resolve: New contrib module for testing the asynchronous DNS resolver. - the RWATCH database is now serialized as opensex entities. - specs: add support for groupserv-related permissions and clarify meanings of the various 'auspex' privileges. (SRV-125) proxyscan --------- - New service. Currently implements only a DNSBL scanning module. rpgserv ------- - New service. For finding and joining RP games on an IRC network. scripting --------- - Support for scripting Atheme in Perl added. Perl scripts are loaded with OperServ MODLOAD just like modules. Still in alpha. Add the --with-perl configure switch to enable it. POD-style documentation for the perl API is in doc/perl/. statserv -------- - New service. For querying for statistics about the network. xmlrpc ------ - moved to transport/xmlrpc . Your atheme.conf will need to be updated for this change if you use xmlrpc. - bad_password() is now called on invalid XMLRPC logins. code ---- - libmowgli-2 is now required instead of libmowgli. - a bit of the signal code and linker code was converted to use the mowgli implementations. - charybdis' asynchronous DNS resolver added. - mowgli.global_storage can now be used to make a module's data persistent on module reload. It is currently only used in GroupServ. - many assertions added in various places throughout the code. - added a new AC_AUTHENTICATED pseudo-priv to replace many identical checks if a user is logged in throughout the code. - irc parse/uplink state has been made modular. - atheme core has been changed to build as a library. - all the old SNOOP channel code has been removed. SNOOP has been deprecated since 5.1 and gone since 5.2. - MODULE_USE_SYMBOL() was removed in favour of MODULE_TRY_REQUEST_SYMBOL(). - most service-specific (config file) code split out from the core. - configuration-defined usernames are now truncated at USERLEN (10 characters). - UID generation split out from the core. - module_load can now be hooked into. This is particularly useful for scripting modules. - entities now have unique IDs. unique IDs may be referenced in all XMLRPC and IRC commands. - strlcpy()/strlcat() have been replaced with mowgli implementations. - atheme.string has been replaced with mowgli.string. - add new hook_channel_acl_req_t structure for channel_acl_change hook, which is intended to describe ACL changes more effectively. - call shutdown(2) on sockets being closed to help some TCP stacks be more aggressive when closing sockets. - use mowgli_eventloop_pollable instead of old eventloop code. - Windows is now supported. other ----- - ensure buffers passed to strftime() are large enough to fit the entire string. strftime() is not really required to behave in any specific way in the event of buffer overflow. - ircd_announceserv: New contrib service. This allows users to request network announcements (which sopers must approve before they're sent). - an access {} config block was added allowing rewriting of command privs. If specified, the user must match the original priv and the rewritten priv. - allow Atheme datadir to be specified on the command-line when starting. - many improvements to the LDAP authentication module. - general::immune_level config option added. This allows customising the operlevel that gets kick immunity privileges. - DNS Blacklist scanning module added. This module will scan connecting users against a list of DNS blacklists and take action if the users' IP is in one of the blacklists. This module is mainly managed through operserv. - allow SASL authentication for any nick linked to the account, not just the accountname. Atheme Services 6.0 Release Notes ================================= All bugfixes from the 5.2 branch of Atheme are also in 6.0. ircd protocol ------------- - inspircd: Support for owner, halfops and admin are now dynamically enabled by what modes exist instead of being enabled by what modules you have loaded in inspircd. - support for InspIRCd 1.1, OfficeIRC and UltimateIRCd 3 has been removed. opensex ------- - opensex is now the required database format. All flatfile will do is convert your flatfile database to opensex and exit. - converted many modules that use external databases to using opensex. chanserv -------- - new module: chanserv/access. this adds role-based channel acl via the ACCESS and ROLE commands. - new module: chanserv/successor_acl. this adds a +S channel acl flag which will weight a user as a successor. - modules may now override the succession process using the new channel_pick_successor hook. - chanserv/list: Enhance by adding many possible criteria to match channels against. - new set_prefix module. This module allows channels to define a channel-specific fantasy prefix. The channel-specific prefix is displayed in the INFO for the channel. This is particularly useful if the channel uses an external bot that conflicts with the services default fantasy prefix. - new clear_flags module. This allows founders to remove all entries from the channel access list except other founders. groupserv --------- - new service that allows users to form groups of accounts and apply the same ACL entries to them, send memos to them and other features. helpserv -------- - new service that allows users to request oper help in different ways. Currently either via a ticket system or by "pinging" the opers with a request for help. hostserv -------- - allow activating or rejecting all waiting vhosts by using '*' instead of a nick. infoserv -------- - oper-only message support. You can now give messages an importance where they will only be sent to opers upon oper-up. - in infoserv message subjects, underscores will now be replaced with spaces so you can have multi-word subjects. - allow customizing the number of infoserv messages shown to users on connect. nickserv -------- - new contrib module, ns_waitreg that allows you to specify how long a user must be connected before they can register a nick. - new regnolimit module. Allows opers to set users as able to be exempt from channel registration limits. (how many channels may be registered to one account) - nickserv/list: Enhance by adding many possible criteria to match users against. operserv -------- - new readonly module. This allows changing the readonly state at runtime. xmlrpc ------ - the legacy xmlrpc/account, xmlrpc/channel and xmlrpc/memo modules have been removed. These have been deprecated for over 4 years and you should be using xmlrpc/main and atheme.command for all your xmlrpc uses. - the xmlrpc core has been rewritten a little bit to use mowgli's patricia tree code. this should bring a performance improvement over the hashtable code it was using. - xmlrpc has been completely moved out of core - a new command, atheme.privset has been added to get the soper privs of a user. code ---- - default values in config options are now supported. This is particularly useful in modules and cleans up the config code a bit. - many bugfixes and compile warning fixes. - the flags code has been cleaned up to assume that there is only one flags table. - the flags code is now extendable by modules. - mychan_pick_candidate() is now in the public API. - the core now lives in an ipv6 world. it's 2010 - if your operating system doesn't support ipv6 - you suck. - ctcp handling has been rewritten. - new easter egg. - the shrike hash function (shash()) has been removed as there was no longer anything using it. - the "symbolmatrix" code was removed because we went with a different solution instead long ago. - myuser_t is now a child of myentity_t which describes an entity that can have channel membership. - list_t/node_t have been removed in preference of mowgli.list. - balloc has been removed in preference of mowgli.heap. other ----- - added an anope 1.9.2 flatfile DB to OpenSEX DB conversion script. - mail sending has been changed, likely causing serverinfo::mta scripts to break. The command is now passed "-t" rather than the email address and the shell is no longer used. - the SDK hg revision of modules in now shown in MODINSPECT. Atheme Services 5.2 Release Notes ================================= Note: We are looking for additional developers to help with maintenance of Services. After almost 7 years of development, many of the programmers have moved on. ircd protocol ------------- - inspircd: track channelmodes +D (delayjoin) and +d (delaymsg). chanserv -------- - split out SET into seperate modules for each SET command. chanserv/set is now a "meta-module" that depends on all the set_* modules. hostserv -------- - added OFFER module that allows opers to offer vhosts to users. - made the request system (specifically the ACTIVATE command) not send a memo to the user. infoserv -------- - new service. infoserv allows opers to send notices to users when they connect or at the time of running the command (like Global). nickserv -------- - split out SET into seperate modules for each SET command. nickserv/set is now a "meta-module" that depends on all the set_* modules. - added cracklib module that checks users' passwords on REGISTER and lets them know if the password is secure or not. You can have it just warn the user or disallow them from registering with a configuration option. - added ns_generatehash contrib module to generate a password hash for a soper if you have crypto enabled. - removed ns_ratelimitreg contrib modules as its functionality is now in core. operserv -------- - added expiry time to clone exempt code ---- - replace the atheme-services build system with the ACBS used by many other Atheme projects. - rework the colour and special character stripping for xmlrpc. - remove snoop(). any modules still using snoop() will fail to compile on atheme 5.2. please replace it in your code with logcommand() or slog(). other ----- - ircservtoatheme: generally make a bit more robust. - added ratelimiting support to hostserv/request, chanserv/register and nickserv/register. - add a new database format called opensex. This is available in 5.2 as a "technology preview" and will be mandatory in 6.0. Atheme Services 5.1.1 Release Notes =================================== ircd protocol ------------- - TS6: Rework MLOCK a bit to make it more robust and support more modes. operserv -------- - add os_helpme contrib module. Thist module marks a user as a network helper. This will only work on ircd's with the helpop (usually +h) user mode. other ----- - add extends directive to operclasses so one operclass can inherit privledges from another. See the example config for details. Note, you can have two operclasses with the same privledges, so extending is not forced. Atheme Services 5.1 Release Notes ================================= ### [MERGED] indicates items merged to the 5.0 branch ircd protocol ------------- - inspircd: common code has been merged into inspircd-aux, this will continue in the next version with inspircd 1.1 support. - inspircd: several unsupported module configurations are now programatically marked as such. - inspircd: permanent channels are now tracked in 1.2 and later. (SRV-29) - inspircd: add support for receiving SVSNICK (nick collisions) - inspircd: add support for m_ojoin - TS6: add support for MLOCK - shadowircd: updated module to shadowircd6 - hyperion: removed - Added support for ithildin1. This is still a bit experimental. - ircnet: support added for server hostmasking. botserv ------- - add missing helpfiles - botserv bots now quit instead of splitting when terminating/restarting services (SRV-12) chanserv -------- - FLAGS: allow +F* as well as +*F hostserv -------- - add missing helpfiles nickserv -------- - add support for CERTFP (CERT command) operserv -------- - reject jupes with names containing wildcards. - add os_trace contrib module. This module looks up users by various criteria and lets you perform actions on them. - add os_akillnicklist contrib module. Automatically AKILLs a list of clients, given their operating parameters. - change CLEARCHAN GLINE action to AKILL to be more consistent with the rest of Atheme. GLINE still exists as an alias to AKILL. saslserv -------- - add AUTHCOOKIE SASL method which allows for integration with Iris code ---- - add taint subsystem which allows developers to programatically define unsupportable conditions. - constify *line_sts() protocol module functions. - track deaf umode and set it on services clients if fantasy is disabled. - allow #else in helpfiles - startup flag -r (read-only) added. - enable large file support. - Add 'force_language' to sourceinfo_t, which forces the locale to be reset to the language specified by the sourceinfo structure. Useful for forcing XMLRPC responses to be in English. - force dependency calculation before most targets to fix -j problems; there is a new target build-nodeps to skip this for subsequent builds (like the old behaviour of build). other ----- - logging system entirely reworked. snoop() is deprecated and will be removed in the next version. - add general::exempts config block, for masks that will never be automatically klined. - add configurable command aliases to the services blocks - helpfiles added for all contrib modules. - make the wumpus contrib module compile and work again. - anope_convert: support newer 1.8.x Anope versions and made anope_convert a bit more robust in handling encrypted passwords. Atheme Services 5.0.1 Release Notes =================================== botserv ------- - When kicking users from an otherwise empty channel, set INHABIT, so that the bot leaves the channel after a short delay. code ---- - Remove legacy .disp field from core services structures. Atheme Services 5.0 Release Notes ================================= ### [MERGED] indicates items merged to the 4.0 branch ircd protocol ------------- - inspircd12: fix UID parsing and rejoining services after kicks. **[MERGED]** - TS6: allow nicer topic setting using charybdis 3.2's ETB. - hyperion: fix a bug that could cause the hostnames of services clients to be overwritten. **[MERGED]** - plexus: port to ts6-generic, add UF_IMMUNE for +N, add support for permanent channels. - hybrid: fix a crash. - unreal: use SVSKILL for kills from NickServ. This reduces excessive server notices. nickserv -------- - Matching a nickname access list entry no longer resets last used time. - Allow authentication via an LDAP server. - Add some missing help files. - Start the enforce timer on /ns set enforce on. - Add a per-account language setting. This currently does not work very well. - Prepend "(restored) " to marks restored from previously deleted accounts. - Change VHOST syntax, adding an ON/OFF keyword and requiring a FORCE keyword to set a vhost on a marked account. The old syntax still works for vhosts containing a dot, colon or slash. - Add ns_listlogins contrib module. This allows logged in users to see real hosts of their other logins. chanserv -------- - Set owner/protect on the founder of a new channel, if appropriate. - Do not set protect status if the user already has owner. - Rework successor selection for channels to respect flags more. **[MERGED]** - Allow users with +V to voice themselves. botserv ------- - New service. This allows users to have a "bot" join their channel instead of ChanServ. hostserv -------- - New service. This adds per-nick vhosts and a request system to what /ns vhost provides. As long as per-nick vhosts are not used it interoperates with /ns vhost. alis ---- - Add -maxmatches option which xmlrpc and chan:auspex may set to higher than the default. oper ---- - Fix a possible crash with /os greplog. **[MERGED]** - Add SGLINE system for bans by realname (TS6 xline). - Services ignores no longer apply to users with general:admin privilege. - Add /os listklinechan to the os_klinechan contrib module. - Add os_kill contrib module. This allows opers to kill users while hiding their identity. (This was added earlier, but not linked to the build.) - Add SQLINE system to disallow nick and channel names (TS6 resv). - Fix possible crash with /os noop. - RWATCH now also watches nick changes. xmlrpc ------ - Remove 4K limitation on length of xmlrpc command output. **[MERGED]** code ---- - Remove select() support and code to allow multiple "socket engines". poll() is sufficient. - Rework the network connection code to be cleaner and more flexible. - Close all connection_t fds in child processes. - Allow using sourceinfo_t.v with IRC sources. - Some tweaks to the build system. - Add type checking to the hook system. See src/hooktypes.in. It may be necessary to specify --enable-warnings to configure to enable the checks. other ----- - Try to detect MacOS X crypt(3) breakage in crypto/posix and generate a DES based hash. - Allow the user_add hook to remove the user from the network safely. - Add user_nickchange hook for nick changes, which is also allowed to remove the user from the network. Atheme Services 4.0 Release Notes ================================= [MERGED] indicates items merged to the 3.1 branch ircd protocol ------------- - Add support for ShadowIRCd 5 **[MERGED]**. This replaces the support for older versions of ShadowIRCd. - hyperion: improve detection of overwritten I:line spoofs. - hyperion: Add support for UF_IMMUNE. - general: Do not enforce AKICKs against users marked UF_IMMUNE; it is impossible to ban them effectively. - inspircd12: various fixes and updates. - ratbox: make akills work with ircd-ratbox 3.x. - ratbox: add support for ratbox services shortcuts (ENCAP RSMSG, m_rsshortcut.so) - nefarious: allow /ns vhost (FAKEHOST). - nefarious: let services joining channels op themselves, avoiding HACK(4) notices - ircd-seven: new protocol module - Limit the send queue to the ircd to a configurable value, default 1MB. Large networks may need to increase this. - Limit IRC command output to 2000 lines. XMLRPC is unaffected. - Add tracking for the "server admin" umode in some ircds. - ptlink: add support for forced nick changes (SVSNICK), fix nickTS. - Remove some obsolete protocol modules: aurora, sorcery, shadowircd. If you do still use one of these, please contact us. - Add support for P10 account creation times. - Add support for P10 user IPv6 addresses. nickserv -------- - Snoop on freeze on/off. - Add nickserv/vacation module, allowing to temporarily extend expiry times. - Make register help text depend on whether email verification is used. - Refer users to their email if they try to identify again while unverified. **[MERGED]** - In FUNGROUP, allow dropping account names, by specifying a new account name. - Add optional nickserv/listownmail to allow users to see accounts with their email. - When refusing a login due to maxlogins, tell the user what the logged in nicks are. - Show FREEZE status (but not setter, time or reason) to normal users. - Show taxonomy (property, metadata) in INFO. - Show recognized (access list) a bit better in INFO. - Ignore access lists for frozen accounts. **[MERGED]** - Add ns_fenforce contrib module. This allows admins to toggle enforce on any nickname. - When a user is recognized but not identified, still tell them to identify, but with a shorter message. - Make nickserv/enforce timings more accurate. chanserv -------- - Allow multiple spaces before fantasy commands when ChanServ is addressed by nickname. - QUIET/UNQUIET now notify the target user or channel. - Show the current successor in /cs info (for +A users and opers). - FFLAGS now overrides the NEVEROP setting on the target account. - Set owner/protect if appropriate after xOP ADD. - Show taxonomy (property, metadata) in INFO. - Add chanserv/set_limitflags, allows limiting +f's power. alis ---- - Fix handling of key and limit options. - Allow alis list on a single +s channel the user is on. memoserv -------- - Add DELETE OLD to delete all read memos. gameserv -------- - Do not add chanserv commands if fantasy is disabled. - Allow ROLL, WOD and DF with a channel name to send the results to that channel without requiring fantasy commands. This must be specifically enabled on a per-channel basis using the new ChanServ command SET GAMESERV (module chanserv/set_gameserv). oper ---- - Allow searching for AKILLs matching a given mask or id in AKILL LIST. - Allow running an operserv-only services instance, which picks up login names from the main instance (currently only for hyperion, TS6 and P10 ircds). - Add optional PCRE support. Configure --with-pcre to enable it and add the p flag to use it (e.g. /os rmatch /\d\d\d/p). The regex wrapper has been changed slightly to make this possible. - Report other nicks of deleted accounts to snoop and log file. - Add operserv/greplog module (from freenode modules) to allow searching through recent logs from IRC. - Automatically rehash after loading modules that need a rehash. xmlrpc ------ - Fix atheme.memo.ignore.list and atheme.memo.ignore.clear to require only two arguments (third wasn't ever in use). **[MERGED]** code ---- - Change kline_delete() to take a kline_t pointer instead of a user and host. - Allow modules to influence the expiry process. - Fix a minor memory leak on /os REHASH. - Fix null pointer dereference with some invalid config files. - Move the metadata entries to object_t. - Change some protocol module functions to take object pointers instead of names and add some const keywords. - Modules can now request other modules be loaded. This has been used to move some generic TS6 and P10 stuff into common modules. - Rename CMODE_OP and the like to CSTATUS_*, emphasizing that they are separate from simple modes. - Use C99 booleans (<stdbool.h>, bool, true, false). other ----- - Allow arbitrary line lengths in flatfile database loader. - Synchronized with libmowgli 0.7 framework. - Remove automatic module loading for modules/ directory; this behaviour has been deprecated since version 0.3. - Fix ircservices conversion for ircservices 5.1. - Improve flood detection. - Fix a bug with /os identify introducing enforcers. - Fix a bug that could cause normal users to be seen as enforcers. - Allow any service's nick/user/host/realname to be set in the configuration file, and update them on a rehash. The service creation code works quite a bit differently to make this possible. - Fix running on MacOS X 10.5. - Fix compilation sometimes using system include files in place of our own. - Change the default for gettext (NLS) to disabled in the setup script. - Add a check against loading incompatible modules. Formerly, trying to load incompatible modules often caused a crash. - Rework the configuration file parser to detect more errors and make it easier to add configuration options. - Add +a to the example configuration's SOP to fit expectations better. - Update anope_convert for anope 1.8 enc_md5/enc_sha1 passwords. - Wake up the process less often if it is idling. - Install an example services MOTD automatically. Atheme Services 3.1 Release Notes ================================= ### [MERGED] indicates items merged to the 3.0 branch ircd protocol ------------- - Fix a crash that could happen with ircd bugs or nick collisions with services. **[MERGED]** - Fix host changes in hyperion. **[MERGED]** - Do not check the server's password in the hyperion protocol module. - Do not allow spoofs ending in a slash in the hyperion protocol module. - Allow nickname enforcers which are clients. - Fix ping replies in P10. - Add support for InspIRCd 1.2. - Some ircds dislike colons in kline reasons, so don't use them for flood klines. - When restoring an akill, send it to all servers on all protocols. Formerly, on some protocols it was only sent to the server the banned user was on. - Add ircd-aurora protocol module. ircd-aurora is a patched version of charybdis with +qah channel statuses. - For ircds that do not indicate host change to clients, send a 396 numeric instead of a notice from the service. This is easier to parse for clients. nickserv -------- - Comment out nickserv/subscribe from the example configuration, because it is experimental at this time. **[MERGED]** - Fix a possible crash in nickserv release (nickserv/enforce module). **[MERGED]** - Fix RETURN only accepting relatively short email addresses. - Allow disabling the possibly slow maxusers (accounts/email) check by putting 0. - Show /ns vhost in /ns info. Appears to user self and user:auspex opers. - Adjust times so nicks cannot appear created before their account or used after their account was last seen. - Add user_verify_register hook, called when a registration is verified. This is after a successful VERIFY if email verification is enabled, after a successful REGISTER if not. - Make gen_vhostonreg contrib module only grant vhost once it's verified, and also set vhosts on users without vhost as they identify. - Add clearer log messages for duplicate accounts/nicks/channels in atheme.db. - Make INFO default to the user's nick (owned nicks) or current account (no owned nicks). - Also introduce an enforcer when FNCing a user via the RELEASE command. - Allow ignoring enforce on nicks unused for too long (nickserv::enforce_expire config option). This does not affect held accounts. - Add nick_can_register hook and use it to block GROUP on guest nicks also. This hook is called on both REGISTER and GROUP (if nickname ownership is enabled). - In SENDPASS, require the new keyword FORCE to override marks and the new keyword CLEAR to clear keys that were previously sent but not yet used. If these keywords are needed, the oper will be warned. - Do not allow SENDPASS on unverified accounts. - Make the enforce delay settable in the config file. - Make holdnick enforcer time variable, 30s the first time then 1h. - Add ns_ajoin contrib module to allow services-side autojoin. - Show a pending email address change in INFO, to user self and user:auspex opers. - Add ns_forbid contrib module. This registers, enforces, holds and freezes a nickname. - Split DROP into DROP (users) and FDROP (admins). - Send all failed password attempts for SOPER accounts to the snoop channel. - Make the text in INFO for unverified accounts more conspicuous. chanserv -------- - Fix removing non-applicable flags (e.g. +hH) from host channel access. **[MERGED]** - Fix ChanServ not deopping in some cases with guard on and changets off. **[MERGED]** - Fix some ugly output in chanserv/unban_self. **[MERGED]** - Respect NOOP flag in cs_sync contrib module. - Allow calling RECOVER via xmlrpc. - Add channel_can_register hook to allow modules to block channel registrations. - Add SET QUIETCHG (nickserv setting) which suppresses notices from OP, VOICE, and the like by other users. - Add cs_updown contrib module. This provides UP and DOWN commands that add and remove all modes a user is entitled to. - Change SET STAFFONLY to SET RESTRICTED. This kicks all users except those with chan:joinstaffonly priv or any access (except +b) on the channel. Also make it handle +i channels more effectively. - Allow admins to change oper only modes in mlocks even without +s flag. - Snoop changes to oper only modes in mlocks. - Split DROP into DROP (users) and FDROP (admins). - Add a confirmation step against accidental drops to DROP. This only applies to commands via IRC. alis ---- - Move ALIS from contrib to modules. The new atheme.conf line is loadmodule "modules/alis/main"; memoserv -------- gameserv -------- oper ---- - Fix a possible crash in /stats B. **[MERGED]** - Fix slight damage to news items when reloading in contrib/os_logonnews. **[MERGED]** - Allow GLOBAL to be used from non-IRC. - Add CLONES DURATION to allow changing the duration of the network bans set by the clones module. - Add os_klinechan contrib module. This allows setting channels to kline any users joining them. xmlrpc ------ - Some improvements to buffer and character set handling. code ---- - Disable object_t refcount. - Fix various format string types, add many const keywords, hide a few structs that should be private. other ----- - Improve performance with large databases by changing the mowgli_heap memory allocator. **[partially MERGED]** - Improve performance by changing the dictionary to a patricia algorithm. - Decrease memory usage for large networks. - Add LOCALEDIR to Makefile.in files, necessary for gettext. **[MERGED]** - Some improvements to the hybserv/theia conversion tool. - Some improvements to the ircservices conversion tool. - Change maximum nick length from 30 to 31. - Remove redundant expire_check and db_save in several places. This makes restart, shutdown and rehash faster without threatening data integrity. - Add Russian help files from Kein/darkwire. Using these currently requires manual copy/rename operations. - Add Russian translation from Kein/darkwire and fix the build system so it is automatically installed if gettext is enabled. - Allow for crypt() in libc as well as libcrypt (MacOS X). - Fix nested includes in the configuration file. - Add child process tracking. - Make some help files depend on what modules are loaded. - Fix a bug that caused certain timed events to be executed too late. |
||
wiz
|
4b6cc49c90 | Comment out some dead HOMEPAGEs. | ||
joerg
|
ac2b772c19 | Drop MASTERSITE, requires authentication now. | ||
jperkin
|
17661ff9a5 | Bump PKGREVISION for security/openssl ABI bump. | ||
dholland
|
eebeb66ee5 |
Apparently, setting PLIST.foo=no is the same as setting PLIST.foo=yes.
Sigh. |
||
dholland
|
145d37c244 |
The silly legacy crypt() from libcrypt doesn't exist on MacOS, so the
plugin for it doesn't build there; deploy a PLIST_VAR to account for this. No PKGREVISION bump as no package created (even without PKG_DEVELOPER) is different now. |
||
agc
|
b35b0abbb4 |
Add SHA512 digests for distfiles for chat category
Problems found with existing distfiles: distfiles/icb-5.0.9.tar.gz distfiles/icb.2.1.4.tar.Z distfiles/zenicb-19981202.tar.gz No changes made to these /distinfo files. Otherwise, existing SHA1 digests verified and found to be the same on the machine holding the existing distfiles (morden). All existing SHA1 digests retained for now as an audit trail. |
||
jperkin
|
45bc40abb4 |
Remove example rc.d scripts from PLISTs.
These are now handled dynamically if INIT_SYSTEM is set to "rc.d", or ignored otherwise. |
||
tron
|
73d05e2276 | Recursive PKGREVISION bump for OpenSSL API version bump. | ||
jperkin
|
b091c2f172 |
Bump PKGREVISION of all packages which create users, to pick up change of
sysutils/user_* packages. |
||
jperkin
|
becd113253 | PKGREVISION bumps for the security/openssl 1.0.1d update. | ||
asau
|
4840ebad6d | Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. | ||
hans
|
724ed656b7 | Fix build on SunOS. | ||
joerg
|
008c6491c7 | DESTDIR support | ||
adrianp
|
2ae6078ec7 | Give up MAINTAINER | ||
joerg
|
e209761d06 | Remove @dirrm entries from PLISTs | ||
wiz
|
2082956205 |
Bump PKGREVISION for libmowgli shlib bump.
Other dependencies not bumped, because they were all updated in the last hour. |
||
wiz
|
4bb09e4700 | Use devel/libmowgli instead of devel/mowgli. | ||
adrianp
|
7dbad25904 |
atheme-services is a set of Services for IRC networks that allows users to
manage their channels in a secure and efficient way and allows operators to manage various things about their networks. Unlike it's predecessor, Shrike, services has a completely reworked form of channel management that feels somewhat like eggdrop and is somewhat more useful. Services currently works with many irc daemons. More details are available in the config file. |