pkgsrc changes:
- Remove obsolete and broken MESSAGE files.
- Find zlib correctly when enabled.
- Add SMF manifest.
- Update patch files and add comments where necessary.
Upstream changes:
- This release fixes a SASL Denial of Service issue
Patch provided by Marco Wessel in joyent/pkgsrc#306.
WRKSRC is now handled automatically. Let options.mk include bsd.prefs.mk
instead of pulling it in again in Makefile. CONFIGURE_ARGS for hub and leaf
no longer exist. Removed from PKG_OPTIONS. Specifying hostname in
CONFIGURE_ARGS is also no longer available. Removed. ${IRCD_SHARE}/networks
files are no longer provided. Removing from post-install and PLIST. From
Changes:
- Fix compilation issue when disabling stacked extbans. https://bugs.gentoo.org/389949
- Fix compilation issues with bundled tre and ./curlinstall-ed curl caused by over-generic regexes. Reported by warg.
- Include CMDS=STARTTLS in ISUPPORT/numeric 005 to let clients discover STARTTLS support through VERSION, before or after registration (#4064).
- Added patch from nenotopia to use more modern LUSERS numerics (#3967).
- Fix small error in oper block documentation, reported by Stealth (#2318).
- Config parser failed to check for invalid set::ssl options, reported and patch by fbi (#4035).
- Tweak: send actual channel name and not user supplied channel in KICK, reported and patch by Stealth (#3298).
- Services coders: Added support for ESVID. Instead of a number you can
now store a string (of max NICKLEN size) as service stamp.
- Show account name in /WHOIS, for ESVID-capable services packages, patch from nenotopia (#3966).
- Added extended ban ~a:<account name> which matches users who are logged
in to services with that account name. This works only on services that
support ESVID. Patch from nenotopia (#3966).
- Updated extended ban documentation in help.conf and unreal32docs:
new bantype ~a, and some text about extended bans & invex (+I).
- compile fix for just-checked-in patches.
- extban ~a = also allowed for invex
- Throw up an error if a password in the configuration file is too long
(max 48 characters), reported by JasonTik, based on patch from
WolfSage (#3223).
- Enforce matching of unrealircd version and PACKAGE_VERSION macros (#4014).
- Make default service stamp 0 (zero) again, instead of '*' which was
introduced by ESVID changes a few days ago. This makes anope happy,
and also means nothing will change in a non-ESVID scenario.
- Fix misuse of stdarg.h macros when calling vsyslog() (#4065 by Jimini).
- Ditch vsyslog() as it's only a waste of CPU, inspired by #4065.
- Add CAP support. Currently implemented are: multi-prefix (NAMESX), and
userhost-in-names (UHNAMES). Patch from nenotopia (#4018, #4066)
- Fix issue with CAP & NOSPOOF. Patch from nenolod (#4077).
- Advertise 'tls' (STARTTLS) capability in CAP. Patch from nenolod (#4081).
- New user mode +I (IRCOp only) which hides idle times to other users,
suggested and patch supplied by Nath & binki (#3953).
- Added remove_oper_modes(), which works just like remove_oper_snomasks(),
- Get rid of networks/ directory, and all references to it. Suggested by
katsklaw and others (#4056).
- Added doc/example.es.conf, translated by Severus_Snape.
- Make the accept code check if the fd is within bounds instead of relying
on OpenFiles to be correct.
- Moved nospoof to config file, suggested by and patch from nenolod (#4078).
- Even when 'M' was listed in set::oper-only-stats you could still do a
'/STATS m'. Unlike other stats characters, case insensitivity was not
checked for this one. Reported by and patch from Apocalypse (#4086).
- Added patch from Adam for poll() support (#1245).
update my own fd check code for poll support
- Some more changes and fixes regarding poll patch:
- make c-ares use 100% poll. and make sure we never deal with negative fds.
- UnrealIRCd now supports poll() instead of select().
- Speed optimization: First, moved a large part of vsendto_prefix_one into
vmakebuf_local_withprefix. Then use this new function - which creates the
buffer-to-be-sent - at the top of functions like sendto_channel_butserv
and sendto_common_channels and send the prepared buffer in the loop that
comes after it. This means we only prepare the buffer once and then send
it many times, rather than both building and sending it XYZ times.
Benchmarking connect-join-quit of 10k clients:
100 users per channel: no noticeable speed improvement
1000 users per channel: 18% faster
10000 users in one channel: 50% faster
As you can see, unfortunately, for a typical irc network there isn't much
speed improvement. However, if you have a couple of 500+ user channels or
get attacked by clones then you may see some improvement in speed and/or lower
CPU usage.
- Call m_cap_Init() when m_cap is loaded through commands.so. Reported by nenolod.
- Fix for speed optimization a few lines up, was accidentally using ident
username (which might have been 'unknown') instead of effective username.
- Added support for SASL, patch from nenolod (#4079).
- Fix crash in AUTHENTICATE (SASL commit from an hour or so ago).
- Tweak SASL code to conform to current coding style.
- Split up PROTOCTL line, since with the addition of ESVID we exceeded
MAXPARA when using ZIP links.
- Poll I/O engine: get_client_by_pollfd() may return -1 when there's a race
condition. Don't abort, instead just skip those clients.
- Fix win32 installer: apparently it sometimes complained about not having
- the Visual C++ 2008 redistributable package installed when this was not true.
- Fix Windows build.
- Win32 compile fix (nenolod)
- Print out a warning when we can't write to a log file. When booting this
goes to the boot screen. When we are already booted it's sent to all
IRCOps with a limit of max. 1 message per 5 minutes.
- Refuse to boot when we can't write to any log file.
- Remove old no-stealth configuration directive from documentation,
reported by katsklaw, patch from warg (#4036).
- Added 'away-notify' client capability, which informs the client of any AWAY state changes of users on the same channel. Patch from nenolod (#4097).
- Add support for account-notify client capability (#4098). This capability
can be used to request passive notifications for accountname changes.
- If set::options::dont-resolve is enabled, then use only the IP information
from a WEBIRC message, reported by Ismat (#4103).
- Moved sendto_connectnotice, and thus the call to HOOKTYPE_LOCAL_CONNECT,
so it gets called after the broadcast of NICK to other servers.
- Fix bug caused by new I/O engine (both with and without USE_POLL):
queued data on the receive queue (eg: due to fake lag) was not processed
unless we got new data from the client.
- Add support for server-enforced mode locks (MLOCK).
This allows the IRCd to enforce MLOCKs that are set by services, which
eliminates clashes between users setting modes and services enforcing
it's mlock on channels. (#3055)
- complete the previous patch (MLOCK).. mostly just bringing it up to date & code-style
- Fixed another SASL crash bug. Always use HookAddEx, not HookAdd!
Crash occured after the first quit of a user after a REHASH.
- SASL now needs to be enabled explicitly by setting a set::sasl-server.
- Changed numeric 307 (RPL_WHOISREGNICK) to 'is identified for this nick',
- Win32 installer (SSL): Uncheck 'create certificate' checkbox when
server.cert.pem exists, and check it if the file doesn't exist.
- Win32 installer: Latest InnoSetup no longer supports Windows 95/98,
so update Minversion to make the .iss compile.
- Module coders: added HOOKTYPE_AWAY (sptr, away-reason).
- Add optional oper::require-modes setting to the oper block. (#4008 by katsklaw)
- Clarify that hiddenhost-prefix must be the same on linked servers for
bans to function properly (#4090, patch from warg, reported in #4043
by maxb).
- Add /SILENCE to HTML documentation (reported by Severus_Snape in
#4072, patch from warg).
- Show "Ping timeout: XYZ seconds" instead of just "Ping timeout".
- a bigger scratch buffer makes me sleep at night ;)
- Install server.*.pem files, patch from katsklaw (#3988).
- The ./Config script will now ask whether to generate an SSL
certificate when it does not exist (defaults to Yes), instead of
always generating one.
- Added missing Mod_Header to m_sasl.c
- Remove old reference to networks/ directory from Windows installer
- Disable sending of UHNAMES when HTM (High Traffic Mode) is ON,
- Disable sending of UHNAMES when HTM (High Traffic Mode) is ON,
- Add 'class' option to allow/deny channel so you can allow/deny
users based on their class. Patch from fspijkerman (#4125).
- Use poll() in the remote includes functions when USE_POLL is
defined (#4091).
- Fix bug where recursive includes would hang the IRCd, patch from
binki with some minor modifications, reported by warg (#3919).
- Upgraded to c-ares 1.9.1. Updated configure & other files.
- various win32 fixes:
- Disable USE_POLL on Windows, since it doesn't work with XP and has
no advantage anyway. Reported by nenolod (#4129).
- Various updates to makefile.win32 and .iss file, found during
building new versions of zlib, openssl, and curl.
- Added set::options::disable-cap, which can be used to disable the
new CAP support (#4104).
- Added auth method 'sslclientcertfp' which provides an alternative
method to authenticate users with SSL client certificates based
on SHA256 fingerprints. This can be used instead of the already
existing 'sslclientcert' so you don't have to use an external file.
One way to get the SHA256 fingerprint would be:
openssl x509 -in name-of-pem-file.pem -sha256 -noout -fingerprint
Suggested and patch supplied by Jobe (#4019).
- Added documentation on the new sslclientcertfp
- Moved documentation on authentication types to one place and refer
to it from each section (oper::password, vhost::password,
link::password-receive, etc).
- Windows: fix MOTD file always showing a date of 1/1/1970, reported
by maxarturo (#4102).
- Removed unreal32docs.es.html (outdated since 2006-12-22),
unreal32docs.gr.html (outdated since 2006-12-02), and
unreal32docs.nl.html (outdated since 2009-01-18, possibly 2007-07-12).
- Remove wircd.def, needs to be re-generated almost each build anyway..
- Use our own (v)snprintf if not available.
- Use a more robust method of learning the server origin for a SASL agent.
- Use a more robust method of learning the server origin for a SASL
agent. Fixes crash reported by Adam.
- Import unreal32docs Spanish translation by Karim Benzema.
- In the Mercurial repository the Changes file no longer exists (except
for a dummy file). You now need to run ./createchangelog to generate it.
Of course in official releases the Changes file will be present and
contain all details.
- From now on, the Changes file is based on the history of the Mercurial
repository. This means we no longer have to write text manually to the
Changes file. This simple change helps a lot in future development
because patches will no longer break when they are being ported from
one branch to another.
- Update ./createchangelog to make it only show changes on default branch.
- If you are running the IRCd as root and use IRC_USER/IRC_GROUP then we now
change ownership of the log file to that user/group so it can still write
after the setuid(). Reported by asmadeus (#4152).
- Fix duplicate user@host in away-notify and account-notify, reported by grawity (#4153).
- '/rehash -global' did often not rehash all servers. Reported by Cronus (#4143)
- allow channel: Permit multiple channel items in one block again, was broken by patch from #4125.
- Update the documentation about set::dns::nameserver to reflect reality (that the setting is only used if c-ares can?t read /etc/resolv.conf).
- Don't remove oper-modes such as +S from non-local clients.
- Pull in poll(2) stuff before any other ircd include files. (#4155)
- Windows: Fix strange linking bug. Outgoing connects from a Windows
IRCd caused a garbled SERVER protocol message, causing 'cannot find
server' errors and killing of users. Reported by Sunkat (#4183).
- Custom modules: move EXLIBS= so shared libraries are always linked.
from the announcement:
There have been 212 changes since previous release which is almost the
Same as previous THREE stable releases combined.
The changes consist of the usual amount of bugfixes, however also a
substantial amount of new features have been added.
pkgsrc note: This removes the dependencies on fixed (old) versions
of tre and c-ares.
Unreal3.2.8.1
- Fixes a security issue, which is exploitable (crash) when allow::options::noident
is in use.
Unreal3.2.8
==[ NEW ]==
- set::level-on-join: this defines which privileges a user receives when creating a
channel, default is 'chanop', the only other available setting is 'none' (opless).
- Away notification through WATCH: This allows clients to receive a notification
when someone goes away or comes back, along with a reason, a bit like IM's.
There's probably no current client supporting this but it would be a nice feature
in notify lists. Client developers: see Changes file for full protocol details.
This feature can be disabled by setting set::watch-away-notification to 'no'.
- Spamfilter: Slow spamfilter detection: For each spamfilter, Unreal will check,
each time it executes, how long it takes to execute. When a certain threshold is
reached the IRCd will warn or even remove the spamfilter. This could prevent a
spamfilter from completely stalling the IRCd. Warning is configured through
set::spamfilter::slowdetect-warn (default: 250ms) and automatic deletion is
configured by set::spamfilter::slowdetect-fatal (default: 500ms).
You can set both settings to 0 (zero) to disable slow spamfilter detection.
This feature is currently not available on Windows.
- SSL: set::ssl::server-cipher-list can be used to limit the allowed ciphers
- SSL: To specify when an SSL session key should be renegotiated you can use
set::ssl::renegotiate-bytes <bytes> and set::ssl::renegotiate-timeout <seconds>.
- UHNAMES support: This sends the full nick!ident@host in NAMES which can be
used by clients for their IAL. mIRC, Klient, etc support this.
- There have also been some behavior changes, which can be considered NEW, see
next section (CHANGED).
==[ CHANGED ]==
- IPv6: On IPv6 servers you no longer have to use ::ffff:1.2.3.4 IP's for IPv4 in the
config file, you can use the simple 1.2.3.4 form, as they are converted automatically.
- When someone is banned and /PARTs, the part reason (comment) is no longer shown
- ChanMode +S/+c: now strips/blocks 'reverse' as well
- Smart banning is now disabled by default because it was too annoying, this means that
f.e. if there's a ban on *!*@*.com then you can still add a ban on *!*@*.aol.com
- except ban { } now also protects against ZLINEs and ban ip { }
- Modules: user modes and channel modes without parameters (eg: +X) no longer have
to be PERManent, this means they can be upgraded/reloaded/unloaded on-the-fly.
==[ MAJOR BUGS FIXED ]==
- Zip links issue (Overflowed unzipbuf)
- Crash issue with 3rd party modules that introduce new channel modes w/parameters
- Mac OS X: Various issues which prevented the IRCd from booting up
- Remote includes (constant) crash with new curl/c-ares versions
- A few rare crash issues, including a crash when linking to another server
- In case of clock adjustments, the IRCd will no longer freeze when the time is
adjusted backwards, nor will it incorrectly throttle clients when adjusted forward.
However, because clock adjustments (time shifts) of more than xx seconds are
so dangerous (and will still cause a number of issues), big warnings are now
printed when they happen.
Morale: synchronize your system clock, or use the built-in timesync feature.
==[ MINOR BUGS FIXED ]==
- CGI:IRC: Several IPv6 issues, both on IPv6 IRCd's and CGI:IRC gateways
- IP masks in oper::from::userhost sometimes didn't match when they should
- (G)ZLINE's on IPv6 users were sometimes rejected
- CHROOTDIR works again
- OperOverride fixes
- Throttling is now more accurate
- And more... see Changelog
- Updated c-ares to 1.4.0, TRE to 0.7.5
- chmode +L does no longer require chmode +l
- Oper blocks now can have CIDR, as in "userhost *@127.0.0.1/32";
- Services coders: SVSNOLAG/SVS2NOLAG (described in Changes) will allow a user to avoid fake lag (ie, flood as much as he/she wants).
- More intelligent accept() handling - that is, take in multiple times at a time instead of one per I/O loop
- A lot of bug fixes, basically.
the owner of all installed files is a non-root user. This change
affects most packages that require special users or groups by making
them use the specified unprivileged user and group instead.
(1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
unprivileged.mk. These two variables are lists of other bmake
variables that define package-specific users and groups. Packages
that have user-settable variables for users and groups, e.g. apache
and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER}
and ${UNPRIVILEGED_GROUP}.
(2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
In brief:
Unreal3.2.6 Release Notes
==========================
==[ GENERAL INFORMATION ]==
- The purpose of the sections below (NEW, CHANGED, MINOR, etc) is to be a
SUMMARY of the changes in this release. There have been 80+ changes, and
trying to mention them all would be useless, see the Changelog for the full
list of changes.
==[ CHANGED ]==
- SSL: The server certificate and keys can now be reloaded via '/REHASH -ssl',
no restart needed anymore.
- loadmodule errors are improved
- Snomask 'N' will no longer show nick changes of U-lined servers
- Various doc updates ('/HELPOP ?EXTBANS', and some unreal32docs improvements)
==[ MAJOR BUGS FIXED ]==
- Crash if link::options::quarantine was used
- Another crash which could happen in some rare cases
- Throttling was not always being applied correctly
- Windows 2003: Fixed crash on-boot if no nameserver was set
- Windows: Fixed /RESTART not always working properly (leaving the ircd dead)
==[ MAJOR BUGS FIXED ]==
- Spamfilter was not always working properly
- MS Visual studio 2005 (8.x) was unable to compile Unreal and/or caused crashes
- Certain IPv6 listen blocks could crash the ircd on-boot/on-rehash
==[ MINOR BUGS FIXED ]==
- "Looking up your hostname" message was missing if
set::options::show-connect-notice was enabled (other messages, like "looking
up ident" were shown, however)
- It was sometimes impossible to update a link { } block: all old settings
would still be used, this happened if connfreq was low. This might also have
caused crashes.
- Netsynch problem, which could cause the wrong modes to be applied to a
channel in some rare cases.
- Setting set::maxdccallow to 0 (or lower) still allowed one entry to be added
- Spamfilter oversized-checking is no longer done when removing a spamfilter
- Operator count bug (there might still be others...)
- Some chinese-* charsets could not be selected individually
- No longer requiring a C++ compiler (was caused by resolver in 3.2.4)
- Added workaround for "make: Permission denied" bug in some FreeBSD's
RECOMMENDED is removed. It becomes ABI_DEPENDS.
BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo.
BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo.
BUILDLINK_DEPENDS does not change.
IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS
which defaults to "yes".
Added to obsolete.mk checking for IGNORE_RECOMMENDED.
I did not manually go through and fix any aesthetic tab/spacing issues.
I have tested the above patch on DragonFly building and packaging
subversion and pkglint and their many dependencies.
I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I
have used IGNORE_RECOMMENDED for a long time). I have been an active user
of IGNORE_RECOMMENDED since it was available.
As suggested, I removed the documentation sentences suggesting bumping for
"security" issues.
As discussed on tech-pkg.
I will commit to revbump, pkglint, pkg_install, createbuildlink separately.
Note that if you use wip, it will fail! I will commit to pkgsrc-wip
later (within day).
This is just a summary of changes, for full details see:
http://www.unrealircd.com/txt/unreal3_2_4_release_notes.txt
> ==[ MAJOR BUGS FIXED ]==
> - Two issues with an incorrect badword { } block in the config file causing a crash.
> - Incorrect TKL/*LINE causing a crash
> - Complete resolver recode: now using c-ares + caching to fix some (rare?) crash bugs and
> to make our code much more cleaner.
> - Using GCC4 caused a crash on-link.
> - Crash when a class block was removed and had any other blocks were referencing it.
> - OpenBSD crash on /REHASH.
> - Several AMD64 crash issues.
> - Sometimes a serious flood of notices was generated if link::options::nodnscache was used.
> - Spamfilter: action 'viruschan' combined with target 'user' caused crashes.
> - chinese-* nick characters support caused memory corruption.
> - Crash issue regarding SSL and junk snomask.
>
> ==[ MINOR BUGS FIXED ]==
> - Now properly resolves hostnames again that use CNAME delegation (got broken in 3.2.3).
> - Fedora Core w/IPv6 failed to compile.
> - A few read-after-free bugs that could have caused crashes.
> - ./Config was not loading the settings properly on Solaris 10
> - Crash if high ascii in set::network-name
> - Fixed advanced channel aliases not working properly
> - Fixed \* and \? escaping not always working properly (for example in ~r/~c bans).
Fix patch-aa so libcares is properly detected
Fix options.mk so that libcurl is properly detected
Use PKG_OPTIONS_OPTIONAL_GROUPS as suggesed by wiz@ in private email
Use PKG_OPTIONS_REQUIRED_GROUPS for hub/leaf choice
Bump to nb1