stable

unrealircd-6.1.0-1.fc36

FEDORA-2023-017f544b89 created by robert a year ago for Fedora 36

UnrealIRCd 6.1.0

This is UnrealIRCd 6.1.0 stable. It is the direct successor to 6.0.7, there will be no 6.0.8.

This release contains several channel mode +f enhancements and introduces a new channel mode +F which works with flood profiles like +F normal and +F strict. It is much easier for users than the scary looking mode +f.

UnrealIRCd 6.1.0 also contains lots of JSON-RPC improvements, which is used by the UnrealIRCd admin panel. Live streaming of logs has been added and the webpanel now communicates to UnrealIRCd which web user issued a command (e.g.: who issued a kill, who changed a channel mode, ..).

Other improvements are whowasdb (persistent WHOWAS history) and a new guide on running a Tor Onion service. The release also fixes a crash bug related to remote includes and fixes multiple memory leaks.

Enhancements

  • Channel flood protection improvements:
  • New channel mode +F (uppercase F). This allows the user to choose a "flood profile", which (behind the scenes) translates to something similar to an +f mode. This so end-users can simply choose an +F profile without having to learn the complex channel mode +f.
    • For example +F normal effectively results in [7c#C15,30j#R10,10k#K15,40m#M10,8n#N15]:15
    • Multiple profiles are available and changing them is possible, see the documentation.
    • Any settings in mode +f will override the ones of the +F profile. To see the effective flood settings, use MODE #channel F.
  • You can optionally set a default profile via set::anti-flood::channel::default-profile. This profile is used if the channel is -F. If the user does not want channel flood protection then they have to use an explicit +F off.
  • When channel mode +f or +F detect that a flood is caused by >75% of "unknown-users", the server will now set a temporary ban on ~security-group:unknown-users. It will still set +i and other modes if the flood keeps on going (e.g. is caused by known-users).
  • Forced nick changes (e.g. by NickServ) are no longer counted in nick flood for channel mode +f/+F.
  • When a server splits on the network, UnrealIRCd now temporarily disables +f/+F join-flood protection for 75 seconds (set::anti-flood::channel::split-delay). This because a server splitting could mean that server has network problems or has died (or restarted), in which case the clients would typically reconnect to the remaining other servers, triggering an +f/+F join-flood and channels ending up being +i and such. That is not good because UnrealIRCd wants +f/+F to be as effortless as possible, with as little false positives as possible.
    • If your network has 5+ servers and the user load is spread evenly among them, then you could disable this feature by setting the amount of seconds to 0. This because in such a scenario only 1/5th (20%) of the users would reconnect and hopefully don't trigger +f/+F join floods.
  • All these features only work properly if all servers are on 6.1.0-rc1 or later.
  • New module whowasdb (persistent WHOWAS history): this saves the WHOWAS history on disk periodically and when UnrealIRCd terminates, so next server boot still has the WHOWAS history. This module is currently not loaded by default.
  • New option listen::spoof-ip, only valid when using UNIX domain sockets (so listen::file). This way you can override the IP address that users come online with when they use the socket (default was and still is 127.0.0.1).
  • Add a new guide Running Tor Onion service with UnrealIRCd which uses the new listen::spoof-ip and optionally requires a services account.
  • JSON-RPC:
  • Logging of JSON-RPC requests (e.g. via snomask +R) has been improved, it now shows:
    • The issuer, such as the user logged in to the admin panel (if known)
    • The parameters of the request
  • The JSON-RPC calls channel.list, channel.get, user.list and user.get now support an optional argument object_detail_level which specifies how detailed the Channel and User response object will be. Especially useful if you don't need all the details in the list calls.
  • New JSON-RPC methods log.subscribe and log.unsubscribe to allow real-time streaming of JSON log events.
  • New JSON-RPC method rpc.set_issuer to indiciate who is actually issuing the requests. The admin panel uses this to communicate who is logged in to the panel so this info can be used in logging.
  • New JSON-RPC methods rpc.add_timer and rpc.del_timer so you can schedule JSON-RPC calls, like stats.get, to be executed every xyz msec.
  • New JSON-RPC method whowas.get to fetch WHOWAS history.
  • Low ASCII is no longer filtered out in strings in JSON-RPC, only in JSON logging.
  • A new message tag unrealircd.org/issued-by which is IRCOp-only (and used intra-server) to communicate who actually issued a command. See docs.

Changes

  • The RPC modules are enabled by default now. This so remote RPC works from other IRC servers for calls like modules.list. The default configuration does NOT enable the webserver nor does it cause listening on any socket for RPC, for that you need to follow the JSON-RPC instructions.
  • The blacklist-module directive now accepts wildcards, e.g. blacklist-module rpc/*;
  • The setting set::modef-boot-delay has been moved to set::anti-flood::channel::boot-delay.
  • UnrealIRCd now only exempts 127.0.0.1 and ::1 from banning by default (hardcoded in the source). Previously UnrealIRCd exempted whole 127.* but that gets in the way if you want to allow Tor with a require authentication block or soft-ban. Now you can just tell Tor to bind to 127.0.0.2 so its not affected by the default exemption.

Fixes

  • Crash if there is a parse error in an included file and there are other remote included files still being downloaded.
  • Memory leak in WHOWAS
  • Memory leak when connecting to a TLS server fails
  • Workaround a bug in some websocket implementations where the WSOP_PONG frame is unmasked (now permitted).

Developers and protocol

  • The cmode.free_param definition changed. It now has an extra argument int soft and for return value you will normally return 0 here. You can return 1 if you resist freeing, which is rare and only used by +F with set::anti-flood::channel::default-profile.
  • New cmode.flood_type_action which can be used to indicate a channel mode can be used from +f/+F as an action. You need to specify for which flood type your mode is, e.g. cmode.flood_type_action = 'j'; for joinflood.
  • JSON-RPC supports UNIX domain sockets for making RPC calls. If this is used, UnrealIRCd now splits on \n (newline) so multiple parallel requests can be handled properly.
  • Message tag unrealircd.org/issued-by, sent to IRCOps only. See docs.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2023-017f544b89

This update has been submitted for testing by robert.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

robert edited this update.

a year ago

robert edited this update.

a year ago

This update has been pushed to testing.

a year ago
User Icon patchman provided feedback a year ago
karma

robert edited this update.

a year ago

This update has been submitted for stable by robert.

a year ago

This update has been pushed to stable.

a year ago

Please login to add feedback.

Metadata
Type
enhancement
Severity
medium
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
1
Stable by Time
7 days
Dates
submitted
a year ago
in testing
a year ago
in stable
a year ago
modified
a year ago

Automated Test Results