Members from the public are welcome to test if there are any major release critical bugs (such as crash bugs) present, so they can be corrected before the real 3.2.10 release. Note that we do not recommend running this version on production servers.
To grab this version, go to www.unrealircd.com -> Downloads.
You can help us by testing specific items which can be found on our the Unreal3.2 testing forum. Be sure to read the first post 'READ THIS! (how to use)'.
Summary of the new features and fixes:
Code: Select all
==[ NEW ]== - Improved socket engine. This brings some performance improvements and also makes it easier to configure a system to hold more than 1024 clients (no more editing of header files on Linux!). - ESVID support: services can communicate the account name of the user back to the IRCd. This only works on ESVID-capable services: - Extban ~a:<accountname>: matches users who are logged in to services with that account name. - Show account name in /WHOIS - CAP support: this enables clients to enable certain features more easily. Can be disabled through set::options::disable-cap. - Now that STARTTLS is advertised in CAP it is likely to be used more often. - away-notify: informs clients of AWAY state changes of users on the same channels, for clients that support this. - account-notify: similar to away-notify, inform clients of changes in the login status and account name used by other clients on the same channels. - SASL support. To use this, and if your services support this, you point set::sasl-server to your services server. - Server-side MLOCK support: the IRCd will prevent channel mode changes depending on the MLOCK setting in services. Requires special support from services for this feature. - User Mode +I (IRCOp only): hide idle time - auth-method 'sslclientcertfp': authenticate users using an SSL client certificate by the SHA256 fingerprint of that certificate. The documentation has a new section (3.19) called 'Authentication Types' which contains an (improved) example of how to use SSL client certificate authentication instead of regular passwords. - oper::require-modes: an optional setting, which can be used to require users to have certain user modes (such as 'z') before they can /OPER up. - allow/deny channel: you can now optionally specify a class here as an extra filter. - doc/example.es.conf: Spanish translation of example configuration file. - There have also been some behavior changes, which can be considered NEW, see next section (CHANGED). ==[ CHANGED ]== - Anti-spoof protection (ping cookies) can now be enabled/disabled at run-time through set::ping-cookie [yes|no]. The default is 'yes' (enabled). - A quit with 'Ping timeout' now shows the number of seconds since the ping. - Print out a warning if we can't write to a log file. - Refuse to boot if we can't write to ANY log file. - Windows: if an SSL certificate exists, then uncheck the 'generate SSL certificate' checkbox by default. - *NIX with SSL: We now ask in ./Config if you want to generate an SSL certificate. The certificate is then copied when you run 'make install'. ==[ MAJOR BUGS FIXED ]== - None? ==[ MINOR BUGS FIXED ]== - Various compile problems, in particular with remote includes enabled. - Windows: the installer sometimes insisted that the Visual C++ 2008 redistributable package was not installed, when it actually was there. - Windows: MOTD file date/time was always showing up as 1/1/1970. - And more... see Changelog ==[ REMOVED / DROPPED ]== - Windows 9X is no longer supported - The networks/ directory has been removed
Code: Select all
- Automatically regenerate Makefile if ./config.status --recheck was run. - Fix compilation issue when disabling stacked extbans. https://bugs.gentoo.org/389949 - Attempt to make Makefile rules more parallelism friendly. - Fix compilation issues with bundled tre and ./curlinstall-ed curl caused by over-generic regexes. Reported by warg. - Fix version string in configure.ac. - Include CMDS=STARTTLS in ISUPPORT/numeric 005 to let clients discover STARTTLS support through VERSION, before or after registration (#4064). - Added patch from nenotopia to use more modern LUSERS numerics (#3967). - Fix small error in oper block documentation, reported by Stealth (#2318). - Config parser failed to check for invalid set::ssl options, reported and patch by fbi (#4035). - Tweak: send actual channel name and not user supplied channel in KICK, reported and patch by Stealth (#3298). - Services coders: Added support for ESVID. Instead of a number you can now store a string (of max NICKLEN size) as service stamp. See protoctl.txt and serverprotocol.html in doc/technical for more information. Patch from nenotopia (#3966). - Show account name in /WHOIS, for ESVID-capable services packages, patch from nenotopia (#3966). - Added extended ban ~a:<account name> which matches users who are logged in to services with that account name. This works only on services that support ESVID. Patch from nenotopia (#3966). - Updated extended ban documentation in help.conf and unreal32docs: new bantype ~a, and some text about extended bans & invex (+I). - Throw up an error if a password in the configuration file is too long (max 48 characters), reported by JasonTik, based on patch from WolfSage (#3223). - Enforce matching of unrealircd version and PACKAGE_VERSION macros. Now the UNREAL_VERSION_GENERATION, UNREAL_VERSION_MAJOR, UNREAL_VERSION_MINOR, and UNREAL_VERSION_SUFFIX macros are autogenerated from PACKAGE_VERSION (#4014). - Make default service stamp 0 (zero) again, instead of '*' which was introduced by ESVID changes a few days ago. This makes anope happy, and also means nothing will change in a non-ESVID scenario. - Fix misuse of stdarg.h macros when calling vsyslog() (#4065 by Jimini). - Ditch vsyslog() as it's only a waste of CPU, inspired by #4065. - Add CAP support. Currently implemented are: multi-prefix (NAMESX), and userhost-in-names (UHNAMES). Patch from nenotopia (#4018, #4066). - Fix issue with CAP & NOSPOOF. Patch from nenolod (#4077). - Advertise 'tls' (STARTTLS) capability in CAP. Patch from nenolod (#4081). - New user mode +I (IRCOp only) which hides idle times to other users, suggested and patch supplied by Nath & binki (#3953). - Added remove_oper_modes(), which works just like remove_oper_snomasks(), and ensures that the user does not have any ircop-only user modes after de-opering. This (only) fixes the just added +I umode case, but could also prevent future bugs. - Get rid of networks/ directory, and all references to it. Suggested by katsklaw and others (#4056). - Added doc/example.es.conf, translated by Severus_Snape. - Make the accept code check if the fd is within bounds instead of relying on OpenFiles to be correct. This fixes a crash when f.e. 3rd party modules have files open but don't increase OpenFiles. Might also fix a curl crash, though nobody ever reported one. - Moved nospoof to config file, suggested by and patch from nenolod (#4078). This means ping cookies are now controlled by set::ping-cookie [yes|no]. The default is 'yes' (enabled). - Even when 'M' was listed in set::oper-only-stats you could still do a '/STATS m'. Unlike other stats characters, case insensitivity was not checked for this one. Reported by and patch from Apocalypse (#4086). - Added patch from Adam for poll() support (#1245). - Various changes/fixes/enhancements to poll patch - UnrealIRCd now supports poll() instead of select(). There are some minor speed benefits if you have more than 1K or 2K clients, however the main noticeable difference is that on Linux you can now easily enter a higher maximum connection count than 1024 in ./Config, without having to edit system header files. Of course, you still need to be allowed to use the # of sockets (type 'ulimit -n' on the shell). Support for this is experimental at this stage, but enabled by default so it can receive all the testing it deserves. If all goes well, it will be the default for 3.2.10. Stress testing is very much welcomed! - Speed optimization: First, moved a large part of vsendto_prefix_one into vmakebuf_local_withprefix. Then use this new function - which creates the buffer-to-be-sent - at the top of functions like sendto_channel_butserv and sendto_common_channels and send the prepared buffer in the loop that comes after it. This means we only prepare the buffer once and then send it many times, rather than both building and sending it XYZ times. Benchmarking connect-join-quit of 10k clients: 100 users per channel: no noticeable speed improvement 1000 users per channel: 18% faster 10000 users in one channel: 50% faster As you can see, unfortunately, for a typical irc network there isn't much speed improvement. However, if you have a couple of 500+ user channels or get attacked by clones then you may see some improvement in speed and/or lower CPU usage. - Minor documentation typos, thanks warg (#4094). - Call m_cap_Init() when m_cap is loaded through commands.so. Reported by nenolod. - Fix for speed optimization a few lines up, was accidentally using ident username (which might have been 'unknown') instead of effective username. - Added support for SASL, patch from nenolod (#4079). - Fix crash in AUTHENTICATE (SASL commit from an hour or so ago). - Tweak SASL code to conform to current coding style. - Some more SASL fixes, and more... - Split up PROTOCTL line, since with the addition of ESVID we exceeded MAXPARA when using ZIP links. This caused an odd charset warning upon link. - Poll I/O engine: get_client_by_pollfd() may return -1 when there's a race condition. Don't abort, instead just skip those clients. This fixes a crash I had on /SQUIT. - Fix win32 installer: apparently it sometimes complained about not having the Visual C++ 2008 redistributable package installed when this was not true. - Win32 compile fix - Print out a warning when we can't write to a log file. When booting this goes to the boot screen. When we are already booted it's sent to all IRCOps with a limit of max. 1 message per 5 minutes. - Refuse to boot when we can't write to any log file. - Remove old no-stealth configuration directive from documentation, reported by katsklaw, patch from warg (#4036). - Added 'away-notify' client capability, which informs the client of any AWAY state changes of users on the same channel. Patch from nenolod (#4097). - Add support for account-notify client capability (#4098). This capability can be used to request passive notifications for accountname changes. - If set::options::dont-resolve is enabled, then use only the IP information from a WEBIRC message, reported by Ismat (#4103). - Moved sendto_connectnotice, and thus the call to HOOKTYPE_LOCAL_CONNECT, so it gets called after the broadcast of NICK to other servers. - Fix bug caused by new I/O engine (both with and without USE_POLL): queued data on the receive queue (eg: due to fake lag) was not processed unless we got new data from the client. Now, better document this. Also, avoid calling dbuf_put with 0 length. - Add support for server-enforced mode locks (MLOCK), suggested in #3055 back in 2006. This allows the IRCd to enforce MLOCKs that are set by services, which eliminates clashes between users setting modes and services enforcing it's mlock on channels. - Fixed another SASL crash bug. Always use HookAddEx, not HookAdd! Crash occured after the first quit of a user after a REHASH. Reported by Dave (#4108). - SASL now needs to be enabled explicitly by setting a set::sasl-server. If this is not set, then SASL is off and not advertised. If the specified server is not connected, then SASL is off as well. This prevents unnecessary delay (and the inability for some clients to get online) when SASL is not in use or when the SASL server is down. - Changed numeric 307 (RPL_WHOISREGNICK) to 'is identified for this nick', reported by fbi (#3399). - Win32 installer (SSL): Uncheck 'create certificate' checkbox when server.cert.pem exists, and check it if the file doesn't exist. You can still change the setting, just the default is correct now. The code for this was already there but was not working correctly causing users to go through the generation process upon each install. - Win32 installer: Latest InnoSetup no longer supports Windows 95/98, so update Minversion to make the .iss compile. - Module coders: added HOOKTYPE_AWAY (sptr, away-reason). - Add optional oper::require-modes setting to the oper block. Any attempt to /OPER by someone who doesn't have one of the listed usermodes is rejected. This can be used to restrict oper blocks to registered nicks (+r) or secure clients (SSL, +z) (#4008 by katsklaw). - Clarify that hiddenhost-prefix must be the same on linked servers for bans to function properly (#4090, patch from warg, reported in #4043 by maxb). - Add /SILENCE to HTML documentation (reported by Severus_Snape in #4072, patch from warg). - Show "Ping timeout: XYZ seconds" instead of just "Ping timeout". Patch from darkex (#3960). - Install server.*.pem files, patch from katsklaw (#3988). - The ./Config script will now ask whether to generate an SSL certificate when it does not exist (defaults to Yes), instead of always generating one. - Added missing Mod_Header to m_sasl.c - Remove old reference to networks/ directory from Windows installer - Disable sending of UHNAMES when HTM (High Traffic Mode) is ON, suggested by driew (#3900). - Add 'class' option to allow/deny channel so you can allow/deny users based on their class. Patch from fspijkerman (#4125). - Use poll() in the remote includes functions when USE_POLL is defined (#4091). - Fix bug where recursive includes would hang the IRCd, patch from binki with some minor modifications, reported by warg (#3919). - Upgraded to c-ares 1.9.1. Updated configure & other files. - Disable USE_POLL on Windows, since it doesn't work with XP and has no advantage anyway. Reported by nenolod (#4129). - Various updates to makefile.win32 and .iss file, found during building new versions of zlib, openssl, and curl. - Added set::options::disable-cap, which can be used to disable the new CAP support (#4104). - Added auth method 'sslclientcertfp' which provides an alternative method to authenticate users with SSL client certificates based on SHA256 fingerprints. This can be used instead of the already existing 'sslclientcert' so you don't have to use an external file. One way to get the SHA256 fingerprint would be: openssl x509 -in name-of-pem-file.pem -sha256 -noout -fingerprint Suggested and patch supplied by Jobe (#4019). - Added documentation on the new sslclientcertfp - Moved documentation on authentication types to one place and refer to it from each section (oper::password, vhost::password, link::password-receive, etc). - Windows: fix MOTD file always showing a date of 1/1/1970, reported by maxarturo (#4102). - Update version to 3.2.10-rc1 - Bump version number in all translated docs as well (did not change the 'last update' date, though). - Removed unreal32docs.es.html (outdated since 2006-12-22), unreal32docs.gr.html (outdated since 2006-12-02), and unreal32docs.nl.html (outdated since 2009-01-18, possibly 2007-07-12). These translations are out of date for many years and are causing problems for the people who are reading this out of date information. If you want to update these translations, or (maybe better) redo the translation of unreal32docs in these languages, then send an e-mail to email@example.com. Note that for all these languages we have had people in the past offering to help out, but in the end we never heard back from them, so please ONLY contact us if you: 1) are serious, and 2) have sufficient time available to work on this project. That said, users in your language will greatly appreciate your work! Of course, if you want to translate documents in any other language then you are welcome to contact us as well. - Remove wircd.def, needs to be re-generated almost each build anyway..