UnrealIRCd 4.0.19-rc1 available for testing

News about the UnrealIRCd project, including release announcements
Post Reply
UnrealIRCd head coder
Posts: 1973
Joined: Sat Mar 06, 2004 8:57 pm
Location: .nl

UnrealIRCd 4.0.19-rc1 available for testing

Post by Syzop »

The first Release Candidate for UnrealIRCd 4.0.19 is now available for download. You can help us by testing this release and reporting bugs to https://bugs.unrealircd.org/. A stable release is scheduled end of September / early October.

UPDATE: there's now a newer second release candidate.

  • New option to disable a module: blacklist-module "modulename";
    This will cause any 'loadmodule' lines for that module to be ignored. This is especially useful if you only want to disable a few modules that are (normally) automatically loaded by conf/modules.default.conf.
  • Next three new features have to do with SASL. More information on SASL in general can be found here.
    • A new require sasl { } block which allows you to force users on the specified hostmask to use SASL. Any unauthenticated users matching the specified hostmask are are rejected.
    • New "soft kline" and "soft gline". These will not be applied to users that are authenticated to services using SASL. These are just GLINE/KLINE's but prefixed with a percent sign:
      Example: /KLINE %*@10.* 0 Only SASL allowed from here
    • New "soft" ban actions for spamfilter, blacklist, antirandom, etc.
      Actions such as "soft-kline" and "soft-kill" will only be applied to unauthenticated users. Users who are authenticated to services (SASL) are exempt from the corresponding spamfilter/blacklist/antirandom/..
      See https://www.unrealircd.org/docs/Actions for the full action list.
    • WARNING: If your network also contains UnrealIRCd servers below v4.0.19 then it is not recommended to use global soft bans (such as soft gline or any spamfilter with soft-xx actions). There won't be havoc, but the bans won't be effective on parts of the network. Local soft bans such as a soft /kline can still be used.
  • The following extban modules are not new but are now enabled by default: extbans/textban, extbans/timedban and extbans/msgbypass. In case you don't like them, use blacklist-module as mentioned earlier.
    Just as a reminder, they provide the following functionality:
    • TextBan: +b ~T:block:*badword* to block sentences with 'badword'
    • Timed bans: ~t:duration:mask
      These are bans that are automatically removed by the server. The duration is in minutes and the mask can be any ban mask.
      Some examples:
      • A 5 minute ban on a host: +b ~t:5:*!*@host
      • A 5 minute quiet ban on a host (unable to speak): +b ~t:5:~q:*!*@host
      • An invite exception for 1440m/24hrs: +I ~t:1440:*!*@host
      • A temporary exempt ban for a services account: +e ~t:1440:~a:Account
      • Allows someone to speak through +m for the next 24hrs: +e ~t:1440:~m:moderated:*!*@host
      • And any other crazy ideas you can come up with...
    • Timedban support in +f [5t#b2]:10 (set 2 minute ban on text flood).
    • Ban exception ~m:type:mask which allows bypassing of message restrictions.
      Valid types: 'external' (bypass +n), moderated (bypass +m/+M), 'censor' (bypass +G), 'color' (bypass +S/+c) and 'notice' (bypass +T).
      Some examples:
      • Let LAN users bypass +m: +e ~m:moderated:*!*@192.168.*
      • Let ops in #otherchan bypass +m in this channel: +e ~m:moderated:~c:@#otherchan
      • Make GitHub commit bot bypass +n: +e ~m:external:*!*@ipmask
      • Allow a services account to use color: +e ~m:color:~a:ColorBot
  • AntiRandom: The module will now (by default) exempt WEBIRC gateways from antirandom checking because they frequently cause false positives. This new behavior can be disabled via: set { antirandom { except-webirc no; }; }
  • Server linking attempts and errors are now also put in the log file.
Major issues fixed
  • Blacklist + WEBIRC: Potential crash issue when concurrently checking DNSBL for a trusted WEBIRC gateway and the spoofed host.
  • Blacklist: In case of multiple blacklists the 2nd/3rd/.. blacklists were not always checked properly.
Minor issues fixed
  • Remote includes: ./Config didn't properly detect libcurl on Ubuntu 18 (and possibly other Linux distributions as well)
  • Timeouts during server linking attempts were not displayed.
Other changes:
  • Windows users may be prompted to install the Visual C++ redistributable package for Visual Studio 2017. This is because we now build on VS 2017 instead of VS 2012.
  • We now use standard formatted messages for all K-Lines, G-Lines and any other bans that will cause the user to be disconnected. For technical details see the banned_client() function.
  • The except throttle { } block now also overrides any limitations from set::max-unknown-connection-per-ip. Useful for WEBIRC gateways.
  • Localhost connections are considered secure, so these can be used even if you have a plaintext-policy of 'deny' or 'warn'. (This was already the case for servers, but now also for users and opers)
For module coders:
  • Windows: Be aware that we now build with Visual Studio 2017. This means 3rd party modules should be compiled with VS 2017 (or VS 2015) as well.
Future versions (heads up):
  • We intend to change the default plaintext oper policy from warn to deny later this year. This will deny /OPER when issued from a non-SSL connection. For security, IRC Operators should really use SSL/TLS when connecting to an IRC server!
As always, you can download UnrealIRCd from www.unrealircd.org.
Post Reply