The following Fedora EPEL 9 Security updates need testing: Age URL 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-1dfe84c7fe GitPython-3.1.30-1.el9 The following builds have been pushed to Fedora EPEL 9 updates-testing rednotebook-2.29-1.el9 unrealircd-6.0.5-1.el9 Details about builds: ================================================================================ rednotebook-2.29-1.el9 (FEDORA-EPEL-2022-8076dc0aeb) Daily journal with calendar, templates and keyword searching -------------------------------------------------------------------------------- Update Information: New upstream version 2.29. ---- New upstream version 2.28.1. ---- New upstream version 2.28. -------------------------------------------------------------------------------- ChangeLog: * Sat Dec 31 2022 Phil Wyett <philip.wyett@xxxxxxxxxxxx> - 2.29-1 - New upstream version 2.29 * Thu Dec 29 2022 Phil Wyett <philip.wyett@xxxxxxxxxxxx> - 2.28.1-1 - New upstream version 2.28.1 * Wed Dec 28 2022 Phil Wyett <philip.wyett@xxxxxxxxxxxx> - 2.28-1 - New upstream version 2.28 -------------------------------------------------------------------------------- ================================================================================ unrealircd-6.0.5-1.el9 (FEDORA-EPEL-2022-468ed02a82) Open Source IRC server -------------------------------------------------------------------------------- Update Information: # UnrealIRCd 6.0.5 This release adds experimental JSON-RPC support, a new TLINE command, logging to files has been improved and there are several other enhancements. There are also two important changes: 1) servers that use websockets now also need to load the "webserver" module (so you may need to edit your config file). 2) upstream now requires by default TLSv1.2 or higher and a modern cipher for IRC clients. This should be no problem for clients using any reasonably new SSL/TLS library (from 2014 or later). ## Enhancements * Internally the websocket module has been split up into 3 modules: `websocket_common`, `webserver` and `websocket`. The `websocket_common` one is loaded by default via modules.default.conf, the other two are not. **Important:** If you use websockets then you need to load two modules now (instead of only one): ``` loadmodule "websocket"; loadmodule "webserver"; ``` * [JSON-RPC](https://www.unrealircd.org/docs/JSON-RPC) API for UnrealIRCd. This is work in progress. * New `TLINE` command to test *LINEs. This can be especially useful for checking how many people match an [extended server ban](https://www.unrealircd.org/docs/Extended_server_bans) such as `TLINE ~C:NL` * When an IRCOp is outside the channel and does `MODE #channel` they will now get to see the mode parameters too. This depends on the `channel:see:mode:remote` [operclass permission](https://www.unrealircd.org/docs/Operclass_permissions) which all IRCOps have by default if you use the default operclasses. * [Logging to a file](https://www.unrealircd.org/docs/Log_block) now creates a directory structure if needed. * You could already use: ``` log { source { !debug; all; } destination { file "ircd.%Y-%m-%d.log"; } } ``` * But now you can also use: ``` log { source { !debug; all; } destination { file "%Y-%m-%d/ircd.log"; } } ``` This is especially useful if you output to multiple log files and then want them grouped by date in a directory. * Add additional variables in [blacklist::reason](https://www.unrealircd.org/docs/Blacklist_block): * `$blacklist`: name of the blacklist block * `$dnsname`: the blacklist::dns::name * `$dnsreply`: the DNS reply code * Resolved technical issue so opers can `REHASH` from [Websocket connections](https://www.unrealircd.org/docs/WebSocket_support). * In the [TLD block](https://www.unrealircd.org/docs/Tld_block) the use of `tld::motd` and `tld::rules` is now optional. * Log which oper actually initiated a server link request (`CONNECT`) ## Changes * SSL/TLS: By default upstream now requires TLSv1.2 or later and a modern cipher with forward secrecy. Otherwise the connection is refused. * Since UnrealIRCd 4.2.2 (March 2019) users see an on- connect notice with a warning when they use an outdated TLS protocol or cipher that does not meet these requirements. * This move also reflects the phase out of versions below TLSv1.2 which happened in browsers in 2020/2021. * In practice on the client-side this requires at least: * OpenSSL 1.0.1 (released in 2012) * GnuTLS 3.2.6 (2013) * Android 4.4.2 (2013) * Or presumably any other SSL/TLS library that is not 9+ years old * If you want to revert back to the previous less secure settings, then look under ''Previous less secure setting'' in [TLS Ciphers and protocols](https://www.unrealircd.org/docs/TLS_Ciphers_and_protocols). * The code for handling [`set::anti-flood::everyone::connect- flood`](https://www.unrealircd.org/docs/Anti-flood_settings#connect-flood) is now in its own module `connect-flood`. This module is loaded by default, no changes needed in your configuration file. * Similarly, [`set:max-unknown- connections-per-ip`](https://www.unrealircd.org/docs/Set_block#set::max-unknown- connections-per-ip) is now handled by the new module `max-unknown-connections- per-ip`. This module is loaded by default as well, no changes needed in your configuration file. * When timing out on the [authprompt](https://www.unrealircd.org/docs/Set_block#set::authentication- prompt) module, the error (quit message) is now the original (ban) reason for the prompt, instead of the generic `Registration timeout`. ## Fixes * Crash when linking. This requires a certain sequence of events: first a server is linked in successfully, then it needs to REHASH, and then a new link attempt has to come in with the same server name (for example because there is a network issue and the old link has not timed out yet). If all that happens, then an UnreaIRCd 6 server may crash, but not always. * Warning message about moddata creationtime when linking. * [Snomask `+j`](https://www.unrealircd.org/docs/Snomasks) was not showing remote joins, even though it did show remote parts and kicks. * Leak of 1 file descriptor per /REHASH (the control socket). * Ban letters showing up twice in 005 EXTBAN= * Setting [set::authentication- prompt::enabled](https://www.unrealircd.org/docs/Set_block#set::authentication- prompt) to `no` was ignored. The default is still `yes`. ## Developers and protocol * Add `CALL_CMD_FUNC(cmd_func_name)` for calling commands in the same module, see [this commit](https://github.com/unrealircd/unrealircd/commit/dc55c3 ec9f19e5ed284e5a786f646d0e6bb60ef9). Benefit of this is that it will keep working if we ever change command paramters. * Add `CALL_NEXT_COMMAND_OVERRIDE()` which can be used instead of `CallCommandOverride()`, see also [this commit](https://github.com/unrealircd/un realircd/commit/4e5598b6cf0986095f757f31a2540b03e4d235dc). This too, will keep working if we ever change command parameters. * During loading and rehash we now set `loop.config_status` to one of `CONFIG_STATUS_*` so modules (and core) can see at what step we are during configuration file and module processing. * New RPC API. See the `src/modules/rpc/` directory for examples. * New function `get_nvplist(NameValuePrioList *list, const char *name)` -------------------------------------------------------------------------------- ChangeLog: * Sat Dec 31 2022 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 6.0.5-1 - Upgrade to 6.0.5 (#2151482) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2151482 - unrealircd-6.0.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=2151482 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue