-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-f58c728a40 2023-05-15 01:25:30.611916 -------------------------------------------------------------------------------- Name : unrealircd Product : Fedora 38 Version : 6.1.0 Release : 1.fc38 URL : https://www.unrealircd.org/ Summary : Open Source IRC server Description : UnrealIRCd is an Open Source IRC server based on the branch of IRCu called Dreamforge, formerly used by the DALnet IRC network. Since the beginning of development on UnrealIRCd in May of 1999, it has become a highly advanced IRCd with a strong focus on modularity, an advanced and highly configurable configuration file. Key features include SSL/TLS, cloaking, advanced anti- flood and anti-spam systems, swear filtering and module support. -------------------------------------------------------------------------------- Update Information: # UnrealIRCd 6.1.0 This is UnrealIRCd 6.1.0 stable. It is the direct successor to 6.0.7, there will be no 6.0.8. This release contains several channel mode `+f` enhancements and introduces a new channel mode `+F` which works with flood profiles like `+F normal` and `+F strict`. It is much easier for users than the scary looking mode `+f`. UnrealIRCd 6.1.0 also contains lots of JSON-RPC improvements, which is used by the [UnrealIRCd admin panel](https://www.unrealircd.org/docs/UnrealIRCd_webpanel). Live streaming of logs has been added and the webpanel now communicates to UnrealIRCd which web user issued a command (e.g.: who issued a kill, who changed a channel mode, ..). Other improvements are whowasdb (persistent `WHOWAS` history) and a new guide on running a Tor Onion service. The release also fixes a crash bug related to remote includes and fixes multiple memory leaks. ## Enhancements * Channel flood protection improvements: * New [channel mode `+F`](https://www.unrealircd.org/docs/Channel_anti-flood_settings) (uppercase F). This allows the user to choose a "flood profile", which (behind the scenes) translates to something similar to an `+f` mode. This so end-users can simply choose an `+F` profile without having to learn the complex channel mode `+f`. * For example `+F normal` effectively results in `[7c#C15,30j#R10,10k#K15,40m#M10,8n#N15]:15` * Multiple profiles are available and changing them is possible, see [the documentation](https://www.unrealircd.org/docs/Channel_anti-flood_settings). * Any settings in mode `+f` will override the ones of the `+F` profile. To see the effective flood settings, use `MODE #channel F`. * You can optionally set a default profile via [`set::anti-flood::channel::default- profile`](https://www.unrealircd.org/docs/Channel_anti- flood_settings#Default_profile). This profile is used if the channel is `-F`. If the user does not want channel flood protection then they have to use an explicit `+F off`. * When channel mode `+f` or `+F` detect that a flood is caused by >75% of ["unknown-users"](https://www.unrealircd.org/docs/Security- group_block), the server will now set a temporary ban on `~security- group:unknown-users`. It will still set `+i` and other modes if the flood keeps on going (e.g. is caused by known-users). * Forced nick changes (e.g. by NickServ) are no longer counted in nick flood for channel mode `+f`/`+F`. * When a server splits on the network, UnrealIRCd now temporarily disables `+f`/`+F` join-flood protection for 75 seconds ([`set::anti- flood::channel::split-delay`](https://www.unrealircd.org/docs/Channel_anti- flood_settings#config)). This because a server splitting could mean that server has network problems or has died (or restarted), in which case the clients would typically reconnect to the remaining other servers, triggering an `+f`/`+F` join-flood and channels ending up being `+i` and such. That is not good because UnrealIRCd wants `+f`/`+F` to be as effortless as possible, with as little false positives as possible. * If your network has 5+ servers and the user load is spread evenly among them, then you could disable this feature by setting the amount of seconds to `0`. This because in such a scenario only 1/5th (20%) of the users would reconnect and hopefully don't trigger `+f`/`+F` join floods. * All these features only work properly if all servers are on 6.1.0-rc1 or later. * New module `whowasdb` (persistent `WHOWAS` history): this saves the `WHOWAS` history on disk periodically and when UnrealIRCd terminates, so next server boot still has the `WHOWAS` history. This module is currently not loaded by default. * New option [`listen::spoof- ip`](https://www.unrealircd.org/docs/Listen_block#spoof-ip), only valid when using UNIX domain sockets (so `listen::file`). This way you can override the IP address that users come online with when they use the socket (default was and still is `127.0.0.1`). * Add a new guide [Running Tor Onion service with UnrealI RCd](https://www.unrealircd.org/docs/Running_Tor_Onion_service_with_UnrealIRCd) which uses the new `listen::spoof-ip` and optionally requires a services account. * [JSON-RPC](https://www.unrealircd.org/docs/JSON-RPC): * Logging of JSON-RPC requests (e.g. via snomask `+R`) has been improved, it now shows: * The issuer, such as the user logged in to the admin panel (if known) * The parameters of the request * The JSON-RPC calls [`channel.list`](https://www.unrealircd.org/docs/JSON-RPC:Channel#channel.list), [`channel.get`](https://www.unrealircd.org/docs/JSON-RPC:Channel#channel.get), [`user.list`](https://www.unrealircd.org/docs/JSON-RPC:User#user.list) and [`user.get`](https://www.unrealircd.org/docs/JSON-RPC:User#user.get) now support an optional argument `object_detail_level` which specifies how detailed the [Channel](https://www.unrealircd.org/docs/JSON- RPC:Channel#Structure_of_a_channel) and [User](https://www.unrealircd.org/docs/JSON- RPC:User#Structure_of_a_client_object) response object will be. Especially useful if you don't need all the details in the list calls. * New JSON-RPC methods [`log.subscribe`](https://www.unrealircd.org/docs/JSON- RPC:Log#log.subscribe) and [`log.unsubscribe`](https://www.unrealircd.org/docs/JSON- RPC:Log#log.unsubscribe) to allow real-time streaming of [JSON log events](https://www.unrealircd.org/docs/JSON_logging). * New JSON-RPC method [`rpc.set_issuer`](https://www.unrealircd.org/docs/JSON-RPC:Rpc#rpc.set_issuer) to indiciate who is actually issuing the requests. The admin panel uses this to communicate who is logged in to the panel so this info can be used in logging. * New JSON-RPC methods [`rpc.add_timer`](https://www.unrealircd.org/docs/JSON- RPC:Rpc#rpc.add_timer) and [`rpc.del_timer`](https://www.unrealircd.org/docs/JSON-RPC:Rpc#rpc.del_timer) so you can schedule JSON-RPC calls, like stats.get, to be executed every xyz msec. * New JSON-RPC method [`whowas.get`](https://www.unrealircd.org/docs/JSON- RPC:Whowas#whowas.get) to fetch `WHOWAS` history. * Low ASCII is no longer filtered out in strings in JSON-RPC, only in JSON logging. * A new message tag `unrealircd.org/issued-by` which is IRCOp-only (and used intra-server) to communicate who actually issued a command. See [docs](https://www.unrealircd.org/issued-by). ## Changes * The RPC modules are enabled by default now. This so remote RPC works from other IRC servers for calls like `modules.list`. The default configuration does NOT enable the webserver nor does it cause listening on any socket for RPC, for that you need to follow the [JSON-RPC](https://www.unrealircd.org/docs/JSON-RPC) instructions. * The [blacklist-module](https://www.unrealircd.org/docs/Blacklist- module_directive) directive now accepts wildcards, e.g. `blacklist-module rpc/*;` * The setting set::modef-boot-delay has been moved to [`set::anti- flood::channel::boot-delay`](https://www.unrealircd.org/docs/Channel_anti- flood_settings#config). * UnrealIRCd now only exempts `127.0.0.1` and `::1` from banning by default (hardcoded in the source). Previously UnrealIRCd exempted whole `127.*` but that gets in the way if you want to allow Tor with a [require authentication](https://www.unrealircd.org/docs/Require_authentication_block) block or soft-ban. Now you can just tell Tor to bind to `127.0.0.2` so its not affected by the default exemption. ## Fixes * Crash if there is a parse error in an included file and there are other remote included files still being downloaded. * Memory leak in `WHOWAS` * Memory leak when connecting to a TLS server fails * Workaround a bug in some websocket implementations where the `WSOP_PONG` frame is unmasked (now permitted). ## Developers and protocol * The `cmode.free_param` definition changed. It now has an extra argument `int soft` and for return value you will normally `return 0` here. You can `return 1` if you resist freeing, which is rare and only used by `+F` with set::anti- flood::channel::default-profile. * New `cmode.flood_type_action` which can be used to indicate a channel mode can be used from +f/+F as an action. You need to specify for which flood type your mode is, e.g. `cmode.flood_type_action = 'j';` for joinflood. * JSON-RPC supports [UNIX domain sockets](https://www.unrealircd.org/docs/JSON- RPC:Technical_documentation#UNIX_domain_socket) for making RPC calls. If this is used, UnrealIRCd now splits on `\n` (newline) so multiple parallel requests can be handled properly. * Message tag `unrealircd.org/issued-by`, sent to IRCOps only. See [docs](https://www.unrealircd.org/issued-by). -------------------------------------------------------------------------------- ChangeLog: * Sat May 6 2023 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 6.1.0-1 - Upgrade to 6.1.0 (#2185257) -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-f58c728a40' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- package-announce@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-announce-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue