-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-239f057b33 2023-12-18 02:01:55.308683 -------------------------------------------------------------------------------- Name : unrealircd Product : Fedora 38 Version : 6.1.3 Release : 1.fc38 URL : https://www.unrealircd.org/ Summary : Open Source IRC server Description : UnrealIRCd is an Open Source IRC server based on the branch of IRCu called Dreamforge, formerly used by the DALnet IRC network. Since the beginning of development on UnrealIRCd in May of 1999, it has become a highly advanced IRCd with a strong focus on modularity, an advanced and highly configurable configuration file. Key features include SSL/TLS, cloaking, advanced anti- flood and anti-spam systems, swear filtering and module support. -------------------------------------------------------------------------------- Update Information: # UnrealIRCd 6.1.3 The main focus of this release is adding countermeasures against large scale spam/drones. Upstream does this by offering a central API which can be used for accessing Central Blocklist, Central Spamreport and Central Spamfilter. ## Enhancements * Central anti-spam services: * The services from below require a central-api key, which you can [request here](https://www.unrealircd.org/central-api/). * [Central Blocklist](https://www.unrealircd.org/docs/Central_Blocklist) is an attempt to detect and block spammers. It works similar to DNS Blacklists but the central blocklist receives many more details about the user that is trying to connect and therefore can make a better decision on whether a user is likely a spammer. * [Central Spamreport](https://www.unrealircd.org/docs/Central_spamreport) allows you to send spam reports (user details, last sent lines) via the `SPAMREPORT` command. This information may then be used to improve [Central Blocklist](https://www.unrealircd.org/docs/Central_Blocklist) and/or [Central Spamfilter](https://www.unrealircd.org/docs/Central_Spamfilter). * The [Central Spamfilter](https://www.unrealircd.org/docs/Central_Spamfilter), which provides `spamfilter { }` blocks that are centrally managed, is now fetched from a different URL if you have an Central API key set. This way, upstream can later provide `spamfilter { }` blocks that build on central blocklist scoring functionality, and also so upstream doesn't have to reveal all the central spamfilter blocks to the world. * New option `auto` for [set::hide-ban- reason](https://www.unrealircd.org/docs/Set_block#set::hide-ban-reason), which is now the default. This will hide the \*LINE reason to other users if the \*LINE reason contains the IP of the user, for example when it contains a DroneBL URL which has `lookup?ip=XXX`. This to protect the privacy of the user. Other possible settings are `no` (never hide, the previous default) and `yes` to always hide the \*LINE reason. In all cases the user affected by the server ban can still see the reason and IRCOps too. * Make [Deny channel](https://www.unrealircd.org/docs/Deny_channel_block) support escaped sequences like `channel "#xyz\*";` so you can match a literal `*` or `?` via `\*` and `\?`. * New option [listen::options::websocket::allow- origin](https://www.unrealircd.org/docs/Listen_block#options_block_(optional)): this allows to restrict websocket connections to a list of websites (the sites hosting the HTML/JS page that makes the websocket connection). It doesn't *securely* restrict it though, non-browsers will bypass this restriction, but it can still be useful to restrict regular webchat users. * The [Proxy block](https://www.unrealircd.org/docs/Proxy_block) already had support for reverse proxying with the `Forwarded` header. Now it also properly supports `X-Forwarded-For`. If you previously used a proxy block with type `web`, then you now need to choose one of the new types explicitly. Note that using a reverse proxy for IRC traffic is rare (see the proxy block docs for details), but upstream offers the option. ## Changes * Reserve more file descriptors for internal use. For example, when there are 10,000 fd's are available upstream now reserves 250, and when 2048 are available upstream reserves 32. This so upstream has more fds available to handle things like log files, do HTTPS callbacks to blacklists, etc. * Make `$client.details` in logs follow the ident rules for users in the handshake too, so use the `~` prefix if ident lookups are enabled and identd fails etc. * More validation for operclass names (`a-zA-Z0-9_-`) * Hits for central-blocklist are now broadcasted globally instead of staying on the same server. ## Fixes * When using a trusted reverse proxy with the [Proxy block](https://www.unrealircd.org/docs/Proxy_block), under some circumstances it was possible for end-users to spoof IPs. * Crash issue when a module is reloaded (not unloaded) and that module no longer provides a particular moddata object, e.g. because it was renamed or no longer needed. This is rare, but did happen for one third party module recently. * Fix memory leak when unloading a module for good and that module provided ModData objects for "unknown users" (users still in the handshake). * Don't ask to generate TLS certificate if one already exists (issue introduced in 6.1.2). ## Developers and protocol * New hooks: `HOOKTYPE_WATCH_ADD`, `HOOKTYPE_WATCH_DEL`, `HOOKTYPE_MONITOR_NOTIFICATION`. * The hook `HOOKTYPE_IS_HANDSHAKE_FINISHED` is now properly called at all places. * A new [URL API](https://www.unrealircd.org/docs/Dev:URL_API) to easily fetch URLs from modules. -------------------------------------------------------------------------------- ChangeLog: * Sat Dec 9 2023 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 6.1.3-1 - Upgrade to 6.1.3 (#2252372) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2252372 - unrealircd-6.1.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2252372 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-239f057b33' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- package-announce@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-announce-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue