-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-f90f860212 2023-06-18 01:13:43.952669 --------------------------------------------------------------------------------
Name : unrealircd Product : Fedora 37 Version : 6.1.1 Release : 1.fc37 URL : https://www.unrealircd.org/ Summary : Open Source IRC server Description : UnrealIRCd is an Open Source IRC server based on the branch of IRCu called Dreamforge, formerly used by the DALnet IRC network. Since the beginning of development on UnrealIRCd in May of 1999, it has become a highly advanced IRCd with a strong focus on modularity, an advanced and highly configurable configuration file. Key features include SSL/TLS, cloaking, advanced anti- flood and anti-spam systems, swear filtering and module support.
-------------------------------------------------------------------------------- Update Information:
# UnrealIRCd 6.1.1 UnrealIRCd 6.1.1 comes with various bug fixes and performance improvements, especially for channels with thousands of users. It also has more options to override settings per security group, for example if you want to give trusted users or bots more rights or higher flood rates than regular users. All these options are now in a single [Special users](https://www.unrealircd.org/docs/Special_users) article on the UnrealIRCd wiki. Other notable features are better connection errors to SSL/TLS users and a new `proxy { }` block for websocket reverse proxies. ## Enhancements * Two new features that are conditionally on: * SSL/TLS users will now correctly receive the error message if they are rejected due to throttling (connect-flood) and some other situations. * DNS lookups are done before throttling. This allows exempting a hostname from both maxperip and connect-flood restrictions. A good example for IRCCloud would be: ``` except ban { mask *.irccloud.com; type { maxperip; connect-flood; } } ``` * Both features are temporarily disabled whenever a [high rate of connection attempts](https://www.unrealircd.org/docs/FAQ#hi-conn-rate) is detected, to save CPU and other resources during such an attack. The default rate is 1000 per second, so this would be unusual to trigger accidentally. * It is now possible to override some set settings per-security group by having a set block with a name, like `set unknown-users { }` * You could use this to set more limitations for unknown-users: ``` set unknown-users { max- channels-per-user 5; static-quit "Quit"; static-part yes; } ``` * Or to set higher values (higher than the normal set block) for trusted users: ``` security-group trusted-bots { account { BotOne; BotTwo; } } set trusted-bots { max- channels-per-user 25; } ``` * Currently the following settings can be used in a `set xxx { }` block: `set::auto-join`, `set::modes-on-connect`, `set::restrict-usermodes`, `set::max-channels-per-user`, `set::static-quit`, `set::static-part.` * See also [Special users](https://www.unrealircd.org/docs/Special_users) in the documentation for applying settings to a security groups. * New [`proxy { }` block](https://www.unrealircd.org/docs/Proxy_block) that can be used for spoofing IP addresses when: * Reverse proxying websocket connections (eg. via NGINX, a load balancer or other reverse proxy) * WEBIRC/CGI:IRC gateways. This will replace the old `webirc { }` block in the future, though the old one will still work for now. * New setting [`set::handshake-boot- delay`](https://www.unrealircd.org/docs/Set_block#set%3A%3Ahandshake-boot-delay) which allows server linking autoconnects to kick in (and incoming servers on serversonly ports), before allowing clients in. This potentially avoids part of the mess when initially linking on-boot. This option is not turned on by default, you have to set it explicitly. * This is not a useful feature on hubs, as they don't have clients. * It can be useful on client servers, if you `autoconnect` to your hub. * If you connect services to a server with clients this can be useful as well, especially in single-server setups. You would have to set a low `retrywait` in your anope conf (or similar services package) of like `5s` instead of the default `60s`. Then after an IRCd restart, your services link in before your clients and your IRC users have SASL available straight from the start. * JSON-RPC: * New call [`log.list`](https://www.unrealircd.org/docs/JSON-RPC:Log#log.list) to fetch past 1000 log entries. This functionality is only loaded if you include `rpc.modules.default.conf`, so not wasting any memory on servers that are not used for JSON-RPC. ## Changes * [`set::topic- setter`](https://www.unrealircd.org/docs/Set_block#set::topic-setter) and [`set::ban-setter`](https://www.unrealircd.org/docs/Set_block#set::ban-setter) are now by default set to `nick-user-host` instead of `nick`, so you can see the full nick!user@host of who set the topic/ban/exempt/invex. * Some small DNS performance improvements: * We now 'negatively cache' unresolved hosts for 60 seconds. * The maximum number of cached records (positive and negative) was raised to 4096. * We no longer use "search domains" to avoid silly lookups for like `4.3.2.1.dnsbl.dronebl.org.mydomain.org`. * Data buffer chunks bumped from 512 bytes to ~4K. This results in less write calls (lower CPU usage) and more data per TCP/IP packet. * We now cache sending of lines in `sendto_channel` via a new "LineCache" system. It saves CPU on (very) large channels. * Several other performance improvements such as checking maxperip via a hash table and faster invisibility checks for delayjoin. * Blacklist hits are now logged globally. This means they show up in snomask `B`, are logged, and show up in the webpanel "Logs" view. * The event `REMOTE_CLIENT_JOIN` was mass-triggered when servers were syncing. They are now hidden, like `REMOTE_CLIENT_CONNECT`. ## Fixes * Crash when removing a `listen { }` block for websocket or rpc (or changing the port number) * When using the webpanel, if an IRC client tried to connect with the same IP as the webpanel server, it would often receive the error "Too many unknown connections". This only affected non-localhost connections. * The [`require module` block](https://www.unrealircd.org/docs/Require_module_block) was only checked of one side of the link, thus partially not working. ## Removed * [`set::maxbanlength`](https://www.unrealircd.org/docs/Set_block#set::m axbanlength) has been removed as it was not deemed useful and only confusing to users and admins. ## Developers and protocol * Server to server lines can now be 16384 bytes in size when `PROTOCTL BIGLINES` is set. This will allow us to do things more efficiently and possibly raise some other limits in the future. This 16k is the size of the complete line, including sender, message tags, content and `\r\n`. Also, in server-to-server traffic we now allow 30 parameters (`MAXPARA`*2). The original input size limits for non-servers remain the same: the complete line can be 4k+512, with the non-mtag portion limit set at 512 bytes (including `\r\n`), and `MAXPARA` is still 15 as well. * In command handlers, individual `parv[]` elements can be 510 bytes max, even if they add up like `parv[1]` and `parv[2]` both being 510 bytes each. If you need more than that, then you need to set the flag `CMD_BIGLINES` in `CommandAdd()`, then an individual parameter can be near ~16k. This is so, because a lot of the code does not expect parameters bigger than 512 bytes (but can still handle the total of parameters being greater than 512). The new flag allows gradually opting in commands to allow bigger parameters, after such code has been checked and modified to handle it. -------------------------------------------------------------------------------- ChangeLog:
* Wed Jun 14 2023 Robert Scheck robert@fedoraproject.org 6.1.1-1 - Upgrade to 6.1.1 (#2211354) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2211354 - unrealircd-6.1.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2211354 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-f90f860212' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------