-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-32f45cfa06 2023-11-14 01:55:09.715292 --------------------------------------------------------------------------------
Name : unrealircd Product : Fedora 38 Version : 6.1.2.3 Release : 2.fc38 URL : https://www.unrealircd.org/ Summary : Open Source IRC server Description : UnrealIRCd is an Open Source IRC server based on the branch of IRCu called Dreamforge, formerly used by the DALnet IRC network. Since the beginning of development on UnrealIRCd in May of 1999, it has become a highly advanced IRCd with a strong focus on modularity, an advanced and highly configurable configuration file. Key features include SSL/TLS, cloaking, advanced anti- flood and anti-spam systems, swear filtering and module support.
-------------------------------------------------------------------------------- Update Information:
# UnrealIRCd 6.1.2.3 UnrealIRCd 6.1.2 focuses on adding spamfilter features but also contains various other new features and some fixes. * The 6.1.2.1 release fixed a `spamfilter::rule` crash in 6.1.2. * The 6.1.2.2 release fixed tkldb accidentally storing central spamfilters, a crash while booting if you previously used spamfilters with non-UTF-8 characters in them, and fix a possible crash with `SETNAME` when using the SPAMFILTER `u` target. * The 6.1.2.3 release fixed UTF-8 not working in `spamfilter { }` blocks and a possible crash on `REHASH` if you have typos or other errors in the config file. Also fixing `::exclude-security-group` not working and it now gives DNSBL lookups some more time. # Enhancements * Upstream now gives tips on (security) best practices depending on settings in your configuration file, such as using plaintext oper passwords in the config file. It is generally suggested to follow this advice, but you could disable such advice via [set::best- practices](https://www.unrealircd.org/docs/Set_block#set::best-practices). * [`security-group { }` block](https://www.unrealircd.org/docs/Security- group_block) and [mask item](https://www.unrealircd.org/docs/Mask_item) enhancements: * Add support for `channel "#xyz";` and `channel "@#need_ops_here";` * Add support for [Crule](https://www.unrealircd.org/docs/Crule) to allow things like `rule "inchannel('@#main')||reputation()>1000";` * DNS Blacklists are now checked again some time after the user is connected. This will kill/ban users who are already online and got blacklisted later by for example DroneBL. * This is controlled via [`set::blacklist::recheck- time`](https://www.unrealircd.org/docs/Set_block#set::blacklist::recheck-time) and can also be set to `never` if you don't want rechecking. * To skip checking for specific blacklists, you can set [`blacklist::recheck`](https://www.unrealircd.org/docs/Blacklist_block) to `no`. * The [reputation score](https://www.unrealircd.org/docs/Reputation_score) of connected users (actually IP's) is increased every 5 minutes. Upstream still does this, but only for users who are at least in one channel that has 3 or more members. This setting is tweakable via [`set::reputation::score-bump-timer- minimum-channel- members`](https://www.unrealircd.org/docs/Set_block#set::reputation). Setting this to 0 means to bump scores also for people who are in no channels at all, which was the behavior in previous UnrealIRCd versions. Note: this new feature won't work properly when you have any older UnrealIRCd servers on the network (older than 6.1.2), as the older servers will still bump scores for everyone, including users in no channels, and this higher score will get synced back eventually to all other servers. * [`spamfilter { }` block](https://www.unrealircd.org/docs/Spamfilter_block) improvements: * Spamfilters now always run, even for users that are exempt via a [except ban block](https://www.unrealircd.org/docs/Except_ban_block) with `type spamfilter`. However, for exempt users no action is taken or logged. This allows it to count normal hits and count hits for except users. The idea is that the hits for except users can be a useful measurement to detect false positives. These hit counts are exposed in `SPAMFILTER` and `STATS spamfilter`. * Optional items allowing more complex rules: * [`spamfilter::rule`](https://www.unrealircd .org/docs/Spamfilter_block#Spamfilter_rule): with minimal 'if'-like preconditions and functions. If this returns false then the spamfilter will not run at all (no hit). * `spamfilter::except`: this is meant as an alternative to 'rule' and works like a regular [except item](https://www.unrealircd.org/docs/Mask_item). If this matches, then the spamfilter will not run at all (no hit). * New target type `raw` (or `R` on IRC) to match a raw command / IRC protocol line (except message tags), such as `LIST*`. Naturally one needs to be very careful with these since a wrong filter could cause all/essential traffic to be rejected. * The `action` item now supports multiple actions: * A new action `stop` to stop other spamfilters from processing. * A new action `set` to [set a TAG](https://www.unrealircd.org/docs/Spamfilter_block#Setting_tags) on a user, or change the value of one. It also supports changing the [reputation score](https://www.unrealircd.org/docs/Reputation_score). * A new action `report` to call a spamreport block, see next. * A new [spamreport { } block](https://www.unrealircd.org/docs/Spamreport_block): * This can do a HTTP(S) call to services like DroneBL to report spam hits, so they can blacklist the IP address and other users on IRC can benefit. * Optional [Central Spamfilter](https://www.unrealircd.org/docs/Central_spamfilter): This will fetch and refresh spamfilter rules every hour from unrealircd.org. * This feature is not enabled by default. Use `set { central-spamfilter { enabled yes; } }` to enable. * `set::central-spamfilter::feed` decides which feed to use: `fast` for early access to spamfilter rules that are new, and `standard` (the default) for rules that have been in fast for a while. * `set::central- spamfilter::except` defines who will never be affected by central spamfilters. By default it is: users with a reputation score of more than 2016 (7 days online unregged, or 3.5 days as identified user) or having a host of *.irccloud.com. Spam matches for users that fall in this ::except group are counted as false positives and no action is taken or logged. * See the [Central Spamfilter](https://www.unrealircd.org/docs/Central_spamfilter) article for the disclaimer and all other options you can set. * [`set::spamfilter::utf8`](http s://www.unrealircd.org/docs/Set_block#set::spamfilter::utf8) is now on by default: * This means you can safely use UTF-8 characters in like `[]` in regex. * Case insensitive matches work better. For example, for extended Latin, a spamfilter on `��` then also matches `��`. * Other PCRE2 features such as [`\p`](https://www.pcre.org/current/doc/html/pcre2syntax.html#SEC5) can then be used. For example the regex `\p{Arabic}` would block all Arabic script. See also this [full list of scripts](https://www.pcre.org/current/doc/html/pcre2syntax.html#SEC7). Please use this new tool with care. Blocking an entire language or script is quite a drastic measure. * You can turn it off via: `set { spamfilter { utf8 no; } }` * Via [`set::spamfilter::show-message-content-on- hit`](https://www.unrealircd.org/docs/Set_block#set::spamfilter::show-message- content-on-hit) you can now configure to hide the message content in spamfilter hit messages. Generally it is very useful to see if a spamfilter hit is correct or not, so the default is 'always', but it also has privacy implications so there is now this option to disable it. * You can restrict includes to only contain certain blocks, the style is: `include "some-file-or-url" { restrict- config { name-of-block; name-of-block2; } }` * A new `~flood` [extended ban](https://www.unrealircd.org/docs/Extended_bans). This mode allows you to exempt users from channel mode `+f` and `+F`. It was actually added in a previous version (6.1.0) but never made it to the release notes. The syntax is: ~flood:types:mask, where *types* are the same letters as used in [channel mode +f](https://www.unrealircd.org/docs/Channel_anti-flood_settings#Channel_mode_f). Example: `+e ~flood:t:*!*@*.textflood.example.org` # Changes * The argon2 parameters have been lowered a bit, this so the hashing speed is acceptable for upstream's purposes. # Fixes * Temporary high CPU usage (99%) under some conditions * UnrealIRCd has watch away notification since 2008, this is indicated in `RPL_ISUPPORT` via `WATCHOPTS=A` and then the syntax to actually use this is `WATCH A +Nick1 +Nick2 etc.`. In UnrealIRCd 6 there was a bug where it would not always correctly inform about the away status, that bug has now been fixed. * On 32 bit architectures you can now use more than 32 channel modes. * [Set block for a security group](https://www.unrealircd.org/docs/Set_ block#Set_block_for_a_security_group): was not working for the `unknown-users` group. * A leading slash was silently stripped in config file items, when not in quotes. # Developers and protocol * Changes in numeric 229 (`RPL_STATSSPAMF`): Now includes hits and hits for users that are exempt, two counters inserted right before the last argument (the regex). * Several API changes, like `place_host_ban` to `take_action` -------------------------------------------------------------------------------- ChangeLog:
* Sun Nov 5 2023 Robert Scheck robert@fedoraproject.org 6.1.2.3-2 - Build upstream's bundled recent PCRE2 version for RHEL 7 and 8 * Mon Oct 16 2023 Robert Scheck robert@fedoraproject.org 6.1.2.3-1 - Upgrade to 6.1.2.3 (#2238031) * Sun Oct 8 2023 Robert Scheck robert@fedoraproject.org 6.1.2.2-1 - Upgrade to 6.1.2.2 (#2238031) * Thu Oct 5 2023 Robert Scheck robert@fedoraproject.org 6.1.2.1-1 - Upgrade to 6.1.2.1 (#2238031) * Thu Oct 5 2023 Robert Scheck robert@fedoraproject.org 6.1.2-1 - Upgrade to 6.1.2 (#2238031) * Thu Oct 5 2023 Remi Collet remi@remirepo.net - 6.1.1.1-3 - rebuild for new libsodium * Sat Jul 22 2023 Fedora Release Engineering releng@fedoraproject.org - 6.1.1.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2238031 - unrealircd-6.1.2.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2238031 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-32f45cfa06' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
package-announce@lists.fedoraproject.org