Up to [cvs.NetBSD.org] / pkgsrc / chat / unrealircd
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
*: recursive bump for icu 76 shlib major version bump
*: revbump for icu downgrade
*: recursive bump for icu 76.1 shlib bump
revbump after icu and protobuf updates
*: recursive bump for gnutls p11-kit option (existing installations need the bl3.mk included, but it's now only optionally included)
*: recursive bump for icu 74.1
*: bump for openssl 3
revbump after textproc/icu update
*: bump PKGREVISION for libunistring shlib major bump
Pullup ticket #6596 - requested by nia chat/unrealircd: bugfix Revisions pulled up: - chat/unrealircd/Makefile 1.82 - chat/unrealircd/PLIST 1.20 - chat/unrealircd/distinfo 1.34 --- Module Name: pkgsrc Committed By: nia Date: Fri Mar 4 08:50:46 UTC 2022 Modified Files: pkgsrc/chat/unrealircd: Makefile PLIST distinfo Log Message: unrealircd: update to 5.2.4 This fixes a crash bug.
unrealircd: update to 5.2.4 This fixes a crash bug.
revbump for icu and libffi
unrealircd: update to 5.2.2 UnrealIRCd 5.2.2 Release Notes =============================== This 5.2.2 release only contains some minor changes. Fixes: * Fix issues with Let's Encrypt certificates for [remote includes](https://www.unrealircd.org/docs/Remote_includes) (quite common) and with linking to servers with link::verify-certificate enabled (more rare). Both issues only happen with: * OpenSSL 1.0.2 and older, which is officially unsupported, but still in use on e.g. Debian 8 and Ubuntu 16.04. * LibreSSL, such as with UnrealIRCd on Windows * OpenBSD compile issue when using shipped c-ares Enhancements: * [set::allowed-nickchars](https://www.unrealircd.org/docs/Nick_Character_Sets): added ```arabic-utf8``` * [set::server-linking](https://www.unrealircd.org/docs/Set_block#set::server-linking): add another autoconnect-strategy called ```sequential-fallback```. Module coders / IRC protocol: * S2S: Allow ```SVSLOGIN``` also when [set::sasl-server](https://www.unrealircd.org/docs/Set_block#set::sasl-server) is not set. * Some minor ```CHATHISTORY``` fixes, for example the subcommand is now case-insensitive. * You can use the new ```UNREAL_VERSION``` macro. It is easier than the old individual UNREAL_VERSION_MAJOR/MINOR/etc macros.
revbump for boost-libs
unrealircd: update to 5.2.1.1 UnrealIRCd 5.2.1.1 Release Notes =================================== 5.2.1.1 fixes an issue with SASL autodetection and mechlist in 5.2.1 Enhancements: * The [allow block](https://www.unrealircd.org/docs/Allow_block) now uses allow::mask instead of allow::ip and allow::hostname. Users upgrading will receive a warning but the server will continue to boot. * New documentation for [mask items](https://www.unrealircd.org/docs/Mask_item) in the configuration file to show how it works with 1 or more mask items in a block. Also support for negative matching has been improved and we now support [extended server ban syntax](https://www.unrealircd.org/docs/Extended_server_bans). * Combining the new options from above you can do things like: * ```allow { mask ~a:TrustedUser; class flooders; maxperip 100; }``` If TrustedUser authenticates to services using [SASL](https://www.unrealircd.org/docs/SASL) then he gets in the special class "flooders" with a maxperip of 100. * ```allow { mask { ~S:112233etc; ~S:anotherone; }; class clients; maxperip 10; }``` Users matching one of these [certificate fingerprints](https://www.unrealircd.org/docs/Extended_server_bans) get a high maximum per ip of 10. * New block [set::server-linking](https://www.unrealircd.org/docs/Set_block#set::server-linking) * For link blocks with autoconnect we now default to the strategy 'sequential', meaning we will try the 1st link block first, then the 2nd, then the 3rd, then the 1st again, etc. * We now have different and lower timeouts for the connect and the handshake. So we give up a bit more early on servers that are currently down or extremely lagged. * New [security-group block](https://www.unrealircd.org/docs/Security-group_block) item called *include-mask*. This can be used to put clients matching a [mask](https://www.unrealircd.org/docs/Mask_item) into a security group. * New option *lag-penalty* and *lag-penalty-bytes* in the [set::anti-flood block](https://www.unrealircd.org/docs/Anti-flood_settings). * *known-users* can now executes commands at a slightly faster rate than *unknown-users*. * It can further be used to allow really trusted users/bots to execute commands at even higher rates, such as 20 commands per second, without making them IRCOp. This explained in [FAQ: How to allow users to send more commands per second](https://www.unrealircd.org/docs/FAQ#high-command-rate). * The [REHASH](https://www.unrealircd.org/docs/Rehashing_the_IRCd) command is now sufficient to reload SSL/TLS certificates. You no longer need to use ```REHASH -tls```. The same is true for ```./unrealircd rehash``` which now also does the extra steps in ```./unrealircd reloadtls```. The commands will stay, though, in case you only want to reload the TLS certificates and not rehash the entire configuration file. * Support for OpenSSL 3.0.0 * Show microseconds in ```TSCTL ALLTIME``` * The git version id is now shown in the ```INFO``` command on *NIX (ReleaseId). * [Extban](https://www.unrealircd.org/docs/Extended_bans) ```~a:*``` now matches all authenticated users and ```~a:0``` matches all unauthenticated users. * Allow multiple masks in the [deny link { } block](https://www.unrealircd.org/docs/Deny_link_block) Fixes: * When using persistent channel history: if you had ANY rehash error (often completely unrelated to channel history) and you then rehashed again UnrealIRCd would crash. * When server syncing larger channels we could accidentally skip over or forget to send a few users. These users would then not be shown on the other side of the link but are actually in the channel (ghosts) * When using autoconnect on (very) big networks, the network no longer breaks down (with the new default strategy 'sequential') * The default ban exemption on ```127.*``` was too broad. It also matched hostnames that started with it, allowing such users to bypass gline/kline/shun (but not zline/gzline). * Channel mode ```+d``` (so after ```-D```) never took QUITs into account properly. This should now fix things, so the channel goes ```-d``` immediately once it is no longer needed. * Give a better error message when trying to use an unconfirmed account with [authprompt](https://www.unrealircd.org/docs/Set_block#set::authentication-prompt). Module coders / IRC protocol: * We now assume all services set the SVID field. If your services only sets umode ```+r``` and does not use ```SVSLOGIN``` or ```SVSMODE nick +d SVID``` then users will not be recognized as authenticated anymore. * In the ```UID``` command we now validate the UID (parameter 6) to start with the SID and contains digits and uppercase only. * Servers can no longer change moddata of remote clients. That is, it is disabled by default, but modules can still allow it for certain moddata via mreq.remote_write=1. You can use ```#if UNREAL_VERSION_TIME >= 202125``` to detect if this new .remote_write option is available. * Removed ```HCN``` from 005, since nobody uses this anyway. UnrealIRCd 5.2.0 ----------------- The two main new features in 5.2.0 are: an improved and more flexible anti-flood block and channel history which can now be stored encrypted on disk and allows clients to fetch hundreds/thousands of lines. Upgrading and the 5.0.x series ------------------------------- UnrealIRCd 5.2.0 is the direct successor to 5.0.9/5.0.9.1. There will be [no further 5.0.x releases](https://www.unrealircd.org/docs/FAQ#About_the_new_5.2.x_series), in particular there will be no 5.0.10. Only four bugs that affect a limited number of people/networks were fixed. UnrealIRCd 5.2.0 is mostly a feature release. Admins wishing to take a conservative approach don't need to rush an upgrade from 5.0.x to 5.2.0, they can wait for a 5.2.1 or 5.2.2 release. If you are upgrading from 5.0.9(.1) to 5.2.0 then feel free to try the new ```./unrealircd upgrade``` command. The only configuration change is in the set::anti-flood block (as explained further down under *Enhancements*). When starting UnrealIRCd will give you clear instructions if anything needs to be changed (and what). This process is really minor, the server will usually tell you to just delete a few old lines from the configuration file. Enhancements ------------- * The set::anti-flood block has been redone so you can have different limits for *unknown-users* and *known-users*. * As a reminder, by default, *known-users* are users who are identified to services OR are on an IP that has been connected for over 2 hours in the past X days. The exact definition of "known-users" is in the [security-group block](https://www.unrealircd.org/docs/Security-group_block). * See [here](https://www.unrealircd.org/docs/Anti-flood_settings) for more information on the layout of the new set::anti-flood block. * All violations of target-flood, nick-flood, join-flood, away-flood, invite-flood, knock-flood, max-concurrent-conversations are now reported to opers with the snomask ```f``` (flood). * Add support for database encryption. The way this works is that you define an encryption password in a [secret { } block](https://www.unrealircd.org/docs/Secret_block). Then from the various modules you can refer to this secret block, from [set::reputation::db-secret](https://www.unrealircd.org/docs/Set_block#set::reputation), [set::tkldb::db-secret](https://www.unrealircd.org/docs/Set_block#set::tkldb) and [set::channeldb::db-secret](https://www.unrealircd.org/docs/Set_block#set::channeldb). This way you can encrypt the reputation, TKL and channel database for increased privacy. * Add optional support for [persistent channel history](https://www.unrealircd.org/docs/Set_block#Persistent_channel_history): * This stores channel history on disk for channels that have both ```+H``` and ```+P``` set. * If you enable this then we ALWAYS require you to set an encryption password, as we do not allow storing of channel history in plain text. * If you enable the option, then the history is stored in ```data/history/``` in individual .db files. No channel names are visible in the filenames for optimal privacy. * See [Persistent channel history](https://www.unrealircd.org/docs/Set_block#Persistent_channel_history) on how to enable this. By default it is off. * Add support for IRCv3 [draft/chathistory](https://ircv3.net/specs/extensions/chathistory). * The maximums for channel mode ```+H``` have been raised and are now different for ```+r``` (registered) and ```-r``` channels. For unregistered channels the limit is now 200 lines / 31 days. For registered channels the limit is 5000 lines / 31 days. The old limit for both was 200 lines / 7 days. These maximums can be changed in the now slightly different [set::history::channel::max-storage-per-channel](https://www.unrealircd.org/docs/Set_block#set::history) block. * Add c-ares and libsodium version output to boot screen and /VERSION. * WHOX now supports displaying the [reputation score](https://www.unrealircd.org/docs/Reputation_score). If you are an IRCOp then you can use e.g. ```WHO * %cuhsnfmdaRr```. * Add ability to [spamfilter](https://www.unrealircd.org/docs/Spamfilter) message tags via the new ```T``` target. Right now it would be unusual to use this, but some day when we have more [message tags](https://www.unrealircd.org/docs/Message_tags) it may come in handy. * Support [```+draft/reply```](https://ircv3.net/specs/client-tags/reply) IRCv3 client tag. Can be used by bots (and others) to indicate to what message people are replying to. This module, reply-tag, is loaded by default. * Send [```draft/bot```](https://ircv3.net/specs/extensions/bot-mode) IRCv3 message tag if the user has mode ```+B``` set. * [Websockets](https://www.unrealircd.org/docs/WebSocket_support): add support for clients to negotiate an explicit type via ```Sec-WebSocket-Protocol```, instead of only the default type from [listen::websocket::type](https://www.unrealircd.org/docs/WebSocket_support#2._Enable_websocket_on_the_port). This is based on an IRCv3 websocket draft specification. Note that UnrealIRCd refuses type text if your configuration allows non-UTF8 characters in channel or nick names because it would lead to security and compatibility issues. * [set::restrict-commands](https://www.unrealircd.org/docs/Set_block#set::restrict-commands): new option *exempt-tls* which allows SSL/TLS users to bypass a restriction. Fixes ------ * Server squiting the wrong side. Often harmless, but when (re)connecting rapidly to multiple servers with autoconnect this could cause the network to fall apart. * Forbid using [extended server bans](https://www.unrealircd.org/docs/Extended_server_bans) in ZLINE/GZLINE since they won't work there. * Extended server ban ```~a:accname``` was not working for shun, and only partially working for kline/gline. * More accurate /ELINE error message. Changed -------- * Channel mode ```+H``` always showed time in minutes (```m```) until now. From now on it will show it in minutes (```m```), hours (```h```) or days (```d```) depending on the actual value. Eg ```+H 50:7d```. * If you ran ```./unrealircd stop``` we used to wait only 1 second. From now on we will wait up to 10 seconds max. This gives UnrealIRCd plenty of time to write database files. * If you have zero [log blocks](https://www.unrealircd.org/docs/Log_block) then we already automatically logged errors to ```ircd.log```. From now on we will log everything (not only errors) to that file. Removed -------- * Version check for curl and openssl as nowadays they have ABI guarantees. Module coders / Developers --------------------------- * New UnrealDB API and disk format, see https://www.unrealircd.org/docs/Dev:UnrealDB * We now use libsodium for file encryption routines as well as some helpers to lock/clear passwords in memory. * Updated ```HOOKTYPE_LOCAL_NICKCHANGE``` and ```HOOKTYPE_REMOTE_NICKCHANGE``` to include an ```MessageTag *mtags``` argument in the middle. You can use ```#if UNREAL_VERSION_TIME>=202115``` to detect this. * Updated channel mode ```conv_param``` function to include a ```Channel *channel``` argument at the end. You can use ```#if UNREAL_VERSION_TIME>=202120``` to detect this. * New: ```ModuleSetOptions(modinfo->handle, MOD_OPT_UNLOAD_PRIORITY, priority);```. This can be used for modules to indicate they wish to be unloaded before or after others. It is used by for example the channel and history modules so they can save their databases before channel mode modules or other modules get unloaded. * New CAP [```draft/chathistory```](https://ircv3.net/specs/extensions/chathistory). If a client REQ's this CAP then UnrealIRCd won't send history on-join as it assumes the client will fetch it when they feel the need for it. * New informative CAP: [```unrealircd.org/history-backend```](https://www.unrealircd.org/history-backend) UnrealIRCd 5.0.9.1 ------------------- The only change between 5.0.9 and 5.0.9.1 is: * Build improvements on *NIX (faster compiling and lower memory requirements) UnrealIRCd 5.0.9 ----------------- The 5.0.9 release comes with several nice feature enhancements. There are no major bug fixes. Enhancements: * Changes to the "Client connecting" notice on IRC (for IRCOps): * The format changed slightly, instead of ```{clients}``` it now shows ```[class: clients]``` * SSL/TLS information is still shown via ```[secure]``` * New: ```[reputation: NNN]``` to show the current [reputation score](https://www.unrealircd.org/docs/Reputation_score) * New: ```[account: abcdef]``` to show the services account, but only if [SASL](https://www.unrealircd.org/docs/SASL) was used. * In the log file the format also changed slightly: * IP information is now added as ```[127.0.0.1]``` in both the connect and disconnect log messages. * The vhost is logged as ```[vhost: xyz]``` instead of ```[VHOST xyz]``` * All the other values are now logged as well on-connect, similar to the "Client connecting" notice, so: secure, reputation, account (if applicable). * New option [allow::global-maxperip](https://www.unrealircd.org/docs/Allow_block): this imposes a global (network-wide) restriction on the number of connections per IP address. If you don't have a global-maxperip setting in the allow block then it will default to maxperip plus one. So, if you currently have an allow::maxperip of 3 then global-maxperip will be 4. * [Handshake delay](https://www.unrealircd.org/docs/Set_block#set::handshake-delay) is automatically disabled for users that are exempt from blacklist checking. * Always exempt 127.* from gline, kline, etc. * You can now have dated logfiles thanks to strftime formatting. For example ```log "ircd.%Y-%m-%d.log" { }``` will create a log file like called ircd.2020-01-31.log, a new one every day. Changes: * Add ```doc/KEYS``` which contains the public key(s) used to sign UnrealIRCd releases * The options set::anti-flood::unknown-flood-* have been renamed and integrated in a new block called [set::anti-flood::handshake-data-flood](https://www.unrealircd.org/docs/Set_block#set::anti-flood::handshake-data-flood). The ban-action can now also be changed. Note that almost nobody will have to change this setting since it has a good default. * On *NIX bump the default maximum connections from 8192 to 16384. That is, when in "auto" mode, which is like for 99% of the users. Note that the system may still limit the actual number of connections to a lower value, epending on the value of ```ulimit -n -H```.
revbump for boost-libs
unrealircd: Update to 5.0.8 UnrealIRCd 5.0.8 Release Notes =============================== The main purpose of this release is to enhance the [reputation](https://www.unrealircd.org/docs/Reputation_score) functionality. There have also been some other changes and minor bug fixes. For more information, see below. Enhancements: * Support for [security groups](https://www.unrealircd.org/docs/Security-group_block), of which four groups always exist by default: known-users, unknown-users, tls-users and tls-and-known-users. * New extended ban ```~G:securitygroupname```. Typical usage would be ```MODE #chan +b ~G:unknown-users``` which will ban all users from the channel that are not identified to services and have a reputation score below 25 (by default). The exact settings can be tweaked in the [security group block](https://www.unrealircd.org/docs/Security-group_block). * The reputation command (IRCOp-only) has been extended to make it easier to look for potential troublemakers: * ```REPUTATION Nick``` shows reputation about the nick name * ```REPUTATION IP``` shows reputation about the IP address * ```REPUTATION #channel``` lists users in channel with their reputation score * ```REPUTATION <NN``` lists users with reputation scores below value NN * Only send the first 1000 matches on ```STATS gline``` or a similar command. This to prevent the IRCOp from being flooded off. This value can be changed via [set::max-stats-matches](https://www.unrealircd.org/docs/Set_block#set::max-stats-matches) * Warn when the SSL/TLS server certificate is expired or expires soon (within 7 days). * New option allow::options::reject-on-auth-failure if you want to stop matching on a passworded allow block, see the [allow password documentation](https://www.unrealircd.org/docs/Allow_block#password) for more information. Note that most people won't use this. Fixes: * The ```WHO``` command searched on nick name even if it was told to search on a specific account name via WHOX options. * Some typos in the Config script and a warning * Counting clients twice in some circumstances Changes: * Support for $(DESTDIR) in 'make install' if packaging for a distro * Mention the ban reason in Q-line server notices * Add self-test to module manager and improve the error message in case the IRCd source directory does not exist. * Print out a more helpful error if you run the unrealircd binary rather than the unrealircd script with an argument like 'mkpasswd' etc. * On *NIX create a symlink 'source' to the UnrealIRCd source Module coders / Developers: * The [Doxygen module API docs](https://www.unrealircd.org/api/5/index.html) have been improved, in particular the [Hook API](https://www.unrealircd.org/api/5/group__HookAPI.html) is now 100% documented.
unrealircd: Update to 5.0.7 UnrealIRCd 5.0.7 Release Notes =============================== UnrealIRCd 5.0.7 consists mainly of fixes for the 5.x stable series, with some minor enhancements. Enhancements: * Add support for ```estonian-utf8```, ```latvian-utf8``` and ```lithuanian-utf8``` in [set::allowed-nickchars](https://www.unrealircd.org/docs/Nick_Character_Sets) * Add [message tags](https://www.unrealircd.org/docs/Message_tags) to ```PONG``` to help fix timestamp issues in KiwiIRC. * Dutch helpop file (conf/help/help.nl.conf) Fixes: * When having multiple text bans (```+b ~T:censor```), these caused an empty message. * Text bans are now no longer bypassed by voiced users (```+v```). * [Websockets](https://www.unrealircd.org/docs/WebSocket_support) that used ```labeled-response``` sometimes received multiple IRC messages in one websocket packet. * The reputation score of [WEBIRC users](https://www.unrealircd.org/docs/WebIRC_block) was previously the score of the WEBIRC IP rather than the end-user IP. * ```STATS badword``` was not working. * When setting a very high channel limit, it showed a weird MODE ```+l``` value. * The ```LINKS``` command worked, even when disabled via ```hideserver::disable-links``` in the optional hideserver module. * In some cases ```WHO``` did not show your own entry, such as when searching on account name, which was confusing. * Memory leak when repeatedly using ```./unrealircd reloadtls``` or ```/REHASH -tls```. Module coders / Developers: * No changes, only some small additions to the [Doxygen module API docs](https://www.unrealircd.org/api/5/index.html) UnrealIRCd 5.0.6 ----------------- UnrealIRCd 5.0.6 is a small maintenance release for the stable 5.x series. For existing 5.x users there is probably little reason to upgrade. Enhancements: * Spanish help conf was added (conf/help/help.es.conf) Fixes: * History playback on join was not obeying the limits from [set::history::channel::playback-on-join](https://www.unrealircd.org/docs/Set_block#set::history). Note that if you want to see more lines, there is the ```HISTORY``` command. For more information on the different ways to retrieve history, see [Channel History](https://www.unrealircd.org/docs/Channel_history) * [Spamfilter](https://www.unrealircd.org/docs/Spamfilter) with the ['tempshun' action](https://www.unrealircd.org/docs/Actions) was letting the message through. * In very specific circumstances a ```REHASH -tls``` would cause outgoing linking to fail with the error "called a function you should not call". * Crash if empty [set::cloak-method](https://www.unrealircd.org/docs/Set_block#set::cloak-method) * Issues with labeled-response on websockets (partial fix) Module coders / Developers: * In ```RPL_ISUPPORT``` we now announce ```BOT=B``` to indicate the user mode and ```WHO``` status flag for bots. * ```HOOKTYPE_ACCOUNT_LOGIN``` is called for remote users too now (also on server syncs) * Send ```RPL_LOGGEDOUT``` when logging out of services account * Fix double batch in message tags when using both labeled-response and the ```HISTORY``` command UnrealIRCd 5.0.5.1 ------------------- 5.0.5.1 reverts the previously introduced UTF8 Spamfilter support. Unfortunately we had to do this, due to a bug in the PCRE2 regex library that caused a freeze / infinite loop with certain regexes and text. UnrealIRCd 5.0.5 ----------------- This 5.0.5 release mainly focuses on new features, while also fixing a few bugs. Fixes: * [except ban { }](https://www.unrealircd.org/docs/Except_ban_block) without 'type' was not exempting from gline. * Channel mode ```+L #forward``` and ```+k key```: should forward on wrong key, but was also redirecting on correct key. * Crash on 32-bit machines in tkldb (on start or rehash) * Crash when saving channeldb when a parameter channel mode is combined with ```+P``` and that module was loaded after channeldb. This may happen if you use 3rd party modules that add parameter channel modes. Enhancements: * [antimixedutf8](https://www.unrealircd.org/docs/Set_block#set::antimixedutf8) has been improved to detect CJK and other scripts and this will now catch more mixed UTF8 spam. Note that, if you previously manually set the score very tight (much lower than the default of 10) then you may have to increase it a bit, or not, depending on your network. * Support for IRCv3 [+typing clienttag](https://ircv3.net/specs/client-tags/typing.html), which adds "user is typing" support to channels and PM (if the client supports it). * New flood countermeasure, [set::anti-flood::target-flood](https://www.unrealircd.org/docs/Set_block#set%3A%3Aanti-flood%3A%3Atarget-flood), which limits flooding to channels and users. This is only meant as a filter for high rate floods. You are still encouraged to use [channel mode +f](https://www.unrealircd.org/docs/Anti-flood_features#Channel_mode_f) in channels which give you more customized and fine-grained options to deal with low- and medium-rate floods. * If a chanop /INVITEs someone, it will now override ban forwards such as ```+b ~f:#forward:*!*@*```. Changes: * We now do parallel builds by default (```make -j4```) within ./Config, unless the ```$MAKE``` or ```$MAKEFLAGS``` environment variable is set. * [set::restrict-commands](https://www.unrealircd.org/docs/Set_block#set%3A%3Arestrict-commands): * The ```disable``` option is now removed as it is implied. In other words: if you want to disable a command, then simply don't use ```connect-delay```. * You can now have a block without ```connect-delay``` but still make users bypass the restriction with ```exempt-identified``` and/or ```exempt-reputation-score```. Previously this was not possible. * We now give an error when an IRCOp tries to place an *LINE that already exists. (Previously we sometimes replaced the existing *LINE and other times we did not) * Add Polish HELPOP (help.pl.conf) Module coders / Developers: * Breaking API change in ```HOOKTYPE_CAN_SEND_TO_USER``` and ```HOOKTYPE_CAN_SEND_TO_CHANNEL```: the final argument has changed from ```int notice``` to ```SendType sendtype```, which is an enum, since we now have 3 message options (PRIVMSG, NOTICE, TAGMSG).
revbump after updating security/nettle
unrealircd: Update to 5.0.4 UnrealIRCd 5.0.4 Release Notes =============================== This new 5.0.4 version fixes quite a number of bugs. It contains only two small feature improvements. Fixes: * When placing a SHUN on an online user it was not always effective. * Channeldb was not properly restoring all channel modes, such as +P. * When upgrading UnrealIRCd it could sometimes crash the currently running IRC server (rare), or trigger a crash report on ```./unrealircd restart``` (quite common). * UnrealIRCd was giving up too easily on ident lookups. * Crash when unloading a module with moddata. * Crash if an authenticated server sends wrong information (rare). * Removing a TEMPSHUN did not work if the user was on another server. * SAJOIN to 0 (part all channels) resulted in a desync when used on remote users. * Forced nick change from services was not showing up if the user was not in any channels. Enhancements: * New option [set::hide-idle-time::policy](https://www.unrealircd.org/docs/Set_block#set%3A%3Ahide-idle-time) by which you can change usermode +I (hide idle time in WHOIS) from oper-only to settable by users. More options will follow in a future release. * In WHOIS you can now see if a user is currently (temp)shunned. This only works for locally connected users for technical reasons, so use ```/WHOIS Nick Nick``` to see it for remote users. Changes: * The oper notices and logging with regards to server linking have changed a little. They are more consistent and log more now. * When an IRCOp tries to oper up from an insecure connection we will now mention the https://www.unrealircd.org/docs/FAQ#oper-requires-tls page. This message is customizable through [set::plaintext-policy::oper-message](https://www.unrealircd.org/docs/Set_block#set::plaintext-policy). * The French HELPOP text was updated.
revbump after boost update
*: recursive bump for libffi
unrealircd: Update to 5.0.3.1 UnrealIRCd 5.0.3.1 ------------------- This fixes a crash issue after REHASH in 5.0.3. UnrealIRCd 5.0.3 ----------------- Fixes: * Fix serious flood issue in labeled-response implementation. * An IRCOp SQUIT'ing a far remote server may cause a broken link topology * In channels that are +D (delayed join), PARTs were not shown correctly to channel operators. Enhancements: * A new HISTORY command for history playback (```HISTORY #channel number-of-lines```) which allows you to fetch more lines than the on-join history playback. Of course, taking into account the set limits in the +H channel mode. This command is one of the [two interfaces](https://www.unrealircd.org/docs/Channel_history#Ways_to_retrieve_history) to [Channel history](https://www.unrealircd.org/docs/Channel_history). * Two new [message tags](https://www.unrealircd.org/docs/Message_tags), ```unrealircd.org/userip``` and ```unrealircd.org/userhost``` which communicate the user@ip and real user@host to IRCOps. Changes: * Drop the draft/ prefix now that the IRCv3 [labeled-response](https://ircv3.net/specs/extensions/labeled-response.html) specification is out of draft. * The operclass permission ```immune:target-limit``` is now called ```immune:max-concurrent-conversations```, since it bypasses [set::anti-flood::max-concurrent-conversations](https://www.unrealircd.org/docs/Set_block#set::anti-flood::max-concurrent-conversations). For 99% of the users this change is not important, but it may be if you use highly customized [operclass blocks](https://www.unrealircd.org/docs/Operclass_block) Are you upgrading from UnrealIRCd 4.x to UnrealIRCd 5? If so, then check out the *UnrealIRCd 5* release notes [further down](#unrealircd-5). At the very least, check out [Upgrading from 4.x](https://www.unrealircd.org/docs/Upgrading_from_4.x).
unrealircd: Update to 5.0.2 Upgrade notes (seem like there are very few breaking changes): https://www.unrealircd.org/docs/Upgrading_from_4.x What's new in UnrealIRCd 5: * Channel history. You can now see the last couple of lines that have been said on channels when you JOIN. For this you need to set channel mode +H, eg: eg: /MODE #chan +H 15:1440 * More IRCv3 features. Additional details are communicated to clients which may help with displaying information. Implemented specs are: account-tag, message-ids, time, echo-message, labeled-response and BATCH. * Ban exceptions (/ELINE). You can now exempt users dynamically on IRC from *LINES, spamfilter, throttling, blacklist checking, connection floods, bypassing antirandom, etc. Just type /ELINE on IRC to see details. * *LINES and Spamfilters are remembered: All of these are saved to a file every few minutes and saved across reboots. This uses the new tkldb module (loaded by default). No need for services for that anymore. * Persistent channels are remembered: For channels which have mode +P set we now save all channel settings across reboots (topic, regular modes and +beI lists). This via the channeldb module (loaded by default). * Anti connect-flood measures. In the last few 4.2.x versions we introduced Connthrottle and reputation. In 5.x these modules are now loaded by default for increased security. * Easily restrict commands to fight drones. You can now disable any command or impose restrictions, such as: command can only be executed after being connected for XX seconds, or if you are identified to services, etc. See the example for how to restrict LIST, INVITE and messaging. * Module manager for managing 3rd party modules easily. Install and update modules with a single command. * Condition configuration. You can have condition configuration where you e.g. @define $IP "203.0.113.1" and can use $IP everywhere in the configuration file. Similarly, support for @if-blocks. This is especially useful for advanced users who like to use the same configuration file on multiple machines, usually with the help of remote includes. * Improved Channel Mode +L now kicks in for any rejected join, so not just for +l but also for +b, +i, +O, +z, +R and +k. If, for example, the channel is +L #insecure and also +z then, when an insecure user ties to join they will be redirected to #insecure. * Ban forwards. New extended ban ~f to forward users to the specified channel if the ban matches. Example: MODE #chan +b ~f:#badisp:*!*@*.isp.org * Improved WebSocket support. We already supported websockets, but now we support websocket type 'text', which is compatible with web IRC clients such as Kiwi IRC. * Code cleanups. The biggest effort of all went into cleaning up old code and making the code much more readable. This also means that UnrealIRCd 5 will not be able to link with really older servers or services, like UnrealIRCd 3.2.x. * Windows version is 64-bits. This should allow for increased address space and security. This also means UnrealIRCd 5 will not run on 32-bits Windows (should be rare nowadays, anyway)
*: Recursive revision bump for openssl 1.1.1.
*: Recursive revbump from devel/boost-libs
unrealircd: Build fix: don't accidentally detect epoll on SunOS
Recursive revbump from boost-1.71.0
unrealircd: Avoid building the internal copy of Argon2. The pkgsrc version was being used, but not being detected properly by configure. I'm guessing the configure script is assuming Debian version numbers or something.
unrealircd: Install some examples to a more sensible location. While here, we probably don't need to regenerate the configure script any more. So don't do that. Bump PKGREVISION.
unrealircd: Update to 4.2.4.1 This release fixes a crash issue if UnrealIRCd is configured to use utf8 or chinese character sets in set::allowed-nickchars. We don't expect many users to run their IRCd with this enabled, as the utf8 support was tagged as experimental and the chinese/gbk implementation is incomplete. This release also contains a number of other fixes and enhancements. In particular the reputation and connthrottle modules are now working better and there were some major Windows fixes.
*: recursive bump for nettle 3.5.1
Recursive revbump from boost-1.70.0
Pullup ticket #5928 - requested by nia chat/unrealircd: build fix Revisions pulled up: - chat/unrealircd/Makefile 1.58-1.59 - chat/unrealircd/distinfo 1.22-1.23 --- Module Name: pkgsrc Committed By: nia Date: Tue Apr 2 11:29:46 UTC 2019 Modified Files: pkgsrc/chat/unrealircd: distinfo Log Message: chat/unrealircd: update distinfo. The tarball was silently updated without a release. After diffing this against the git tag, the updated tarball seems to change some if statements from if (x = y) to if (x == y)... https://github.com/unrealircd/unrealircd/commit/766055d5c0399fa55d03ac6ab33804dc084e2547 The bug fixed by this change is apparently not exploitable. --- Module Name: pkgsrc Committed By: nia Date: Tue Apr 2 12:42:44 UTC 2019 Modified Files: pkgsrc/chat/unrealircd: Makefile Log Message: unrealircd: bump PKGREVISION for distinfo change --- Module Name: pkgsrc Committed By: wiz Date: Tue Apr 2 13:20:21 UTC 2019 Modified Files: pkgsrc/chat/unrealircd: Makefile distinfo Log Message: unrealircd: set DIST_SUBDIR for new distfile
unrealircd: set DIST_SUBDIR for new distfile
unrealircd: bump PKGREVISION for distinfo change
unrealircd: Update to 4.2.2. Changes between version 4.2.1 and 4.2.2: Improvements: Quicker connection handshake for clients which use CAP and/or SASL. With "TOPIC #chan" and "MODE #chan +b" (and +e/+I) you can see who set the topic and bans/exempts/invex. The default is to only show the nick of the person who set the item. This can be changed (not the default) by setting: set { topic-setter nick-user-host; }; set { ban-setter nick-user-host; }; The 'set by' and 'set at' information for +beI lists are now synchronized when servers link. You still see the MODE originating from the server, however when the banlist is queried you will now be able to see the original nick and time of the bansetter rather than serv.er.name. If you want the OLD behavior you can use: set { ban-setter-sync no; }; The default maximum topic length has been increased from 307 to 360. You can now set more custom limits. The default settings are shown below: set { topic-length 360; /* maximum: 360 */ away-length 307; /* maximum: 360 */ quit-length 307; /* maximum: 395 */ kick-length 307; /* maximum: 360 */ }; The message sent to users upon *LINE can now be adjusted completely via set::reject-message::kline and set::reject-message::gline. New set::anti-flood::max-concurrent-conversations which configures the maximum number of conversations a user can have with other users at the same time. Until now this was hardcoded at limiting /MSG and /INVITE to 20 different users in a 15 second period. The new default is 10 users, which serves as a protection measure against spambots. New set::max-targets-per-command which configures the maximum number of targets accepted for a command, such as 4 to allow e.g. /MSG nick1,nick2,nick3,nick4 hi. Also changed the following defaults (previously hardcoded): PRIVMSG from 20 to 4 targets, to counter /amsg spam NOTICE from 20 to 1 target, to counter /anotice spam KICK from 1 to 4 targets, to make it easier for channel operators to quickly kick a large amount of spambots Added INVITE and KNOCK flood protection (command rate limiting): set::anti-flood::invite-flood now defaults to 4 per 60 seconds (previously the effective limit was 1 invite per 6 seconds). set::anti-flood::knock-flood now defaults to 4 per 120 seconds. New set::outdated-tls-policy which describes what to do with clients that use outdated SSL/TLS protocols (eg: TLSv1.0) and ciphers. The default settings are to warn in all cases: users connecting, opers /OPER'ing up and servers linking in. The user will see a message telling them to upgrade their IRC client. This should help with migrating such users, since in the future, say one or two years from now, we would want to change the default to only allow TSLv1.2+ with ciphers that provide Forward Secrecy. Instead of rejecting clients without any error message, this provides a way to warn them and give them some time to upgrade their outdated IRC client. Major issues fixed: Crash issue in the 'websocket' module. Minor issues fixed: The advertised "link-security" was incorrectly downgraded from level 2 to 1 if spkifp was used as an authentication method. In case of a crash, the ./unrealircd backtrace script was not working correctly in non-English environments, leading to less accurate bug reports. Various crashes if a server receives incorrect commands from a trusted linked server. A number of memory leaks on REHASH (about 1K). SASL was not working post-registration, eg: when services link back in. This is now fixed in UnrealIRCd, but may require a services update as well. Changed: The noctcp user mode (+T) will now only block CTCP's and not CTCP REPLIES. Also, IRCOps can bypass user mode +T restrictions. The server will warn if your ulines { } are matching UnrealIRCd servers. The m_whox module now contains various features that m_who already had. Also, m_whox will try to convert classic UnrealIRCd WHO requests such as "WHO +i 127.0.0.1" to whox style "WHO 127.0.0.1 i". Unfortunately auto-converting WHO requests is not always possible. When in doubt the WHOX syntax is assumed. Users are thus (still) encouraged to use the whox style when m_whox is loaded. For module coders: New hook HOOKTYPE_WELCOME (aClient *acptr, int after_numeric): allows you to send a message at very specific places during the initial welcome. New Isupport functions: IsupportSet, IsupportSetFmt and IsupportDelByName. The M_ANNOUNCE flag in the command add functions should no longer be used as CMDS= is removed. Please update your module. New "SJSBY" in PROTOCTL, which is used in SJOIN to sync extra data. See the last part of the SJOIN documentation. For a command with 2 arguments, eg "PRIVMSG #a :txt", parv[1] is "#a", parv[2] is "txt" and parv[3] is NULL. Any arguments beyond that, such as parv[4] should not be accessed. To help module coders with detecting such bugs we now poison unused parv[] elements that should never be accessed. Note that without this poison your code will also crash, now it just crashes more consistently. IRC protocol: This section is intended for client coders and people interested in IRC protocol technicalities Many changes in the tokens used in numeric 005 (RPL_ISUPPORT): Removed CMDS= because this was an unnecessary abstraction and it was not picked up by any other IRCd. The tokens KNOCK MAP USERIP have been added (moved from CMDS=..) STARTTLS is no longer advertised in 005 since doing so would be too late. Also, STARTTLS is not the preferred method of using SSL/TLS. Added TARGMAX= to communicate set::max-targets-per-command limits. Removed the MAXTARGETS= token because TARGMAX= replaces it. Added DEAF=d to signal what user mode is used for "deaf" Added QUITLEN to communicate the set::quit-length setting (after all, why communicate length for KICK but not for QUIT?) The 005 tokens are now sorted alphabetically When hitting the TARGMAX limit (set::max-targets-per-command), for example with "/MSG k001,k002,k003,k004,k005 hi", you will see: :server 407 me k005 :Too many targets. The maximum is 4 for PRIVMSG. When hitting the set::anti-flood::max-concurrent-conversations limit (so not per command, but per time frame), you will see: :server 439 me k011 :Message target change too fast. Please wait 7 seconds When hitting the set::anti-flood::invite-flood limit you will get: :server 263 me INVITE :Flooding detected. Please wait a while and try again. When hitting the set::anti-flood::knock-flood limit you will get: :server 480 me :Cannot knock on #channel (You are KNOCK flooding) Not a protocol change. But when a server returns from a netsplit and syncs modes such as: :server MODE #chan +b this!is@an.old.ban Then later on you can query the banlist (MODE #chan b) and you may see the actual original setter and timestamp of the ban. So if a user wishes to see the banlist then IRC clients are encouraged to actively query the banlist before displaying it. Fortunately most clients do this. If the set::topic-setter or set::ban-setter are set to nick-user-host then the "added by" field in numerics that show these entries will contain nick!user@host instead of nick, eg: :server 367 me #channel this!is@some.ban bansetter!user@some.host 1549461765
chat/unrealircd: Update to 4.2.1.1 Many changes, coming from an unsupported version, but at least fixes CVE-2016-7144.
revbump for boost 1.69.0
revbump after boost-libs update
*: Move SUBST_STAGE from post-patch to pre-configure Performing substitutions during post-patch breaks tools such as mkpatches, making it very difficult to regenerate correct patches after making changes, and often leading to substituted string replacements being committed.
revbump for boost-libs update
Revbump after boost update
Follow some redirects.
Revbump for boost update
Recursive revbump from boost update
Revbump after boost update
Revbump post boost update
Bump PKGREVISION for security/openssl ABI bump.
Update chat/unrealircd to 3.2.10.5. pkgsrc changes: - Remove obsolete and broken MESSAGE files. - Find zlib correctly when enabled. - Add SMF manifest. - Update patch files and add comments where necessary. Upstream changes: - This release fixes a SASL Denial of Service issue Patch provided by Marco Wessel in joyent/pkgsrc#306.
pkglint
Now that _STRIPFLAG_INSTALL is disabled by default on Darwin, remove manual settings of INSTALL_UNSTRIPPED=yes for Darwin in individual packages.
Update to 3.2.10.4, build with USE_LOCALE on Mac OS to unbreak the build. Patch from Jonathan Buschmann in PR pkg/49540, slightly adapted.
Fixes unusual MESSAGE_SRC usage.
Recursive PKGREVISION bump for OpenSSL API version bump.
Update to latest release, 3.2.10.1. LICENSE=gnu-gpl-v2; USE_TOOLS+=gunzip; WRKSRC is now handled automatically. Let options.mk include bsd.prefs.mk instead of pulling it in again in Makefile. CONFIGURE_ARGS for hub and leaf no longer exist. Removed from PKG_OPTIONS. Specifying hostname in CONFIGURE_ARGS is also no longer available. Removed. ${IRCD_SHARE}/networks files are no longer provided. Removing from post-install and PLIST. From Changes: - Fix compilation issue when disabling stacked extbans. https://bugs.gentoo.org/389949 - Fix compilation issues with bundled tre and ./curlinstall-ed curl caused by over-generic regexes. Reported by warg. - Include CMDS=STARTTLS in ISUPPORT/numeric 005 to let clients discover STARTTLS support through VERSION, before or after registration (#4064). - Added patch from nenotopia to use more modern LUSERS numerics (#3967). - Fix small error in oper block documentation, reported by Stealth (#2318). - Config parser failed to check for invalid set::ssl options, reported and patch by fbi (#4035). - Tweak: send actual channel name and not user supplied channel in KICK, reported and patch by Stealth (#3298). - Services coders: Added support for ESVID. Instead of a number you can now store a string (of max NICKLEN size) as service stamp. - Show account name in /WHOIS, for ESVID-capable services packages, patch from nenotopia (#3966). - Added extended ban ~a:<account name> which matches users who are logged in to services with that account name. This works only on services that support ESVID. Patch from nenotopia (#3966). - Updated extended ban documentation in help.conf and unreal32docs: new bantype ~a, and some text about extended bans & invex (+I). - compile fix for just-checked-in patches. - extban ~a = also allowed for invex - Throw up an error if a password in the configuration file is too long (max 48 characters), reported by JasonTik, based on patch from WolfSage (#3223). - Enforce matching of unrealircd version and PACKAGE_VERSION macros (#4014). - Make default service stamp 0 (zero) again, instead of '*' which was introduced by ESVID changes a few days ago. This makes anope happy, and also means nothing will change in a non-ESVID scenario. - Fix misuse of stdarg.h macros when calling vsyslog() (#4065 by Jimini). - Ditch vsyslog() as it's only a waste of CPU, inspired by #4065. - Add CAP support. Currently implemented are: multi-prefix (NAMESX), and userhost-in-names (UHNAMES). Patch from nenotopia (#4018, #4066) - Fix issue with CAP & NOSPOOF. Patch from nenolod (#4077). - Advertise 'tls' (STARTTLS) capability in CAP. Patch from nenolod (#4081). - New user mode +I (IRCOp only) which hides idle times to other users, suggested and patch supplied by Nath & binki (#3953). - Added remove_oper_modes(), which works just like remove_oper_snomasks(), - Get rid of networks/ directory, and all references to it. Suggested by katsklaw and others (#4056). - Added doc/example.es.conf, translated by Severus_Snape. - Make the accept code check if the fd is within bounds instead of relying on OpenFiles to be correct. - Moved nospoof to config file, suggested by and patch from nenolod (#4078). - Even when 'M' was listed in set::oper-only-stats you could still do a '/STATS m'. Unlike other stats characters, case insensitivity was not checked for this one. Reported by and patch from Apocalypse (#4086). - Added patch from Adam for poll() support (#1245). update my own fd check code for poll support - Some more changes and fixes regarding poll patch: - make c-ares use 100% poll. and make sure we never deal with negative fds. - UnrealIRCd now supports poll() instead of select(). - Speed optimization: First, moved a large part of vsendto_prefix_one into vmakebuf_local_withprefix. Then use this new function - which creates the buffer-to-be-sent - at the top of functions like sendto_channel_butserv and sendto_common_channels and send the prepared buffer in the loop that comes after it. This means we only prepare the buffer once and then send it many times, rather than both building and sending it XYZ times. Benchmarking connect-join-quit of 10k clients: 100 users per channel: no noticeable speed improvement 1000 users per channel: 18% faster 10000 users in one channel: 50% faster As you can see, unfortunately, for a typical irc network there isn't much speed improvement. However, if you have a couple of 500+ user channels or get attacked by clones then you may see some improvement in speed and/or lower CPU usage. - Call m_cap_Init() when m_cap is loaded through commands.so. Reported by nenolod. - Fix for speed optimization a few lines up, was accidentally using ident username (which might have been 'unknown') instead of effective username. - Added support for SASL, patch from nenolod (#4079). - Fix crash in AUTHENTICATE (SASL commit from an hour or so ago). - Tweak SASL code to conform to current coding style. - Split up PROTOCTL line, since with the addition of ESVID we exceeded MAXPARA when using ZIP links. - Poll I/O engine: get_client_by_pollfd() may return -1 when there's a race condition. Don't abort, instead just skip those clients. - Fix win32 installer: apparently it sometimes complained about not having - the Visual C++ 2008 redistributable package installed when this was not true. - Fix Windows build. - Win32 compile fix (nenolod) - Print out a warning when we can't write to a log file. When booting this goes to the boot screen. When we are already booted it's sent to all IRCOps with a limit of max. 1 message per 5 minutes. - Refuse to boot when we can't write to any log file. - Remove old no-stealth configuration directive from documentation, reported by katsklaw, patch from warg (#4036). - Added 'away-notify' client capability, which informs the client of any AWAY state changes of users on the same channel. Patch from nenolod (#4097). - Add support for account-notify client capability (#4098). This capability can be used to request passive notifications for accountname changes. - If set::options::dont-resolve is enabled, then use only the IP information from a WEBIRC message, reported by Ismat (#4103). - Moved sendto_connectnotice, and thus the call to HOOKTYPE_LOCAL_CONNECT, so it gets called after the broadcast of NICK to other servers. - Fix bug caused by new I/O engine (both with and without USE_POLL): queued data on the receive queue (eg: due to fake lag) was not processed unless we got new data from the client. - Add support for server-enforced mode locks (MLOCK). This allows the IRCd to enforce MLOCKs that are set by services, which eliminates clashes between users setting modes and services enforcing it's mlock on channels. (#3055) - complete the previous patch (MLOCK).. mostly just bringing it up to date & code-style - Fixed another SASL crash bug. Always use HookAddEx, not HookAdd! Crash occured after the first quit of a user after a REHASH. - SASL now needs to be enabled explicitly by setting a set::sasl-server. - Changed numeric 307 (RPL_WHOISREGNICK) to 'is identified for this nick', - Win32 installer (SSL): Uncheck 'create certificate' checkbox when server.cert.pem exists, and check it if the file doesn't exist. - Win32 installer: Latest InnoSetup no longer supports Windows 95/98, so update Minversion to make the .iss compile. - Module coders: added HOOKTYPE_AWAY (sptr, away-reason). - Add optional oper::require-modes setting to the oper block. (#4008 by katsklaw) - Clarify that hiddenhost-prefix must be the same on linked servers for bans to function properly (#4090, patch from warg, reported in #4043 by maxb). - Add /SILENCE to HTML documentation (reported by Severus_Snape in #4072, patch from warg). - Show "Ping timeout: XYZ seconds" instead of just "Ping timeout". - a bigger scratch buffer makes me sleep at night ;) - Install server.*.pem files, patch from katsklaw (#3988). - The ./Config script will now ask whether to generate an SSL certificate when it does not exist (defaults to Yes), instead of always generating one. - Added missing Mod_Header to m_sasl.c - Remove old reference to networks/ directory from Windows installer - Disable sending of UHNAMES when HTM (High Traffic Mode) is ON, - Disable sending of UHNAMES when HTM (High Traffic Mode) is ON, - Add 'class' option to allow/deny channel so you can allow/deny users based on their class. Patch from fspijkerman (#4125). - Use poll() in the remote includes functions when USE_POLL is defined (#4091). - Fix bug where recursive includes would hang the IRCd, patch from binki with some minor modifications, reported by warg (#3919). - Upgraded to c-ares 1.9.1. Updated configure & other files. - various win32 fixes: - Disable USE_POLL on Windows, since it doesn't work with XP and has no advantage anyway. Reported by nenolod (#4129). - Various updates to makefile.win32 and .iss file, found during building new versions of zlib, openssl, and curl. - Added set::options::disable-cap, which can be used to disable the new CAP support (#4104). - Added auth method 'sslclientcertfp' which provides an alternative method to authenticate users with SSL client certificates based on SHA256 fingerprints. This can be used instead of the already existing 'sslclientcert' so you don't have to use an external file. One way to get the SHA256 fingerprint would be: openssl x509 -in name-of-pem-file.pem -sha256 -noout -fingerprint Suggested and patch supplied by Jobe (#4019). - Added documentation on the new sslclientcertfp - Moved documentation on authentication types to one place and refer to it from each section (oper::password, vhost::password, link::password-receive, etc). - Windows: fix MOTD file always showing a date of 1/1/1970, reported by maxarturo (#4102). - Removed unreal32docs.es.html (outdated since 2006-12-22), unreal32docs.gr.html (outdated since 2006-12-02), and unreal32docs.nl.html (outdated since 2009-01-18, possibly 2007-07-12). - Remove wircd.def, needs to be re-generated almost each build anyway.. - Use our own (v)snprintf if not available. - Use a more robust method of learning the server origin for a SASL agent. - Use a more robust method of learning the server origin for a SASL agent. Fixes crash reported by Adam. - Import unreal32docs Spanish translation by Karim Benzema. - In the Mercurial repository the Changes file no longer exists (except for a dummy file). You now need to run ./createchangelog to generate it. Of course in official releases the Changes file will be present and contain all details. - From now on, the Changes file is based on the history of the Mercurial repository. This means we no longer have to write text manually to the Changes file. This simple change helps a lot in future development because patches will no longer break when they are being ported from one branch to another. - Update ./createchangelog to make it only show changes on default branch. - If you are running the IRCd as root and use IRC_USER/IRC_GROUP then we now change ownership of the log file to that user/group so it can still write after the setuid(). Reported by asmadeus (#4152). - Fix duplicate user@host in away-notify and account-notify, reported by grawity (#4153). - '/rehash -global' did often not rehash all servers. Reported by Cronus (#4143) - allow channel: Permit multiple channel items in one block again, was broken by patch from #4125. - Update the documentation about set::dns::nameserver to reflect reality (that the setting is only used if c-ares can?t read /etc/resolv.conf). - Don't remove oper-modes such as +S from non-local clients. - Pull in poll(2) stuff before any other ircd include files. (#4155) - Windows: Fix strange linking bug. Outgoing connects from a Windows IRCd caused a garbled SERVER protocol message, causing 'cannot find server' errors and killing of users. Reported by Sunkat (#4183). - Custom modules: move EXLIBS= so shared libraries are always linked.
Bump PKGREVISION of all packages which create users, to pick up change of sysutils/user_* packages.
PKGREVISION bumps for the security/openssl 1.0.1d update.
recursive bump from cyrus-sasl libsasl2 shlib major bump.
Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.
update to 3.2.9 from the announcement: There have been 212 changes since previous release which is almost the Same as previous THREE stable releases combined. The changes consist of the usual amount of bugfixes, however also a substantial amount of new features have been added. pkgsrc note: This removes the dependencies on fixed (old) versions of tre and c-ares.
Fix build on SunOS.
recursive bump from gettext-lib shlib bump.
Update unrealircd to 3.2.8.1. Unreal3.2.8.1 - Fixes a security issue, which is exploitable (crash) when allow::options::noident is in use. Unreal3.2.8 ==[ NEW ]== - set::level-on-join: this defines which privileges a user receives when creating a channel, default is 'chanop', the only other available setting is 'none' (opless). - Away notification through WATCH: This allows clients to receive a notification when someone goes away or comes back, along with a reason, a bit like IM's. There's probably no current client supporting this but it would be a nice feature in notify lists. Client developers: see Changes file for full protocol details. This feature can be disabled by setting set::watch-away-notification to 'no'. - Spamfilter: Slow spamfilter detection: For each spamfilter, Unreal will check, each time it executes, how long it takes to execute. When a certain threshold is reached the IRCd will warn or even remove the spamfilter. This could prevent a spamfilter from completely stalling the IRCd. Warning is configured through set::spamfilter::slowdetect-warn (default: 250ms) and automatic deletion is configured by set::spamfilter::slowdetect-fatal (default: 500ms). You can set both settings to 0 (zero) to disable slow spamfilter detection. This feature is currently not available on Windows. - SSL: set::ssl::server-cipher-list can be used to limit the allowed ciphers - SSL: To specify when an SSL session key should be renegotiated you can use set::ssl::renegotiate-bytes <bytes> and set::ssl::renegotiate-timeout <seconds>. - UHNAMES support: This sends the full nick!ident@host in NAMES which can be used by clients for their IAL. mIRC, Klient, etc support this. - There have also been some behavior changes, which can be considered NEW, see next section (CHANGED). ==[ CHANGED ]== - IPv6: On IPv6 servers you no longer have to use ::ffff:1.2.3.4 IP's for IPv4 in the config file, you can use the simple 1.2.3.4 form, as they are converted automatically. - When someone is banned and /PARTs, the part reason (comment) is no longer shown - ChanMode +S/+c: now strips/blocks 'reverse' as well - Smart banning is now disabled by default because it was too annoying, this means that f.e. if there's a ban on *!*@*.com then you can still add a ban on *!*@*.aol.com - except ban { } now also protects against ZLINEs and ban ip { } - Modules: user modes and channel modes without parameters (eg: +X) no longer have to be PERManent, this means they can be upgraded/reloaded/unloaded on-the-fly. ==[ MAJOR BUGS FIXED ]== - Zip links issue (Overflowed unzipbuf) - Crash issue with 3rd party modules that introduce new channel modes w/parameters - Mac OS X: Various issues which prevented the IRCd from booting up - Remote includes (constant) crash with new curl/c-ares versions - A few rare crash issues, including a crash when linking to another server - In case of clock adjustments, the IRCd will no longer freeze when the time is adjusted backwards, nor will it incorrectly throttle clients when adjusted forward. However, because clock adjustments (time shifts) of more than xx seconds are so dangerous (and will still cause a number of issues), big warnings are now printed when they happen. Morale: synchronize your system clock, or use the built-in timesync feature. ==[ MINOR BUGS FIXED ]== - CGI:IRC: Several IPv6 issues, both on IPv6 IRCd's and CGI:IRC gateways - IP masks in oper::from::userhost sometimes didn't match when they should - (G)ZLINE's on IPv6 users were sometimes rejected - CHROOTDIR works again - OperOverride fixes - Throttling is now more accurate - And more... see Changelog
Also provide TREINCDIR.
Change dependency pattern for devel/tre from tre-0.7.5 to tre>=0.7.5. (0.7.5 was not satisfiable because we now have 0.7.6 in pkgsrc.) Builds, but not tested beyond that. Bump revision.
Give up MAINTAINER
Pullup ticket #2735 - requested by adrianp: unrealircd: security patch Revisions pulled up: - chat/unrealircd/Makefile 1.26 - chat/unrealircd/distinfo 1.11 - chat/unrealircd/patches/patch-ag 1.1 --- Module Name: pkgsrc Committed By: adrianp Date: Mon Apr 13 16:20:52 UTC 2009 Modified Files: pkgsrc/chat/unrealircd: Makefile distinfo Added Files: pkgsrc/chat/unrealircd/patches: patch-ag Log Message: Add patch for http://forums.unrealircd.com/viewtopic.php?t=6204 Update MASTER_SITES PKGREVISION++
Add patch for http://forums.unrealircd.com/viewtopic.php?t=6204 Update MASTER_SITES PKGREVISION++
Update MASTER_SITES from download page. list outdated noticed by Zafer Aydogan via private mail.
More chroot build fixes from Michael Stapelberg.
Fix DESTDIR.
Mechanical changes to add full DESTDIR support to packages that install their files via a custom do-install target.
PKGREVSION++ due to tre changes
Update to 3.2.7 - Updated c-ares to 1.4.0, TRE to 0.7.5 - chmode +L does no longer require chmode +l - Oper blocks now can have CIDR, as in "userhost *@127.0.0.1/32"; - Services coders: SVSNOLAG/SVS2NOLAG (described in Changes) will allow a user to avoid fake lag (ie, flood as much as he/she wants). - More intelligent accept() handling - that is, take in multiple times at a time instead of one per I/O loop - A lot of bug fixes, basically.
Make it easier to build and install packages "unprivileged", where the owner of all installed files is a non-root user. This change affects most packages that require special users or groups by making them use the specified unprivileged user and group instead. (1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to unprivileged.mk. These two variables are lists of other bmake variables that define package-specific users and groups. Packages that have user-settable variables for users and groups, e.g. apache and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP}, etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER} and ${UNPRIVILEGED_GROUP}. (2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
The tarball has been re-packaged with an additional fix and the version number not incremented. This was to fix an FD leak. Use DIST_SUBDIR=${PKGNAME} hack to work around this. PKGREVISION++
Update to 3.2.6 In brief: Unreal3.2.6 Release Notes ========================== ==[ GENERAL INFORMATION ]== - The purpose of the sections below (NEW, CHANGED, MINOR, etc) is to be a SUMMARY of the changes in this release. There have been 80+ changes, and trying to mention them all would be useless, see the Changelog for the full list of changes. ==[ CHANGED ]== - SSL: The server certificate and keys can now be reloaded via '/REHASH -ssl', no restart needed anymore. - loadmodule errors are improved - Snomask 'N' will no longer show nick changes of U-lined servers - Various doc updates ('/HELPOP ?EXTBANS', and some unreal32docs improvements) ==[ MAJOR BUGS FIXED ]== - Crash if link::options::quarantine was used - Another crash which could happen in some rare cases - Throttling was not always being applied correctly - Windows 2003: Fixed crash on-boot if no nameserver was set - Windows: Fixed /RESTART not always working properly (leaving the ircd dead)
s/SKIP_PORTABILITY_CHECK/CHECK_PORTABILITY_SKIP/
Disabled the portability check for this package because one file is declared unchangeable. Unfortunately, exactly that file contains the non-portable code. Not my problem. ;)
Update to 3.2.5 ==[ MAJOR BUGS FIXED ]== - Spamfilter was not always working properly - MS Visual studio 2005 (8.x) was unable to compile Unreal and/or caused crashes - Certain IPv6 listen blocks could crash the ircd on-boot/on-rehash ==[ MINOR BUGS FIXED ]== - "Looking up your hostname" message was missing if set::options::show-connect-notice was enabled (other messages, like "looking up ident" were shown, however) - It was sometimes impossible to update a link { } block: all old settings would still be used, this happened if connfreq was low. This might also have caused crashes. - Netsynch problem, which could cause the wrong modes to be applied to a channel in some rare cases. - Setting set::maxdccallow to 0 (or lower) still allowed one entry to be added - Spamfilter oversized-checking is no longer done when removing a spamfilter - Operator count bug (there might still be others...) - Some chinese-* charsets could not be selected individually - No longer requiring a C++ compiler (was caused by resolver in 3.2.4) - Added workaround for "make: Permission denied" bug in some FreeBSD's
Modify packages that set PKG_USERS and PKG_GROUPS to follow the new syntax as specified in pkgsrc/mk/install/bsd.pkginstall.mk:1.47.
Over 1200 files touched but no revisions bumped :) RECOMMENDED is removed. It becomes ABI_DEPENDS. BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo. BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo. BUILDLINK_DEPENDS does not change. IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS which defaults to "yes". Added to obsolete.mk checking for IGNORE_RECOMMENDED. I did not manually go through and fix any aesthetic tab/spacing issues. I have tested the above patch on DragonFly building and packaging subversion and pkglint and their many dependencies. I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I have used IGNORE_RECOMMENDED for a long time). I have been an active user of IGNORE_RECOMMENDED since it was available. As suggested, I removed the documentation sentences suggesting bumping for "security" issues. As discussed on tech-pkg. I will commit to revbump, pkglint, pkg_install, createbuildlink separately. Note that if you use wip, it will fail! I will commit to pkgsrc-wip later (within day).
pkglintification Add rehash option to rc.d script Remove dud mirror site Sort PLIST Bump pkgrevision
There's been an upstream fix but the version number was not bumped http://www.unrealircd.com/324rerelease.txt Use DIST_SUBDIR=${PKGNAME} until the next version is released Install help and documentation for non-english users
Recursive revision bump / recommended bump for gettext ABI change.
Update to 3.2.4 This is just a summary of changes, for full details see: http://www.unrealircd.com/txt/unreal3_2_4_release_notes.txt > ==[ MAJOR BUGS FIXED ]== > - Two issues with an incorrect badword { } block in the config file causing a crash. > - Incorrect TKL/*LINE causing a crash > - Complete resolver recode: now using c-ares + caching to fix some (rare?) crash bugs and > to make our code much more cleaner. > - Using GCC4 caused a crash on-link. > - Crash when a class block was removed and had any other blocks were referencing it. > - OpenBSD crash on /REHASH. > - Several AMD64 crash issues. > - Sometimes a serious flood of notices was generated if link::options::nodnscache was used. > - Spamfilter: action 'viruschan' combined with target 'user' caused crashes. > - chinese-* nick characters support caused memory corruption. > - Crash issue regarding SSL and junk snomask. > > ==[ MINOR BUGS FIXED ]== > - Now properly resolves hostnames again that use CNAME delegation (got broken in 3.2.3). > - Fedora Core w/IPv6 failed to compile. > - A few read-after-free bugs that could have caused crashes. > - ./Config was not loading the settings properly on Solaris 10 > - Crash if high ascii in set::network-name > - Fixed advanced channel aliases not working properly > - Fixed \* and \? escaping not always working properly (for example in ~r/~c bans).
Remove USE_PKGINSTALL from pkgsrc now that mk/install/pkginstall.mk automatically detects whether we want the pkginstall machinery to be used by the package Makefile.
Fix MASTER_SITES typo and add in a few more mirrors
Ran "pkglint --autofix", which corrected some of the quoting issues in CONFIGURE_ARGS.
Change remoteinc to depend on net/libcares as opposed to wip/c-ares Fix patch-aa so libcares is properly detected Fix options.mk so that libcurl is properly detected Use PKG_OPTIONS_OPTIONAL_GROUPS as suggesed by wiz@ in private email Use PKG_OPTIONS_REQUIRED_GROUPS for hub/leaf choice Bump to nb1
Add advanced options available in the default ./Config script Change default to hub, enable showlistmodes and remove prefixaq in line with ./Config defaults No PKGREVISION bump (riding the initial import)
Small update for FILES_SUBST
UnrealIRCd is an IRC server based on the branch of IRCu called Dreamforge, formerly used by the DALnet IRC Network. Since development started on it (around May 1999) many new features has been added, modified, and many bugs fixed. Unreal runs both on *nix platforms, Amiga & Windows 95/98/2k/NT. Some features to mention: Channel Halfops, No-color channel mode, Strip-colors channel mode, channelmode +q & +a - protect modes, Oper and Admin only channels, exception bans, Nokicks mode (channel and user), Flood limiter, Channel links, Host cloaking, Net* Tech and Co-Admin modes, Whois notifies, Foreign connects monitor, Oper suspend, G:Lines, T:Lines, channel restriction (people can only go to these channels if enabled), Trojan/DCC Deny, RPING/RPONG, Sethost family, Token in server<->server etc. FDlists/High Traffic Mode, SOCKS check on connect, Speeded up server synchs, limited WebTV Client support, /vhost, and many dreamforge optimations. UnrealIRCd is aimed to be an advanced, not an easy IRCd. Also includes SSL and IPv6 support.
Initial revision