charybdis 3.5.1 release

diff --git a/_posts/2016-04-02-charybdis-3.5.1-release.md b/_posts/2016-04-02-charybdis-3.5.1-release.md
new file mode 100644 (file)
index 0000000..cc9febf
--- /dev/null
+++ b/_posts/2016-04-02-charybdis-3.5.1-release.md
@@ -0,0 +1,108 @@
+---
+layout: post
+title:  "Charybdis 3.5.1 released"
+---
+
+We have released a maintenance release for the charybdis 3.5 branch, mainly importing improvements
+concerning ssld's robustness as well as adding support for building with GNUTLS 3.4.
+
+## Downloading charybdis
+
+The charybdis 3.5.0 release can be downloaded via:
+
+* [distfiles.charybdis.io](http://distfiles.charybdis.io/charybdis-3.5.0.tar.bz2)
+
+## What's new in Charybdis 3.5?
+
+### server protocol
+- Fix propagation of ip_cloaking hostname changes (only when setting or
+  unsetting the umode after connection).
+- Fix a remote-triggerable crash triggered by the CAPAB parsing code.
+- As per the TS6 spec, require QS and ENCAP capabilities.
+- Require EX and IE capabilities (+e and +I cmodes).
+- Check that UIDs start with the server's SID.
+
+### user
+- Allow mode queries on mlocked modes. In particular, allow /mode #channel f
+  to query the forward channel even if +f is mlocked.
+- Strip colours from channel topics in /list.
+- If umode +D or +g are oper-only, don't advertise them in 005.
+- If MONITOR is not enabled, don't advertise it in 005.
+- Add starttls as per ircv3.
+- Abort a whowas listing when it would exceed SendQ, which would previously
+  disconnect the user.
+- Reject nicks with '~' in them, rather than truncating at the '~'.
+- Remove CHARSET=ascii from ISUPPORT
+- Use the normal rules for IP visibility in /whowas.
+- Cmode +c now strips '\x0F' (^O, formatting off), fixing weird rendering in
+  some clients that internally use mIRC formatting such as highlighted
+  messages in HexChat.
+- Indicate join failure because of the chm_sslonly extension (cmode +S) using
+  the same 480 numeric as ircd-ratbox.
+- Do not allow SASL authentication when the configured SASL agent is unavailable.
+- Automatically add unidentified users to the ACCEPT list when a user is set +R,
+  as we do when the user is set +g.
+- Implement IRCv3.2 capabilities:
+  - cap-notify
+  - chghost
+  - userhost-in-names
+- Implement the $&, $| and $m extban types:
+  - $& combines 1 or more child extbans as an AND expression
+  - $| combines 1 or more child extbans as an OR expression
+  - $m provides normal hostmask matching as an extban for the above
+- Do not allow STARTTLS if a connection is already using TLS.
+- Display an operator's privilege set in WHOIS.
+- The $o extban now matches against privilege set names as well as individual
+  privileges.  Privilege set names are preferred over individual privileges.
+
+### oper
+- Fix a crash with /testline.
+- Complain to opers if a server that isn't a service tries to
+  SU/RSFNC/NICKDELAY/SVSLOGIN.
+- Turn off umode +p (override) when deopering.
+- Make listener error messages (e.g. port already in use) visible by default
+  instead of only on snomask +d and in ioerrorlog.
+- Remove snotes on +r about GET/PUT/POST commands ("HTTP Proxy disconnected").
+- Add DNSBL snotes on snomask +r.
+
+### config
+- Add hide_uncommon_channels extension to hide uncommon channel memberships in WHOIS,
+  like in ircd-seven.
+- Add chm_nonotice extension, cmode +T to reject notices.
+- Add restrict-unauthenticated extension, prevents unauthenticated users from
+  doing anything as channel operator.
+- Add no_kill_services extension, prevents local opers from killing services.
+- Allow matching specific replies of DNSBLs, using the new matches option.
+- Remove blowfish crypt since it has the BSD advertising clause.
+- Fix SHA256 ($5$) crypt.
+- Make the channel::channel_target_change option actually work (it used to be
+  always on).
+- SSL/TLS listeners now have defer_accept unconditionally enabled on them.
+- The method used for certificate fingerprints (CertFP) is now configurable.
+  SHA1, SHA256 and SHA512 are available options.
+- The minimum user threshold for channels in default /list output is now
+  configurable.
+
+### misc
+- Work around timerfd/signalfd brokenness on OpenVZ.
+- Fix a compilation issue in libratbox/src/sigio.c with recent glibc.
+- Extend documentation slightly.
+- Remove a BSD advertising clause that permission was granted to remove.
+- Add support for hooking PRIVMSG/NOTICE.
+- Reenable and fix the GnuTLS support.
+- Add mbedTLS backend for SSL/TLS.
+- Remove EGD support.
+- Try other DNS servers if errors or corrupt replies are encountered.
+- Rename genssl.sh script to genssl.
+- Choose more secure SSL/TLS algorithms.
+- Fix reconnecting with SSL/TLS with some clients such as ChatZilla (see
+  https://bugzilla.mozilla.org/show_bug.cgi?id=858394#c34 for details.)
+- Improve error messages about the configuration file.
+- Fix a crash when compiled with recent clang on 32-bit systems.
+- Fix various memory leaks in rehash.
+- Fix various code quality issues.
+- Add --with-shared-sqlite to allow distribution packages to link to a shared
+  sqlite library. Using this is not recommended for on-server compilation.
+- ISUPPORT tokens which are actually provided by modules have been moved to their
+  respective modules.
+

diff --git a/download.md b/download.md
index 8644956dec698444b76afdecdf040484de50d889..a499869220ac34dae06547c9c284c8468807847d 100644 (file)
--- a/download.md
+++ b/download.md
@@ -8,7 +8,7 @@ title: Download charybdis
 
 The current stable release series is 3.5.
 
-  * [charybdis 3.5.0 source](http://distfiles.charybdis.io/charybdis-3.5.0.tar.bz2)
+  * [charybdis 3.5.1 source](http://distfiles.charybdis.io/charybdis-3.5.1.tar.bz2)
 
 Older versions are available at [distfiles.charybdis.io](http://distfiles.charybdis.io).