X-Git-Url: https://jfr.im/git/solanum.git/blobdiff_plain/0cc93eadc0c8c8e9431c7f2dff73adde7be7acdf..0af84b132ca480ea13851034aea6a79969946174:/NEWS.md diff --git a/NEWS.md b/NEWS.md index a172b5a0..c316bcf3 100644 --- a/NEWS.md +++ b/NEWS.md @@ -1,15 +1,134 @@ # News -This is charybdis 3.6-dev, Copyright (c) 2005-2016 Charybdis team. +This is solanum 1.0-dev. See LICENSE for licensing details (GPL v2). -## charybdis-3.6-dev +## solanum-1.0 + +Includes changes from charybdis-4.1.3-dev. + +**This release includes breaking changes from charybdis 4.x.** Please pay close attention to +bolded warnings in the full release notes below. + +### build +- Add `--with-asan` to configure to produce an ASan instrumented build + +### server protocol +- OPER is now propagated globally, as :operator OPER opername privset + +### user +- **Breaking:** invite-notify is now enabled by loading the invite-notify extension +- Prioritise older, more important client capabilities for clients that can only accept + one line of CAP LS +- Add the solanum.chat/realhost vendor capability (provided by extensions/cap\_realhost) +- Add the solanum.chat/identify-msg vendor capability (provided by extensions/identify\_msg) +- Server-side aliases preserve protocol framing characters +- Add the +G user mode for soft callerid (implicitly allow users with a common channel) +- /invite no longer punches through callerid +- invite-notify now works +- Rejectcached users are now sent the reason of the ban that caused their reject in most cases +- Rejectcache entries expire when their corresponding K-lines do +- One-argument /stats and zero-argument /motd are no longer ratelimited +- Channel bans don't see through IP spoofs +- Global /names now respects userhost-in-names +- The `$j` extban is no longer usable inside ban exceptions +- TLSv1 connections are accepted. They can still be disabled using OpenSSL config if you don't + want them. TLSv1 existing is not thought to be a threat to up-to-date clients. + +### oper +- **Breaking:** Kick immunity for override is now its own extension, override\_kick\_immunity +- **Breaking:** /stats A output now follows the same format as other stats letters +- **Breaking:** helpops now uses +h instead of +H +- **Breaking:** sno\_whois and the spy\_ extensions have been removed +- Opers now have their privset (identified by name) on remote servers +- Oper-only umodes are refreshed after rehash and /grant +- Extension modules can be reloaded +- Override no longer spams about being enabled/disabled. It continues to spam on each use. +- Add /testkline, which has the same syntax as /testline but doesn't check if the mask is ilined +- /privs is now remote-capable and can respond with more than one line +- Most commands now respect oper hiding +- Massnotice (notice/privmsg to $$.../$#...) now alerts opers +- Massnotice no longer imposes any restrictions on the target mask +- /kline and /dline are hardened to invalid inputs +- K/D-lines are more consistent about checking for encoded ipv4-in-ipv6 addresses +- Add extensions/drain to reject new connections +- Add extensions/filter to filter messages, parts and quits with a Hyperscan database +- Add extensions/sasl\_usercloak to interpolate SASL account names into I-line spoofs + +### conf +- **Breaking:** Completely overhaul oper privs. All privset configs will need to be rewritten. + See reference.conf for details. +- Add the `kline_spoof_ip` I-line flag to make any spoof opaque to K-line matching +- Add general::hide\_tkline\_duration to remove durations from user-visible ban reasons +- Add general::hide\_opers, which behaves as if all opers have oper:hidden +- Add general::post\_registration\_delay +- Add general::tls\_ciphers\_oper\_only to hide TLS cipher details in /whois +- Add channel::opmod\_send\_statusmsg to send messages allowed by +z to @#channel +- Add class::max\_autoconn, with the behaviour of class::max\_number for servers prior to + charybdis 4 +- Add `secure {}` blocks. Networks listed in a secure block gain +Z and can match `need_ssl` I- + and O-lines. +- Remove general::kline\_delay +- If m\_webirc is loaded, connections that try to use a webirc auth block as their I-line will + be disconnected on registration + +### misc +- **Breaking:** WEBIRC now processes the "secure" option as specified by IRCv3. Web gateways that + do not set this option will need to be updated or their connections will show as insecure. +- Successfully changing IP with WEBIRC now drops an identd username + +### code +- Channel lists are now kept sorted. A for-loop macro, `ITER_COMM_CHANNELS`, is introduced to + efficiently compare two such lists. + + +## charybdis-4.1.2 + +### user +- src/s\_user.c: don't corrupt usermodes on module unload/reload + +## charybdis-4.1.1 + +### security +- Fix an issue with the PASS command and duplicate server instances. + +### misc +- Fix connection hang with blacklist/opm when ident is disabled. +- Improve SASL CAP notification when the services server disconnects. +- MbedTLS: Support ChaCha20-Poly1305 in default cipher suites. + +## charybdis-4.1 + +### misc +- SCTP is now supported for server connections (and optionally, user connections) + +## charybdis-4.0.1 + +### server protocol +- SJOIN messages were being constructed in a 1024 byte buffer and truncated to 512 bytes + when sending. This caused channels with more than 50 users to fail to propagate all of + them during a net join. + +## charybdis-4.0 ### build - Build system has been converted to libtool + automake for sanity reasons. +- The compile date is now set at configure time rather than build time, allowing for + reproducible builds. (#148, #149) +- Support for GNUTLS 3.4 has been added. ### user - Import the ability to exceed MAXCHANNELS from ircd-seven. +- Implement IRCv3.2 enhanced capability negotiation (`CAP LS 302`). +- Implement support for receiving and sending IRCv3 message tags. +- Implement IRCv3.2 capabilities: (#141) + - account-tag + - echo-message + - invite-notify + - sasl + - server-time +- SASL: certificate fingerprints are now always sent to the SASL agent, allowing for + the certificate to be used as a second authentication factor. ### oper - Merge several features from ircd-seven: @@ -20,14 +139,61 @@ See LICENSE for licensing details (GPL v2). - Implement a channel mode that disallows kicking IRC operators (+M). - Enhance the oper override system, allowing more flexibility and detail in network-wide notices. +- DNS, ident, and blacklist lookups have been moved to a dedicated daemon known + as authd. Some cosmetic changes to blacklist statistics and rejection notices + have resulted. +- An experimental OPM scanner has been added to authd. Plaintext SOCKS4, + SOCKS5, and HTTP CONNECT proxies can be checked for. +- The LOCOPS command has been moved from core to an extension. +- All core modules in charybdis have descriptions, which are shown in MODLIST. +- Suffixes should not be used when doing /MODLOAD, /MODUNLOAD, /MODRELOAD, etc. + +### misc +- Support for WebSocket has been added, use the listen::wsock option to switch + a listener into websocket mode. ### conf - Add the ability to strip color codes from topics unconditionally. +- The obsolete hub option from server info has been removed. + +### docs +- The documentation has been cleaned up; obsolete files have been purged, and + files have been renamed and shuffled around to be more consistent. ### code +- `common.h` is gone. Everything useful in it was moved to `ircd_defs.h`. +- `config.h` is gone; the few remaining knobs in it were not for configuration + by mere mortals, and mostly existed as a 2.8 relic. Most of the knobs live in + `defaults.h`, but one is well-advised to stay away unless they know exactly + what they are doing. +- A new module API has been introduced, known as AV2. It includes things such as + module datecodes (to ensure modules don't fall out of sync with the code), + module descriptions, and other fun things. +- Alias and module commands are now in m_alias and m_modules, respectively, and + can be reloaded if need be. For sanity reasons, m_modules is a core module, + and cannot be unloaded. +- irc_dictionary and irc_radixtree related functions are now in librb, and + prefixed accordingly. Typedefs have been added for consistency with existing + data structures. For example, now you would write `rb_dictionary *foo` and + `RB_DICTIONARY_FOREACH`. +- C99 bools are now included and used in the code. Don't use ints as simple true + or false flags anymore. In accordance with this change, the `YES`/`NO` and + `TRUE`/`FALSE` macros have been removed. +- Return types from command handlers have been axed, as they have been useless + for years. +- libratbox has been renamed to librb, as we have diverged from upstream long + ago. - Almost all 2.8-style hashtable structures have been moved to dictionaries or radix trees, resulting in significant memory savings. - The block allocator has been disabled and is no longer used. +- The ratbox client capabilities have been ported to use the ircd capabilities + framework, allowing for modules to provide capabilities. +- Support for restarting ssld has been added. ssld processes which are still + servicing clients will remain in use, but not service new connections, and + are garbage collected when they are no longer servicing connections. +- Support for ratbox-style 'iodebug' hooks has been removed. +- New channel types may be added by modules, see `extensions/chantype_dummy.c` + for a very simple example. ## charybdis-3.5.0 @@ -678,7 +844,7 @@ See LICENSE for licensing details (GPL v2). ## charybdis-1.0 - Implement channel mode +L for channel list limit exemptions. -- Implement channel mode +P primarily as a status mode, permanant +- Implement channel mode +P primarily as a status mode, permanant channel -- this is usually enforced via services registrations. - Change behaviour of /stats p: now displays all staff members instead of local ones only.