1Unreal3.2.10.7 Release Notes
2=============================
3
4==[ UNREALIRCD 3.2.X IS DEPRECATED ]==
5You are currently viewing the release notes of UnrealIRCd 3.2.10.7.
6UnrealIRCd 3.2.* will no longer be supported after December 31, 2016.
7You should upgrade to UnrealIRCd 4 before that date.
8See https://www.unrealircd.org/docs/UnrealIRCd_3.2.x_deprecated
9
10==[ GENERAL INFORMATION ]==
11- If you are upgrading on *NIX, then make sure you run 'make clean' and
12  './Config' first, before running 'make'.
13- The official UnrealIRCd 3.2.x documentation is available online at
14  https://www.vulnscan.org/UnrealIRCd/unreal32docs.html
15  FAQ: https://www.vulnscan.org/UnrealIRCd/faq/
16  Read them before asking for help.
17- Report bugs at https://bugs.unrealircd.org/
18- The purpose of the sections below (NEW, CHANGED, MINOR, etc) is to be a
19  SUMMARY of the changes in this release. See the file 'Changes' for a
20  complete list of all changes.
21
22==[ .7 RELEASE ]==
23The following issue was fixed in 3.2.10.7:
24- Fix SASL EXTERNAL security issue
25
26==[ .6 RELEASE ]==
27The following has been addressed in 3.2.10.6:
28- Add notes regarding deprecation of 3.2.x series
29- Build with latest OpenSSL to fix crash issue (Windows)
30- Don't show vcredist dialog if installed (Windows installer)
31
32==[ .5 RELEASE ]==
33The following issues have been fixed in 3.2.10.5:
34- Crash when SASL is enabled (set::sasl-server)
35- A compile problem with LibreSSL
36
37==[ .4 RELEASE ]==
38Two major issues were fixed:
39- Compile problems when using clang instead of gcc (such as on FreeBSD & OS X)
40- For services who allow you to log in by account name but still allow you to
41  use a different nick: when you're logged in you are now considered
42  registered as far as mode +M and +R are concerned.
43  Tech: whenever services set SVID and it's not * and does not start with a
44  number, then we consider this user to be 'logged in'.
45  Whenever a user is set +r (s)he is also considered 'logged in'.
46  This way it's compatible with both older and new services and doesn't
47  (or shouldn't) introduce security issues with older services using
48  servicetimestamp for nick tracking or other means.
49Additionally:
50- curl-ca-bundle.crt has been updated to use latest certificates
51- The Windows libraries (OpenSSL, curl, ..) have been updated.
52
53==[ .3 RELEASE ]==
54The following issues have been fixed in 3.2.10.3:
55- Crash when SASL is enabled and ping-cookie is disabled
56- Compile issue with remote include
57- OS X compile problems
58- ./unreal backtrace not always working well
59Changes:
60- For silenced users we now only check the current nick!user@host
61- Server to server links now use latest TLS (eg: v1.2) instead of SSLv3
62New:
63- Added set::spamfilter::stop-on-first-match (default yes). You can change
64  this to 'no' to have UnrealIRCd continue processing all spamfilters even
65  after the first match. The spamfilter with the 'gravest action' wins
66  (eg: gzline wins from block).
67
68==[ .2 RELEASE ]==
69The following major issues were present in 3.2.10 & 3.2.10.1 and have
70been fixed in this version:
71- A remote crash issue when compiled with SSL (NULL pointer dereference)
72- A second issue that can potentially lead to a crash (read-after-free)
73
74In addition to these 3.2.10.x fixes there were also some other bugs fixed,
75mostly in the area of server linking and flood hardening.
76
77The external libraries of the Windows version have been updated (openssl,
78c-ares, zlib). The bundled c-ares source (for *NIX) has been updated too.
79
80==[ .1 RELEASE ]==
81The following bugs in version 3.2.10 were fixed in this 3.2.10.1 release:
82- Windows only: outgoing connects from Windows caused severe linking issues,
83  including killing of (ghost) users on the Windows server.
84- An issue where user modes were stripped from remote clients, this caused
85  a problem for Anope BotServ bots.
86- A compile problem on OpenBSD.
87- '/REHASH -global' did not rehash all servers.
88- Some documentation updates.
89
90==[ 3.2.10 RELEASE ]==
91Below is a summary of all changes with respect to 3.2.9:
92
93==[ NEW ]==
94- Improved socket engine. This brings some performance improvements and
95  also makes it easier to configure a system to hold more than 1024
96  clients (no more editing of header files on Linux!).
97- ESVID support: services can communicate the account name of the user
98  back to the IRCd. This only works on ESVID-capable services:
99  - Extban ~a:<accountname>: matches users who are logged in to services
100    with that account name.
101  - Show account name in /WHOIS
102- CAP support: this enables clients to enable certain features more easily.
103  Can be disabled through set::options::disable-cap.
104- Now that STARTTLS is advertised in CAP it is likely to be used more often.
105- away-notify: informs clients of AWAY state changes of users on the same
106  channels, for clients that support this.
107- account-notify: similar to away-notify, inform clients of changes in the
108  login status and account name used by other clients on the same channels.
109- SASL support. To use this, and if your services support this, you point
110  set::sasl-server to your services server.
111- Server-side MLOCK support: the IRCd will prevent channel mode changes
112  depending on the MLOCK setting in services. Requires special support
113  from services for this feature.
114- User Mode +I (IRCOp only): hide idle time
115- auth-method 'sslclientcertfp': authenticate users using an SSL client
116  certificate by the SHA256 fingerprint of that certificate.
117  The documentation has a new section (3.19) called 'Authentication Types'
118  which contains an (improved) example of how to use SSL client certificate
119  authentication instead of regular passwords.
120- oper::require-modes: an optional setting, which can be used to require
121  users to have certain user modes (such as 'z') before they can /OPER up.
122- allow/deny channel: you can now optionally specify a class here as an
123  extra filter.
124- doc/example.es.conf: Spanish translation of example configuration file.
125- There have also been some behavior changes, which can be considered NEW,
126  see next section (CHANGED).
127
128==[ CHANGED ]==
129- Anti-spoof protection (ping cookies) can now be enabled/disabled at
130  run-time through set::ping-cookie [yes|no]. The default is 'yes' (enabled).
131- A quit with 'Ping timeout' now shows the number of seconds since the ping.
132- Print out a warning if we can't write to a log file.
133- Refuse to boot if we can't write to ANY log file.
134- Windows: if an SSL certificate exists, then uncheck the 'generate SSL
135  certificate' checkbox by default.
136- *NIX with SSL: We now ask in ./Config if you want to generate an SSL
137  certificate. The certificate is then copied when you run 'make install'.
138
139==[ MAJOR BUGS FIXED ]==
140- Windows SSL crash (this issue was already fixed in 3.2.9-SSL-fix)
141- Other than that, none?
142
143==[ MINOR BUGS FIXED ]==
144- Various compile problems, in particular with remote includes enabled.
145- Windows: the installer sometimes insisted that the Visual C++ 2008
146  redistributable package was not installed, when it actually was there.
147- Windows: MOTD file date/time was always showing up as 1/1/1970.
148- And more... see Changelog
149
150==[ REMOVED / DROPPED ]==
151- Windows 9X is no longer supported
152- The networks/ directory has been removed
153
154==[ KNOWN ISSUES ]==
155- Regexes: Be careful with backreferences (\1, etc), certain regexes can
156  slow the IRCd down considerably and even bring it to a near-halt.
157  In the spamfilter user target it's usually safe though.
158  Slow spamfilter detection can help prevent the slowdown/freeze, but
159  might not work in worst-case scenario's.
160- Regexes: Possessive quantifiers such as, for example, "++" (not to be
161  confused with "+") are not safe to use, they can easily freeze the IRCd.
162
163==[ ADDITIONAL INFO ]==
164- See Changelog for more details
165