NEWS.md 99.1 KB
Newer Older
Janik Kleinhoff's avatar
Janik Kleinhoff committed
1 2
Atheme Services 7.3 Development Notes
=====================================
3

Janik Kleinhoff's avatar
Janik Kleinhoff committed
4 5
There have been various changes since the last non-point release, most of which
are not documented here yet.
Janik Kleinhoff's avatar
Janik Kleinhoff committed
6

7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
GUARANTEED COMPATIBILITY BREAKAGE
---------------------------------

- The `loadmodule` lines in the configuration file no longer take the
  "modules/" prefix. The example configuration file at
  `dist/atheme.conf.example` has been updated accordingly.

  So, if you currently have: `loadmodule "modules/nickserv/cert";`
  Then you will need to change this to: `loadmodule "nickserv/cert";`

  This can be done en masse with a `sed(1)` invocation on your configuration
  file. Please take a backup first:

  ```
  $ cp atheme.conf atheme.conf.bak
  $ sed -r -i -e 's|^loadmodule "modules/|loadmodule "|g' atheme.conf
  ```

25 26
POTENTIAL COMPATIBILITY BREAKAGE
--------------------------------
27

28 29 30 31 32 33
- Services now accepts nicknames up to 50 characters in length, because some
  IRCds like Charybdis do (if so configured). However, if you actually *use*
  nicknames on your network greater than *31* characters, your database WILL
  NOT be compatible with earlier versions of this software (<= 7.2). PLEASE
  consider this VERY CAREFULLY! This closes issue #601.

34
- The POSIX password crypto module has been removed. If you used this module on
35 36 37
  Atheme <= 7.2, this module has been replaced with 4 other modules (2 of which
  provide compatibility for the removed module). The module you need to load
  depends upon the operating system Atheme was being used on; if it was Mac OS
38 39 40 41 42 43
  then you need to load `crypto/crypt3-des` instead. If it was any other
  operating system, then you need to load `crypto/crypt3-md5` instead. Note
  that these 2 modules are compatibility modules; they can only verify existing
  encrypted passwords, they cannot encrypt new ones. You must load an
  encryption-capable crypto module. Please see the Password Hashing Modules
  section of `dist/atheme.conf.example`.
44

45
- If you (still) use legacy password crypto (verify-only) modules (`anope-*`,
46 47 48 49
  `base64`, `crypt3-des`, `crypt3-md5`, `ircservices`, `raw*`), then you MUST
  pass the `--enable-legacy-pwcrypto` flag to `./configure`, or these modules
  will NOT be compiled or installed. The presence of this flag can be confirmed
  at the bottom of the `configure` output; "Legacy Crypto Modules".
50

51 52 53 54
- The `nickserv/cracklib` module has been renamed to `nickserv/pwquality`
  because it is now capable of using `libpasswdqc` as well. The corresponding
  configuration item `nickserv::cracklib_warn` has been renamed to
  `nickserv::pwquality_warn_only` too.
55

56 57 58
- The `gameserv/happyfarm` module has been removed, as it was never completely
  finished and never worked anyway. Please remove this module from your
  configuration file, regardless of the version of services you are using.
59

60
- The `operserv/override` module has been removed. It did not provide
Janik Kleinhoff's avatar
Janik Kleinhoff committed
61 62 63
  sufficient transparency to users while providing a great potential for abuse.
  Additionally, it caused crashes if used with certain commands. Any legitimate
  use of this module should be possible to replace with a more specific command
64 65
  (such as `chanserv/fflags`). If you encounter a use case that cannot be
  replaced, please report a bug to let us know.
Janik Kleinhoff's avatar
Janik Kleinhoff committed
66

67
- The `operserv/set` module has been broken up into individual modules.
68 69 70 71
  Existing loadmodule configurations will continue to work, but you will
  receive a module deprecation warning if you load it. Please see the
  `dist/atheme.conf.example` file for the new submodule names.

72 73 74 75 76 77 78
- The `operserv/modinspect`, `operserv/modload`, `operserv/modreload` and
  `operserv/modunload` modules have been removed, and replaced with a single
  module `operserv/modmanager`. Please migrate your configuration if you were
  previously using any of these 4 modules, and rely upon the `operserv::access`
  configuration block to restrict usage of commands if you were e.g. previously
  running without `operserv/modload` loaded.

79 80 81
- The NickServ DROP command no longer requires the user's account password as
  an argument.

82 83 84 85
- Configuration options for all crypto modules have now been merged into a
  single top `crypto {}` block. Please see `dist/atheme.conf.example` for how
  to adapt your current crypto module configuration, if any.

86
- The `crypto/pbkdf2` module has been made verify-only, as it has been
87
  superseded by `crypto/pbkdf2v2`. Migration instructions are located in the
88 89 90 91 92
  `crypto {}` section comments in `dist/atheme.conf.example`. This module *is*
  still compiled and installed by default; it is *not* considered a legacy
  module for the purposes of `./configure --enable-legacy-pwcrypto` (above)
  because it does not use weak cryptographic primitives.

93 94 95 96 97 98
- The `crypto/argon2d` module has been removed, and replaced with a more
  generic `crypto/argon2` module that links against `libargon2` and supports
  more features, including pseudo-threading and different subtypes (Argon2i
  and Argon2id) too. If you were using this module on version 7.2, please see
  the `dist/atheme.conf.example` file for migration instructions. The names of
  the configuration options have changed! You will need libargon2 available at
99
  configure-time (`--with-argon2`).
100

101
Security
102
--------
103
- Services now accepts email addresses that may contain shell metacharacters.
104 105 106
  If your `mta` setting points at a shell script, please ensure that it
  properly handles email addresses with special characters in them.

107 108 109 110
- Services will now refuse to encrypt new passwords with older compatibility
  modules. You must load an encryption-capable password crypto module if you
  want new user registrations and changed passwords to be encrypted; you will
  receive an error message every time encryption is attempted if you do not.
111
  Please see `dist/atheme.conf.example` and the Password Cryptography section
Aaron Jones's avatar
Aaron Jones committed
112 113
  below for more information.

114 115
- Services will now refuse to run as root.

116 117 118 119 120
- Services no longer prints plaintext passwords back to you for NickServ
  `SETPASS` and `SET PASSWORD`. This allows IRC client password redaction
  (where supported, e.g. in WeeChat) to achieve its purpose of preventing the
  user's account password from persisting in on-disk log files.

121
- Services now has a much more rigorous random number generation interface
122 123 124 125 126
  and will e.g. refuse to use `arc4random(3)` unless we are actually on
  OpenBSD (which is the only platform that uses a secure algorithm for it).
  Support for libsodium random number generation was added, and the new
  preferred order for random number generation frontends (which can be over-
  ridden by an argument to `./configure`) is:
127 128 129

  - OpenBSD `arc4random(3)`, or
  - libsodium `randombytes(3)`, or
130
  - OpenSSL `RAND_bytes(3)`, or
131 132
  - ARM mbedTLS `hmac_drbg_random(3)` with SHA2-512, or
  - ARM mbedTLS `hmac_drbg_random(3)` with SHA2-256, or
133 134 135 136 137
  - Internal ChaCha20-based Fallback RNG, seeded by
    - `getentropy(3)`, or
    - `getrandom(2)`, or
    - `urandom(4)`

Aaron Jones's avatar
Aaron Jones committed
138 139 140 141 142
SASL
----
- SASLServ and its modules have been almost entirely re-written
- Advertise SASL mechanism list to UnrealIRCd servers
- Use a parameter vector to allow an arbitrary number of S2S arguments
143 144
- Indicate whether the client is on a plaintext connection or not.
  - This can be used by user_can_login hooks.
145
- Add support for SASL SCRAM logins (see `doc/SASL-SCRAM`)
146 147 148
- Add support for Curve25519 ECDH-based challenge-response logins
  - This is a private SASL mechanism that does not have widespread client
    support yet, but it is expected to eventually replace the older
149
    `ECDSA-NIST256P-CHALLENGE` mechanism, due to concerns within the
150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166
    cryptographic community about the safety of the NIST curves.
  - A complete mechanism documentation, including the protocol, and a design
    rationale, is located in `modules/saslserv/ecdh-x25519-challenge.c`. This
    will enable client authors to integrate the functionality into their IRC
    clients.
  - A tool, `atheme-ecdh-x25519-tool`, is provided (and is installed into
    `bin/` by `make install`) to enable users to generate private keys, obtain
    their public keys in base64 format (to pass to `NickServ SET`), encode
    keypairs as a QR-Code (should mobile clients end up implementing this
    functionality, and users wish to easily transfer their private keys), and
    serve as a reference tool to generate server challenges, and responses to
    server challenges, for client authors to verify their implementations
    against. Note that the QR-Code printing support requires a UTF-8-capable
    terminal emulator, with a monospace font supporting Unicode box-drawing
    characters.
  - If you wish to build and install the tool without building and installing
    everything, simply execute the following commands in the source directory:
167
    - `./configure --with-libmowgli=no`
168
    - `make libathemecore`
169 170 171
    - `make -C libathemecore/ install`
    - `make -C src/ecdh-x25519-tool/ install`
    - `~/atheme/bin/atheme-ecdh-x25519-tool -h`
Aaron Jones's avatar
Aaron Jones committed
172 173 174 175

MemoServ
--------
- MemoServ: let user know when their inbox is full
176 177 178 179
- Request: Add silent rejection feature and no subsequent requests feature
  - This will be useful on networks that have a bot to handle vhost requests
    automatically. Please see the `HELP` output for `REJECT`, and the comments
    on the `no_subsequent_requests` option in `dist/atheme.conf.example`.
Aaron Jones's avatar
Aaron Jones committed
180 181 182

ChanServ
--------
183
- Save `PUBACL` flag to database so it isn't lost when services restarts
184 185
- Add `default_mlock` option to adjust the default MLOCK value, similar
  to the existing `contrib/mlocktweaker` module
Aaron Jones's avatar
Aaron Jones committed
186

187 188
NickServ
--------
189 190
- Port `contrib/ns_waitreg` to `nickserv/waitreg`
- Port `contrib/ns_listlogins` to `nickserv/listlogins`
191 192 193 194
- Blame a specific channel when a NickServ `REGAIN` fails due to a channel ban
- NickServ `RETURN` now enables the `HIDEMAIL` flag if the email was changed
  (unless the flag is unset by default)

Aaron Jones's avatar
Aaron Jones committed
195 196
IRCds
-----
197
- Support `chm_nonotice.so` (Block channel notices) extension in charybdis IRCd
Aaron Jones's avatar
Aaron Jones committed
198 199 200 201 202 203
- Support cmode +M in charybdis (and make it oper-only)
- Support cmode +T in UnrealIRCd
- Support cmode +D in UnrealIRCd 4
- Add protocol module for ChatIRCd 1.1.x
- Check for NULL send/receive password on connection to IRCd

204
Misc
Aaron Jones's avatar
Aaron Jones committed
205 206
----
- Replace Base-64 codec to fix erroneous failures and add a raw encoder
Aaron Jones's avatar
Aaron Jones committed
207 208
- `dist/atheme.conf.example`: document `SET NOPASSWORD` module
- Services will no longer begin a new database unless passed the `-b` option
209 210 211
- Make the OperServ `MODLIST` command available to everyone
- Document the `special:authenticated` privilege
- Add a Turkish translation
Aaron Jones's avatar
Aaron Jones committed
212 213 214

Build System
------------
215 216
- `m4/`: don't check for warning flags that `gcc -Wall` enables
- `m4/`: don't check for warning flags that `gcc -Wextra` enables
217
- `m4/`: check for more warning flags
218
- `m4/`: support `clang`'s `-Weverything` flag
219 220
- `m4/atheme-libtest-*.m4`: ensure most called functions are actually linkable
- `m4/atheme-libtest-*.m4`: use pkg-config to look for libraries where possible
221
- `configure`: don't venture outside the build directory for headers if
Aaron Jones's avatar
Aaron Jones committed
222
  using the in-tree libmowgli-2 submodule
223
- `configure`: Detect PCRE support automatically instead of requiring the
224 225
  user to ask us to build against it (`--with-pcre`)
- `buildsys.mk.in`: clearly indicate link output file for `make V=1` text
Aaron Jones's avatar
Aaron Jones committed
226 227
- Makefiles: remove PCRE `CFLAGS` and `LIBS` from programs that don't use it
- Makefiles: separate `LDFLAGS` from `LIBS`
Aaron Jones's avatar
Aaron Jones committed
228
- Makefiles: build source files in alphabetical order
229
- Makefiles: tidy up everything and document authorship
230 231 232 233
- `configure`: conditionally compile `libathemecore/qrcode.c`
- `configure`: add `--with(out)-qrencode` flag to allow controlling detection
- `configure`: Make `--enable-ssl` now `--with-openssl` to match libmowgli
- `configure`: If `--with-openssl`, only build against libcrypto, not libssl
Aaron Jones's avatar
Aaron Jones committed
234 235
- `configure`: cleanly separate `CFLAGS` from `CPPFLAGS`
- `configure`: don't add `MOWGLI_CFLAGS` and `MOWGLI_LIBS` twice
236 237
- `configure`: print expanded directories
- `configure`: print final configuration in a nicer, grouped, format
Aaron Jones's avatar
Aaron Jones committed
238 239 240 241
- `configure`: print `CC`/`CFLAGS`/`CPPFLAGS`/`LD`/`LDFLAGS`
- `configure`: indicate if `--enable-warnings` was given
- `configure`: detect support for `-Wl,-z,relro`, `-Wl,-z,now`, `-Wl,--as-needed`
- `configure`: don't link everything against `-lcrypt`
242
- `configure`: add `--enable-compiler-sanitizers` flag for ASan, UBSan, etc.
243
- Update third-party files (`ABOUT-NLS`, `autoconf/*`, `m4/*.m4`)
244
- Fix building contrib modules on non-Linux machines
245
- Clarify that `GIT-Access` is a file by renaming it to `GIT-Access.txt`
Aaron Jones's avatar
Aaron Jones committed
246 247 248

Password Cryptography
---------------------
249
- The existing crypto modules no longer need OpenSSL (or any crypto library)
250
- Add support for scrypt password encryption with `crypto/scrypt`.
251
  The scrypt module requires libsodium (`--with-sodium`).
252
- Add support for bcrypt password encryption with `crypto/bcrypt`.
253 254 255
- `libathemecore/crypto.c`: log current crypto provider on mod(un/re)load
- `libathemecore/crypto.c`: rip out plaintext fallback implementation
- Make old modules (`ircservices`, `pbkdf2`, `rawmd5`, `rawsha1`) verify-only
256 257
  - If you are still using pbkdf2, it is recommended to migrate to pbkdf2v2.
  - A migration script is included in the contrib/ directory.
258 259
- Add verify-only `rawsha2-256` and `rawsha2-512` modules to verify more
  password hashes from other sources.
Aaron Jones's avatar
Aaron Jones committed
260 261 262 263 264 265
- Warn admin if no encryption-capable crypto modules are loaded
- Generating new encrypted passwords is now much more efficient
- Try encrypting a password with each module in turn instead of giving up
- Indicating whether a password needs re-encrypting is now much more efficient
- Verifying a password hash no longer wastes CPU time on modules that didn't
  produce it if the module that did produce it fails to verify it
Aaron Jones's avatar
Aaron Jones committed
266
- A new core module `operserv/genhash` is available to generate password hashes
267
  suitable for use as services operator passwords. This alleviates the need to
Aaron Jones's avatar
Aaron Jones committed
268
  build contrib module support and use `contrib/ns_generatehash`.
269 270
- The `crypto/posix` module has been replaced with individual `crypt3-*` modules.
  Please see the Password Hashing Modules section of `dist/atheme.conf.example`.
271
- Legacy password crypto modules are now not compiled or installed by default.
Aaron Jones's avatar
Aaron Jones committed
272 273


274

Janik Kleinhoff's avatar
Janik Kleinhoff committed
275 276
Atheme Services 7.2 Release Notes
=================================
Janik Kleinhoff's avatar
Janik Kleinhoff committed
277 278 279

Since late February 2016, Atheme is being brought back to development (managed and
maintained by a few of the fork maintainers). Atheme 7.2.7 is the first release
Janik Kleinhoff's avatar
Janik Kleinhoff committed
280
since that change. The 7.2 line includes various fixes, some backported from the forks.
281

Max Teufel's avatar
Max Teufel committed
282 283 284 285 286 287
security
--------

- [CVE-2014-9773](https://www.cvedetails.com/cve/CVE-2014-9773/): Remote attackers could modify the behavior of the Anope FLAGS compatibility code by registering the keyword nicks LIST, CLEAR, or MODIFY. Reported by ToBeFree.
- [CVE-2016-4478](https://www.cvedetails.com/cve/CVE-2016-4478/): Buffer overflow in XMLRPC code. Reported by hc.

Mantas Mikulėnas's avatar
Mantas Mikulėnas committed
288 289 290
nickserv
--------
- Make `VHOST` set cloak assigner and timestamp the same way HostServ does
Mantas Mikulėnas's avatar
Mantas Mikulėnas committed
291
- Make `INFO` call the `user_info_noexist` hook for queries that don't match an account
William Pitcock's avatar
William Pitcock committed
292
- Make `REGAIN` log you in if successful.
Mantas Mikulėnas's avatar
Mantas Mikulėnas committed
293
- Allow implementing custom filters for `LIST`
William Pitcock's avatar
William Pitcock committed
294
- nickserv/multimark: new module which allows multiple MARK entries per nickname.
Max Teufel's avatar
Max Teufel committed
295 296 297 298 299 300 301 302 303 304 305 306 307 308
- wallops when vhosting a marked account
- nickserv/vhost: update usercloak metadata on vhost removal
- nickserv/{enforce,ghost}: respect frozen accounts
- nickserv/set_accountname: disallow change if RESTRICTed
- nickserv/set_pubkey: new module (keeping backwards compatibility with old syntax)
- nickserv/set_nopassword: new module
- nickserv/{reset,set,send}pass: various fixes
- nickserv/regain: the target user's bannedness shouldn't matter
- nickserv: Verify that the nick being regained is valid.
- nickserv/enforce: prevent regaining reserved nicks
- nickserv/cert: Add CLEAR command
- nickserv/set_email: relax verification requirements so that typo'd email addresses can be fixed (closes #441)
- nickserv/list: new criterion VACATION
- nickserv/info: show "Channels" line if the source user also is the target
Mantas Mikulėnas's avatar
Mantas Mikulėnas committed
309

Mantas Mikulėnas's avatar
Mantas Mikulėnas committed
310 311 312
chanserv
--------
- Add a `$server:` exttarget accepting server masks
William Pitcock's avatar
William Pitcock committed
313 314 315 316 317 318
- Add `PUBACL` flag which allows the channel access to be public.
- Don't allow `DEOP` or `KICK` of a services bot.
- Don't try to expand extbans in various commands.
- Allow users with +O or +V flags to op/voice themselves, since they can regain op/voice
  by cycling the channel anyway.
- chanserv/clear_akicks: new module providing a `CLEAR AKICKS` command.
Max Teufel's avatar
Max Teufel committed
319 320 321 322 323 324 325 326 327 328 329 330
- Always move on to the next nick in case of an error in /cs op etc.
- Tell the user who they failed to op/voice if they don't have enough privs
- +e added to chanserv{} templates and founder_flags
- chanserv: remove set_founder
- chanserv: use myentity_allow_foundership() to control whether or not an entity can take +F (ref #427)
- chanserv/set_*: announce changes via verbose()
- chanserv/flags: make Anope FLAGS compatibility an option (addresses CVE-2014-9773)
- fix an issue where activating a channel in the moderation queue would op the wrong person
- chanserv: move libathemecore component of bouncing mode changes on secure channels to chanserv (closes #449)
- chanserv/clone: do not clone HOLD, and ANTIFLOOD AKILL flags
- MC_SECURE: do not deop services
- help: mention INFO instead of RECOVER
William Pitcock's avatar
William Pitcock committed
331 332 333 334

gameserv
--------
- gameserv/dice: make the maximum roll count configurable.
Mantas Mikulėnas's avatar
Mantas Mikulėnas committed
335

336 337 338
groupserv
---------
- Hook into `sasl_may_impersonate` to support group-membership checks
William Pitcock's avatar
William Pitcock committed
339
- groupserv/set_groupname: new module allowing renaming a groupserv group
Max Teufel's avatar
Max Teufel committed
340 341 342 343 344 345
- Added group_register and group_drop hooks (addresses #428)
- groupserv: Rewrite flags parser to use ga_flags
- groupserv: Fix incorrect behaviour for flags +*
- groupserv: Fix inconsistencies with FLAGS
- groupserv/main: allow groups to take +F (ref #427)
- Add unverified user check
William Pitcock's avatar
William Pitcock committed
346 347 348 349

helpserv
--------
- helpserv/ticket: optionally accept a close reason and send a memo to an offline user
Max Teufel's avatar
Max Teufel committed
350
- helpserv/ticket: mention possibility of using close reason in the help file, and log it
William Pitcock's avatar
William Pitcock committed
351 352 353 354 355

operserv
--------
- operserv/rwatch: allow creation of RWATCH rules which k-line if 'K' is a modifier on the
  provided regexp.
Max Teufel's avatar
Max Teufel committed
356
- some commands now use kline_add instead of kline_sts to allow easier management of automated klines
357

Mantas Mikulėnas's avatar
Mantas Mikulėnas committed
358 359 360
saslserv
--------
- Add support for SASL authorization identities
361
- Add a `sasl_may_impersonate` hook
362
- The DH-AES and DH-BLOWFISH mechanisms were removed in their entirety.
William Pitcock's avatar
William Pitcock committed
363
- Add support for IRCv3.2-draft SASL mechanism list caching, implemented by InspIRCd 2.2.
Max Teufel's avatar
Max Teufel committed
364 365 366 367 368
- saslserv/ecdsa-nist256p-challenge: add backwards compatibility for old pubkey syntax
- saslserv: call bad_password on SASL authentication failure
- saslserv: use message source to get the source server
- saslserv: try to include source host in SASL failure message
- SASL: Log mechanism used by authenticated clients
Mantas Mikulėnas's avatar
Mantas Mikulėnas committed
369 370 371 372

alis
----
- Add a `list ... -showsecret` flag (chan:auspex) to list secret channels
373 374 375 376

perl api
--------
- Export SaslServ's `sasl_may_impersonate` hook
Max Teufel's avatar
Max Teufel committed
377
- Forward compatibility for hooks
378

379 380
ircd protocol
-------------
381
- Add user flag for tracking external services clients
Mantas Mikulėnas's avatar
Mantas Mikulėnas committed
382 383 384
- inspircd: Hopefully fix ignored account names when linking to the network
- inspircd: Various improvements to InspIRCd 2.0 support
- inspircd: Remove InspIRCd 1.2 and 2.1beta support
William Pitcock's avatar
William Pitcock committed
385 386
- inspircd: Add support for rejoindelay property in InspIRCd 2.2
- inspircd: Change the opertype used from 'Services' to 'Service'
Mantas Mikulėnas's avatar
Mantas Mikulėnas committed
387 388 389 390 391
- ircnet: Implement oper-wallops, using individual notices
- ngircd: Enable +qaohv support
- ngircd: Ignore non-# channels for now
- ngircd: Implement oper-wallops, using individual notices
- unreal: Request MLOCK messages when linking to the network
Mantas Mikulėnas's avatar
Mantas Mikulėnas committed
392
- sporksircd: Nuke obsolete module
Max Teufel's avatar
Max Teufel committed
393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409
- clean up the mix of spaces & tabs
- convert ircd_t to C99 struct syntax
- unreal: fix checking of +f syntax
- ts6-generic: add DLINE/UNDLINE implementation
- ts6-generic: add support for sending mechlists
- unreal: Add support for unreal 4 in a separate module
- hybrid: remove obsolete module
- undernet: remove obsolete module
- ShadowIRCd: remove obsolete module
- inspircd: add ZLINE/UNZLINE implementation
- inspircd: use DELLINE for XLine removal
- inspircd: properly recognize CSTATUS_IMMUNE (+Y)
- inspircd: Only set hideoper mode on oper pseudoclients
- charybdis: Support chm_nonotice.so (Block channel notices) extension
- charybdis: Support cmode +M in charybdis and make it oper-only
- charybdis: Setting CMODE_IMMUNE as .oimmune_mode
- inspircd: Fix atoi logic error preventing maximum rejoindelay value
Mantas Mikulėnas's avatar
Mantas Mikulėnas committed
410 411 412 413 414

other
-----
- various: Fix quite a few resource leaks and possible null derefs
- crypto/pbkdf2: Detect malformed (truncated) hashes
William Pitcock's avatar
William Pitcock committed
415 416 417 418 419
- contrib/cap_sasl.pl: Import various fixes from freenode's v1.5
- contrib/cap_sasl.pl: Implement SASL EXTERNAL, ECDSA-NIST256P-CHALLENGE
- contrib/cap_sasl.pl: Fix crash if irssi has ICB or SILC plugins loaded
- contrib/cap_sasl.pl: Fix crash if disconnected while waiting for SASL reply
- transport/jsonrpc: new module implementing JSONRPC transport
Max Teufel's avatar
Max Teufel committed
420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435
- contrib/cap_sasl.pl: various other improvements
- time_format: show the timezone
- exttarget: explicitly disallow foundership for exttargets (closes #427)
- help: various updates to reflect changes
- help: clarify some behavior
- [database] Make services respect an external umask when saving
- transport/xmlrpc: Do not copy more bytes than were allocated (addresses CVE-2016-4478)
- add a user_can_login(si, mu) hook
- Add an option to strip build date for reproducible builds
- botserv/set_saycaller: (optionally) give caller-nick
- chanfix/fix: stay in log channel after fixes
- various: code style fixes, fix some memory leaks and some warnings
- i18n: mark more strings as translatable
- atheme.conf example: updated to reflect changes
- proxyscan/dnsbl: Improve the module and fix multiple crashes
- i18n: update po/POTFILES.in
436

Aaron Jones's avatar
Aaron Jones committed
437 438
crypto
------
439 440
- argon2d:  New module implementing algorithm that won the Password
            Hashing Competition (2015).
Aaron Jones's avatar
Aaron Jones committed
441 442 443
- pbkdf2v2: Newer module implementing PBKDF2-HMAC digest scheme
            with backward compatibility and limited forward compatibility

Max Teufel's avatar
Max Teufel committed
444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464
libathemecore
-------------

- add dline/undline core interface
- user_is_channel_banned(): respect +e if applicable
- user_is_channel_banned(): check for voice/op/etc.
- do not allow entities under restriction to take +F at all (closes #439)
- fix issue where pretty_mask would return host!*@*
- chanacs_user_flags(): do not grant effective flags other than +b to unverified users (closes #416).
- flags: update_chanacs_flags(): do not assume that a protocol module is loaded.
- try_kick(): add support for inspircd-style per-user kick immunity the right way
- entity: add new entity validator for taking +F (ref #427)
- logger: use ISO 8601 in log files

hostserv
--------

- hostserv: Remove group-specific offered vhosts when group dropped
- Add DROP command
- hostserv/request: Ignore request if requested vhost already set

465 466 467 468 469 470 471 472 473 474 475 476
Atheme Services 7.1 Release Notes
=================================
In addition to assorted bugfixes in various subsystems from 7.0, the
following changes have been introduced in 7.1.

ircd protocol
-------------
- ngircd: New protocol module.
- nefarious: Add Nefarious 2 SASL support.
- nefarious: Send account timestamp in svslogin.
- elemental-ircd: New protocol module.
- dreamforge: Remove protocol module.
477
- inspircd: Add support for server-side MLOCK and TOPICLOCK enforcement
478 479 480
- inspircd: Add support for matching extbans modifying matching logic
- inspircd: Add +H to channel modes
- inspircd: Add +X and +w to list-like mode list
Alex Iadicicco's avatar
Alex Iadicicco committed
481
- ircd-seven: Support charybdis extension cmodes on ircd-seven as well.
482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503
- ts6-generic: Add support for serverinfo::hidden
- unreal: Add support for extbans.
- unreal: Add cmode +P for permanent channel.

buildsys
--------
- MacOS 10.5 required for OS X builds.
- V=1 option to make for verbose output.
- Allow parallel building, i.e. with -j option.
- Dependencies tracked on a per-sourceunit basis
- Allow --disable-rpath to modify buildsys param LDFLAGS_RPATH
- Install default email templates
- Add --with(out)-libmowgli to force use of internal mowgli

chanserv
--------
- antiflood: New module to react to channel flooding
- quiet: Channel statuses are removed from the target user to ensure
  that the quiet takes effect.
- quiet: Allow unquieting improper masks on the quiet list.
- quiet: Notify target user when anything changes about them.
- quiet: Honor protected mode like with kick/kickban.
504 505 506
- quiet: Support IRCDs with quiet extbans like UnrealIRCd and InspIRCd.
- flags: New exempt flag +e, split from +r. Databases should be upgraded
  automatically.
507 508 509 510 511 512 513 514 515
- flags: Require FORCE argument and chan:auspex to oper override.
- flags: Allow users with +f and +o (+v) to set +-O (+-V) on self.
- access: Do not allow changing +F via ROLE command.
- Support multiple users as arguments for owner, op, halfop, voice,
  and quiet.

nickserv
--------
- sendpass: Accept grouped nicks.
516
- register: Allow any number of emailexempts.
517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538
- Do net send 'spam' notice if chanserv does not exist.
- Add confirmation for badmail:del
- listemail: Match on canonical addresses too
- info: Show setpass to services admins with user:auspex
- info_lastquit: New module to show last quit message in INFO
- resetpass: Allow specifying any grouped nickname.
- drop: Request confirmation when dropping an account.
- access: Allow TLDs
- Log sendpass sender and time
- Show entity ID in 'ACC' and 'INFO' commands.

groupserv
---------
- Restrict +f from +F-ing themselves
- Prevent +f-F from removing founders
- Prevent removing last founder of a group
- Make sure +F always have +f
- Notify users when they are invited to a group.

sasl
----
- Add ecdsa-nist256p-challenge mechanism
539
- Add dh-aes scheme, intended to replace dh-blowfish.
540 541 542 543
- Disable reload capability on all modules.

perl api
--------
Alex Iadicicco's avatar
Alex Iadicicco committed
544
- Add function to return entity ID
545 546 547 548 549 550 551 552 553 554 555 556
- Allow sending wallops
- Allow setting vhosts
- Allow transferring and dropping channels
- Change myuser_find to myuser_find_ext to allow lookups by UID.
- Add config.xs to retrieve config values from the Perl API
- Add functions to channel.xs to register a channel and to retrieve a
  limit, key, and ts.
- Allow channelregistration.xs to get/set flags and get used time
- Add registration and last seen time in account.xs

email
-----
557
- Put the network name in the subject field of outgoing emails.
558 559 560 561 562 563 564 565 566 567
- Add a module canonicalizing gmail addresses.
- Use canonical email addresses when checking for registration limits.

libathemecore
-------------
- Allow different send and receive passwords for uplinks
- Respect founder_flags config setting during channel succession
- Denote default crypt provider in version output.
- Include reason with kline expiration messages.
- Allow customization of the address for email from services.
568
- Add option to kline user@host instead of *@host
569 570 571 572 573 574
- Add qrcode API

botserv
-------
- Blacklist '/' from various fields.
- Monkeypatch notice() to rewrite source from chanserv to botserv.
575 576 577 578 579 580 581

crypto
------
- Rename 'fallback' crypt provider to 'plaintext'
- Allow crypto modules to be loaded and the database to be updated to
  the preferred crypto scheme on the fly.
- pbkdf2: New module implementing PBKDF2-HMAC digest scheme.
582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601

misc
----
- xmlrpc: Add metadata accessor
- security/cmdperm: New module which dynamically infers virtual
  permissions, such as command:chanserv:register
- alis: Strip mIRC color/control codes from topics.
- operserv/clones: Add option to give a few warning kills before applying
  a k-line
- Codebase is stringref clean (GitHub issue #60)
- memoserv/delete: Only accept numeric indexes.
- chanfix: Allow admins with chan:admin to register regardless of
  chanfix score.
- memoserv: Make inbox size customizable.
- Add dragon, a new, modular, ircd link performance benchmarking toolkit.
- Flood k-lines use IP address where available instead of hostname.
- Add !snotices and !wallops logging targets.
- Record vHost assigner and timestamp, and display in NS INFO output.
- Contrib modules have their own git repo.
- Add a git .mailmap
602
- gameserv/dice: Ensure loop paramaters are integers limited to 1000
603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621

atheme.conf
-----------
Be sure to check atheme.conf.example for more information on what each
of these settings does.
- Add 'registeremail' setting to serverinfo{}, specifying address that
  services emails should originate from.
- Add 'hidden' setting to serverinfo{}, specifying that the services server
  should be hidden in /links output (limited to some ircds).
- Split 'password' setting in uplink{} into 'send_password' and
  'receive_password' (optional).
- Move 'maxnicks' setting from serverinfo{} to nickserv{}
- Move 'maxchans' setting from serverinfo{} to chanserv{}
- Add 'antiflood_enforce_method' to chanserv{} for chanserv/antiflood
- Add 'maxmemos' setting to memoserv{}
- Add !snotices and !wallops logfiles
- Add 'permissive_mode' setting to general{}, specifying manner of
  command denials.
- Add 'kline_with_ident' and 'kline_verified_ident' to general{}
622
- Add 'binddn' and 'bindauth' conf items to ldap{}
623 624
- Document "user" operclass.

JD Horelick's avatar
JD Horelick committed
625 626 627 628
Atheme Services 7.0 Release Notes
=================================
All bugfixes from the 6.0 branch of Atheme are also in 7.0.

William Pitcock's avatar
William Pitcock committed
629
dbverify
Alyx's avatar
Alyx committed
630
--------
William Pitcock's avatar
William Pitcock committed
631 632 633 634 635 636
- New utility.  Performs extensive and complicated consistency checks
  on your OpenSEX object store.  It can find things like:
  - corrupt AKICK entries (AKICKs with other flags/metadata that shouldn't be there);
  - duplicate channel ACL entries;
  - entity ID collisions
  It can find other stuff too, and will be expanded upon in the future.
Alyx's avatar
Alyx committed
637 638
  Think of it like a `fsck(1)` for your object store.

JD Horelick's avatar
JD Horelick committed
639
ircd protocol
Alyx's avatar
Alyx committed
640
-------------
JD Horelick's avatar
JD Horelick committed
641 642
- bahamut: add experimental support for bahamut-2.0 NICKIPSTR 
  capability.
JD Horelick's avatar
JD Horelick committed
643 644 645
- charybdis: Add support for locking of modes provided by
  extensions modules.
- unreal: Add support for changets.
JD Horelick's avatar
JD Horelick committed
646
- inspircd: Add support for locking the +H channel mode.
William Pitcock's avatar
William Pitcock committed
647
- ithildin, bircd, plexus and ptlink protocol modules removed.
648 649
- inspircd: Users are now warned when they attempt to link on a client
  port instead of a server port.
JD Horelick's avatar
JD Horelick committed
650 651
- unreal: Add SASL support.
- unreal: Implement full support for mlocking +f.
Alyx's avatar
Alyx committed
652

William Pitcock's avatar
William Pitcock committed
653
chanfix
Alyx's avatar
Alyx committed
654
-------
William Pitcock's avatar
William Pitcock committed
655
- New service. Similar to EFNet's chanfix service.
Alyx's avatar
Alyx committed
656

JD Horelick's avatar
JD Horelick committed
657
chanserv
Alyx's avatar
Alyx committed
658
--------
JD Horelick's avatar
JD Horelick committed
659 660 661 662 663 664 665 666 667 668 669
- sync: New module based on cs_sync from contrib. Adds autosync on
  ACL change (and the ability to turn it off).
- channel entrymsgs are now displayed in INFO.
- akick: Support added for timed AKICKs.
- ban, quiet and akick: Atheme now fills in the parts of a hostmask
  that are missing with these commands.
- access: Various cleanups.
- cs_access_alias: New contrib module. Allows level-style pseudo
  access lists.
- clone: New module allowing you to clone a channel's access list,
  flags and metadata to a new channel.
JD Horelick's avatar
JD Horelick committed
670 671 672
- cs_badwords: New contrib module. Allows channel staff to specify a
  badwords list for a channel and what action to take when a user
  says one of the words in the channel.
William Pitcock's avatar
William Pitcock committed
673 674 675 676
- moderate: New module allowing operators with PRIV_CHAN_ADMIN to moderate
  channel registrations.  This is especially useful in combination with
  chanfix.  It is also useful in maintaining a standard of content correctness
  for specialized chat systems.
Alyx's avatar
Alyx committed
677

678
exttarget
Alyx's avatar
Alyx committed
679
---------
680 681 682 683 684 685 686
- exttarget/main: a new framework has been added which extends the
  entity subsystem further, allowing for entities to be dynamically
  constructed with the purpose of matching against any kind of user
  or account attribute in channel access lists.  these targets can
  take optional parameters.
- exttarget/oper: $oper extended target added.  this target allows you
  to match against all opers on the network in channel access lists. 
William Pitcock's avatar
William Pitcock committed
687 688 689 690
- exttarget/registered: $registered extended target added.  this target
  matches anyone who is logged into services.
- exttarget/channel: $channel extended target added.  this target allows
  you to match anyone who is on a channel.
Alyx's avatar
Alyx committed
691

JD Horelick's avatar
JD Horelick committed
692
groupserv
Alyx's avatar
Alyx committed
693
---------
JD Horelick's avatar
JD Horelick committed
694 695 696 697 698 699 700 701 702
- all groupserv commands are now modules. Your atheme.conf will need
  to be updated for this change if you use groupserv.
- add join_flags config option and SET JOINFLAGS command. These allow
  changing the group flags a new user will get upon JOINing the group.
- add the +b (ban) flag. This prevents accounts matching it from JOINing
  the group.
- fflags: New command. Allows services operators to force a flags change
  on a group they they do not have access to.
- list: Allow refining the list with a pattern.
JD Horelick's avatar
JD Horelick committed
703 704
- listchans: New command. Allows group members with the +c flag to see all
  channels that group has access in.
William Pitcock's avatar
William Pitcock committed
705 706
- honor user:regnolimit permission in relation to the maximum number of groups
  a user may register. (SRV-125)
Alyx's avatar
Alyx committed
707

JD Horelick's avatar
JD Horelick committed
708
gameserv
Alyx's avatar
Alyx committed
709
--------
JD Horelick's avatar
JD Horelick committed
710 711 712 713 714
- many refactorings
- calc: new command. Allows doing basic math with GameServ.
- gs_roulette: New contrib module. A game of Russian Roulette.
- lottery: New module that randomly chooses one user out of the channel
  members.
JD Horelick's avatar
JD Horelick committed
715
- happyfarm: New (skeleton) module that's a game like FarmVille! But on IRC!
Alyx's avatar
Alyx committed
716

JD Horelick's avatar
JD Horelick committed
717
hostserv
Alyx's avatar
Alyx committed
718
--------
JD Horelick's avatar
JD Horelick committed
719
- added a new host_request hook to catch and do other things with host requests.
720 721
- reject: Add a optional reason parameter that will be memoed to the user with the
  rejection notice.
Alyx's avatar
Alyx committed
722

JD Horelick's avatar
JD Horelick committed
723
memoserv
Alyx's avatar
Alyx committed
724
--------
JD Horelick's avatar
JD Horelick committed
725 726
- ms_fsend: new contrib module. Allows sopers to override a target user being
  set NOMEMO or having the source user on ignore.
Alyx's avatar
Alyx committed
727

JD Horelick's avatar
JD Horelick committed
728
nickserv
Alyx's avatar
Alyx committed
729
--------
JD Horelick's avatar
JD Horelick committed
730 731 732 733 734 735 736 737 738 739 740 741 742 743 744
- restrict: New module that allows services opers to stop users from using
  commands that can be abused (hostserv/request, hostserv/take,
  groupserv/register, etc)
- emailexempts: New config option. Lets you specify email addresses that have
  no limit to the number of accounts they can have registered.
- when logging into a new account, users are informed that they will be logged
  out of their old account.
- when doing RELEASE or REGAIN against a user logged into an account, log
  them out of the account.
- old Atheme-1.x-style external logout implemented. Allows logging another user
  logged into your account out remotely.
- listgroups: New module that shows you which groups you have access in.
- nevergroup: New module that prevents anyone giving you access to a group.
- badmail: New module which allows setting email addresses (or glob patterns)
  which are not allowed to register accounts on-the-fly.
JD Horelick's avatar
JD Horelick committed
745 746
- nickserv now allows passwords longer than 32 characters if the database is 
  being hashed.
JD Horelick's avatar
JD Horelick committed
747 748 749
- subscribe: Removed as it had many flaws and no one used it.
- ns_cleannick: new contrib module. Forces a nick change on a user if their nick is
  'lame' using case normalisation.
Alyx's avatar
Alyx committed
750

JD Horelick's avatar
JD Horelick committed
751
operserv
Alyx's avatar
Alyx committed
752
--------
JD Horelick's avatar
JD Horelick committed
753 754 755
- emailexempts and autokline exempts are now shown in INFO.
- modreload now rehashes the config if the module requires it and reloads modules
  that depend on the specified module.
JD Horelick's avatar
JD Horelick committed
756 757 758
- clones: Many cleanups.
- clones: Added an option to variable increase the clone limit if a users' clones
  are identified.
JD Horelick's avatar
JD Horelick committed
759
- soper: Allow adding a new SOPER with a password (optional, of course).
JD Horelick's avatar
JD Horelick committed
760
- set: Adds the ability to temporarily modify some config options on-the-fly.
JD Horelick's avatar
JD Horelick committed
761 762 763 764 765 766
- info: Add a new hooks so modules that add config options can also add lines to
  the operserv/info output.
- os_modeall: New contrib module. Allows setting a given mode on all channels.
- os_joinmon: New contrib module. Facilitates monitoring certain users and when
  a monitored user joins a channel, that information will be sent to the services
  log channel.
JD Horelick's avatar
JD Horelick committed
767
- os_resolve: New contrib module for testing the asynchronous DNS resolver.
William Pitcock's avatar
William Pitcock committed
768
- the RWATCH database is now serialized as opensex entities.
William Pitcock's avatar
William Pitcock committed
769 770
- specs: add support for groupserv-related permissions and clarify meanings of
  the various 'auspex' privileges. (SRV-125)
Alyx's avatar
Alyx committed
771

JD Horelick's avatar
JD Horelick committed
772
proxyscan
Alyx's avatar
Alyx committed
773
---------
JD Horelick's avatar
JD Horelick committed
774
- New service. Currently implements only a DNSBL scanning module.
Alyx's avatar
Alyx committed
775

JD Horelick's avatar
JD Horelick committed
776
rpgserv
Alyx's avatar
Alyx committed
777
-------
JD Horelick's avatar
JD Horelick committed
778
- New service. For finding and joining RP games on an IRC network.
Alyx's avatar
Alyx committed
779

JD Horelick's avatar
JD Horelick committed
780
scripting
Alyx's avatar
Alyx committed
781
---------
JD Horelick's avatar
JD Horelick committed
782 783 784
- Support for scripting Atheme in Perl added. Perl scripts are loaded with
  OperServ MODLOAD just like modules. Still in alpha. Add the --with-perl configure 
  switch to enable it. POD-style documentation for the perl API is in doc/perl/.
Alyx's avatar
Alyx committed
785

JD Horelick's avatar
JD Horelick committed
786
statserv
Alyx's avatar
Alyx committed
787
--------
JD Horelick's avatar
JD Horelick committed
788
- New service. For querying for statistics about the network.
Alyx's avatar
Alyx committed
789

JD Horelick's avatar
JD Horelick committed
790
xmlrpc
Alyx's avatar
Alyx committed
791
------
JD Horelick's avatar
JD Horelick committed
792 793 794
- moved to transport/xmlrpc . Your atheme.conf will need to be updated for this
  change if you use xmlrpc.
- bad_password() is now called on invalid XMLRPC logins.
Alyx's avatar
Alyx committed
795

JD Horelick's avatar
JD Horelick committed
796
code
Alyx's avatar
Alyx committed
797
----
William Pitcock's avatar
William Pitcock committed
798
- libmowgli-2 is now required instead of libmowgli.
JD Horelick's avatar
JD Horelick committed
799 800 801 802 803 804 805 806 807 808 809 810 811
- a bit of the signal code and linker code was converted to use the mowgli
  implementations.
- charybdis' asynchronous DNS resolver added.
- mowgli.global_storage can now be used to make a module's data persistent on
  module reload. It is currently only used in GroupServ.
- many assertions added in various places throughout the code.
- added a new AC_AUTHENTICATED pseudo-priv to replace many identical checks if
  a user is logged in throughout the code.
- irc parse/uplink state has been made modular.
- atheme core has been changed to build as a library.
- all the old SNOOP channel code has been removed. SNOOP has been deprecated since
  5.1 and gone since 5.2.
- MODULE_USE_SYMBOL() was removed in favour of MODULE_TRY_REQUEST_SYMBOL().
JD Horelick's avatar
JD Horelick committed
812
- most service-specific (config file) code split out from the core.
JD Horelick's avatar
JD Horelick committed
813
- configuration-defined usernames are now truncated at USERLEN (10 characters).
JD Horelick's avatar
JD Horelick committed
814
- UID generation split out from the core.
JD Horelick's avatar
JD Horelick committed
815 816
- module_load can now be hooked into. This is particularly useful for scripting
  modules.
William Pitcock's avatar
William Pitcock committed
817 818
- entities now have unique IDs.  unique IDs may be referenced in all XMLRPC and
  IRC commands.
William Pitcock's avatar
William Pitcock committed
819 820
- strlcpy()/strlcat() have been replaced with mowgli implementations.
- atheme.string has been replaced with mowgli.string.
William Pitcock's avatar
William Pitcock committed
821 822 823 824
- add new hook_channel_acl_req_t structure for channel_acl_change hook, which is
  intended to describe ACL changes more effectively.
- call shutdown(2) on sockets being closed to help some TCP stacks be more aggressive
  when closing sockets.
William Pitcock's avatar
William Pitcock committed
825
- use mowgli_eventloop_pollable instead of old eventloop code.
826
- Windows is now supported.
Alyx's avatar
Alyx committed
827

JD Horelick's avatar
JD Horelick committed
828
other
Alyx's avatar
Alyx committed
829
-----
William Pitcock's avatar
William Pitcock committed
830 831 832
- ensure buffers passed to strftime() are large enough to fit the entire string.
  strftime() is not really required to behave in any specific way in the event of
  buffer overflow.
JD Horelick's avatar
JD Horelick committed
833 834 835 836 837
- ircd_announceserv: New contrib service. This allows users to request network
  announcements (which sopers must approve before they're sent).
- an access {} config block was added allowing rewriting of command privs.
  If specified, the user must match the original priv and the rewritten priv.
- allow Atheme datadir to be specified on the command-line when starting.
JD Horelick's avatar
JD Horelick committed
838
- many improvements to the LDAP authentication module.
JD Horelick's avatar
JD Horelick committed
839 840
- general::immune_level config option added. This allows customising the operlevel
  that gets kick immunity privileges.
JD Horelick's avatar
JD Horelick committed
841 842 843
- DNS Blacklist scanning module added. This module will scan connecting users
  against a list of DNS blacklists and take action if the users' IP is in one
  of the blacklists. This module is mainly managed through operserv.
JD Horelick's avatar
JD Horelick committed
844 845
- allow SASL authentication for any nick linked to the account, not just the
  accountname.
JD Horelick's avatar
JD Horelick committed
846

JD Horelick's avatar
JD Horelick committed
847 848 849 850
Atheme Services 6.0 Release Notes
=================================
All bugfixes from the 5.2 branch of Atheme are also in 6.0.

JD Horelick's avatar
JD Horelick committed
851
ircd protocol
Alyx's avatar
Alyx committed
852
-------------
JD Horelick's avatar
JD Horelick committed
853 854 855 856
- inspircd: Support for owner, halfops and admin are now dynamically
  enabled by what modes exist instead of being enabled by what modules
  you have loaded in inspircd.
- support for InspIRCd 1.1, OfficeIRC and UltimateIRCd 3 has been removed.
Alyx's avatar
Alyx committed
857

JD Horelick's avatar
JD Horelick committed
858
opensex
Alyx's avatar
Alyx committed
859
-------
JD Horelick's avatar
JD Horelick committed
860 861 862
- opensex is now the required database format. All flatfile will do is
  convert your flatfile database to opensex and exit.
- converted many modules that use external databases to using opensex.
Alyx's avatar
Alyx committed
863

William Pitcock's avatar
William Pitcock committed
864
chanserv
Alyx's avatar
Alyx committed
865
--------
866 867
- new module: chanserv/access.  this adds role-based channel acl via the
  ACCESS and ROLE commands.
868 869
- new module: chanserv/successor_acl.  this adds a +S channel acl flag which
  will weight a user as a successor.
William Pitcock's avatar
William Pitcock committed
870 871
- modules may now override the succession process using the new
  channel_pick_successor hook.
JD Horelick's avatar
JD Horelick committed
872 873 874 875 876 877
- chanserv/list: Enhance by adding many possible criteria to match channels
  against.
- new set_prefix module. This module allows channels to define a channel-specific 
  fantasy prefix. The channel-specific prefix is displayed in the INFO for the
  channel. This is particularly useful if the channel uses an external bot that
  conflicts with the services default fantasy prefix.
JD Horelick's avatar
JD Horelick committed
878 879
- new clear_flags module. This allows founders to remove all entries from the
  channel access list except other founders.
Alyx's avatar
Alyx committed
880

William Pitcock's avatar
William Pitcock committed
881
groupserv
Alyx's avatar
Alyx committed
882
---------
William Pitcock's avatar
William Pitcock committed
883 884
- new service that allows users to form groups of accounts and apply the
  same ACL entries to them, send memos to them and other features.
Alyx's avatar
Alyx committed
885

JD Horelick's avatar
JD Horelick committed
886
helpserv
Alyx's avatar
Alyx committed
887
--------
888 889 890
- new service that allows users to request oper help in different ways.
  Currently either via a ticket system or by "pinging" the opers with a
  request for help.
Alyx's avatar
Alyx committed
891

JD Horelick's avatar
JD Horelick committed
892
hostserv
Alyx's avatar
Alyx committed
893
--------
JD Horelick's avatar
JD Horelick committed
894 895
- allow activating or rejecting all waiting vhosts by using '*' instead of
  a nick.
JD Horelick's avatar
JD Horelick committed
896
infoserv
Alyx's avatar
Alyx committed
897
--------
898 899 900 901
- oper-only message support. You can now give messages an importance where
  they will only be sent to opers upon oper-up.
- in infoserv message subjects, underscores will now be replaced with spaces
  so you can have multi-word subjects.
JD Horelick's avatar
JD Horelick committed
902
- allow customizing the number of infoserv messages shown to users on connect.
Alyx's avatar
Alyx committed
903

JD Horelick's avatar
JD Horelick committed
904
nickserv
Alyx's avatar
Alyx committed
905
--------
JD Horelick's avatar
JD Horelick committed
906 907
- new contrib module, ns_waitreg that allows you to specify how long a user must
  be connected before they can register a nick.
JD Horelick's avatar
JD Horelick committed
908 909 910
- new regnolimit module. Allows opers to set users as able to be exempt from channel
  registration limits. (how many channels may be registered to one account)
- nickserv/list: Enhance by adding many possible criteria to match users against.
Alyx's avatar
Alyx committed
911

JD Horelick's avatar
JD Horelick committed
912
operserv
Alyx's avatar
Alyx committed
913
--------
JD Horelick's avatar
JD Horelick committed
914
- new readonly module. This allows changing the readonly state at runtime.
Alyx's avatar
Alyx committed
915

JD Horelick's avatar
JD Horelick committed
916
xmlrpc
Alyx's avatar
Alyx committed
917
------
918 919 920
- the legacy xmlrpc/account, xmlrpc/channel and xmlrpc/memo modules have been
  removed. These have been deprecated for over 4 years and you should be
  using xmlrpc/main and atheme.command for all your xmlrpc uses.
William Pitcock's avatar
William Pitcock committed
921 922 923
- the xmlrpc core has been rewritten a little bit to use mowgli's patricia tree
  code.  this should bring a performance improvement over the hashtable code it
  was using.
JD Horelick's avatar
JD Horelick committed
924
- xmlrpc has been completely moved out of core
JD Horelick's avatar
JD Horelick committed
925
- a new command, atheme.privset has been added to get the soper privs of a user.
Alyx's avatar
Alyx committed
926

JD Horelick's avatar
JD Horelick committed
927
code
Alyx's avatar
Alyx committed
928
----
JD Horelick's avatar
JD Horelick committed
929 930 931
- default values in config options are now supported. This is particularly
  useful in modules and cleans up the config code a bit.
- many bugfixes and compile warning fixes.
932 933
- the flags code has been cleaned up to assume that there is only one flags
  table.
William Pitcock's avatar
William Pitcock committed
934
- the flags code is now extendable by modules.
William Pitcock's avatar
William Pitcock committed
935
- mychan_pick_candidate() is now in the public API.
William Pitcock's avatar
William Pitcock committed
936 937
- the core now lives in an ipv6 world.  it's 2010 - if your operating system
  doesn't support ipv6 - you suck.
William Pitcock's avatar
William Pitcock committed
938 939 940 941 942 943 944
- ctcp handling has been rewritten.
- new easter egg.
- the shrike hash function (shash()) has been removed as there was no longer
  anything using it.
- the "symbolmatrix" code was removed because we went with a different solution
  instead long ago.
- myuser_t is now a child of myentity_t which describes an entity that can have
William Pitcock's avatar
William Pitcock committed
945
  channel membership.
William Pitcock's avatar
William Pitcock committed
946 947
- list_t/node_t have been removed in preference of mowgli.list.
- balloc has been removed in preference of mowgli.heap.
Alyx's avatar
Alyx committed
948

JD Horelick's avatar
JD Horelick committed
949
other
Alyx's avatar
Alyx committed
950
-----
JD Horelick's avatar
JD Horelick committed
951
- added an anope 1.9.2 flatfile DB to OpenSEX DB conversion script.
952 953 954
- mail sending has been changed, likely causing serverinfo::mta scripts to
  break. The command is now passed "-t" rather than the email address and
  the shell is no longer used.
William Pitcock's avatar
William Pitcock committed
955
- the SDK hg revision of modules in now shown in MODINSPECT.
JD Horelick's avatar
JD Horelick committed
956

957 958
Atheme Services 5.2 Release Notes
=================================
959 960 961 962
Note: We are looking for additional developers to help with maintenance of
Services.  After almost 7 years of development, many of the programmers have
moved on.

963
ircd protocol
Alyx's avatar
Alyx committed
964
-------------
965
- inspircd: track channelmodes +D (delayjoin) and +d (delaymsg).
Alyx's avatar
Alyx committed
966

967
chanserv
Alyx's avatar
Alyx committed
968
--------
969 970
- split out SET into seperate modules for each SET command. chanserv/set
  is now a "meta-module" that depends on all the set_* modules.
Alyx's avatar
Alyx committed
971

972
hostserv
Alyx's avatar
Alyx committed
973
--------
974 975 976
- added OFFER module that allows opers to offer vhosts to users.
- made the request system (specifically the ACTIVATE command) not send
  a memo to the user.
Alyx's avatar
Alyx committed
977

978
infoserv
Alyx's avatar
Alyx committed
979
--------
980 981
- new service. infoserv allows opers to send notices to users when they
  connect or at the time of running the command (like Global).
Alyx's avatar
Alyx committed
982

983
nickserv
Alyx's avatar
Alyx committed
984
--------
985 986 987 988 989 990 991
- split out SET into seperate modules for each SET command. nickserv/set
  is now a "meta-module" that depends on all the set_* modules.
- added cracklib module that checks users' passwords on REGISTER and lets
  them know if the password is secure or not. You can have it just warn
  the user or disallow them from registering with a configuration option.
- added ns_generatehash contrib module to generate a password hash for
  a soper if you have crypto enabled.
992 993
- removed ns_ratelimitreg contrib modules as its functionality is now in
  core.
Alyx's avatar
Alyx committed
994

995
operserv
Alyx's avatar
Alyx committed
996
--------
997
- added expiry time to clone exempt
Alyx's avatar
Alyx committed
998

999
code
Alyx's avatar
Alyx committed
1000
----
1001 1002 1003 1004 1005
- replace the atheme-services build system with the ACBS used by many other 
  Atheme projects.
- rework the colour and special character stripping for xmlrpc.
- remove snoop(). any modules still using snoop() will fail to compile on
  atheme 5.2. please replace it in your code with logcommand() or slog().
Alyx's avatar
Alyx committed
1006

1007
other
Alyx's avatar
Alyx committed
1008
-----
1009
- ircservtoatheme: generally make a bit more robust.
1010 1011
- added ratelimiting support to hostserv/request, chanserv/register and
  nickserv/register.