[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
+sd9 irc2.10.3p3 patch announcement
- To: ircd-users@xxxxxxx
- Subject: +sd9 irc2.10.3p3 patch announcement
- From: sd@xxxxxxxxxxx
- Date: Fri, 7 Mar 2003 14:55:09 +0100
- Delivered-to: ircd-users-out@irc.org
- Delivered-to: ircd-users@irc.org
- User-agent: Mutt/1.4i
hello there to who's interested,
so +sd8 shown that it's full bugs, so i fixed some of them, and implement
some new (within new features)
http://irc.hysteria.sk/patches/irc2.10.3p3+sd9.diff
again, do not use on "productive" servers please.
enjoy!
new in +sd9 patch
=================
- I/O/K line-ing on real-ip basis should work now
- introduced S and C i-line flags which matches SSL and/or cert users.
next field after flags can be specified notice which to be send
to user matching this i-line (e.g. notices to ssl/non-ssl users)
- format of X: line changed slightly:
X:/path/to/servercert.pem:/path/to/serverkey.pem:/path/to/cacert.pem
- ':' can be quoted in ircd.conf by using '\\:' sequence (ripped from 2.11)
- fixed juping of recovered nick from nick collision, nick
cannot be reused (and make another collision) for nickdelay time
now.
- fixed bug with stunnel which can connect one time, but not
again then - session cache disabled.
- implemented network certificate revocation mechanism.
*ONE* server could be configured as revoke master
(in config.h) which will broadcast certified users revoke list
to all servers when they connect (or list is changed).
- this is INCOMPATIBLE with +sd8 and servers will not link!
- ssl servers connections is verified, certificates for servers
is MANDATORY now.
- fixed off-by-one overflow with long idents when putting dot
for ssl users leading to their u@h become u@h@h (strange!)
thx to zap-zero.
- fixed joining of non-cert users to +c channel with +C *NO-CERT* set :)
+C * mode can be specified to let any certified user into +c chan.
- ipv6 stuff should work all ok
- introduced +R chanmode for reopping people when channel
- NOOPDELAY
this one is similiar to BETTER_CDELAY, difference is in that
it will take place *after* chandelay (DELAYCHASETIMELIMIT -
30 minutes by default) - to maintain backward compatibility
with older servers. during NOOPDELAY time people will be able to "create"
channel but *will not* get channel operator status.
this will also enable unsetting of noopdelay/chandelay when
anyone with +o join (more user friendly for short but often netsplits)
by default it's 2 hours, set it to some more fascist value, if you like.
- NO_CHANDELAY:
this *must* be set on *all* servers if you want use it.
it will disable use of channel delay at all.
it will also enable saving/enforcing of channel modes, topic etc
on empty channels. only NOOPDELAY will have effect
(make it even more fascist ! :)
note that this have nothing to do with nick delays.
features of +sd8 patch
======================
- USE_SSL, allow/force users and servers to connect using ssl
- CERT_ILINES, client ssl certificate user authorization, OU=certuser,
CN=<username> <virtualhost>, authorize users on their cert's
signed by our CAroot, they'll get special hostname and
certificated username will be shown as:
Realname: [user] real_realname
* CERTCHAN, +c channels, for certified users - when +c is chanmode
set, list of +C modes specifies which certified users can join.
this allows creation of completely private channels.
NOTE THAT THIS WILL NOT WORK ON NET WITH SERVERS NOT UNDERSTANDING
+c/+C modes!
- RECOVER, anti-nick collision protection, reintroduces
nick-collided user back to net, user see only nickname change.
- SPOOF, allow spoofing/md5masking of hostnames, removes
ircd's idea about their IP (privacy ensured)
* NAMECHANGE_HACK, allow on-the-fly server host-name change
(use with *care*)
- CAN_FLOOD, specified users (in iline flags or opers) will not
get penalty from server when flooding.
- soper patch
--
_ __/|
\'X.X' irc://sd@xxxxxxxxxxxxxxx
=(___)= http://hysteria.sk/sd
U