The charybdis team is proud to announce the charybdis 3.5 release series.
The charybdis 3.5.0 release can be downloaded via:
What’s new in Charybdis 3.5?
- Fix propagation of ip_cloaking hostname changes (only when setting or unsetting the umode after connection).
- Fix a remote-triggerable crash triggered by the CAPAB parsing code.
- As per the TS6 spec, require QS and ENCAP capabilities.
- Require EX and IE capabilities (+e and +I cmodes).
- Check that UIDs start with the server’s SID.
- Allow mode queries on mlocked modes. In particular, allow /mode #channel f to query the forward channel even if +f is mlocked.
- Strip colours from channel topics in /list.
- If umode +D or +g are oper-only, don’t advertise them in 005.
- If MONITOR is not enabled, don’t advertise it in 005.
- Add starttls as per ircv3.
- Abort a whowas listing when it would exceed SendQ, which would previously disconnect the user.
- Reject nicks with ‘~’ in them, rather than truncating at the ‘~’.
- Remove CHARSET=ascii from ISUPPORT
- Use the normal rules for IP visibility in /whowas.
- Cmode +c now strips ‘\x0F’ (^O, formatting off), fixing weird rendering in some clients that internally use mIRC formatting such as highlighted messages in HexChat.
- Indicate join failure because of the chm_sslonly extension (cmode +S) using the same 480 numeric as ircd-ratbox.
- Do not allow SASL authentication when the configured SASL agent is unavailable.
- Automatically add unidentified users to the ACCEPT list when a user is set +R, as we do when the user is set +g.
- Implement IRCv3.2 capabilities:
Implement the $&, $ and $m extban types:
- $& combines 1 or more child extbans as an AND expression
$ combines 1 or more child extbans as an OR expression
- $m provides normal hostmask matching as an extban for the above
- Do not allow STARTTLS if a connection is already using TLS.
- Display an operator’s privilege set in WHOIS.
- The $o extban now matches against privilege set names as well as individual privileges. Privilege set names are preferred over individual privileges.
- Fix a crash with /testline.
- Complain to opers if a server that isn’t a service tries to SU/RSFNC/NICKDELAY/SVSLOGIN.
- Turn off umode +p (override) when deopering.
- Make listener error messages (e.g. port already in use) visible by default instead of only on snomask +d and in ioerrorlog.
- Remove snotes on +r about GET/PUT/POST commands (“HTTP Proxy disconnected”).
- Add DNSBL snotes on snomask +r.
- Add hide_uncommon_channels extension to hide uncommon channel memberships in WHOIS, like in ircd-seven.
- Add chm_nonotice extension, cmode +T to reject notices.
- Add restrict-unauthenticated extension, prevents unauthenticated users from doing anything as channel operator.
- Add no_kill_services extension, prevents local opers from killing services.
- Allow matching specific replies of DNSBLs, using the new matches option.
- Remove blowfish crypt since it has the BSD advertising clause.
- Fix SHA256 ($5$) crypt.
- Make the channel::channel_target_change option actually work (it used to be always on).
- SSL/TLS listeners now have defer_accept unconditionally enabled on them.
- The method used for certificate fingerprints (CertFP) is now configurable. SHA1, SHA256 and SHA512 are available options.
- The minimum user threshold for channels in default /list output is now configurable.
- Work around timerfd/signalfd brokenness on OpenVZ.
- Fix a compilation issue in libratbox/src/sigio.c with recent glibc.
- Extend documentation slightly.
- Remove a BSD advertising clause that permission was granted to remove.
- Add support for hooking PRIVMSG/NOTICE.
- Reenable and fix the GnuTLS support.
- Add mbedTLS backend for SSL/TLS.
- Remove EGD support.
- Try other DNS servers if errors or corrupt replies are encountered.
- Rename genssl.sh script to genssl.
- Choose more secure SSL/TLS algorithms.
- Fix reconnecting with SSL/TLS with some clients such as ChatZilla (see https://bugzilla.mozilla.org/show_bug.cgi?id=858394#c34 for details.)
- Improve error messages about the configuration file.
- Fix a crash when compiled with recent clang on 32-bit systems.
- Fix various memory leaks in rehash.
- Fix various code quality issues.
- Add –with-shared-sqlite to allow distribution packages to link to a shared sqlite library. Using this is not recommended for on-server compilation.
- ISUPPORT tokens which are actually provided by modules have been moved to their respective modules.