Hello All!
ngIRCd 0.10.4 has been released, fixing a security bug which could cause the server to access invalid memory and to crash while handling specially crafted PART commands. All installations should be upgraded!
ftp://ftp.berlios.de/pub/ngircd/ngircd-0.10.4.tar.gz ftp://ngircd.barton.de/pub/ngircd/ngircd-0.10.4.tar.gz
The GnuPG signature and a patch from 0.10.3 is available and can be downloaded from here:
ftp://ngircd.barton.de/pub/ngircd/ ftp://ngircd.berlios.de/pub/ngircd/
All the above and more information, bug tracker, and CVS web frontend can be found via the homepage of ngIRCd which is located here:
http://ngircd.barton.de/ http://ngircd.berlios.de/
This release is tagged as "rel-0-10-4" in CVS.
The fix for the above mentioned security bug is the only change since release 0.10.3.
In addition, ngIRCd 0.11.0-pre2 has been released which fixes this bug as well. It can be obtained via the usual FTP servers listed above.
Regards Alex
Does the 0.11.0-pre have the security fixes?
Alexander Barton wrote:
Hello All!
ngIRCd 0.10.4 has been released, fixing a security bug which could cause the server to access invalid memory and to crash while handling specially crafted PART commands. All installations should be upgraded!
ftp://ftp.berlios.de/pub/ngircd/ngircd-0.10.4.tar.gz ftp://ngircd.barton.de/pub/ngircd/ngircd-0.10.4.tar.gz
The GnuPG signature and a patch from 0.10.3 is available and can be downloaded from here:
ftp://ngircd.barton.de/pub/ngircd/ ftp://ngircd.berlios.de/pub/ngircd/
All the above and more information, bug tracker, and CVS web frontend can be found via the homepage of ngIRCd which is located here:
http://ngircd.barton.de/ http://ngircd.berlios.de/
This release is tagged as "rel-0-10-4" in CVS.
The fix for the above mentioned security bug is the only change since release 0.10.3.
In addition, ngIRCd 0.11.0-pre2 has been released which fixes this bug as well. It can be obtained via the usual FTP servers listed above.
Regards Alex
ngIRCd-ML mailing list ngIRCd-ML@Arthur.Ath.CX http://arthur.ath.cx/mailman/listinfo/ngircd-ml
I just read the bottom :(
So, I pulled the .11-pre2 and I noticed ssl support is not there.. Was that left out intentionally?
Michael Belanger wrote:
Does the 0.11.0-pre have the security fixes?
Alexander Barton wrote:
Hello All!
ngIRCd 0.10.4 has been released, fixing a security bug which could cause the server to access invalid memory and to crash while handling specially crafted PART commands. All installations should be upgraded!
ftp://ftp.berlios.de/pub/ngircd/ngircd-0.10.4.tar.gz ftp://ngircd.barton.de/pub/ngircd/ngircd-0.10.4.tar.gz
The GnuPG signature and a patch from 0.10.3 is available and can be downloaded from here:
ftp://ngircd.barton.de/pub/ngircd/ ftp://ngircd.berlios.de/pub/ngircd/
All the above and more information, bug tracker, and CVS web frontend can be found via the homepage of ngIRCd which is located here:
http://ngircd.barton.de/ http://ngircd.berlios.de/
This release is tagged as "rel-0-10-4" in CVS.
The fix for the above mentioned security bug is the only change since release 0.10.3.
In addition, ngIRCd 0.11.0-pre2 has been released which fixes this bug as well. It can be obtained via the usual FTP servers listed above.
Regards Alex
ngIRCd-ML mailing list ngIRCd-ML@Arthur.Ath.CX http://arthur.ath.cx/mailman/listinfo/ngircd-ml
Michael Belanger mrb@ciclops.org wrote:
I just read the bottom :(
So, I pulled the .11-pre2 and I noticed ssl support is not there.. Was that left out intentionally?
Yes. I made a patch which should apply on top of -pre2: http://strlen.de/ngircd/ngircd-0.11.0-pre2-ssl.diff.bz2
Let me know when there are problems.
Florian Westphal wrote:
Michael Belanger mrb@ciclops.org wrote:
I just read the bottom :(
So, I pulled the .11-pre2 and I noticed ssl support is not there.. Was that left out intentionally?
Yes. I made a patch which should apply on top of -pre2: http://strlen.de/ngircd/ngircd-0.11.0-pre2-ssl.diff.bz2
Let me know when there are problems.
tar zxvBf ngircd-0.11.0-pre2.tar.gz
cd ngircd-0.11.0-pre2
patch -p1 < /tmp/ngircd-0.11.0-pre2-ssl.diff
make distclean
./configure --with-tcp-wrappers --enable-sniffer --with-openssl
make; make install
added 'MaxNickLength = 20' to Global Section
restarted ngircd
Everything looks good! Thanks Florian!
-Michael
Michael Belanger mrb@ciclops.org wrote:
Does the 0.11.0-pre have the security fixes?
No, -pre1 only has the IRC_JOIN bugfix from the 0.10.3 release.
-
Alexander Barton -
Florian Westphal -
Michael Belanger