Hello All! ngIRCd 0.10.4 has been released, fixing a security bug which could cause the server to access invalid memory and to crash while handling specially crafted PART commands. All installations should be upgraded! <ftp://ftp.berlios.de/pub/ngircd/ngircd-0.10.4.tar.gz> <ftp://ngircd.barton.de/pub/ngircd/ngircd-0.10.4.tar.gz> The GnuPG signature and a patch from 0.10.3 is available and can be downloaded from here: <ftp://ngircd.barton.de/pub/ngircd/> <ftp://ngircd.berlios.de/pub/ngircd/> All the above and more information, bug tracker, and CVS web frontend can be found via the homepage of ngIRCd which is located here: <http://ngircd.barton.de/> <http://ngircd.berlios.de/> This release is tagged as "rel-0-10-4" in CVS. The fix for the above mentioned security bug is the only change since release 0.10.3. In addition, ngIRCd 0.11.0-pre2 has been released which fixes this bug as well. It can be obtained via the usual FTP servers listed above. Regards Alex
Does the 0.11.0-pre have the security fixes? Alexander Barton wrote:
Hello All!
ngIRCd 0.10.4 has been released, fixing a security bug which could cause the server to access invalid memory and to crash while handling specially crafted PART commands. All installations should be upgraded!
<ftp://ftp.berlios.de/pub/ngircd/ngircd-0.10.4.tar.gz> <ftp://ngircd.barton.de/pub/ngircd/ngircd-0.10.4.tar.gz>
The GnuPG signature and a patch from 0.10.3 is available and can be downloaded from here:
<ftp://ngircd.barton.de/pub/ngircd/> <ftp://ngircd.berlios.de/pub/ngircd/>
All the above and more information, bug tracker, and CVS web frontend can be found via the homepage of ngIRCd which is located here:
<http://ngircd.barton.de/> <http://ngircd.berlios.de/>
This release is tagged as "rel-0-10-4" in CVS.
The fix for the above mentioned security bug is the only change since release 0.10.3.
In addition, ngIRCd 0.11.0-pre2 has been released which fixes this bug as well. It can be obtained via the usual FTP servers listed above.
Regards Alex
------------------------------------------------------------------------
_______________________________________________ ngIRCd-ML mailing list ngIRCd-ML@Arthur.Ath.CX http://arthur.ath.cx/mailman/listinfo/ngircd-ml
-- -- Michael R. Belanger ____________________________________________________ CICLOPS/Space Science Institute --- - - __o 4750 Walnut St, Ste 205 -- _ \<,_ Boulder, CO 80301 (720) 974-5853 (_)/ (_) FAX (720) 974-5860 Join us on IRC: irc.ciclops.org port=6668 channel=#iss ---------------------------------------------------- "Nothing in life is to be feared, it is only to be understood. Now is the time to understand more, so that we may fear less." - Marie Curie
I just read the bottom :( So, I pulled the .11-pre2 and I noticed ssl support is not there.. Was that left out intentionally? Michael Belanger wrote:
Does the 0.11.0-pre have the security fixes?
Alexander Barton wrote:
Hello All!
ngIRCd 0.10.4 has been released, fixing a security bug which could cause the server to access invalid memory and to crash while handling specially crafted PART commands. All installations should be upgraded!
<ftp://ftp.berlios.de/pub/ngircd/ngircd-0.10.4.tar.gz> <ftp://ngircd.barton.de/pub/ngircd/ngircd-0.10.4.tar.gz>
The GnuPG signature and a patch from 0.10.3 is available and can be downloaded from here:
<ftp://ngircd.barton.de/pub/ngircd/> <ftp://ngircd.berlios.de/pub/ngircd/>
All the above and more information, bug tracker, and CVS web frontend can be found via the homepage of ngIRCd which is located here:
<http://ngircd.barton.de/> <http://ngircd.berlios.de/>
This release is tagged as "rel-0-10-4" in CVS.
The fix for the above mentioned security bug is the only change since release 0.10.3.
In addition, ngIRCd 0.11.0-pre2 has been released which fixes this bug as well. It can be obtained via the usual FTP servers listed above.
Regards Alex
------------------------------------------------------------------------
_______________________________________________ ngIRCd-ML mailing list ngIRCd-ML@Arthur.Ath.CX http://arthur.ath.cx/mailman/listinfo/ngircd-ml
-- -- Michael R. Belanger ____________________________________________________ CICLOPS/Space Science Institute --- - - __o 4750 Walnut St, Ste 205 -- _ \<,_ Boulder, CO 80301 (720) 974-5853 (_)/ (_) FAX (720) 974-5860 Join us on IRC: irc.ciclops.org port=6668 channel=#iss ---------------------------------------------------- "Mathematics, rightly viewed, possesses not only truth, but supreme beauty - a beauty cold and austere, like that of sculpture." - Bertrand Russell
Michael Belanger <mrb@ciclops.org> wrote:
I just read the bottom :(
So, I pulled the .11-pre2 and I noticed ssl support is not there.. Was that left out intentionally?
Yes. I made a patch which should apply on top of -pre2: http://strlen.de/ngircd/ngircd-0.11.0-pre2-ssl.diff.bz2 Let me know when there are problems. -- Florian Westphal <fw@strlen.de> // http://www.strlen.de 1024D/F260502D 2005-10-20 Key fingerprint = 1C81 1AD5 EA8F 3047 7555 E8EE 5E2F DA6C F260 502D
Florian Westphal wrote:
Michael Belanger <mrb@ciclops.org> wrote:
I just read the bottom :(
So, I pulled the .11-pre2 and I noticed ssl support is not there.. Was that left out intentionally?
Yes. I made a patch which should apply on top of -pre2: http://strlen.de/ngircd/ngircd-0.11.0-pre2-ssl.diff.bz2
Let me know when there are problems.
tar zxvBf ngircd-0.11.0-pre2.tar.gz cd ngircd-0.11.0-pre2 patch -p1 < /tmp/ngircd-0.11.0-pre2-ssl.diff make distclean ./configure --with-tcp-wrappers --enable-sniffer --with-openssl make; make install added 'MaxNickLength = 20' to Global Section restarted ngircd Everything looks good! Thanks Florian! -Michael
Teilnehmer (3)
-
Alexander Barton -
Florian Westphal -
Michael Belanger