[ngIRCd-ML] ngIRCd Release 14.1

Alexander Barton alex at barton.de
Wed May 6 11:41:01 CEST 2009


Hi all!

Florian Westphal found a serious bug in ngIRCd release 14 which  
affects all servers compiled with SSL-support linked in, whereas it is  
irrelevant whether SSL support is actually in use or not. This bug is  
remotely triggerable and causes the daemon to crash (DoS).

So EVERYBODY using ngIRCd release 13 or 14 with SSL-support linked in  
SHOULD UPGRADE to nIRCcd release 14.1 as soon as possible!

You can use the "ngircd --version" command to check the options your  
daemon provides: if it lists "SSL", you are affected! (e. g. "ngircd  
14.1-SYSLOG+ZLIB+SSL+IRCPLUS+IPv6-i386/apple/darwin9.6" is affected)

The full changelog lists (since release 14):

- Security: fix remotely triggerable crash in SSL/TLS code.
- BSD start script contrib/ngircd.sh has been renamed to ngircd-bsd.sh.
- New start/stop script for RedHat-based distributions:
   contrib/ngircd-redhat.init, thanks to Naoya Nakazawa  
<naoya at sanow.net>.
- Doxygen: update source code repository link to GIT.
- Debian: build ngircd-full-dbg package.
- Allow ping timeout quit messages to show the timeout value.
- Fix error handling on compressed links.
- Fix server list announcement.
- Do not remove hostnames from info text.

Direct download links for the source archive:

<ftp://ftp.berlios.de/pub/ngircd/ngircd-14.1.tar.gz>
<ftp://ngircd.barton.de/pub/ngircd/ngircd-14.1.tar.gz>

The ChangeLog can be found here:

<http://ngircd.barton.de/doc/ChangeLog>
<http://ngircd.berlios.de/doc/ChangeLog>

GnuPG signatures and a patches from release 14 are available and can  
be downloaded from here:

<ftp://ngircd.barton.de/pub/ngircd/>
<ftp://ftp.berlios.de/pub/ngircd/>

The relevant MD5 sums are:

MD5 (ngircd-14.1.tar.gz) = eef90855414c35bfb6590d17e24ee06f
MD5 (ngircd-14-14.1.patch.gz) = 896814187a7a350272ab5fb4119a381a

You can habe a look at the complete history and every single patch  
using the GIT web-frontend located at:

<http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git>

Please let us know if you encounter any bugs or need more/better  
documentation (best is to file bugs using the bug tracker or to mail  
to this list). Thanks!

Regards
Alex



-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 486 bytes
Desc: Signierter Teil der Nachricht
URL: <http://arthur.barton.de/pipermail/ngircd-ml/attachments/20090506/a2321d54/attachment.pgp>


More information about the ngIRCd-ML mailing list