IRC-Junkie.org – IRC News

Syzop of the UnrealIRCd project just posted an announcement on their mailinglist and forums that some versions of their IRCd have been compromised and had a backdoor added which went unnoticed for quite a while.

The first signs of the compromise have been traced back to November 2009 and Syzop writes that “Any Unreal3.2.8.1.tar.gz downloaded BEFORE November 10 2009 should be safe, but you should really double-check”.

Alexander Barton of the ngIRCd project just announced on their mailing-list the immediate availability of version 16 of their IRC daemon.

After 1 month of testing and 2 release candidates, the final release is available to download and use.

The most notable changes since ngIRCd version 15 according to the announcement are various fixes to the build system and code cleanups, a new numeric (RPL_STATSCONN 250) that displays a few enhanced connection statistics to clients on connect and adding the missing documentation for the “Password” variable.

ratbox-services, the services package for ircd-ratbox, have released version 1.2.4 in their stable tree.

ratbox services logo

Version 1.2.4 is mainly a bugfix release, one feature addition that this new version got is that you now can specify both the UID/GID and the path it chroots to on startup with a parameter.

Other than that, some inconsistencies with ChanServ enforcing topics have been rectified and it now “enforces topics whenever it is in the channel”. The handling of read-errors received from servers has been fixed as well as the configure-options of both MySQL and PostgreSQL which now take a path to a binary that will provide the compiler with information it needs to compile the respective support in.

The InspIRCd team released version 1.2.7 of their stable branch yesterday which fixes 2 critical bugs that can result in DoS conditions, so an upgrade is advised.

The first crash that has been fixed is triggerable when a remote server has the same name as a local one which possibly crashes the linking IRCd. This bug was squashed by developer danieldg in this commit.

The second bug can lead to a Denial of Service condition due to memory exhaustion which is possible since ban exception masks weren’t limited in length and numbers according to MAXBANS.

The ShadowIRCd project just released version 6.1.0 of their Charybdis-based IRCd, just little over a month after the release of version 6.0.0.

The new release adds a few new features, configuration options and “massive helpfile updates”.

The developer team implemented a server-side /CYCLE (also called /HOP in some clients) command which parts and rejoins the user from the channel he specifies.

A lot of management-commands like those pertaining to modules (like MODLOAD) can now be executed remotely, remote stopping or restarting the IRCd through DIE and RESTART has been introduced as well.