IRC-Junkie.org – IRC News

All about Internet Relay Chat

InspIRCd 2.0.5 Vulnerability [Updated]

There has been a vulnerability reported in InspIRCd 2.0.5 and possibly other versions of the IRC daemon.

The problem lies in the buffer handling of dns.cpp, can be triggered by remote users and might result in arbitrary code execution according to the advisory.

 

There currently is a workaround in the form of a config setting, namely to set

<performance:nouserdns>

to yes.

 

There also have been pull requests on GitHub by Atheme developer nenolod which fix the underlying code, although those – as of now – haven’t been pulled in yet.

 

The fixes above have been pulled in and the official sources have been moved from Gitorious to GitHub.

 

Due to the serious nature of the vulnerability, watch the development of this closely and even though there currently are no reports of this vulnerability being exploited in the wild.

 

The advisory can be found here and one of the temporary InspIRCd websites (which is currently still down after a break-in into ChatSpike/InspIRCd servers) can be found here.

 

We’ll keep this entry updated on any new developments regarding this issue.

IRC Wiki – 2nd Anniversary

2 years ago, the IRC-Wiki has been created to provide a central place for all things that relate to IRC.

Some might argue that Wikipedia is a better place for that but as some people can assess it isn’t due to their idiotic strict notability guidelines.

 

Fast forward 2 years and IRC Wiki is still thriving and the only one remaining from the 3 that have been mentioned in that past article. One of them has merged into IRC Wiki soon after the article has been written and to date the Wiki consists of 650 pages and 5000 edits in total.

 

About 180 users have contributed to it, though the majority of editors is due to a new feature: network pages.

There, registered networks can put up information about it, integrate statistics  from SearchIRC and Netsplit.de and much more.

 

IRC Wiki Network Listing Page

IRC Wiki Network Listing Page

 

In the early days, IRC-Wiki was using LionWiki and migrated to MediaWiki due to user requests for features that are only present in MediaWiki. That move was done manually, article-by-article by Bertrum and Trixar_za.

Even though that was a labour-intensive task, Trixar_za regards it as “the best decision they made because of the sheer number of MediaWiki extensions, especially the security related ones – considering how many Wikis are overrun with spam these days”.

 

Today, the Wiki holds lots of information for all kind of IRCds, IRC clients and software for IRC networks but there is still a list of articles that are yet to be created – not to mention there’s always room to improve and expand current articles.

 

So, if you haven’t yet: browse over to IRC-Wiki and help them out, be it by adding your network to their index or filling the Wiki with information!

IRCjr – An IRC Client for DOS

There are IRC clients for every platform and every OS – wait, really every platform, every OS?

 

Lets see:

Windows? More than you can handle..

OS X? Sure

Linux/UNIX? Of course

 

…and more – i’ll spare you listing every platform there’s an IRC client for.

 

But.. what about DOS you say? Yes, yes – there is one: IRCjr.

 

It’s not only a proof-of-concept but is a fully-featured client. It supports CTCP messages such as /me and /version, has timestamps, logging to disk, a user-configurable scrollback buffer and supports every display from MDA/monochrome up to VGA resolutions and colors.

 

DOS IRC Client IRCjr running in DOSBox

DOS IRC Client IRCjr running in DOSBox

 

As you can see from the screenshot it sports a split-screen layout and according to its website it’ll run even on “the oldest 8088 based systems” from DOS 2.1 and newer.

 

Being in multiple channels and private messages at the same time is no problem – IRCjr is even compatible with multiple monitors, although it can only use one at a time.

 

Since DOS is pretty much obsolete these days and being asked about the reason why he wrote a program for a dead platform the programmer, Michael  Brutman, said that he had rediscovered the fun in retro computing and since all TCP/IP stacks for DOS sucked, he wrote his own and the first application he developed for it was IRCjr.

 

One of the main concerns while programming was stability and according to Michael Brutman it’s really stable and can be left running even in very busy channels such as #ubuntu on freenode without problems.

 

On the feature-side he said that he’s looking to bring multi-server support and maybe mIRC color codes into the client but sadly Unicode support is pretty much ruled out as most of the old hardware can’t load fonts.

 

So if you’re a retro computing enthusiast and addicted to IRC – give it a go and let us know what you think about it in the comments!

 

More details about the setup, configuration and capabilities of IRCjr can be found on the IRCjr website.

Anope releases v1.9.6

Anope has officially released v1.9.6 as of Feb. 3rd, 2012. This release has some major changes. Not only adds and fixes but some interior changes as well.

As of 1.9.6, Anope has changed some of the configuration, so it is recommended that users upgrading should start with a fresh configuration file.

There is also a new database format, so therefore the old db_plain has now been depreciated. It is recommended that users upgrading should read the example configuration on how to upgrade your databases.

Users using MySQL with previous versions will need to export their databases to flatfile first before importing into 1.9.6.

There have been some significant changes in this version, they are as followed:

  • Added ability to configure emails sent by services
  • Added chanserv/up and chanserv/down
  • Added m_proxyscan
  • Added more configurability for what vhosts are valid
  • Added chanserv/log
  • Added ability to configure ChanServ privileges
  • Added a new database format
  • Added SQLite support
  • Added more verbose messages on start up
  • Added ability for chanserv/suspend and nickserv/suspend to take an expiry time
  • Added no nickname ownership config option
  • Added m_rewrite
  • Added akill IDs
  • Fixed crash in clearusers
  • Fixed crash in /os oper info
  • Fixed eventfd Config check to work properly on OpenVZ

To download this version from the source, Click Here.
To download this version for Windows, Click Here.

Sources: http://www.anope.org/news_index.php

lightIRC v1.2.3 Build 101

As most already know, lightIRC is one of the most popular and most used Flash Clients used on IRC to this date. It has support for multiple languages, css styling, and even a webcam!

The newest version of lightIRC, recently released on Feb. 16, 2012 has added the following features:

  • Added Arabian (ar) translation
  • Parameter showVerboseUserInformation (default false) adds ident and host information for joins, parts and quits
  • Parameter targetFrame (default “_blank”) lets you specify the target frame for clicked URLs in the chat area
  • Fix: Focus did jump to channel input if identify password popup was open
  • Fix: Space key did accept webcam requests while typing a message
  • Fix: Errors occured if having webcam enabled without rtmfp parameter
  • Fix: webcamVideoOnly/webcamAudioOnly bug

lightIRC can be used for both personal use, as well as commercial use, which requires a special license. It can be easily used by all users no matter how IRC savvy they are. It can also be hosted either by yourself, or by using the lightIRC servers.

The most recent version can be obtained Here.

For more information regarding lightIRC, Click Here.