Eggdrop is a mature IRC bot that has been in development since 1993 and this new release once again brings new features, lots of bugfixes and enhancements.

For starters, Eggdrop can now be compiled against TCL 8.6 and amongst “numerous minor issues and potential crashes fixed” there also have been issues with the 64-bit binaries crashing on FreeBSD and NetBSD resolved.

Interesting new features include full CIDR support for userhosts and modes b, e and l. Channel sync time has been improved by querying aforementioned modes at once and removing “redundant commands”. The charset detection on Telnet and DCC partylines now works better and according to developer thommey you should “never have to use .fixcodes” again.

The TCL event loop has been replaced and now allows events to be triggered without a delay – previous versions had a minimum delay of one second between TCL events, no matter how low the timer has been set.

Security issues resolved since 1.6.19+ctcpfix are proper checking of the .+chan command which could have changed the need-* channel settings in the past.

If you’re running 1.6.20rc2 you can keep using it as there where no changes between it and the final release, others might want to update: The updated sourcecode can be grabbed from their homepage, the full changelog is supplied in docs/Changes1.6 and a summary of the most important changes is available here.

  Copyright secured by Digiprove

Feel free to Flattr this post at flattr.com, if you like it.

Eggdrop 1.6.20 – now with TCL 8.6 support is a post from: IRC-Junkie.org - IRC News

This post is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Deutschland license.

Related posts:

1. Update on the Development of Eggdrop
2. Eggdrop 1.6.19 Released
3. Vulnerability in Eggdrop / Windrop 1.6.19

The vulnerabilitiy is present in both latest versions of the bot software 1.6.19 which has been released back in April 2008.

A posting on the Full Disclosure mailinglist goes into more detail, describing how one can at least crash vulnerable bots:

One possible exploit anyone can send to the IRC server to crash eggdrop:

PRIVMSG eggdrop :\1\1

The only resolution at this time is upgrading old bots with the provided fix.

Feel free to Flattr this post at flattr.com, if you like it.

Vulnerability in Eggdrop / Windrop 1.6.19 is a post from: IRC-Junkie.org - IRC News

This post is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Deutschland license.

Related posts:

1. mIRC Local DCC Issue: Exploit, Vulnerability or Neither?
2. KVIrc 3.4.0 irc:// URI handler format string vulnerability – reloaded
3. Quassel IRC CTCP Command Injection Vulnerability

Version 1.6.19 of the popular IRC bot Eggdrop fixes a buffer overflow issue in the server module. It is exploitable by a malicious server. As long as the bot connects to a reputable server it should be OK.

IRC-Junkie tried to contact Guppy with a few questions but has received no reply so far, partly explaining the delay in reporting this new release.

A list of all updates according to the updates.txt file:

- Update the recommended TCL version to 8.5

- Updated Copyright dates

- added [sL] and thommey to the AUTHORS file

- load blowfish by default

- added a TCL to handle the PONG :<cookie> junk on some EFnet servers

- add a simple TCL to handle the PASS <numbers> junk on some Undernet servers

- add support for chanmode +T

- CTCP parsing was broken by the servmsg.c buffer overflow patch

- Fixed a couple of typos in the FEATURES file.

- Fixed two buffer overflows in servmsg.c (CVE-2007-2807).

- Fixed compatibility problems with certain time_t implementations.

- Complete raw traffic wasn’t getting logged in some cases; only the raw command itself was. Fixed.

Feel free to Flattr this post at flattr.com, if you like it.

Eggdrop 1.6.19 Released is a post from: IRC-Junkie.org - IRC News

This post is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Deutschland license.

Related posts:

1. BNC 2.8.9 remote buffer overflow
2. mIRC 6.32 Released
3. mIRC 6.33 Released

Not sure what organization or person is behind the invention of this one, but heck, bots deserve all the recognition they can get! Performing un-thankful jobs of maintaining statistics, opping/voicing users, setting topics and a whole range of other tasks we make them able to with expanding them with scripts 24 hours a day, 7 days a week. Except of course, for those moments where the shell is down or the wrong process is killed …

They sure make our online experience a whole lot easier and richer!

Cheers to Horcsog for the haads up =)

Feel free to Flattr this post at flattr.com, if you like it.

Happy Bot Day! is a post from: IRC-Junkie.org - IRC News

This post is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Deutschland license.

Related posts:

1. Happy 15th Birthday, freenode!
2. Happy BDay :-) !
3. DDoS’er Pleaded Guilty

“There are different reasons for the slowdown for each of the branches” Wcc starts. “As for 1.6, there haven’t been any real.. problems. 1.6.17 has been a rock-solid release. As for 1.7, this is mainly due to the fact that I, personally, haven’t had any free time to do any of the major things that need to be done on it.  1.9 is once again fairly active. Alot of progress is being made.”

“We need coders! I have no free time to work on it. If anyone would like to help out, see http://www.eggheads.org/mailman/listinfo/eggdev. 1.7 might be released and it might not. Things are going pretty slowly on it right now” Wcc explained.

Version 1.9 is the step up to the 2.0 branch, which is a major overhaul of the bot. In September 2002 we interviewed guppy, then the lead developer, where he explained about the changes that are coming up. Among the changes are support for Perl and Javascript as scripting languages. We asked Wcc how development goes in the 1.9.* branch.

“Yes, both scripting languages are currently available in 1.9 CVS. See http://www.eggheads.org/devel/ for information on obtaining CVS versions of eggdrop.”

The 1.9 and ultimately, the 2.0 branch will break away from the old code and will be a complete rewrite. This will also break compatibility with old TCL scripts. However, Wcc explains that the team might “write some kind of compatibility library that a user can load if he MUST use a 1.6 script.” Assuming they will have time left for it.

“In 1.6.x, we (obviously) can’t “fix” any of the major problems we see with our Tcl extensions, because we would break script compatibility. 1.9.x is a whole new bot. We want everything to work as we think (and all of you guys out there think) Eggdrop should work. If that means breaking compatibility, that’s fine, this time.”

Finally, Wcc likes to take advantage of the opportunity to attract new blood: “We need developers! If anyone out there is interested in joining the team, e-mail me at wcc AT techmonkeys.org. We also need user input for 1.9. What do you want Eggdrop to be? Now is your chance to make this the bot that you want it to be. Let us know! ”

Feel free to Flattr this post at flattr.com, if you like it.

Update on the Development of Eggdrop is a post from: IRC-Junkie.org - IRC News

This post is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Deutschland license.

Related posts:

1. Eggdrop 1.6.19 Released
2. Vulnerability in Eggdrop / Windrop 1.6.19
3. Eggdrop 1.6.20 – now with TCL 8.6 support