<dl>
<dt>
- <strong>ngIRCd Release 20.1</strong> (2013-01-02):
+ <strong>ngIRCd Release 20.2</strong> (2013-02-15):
</dt>
<dd>
<p>Server: <em>ftp.berlios.de</em>
(<a href="ftp://ftp.berlios.de/pub/ngircd/">ftp</a>):
- <a href="ftp://ftp.berlios.de/pub/ngircd/ngircd-20.1.tar.gz">ngircd-20.1.tar.gz</a>
- (<a href="ftp://ftp.berlios.de/pub/ngircd/ngircd-20.1.tar.gz.sig">Sig</a>)
+ <a href="ftp://ftp.berlios.de/pub/ngircd/ngircd-20.2.tar.gz">ngircd-20.2.tar.gz</a>
+ (<a href="ftp://ftp.berlios.de/pub/ngircd/ngircd-20.2.tar.gz.sig">Sig</a>)
<br>Server: <em>ngircd.barton.de</em>
(<a href="http://ngircd.barton.de/pub/ngircd/">http</a>):
- <a href="http://ngircd.barton.de/pub/ngircd/ngircd-20.1.tar.gz">ngircd-20.1.tar.gz</a>
- (<a href="http://ngircd.barton.de/pub/ngircd/ngircd-20.1.tar.gz.sig">Sig</a>)
+ <a href="http://ngircd.barton.de/pub/ngircd/ngircd-20.2.tar.gz">ngircd-20.2.tar.gz</a>
+ (<a href="http://ngircd.barton.de/pub/ngircd/ngircd-20.2.tar.gz.sig">Sig</a>)
</ul>
</dd>
</dl>
-- ChangeLog --
+ngIRCd 20.2 (2013-02-15)
+
+ - Security: Fix a denial of service bug in the function handling KICK
+ commands that could be used by arbitrary users to to crash the daemon.
+ - WHO command: Use the currently "displayed hostname" (which can be cloaked!)
+ for hostname matching, not the real one. In other words: don't display all
+ the cloaked users on a specific real hostname!
+ - configure: The header file "netinet/in_systm.h" already is optional in
+ ngIRCd, so don't require it in the configure script. Now ngIRCd can be
+ built on Minix 3 again :-)
+ - Return better "Connection not registered as server link" errors: Now ngIRCd
+ returns a more specific error message for numeric ERR_NOTREGISTERED(451)
+ when a regular user tries to use a command that isn't allowed for users but
+ for servers.
+ - Don't report ERR_NEEDMOREPARAMS(461) when a MDOE command with more modes
+ than nicknames is handled, as well as for channel limit and key changes
+ without specifying the limit or key parameters.
+ This is how a lot (all?) other IRC servers behave, including ircd2.11,
+ InspIRCd, and ircd-seven. And because of clients (tested with Textual and
+ mIRC) sending bogus MODE commands like "MODE -ooo nick", end-users got the
+ expected result as well as correct but misleading error messages ...
+ - Correctly detect when SSL subsystem must be initialized and take
+ outgoing connections (server links!) into account, too.
+ - autogen.sh: Enforce serial test harness on GNU automake >=1.13. The
+ new parallel test harness which is enabled by default starting with
+ automake 1.13 isn't compatible with our test suite.
+ And don't use "egrep -o", insetead use "sed", because it isn't portable
+ and not available on OpenBSD, for example.
+
ngIRCd 20.1 (2013-01-02)
- Allow ERROR command on server and service links only, ignore them and
-- NEWS --
+ngIRCd 20.2 (2013-02-15)
+
+ - This release is a bugfix release only, without new features.
+ - Security: Fix a denial of service bug in the function handling KICK
+ commands that could be used by arbitrary users to to crash the daemon.
+
ngIRCd 20.1 (2013-01-02)
- This release is a bugfix release only, without new features.
</h3>
<p>
Die aktuelle stabile Version ist
- <strong>Release 20.1</strong> vom 2. Januar 2013,
+ <strong>Release 20.2</strong> vom 15. Februar 2013,
siehe auch die
<a href="download.php.de">Download-Möglichkeiten</a>.
</p>
</h3>
<p class="security">
<strong>Achtung:</strong>
- ngIRCd-Versionen vor 0.10.4 beinhalten einen Fehler, der (auch remote)
- dazu genutzt werden kann, den Daemon zum Absturz zu bringen. Alle
- Installationen sollten auf Version 0.10.4 (oder neuer) aktualisiert
- werden!<br>
- Versionen vor 14.1 beinhalten einen Fehler in den SSL/TLS Funktionen,
- die ebenfalls den Daemon zum Absturz bringen können. Wenn SSL/TLS
- verwendet wird, sollte mindestens Version 14.1 (oder neuer) eingesetzt
- werden!
+ ngIRCd 20 und 20.1 beinhaltet einen Fehler, der es jedem Nutzer
+ ermöglicht, den Server-Dienst zum Absturz zu bringen. Alle
+ Installationen sollten auf Version 20.2 (oder neuer) aktualisiert
+ werden. Versionen vor Release 20 sind hiervon nicht betroffen.
</p>
<p>
Die <a href="doc/NEWS">NEWS</a>-Datei und das
<?php
end_page();
?>
-
</h3>
<p>
The current stable version is
- <strong>Release 20</strong> of January 2 2013,
+ <strong>Release 20.2</strong> of February 15 2013,
please also refer to the <a href="download.php.en">Download</a>
options.
</p>
</h3>
<p class="security">
<strong>Caution:</strong>
- ngIRCd-versions previous to 0.10.4 contain a bug which can be used
- (also remotely) to crash the daemon. All installations should be
- updated to version 0.10.4 or newer!<br>
- The SSL/TLS functions prior to 14.1 have a bug which can crash the
- daemon as well. If using SSL/TLS you should update to at least
- ngIRCd 14.1 (or newer)!
+ ngIRCd 20 and 20.1 both contain an error that allows arbitrary users to
+ crash the server daemon. All installations should be updated to version
+ 20.2 or newer! Releases prior to ngIRCd 20 are not affected.
</p>
<p>
The <a href="doc/NEWS">NEWS</a>-file and the
<?php
end_page();
?>
-