Fedora 36 UnrealIRCd Update FEDORA-2022-c51b3a7f19 Critical DoS Issue

UnrealIRCd is an Open Source IRC server based on the branch of IRCu called

Dreamforge, formerly used by the DALnet IRC network. Since the beginning of

development on UnrealIRCd in May of 1999, it has become a highly advanced

IRCd with a strong focus on modularity, an advanced and highly configurable

configuration file. Key features include SSL/TLS, cloaking, advanced anti-flood and anti-spam systems, swear filtering and module support.

# UnrealIRCd 6.0.3 A number of serious issues were discovered in UnrealIRCd 6.

Among these is an issue which will likely crash the IRCd sooner or later if you

`/REHASH` with any active clients connected. ## Fixes * Crash in `WATCH` if

the IRCd has been rehashed at least once. After doing a `REHASH` with active

clients it will likely corrupt memory. It may take several days until after the

rehash for the crash to occur, or even weeks/months on smaller networks

(accidental triggering, that is). * A `REHASH` with certain remote includes

setups could cause a crash or other weird and confusing problems such as

complaining about unable to open an ipv6-database or missing snomask

configuration. This only affected some people with remote includes, not all. *

Potential out-of-bounds write in sending code. In practice it seems harmless on

most servers but this cannot be 100% guaranteed. * Unlikely triggered log

message would log uninitialized stack data to the log file or send it to ircops.

* Channel ops could not remove halfops from a user (`-h`). * After using the

`RESTART` command (not recommended) the new IRCd was often no longer writing to

log files. * Fix compile problem if you choose to use cURL remote includes but

don't have cURL on the system and ask UnrealIRCd to compile cURL. ##

Enhancements * The default text log format on disk changed. It now includes

the server name where the event was generated. Without this, it was sometimes

difficult to trace problems, since previously it sometimes looked like there was

a problem on your server when it was actually another server on the network.

* Old log format: `[DATE TIME] subsystem.EVENT_ID loglevel: ........` * New

log format: `[DATE TIME] servername subsystem.EVENT_ID loglevel: ........` ##

Changes * Any MOTD lines added by services via

[`SVSMOTD`](https://www.unrealircd.org/docs/MOTD_and_Rules) are now

shown at the end of the MOTD-on-connect (unless using a shortmotd). Previously

the lines were only shown if you manually ran the MOTD command. ## Protocol

- Upgrade to 6.0.3 (#2071197)

[ 1 ] Bug #2071197 - unrealircd-6.0.3 is available

https://bugzilla.redhat.com/show_bug.cgi?id=2071197

su -c 'dnf upgrade --advisory FEDORA-2022-c51b3a7f19' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure