UnrealIRCd

All our releases are from now on signed with GnuPG (PGP) again. Our key is called [email protected] (0x9FF03937). The next few days people will be signing this key to reflect the trusted nature of it. Once you start a download you'll see instructions on how to verify a release.

Hi all, This is very embarrassing... We found out that the Unreal3.2.8.1.tar.gz file on our mirrors has been replaced quite a while ago with a version with a backdoor (trojan) in it. This backdoor allows a person to execute ANY command with the ... [More] privileges of the user running the ircd. The backdoor can be executed regardless of any user restrictions (so even if you have passworded server or hub that doesn't allow any users in). It appears the replacement of the .tar.gz occurred in November 2009 (at least on some mirrors). It seems nobody noticed it until now. Obviously, this is a very serious issue, and we're taking precautions so this will never happen again, and if it somehow does that it will be noticed quickly. We will also re-implement PGP/GPG signing of releases. Even though in practice (very) few people verify files, it will still be useful for those people who do. Safe versions ============== The Windows (SSL and non-ssl) versions are NOT affected. CVS is also not affected. 3.2.8 and any earlier versions are not affected. Any Unreal3.2.8.1.tar.gz downloaded BEFORE November 10 2009 should be safe, but you should really double-check, see next. How ... (Read More) [Less]

Just wanted to drop a note that if anyone is experiencing problems like this (also called Firefox XPS IRC Attack). Then this is what I suggest you do: 1. If not done so already, then compile UnrealIRCd with NOSPOOF (spoof protection) enabled, on *NIX ... [More] this is the first question asked during ./Config, on Windows it is always enabled. 2. I've released a nopost module which will kill/zline/etc such connections. http://www.vulnscan.org/UnrealIRCd/modu ... ost.tar.gz You can do #2 without #1, and #1 without #2, but if you're really under attack then combining them is most effective. [Less]

The UnrealIRCd team- and support-channels on IRC have moved to their own network (rather than using IRCSystems). The URI is still irc://irc.unrealircd.org/ The support channel is still #unreal-support too, however the development channel has been split: #unreal3-devel for 3.2* development and #unreal4-devel for 4.* development.

Unreal 4 is coming along slowly but surely. There is a lot of work that still needs to be done, and we only have 1 coder working on it. Currently we have a somewhat functional core that compiles, allows connections, provides basic commands and the ... [More] ability to join channels. However, even though we have a mostly functioning core, we are still a long way off from having a core that provides all the basic IRC functions. If you're a C++ coder and would like to help out, stop by #Unreal-Devel on irc.unrealircd.com and we'll help you get up to date on what is done and what still needs doing. If you would like to download the code we have so far, you can access our mecurial repository at http://ohnopub.net/hg/unrealircd-cpp/ [Less]

I am asking for everyone's help in cleaning out the bug tracker. Currently our bugtracker has plenty issues still open (301) for the current version of Unreal. Unfortunately most of the open issues are old and no longer apply to the current workings ... [More] of Unreal 3.2. Some of the issues are features or tweaks wanted by the community. If you see an issue that is no longer relevant to the current version, is a problem that has been solved in the past, duplicate issues, or something that just shouldn't be there, add a note to it so we can close or resolve the issue. If you're a C coder, you can help by making patches for the current problems in the bug tracker. Patches should be made from 3.2.8.1, or preferably from the nightly CVS snapshots downloadable from Syzop's site. We are also looking for C++ coders to help get the next major version of Unreal off the ground and into active development. We will be doing a recode from the ground-up starting with a core that has no more than the basics of IRC (i.e. the stuff in RFC-1459). If you want to give us a hand in getting the next version going, swing by #Unreal-Devel on irc.unrealircd.com to find out more info! -- Stealth [Less]

For reasons I won't get into, I'm pulling myself out of UnrealIRCd actively as the 3.3 developer and a developer of the software at all. Until a time alternatively set by one of the others I'll still be managing the site, so any issues with bugs on ... [More] the site at all everyone is still free to toss me an IM on here or post it in the website forums to let me know. [Less]

A security issue was found, which is exploitable (crash) when allow::options::noident is in use. The security advisory is below. (this news item is a re-post, not an update) SECURITY ADVISORY ================== A serious buffer overflow issue has ... [More] been discovered in UnrealIRCd. This issue can cause the IRC server to crash. It is not clear if this issue can lead to remote code execution. ==[ AFFECTED VERSIONS ]== This bug can ONLY be triggered if allow::options::noident is in use. By default, this is not the case, and it's not a very common option to use. To check for this, you can search for "noident" (without quotes) in your config files (such as unrealircd.conf). If you don't use this option, you are safe, and there's no need to upgrade. If you use the noident option, and you're using Unreal3.2.8 or earlier (this issue goes back to 3.2beta11), then you are affected. ==[ PROBLEM ]== A buffer in the code which handles user authorization is copied without sufficient length checks, causing a buffer overflow. This bug happens BEFORE the user is online. In other words: even if you have a password protected server, or only allow certain ip/hosts in, and y ... (Read More) [Less]

After 19 months, a new UnrealIRCd is finally out: Unreal 3.2.8. We have added a couple of new features, and have fixed some major bugs / added some important workarounds such as slow spamfilter detection(&removal) and detection of time shifts. In ... [More] total this release consists of over 70 changes. See the Release Notes below for more information. Code: ---------- ==[ NEW ]== - set::level-on-join: this defines which privileges a user receives when creating a channel, default is 'chanop', the only other available setting is 'none' (opless). - Away notification through WATCH: This allows clients to receive a notification when someone goes away or comes back, along with a reason, a bit like IM's. There's probably no current client supporting this but it would be a nice feature in notify lists. Client developers: see Changes file for full protocol details. This feature can be disabled by setting set::watch-away-notification to 'no'. - Spamfilter: Slow spamfilter detection: For each spamfilter, Unreal will check, each time it executes, how long it takes to execute. When a certain thres ... (Read More) [Less]

The second Release Candidate for 3.2.8 is out: 3.2.8-rc2. There have only been a few fixes (operoverride, mac os x compile fix, dealing with clock adjustments) and documentation updates since -rc1. Release candidates allows members from the public ... [More] to test if there are any major release critical bugs (eg: crash bugs) present, so they can be corrected before the real 3.2.8 release. If you want to help out with testing, just download it and give it a try. You can download 3.2.8-rc2 from http://www.unrealircd.com/ -> downloads. Code: ---------- Unreal3.2.8-rc2 Release Notes ============================== ==[ GENERAL INFORMATION ]== - If you are upgrading on *NIX, make sure you run 'make clean' and './Config' first, before doing 'make' - The official UnrealIRCd documentation is doc/unreal32docs.html online version at: http://www.vulnscan.org/UnrealIRCd/unreal32docs.html FAQ: http://www.vulnscan.org/UnrealIRCd/faq/ Read them before asking for help. - Report bugs at http://bugs.unrealircd.org/ - When upgrading a network, we assume you are upgrading from the previous version (3& ... (Read More) [Less]