ports/76297: Update port: irc/unreal (Security Fix)

Gerrit Beine tux at pinguru.net
Sat Jan 15 22:10:20 UTC 2005 

>Number:         76297
>Category:       ports
>Synopsis:       Update port: irc/unreal (Security Fix)
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Sat Jan 15 22:10:19 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Gerrit Beine
>Release:        FreeBSD 5.3-RELEASE
>Organization:
pitcom GmbH
>Environment:
FreeBSD asus.site 5.3-RELEASE FreeBSD 5.3-RELEASE #0: Fri Nov 12 23:43:33 CET 2004     root at asus.site:/usr/src/sys/i386/compile/ASUS  i386

>Description:
Please use this instead of
http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/76274

Update to version 3.2.2, including Security Fix:

SECURITY ADVISORY
==================

A serious Denial-of-Service issue has been discovered in UnrealIRCd.

==[ AFFECTED VERSIONS ]==
Affected:
- - Unreal3.2: beta18, beta19, RC-1, RC-2, 3.2, 3.2.1, 3.2.2

Unaffected:
- - versions older than beta18 (OLD, UNSUPPORTED)
- - 3.1* (VERY OLD, UNSUPPORTED)
- - If you have NO servers and NO services linked and you
  are using a vulnerable version then this problem does
  not occur (this is however an uncommon configuration)

Fixed in/by:
- - Hot-patched 3.2* servers (see FIX)
- - The newly released 3.2.2b (for fresh installs)
- - CVS from January 15 03:00 GMT and later

==[ PROBLEM ]==
There's a severe crashbug present in UnrealIRCd that can quite
easily be triggered by users. No code execution or anything
like that is possible (it's a NULL pointer dereference),
but it does cause a crash, which is of course serious enough.

Server admins should apply the fix (which does not require a
server restart) as soon as possible before an exploit will
become widespread (within 24h is recommended).

During the time of writing (Jan15 19:00 GMT) there are no signs
of "bad users" causing crashes, but we expect that this will
happen after public announcement of this bug.

==[ WORKAROUND ]==
There's no safe workaround, but see next for an easy fix.

==[ FIX ]==
Thanks to modulized commands we have created a "hot patch" utility
that will fix the issue WITHOUT requiring a server restart, all
you will have to do is install it and rehash.
This patch can be used on Unreal3.2-RC2, 3.2, 3.2.1 and 3.2.2.
Older version (eg: beta's) are not supported, in that case we
suggest you to upgrade to 3.2 (and apply this patch) or 3.2.2b. 
>How-To-Repeat:
      
>Fix:
diff -Nur /usr/ports/irc/unreal/Makefile unreal/Makefile
--- /usr/ports/irc/unreal/Makefile	Thu Jul 22 04:01:55 2004
+++ unreal/Makefile	Sat Jan 15 14:25:08 2005
@@ -1,14 +1,12 @@
 # Ports collection makefile for:	Unreal-IRCd
 # Date created:				15 April 2004
 # Whom:					Gerrit Beine (<tux at pinguru.net>)
-# ToDo:	Make the configuration more flexible using -DOPTION for the
-#	configuration values, especially support for IPv6.
 #
 # $FreeBSD: ports/irc/unreal/Makefile,v 1.3 2004/07/22 02:01:55 ijliao Exp $
 #
 
 PORTNAME=	Unreal
-PORTVERSION=	3.2.1
+PORTVERSION=	3.2.2
 CATEGORIES=	irc
 MASTER_SITES=	http://mirror.nimsay-networks.com/unrealircd/ \
 		http://unrealircd.za.net/ \
@@ -19,16 +17,11 @@
 MAINTAINER=	tux at pinguru.net
 COMMENT=	Unreal - the next generation ircd
 
-SQLMOD=		Unreal/SQLMod.tar.gz
-
 WRKSRC=		${WRKDIR}/${PORTNAME}3.2
 
 HAS_CONFIGURE=	yes
 
-CONFIGURE_ARGS=	--enable-nospoof \
-		--enable-hub \
-		--enable-ziplinks \
-		--with-listen=5 \
+CONFIGURE_ARGS=	--with-listen=5 \
 		--with-dpath=${PREFIX}/Unreal \
 		--with-spath=${PREFIX}/Unreal/ircd \
 		--with-nick-history=2000 \
@@ -38,15 +31,28 @@
 		--with-fd-setsize=1024 \
 		--enable-dynamic-linking
 
+OPTIONS=	HUB "Configure as a hub (otherwise configure as a leaf)" on \
+		NOSPOOF "Enable anti-spoof protection" off \
+		ZIPLINKS "Enable ziplinks support" off \
+		SSL "Support SSL connecions" off \
+		IPV6 "Enable ipv6 support" off \
+		PREFIXAQ "Enable prefixes for chanadmin and chanowner" off
+#		REMOTE "Enable remote includes" off \ this does not work at the moment
+
+SQLMOD=		Unreal/SQLMod.tar.gz
+
 .include <bsd.port.pre.mk>
 
-.if exists(${DISTDIR}/${SQLMOD})
-USE_MYSQL=	yes
-WITH_SQLMOD=	yes
-MAKE_ARGS=	all custommodule MODULEFILE=m_sqlmod
-PLIST_FILES+=	Unreal/modules/m_sqlmod.so Unreal/m_sqlmod.conf \
-		Unreal/doc/Changes.sqlmod Unreal/doc/README.sqlmod \
-		Unreal/doc/LICENSE.sqlmod
+.if defined(WITH_HUB)
+CONFIGURE_ARGS+=	--enable-hub
+.endif
+
+.if defined(WITH_NOSPOOF)
+CONFIGURE_ARGS+=	--enable-nospoof
+.endif
+
+.if defined(WITH_ZIPLINKS)
+CONFIGURE_ARGS+=	--enable-ziplinks
 .endif
 
 .if defined(WITH_IPV6)
@@ -58,6 +64,24 @@
 USE_OPENSSL=	yes
 .endif
 
+.if defined(WITH_REMOTE)
+LIB_DEPENDS+=	curl.3:${PORTSDIR}/ftp/curl
+CONFIGURE_ARGS+=	--enable-libcurl=/usr/local
+.endif
+
+.if defined(WITH_PREFIXAQ)
+CONFIGURE_ARGS+=	--enable-prefixaq
+.endif
+
+.if exists(${DISTDIR}/${SQLMOD})
+USE_MYSQL=	yes
+WITH_SQLMOD=	yes
+MAKE_ARGS=	all custommodule MODULEFILE=m_sqlmod
+PLIST_FILES+=	Unreal/modules/m_sqlmod.so Unreal/m_sqlmod.conf \
+		Unreal/doc/Changes.sqlmod Unreal/doc/README.sqlmod \
+		Unreal/doc/LICENSE.sqlmod
+.endif
+
 post-extract:
 .if defined(WITH_SQLMOD)
 	@${TAR} xfz ${DISTDIR}/${SQLMOD} -C ${WRKSRC}
@@ -69,6 +93,9 @@
 .if defined(WITH_SQLMOD)
 	@${PATCH} -d ${WRKSRC} < ${WRKSRC}/SQLMod/patch
 .endif
+
+pre-configure:
+	@${ECHO} ${CONFIGURE_ARGS}
 
 post-install:
 .if defined(WITH_SQLMOD)
diff -Nur /usr/ports/irc/unreal/distinfo unreal/distinfo
--- /usr/ports/irc/unreal/distinfo	Thu Jul 22 04:01:55 2004
+++ unreal/distinfo	Sat Jan 15 13:40:00 2005
@@ -1,2 +1,2 @@
-MD5 (Unreal3.2.1.tar.gz) = ebe56fd42fc229681f527932eaa173cc
-SIZE (Unreal3.2.1.tar.gz) = 1614434
+MD5 (Unreal3.2.2.tar.gz) = 75dc34b59d987a91e25290b29986149e
+SIZE (Unreal3.2.2.tar.gz) = 1706123
diff -Nur /usr/ports/irc/unreal/files/patch-m_kick.c unreal/files/patch-m_kick.c
--- /usr/ports/irc/unreal/files/patch-m_kick.c	Thu Jan  1 01:00:00 1970
+++ unreal/files/patch-m_kick.c	Thu Jan 13 22:57:33 2005
@@ -0,0 +1,30 @@
+Index: src/modules/m_kick.c
+===================================================================
+RCS file: /home/cmunk/ircsystems/cvsroot/unreal/src/modules/Attic/m_kick.c,v
+retrieving revision 1.1.2.2.2.4
+diff -u -r1.1.2.2.2.4 m_kick.c
+--- src/modules/m_kick.c	6 Oct 2004 20:33:13 -0000	1.1.2.2.2.4
++++ src/modules/m_kick.c	13 Jan 2005 21:53:55 -0000
+@@ -302,13 +302,17 @@
+ 					    !(lp->flags & (CHFL_CHANOP|CHFL_CHANPROT|CHFL_CHANOWNER)))
+ 					{
+ 						/* Send it only to chanops & victim */
+-						sendto_chanops_butone(who, chptr, ":%s!%s@%s KICK %s %s :%s",
+-							sptr->name, sptr->user->username, GetHost(sptr),
+-							chptr->chname, who->name, comment);
+-						if (MyClient(who))
+-							sendto_one(who, ":%s!%s@%s KICK %s %s :%s",
++						if (IsPerson(sptr))
++							sendto_chanops_butone(who, chptr, ":%s!%s@%s KICK %s %s :%s",
+ 								sptr->name, sptr->user->username, GetHost(sptr),
+ 								chptr->chname, who->name, comment);
++						else
++							sendto_chanops_butone(who, chptr, ":%s KICK %s %s :%s",
++								sptr->name, chptr->chname, who->name, comment);
++						
++						if (MyClient(who))
++							sendto_prefix_one(who, sptr, ":%s KICK %s %s :%s",
++								sptr->name, chptr->chname, who->name, comment);
+ 					} else {
+ 						/* NORMAL */
+ 						sendto_channel_butserv(chptr,
>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list