Import upstream version 20.3

ChangeLog

@@ -9,10 +9,18 @@
                                -- ChangeLog --
 
 
+ngIRCd 20.3 (2013-08-23)
+
+  - Security: Fix a denial of service bug (server crash) which could happen
+    when the configuration option "NoticeAuth" is enabled (which is NOT the
+    default) and ngIRCd failed to send the "notice auth" messages to new
+    clients connecting to the server (CVE-2013-5580).
+
 ngIRCd 20.2 (2013-02-15)
 
   - Security: Fix a denial of service bug in the function handling KICK
-    commands that could be used by arbitrary users to to crash the daemon.
+    commands that could be used by arbitrary users to to crash the daemon
+    (CVE-2013-1747).
   - WHO command: Use the currently "displayed hostname" (which can be cloaked!)
     for hostname matching, not the real one. In other words: don't display all
     the cloaked users on a specific real hostname!

NEWS

@@ -9,11 +9,20 @@
                                   -- NEWS --
 
 
+ngIRCd 20.3 (2013-08-23)
+
+  - This release is a bugfix release only, without new features.
+  - Security: Fix a denial of service bug (server crash) which could happen
+    when the configuration option "NoticeAuth" is enabled (which is NOT the
+    default) and ngIRCd failed to send the "notice auth" messages to new
+    clients connecting to the server (CVE-2013-5580).
+
 ngIRCd 20.2 (2013-02-15)
 
   - This release is a bugfix release only, without new features.
   - Security: Fix a denial of service bug in the function handling KICK
-    commands that could be used by arbitrary users to to crash the daemon.
+    commands that could be used by arbitrary users to to crash the daemon
+    (CVE-2013-1747).
 
 ngIRCd 20.1 (2013-01-02)
 

configure

@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.67 for ngIRCd 20.2.
+# Generated by GNU Autoconf 2.67 for ngIRCd 20.3.
 #
 # Report bugs to <ngircd-ml@ngircd.barton.de>.
 #
@@ -552,8 +552,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='ngIRCd'
 PACKAGE_TARNAME='ngircd'
-PACKAGE_VERSION='20.2'
-PACKAGE_STRING='ngIRCd 20.2'
+PACKAGE_VERSION='20.3'
+PACKAGE_STRING='ngIRCd 20.3'
 PACKAGE_BUGREPORT='ngircd-ml@ngircd.barton.de'
 PACKAGE_URL='http://ngircd.barton.de/'
 
@@ -1269,7 +1269,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures ngIRCd 20.2 to adapt to many kinds of systems.
+\`configure' configures ngIRCd 20.3 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1339,7 +1339,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of ngIRCd 20.2:";;
+     short | recursive ) echo "Configuration of ngIRCd 20.3:";;
    esac
   cat <<\_ACEOF
 
@@ -1452,7 +1452,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-ngIRCd configure 20.2
+ngIRCd configure 20.3
 generated by GNU Autoconf 2.67
 
 Copyright (C) 2010 Free Software Foundation, Inc.
@@ -1985,7 +1985,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by ngIRCd $as_me 20.2, which was
+It was created by ngIRCd $as_me 20.3, which was
 generated by GNU Autoconf 2.67.  Invocation command line was
 
   $ $0 $@
@@ -2898,7 +2898,7 @@ fi
 
 # Define the identity of the package.
  PACKAGE='ngircd'
- VERSION='20.2'
+ VERSION='20.3'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -7766,7 +7766,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by ngIRCd $as_me 20.2, which was
+This file was extended by ngIRCd $as_me 20.3, which was
 generated by GNU Autoconf 2.67.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -7833,7 +7833,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-ngIRCd config.status 20.2
+ngIRCd config.status 20.3
 configured by $0, generated by GNU Autoconf 2.67,
   with options \\"\$ac_cs_config\\"
 

contrib/Debian/changelog

@@ -1,3 +1,9 @@
+ngircd (20.3-0ab1) unstable; urgency=high
+
+  * New "upstream" release, fixing a security related bug: ngIRCd 20.3.
+
+ -- Alexander Barton <alex@barton.de>  Fri, 23 Aug 2013 21:53:21 +0200
+
 ngircd (20.2-0ab1) unstable; urgency=high
 
   * New "upstream" release, fixing a security related bug: ngIRCd 20.2.

contrib/ngircd.spec

@@ -1,5 +1,5 @@
 %define name    ngircd
-%define version 20.2
+%define version 20.3
 %define release 1
 %define prefix  %{_prefix}
 

src/ngircd/conn.c

@@ -1547,7 +1547,11 @@ Conn_StartLogin(CONN_ID Idx)
 #endif
 			(void)Conn_WriteStr(Idx,
 				"NOTICE AUTH :*** Looking up your hostname");
-		(void)Handle_Write(Idx);
+		/* Send buffered data to the client, but break on errors
+		 * because Handle_Write() would have closed the connection
+		 * again in this case! */
+		if (!Handle_Write(Idx))
+			return;
 	}
 
 	Resolve_Addr(&My_Connections[Idx].proc_stat, &My_Connections[Idx].addr,
@@ -2339,8 +2343,13 @@ cb_Read_Resolver_Result( int r_fd, UNUSED short events )
 		}
 #endif
 
-		if (Conf_NoticeAuth)
-			(void)Handle_Write(i);
+		if (Conf_NoticeAuth) {
+			/* Send buffered data to the client, but break on
+			 * errors because Handle_Write() would have closed
+			 * the connection again in this case! */
+			if (!Handle_Write(i))
+				return;
+		}
 
 		Class_HandleServerBans(c);
 	}