UnrealIRCd 5.0.3 released (fixes flood issue)

News about the UnrealIRCd project, including release announcements
Post Reply
UnrealIRCd head coder
Posts: 2029
Joined: Sat Mar 06, 2004 8:57 pm
Location: .nl

UnrealIRCd 5.0.3 released (fixes flood issue)

Post by Syzop »

UnrealIRCd 5.0.3 is out. It fixes a user-triggerable flood issue. This can be abused to start a serious flood on multi-server networks. We recommend users running 5.0.0/5.0.1/5.0.2 to apply the "hot patch" to fix the issue without a restart (see below) or to upgrade to 5.0.3.
To apply the hot patch, run the following command on your IRCd shell:

Code: Select all

wget https://www.unrealircd.org/patches/labeledresponseflood-patcher && sh ./labeledresponseflood-patcher
Below is a short FAQ / Q&A on the hot patch. Further down is the original UnrealIRCd 5 announcement.

The complete UnrealIRCd 5.0.3 release notes can be found here. The 5.0.3 release contains several other fixes and enhancements, such as a new HISTORY command to retrieve up to 100 lines of channel history (the limits in +H still apply).

Q&A on the hot patch

How serious is the flood issue? Can it be abused?
It can be triggered on purpose but it can also be triggered accidentally. It will start a flood between servers which can consume high amounts of bandwidth. Other than high bandwidth and possibly high CPU usage there will be no signs of the flood to IRCOps. If you only have one UnrealIRCd 5.x server then the issue cannot be triggered.

Which UnrealIRCd versions are affected?
UnrealIRCd 5.0.0, 5.0.1 and 5.0.2. The UnrealIRCd 4.x series are not affected.

What is hot patching?
It is possible to fix this issue without having to restart your IRCd. This is generally welcomed by admins. UnrealIRCd can do this because most of the code is in modules that can be reloaded on the fly.

I am on Windows, can I also use the hot patch?
No, sorry, on Windows you will have to upgrade to UnrealIRCd 5.0.3.

How do I apply the patch?
Simply SSH to your IRCd shell and then run:
wget https://www.unrealircd.org/patches/labe ... od-patcher && sh ./labeledresponseflood-patcher

I don't trust the shell script, can I view the exact patch?
Yes, you can also download the recommended patch as a .tar.gz instead. It is available from https://www.unrealircd.org/patches/labe ... her.tar.gz

UnrealIRCd 5 is here!

After more than 6 months of hard work, UnrealIRCd 5 is now our new "stable" branch. In particular I would like to thank Gottem and 'i' for their source code contributions and PeGaSuS and westor for testing releases.
When we transitioned from 3.2.x to 4.0.0 there were 175,000 lines of source code added/removed during 3 years of development. This time it was 120,000 lines in only 6 months, a major effort!

A short summary of release highlights is available here. The full release notes are available here. If you have some spare time, we recommended reading the full release notes (the new and changed sections, anyway) so you don't miss out on anything.

If you are upgrading from 4.x to 5.x, then it would be wise to read Upgrading from 4.x. In any case, be sure to upgrade your services package first! (if you use any). UnrealIRCd 5 is known to work with the following services:
  • anope (version 2.0.7 or higher) - with the "unreal4" protocol module
  • atheme (version 7.2.9 or higher) - with the "unreal4" protocol module
As always, you can download UnrealIRCd from https://www.unrealircd.org/

A word on third party modules

Because of the many code changes in UnrealIRCd 5, all 3rd party modules that work on UnrealIRCd 4 don't work on UnrealIRCd 5 out of the box. In fact, modules need quite a lot of changes to work with UnrealIRCd 5.

Gottem and k4be have updated and uploaded their 3rd party modules to unrealircd-contrib so *NIX users can now easily install them using the new Module manager.

UnrealIRCd 4 is still supported

UnrealIRCd 4 is now called "oldstable" and will be maintained until 31 December 2020 (major bugfixes only). After that date UnrealIRCd 4 is no longer supported. Admins are recommended to upgrade to UnrealIRCd 5 somewhere in the first half of 2020.
Post Reply