Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
various character set problems. The security issues fixed:
* NICK_CHANGE buffer overflow: CVE-2007-3728.
* pkcs_decode buffer overflow: CORE-2007-1212.
Changes since version 1.0.4.1:
- Fixed NEW_CLIENT packet handling crash.
- Fixed partial encryption in CTR mode in AES.
- Fixed printable fingerprint buffer overflow.
- Fixed UNIX signal delivery il SILC scheduler.
- Reprocess JOIN command synchronously after resolving channel user list.
- In JOIN command reply check if the channel key is already saved.
- Remove all channel keys and hmacs after giving LEAVE command.
- Added missing channel unreferencing in CMODE, CUMODE, TOPIC, INVITE,
BAN and KICK command replies.
- Fixed connection authentication with public keys to use correct public
key as responder.
- Zero tail of CTR mode IV in IV Included mode.
- Fixed CTR mode rekey.
- Rewrote the IV Included CTR mode encryption/decryption in packet engine.
- Fixed non-IPv6 compilation error.
- Fixed channel private key deleting when deleting the channel.
- Fixed TIMEOUT handling in user info resolving during JOINing, fixes crash.
- Fixed mandatory UN and HN SILC public key identifier checking.
- Fixed alignment issues with 64-bit CPUs.
- Added "There are now xx nick's" to "are xx nicks".
- Fixed USERS command user mode handling (integer overflow).
- Fixed big-endian issues from aes implementation.
- Fixed lib/silcutil/silcatomic.h compilation on IA64.
- Fixed public key identifier parsing to check lengths correctly.
- In silc_client_free check that scheduler is allocated before trying to
free it.
- Fixed buffer overflow in NICK_CHANGE notify. The destination buffer for
old nicknames was too small.
- Added support for rekey with PFS when using CTR mode encryption.
- Added silc_idcache_move that can be used to move entries between caches.
- Added better checks for invalid argument and notify payloads.
- Fixed SILC_PACKET_FLAG_LONG_PAD bitmask value.
- Set the destination ID to packet stream as SKE responder if ID was
present in key exchange packet.
- Compile sources with _GNU_SOURCE on Linux systems.
- Fixed Unix signal task dispatching to not lock the signals when
dispatching the callback to avoid deadlocks.
- Added SILC_VERSION macro for checking package versions at compile time.
- Use SILC_VERIFY to assert that silc_rwlock_wrlock can be called only
once per thread on Unix.
- Fixed USERS command reply write-lock unlocking.
- Fixed silc_create_key_pair to check for valid identifier.
- Rewrite signed public message handling, adopting the new hilight interface.
- Fix off by one error when loading modules.
- Don't delete hilight entry (because it's just a pointer, not a copy).
- Added __SILC_TOOLKIT_x_x_x macro to all Toolkit distribution which can
be used to check for Toolkit version in third-party software.
- Added support for channel@server channel name strings to client library
(SILC protocol version 1.3 change).
- Added full_nicknames and full_channel_names settings to SilcClientParams
that can be used to specify whether client library returns full nickname
and channel name strings. Full strings are nick@server and channel@server.
- Fixed unix connecting failure to return error code correctly.
- Fixed SKE timeout double free crash.
- Fixed MIME multipart decoding buffer overflow.
- Fixed connection auth protocol timeout crash.
- Fixed FSM machine finishing to check for existing threads at the final
free callback to allow time for the threads to finish.
- Fixed silc_client_get_clients_local to check the nick's server also if
nick@server nickname string is given to the function.
- And many more, oh well. For the user this means: better charset support,
less crashes, nick names now potentially user#23, server specific
channels and more sanity.
Talked over a while ago with wiz with no objections.
|
|
Addresses PR pkg/36355
Changes:
1.0.4.1:
========
o Fix a segfault when joining an unknown channel
1.0.4:
======
- Update Makefiles so parallel make is possible
- Include scripts from the SILC Plugin for automatically signing all
messages
- Use known passwords when joining password protected channels
1.0.3:
======
- empty realname and hostname is permitted again (and the user gets to
see the error message if something goes wrong)
- various small fixes
|
|
- wait for user input after writing error messages on client start, irssi
redraws the screen on exit.
Bump PKGREVISION.
Addresses PR pkg/31185
|
|
Changes:
- convert to options.mk
1.0.2:
======
Due to the new SILC Server release with support to the UTF-8 nicknames and
channel names new version of the SILC Client is released as it seems the
older ones do not function very well with the new server. This version
includes support to the UTF-8 encoded nicknames and channel names, however,
certain problems may still exists, as this is a slight premature release.
- Added support for UTF-8 encoded nicknames and channel names.
- Command queue implemented for better UTF-8 support.
- --with-silc-includes and --with-silc-libs added gto configure to use
pre-installed SILC Toolkit.
|
|
Should fix build on Darwin/Mac OS X.
|
|
- Rework how and where is silc-client installed (in preparation for
silc-toolkit import).
- Rework PLIST.perl handling, now it works with threaded Perl as well.
- Minor cleanups.
|
|
Changes:
- remove patch-ab, merged into distribution
- cleanups in Makefile
0.9.13:
=======
- Lots of bugs was fixed. Also several security bugs has been fixed.
- Inviting and banning now works with a public key. Fixed also banning
with nickname (example, /ban +nickname).
- Support for channel public key authentication added. The CMODE command
has a new option 'C', which can be used to add and remove channel
public keys on the channel. The channel public keys work the same way
as the channel passphrase. Only the person posessing the corresponding
private key of the public key added on the channel is able to join the
channel. It is possible to add multiple channel public keys to the
public key list.
Give /HELP CMODE to see how to use the command. If the /CMODE +C is
given without arguments you will get list of current channel public
keys. This feature works only with new SILC Server 0.9.14 an newer.
You will also need to be channel founder.
- Automatic lag detector, to detect lag between your client and your
server. The lag (if any) is displayed on the status bar.
- /ME, /ACTION and /NOTICE now fully supports UTF-8 text messages.
- Using '@' and '!' characters in invite and ban strings is prohibited.
Those characters cannot be anymore used as part of invite and ban
strings.
- Better caching of old channel keys (for period of 10 seconds) to avoid
loosing any channel messages.
|
|
Changes:
- Fixed RESOLVING flag handling in JOIN notify and other
notifys to handle the resolvings correctly in client library.
- Fixed incorrect connection deletion from client library
after calling "connect" client operation. Could cause
crashes for example during reconnect timeouts.
- Removed --session and --dummy options from Irssi SILC Client.
-d option is available only if --enable-debug was given.
|
|
libraries hack is now gone
- fix typo in patch-ab
|
|
IMPORTANT NOTE: This version does not include backwards support
for the old style SILC private key so if you
skipped 0.9.10 version you won't be able to run
this client without generating new key pair.
Changes between 0.9.10 and 0.9.11
=================================
* workaround a bug in GCC which causes memory exhaustion when
compiling sha1 with optimizations on UltraSPARC. from openbsd
* Don't display "foo appears as foo\nYou're now known as foo"
messages.
* Do not print the nickname in SERVER_SIGNOFF if we do not
have it. Prevents asserts in Irssi core. It is possible we
don't have the nick if it was just being resolved when server
signoff.
* Prevent endless resolving of user informations in USERS
command by checking the command reply status correctly.
* Don't print signed messages when sending failed.
* Send adequate signal when founding a channel by joing it.
* Make GETKEY to update the client entrys fingerprint too.
* Fixed autonick crashbug in client library.
* Fix theme abstracts parsing.
* Fixed double free in SKE library error hadling when signature
error occurred.
|
|
There are fixes in crypto library, especially in the
private key file format which had bugs in the encryption
process. When you run the new client it will automatically
change your private keyfile format so that you don't have
to do anything to it manually. The next versions will not
have this feature so if you'll skip this version you won't
be able to run your client after new version of SILC Client
comes out later (without generating new key pair).
Channel private keys and private message keys were using MD5
hash function, which is actually wrong. The code was
supposed to use SHA1 which is the mandatory hash function in
SILC. This version changes this and for this reason you may
experience some problems using channel private keys and
private message keys together with older client versions.
Make sure you and your friends are running latest client
version to avoid problems. This is inconvenient, but was a
must fix.
Changes between 0.9.9.1 and 0.9.10
==================================
* Removed 1.0 protocol backwards compat code from client
library.
* Changed the channel private key and private message
key generation (with static keys) to use SHA1 instead
of MD5, as SHA1 is the mandatory hash function in SILC.
* Changed the private key file encryption to use SHA1
instead of MD5. Added support for the old generation
and added automatic change of the key (to be removed
later).
* Format CMODE +c and +h to display both the mode and
the argument.
* Added support for inviting and banning by public key.
* Added support to set and use specific public key in
CUMODE.
* Changed the private_message and channel_message client
operations to deliver the SilcMessagePayload to the
application too. Application can use it fe. to get
the signature from the message for verification.
* Added more reliable check for whether nickname did
change or not, or whether only Client ID changed in
NICK_CHANGE notify.
* Set realname and hostname in NICK_REC records.
* Display signature verification result in public and
private messages using theme abstracts.
See irssi/default.theme for examples of their usage.
* Verify signature payload for signed messages.
* Added ignore_message_signatures setting which can be
used to ignore signatures in messages.
* Fixed fingerprint/babbleprint showing in invite and
ban list command replys.
* Fixed founder key sending in CMODE command.
* Fixed bugs in Irssi's theme parsing.
|
|
Changes between 0.9.8 and 0.9.9.1
=================================
* Updated protocol version to 1.2.
Clients and servers with support for 1.1 are not compatible with the new
protocol!
* Added -no-listener option to FILE SEND command, Renamed FILE RECEIVE
to FILE ACCEPT.
* Added idle and signon fields to the ATTRIBUTE_SERVICE attribute to
indicate the user's current idle and signon time of a service.
* Added MAC field to the Private Message Payload to protect against
chosen ciphertext attacks.
* Added support for normal client to kill its own entries from the network.
* Added ERR_UNSUPPORTED_PUBLIC_KEY and ERR_OPERATION_ALLOWED status types.
* Defined the SILC_MESSAGE_FLAG_SIGNED.
* Defined that all public keys sent in commands and notify payloads are
actually Public Key Payloads not raw public key data.
* Compute maximum padding for authentication packets to make passphrase
approximation attacks impossible (padding must be at least 8 bytes now).
* Added support for rekey before 2^32 sequence number wraps.
* Added Encrypt-Then-MAC order to Channel Message Payload MAC generation.
* Added Encrypt-Then-MAC order to SILC packet MAC generation. Deprecated
the old Encrypt-And-MAC order.
* Added expando $j which expands to current SILC Client version
* SILC_UMODE_GONE changes are now propagated correctly to the client.
* Print "nick now appears as newnick" and update nicklist when you
change your nick to "nick".
* Added support for setting FOUNDER mode on channel with specific public
key which can be set with CMODE command.
* Unified the Channel Message Payload and Private Message into one
Message Payload.
* UTF-8 decode topics also in JOIN command reply and TOPIC_SET notifys
in client.
* Added support to client sending new BAN and INVITE commands. Display
INVITE and BAN lists as specified by SILC 1.2
* Merged with Irssi 0.8.6.
* Added library versioning for shared libraries.
* Do reverse lookups for server when /CONNECT-ing.
* MARS support is now gone.
* Fixed PING command sending in client library and handling in server.
The server ID must be ID Payload, not raw ID data.
* Fixed example in /HELP KEY
* Fixed the client to correctly shutdown the client library to avoid
memory leaks.
* Fixed few double frees from client library.
|
|
Changes between 0.9.5.1 and 0.9.8
=================================
* Added STATS command.
* Added Requested Attributes support.
* Added -details option to WHOIS command to support the requested
attributes. By default it requests all attributes.
* Added implementation of VCard (RFC 2426) which can be used as
part of Requested Attributes in WHOIS command.
* Added ATTR command which is used to manage user's Requested
Attributes sending and values for WHOIS command.
* Added support for saving the requested attributes in WHOIS to
directory.
* Added support for auto-passphrase authentication from the config
file during connecting which was not implemented yet.
* Added shared library complation support.
* Added support for encrypted private key files. Now passphrase
must be provided when new key pair is created and prompted when
loading the private key.
* Added -P option which can be used to change the passphrase of
the private key.
* UTF-8 decode the topic in TOPIC command reply and LIST command
reply.
* Added manpage for silc(1).
* Fixed string formatting crashbug in lib/silccore/silcattrs.c
* Fixed double free in RSA public key set function.
* Fixed a bug in authentication protocol failure handling which
was processing wrong callback context.
* Merged DISCONNECT fix, and autoconn port fix from Irssi CVS.
* Merged c0ffee's /set heartbeat patch and fixed the heartbeat
sending.
* Fixed connection closing in client library to not crash.
* Fixed the INVITE command to not crash client when given without
nickname argument.
|
|
changes in the silc-client package:
===================================
- upgraded to 0.8.6
- separate PLIST files for perl support and crypto modules
- make it compile on Solaris
- minor cleanups
changes in the silc-client since 0.8.3:
=======================================
* Merged irssi crash fixes on /QUIT.
* Fixed a bug in library where sending a bogus authentication
payload would lead to a crash.
* Do not check public key types in SKE during rekey.
* Fixed the Irssi SILC Client to use the silc_get_username and
silc_get_real_name insted of glib routines since the glib
routines only corrupt stack. Fixes the Irssi SILC to work in
Cygwin.
* Fixed the Irssi to not use g_get_home_dir since it crashes
or returns garbage on cygwin and corrupts stack. Added function
get_home_dir to Irssi routines.
* Fixed the KICKED notify handling in client library to
correctly remove the channel and all entries from the
channel when I was kicked. This bug crashed the client.
* Fixed yet another but in KICKED notify handling to remove
the kicked client correctly from the channel.
* Fixed the lib/silcmath/Makefile.am to include the MPI and GMP
sources correctly to distribution. Fixes --with-gmp option.
* Removed the manual rehashing from ID Cache, and changed it
to use the SILC Hash Table's auto rehash feature.
* Fixed a bug in the silc_client_nickname_format function that
handles the multiple same nickname formatting. Two clients
with same nickname caused problems after the first one left
and rejoined. It didn't format the nickname correctly.
Changes contributed by Lubomir Sedlacik <salo@xtrmntr.org> in PR 16611
|
|
* Merged Irssi 0.8.2 from irssi.org CVS.
* Fixed the USERS command reply to save the user's mode on the channel
as well.
* Fixed JOIN command reply to check whether a client is on channel
already and not join it twice.
* The user mode (like server/router operator changes) is now shown on
the Irssi SILC client's statusbar.
* Fixed -S option parsing in Irssi SILC Client. Contents of key files
are shown again correctly.
Patch submitted by Lubomir Sedlacik <salo@xtrmntr.org> in PR 15886.
|
|
Contributed by Lubomir Sedlacik <salo@xtrmntr.org> in PR 15772.
Changes:
- added support for optional perl support to Makefile
- added PLIST.perl for package with perl support enabled
- updated MASTER_SITEs
- updated patches
This version introduces the new Irssi-SILC client which is based in the new
Irssi 0.8.1 version. In addition of being entirely new irssi base this
version also introduces the perl scripting support. With this scripting
support it is possible to create scripts that introduce new features and new
commands. It is also possible to create a bot with it.
The client config file has changed too. The old "silc.conf" (which was the
silc specific config file) is now gone, and the "config" (which was the irssi
specific config file) is now renamed as silc.conf, and includes both silc
stuff and irssi stuff. So, after installing this new client I suggest
removing the old silc.conf file since otherwise when you run the new client it
will yell you about the config file. Be warned.
When you look at the new silc.conf config file you will see settings like,
"crypto_default_cipher", "crypto_default_hash" and "crypto_default_hmac".
These are the silc specific settings and you can freely edit them (or use
/SET command) to include what ever value you prefer. The default values
should fit to all since they are the SILC protocol default ones. Anyway,
they are editable if you want to edit, but you don't need to edit them.
New commands that this new client introduces is for example /STATUSBAR.
With this command you can manage the different bars on the screen. Like,
whether to show topic bar or not etc.
most significant changes in silc-client since version 0.7.6.2:
* Fixed CUMODE_CHANGE notify handling to change the mode of correct client
* Allow zero length channel messages inside the Channel Message Payload
* The silc_cipher_register, silc_hash_register and silc_hmac_register now
checks if the object to be registered is registered already
* Merged the new SILC Config library, with the server parsing support.
Read the header file silcconfig.h or the toolkit documentation for the
news.
* Added new Passphrase and Publickey authentication methods to config file,
allowing both public key and passphrase based authentication to be set at
the same time.
* Added `prefer_passphrase_auth' setting in config file which can be used to
set to prefer passwd auth if both passwd and public key is set. If not set,
public key is preferred. This has effect only when being initiator
(responder will try both anyway).
* Added support for authentication with passphrase and public key at the same
time. The passphrase is tried first always since it is faster to check.
* Fixed the public key authentication to allocate always the destination
signature buffer instead of using static buffer.
* Add the client on channel after it was resolved at the channel message
receiving, and it was not already on the channel.
* Fixed command line parameter handling. All SILC initialization is now done
in silc_core_init() which also fixes autoconnecting to servers.
* Rewrote the notify handling in Irssi SILC client to not call the events as
signals. Fixes problems with Perl support.
* Send the auto-nicking NICK command in client library with little timeout
after connecting.
* Fixed padding problem in PKCS#1. The padding was not actually random since
the random number generator was used incorrectly. This security bug affects
only when encrypting with PKCS#1, and it is not currently used at all in
SILC. SILC only use signing with PKCS#1.
* Fixed a NICK change bug in client library, to not recreate the
client_entry->channels hash table everytime nick is changed.
* Fixed NICK change printing in Irssi SILC Client. Fixed KICKED notify
printing in Irssi SILC Client.
* Fixed the lib/silcsftp/sftp_fs_memory.c to use silcutil routines instead
of calling directly OS routines.
* Added proper initializations to silc's irssi code, so it's now possible
to load it as module.
* Added silc_schedule_reinit function to do the enlarging of the max tasks
handling capabilities of the scheduler.
* Added `prefer_ipv6' argument to the functions
silc_net_gethostbyname[_async]. If it is TRUE it will return IPv6 address
over IPv4. If FALSE IPv4 address is returned even if IPv6 address was
found.
* Added support silc_net_create_connection[_async] to fallback to IPv4
address if IPv6 address could not be used (like if it doesn't work on
a specific system).
|
|
- Fixed a bug in hash table tarversing.
- Fixed private message handling.
- Fixed the channel message payload decryption in the function
silc_channel_message_payload_decrypt to not modify the original
buffer before it is verified that the message decrypted correctly.
Otherwise, next time it is called with correct channel key it won't
encrypt since the payload is corrupted.
- Fixed SILC_LOG_ERROR and SILC_LOG_WARNING
- Fixed the event_mode CMODE handler to not crash when mode is changed
and +k mode is set in the channel.
- Added SILC_CLIENT_FILE_KEY_AGREEMENT_FAILED file transfer error than can
occur while key agreement protocol.
- Fixed the file transfer's key agreement payload to include zero port
also if the hostname is NULL because it could not be bound.
- Call file transfer monitor callback now also if error occurs during key
agreement protocol.
- Check that the file exists locally before sending the file transfer
request at all.
Patch contributed by Lubomir Sedlacik <salo@xtrmntr.org> in PR 15630.
SSH Secure Shell 3.0.0 (Build 199)
Copyright (c) 2000-2001 SSH Communications Security Corp - http://www.ssh.com/
This copy of SSH Secure Shell is a non-commercial version.
This version does not include PKI and PKCS #11 functionality.
This program uses RSA BSAFE® Crypto-C by RSA Security Inc.
Last login: Mon Feb 18 00:10:56 2002 from pd9eb5184.dip.t-
NetBSD 1.5.2 (SMAUG) #9: Tue Sep 18 17:12:07 MEST 2001
*** Welcome to smaug.fh-regensburg.de! *** , ,
/( )`
This machine is hooked up to the net to support \ \___ / |
development and evaluation of NetBSD. /- _ `-/ '
Unauthorized access is ILLEGAL! (/\/ \ \ /\
Welcome to / / | ` \
NetBSD V1.5 O O ) / |
Administration: Hubert Feyrer \ `-^--'`< '
<feyrer@smaug.fh-regensburg.de> (_.) _ ) /
`.___/` /
`-----' /
--- NOTICES --- <----. __ / __ \
within the next week. Note <----|====O)))==) \) /====
access to serial console is <----' `--' `.__,' \
revoked! | |
011008 - Broken RAM module removed, \ / (FL)
NetBSD 1.5.2 kernel booted. ______( (_ / \_____
Sorry for the downtime! ,' ,-----' | \
`--{__________) \/
smaug% screen -x bsd3
drwxr-xr-x 3 feyrer cvs 512 Feb 18 00:04 patches
yui# Als
Als: Command not found.
^O^R
^@^@P^@^@^@ ^@^@^@^H^@^@^@þB^BI@^A
^F^@þB^B¼o@^A
^A
þB^BÒo@^A
È^A
þB^BÄo@yui#
yui#
CVS/ Makefile PLIST distinfo.orig
DESCR Makefile.orig distinfo patches/
yui# o@B
o@B: Command not found.
yui#
yui#
yui#
CVS/ Makefile PLIST distinfo.orig
DESCR Makefile.orig distinfo patches/
yui# pwd
/disk1/cvs/pkgsrc/chat/silc-client
|
|
changes in the package:
- patch-ab is no longer needed, integrated into distribution. patch-ac has
been moved in it's place
- minor change in Makefile, long transscription of ${PKG_SYSCONFDIR} was
changed into one variable
- patch-aa was modified to follow change in Makefile.in
changes in the silc-client:
0.7.3: This version fixes the NICK command to always give the unformatted
nickname, instead of possibility of formatted nickname, fixes the
GETKEY command to save the public key to correct filename, and to
first resolve the client information and server information only if
client was not found. The public keys are now (when connecting to
server for first time) saved with using the IP address of the server,
instead of the hostname of the server. The old hostname format is
used as a fall back method if the IP address based filename could
not be found.
Submitted by Lubomir Sedlacik <salo@Xtrmntr.org> in PR 15380
|
|
|
|
- cleaned up CONFIGURE_ARGS
- revised patches/patch-aa to follow change in the Makefile.in
- removed post-configure target from Makefile, fix to this issue has been
moved into patches/patch-ac file (inspired by chat/irssi package, thanks to
mutru!)
Update submitted by Lubomir Sedlacik <salo@xtrmntr.org> in PR 15147
|
|
Patches submitted by Lubomir Sedlacik <salo@silcnet.org> in PR 14892
Changes in the silc-client package:
- upgrade to silc-client package, version 0.7.1
- minor changes in the MASTER_SITES variable
- patch-ab was removed, it has been integrated into main distribution,
patch-ac was moved in its place so patches/patch-ac is no longer needed
Changes in the silc-client-0.7.1:
- various serious fixes in /whois, /join, /away, /key, /file, /list, /kick,
/msg, /nick commands
- fixed problem with allocation of 0 bytes when encoding payload
|
|
patch submitted by Lubomir Sedlacik <salo@xtrmntr.org> in private mail.
|
|
Client for the Secure Internet Live Conferencing (SILC)
Submitted by Lubomir Sedlacik <salo@Xtrmntr.org> in PR 14543
|