Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
|
|
1.1.6:
This version fixes a rekey timeout crash.
1.1.5:
This release fixes the KILL command and disconnection related
problems.
1.1.4:
This version fixes 64-bit alignment issues.
1.1.3:
This version fixes several crashes, a WATCH command busy-loop, QoS
rate limit handling, and many other bugs.
1.1.2:
This version fixes a possible buffer overflow.
1.1.1:
This version fixes a crash related to processing of NEW_CLIENT
packets.
1.1:
This version was ported to the new SILC Toolkit 1.1. Support for
dynamic router connections and HTTP statistics back end were added.
Support was added for the upcoming SILC Protocol version 1.3 and
SILC Public Key version 2. Other major bugfixes were also made.
1.1beta4:
This version fixes public key authentication as responder, OPER
and SILCOPER public key authentication, and other minor bugs.
1.1beta3:
This version fixes a CTR mode rekey crash and other CTR mode issues.
1.1beta2:
This beta release fixes many crash bugs.
|
|
From Zafer Aydogan in PR 37308.
|
|
the owner of all installed files is a non-root user. This change
affects most packages that require special users or groups by making
them use the specified unprivileged user and group instead.
(1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
unprivileged.mk. These two variables are lists of other bmake
variables that define package-specific users and groups. Packages
that have user-settable variables for users and groups, e.g. apache
and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER}
and ${UNPRIVILEGED_GROUP}.
(2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
|
|
|
|
Changes:
This release fixes a small problem with parsing the 1.3 protocol version
string correctly. Clients that conform to the 1.3 protocol will not be
able to connect to a SILC server that isn't running this version.
|
|
|
|
Changes:
- Fixed a denial of service vulnerability: If invalid hmac or cipher
was specified on joining a channel, server crashed.
Upgrading is recommended.
|
|
Patch provided by Sergey Svishchev in private mail.
|
|
set OVERRIDE_DIRDEPTH to find any libtool scripts deeper in the WRKSRC
tree unless they're named something other than "libtool".
SHLIBTOOL_OVERRIDE generally doesn't need to be specified either -- just
define it to the empty list and shlibtool-override will look for libtool
scripts.
|
|
syntax as specified in pkgsrc/mk/install/bsd.pkginstall.mk:1.47.
|
|
INSTALL/DEINSTALL script creation within pkgsrc.
If an INSTALL or DEINSTALL script is found in the package directory,
it is automatically used as a template for the pkginstall-generated
scripts. If instead, they should be used simply as the full scripts,
then the package Makefile should set INSTALL_SRC or DEINSTALL_SRC
explicitly, e.g.:
INSTALL_SRC= ${PKGDIR}/INSTALL
DEINSTALL_SRC= # emtpy
As part of the restructuring of the pkginstall framework internals,
we now *always* generate temporary INSTALL or DEINSTALL scripts. By
comparing these temporary scripts with minimal INSTALL/DEINSTALL
scripts formed from only the base templates, we determine whether or
not the INSTALL/DEINSTALL scripts are actually needed by the package
(see the generate-install-scripts target in bsd.pkginstall.mk).
In addition, more variables in the framework have been made private.
The *_EXTRA_TMPL variables have been renamed to *_TEMPLATE, which are
more sensible names given the very few exported variables in this
framework. The only public variables relating to the templates are:
INSTALL_SRC INSTALL_TEMPLATE
DEINSTALL_SRC DEINSTALL_TEMPLATE
HEADER_TEMPLATE
The packages in pkgsrc have been modified to reflect the changes in
the pkginstall framework.
|
|
|
|
automatically detects whether we want the pkginstall machinery to be
used by the package Makefile.
|
|
Changes:
- fix compilation on non-i386 (or non-gcc) systems
|
|
Changes:
- Fixed crashbug in key exchange, authentication and rekey protocols.
- Fixed channel private key mode remove bug.
- Fixed statistics temp file creation in debug mode.
- Other bugfixes were also made.
|
|
CONFIGURE_ARGS.
|
|
example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some
other changes are outlined in
http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html
|
|
- fix insecure file creation in /tmp, patch from silc cvs
the impact of this issue is very low. it allows an attacker to overwrite
arbitrary files owned by the user running silcd ("silcd", in pkgsrc) IFF
the owner of the process or root send SIGUSR1 signal to the process to dump
stats. the only file owned by the "silcd" user is typically the log file
which resides in a directory inaccessible by anyone except the user itself
and root so the potential attacker would need to guess its name.
http://www.zataz.net/adviso/silc-server-toolkit-06152005.txt
please note that the advisory also incorrectly states that silc-toolkit is
vulnerable too. the code in question is never compiled in the toolkit so
it's not affected.
Bump PKGREVISION.
|
|
backslashes anymore. A single backslash is enough. Changed the
definition in all affected packages. For those that are not caught, an
additional check is placed into bsd.pkginstall.mk.
|
|
Changes:
1.0:
====
Only minor bugfixes were made to the previous version.
- Fixed channel public key list saving on backup router on JOIN
command reply.
- New optimized logging.
0.9.21:
=======
A small bugfix release.
- Added default limit how many channels one client can join (50).
- Added missing getopt.[ch].
- Fixed compilation with pkg-config files
0.9.20:
=======
A bugfix release to the SILC Server. In addition of various bugfixes,
this version now also includes new math library that from now on will be
included in all SILC distributions.
- Added more liberal channel names from the previous more stricter
identifier string change.
- Added SERVICE command to server, though services aren't supported yet.
- Fixed MOTD command to send empty reply if motd does not exist.
- Fixed LIST command.
- Fixed query to stop if client goes away.
- Added pkg-config check to the configure.
- Several other bugfixes were made.
|
|
|
|
Changes:
- convert to options.mk
0.9.19p1:
=========
A little update with this 0.9.19p1. After such a major release problems
were expected and the p1 fixes some crashes. Upgrade strongly
recommended.
0.9.19:
=======
And after a long break new SILC Server is out. This version finalizes the
SILC protocol version 1.2 development and introduces UTF-8 nicknames, channel
names, usernames and host names. It is now possible to create practically any
kind of nicknames and channel names. Practically all letters, numbers and
punctuation marks are supported. Special characters, control characters and
various odd symbol characters however are not allowed. Several minor and
major bugs has been fixed as well. Upgrading is strongly recommended. Old
clients that does not yet support UTF-8 encoded nicknames and channel names
are still able to connect and function normally as long as they do not need
to handle odd UTF-8 encoded names.
- Added support for UTF-8 encoded identifier strings, such as nicknames
and channel names.
- Fixed founder mode handling on JOIN on normal/backup on empty
channels.
- Fixed WATCH command handling on backup router.
- Fixed WATCH command announcing. The WATCH and SILC Gaim buddy list
should work better now.
- Simplified INVITE and BAN string handling in server. Announcing
INVITE and BAN strings should work more reliably now.
- Fixed several bugs from the backup and resuming protocol.
- Fixed, hopefully, all the wrong server statistics numbers.
- Fixed CLOSE command to handle backup routers correctly.
- Fixed various detaching and resuming bugs.
- Fixed announcing to not announce unregistered (ghost) clients.
- Fixed reconnect_keep_trying and QoS settings in server config files.
- Several other bugfixes were made.
|
|
|
|
under share/examples/rc.d. The variable name already was named
RCD_SCRIPTS_EXAMPLEDIR.
This is from ideas from Greg Woods and others.
Also bumped PKGREVISION for all packages using RCD_SCRIPTS mechanism
(as requested by wiz).
|
|
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
|
|
|
|
- Rework where silc-server is installed, make it consistent with silc-client
changes.
- Minor cleanups.
|
|
|
|
Changes:
0.9.18:
=======
Upgrade release because of couple serious bugs in the 0.9.17. Especially
backup router had stability problems with 0.9.17. This was due to a rekey bug
when performing rekey with PFS, and because of another bug it caused the
backup (and other servers too) to crash. If you are running a normal server
or backup router then ugprading is strongly recommended. If you are running
any kind of server with PFS enabled in rekey, upgrading is recommended.
- Fixed protocol completion handling in connection closing.
- Fixed rekey with PFS to work on backup with disabled connections.
- Fixed CMODE command reply to return the user limit correctly.
- Fixed the watch notify to be called for resuming clients.
0.9.17:
=======
- Implemented the user limit to the CMODE_CHANGE notify and to the CMODE
and JOIN command replies, as defined in the new protocol specs.
- Implemented the public key support to WATCH command, as defined in
the new protocol specs.
- Added asynchronous connecting to remote router/server.
- Fixed the WHOIS public key deleting.
- Several other bugfixes were also made.
|
|
|
|
relative to ${WRKSRC}. Remove redundant LIBTOOL_OVERRIDE settings that
are automatically handled by the default setting in bsd.pkg.mk.
|
|
Changes:
- Added public key based search support to WHOIS command. Users can be
searched by their public key now. To search users by public key using
SILC Client, do the following (see the /HELP WHOIS for revised help
information on searching by public key):
To search nickname 'nick' that has the specified public key, give:
/WHOIS nick -pubkey /path/to/the/public_key.pub
To search all usesr that has the specified public key, give:
/WHOIS -pubkey /path/to/the/public_key.pub
- Removed RC6 cipher.
- Fixed the MOTD command to work properly. Motds can now be fetched from
remote servers.
- Fixed the INVITE string handling during joining to use correct server
name. Invite strings such as *@sauna.silcnet.org!*@*foobar.com now
works.
- Fixed the CUMODE for founder mode work correctly when there is already a
founder on channel. Normal server cannot anymore "replace" a founder
which is founder on router (even if authentication works). User on
router can "replace" founder that is on normal server assuming
authentication is successful.
- Fixed UMODE mode change bug when anonymous mode was already set. Now
modes can be changed normally.
- Minor fixes to backup router protocol. Some problems may still exist
and testing this feature is recommended.
- Improvements to router-to-router connections. Normal communication
should work. NOTE: This is experimental and you can expect problems
if you set up such network.
- Several other bugfixes.
|
|
This release focuses especially fixing the remaining MAC failed errors that
people have been experiencing and the infamous Error in select() error which
should now finally be gone. Upgrading is strongly recommended.
Changes:
- Fixed KICK command to not send the command reply twice.
- Fixed the QoS unregistering to avoid the errors in select() for invalid
socket connection.
- Fixed the rekey protocol timeout handling
- Fixed the packet processing to avoid clearing QoS data underneath the QoS.
|
|
This version is a major upgrade release and everyone running older version is
strongly recommended to upgrade to this version. This version introduces
several bugfixes, security fixes and bunch of new features. This also
completes the development work for the SILC protocol version 1.2.
Changes:
- removed patch-ac, merged into distribution
- create server keys with strict permissions
0.9.14:
=======
- Several bugfixes and security fixes were made. A major remote exploit
was also fixed.
- The SILC Server now ignores SIGXFSZ and SIGXCPU signals which will
terminate the process if they occur. They can occur in poorly
configured environment.
- Fixed SERVER_SIGNOFF notify handling which caused ghosts to remain in
the network.
- Fixed inviting and banning by public key. Fixed invite and ban string
handling. Implemented SILC 1.2 complying invite and ban data
distribution between routers and servers. To also comply with SILC 1.2,
prohibited using '@' and '!' characters in invite and ban strings.
- Support for channel public keys added. A new feature in SILC 1.2, that
allows join authentication using digital signatures. Use the latest
SILC Client to take advantage of this feature.
- Support for SILC 1.2 backup protocol. This version introduces rewritten
version of the backup router protocol. The purpose of the backup router
protocol is to prevent servers from splitting from the rest of the SILC
network if the primary router becomes unresponsive. There are no
changes to the configuration of the backup router support, and old
configurations will work with this version too.
This version is now able to detect much better different network failure
situations and understand how to work with them. The servers are now
able to actually detect when the backup router can/must be used. They
are also able, in case of error in backup router protocol, to resume
back to either to the backup router or to the primary router, and always
recover from desyncs automatically (usually within 60 seconds).
- Support for command reply error arguments was added. This allows
clients to better handle error conditions within command execution.
- The founder public key distribution now complies with the SILC 1.2.
|
|
USE_PKGINSTALL is "YES". bsd.pkg.install.mk will no longer automatically
pick up a INSTALL/DEINSTALL script in the package directory and assume that
you want it for the corresponding *_EXTRA_TMPL variable.
|
|
|
|
dependency bumps.
|
|
Changes:
- Fixed EOF handling in SILC Config.
- Do not send full INVITE and BAN lists in INVITE and BAN
notifys, only the changed information.
- Fixed INVITE notify sending in INVITE command, send it
only when needed.
- Handle the founder key change properly in CMODE_CHANGE
notify. Bug #122.
- Remove the mark for output (mark it only for input) after
purging outgoing queue. Prevents the "Error in select()"
floods.
- Check server private key file permissions before starting
the server.
- NULL terminate allocated string in silc_buffer_strformat.
- Rewrote the invite/ban list string handling in server to
use SilcBuffer instead.
- Fixed double free in CMODE command when setting new HMAC
for channel.
- Added couple of missing memset's to zero sensitive memory.
|
|
have it be automatically included by bsd.pkg.mk if USE_PKGINSTALL is set
to "YES". This enforces the requirement that bsd.pkg.install.mk be
included at the end of a package Makefile. Idea suggested by Julio M.
Merino Vidal <jmmv at menta.net>.
|
|
- use SHLIBTOOL_OVERRIDE instead of LIBTOOL_OVERRIDE, the ugly
static libraries hack is now gone.
Changes from 0.9.11 to 0.9.12
=============================
* Added macros SILC_SWAB_[16|32] to swab byte order of
16-bit and 32-bit unsigned integers.
* Use the SILC_SWAB_16 instead of htons() in server when
handling ports since the ports in structures are always
in little-endian order (regardless of platform).
* Send DISCONNECT in close admin command in server.
* Check whether we are already connecting to a remote router
(in addition of checking whether we are already connected)
before creating new connection.
* Check that socket is valid after QoS is applied to data.
* Make sure the socket connecetion is not closed to early
when closing connection in server. Also make sure the
connection is always closed after error in a protocol.
* Fixed server crash with double Primary block in config file.
* Fixed various memory leaks around the config file parser.
* Fixed a double free in INVITE command error handling in
server.
|
|
IMPORTANT NOTE: This version does not include backwards support
for the old style SILC private key so if you
skipped 0.9.10 version you won't be able to run
this server without generating new key pair.
Changes from 0.9.10 to 0.9.11
=============================
* Workaround GCC bug which causes memory exhaustion when
compiling sha1 with optimizations on UltraSPARC. from openbsd
* Added some sanity checks in server for correctness of the
server configuration.
* More log printing during backup router protocol.
* Removed backwards support for old private key file format.
* Removed backwards support for not-so-strict decryption length
check, it's strict now.
* Fixed error handling of invalid client entry when calling
commands in server. Fixes a crash.
* Fixed double free in async host lookup code.
* On backup router handle now the SERVER_SIGNOFF from router
for local connected servers too, and close the connections.
Do not process them as normally signing off servers when they
really signoff by sending EOF fe, but always assume that
router sends the SERVER_SIGNOFF.
* Fixed socket unsetting when closing connections.
* Fixed close command to use the port correctly when closing
server connections.
* Check for NULL outbuf in silc_socket_write. It is possible
that it is NULL is some odd case.
* Do not call final protocol callback for backup router
resuming protocol when closing connection. It is closed
by timeout in case of error.
* Backup reconnect to router if backup resuming protocol failed.
* Fixed double free in SKE library error hadling when signature
error occurred.
* Fixed double free in invite list adding code when adding
invite strings.
|
|
The private key file format has changed due to a bug in the
older code. When you run this server version it automatically
changes your private key file to the correct format.
The future versions of the SILC Server will not do that, so
do not skip this version or you will need to generate new key
pair after 0.9.11 is released.
Also backup router bugs was fixed which caused several
interesting decryption problems, so upgrading regardless
if you are runinng normal server, backup router or primary
router is strongly recommended.
Changes from 0.9.9.1 to 0.9.10
==============================
* Added the config directive PublicKeyDir for the client
block.
* Extended the SILC_SERVER_LOG_ERROR macro to all available
logging channels.
* Load only files with .pub suffix in PublicKeyDir.
* Fixed a typo in resuming code that fixed detach/resume
code in server.
* Fixed CMODE setting in server when founder mode was set.
* Fixed wrong invite and ban list handling in server command
reply.
* Fixed CUMODE founder authentication in server to not check
for client's public key since it's not supposed to do that.
* Fixed backup router bugs: When backup resumes router and
receives a CHANNEL_MESSAGE packet the backup must not act
as router since the packet header decryption would be
different. Also, when relaying packets to channel, do not
re-encrypt packets on backup that came from the primary
since the connection isn't really router-router connection.
|
|
Changes from 0.9.8 to 0.9.9.1
=============================
* Updated protocol version to 1.2.
Clients and servers with support for 1.1 are not compatible with
the new protocol!
* Print notify for server opers when backup router comes online.
* Resolve the client's public key in JOIN command if the founder auth
data is being requested but we don't know the client's public key.
* Added idle and signon fields to the ATTRIBUTE_SERVICE attribute to
indicate the user's current idle and signon timeof a service.
* Added MAC field to the Private Message Payload to protect against
chosen ciphertext attacks.
* Defined the SILC_MESSAGE_FLAG_SIGNED.
* Added ERR_UNSUPPORTED_PUBLIC_KEY and ERR_OPERATION_ALLOWED status
types.
* Added support for normal client to kill its own entries from
the network.
* Compute maximum padding for authentication packets to make
passphrase approximation attacks impossible (padding must be at
least 8 bytes now).
* Added support for rekey before 2^32 sequence number wraps.
* Added Encrypt-Then-MAC order to SILC packet MAC generation.
Deprecated the old Encrypt-And-MAC order.
* Added Encrypt-Then-MAC order to Channel Message Payload MAC
generation.
* Added support for setting FOUNDER mode on channel with specific
public key which can be set with CMODE command.
* Don't wait for EOF after socket error has occurred, but close the
connection.
* Assure the RESUME_CLIENT packet is not sent to twice to backup
router if the detached client was originated from the backup.
* Added support for removing client from invite list when kicked
from channel, as SILC 1.2 dictates.
* Added support for the SILC 1.2 BAN and INVITEcommands and new
ban and invite lists to server.
* Remove client from invite list in KILLED notify and in KILL
command.
* Do not send invite list back unless asked (when sending no
arguments) or when list was modified.
* MARS is now gone.
* Added manual pages for silcd(8) and silcd.conf(5).
* Fixed WATCH command reply handling on normal server which was
missing altogether.
* Fixed double free in WHOIS query on normal server when forwarding
query to router.
* Fixed MOTD command reply sending.
* Fixed the INVITE command to send the invite list in command reply.
* Fixed PING command sending in client library and handling in
server. The server ID must be ID Payload, not raw ID data.
* Fixed NICK command to not crash if nickname was not sent.
* Fixed channel's global_user boolean checking after detaching.
Check it after changing the owner of the client not before.
* Fixed channel key distribution after resuming detached client.
* Fixed memory leaks with SIMs in server.
* Fixed bugs in invite list handling in INVITE command.
|
|
Changes from 0.9.5 to 0.9.8
===========================
* Added support for aborting automatically pending commands
that never receives the reply (to avoid memory leaks).
* Added support for removing explicitly added client connections
in rehash and closing the client connections if they were
unconfigured in the rehash.
* Rewrote WHOIS, WHOWAS and IDENTIFY commands in the server.
* If packet processing fails (like integrity check fails)
the connection is closed now.
* Normal server now reconnects to backup router automatically
if connection is lost to it.
* Added support for replying on behalf of the user to the
Requested Attributes in WHOIS command in the server.
* Failed OPER and SILCOPER authentications are now logged.
* Added sort-of "Quality of Service" (QoS) support. Data
reception can be controlled with rate limit per second
and/or read data length limit.
* Added support for encrypted private key files. Now passphrase
must be provided when new key pair is created , and prompted
when loading the private key.
* Resumed client packet handling from server put the resumed
client on wrong list on router and caused the client not be
present on the network anymore.
* Various cleanup in error message output in config parsing code
and in server init code. Fixed error log files containing too
many newlines in some situations.
* Assure that channel key is set before sending it. May crash
server otherwise.
* Don't swtich to become primary router if we are backup if
decryption error has occurred.
* Fixed a bug in backup router IP address comparison
* Fixed a crashbug in incoming server accepting.
* Fixed packet decryption problem when backup router encrypted
channel message with wrong key during backup resuming protocol.
* Fixed memory leaks in server.
* Fixed channel key packet processing bug on backup router
during backup resuming protocol.
|
|
|
|
exists, then use it as the default value of DEINSTALL_EXTRA_TMPL or
INSTALL_EXTRA_TMPL.
|
|
buildlink->buildlink2
Main changes from 0.9.2 to 0.9.5
=================================
* Use the primary router as the origin of the locally connected server when
it is disconnecting from the backup router since that's where it really
is coming from. Now the clients from the disconnecting server are removed
correctly and "shadow" clients are not left to the backup router.
* If normal server is standalone and found existing but disabled channel, do
not re-create the channel since it creates duplicate same channels.
* Added anonymous client connections support to server. New "anonymous"
configuration option to ConnectionParams section added. If set to true,
the username and hostname information of the client will be scrambled and
anonymous user mode is set automatically to the user.
* In JOIN notify handling, mark that the cache entry of the client cannot be
expired. Can cause crashes on normal server (asserts client->channels).
* Added silcd configuration option Timestamp in the Logging section.
* Fixed fingerprint checking to check for entirely empty fingerprint instead
of two first bytes when determining if it is set.
* Remove server/router operator privileges in DETACH command, since it's
possible to resume to server where these privileges would not be allowed.
* Do not re-create channel keys and send them when removing clients in server
shutdown.
* Completed backup router support for standalone routers. Supports also
servers in the cell that do not use the backup at all. Server/router
operator now receives notify when network switches to backup router and
when it resumes the use of primary router.
* Added -D option to server. It can be used to give debug level. The levels
are from 0 - 99, and are predefined for smooth server debugging.
Patch submitted by Lubomir Sedlacik <salo@Xtrmntr.org> in PR 18278.
|