* Fixed CUMODE_CHANGE notify handling in server.
* Fixed USERS command to support empty channels.
* Check the watcher list before sending signoff notifys
when closing client connection.
* Added better CMODE command rights checking.
* Fixed watcher list checking during server signoff. It
crashed the server.
* The JOIN command reply returns now the founder's public
key.
* Announce the channel mode, and the mode properties with
CMODE_CHANGE notify.
* Mark new channels by default disabled, untill at least
one user joins the channel.
* The nickname argument to watch notify can be optional.
Fixes a crash in server.
* Check the watcher list before and after changing nickname
when the NICK_CHANGE notify is received.
* Added the founder's public key delivery to the
CUMODE_CHANGE notify type as well. Updated the protocol
specs and the code.
* Added support for sending the founder's public key in
the CMODE_CHANGE notify packet in the server.
* Changed the FOUNDER_AUTH authentication to use only
public key authentication as defined by new protocol
specs. Passphrase authentication with that mode cannot
be used anymore. It is now possible to reclaim founder
mode from any server in the network.
* Added permanent channels support by making the channel
permanent when FOUNDER_AUTH mode is set on the channel.
The channel will not be destroyed even if channel is empty
when that mode is set. Protocol TODO #17.
* Added BLOCK_INVITE user mode to be able to block incoming
invite notifications. Protoocol TODO #26.
* Disconnect Payload includes now the status type. Updated
the protocol specs and the code. Protocol TODO #25.
* Defined that the nickname hash in Client ID MUST be from
lowercase nickname. This effectively changes nicknames in
SILC to case-insensitive. Updated the protocol specs and
the code.
* Added new channel user modes BLOCK_MESSAGES_USERS and
BLOCK_MESSAGES_ROBOTS. Updated the protocol specs and the
code.
* Added support for watch list. It is possible to add nicknames
to be watched, and when they come to network, leave network
or user mode changes the watcher will be notified of this
change. Added SILC_COMMAND_WATCH command, added new
notify type SILC_NOTIFY_TYPE_WATCH to deliver the watch
notifications. Updated the protocol specs and implemented
this to library, client and server. Protocol TODO #21.
* Fixed a bug in the pid writing function, which couldn't be
written in a root-owned directory.
* Added detach_disabled and detach_timeout server config
options to the server.
* Defined that server receives WHOIS command reply for private
and secret channels too. Updated protocol specs and the
code in server.
* Defined <channel user mode list> argument to WHOIS command
reply for returning user modes on the channels. The
channel list now doesn't include the user mode anymore but the
actual channel mode. Updated protocol specs and the code in
client and server.
* Save the channels list in WHOIS command reply in normal server
so that WHOIS always shows joined channels also in normal
server and not just on router.
* Defined that server receives USERS command reply for private
and secret channels too. Updated protocol specs and the
code in server.
* Changed the UMODE's mode mask argument to be optional. If
not provided then the command merely returns the current mode
mask to the client.
* Added SILC session detachment/resuming support. It is possible
to detach by closing the network connection and then re-connect
and resume to the old client session. Added DETACHED user
mode that server will set for detached client. Added new
packet RESUME_CLIENT which is used to perform the resuming
process. Added DETACH command. Updated the protocol specs,
core library, client and server. Protocol TODO #22.
* Changed the CMODE's mode mask argument to be optional. If
not provided then the command merely returns the current mode
mask to the client. Updated protocol specs and the server.
* Added new user modes ANONYMOUS for special anonymous servers
that may set the mode for client, and BLOCK_PRIVMSG which
client may set to block incoming private messages unless the
Private Message Key flag is set (using private keys to protect
private messages). Updated protocol specs and code in client
and server and core library. Protocol TODO #23.
* Added new channel user mode BLOCK_MESSAGES which the client
may set to itself to tell server not send channel messages.
Other packets such as channel key packets are still sent.
Protocol TODO #23. Updated the protocol specs, client and
server.
* Fixed a bug in the fetch_logging() config callback.
* Drop root privileges when started in foreground. Don't drop them
if debugging also.
* Added STATS command to the protocol after all, to return
various statistical information about the network. It can
be used by clients to retrieve statistical information, and
servers may use it to to fetch cell and network wide
statistics from router. Updated the protocol specs and
implemented it to the server. Protocol TODO #16.
* Rewrote the version SKE version checking in client libary
and in server to use the silc_parse_version_string.
* Added two new channel modes: SILC_CMODE_SILENCE_USERS
and SILC_CMODE_SILENCE_OPERS which can be used to moderate
the channel. Updated protocol specs and impelemented this
to client and server. Protocol TODO #6.
* Deprecated all administrative commands from SILC protocol
since they are highly implementation specific commands.
Updated protocol specs. Moved the old commands in
implementations to private range of command types.
* Fixed a bug in server where sending unknown command crashes
the server.
* Fixed the rekey protocol with PFS, which was totally broken.
* Merged version 1.1.4 of zlib. Even if it not currently in use,
it's good not to have security holes here.
* Fixed a negative refcount situtuation for the config context.
Affected file is silcd/serverconfig.c.
changes in silc-server package:
===============================
- removed INSTALL file, don't generate server keys during installation,
if missing, generate them on server startup
Patch contributed by Lubomir Sedlacik <salo@Xtrmntr.org> in PR 16981
changes in silc-server package:
===============================
- upgraded to version 0.8.4
- added generic startup script for Solaris and Linux (i can't test it on
Darwin/Mac OS X because i don't have any.. please let me know if it works
for you. thanks)
You will need to copy ${PREFIX}/etc/rc.d/silcd to appropriate location in
your system and do neccessary actions to enable it.
e.g. Solaris: copy ${PREFIX}/etc/rc.d/silcd to /etc/init.d/ and make links
in /etc/rc2.d/, /etc/rc1.d/, /etc/rc0.d/.
changes in silc-server since 0.8.1:
===================================
* Fixed a bug in library where sending a bogus authentication
payload would lead to a crash.
* Fixed a bug in the fetch_logging() config callback.
* Drop root privileges when started in foreground. Don't drop them
if debugging also.
* Added better error logging in rekey protocol.
* Do not check public key types in SKE during rekey.
* Fixed the rekey protocol with PFS, which was totally broken.
* Fixed a negative refcount situtuation for the config context.
* Fixed memory leaks from config object.
* Added support for adding new connections to the server in rehash.
After rehash they take effect.
* Added support for changing the maximum allowed connections in
rehash. The number can grow but going smaller is not supported.
* Added preliminary checking during config parsing for a valid
public/private key and removed further checks in the code.
* Fixed silc_net_gethostbyaddr to correctly resolve by
address.
* Fixed the notify relaying to client. The HMAC to be used
with relayed packets ws wrong and caused decryption failure
at the client end.
* Fixed the silc_log_quick handling in the logging routines.
It didn't log quickly when it was TRUE. Also the flush delay
was set even if it was 0 in config file.
* Added support for changing key pair of the server in rehash.
* Fixed the TOPIC_SET notify to not crash. It changed the topic
too early, before getting the channel entry.
* Added rehash support. Added function silc_server_rehash() that
will perform all the basic tasks of the rehashing procedure.
* Added command line option `-x, --hexdump'. This will enable the
SILC_LOG_HEXDUMP calls that are no longer enabled with `--debug'.
The option `--hexdump' implies `--debug'.
* Fixed a bad bug in the logging APIs (silcutil library) where
the application would crash after calling silc_log_reset_all().
Contributed by Lubomir Sedlacik <salo@xtrmntr.org> in PR 16612
Lubomir Sedlacik <salo@silcnet.org> in PR pkg/16099, thanks!
Changes from 0.8 to 0.8.1
=========================
* IPv6 fixes. IPv6 should work without problems now.
* Fixed a minor bug in looking up correct client entry in KICKED notify
in server.
* Don't change the topic if olod topic is same as new one.
* Packet relaying is now done by router without any extra memory
allocations.
* Fixed the INVITE notify handling. It took wrong arguments as invite
list and invite delete.
* Added check for INVITE, TOPIC_SET, KICKED, CMODE_CHANGE notify types
that particular action is allowed by the client.
* Fixed a packet sending bug on very high load, where outgoing
packet queue wasn't handled correctly and packets got corrupted.
* Added checks for maximum length of channel message payload and private
message payload also.
* Added checks for maximum packet length in server and in client library.
* Added new configuration params: version_protocol, version_software
and version_software_vendor to specify what version the remote host
must at least be to be able to connect to server. The vendor string
can be regex matched too.
* Added new function silc_server_connection_allowed to check maximum number
of allowed connections, and allowed versions for incoming connections.
* Added logging of DISCONNECT packet message in the server.
* Check for valid socket connection in client entries before sending any
messages. Fixes a crash, but doesn't fix some other underlaying bug that
is lurking there.
* Added support for specifying multiple public keys for Client connection
section in server configuration file. This makes it possible to accept
multiple public keys from same host, or to make a section that accepts
any incoming host, and have the accepted public keys listed in the section.
* Added more error printing to logs in server code.
Patches contributed by Lubomir Sedlacik <salo@Xtrmntr.org> in PR 15779
Changes from 0.7.9 to 0.8:
==========================
* Removed 0.6.x backwards support.
* Added `prefer_ipv6' argument to the functions
silc_net_gethostbyname[_async]. If it is TRUE it will return
IPv6 address over IPv4. If FALSE IPv4 address is returned
even if IPv6 address was found.
* Added support silc_net_create_connection[_async] to fallback
to IPv4 address if IPv6 address could not be used (like if
it doesn't work on a specific system). Affected file in
* Added `user_count' to the SilcChannelEntry which now tells the
number of users on the channel. The user count is now saved
in normal server of global channels as well.
* Added following new config file settings:
channel_rekey_secs, key_exchange_rekey, key_exchange_pfs,
key_exchange_timeout, conn_auth_timeout, connections_max,
links_max.
Implemented all the new config settings handling in the server.
Optimized the use of SKE Mutual flag usage. Use it only
if connection authentication protocol is not based in public
key authentication.
* Added new configuration options and blocks:
keepalive_secs, reconnect_count, reconnect_interval,
reconnect_interval_max, reconnect_keep_trying and
require_reverser_lookup. Added ConnectionParam block, and
implemented the connection parameters when connecting as
initiator and when accepting connections as responder.
* Splitted the doc/example_silcd.conf.in. Separated the crypto
algorithm parts and created new file silcalgs.conf, that
is now included from the example_silcd.conf.in.
* Optimized the silc_server_connect_to_router_second to take
the connection configuration object from the SilcServerConnection
object instead of finding it during the connecting phase.
Added the configuration object to SilcServerConnection struct.
* Fixed the public key authentication to allocate always the
destination signature buffer instead of using static buffer.
* Added new Passphrase and Publickey authentication methods to
config file, allowing both public key and passphrase based
authentication to be set at the same time.
Added `prefer_passphrase_auth' setting in config file which
can be used to set to prefer passwd auth if both passwd and
public key is set. If not set, public key is preferred.
This has effect only when being initiator (responder will try
both anyway).
Added support for authentication with passphrase and public key
at the same time. The passphrase is tried first always since
it is faster to check.
* Merged the new SILC Config library, with the server parsing
support. Read the header file silcconfig.h or the toolkit
documentation for the news.
0.7.9: This time a lot of little bugs has been fixed and some major crashbugs
as well. Namely, I found problem in the hash table routine that could
have caused some really weird problems, and I've encountered such
problem at least in one core file earlier. Some additional desync
problems has been fixed as well, so if you are running a normal server
then upgrading is strongly recommended.
check full changelog at:
http://silcnet.org/txt/changes-server.txt
Patch submitted by Lubomir Sedlacik <salo@silcnet.org> in PR 15453
this release includes many patches which fix various problems ending in
crashing the server. upgrade is strongly recommended.
0.7.7: This server attempts to fix various crash bugs, for example one crash
relating to BAN command is fixed.
0.7.8: Another quick bugfix to fix the descync problems of normal SILC server
when it connects to SILC router. The descyning could happen if there
were a lot of channels, like we had on Sunday and Monday after being
slashdotted. Upgrading is strongly recommended if you are running
a server that is connected to a router. Took me only 6 hours to find
the problem...
Patch submitted by Lubomir Sedlacik <salo@silcnet.org> in PR 15416
changes in the package since 0.7.3 to 0.7.6:
- rewrite of package's Makefile. big parts of INSTALL and DEINSTALL scripts
were moved into Makefile itself
- silc-server now creates user silcd:silcd who run silcd by default
- INSTALL and DEINSTALL files are smaller and contains only neccessary
actions which cannot be executed from Makefile
- partial rewrite of rc script, added rcvar support, it is neccessary to have
silcd=YES in rc.conf now to start silc server (unless force is used)
- changed motd.txt to contain BSD daemon ;)
- updated patch-aa and patch-ab files
changes in the silc-server software since 0.7.3 to 0.7.6:
0.7.4: This version fixes a crash that can occur mainly on normal server.
Upgrading is recommended to avoid instability later. This version
also fixes the BAN and INVITE commands that were pretty much broken.
This version also disallows a situation where the nickname that server
sets initially for the client could be a bad nickname (like nick
including whitespaces). It used to be possible but now server checks
for this. Johnny also introduces a new logging system to this version
with log files being open all the time and not opened every time
something is logged, and log rotation support.
0.7.5: Hopefully fixed the most nasty bugs. I found bunch of weird bugs
that causes server syncing problems. Upgrading is strongly
recommended as soon as possible.
0.7.6: Only a minor bugfix release to fix the CUMODE command that allowed
non-founder channel users to remove modes of the founder, and to fix
GETKEY always return server's public key if it is requested, and to
fix the TOPIC_CHANGE notify to not route it twice to router.
Patch submitted by Lubomir Sedlacik <salo@Xtrmntr.org> in PR 15373
Patches sent by Lubomir Sedlacik <salo@silcnet.org> in PR 15079.
Changes in the silc-server package:
- update to the silc-server package version 0.7.3
- patch-ab is no longer needed--it has been integratedinto distribution,
patch-ac moved into its place
- complete release notes can be found at:
http://silcnet.org/txt/release-server.txt
- complete changelog can be found at:
http://silcnet.org/txt/changes-server.txt
Patch submitted by Lubomir Sedlacik <salo@silcnet.org> in PR 15013.
changes in the silc-server package:
- upgrade to silc-server package, version 0.7.2
- minor changes in the MASTER_SITES variable
- minor change in the DEINSTALL script not to print output from rc script
- removed the USE_NCURSES definition and added --without-ncurses configure
option not to link against -lncurses, this was really unwanted behavior
changes in the silc-server-0.7.2:
- fixed the server to router reconnection
- various fixes in password authentications in the server, authentication
payload and channels
- fixed silc_server_command_pending, this should fix various IDENTIFY and
WHOIS related crashes
Submitted by Lubomir Sedlacik <salo@silcnet.org> in PR 14887
Changes in the NetBSD's package from version 0.6.4 -> 0.7.1:
- upgrade to silc-server-0.7.1 (the main changes below)
the biggest change is the ipv6 support (new configuration file format is
needed, though)
- removed patch-ac because it was integrated into distribution
(patch-ad was moved in its place)
- completely rewritten rc.d script to use rc.subr instead and fixed the
problem with removing pidfile so now status) works fine.
- added default motd file
- INSTALL and DEINSTALL scripts are cleaner and more useful, check for logs
directory before creating it, added motd.txt installing/removing.
- better and more helpful default configuration file (added Example:
sections for each variable)
- added examples/ directory containing sample configurations of various
scenarios into $DOCDIR
changes in the silc-server itself:
o Fixed WHOIS and IDENTIFY commands to return correct replies,
and correct error replies. This fixes various weird bugs
related to these commands.
o Send NO_SUCH_CLIENT_ID error notify if received private
message to invalid Client ID. It is guaranteed that if
private message is sent to unknown client, the sender will
receive a notification for it.
o Send the kicker's information in KICK command to the kicked
client.
o Fixed LIST command to return correct amount of channels.
This fixes the weird bug that LIST would show like 50 channels
and some channels multiple times.
o Channel topics, and users SILC modes are announced now during
server->router connecting.
o Implemented the founder authentication during JOIN command.
o Support for IPv6 based Server ID added.
o Memory leak fixes.
SILC (Secure Internet Live Conferencing) is a protocol which provides
secure conferencing services in the Internet over insecure channel.
Contributed by Lubomir Sedlacik <salo@xtrmntr.org> in PR 14562
