* More string format fixes in silcd and client libary
* configure: changed AC_PROG_LIBTOOL order to fix disabling shared libs
* configure: check threads support in OpenBSD
* Fixed string format vulnerability in client entry handling
* Reported and patch provided by William Cummings
* silcd: Fixed IDENTIFY command reply handling for channels
Changes 1.1.18 (server):
* silcd: Added heartbeat support
* Added support for sending SILC_PACKET_HEARTBEAT packets to connection,
to make sure they keep alive and to detect if they have died
* Set SO_KEEPALIVE for all accept()ed sockets
* silcd: Fixed SIGUSR1 signal handling
* Fixed the SIGUSR1 signal handling which can be used to dump the server
internals to /tmp.
* Changed also End of Stream handling to handle NULL idata pointer instead
of ignoring the EOS in case it is NULL.
* Changed also the DETACH timeout handling to use the packet stream
directly instead of looking up client in the callback
* More string format fixes in silcd and client libary
This changes the buildlink3.mk files to use an include guard for the
recursive include. The use of BUILDLINK_DEPTH, BUILDLINK_DEPENDS,
BUILDLINK_PACKAGES and BUILDLINK_ORDER is handled by a single new
variable BUILDLINK_TREE. Each buildlink3.mk file adds a pair of
enter/exit marker, which can be used to reconstruct the tree and
to determine first level includes. Avoiding := for large variables
(BUILDLINK_ORDER) speeds up parse time as += has linear complexity.
The include guard reduces system time by avoiding reading files over and
over again. For complex packages this reduces both %user and %sys time to
half of the former time.
and add a new helper target and script, "show-buildlink3", that outputs
a listing of the buildlink3.mk files included as well as the depth at
which they are included.
For example, "make show-buildlink3" in fonts/Xft2 displays:
zlib
fontconfig
iconv
zlib
freetype2
expat
freetype2
Xrender
renderproto
set OVERRIDE_DIRDEPTH to find any libtool scripts deeper in the WRKSRC
tree unless they're named something other than "libtool".
SHLIBTOOL_OVERRIDE generally doesn't need to be specified either -- just
define it to the empty list and shlibtool-override will look for libtool
scripts.
RECOMMENDED is removed. It becomes ABI_DEPENDS.
BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo.
BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo.
BUILDLINK_DEPENDS does not change.
IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS
which defaults to "yes".
Added to obsolete.mk checking for IGNORE_RECOMMENDED.
I did not manually go through and fix any aesthetic tab/spacing issues.
I have tested the above patch on DragonFly building and packaging
subversion and pkglint and their many dependencies.
I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I
have used IGNORE_RECOMMENDED for a long time). I have been an active user
of IGNORE_RECOMMENDED since it was available.
As suggested, I removed the documentation sentences suggesting bumping for
"security" issues.
As discussed on tech-pkg.
I will commit to revbump, pkglint, pkg_install, createbuildlink separately.
Note that if you use wip, it will fail! I will commit to pkgsrc-wip
later (within day).
Changes:
- convert to options.mk
0.9.13:
=======
After a long break the SILC Toolkit 0.9.13 is out. This version finalizes
the SILC protocol version 1.2 development by including the few last features
that was missing from previous version. One of the major features is the
support for UTF-8 encoded nicknames, channel names, user names and host
names. The SILC Toolkit 0.9.13 API is compatible with the previous 0.9.12
version, however, several new functions has been added, and reading the
following summary of changes is recommended:
- Added UTF-8 encoded nicknames, channel names, server names, host names,
usernames, crypto property names and algorithm names. All strings
library sends to application are always UTF-8 encoded. All strings
application sends to library must be UTF-8 encoded.
- Added SILC Stringprep API (RFC 3454) into silcstringprep.h. It can
be used to prepare strings into the correct format. The format is
specified by the SILC protocol, and those formats are supported by
this API.
The API can also be used to do other UTF-8 string preparation, such
as case folding. See the API for different features supported by
the API.
- Added silc_identifier_check and silc_identifier_verify routines to
help application easily format and verify the new UTF-8 encoded
nicknames, channel names and other identifier strings.
Ref:
http://silcnet.org/docs/toolkit/silcstrutil-silc_identifier_check.htmlhttp://silcnet.org/docs/toolkit/silcstrutil-silc_identifier_verify.html
- Added SILC_STRING_LOCALE that now deprecates SILC_STRING_LANGUAGE.
The old type is supported but may be removed in later versions.
Ref:
http://silcnet.org/docs/toolkit/silcstrutil-SilcStringEncoding.html
- Added new string encoding/decoding types: SILC_STRING_LOCALE,
SILC_STRING_UTF8, SILC_STRING_PRINTABLE, SILC_STRING_VISIBLE,
SILC_STRING_TELETEX, SILC_STRING_NUMERICAL, SILC_STRING_LDAP_DN and
SILC_STRING_UTF8_ESCAPE. These types can currently be used with
the SILC UTF-8 API.
Ref:
http://silcnet.org/docs/toolkit/silcstrutil-SilcStringEncoding.html
- Splitted UTF-8 string routines from silcstrutil.h into own file
silcutf8.h.
- Added silc_utf8_strcasecmp and silc_utf8_strncasecmp to do caseless
UTF-8 string comparison.
Ref:
http://silcnet.org/docs/toolkit/silcutf8.html
- Added dont_register_crypto_library into SilcClientParams. If set
to TRUE the Client Library will not register/unregister cyprto library,
and application is expected to do it. By default this is set to FALSE.
Ref:
http://silcnet.org/docs/toolkit/silcclient-SilcClientParams.html
- All created log files by SILC Log API are now with 0600 mode.
Ref:
http://silcnet.org/docs/toolkit/silclog.html
- The bool type on Mac OS X is now _Bool.
Ref:
http://silcnet.org/docs/toolkit/silctypes-bool.html
- The silc_net_create_connection[_async] now revert to IPv4 address if
IPv6 sockets are not supported.
- Added __SILC_XXX defines into silcincludes.h that third-party
applications can check to determine how a binary version of the SILC
Toolkit has been compiled. The following defines may be set:
__SILC_HAVE_PTHREAD Compiled with threads support
__SILC_HAVE_SIM Compiled with SIM support
__SILC_ENABLE_DEBUG Compiled with debug enabled
A third-party application can check these defines in configure.ac or
in compile time to determine what libraries should be linked against
the application.
- Install pkg-config .pc files for the SILC Core library and SILC Client
library. silc.pc and silcclient.pc will be installed.
- Several other minor bugfixes were made.
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
All library names listed by *.la files no longer need to be listed
in the PLIST, e.g., instead of:
lib/libfoo.a
lib/libfoo.la
lib/libfoo.so
lib/libfoo.so.0
lib/libfoo.so.0.1
one simply needs:
lib/libfoo.la
and bsd.pkg.mk will automatically ensure that the additional library
names are listed in the installed package +CONTENTS file.
Also make LIBTOOLIZE_PLIST default to "yes".
(SILC) protocol Toolkit.
SILC (Secure Internet Live Conferencing) is a protocol which provides
secure conferencing services in the Internet over insecure channel.
SILC superficially resembles IRC, although they are very different
internally. SILC is much more than just about `encrypting the traffic'.
That is easy enough to do with IRC and SSL hybrids, but even then the
entire network cannot be secured, only part of it.
SILC provides security services, such as sending private messages entirely
secure; noone can see the message except you and the real receiver of the
message. SILC also provides same functionality for channels; noone except
those clients joined to the channel may see the messages destined to the
channel. Communication between client and server is also secured with
session keys and all commands, authentication data (such as passwords etc.)
and other traffic is entirely secured. The entire network, and all parts of
it, is secured.
SILC has secure key exchange protocol that is used to create the session keys
for each connection. SILC also provides strong authentication based on either
passwords or public key authentication. All authentication data is always
encrypted in the SILC network. Each connection has their own session keys,
all channels have channel specific keys, and all private messages can be
secured with private message specific keys.