various character set problems. The security issues fixed:
* NICK_CHANGE buffer overflow: CVE-2007-3728.
* pkcs_decode buffer overflow: CORE-2007-1212.
Changes since version 1.0.4.1:
- Fixed NEW_CLIENT packet handling crash.
- Fixed partial encryption in CTR mode in AES.
- Fixed printable fingerprint buffer overflow.
- Fixed UNIX signal delivery il SILC scheduler.
- Reprocess JOIN command synchronously after resolving channel user list.
- In JOIN command reply check if the channel key is already saved.
- Remove all channel keys and hmacs after giving LEAVE command.
- Added missing channel unreferencing in CMODE, CUMODE, TOPIC, INVITE,
BAN and KICK command replies.
- Fixed connection authentication with public keys to use correct public
key as responder.
- Zero tail of CTR mode IV in IV Included mode.
- Fixed CTR mode rekey.
- Rewrote the IV Included CTR mode encryption/decryption in packet engine.
- Fixed non-IPv6 compilation error.
- Fixed channel private key deleting when deleting the channel.
- Fixed TIMEOUT handling in user info resolving during JOINing, fixes crash.
- Fixed mandatory UN and HN SILC public key identifier checking.
- Fixed alignment issues with 64-bit CPUs.
- Added "There are now xx nick's" to "are xx nicks".
- Fixed USERS command user mode handling (integer overflow).
- Fixed big-endian issues from aes implementation.
- Fixed lib/silcutil/silcatomic.h compilation on IA64.
- Fixed public key identifier parsing to check lengths correctly.
- In silc_client_free check that scheduler is allocated before trying to
free it.
- Fixed buffer overflow in NICK_CHANGE notify. The destination buffer for
old nicknames was too small.
- Added support for rekey with PFS when using CTR mode encryption.
- Added silc_idcache_move that can be used to move entries between caches.
- Added better checks for invalid argument and notify payloads.
- Fixed SILC_PACKET_FLAG_LONG_PAD bitmask value.
- Set the destination ID to packet stream as SKE responder if ID was
present in key exchange packet.
- Compile sources with _GNU_SOURCE on Linux systems.
- Fixed Unix signal task dispatching to not lock the signals when
dispatching the callback to avoid deadlocks.
- Added SILC_VERSION macro for checking package versions at compile time.
- Use SILC_VERIFY to assert that silc_rwlock_wrlock can be called only
once per thread on Unix.
- Fixed USERS command reply write-lock unlocking.
- Fixed silc_create_key_pair to check for valid identifier.
- Rewrite signed public message handling, adopting the new hilight interface.
- Fix off by one error when loading modules.
- Don't delete hilight entry (because it's just a pointer, not a copy).
- Added __SILC_TOOLKIT_x_x_x macro to all Toolkit distribution which can
be used to check for Toolkit version in third-party software.
- Added support for channel@server channel name strings to client library
(SILC protocol version 1.3 change).
- Added full_nicknames and full_channel_names settings to SilcClientParams
that can be used to specify whether client library returns full nickname
and channel name strings. Full strings are nick@server and channel@server.
- Fixed unix connecting failure to return error code correctly.
- Fixed SKE timeout double free crash.
- Fixed MIME multipart decoding buffer overflow.
- Fixed connection auth protocol timeout crash.
- Fixed FSM machine finishing to check for existing threads at the final
free callback to allow time for the threads to finish.
- Fixed silc_client_get_clients_local to check the nick's server also if
nick@server nickname string is given to the function.
- And many more, oh well. For the user this means: better charset support,
less crashes, nick names now potentially user#23, server specific
channels and more sanity.
Talked over a while ago with wiz with no objections.
Addresses PR pkg/36355
Changes:
1.0.4.1:
========
o Fix a segfault when joining an unknown channel
1.0.4:
======
- Update Makefiles so parallel make is possible
- Include scripts from the SILC Plugin for automatically signing all
messages
- Use known passwords when joining password protected channels
1.0.3:
======
- empty realname and hostname is permitted again (and the user gets to
see the error message if something goes wrong)
- various small fixes
- Rework how and where is silc-client installed (in preparation for
silc-toolkit import).
- Rework PLIST.perl handling, now it works with threaded Perl as well.
- Minor cleanups.
changes in the silc-client package:
===================================
- upgraded to 0.8.6
- separate PLIST files for perl support and crypto modules
- make it compile on Solaris
- minor cleanups
changes in the silc-client since 0.8.3:
=======================================
* Merged irssi crash fixes on /QUIT.
* Fixed a bug in library where sending a bogus authentication
payload would lead to a crash.
* Do not check public key types in SKE during rekey.
* Fixed the Irssi SILC Client to use the silc_get_username and
silc_get_real_name insted of glib routines since the glib
routines only corrupt stack. Fixes the Irssi SILC to work in
Cygwin.
* Fixed the Irssi to not use g_get_home_dir since it crashes
or returns garbage on cygwin and corrupts stack. Added function
get_home_dir to Irssi routines.
* Fixed the KICKED notify handling in client library to
correctly remove the channel and all entries from the
channel when I was kicked. This bug crashed the client.
* Fixed yet another but in KICKED notify handling to remove
the kicked client correctly from the channel.
* Fixed the lib/silcmath/Makefile.am to include the MPI and GMP
sources correctly to distribution. Fixes --with-gmp option.
* Removed the manual rehashing from ID Cache, and changed it
to use the SILC Hash Table's auto rehash feature.
* Fixed a bug in the silc_client_nickname_format function that
handles the multiple same nickname formatting. Two clients
with same nickname caused problems after the first one left
and rejoined. It didn't format the nickname correctly.
Changes contributed by Lubomir Sedlacik <salo@xtrmntr.org> in PR 16611
* Merged Irssi 0.8.2 from irssi.org CVS.
* Fixed the USERS command reply to save the user's mode on the channel
as well.
* Fixed JOIN command reply to check whether a client is on channel
already and not join it twice.
* The user mode (like server/router operator changes) is now shown on
the Irssi SILC client's statusbar.
* Fixed -S option parsing in Irssi SILC Client. Contents of key files
are shown again correctly.
Patch submitted by Lubomir Sedlacik <salo@xtrmntr.org> in PR 15886.
Contributed by Lubomir Sedlacik <salo@xtrmntr.org> in PR 15772.
Changes:
- added support for optional perl support to Makefile
- added PLIST.perl for package with perl support enabled
- updated MASTER_SITEs
- updated patches
This version introduces the new Irssi-SILC client which is based in the new
Irssi 0.8.1 version. In addition of being entirely new irssi base this
version also introduces the perl scripting support. With this scripting
support it is possible to create scripts that introduce new features and new
commands. It is also possible to create a bot with it.
The client config file has changed too. The old "silc.conf" (which was the
silc specific config file) is now gone, and the "config" (which was the irssi
specific config file) is now renamed as silc.conf, and includes both silc
stuff and irssi stuff. So, after installing this new client I suggest
removing the old silc.conf file since otherwise when you run the new client it
will yell you about the config file. Be warned.
When you look at the new silc.conf config file you will see settings like,
"crypto_default_cipher", "crypto_default_hash" and "crypto_default_hmac".
These are the silc specific settings and you can freely edit them (or use
/SET command) to include what ever value you prefer. The default values
should fit to all since they are the SILC protocol default ones. Anyway,
they are editable if you want to edit, but you don't need to edit them.
New commands that this new client introduces is for example /STATUSBAR.
With this command you can manage the different bars on the screen. Like,
whether to show topic bar or not etc.
most significant changes in silc-client since version 0.7.6.2:
* Fixed CUMODE_CHANGE notify handling to change the mode of correct client
* Allow zero length channel messages inside the Channel Message Payload
* The silc_cipher_register, silc_hash_register and silc_hmac_register now
checks if the object to be registered is registered already
* Merged the new SILC Config library, with the server parsing support.
Read the header file silcconfig.h or the toolkit documentation for the
news.
* Added new Passphrase and Publickey authentication methods to config file,
allowing both public key and passphrase based authentication to be set at
the same time.
* Added `prefer_passphrase_auth' setting in config file which can be used to
set to prefer passwd auth if both passwd and public key is set. If not set,
public key is preferred. This has effect only when being initiator
(responder will try both anyway).
* Added support for authentication with passphrase and public key at the same
time. The passphrase is tried first always since it is faster to check.
* Fixed the public key authentication to allocate always the destination
signature buffer instead of using static buffer.
* Add the client on channel after it was resolved at the channel message
receiving, and it was not already on the channel.
* Fixed command line parameter handling. All SILC initialization is now done
in silc_core_init() which also fixes autoconnecting to servers.
* Rewrote the notify handling in Irssi SILC client to not call the events as
signals. Fixes problems with Perl support.
* Send the auto-nicking NICK command in client library with little timeout
after connecting.
* Fixed padding problem in PKCS#1. The padding was not actually random since
the random number generator was used incorrectly. This security bug affects
only when encrypting with PKCS#1, and it is not currently used at all in
SILC. SILC only use signing with PKCS#1.
* Fixed a NICK change bug in client library, to not recreate the
client_entry->channels hash table everytime nick is changed.
* Fixed NICK change printing in Irssi SILC Client. Fixed KICKED notify
printing in Irssi SILC Client.
* Fixed the lib/silcsftp/sftp_fs_memory.c to use silcutil routines instead
of calling directly OS routines.
* Added proper initializations to silc's irssi code, so it's now possible
to load it as module.
* Added silc_schedule_reinit function to do the enlarging of the max tasks
handling capabilities of the scheduler.
* Added `prefer_ipv6' argument to the functions
silc_net_gethostbyname[_async]. If it is TRUE it will return IPv6 address
over IPv4. If FALSE IPv4 address is returned even if IPv6 address was
found.
* Added support silc_net_create_connection[_async] to fallback to IPv4
address if IPv6 address could not be used (like if it doesn't work on
a specific system).
