MASTER_SITES= site1 \
site2
style continuation lines to be simple repeated
MASTER_SITES+= site1
MASTER_SITES+= site2
lines. As previewed on tech-pkg. With thanks to rillig for fixing pkglint
accordingly.
for all pkgsrc dir/file ownership rules. Fixes unprivileged
user/group names from leaking into binary packages, manifest as
non-fatal chown/chgrp failure messages at pkg_add time.
Bump respective packages' PKGREVISION.
Problems found with existing distfiles:
distfiles/icb-5.0.9.tar.gz
distfiles/icb.2.1.4.tar.Z
distfiles/zenicb-19981202.tar.gz
No changes made to these /distinfo files.
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
* More string format fixes in silcd and client libary
* configure: changed AC_PROG_LIBTOOL order to fix disabling shared libs
* configure: check threads support in OpenBSD
* Fixed string format vulnerability in client entry handling
* Reported and patch provided by William Cummings
* silcd: Fixed IDENTIFY command reply handling for channels
Changes 1.1.18 (server):
* silcd: Added heartbeat support
* Added support for sending SILC_PACKET_HEARTBEAT packets to connection,
to make sure they keep alive and to detect if they have died
* Set SO_KEEPALIVE for all accept()ed sockets
* silcd: Fixed SIGUSR1 signal handling
* Fixed the SIGUSR1 signal handling which can be used to dump the server
internals to /tmp.
* Changed also End of Stream handling to handle NULL idata pointer instead
of ignoring the EOS in case it is NULL.
* Changed also the DETACH timeout handling to use the packet stream
directly instead of looking up client in the callback
* More string format fixes in silcd and client libary
1.1.6:
This version fixes a rekey timeout crash.
1.1.5:
This release fixes the KILL command and disconnection related
problems.
1.1.4:
This version fixes 64-bit alignment issues.
1.1.3:
This version fixes several crashes, a WATCH command busy-loop, QoS
rate limit handling, and many other bugs.
1.1.2:
This version fixes a possible buffer overflow.
1.1.1:
This version fixes a crash related to processing of NEW_CLIENT
packets.
1.1:
This version was ported to the new SILC Toolkit 1.1. Support for
dynamic router connections and HTTP statistics back end were added.
Support was added for the upcoming SILC Protocol version 1.3 and
SILC Public Key version 2. Other major bugfixes were also made.
1.1beta4:
This version fixes public key authentication as responder, OPER
and SILCOPER public key authentication, and other minor bugs.
1.1beta3:
This version fixes a CTR mode rekey crash and other CTR mode issues.
1.1beta2:
This beta release fixes many crash bugs.
the owner of all installed files is a non-root user. This change
affects most packages that require special users or groups by making
them use the specified unprivileged user and group instead.
(1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
unprivileged.mk. These two variables are lists of other bmake
variables that define package-specific users and groups. Packages
that have user-settable variables for users and groups, e.g. apache
and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER}
and ${UNPRIVILEGED_GROUP}.
(2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
Changes:
This release fixes a small problem with parsing the 1.3 protocol version
string correctly. Clients that conform to the 1.3 protocol will not be
able to connect to a SILC server that isn't running this version.
Changes:
- Fixed a denial of service vulnerability: If invalid hmac or cipher
was specified on joining a channel, server crashed.
Upgrading is recommended.
set OVERRIDE_DIRDEPTH to find any libtool scripts deeper in the WRKSRC
tree unless they're named something other than "libtool".
SHLIBTOOL_OVERRIDE generally doesn't need to be specified either -- just
define it to the empty list and shlibtool-override will look for libtool
scripts.
INSTALL/DEINSTALL script creation within pkgsrc.
If an INSTALL or DEINSTALL script is found in the package directory,
it is automatically used as a template for the pkginstall-generated
scripts. If instead, they should be used simply as the full scripts,
then the package Makefile should set INSTALL_SRC or DEINSTALL_SRC
explicitly, e.g.:
INSTALL_SRC= ${PKGDIR}/INSTALL
DEINSTALL_SRC= # emtpy
As part of the restructuring of the pkginstall framework internals,
we now *always* generate temporary INSTALL or DEINSTALL scripts. By
comparing these temporary scripts with minimal INSTALL/DEINSTALL
scripts formed from only the base templates, we determine whether or
not the INSTALL/DEINSTALL scripts are actually needed by the package
(see the generate-install-scripts target in bsd.pkginstall.mk).
In addition, more variables in the framework have been made private.
The *_EXTRA_TMPL variables have been renamed to *_TEMPLATE, which are
more sensible names given the very few exported variables in this
framework. The only public variables relating to the templates are:
INSTALL_SRC INSTALL_TEMPLATE
DEINSTALL_SRC DEINSTALL_TEMPLATE
HEADER_TEMPLATE
The packages in pkgsrc have been modified to reflect the changes in
the pkginstall framework.
- fix insecure file creation in /tmp, patch from silc cvs
the impact of this issue is very low. it allows an attacker to overwrite
arbitrary files owned by the user running silcd ("silcd", in pkgsrc) IFF
the owner of the process or root send SIGUSR1 signal to the process to dump
stats. the only file owned by the "silcd" user is typically the log file
which resides in a directory inaccessible by anyone except the user itself
and root so the potential attacker would need to guess its name.
http://www.zataz.net/adviso/silc-server-toolkit-06152005.txt
please note that the advisory also incorrectly states that silc-toolkit is
vulnerable too. the code in question is never compiled in the toolkit so
it's not affected.
Bump PKGREVISION.
backslashes anymore. A single backslash is enough. Changed the
definition in all affected packages. For those that are not caught, an
additional check is placed into bsd.pkginstall.mk.
Changes:
1.0:
====
Only minor bugfixes were made to the previous version.
- Fixed channel public key list saving on backup router on JOIN
command reply.
- New optimized logging.
0.9.21:
=======
A small bugfix release.
- Added default limit how many channels one client can join (50).
- Added missing getopt.[ch].
- Fixed compilation with pkg-config files
0.9.20:
=======
A bugfix release to the SILC Server. In addition of various bugfixes,
this version now also includes new math library that from now on will be
included in all SILC distributions.
- Added more liberal channel names from the previous more stricter
identifier string change.
- Added SERVICE command to server, though services aren't supported yet.
- Fixed MOTD command to send empty reply if motd does not exist.
- Fixed LIST command.
- Fixed query to stop if client goes away.
- Added pkg-config check to the configure.
- Several other bugfixes were made.
And always is defined as share/examples/rc.d
which was the default before.
This rc.d scripts are not automatically added to PLISTs now also.
So add to each corresponding PLIST as required.
This was discussed on tech-pkg in late January and late April.
Todo: remove the RCD_SCRIPTS_EXAMPLEDIR uses in MESSAGES and elsewhere
and remove the RCD_SCRIPTS_EXAMPLEDIR itself.
Changes:
- convert to options.mk
0.9.19p1:
=========
A little update with this 0.9.19p1. After such a major release problems
were expected and the p1 fixes some crashes. Upgrade strongly
recommended.
0.9.19:
=======
And after a long break new SILC Server is out. This version finalizes the
SILC protocol version 1.2 development and introduces UTF-8 nicknames, channel
names, usernames and host names. It is now possible to create practically any
kind of nicknames and channel names. Practically all letters, numbers and
punctuation marks are supported. Special characters, control characters and
various odd symbol characters however are not allowed. Several minor and
major bugs has been fixed as well. Upgrading is strongly recommended. Old
clients that does not yet support UTF-8 encoded nicknames and channel names
are still able to connect and function normally as long as they do not need
to handle odd UTF-8 encoded names.
- Added support for UTF-8 encoded identifier strings, such as nicknames
and channel names.
- Fixed founder mode handling on JOIN on normal/backup on empty
channels.
- Fixed WATCH command handling on backup router.
- Fixed WATCH command announcing. The WATCH and SILC Gaim buddy list
should work better now.
- Simplified INVITE and BAN string handling in server. Announcing
INVITE and BAN strings should work more reliably now.
- Fixed several bugs from the backup and resuming protocol.
- Fixed, hopefully, all the wrong server statistics numbers.
- Fixed CLOSE command to handle backup routers correctly.
- Fixed various detaching and resuming bugs.
- Fixed announcing to not announce unregistered (ghost) clients.
- Fixed reconnect_keep_trying and QoS settings in server config files.
- Several other bugfixes were made.
under share/examples/rc.d. The variable name already was named
RCD_SCRIPTS_EXAMPLEDIR.
This is from ideas from Greg Woods and others.
Also bumped PKGREVISION for all packages using RCD_SCRIPTS mechanism
(as requested by wiz).
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
All library names listed by *.la files no longer need to be listed
in the PLIST, e.g., instead of:
lib/libfoo.a
lib/libfoo.la
lib/libfoo.so
lib/libfoo.so.0
lib/libfoo.so.0.1
one simply needs:
lib/libfoo.la
and bsd.pkg.mk will automatically ensure that the additional library
names are listed in the installed package +CONTENTS file.
Also make LIBTOOLIZE_PLIST default to "yes".
the RCD_SCRIPTS rc.d script(s) to the PLIST.
This GENERATE_PLIST idea is part of Greg A. Woods'
PR #22954.
This helps when the RC_SCRIPTS are installed to
a different ${RCD_SCRIPTS_EXAMPLEDIR}. (Later,
the default RCD_SCRIPTS_EXAMPLEDIR will be changed
to be more clear that they are the examples.)
These patches also remove the etc/rc.d/ scripts from PLISTs
(of packages that use RCD_SCRIPTS). (This also removes
now unused references from openssh* makefiles. Note that
qmail package has not been changed yet.)
I have been doing automatic PLIST registration for RC_SCRIPTS
for over a year. Not all of these packages have been tested,
but many have been tested and used.
Somethings maybe to do:
- a few packages still manually install the rc.d scripts to
hard-coded etc/rc.d. These need to be fixed.
- maybe remove from mk/${OPSYS}.pkg.dist mtree specifications too.
Changes:
0.9.18:
=======
Upgrade release because of couple serious bugs in the 0.9.17. Especially
backup router had stability problems with 0.9.17. This was due to a rekey bug
when performing rekey with PFS, and because of another bug it caused the
backup (and other servers too) to crash. If you are running a normal server
or backup router then ugprading is strongly recommended. If you are running
any kind of server with PFS enabled in rekey, upgrading is recommended.
- Fixed protocol completion handling in connection closing.
- Fixed rekey with PFS to work on backup with disabled connections.
- Fixed CMODE command reply to return the user limit correctly.
- Fixed the watch notify to be called for resuming clients.
0.9.17:
=======
- Implemented the user limit to the CMODE_CHANGE notify and to the CMODE
and JOIN command replies, as defined in the new protocol specs.
- Implemented the public key support to WATCH command, as defined in
the new protocol specs.
- Added asynchronous connecting to remote router/server.
- Fixed the WHOIS public key deleting.
- Several other bugfixes were also made.
