* More string format fixes in silcd and client libary
* configure: changed AC_PROG_LIBTOOL order to fix disabling shared libs
* configure: check threads support in OpenBSD
* Fixed string format vulnerability in client entry handling
* Reported and patch provided by William Cummings
* silcd: Fixed IDENTIFY command reply handling for channels
Changes 1.1.18 (server):
* silcd: Added heartbeat support
* Added support for sending SILC_PACKET_HEARTBEAT packets to connection,
to make sure they keep alive and to detect if they have died
* Set SO_KEEPALIVE for all accept()ed sockets
* silcd: Fixed SIGUSR1 signal handling
* Fixed the SIGUSR1 signal handling which can be used to dump the server
internals to /tmp.
* Changed also End of Stream handling to handle NULL idata pointer instead
of ignoring the EOS in case it is NULL.
* Changed also the DETACH timeout handling to use the packet stream
directly instead of looking up client in the callback
* More string format fixes in silcd and client libary
1.1.6:
This version fixes a rekey timeout crash.
1.1.5:
This release fixes the KILL command and disconnection related
problems.
1.1.4:
This version fixes 64-bit alignment issues.
1.1.3:
This version fixes several crashes, a WATCH command busy-loop, QoS
rate limit handling, and many other bugs.
1.1.2:
This version fixes a possible buffer overflow.
1.1.1:
This version fixes a crash related to processing of NEW_CLIENT
packets.
1.1:
This version was ported to the new SILC Toolkit 1.1. Support for
dynamic router connections and HTTP statistics back end were added.
Support was added for the upcoming SILC Protocol version 1.3 and
SILC Public Key version 2. Other major bugfixes were also made.
1.1beta4:
This version fixes public key authentication as responder, OPER
and SILCOPER public key authentication, and other minor bugs.
1.1beta3:
This version fixes a CTR mode rekey crash and other CTR mode issues.
1.1beta2:
This beta release fixes many crash bugs.
Changes:
1.0:
====
Only minor bugfixes were made to the previous version.
- Fixed channel public key list saving on backup router on JOIN
command reply.
- New optimized logging.
0.9.21:
=======
A small bugfix release.
- Added default limit how many channels one client can join (50).
- Added missing getopt.[ch].
- Fixed compilation with pkg-config files
0.9.20:
=======
A bugfix release to the SILC Server. In addition of various bugfixes,
this version now also includes new math library that from now on will be
included in all SILC distributions.
- Added more liberal channel names from the previous more stricter
identifier string change.
- Added SERVICE command to server, though services aren't supported yet.
- Fixed MOTD command to send empty reply if motd does not exist.
- Fixed LIST command.
- Fixed query to stop if client goes away.
- Added pkg-config check to the configure.
- Several other bugfixes were made.
And always is defined as share/examples/rc.d
which was the default before.
This rc.d scripts are not automatically added to PLISTs now also.
So add to each corresponding PLIST as required.
This was discussed on tech-pkg in late January and late April.
Todo: remove the RCD_SCRIPTS_EXAMPLEDIR uses in MESSAGES and elsewhere
and remove the RCD_SCRIPTS_EXAMPLEDIR itself.
All library names listed by *.la files no longer need to be listed
in the PLIST, e.g., instead of:
lib/libfoo.a
lib/libfoo.la
lib/libfoo.so
lib/libfoo.so.0
lib/libfoo.so.0.1
one simply needs:
lib/libfoo.la
and bsd.pkg.mk will automatically ensure that the additional library
names are listed in the installed package +CONTENTS file.
Also make LIBTOOLIZE_PLIST default to "yes".
the RCD_SCRIPTS rc.d script(s) to the PLIST.
This GENERATE_PLIST idea is part of Greg A. Woods'
PR #22954.
This helps when the RC_SCRIPTS are installed to
a different ${RCD_SCRIPTS_EXAMPLEDIR}. (Later,
the default RCD_SCRIPTS_EXAMPLEDIR will be changed
to be more clear that they are the examples.)
These patches also remove the etc/rc.d/ scripts from PLISTs
(of packages that use RCD_SCRIPTS). (This also removes
now unused references from openssh* makefiles. Note that
qmail package has not been changed yet.)
I have been doing automatic PLIST registration for RC_SCRIPTS
for over a year. Not all of these packages have been tested,
but many have been tested and used.
Somethings maybe to do:
- a few packages still manually install the rc.d scripts to
hard-coded etc/rc.d. These need to be fixed.
- maybe remove from mk/${OPSYS}.pkg.dist mtree specifications too.
Some pkgsrc things
- Fix PLISTs for packages that use -release
- Include canonicalisation of a couple of paths for the benefit
of qt3-*
- the normal version=sunos patching
- fix all library_names_spec for the standard set of symlinks
The libtool things some of which had already made it into pkgsrc libtool.
New in 1.5.2: 2004-01-25; CVS version 1.5.0a, Libtool team:
* lt_dlrealloc is an official part of the libltdl API.
* --tag, --silent and --debug options are preserved and reused when libtool
calls itself for relinking etc.
* `-pthread' and similar options are honoured when linking shared libraries.
* -no-suppress in compile mode shows compiler output for both PIC and non-PIC
object compilation.
* New link mode option `-precious-files-regex' to prevent accidental removal
of files you want to keep, such as test coverage data, from the temporary
output directory.
* Directories specified in /etc/ld.so.conf are no longer hardcoded on Linux.
* Recognises the 'R' symbol type on Solaris so read-only symbols can be
exported.
* Bug fixes.
New in 1.5: 2003-04-14; CVS version 1.4e, Libtool team:
* First stable release of multi-language architecture.
* libtool and libltdl support for Mac OS/X.
* libltdl will now use cygwins dlopen API instead of always forcing
LoadLibrary.
* Support auto-import patch to binutils on cygwin for much improved dll
support.
* Bug fixes.
New in 1.4.3: 2002-10-13; CVS version 1.4.2a, Robert Boehne:
* The libltdl subdirectory now bootstraps correctly with Automake 1.5.
* srcdir != builddir builds with Automake 1.5 work correctly.
* Support for mips-compaq-nonstopux.
* New command line argument, --preserve-dup-deps prevents removal of
duplicate dependent libraries.
New in 1.4d: 2002-01-07; CVS version 1.4c, Libtool team:
* Help strings display correctly again.
* Better error messages when library linking fails.
* Better error messages from libltdl when loading fails.
* Better search path management in libltdl with `lt_dlinsertsearchdir' call.
* Support /lib/w32api in recent cygwin releases.
* Support cross compilation to mingw.
* Support for .rc files (Windows resource compiler).
* Improved handling of mingw gcc.
* Improved handling of $PATH with entries containing spaces.
* Improved support for linking with gcc on aix4* and aix5*.
* Improved support for GCC 3.0.
* Initial support for QNX RTOS, UnixWare 7 and OpenUNIX 8.
* Bug fixes to the OpenBSD port.
* Bug fixes.
New in 1.4.2: 2001-09-11; CVS version 1.4.1a, Gary V. Vaughan:
* libltdl now builds on solaris again
* diagnose and warn about not-quite-working combinations of gcc and
ld on solaris.
* Improved OpenBSD support.
* Improved cygwin support.
* Bugfixes.
New in 1.4.1: 2001-09-03; CVS version 1.4.0a, Libtool team:
* Better error messages from libltdl when loading fails.
* Don't leave here-doc files behind.
* Improved support for OpenBSD.
* Libtool will build with autoconf-2.50 and higher.
* Plug memory management bugs in libltdl.
* Prefer shl_load to dlopen for better operation on HP-UX.
New in 1.4b: 2001-07-09; CVS version 1.4a, Libtool team:
* Now bootstraps with autoconf-2.50 and automake-1.4-p4.
* Always try to build at least a static lib, even if both static and
shared libs were disabled.
* Full support for C++ compiler.
* Support for GNU gcj compiler.
* libltdl can now load all modules in a given path according to user
supplied criteria with `lt_dlforeachfile' call.
* Improved support for AIX ia64, djgpp, HPUX, hurd, OpenBSD, sco3.2*.
* Internal mutex handling no longer has namespace clashes on NCR MP-RAS.
* New pdemo and tagdemo tests.
* Bug fixes.
Changes:
- Added public key based search support to WHOIS command. Users can be
searched by their public key now. To search users by public key using
SILC Client, do the following (see the /HELP WHOIS for revised help
information on searching by public key):
To search nickname 'nick' that has the specified public key, give:
/WHOIS nick -pubkey /path/to/the/public_key.pub
To search all usesr that has the specified public key, give:
/WHOIS -pubkey /path/to/the/public_key.pub
- Removed RC6 cipher.
- Fixed the MOTD command to work properly. Motds can now be fetched from
remote servers.
- Fixed the INVITE string handling during joining to use correct server
name. Invite strings such as *@sauna.silcnet.org!*@*foobar.com now
works.
- Fixed the CUMODE for founder mode work correctly when there is already a
founder on channel. Normal server cannot anymore "replace" a founder
which is founder on router (even if authentication works). User on
router can "replace" founder that is on normal server assuming
authentication is successful.
- Fixed UMODE mode change bug when anonymous mode was already set. Now
modes can be changed normally.
- Minor fixes to backup router protocol. Some problems may still exist
and testing this feature is recommended.
- Improvements to router-to-router connections. Normal communication
should work. NOTE: This is experimental and you can expect problems
if you set up such network.
- Several other bugfixes.
This version is a major upgrade release and everyone running older version is
strongly recommended to upgrade to this version. This version introduces
several bugfixes, security fixes and bunch of new features. This also
completes the development work for the SILC protocol version 1.2.
Changes:
- removed patch-ac, merged into distribution
- create server keys with strict permissions
0.9.14:
=======
- Several bugfixes and security fixes were made. A major remote exploit
was also fixed.
- The SILC Server now ignores SIGXFSZ and SIGXCPU signals which will
terminate the process if they occur. They can occur in poorly
configured environment.
- Fixed SERVER_SIGNOFF notify handling which caused ghosts to remain in
the network.
- Fixed inviting and banning by public key. Fixed invite and ban string
handling. Implemented SILC 1.2 complying invite and ban data
distribution between routers and servers. To also comply with SILC 1.2,
prohibited using '@' and '!' characters in invite and ban strings.
- Support for channel public keys added. A new feature in SILC 1.2, that
allows join authentication using digital signatures. Use the latest
SILC Client to take advantage of this feature.
- Support for SILC 1.2 backup protocol. This version introduces rewritten
version of the backup router protocol. The purpose of the backup router
protocol is to prevent servers from splitting from the rest of the SILC
network if the primary router becomes unresponsive. There are no
changes to the configuration of the backup router support, and old
configurations will work with this version too.
This version is now able to detect much better different network failure
situations and understand how to work with them. The servers are now
able to actually detect when the backup router can/must be used. They
are also able, in case of error in backup router protocol, to resume
back to either to the backup router or to the primary router, and always
recover from desyncs automatically (usually within 60 seconds).
- Support for command reply error arguments was added. This allows
clients to better handle error conditions within command execution.
- The founder public key distribution now complies with the SILC 1.2.
Changes:
- Fixed EOF handling in SILC Config.
- Do not send full INVITE and BAN lists in INVITE and BAN
notifys, only the changed information.
- Fixed INVITE notify sending in INVITE command, send it
only when needed.
- Handle the founder key change properly in CMODE_CHANGE
notify. Bug #122.
- Remove the mark for output (mark it only for input) after
purging outgoing queue. Prevents the "Error in select()"
floods.
- Check server private key file permissions before starting
the server.
- NULL terminate allocated string in silc_buffer_strformat.
- Rewrote the invite/ban list string handling in server to
use SilcBuffer instead.
- Fixed double free in CMODE command when setting new HMAC
for channel.
- Added couple of missing memset's to zero sensitive memory.
The private key file format has changed due to a bug in the
older code. When you run this server version it automatically
changes your private key file to the correct format.
The future versions of the SILC Server will not do that, so
do not skip this version or you will need to generate new key
pair after 0.9.11 is released.
Also backup router bugs was fixed which caused several
interesting decryption problems, so upgrading regardless
if you are runinng normal server, backup router or primary
router is strongly recommended.
Changes from 0.9.9.1 to 0.9.10
==============================
* Added the config directive PublicKeyDir for the client
block.
* Extended the SILC_SERVER_LOG_ERROR macro to all available
logging channels.
* Load only files with .pub suffix in PublicKeyDir.
* Fixed a typo in resuming code that fixed detach/resume
code in server.
* Fixed CMODE setting in server when founder mode was set.
* Fixed wrong invite and ban list handling in server command
reply.
* Fixed CUMODE founder authentication in server to not check
for client's public key since it's not supposed to do that.
* Fixed backup router bugs: When backup resumes router and
receives a CHANNEL_MESSAGE packet the backup must not act
as router since the packet header decryption would be
different. Also, when relaying packets to channel, do not
re-encrypt packets on backup that came from the primary
since the connection isn't really router-router connection.
Changes from 0.9.8 to 0.9.9.1
=============================
* Updated protocol version to 1.2.
Clients and servers with support for 1.1 are not compatible with
the new protocol!
* Print notify for server opers when backup router comes online.
* Resolve the client's public key in JOIN command if the founder auth
data is being requested but we don't know the client's public key.
* Added idle and signon fields to the ATTRIBUTE_SERVICE attribute to
indicate the user's current idle and signon timeof a service.
* Added MAC field to the Private Message Payload to protect against
chosen ciphertext attacks.
* Defined the SILC_MESSAGE_FLAG_SIGNED.
* Added ERR_UNSUPPORTED_PUBLIC_KEY and ERR_OPERATION_ALLOWED status
types.
* Added support for normal client to kill its own entries from
the network.
* Compute maximum padding for authentication packets to make
passphrase approximation attacks impossible (padding must be at
least 8 bytes now).
* Added support for rekey before 2^32 sequence number wraps.
* Added Encrypt-Then-MAC order to SILC packet MAC generation.
Deprecated the old Encrypt-And-MAC order.
* Added Encrypt-Then-MAC order to Channel Message Payload MAC
generation.
* Added support for setting FOUNDER mode on channel with specific
public key which can be set with CMODE command.
* Don't wait for EOF after socket error has occurred, but close the
connection.
* Assure the RESUME_CLIENT packet is not sent to twice to backup
router if the detached client was originated from the backup.
* Added support for removing client from invite list when kicked
from channel, as SILC 1.2 dictates.
* Added support for the SILC 1.2 BAN and INVITEcommands and new
ban and invite lists to server.
* Remove client from invite list in KILLED notify and in KILL
command.
* Do not send invite list back unless asked (when sending no
arguments) or when list was modified.
* MARS is now gone.
* Added manual pages for silcd(8) and silcd.conf(5).
* Fixed WATCH command reply handling on normal server which was
missing altogether.
* Fixed double free in WHOIS query on normal server when forwarding
query to router.
* Fixed MOTD command reply sending.
* Fixed the INVITE command to send the invite list in command reply.
* Fixed PING command sending in client library and handling in
server. The server ID must be ID Payload, not raw ID data.
* Fixed NICK command to not crash if nickname was not sent.
* Fixed channel's global_user boolean checking after detaching.
Check it after changing the owner of the client not before.
* Fixed channel key distribution after resuming detached client.
* Fixed memory leaks with SIMs in server.
* Fixed bugs in invite list handling in INVITE command.
Changes from 0.9.5 to 0.9.8
===========================
* Added support for aborting automatically pending commands
that never receives the reply (to avoid memory leaks).
* Added support for removing explicitly added client connections
in rehash and closing the client connections if they were
unconfigured in the rehash.
* Rewrote WHOIS, WHOWAS and IDENTIFY commands in the server.
* If packet processing fails (like integrity check fails)
the connection is closed now.
* Normal server now reconnects to backup router automatically
if connection is lost to it.
* Added support for replying on behalf of the user to the
Requested Attributes in WHOIS command in the server.
* Failed OPER and SILCOPER authentications are now logged.
* Added sort-of "Quality of Service" (QoS) support. Data
reception can be controlled with rate limit per second
and/or read data length limit.
* Added support for encrypted private key files. Now passphrase
must be provided when new key pair is created , and prompted
when loading the private key.
* Resumed client packet handling from server put the resumed
client on wrong list on router and caused the client not be
present on the network anymore.
* Various cleanup in error message output in config parsing code
and in server init code. Fixed error log files containing too
many newlines in some situations.
* Assure that channel key is set before sending it. May crash
server otherwise.
* Don't swtich to become primary router if we are backup if
decryption error has occurred.
* Fixed a bug in backup router IP address comparison
* Fixed a crashbug in incoming server accepting.
* Fixed packet decryption problem when backup router encrypted
channel message with wrong key during backup resuming protocol.
* Fixed memory leaks in server.
* Fixed channel key packet processing bug on backup router
during backup resuming protocol.
buildlink->buildlink2
Main changes from 0.9.2 to 0.9.5
=================================
* Use the primary router as the origin of the locally connected server when
it is disconnecting from the backup router since that's where it really
is coming from. Now the clients from the disconnecting server are removed
correctly and "shadow" clients are not left to the backup router.
* If normal server is standalone and found existing but disabled channel, do
not re-create the channel since it creates duplicate same channels.
* Added anonymous client connections support to server. New "anonymous"
configuration option to ConnectionParams section added. If set to true,
the username and hostname information of the client will be scrambled and
anonymous user mode is set automatically to the user.
* In JOIN notify handling, mark that the cache entry of the client cannot be
expired. Can cause crashes on normal server (asserts client->channels).
* Added silcd configuration option Timestamp in the Logging section.
* Fixed fingerprint checking to check for entirely empty fingerprint instead
of two first bytes when determining if it is set.
* Remove server/router operator privileges in DETACH command, since it's
possible to resume to server where these privileges would not be allowed.
* Do not re-create channel keys and send them when removing clients in server
shutdown.
* Completed backup router support for standalone routers. Supports also
servers in the cell that do not use the backup at all. Server/router
operator now receives notify when network switches to backup router and
when it resumes the use of primary router.
* Added -D option to server. It can be used to give debug level. The levels
are from 0 - 99, and are predefined for smooth server debugging.
Patch submitted by Lubomir Sedlacik <salo@Xtrmntr.org> in PR 18278.
Patches contributed by Lubomir Sedlacik <salo@Xtrmntr.org> in PR 15779
Changes from 0.7.9 to 0.8:
==========================
* Removed 0.6.x backwards support.
* Added `prefer_ipv6' argument to the functions
silc_net_gethostbyname[_async]. If it is TRUE it will return
IPv6 address over IPv4. If FALSE IPv4 address is returned
even if IPv6 address was found.
* Added support silc_net_create_connection[_async] to fallback
to IPv4 address if IPv6 address could not be used (like if
it doesn't work on a specific system). Affected file in
* Added `user_count' to the SilcChannelEntry which now tells the
number of users on the channel. The user count is now saved
in normal server of global channels as well.
* Added following new config file settings:
channel_rekey_secs, key_exchange_rekey, key_exchange_pfs,
key_exchange_timeout, conn_auth_timeout, connections_max,
links_max.
Implemented all the new config settings handling in the server.
Optimized the use of SKE Mutual flag usage. Use it only
if connection authentication protocol is not based in public
key authentication.
* Added new configuration options and blocks:
keepalive_secs, reconnect_count, reconnect_interval,
reconnect_interval_max, reconnect_keep_trying and
require_reverser_lookup. Added ConnectionParam block, and
implemented the connection parameters when connecting as
initiator and when accepting connections as responder.
* Splitted the doc/example_silcd.conf.in. Separated the crypto
algorithm parts and created new file silcalgs.conf, that
is now included from the example_silcd.conf.in.
* Optimized the silc_server_connect_to_router_second to take
the connection configuration object from the SilcServerConnection
object instead of finding it during the connecting phase.
Added the configuration object to SilcServerConnection struct.
* Fixed the public key authentication to allocate always the
destination signature buffer instead of using static buffer.
* Added new Passphrase and Publickey authentication methods to
config file, allowing both public key and passphrase based
authentication to be set at the same time.
Added `prefer_passphrase_auth' setting in config file which
can be used to set to prefer passwd auth if both passwd and
public key is set. If not set, public key is preferred.
This has effect only when being initiator (responder will try
both anyway).
Added support for authentication with passphrase and public key
at the same time. The passphrase is tried first always since
it is faster to check.
* Merged the new SILC Config library, with the server parsing
support. Read the header file silcconfig.h or the toolkit
documentation for the news.
changes in the package since 0.7.3 to 0.7.6:
- rewrite of package's Makefile. big parts of INSTALL and DEINSTALL scripts
were moved into Makefile itself
- silc-server now creates user silcd:silcd who run silcd by default
- INSTALL and DEINSTALL files are smaller and contains only neccessary
actions which cannot be executed from Makefile
- partial rewrite of rc script, added rcvar support, it is neccessary to have
silcd=YES in rc.conf now to start silc server (unless force is used)
- changed motd.txt to contain BSD daemon ;)
- updated patch-aa and patch-ab files
changes in the silc-server software since 0.7.3 to 0.7.6:
0.7.4: This version fixes a crash that can occur mainly on normal server.
Upgrading is recommended to avoid instability later. This version
also fixes the BAN and INVITE commands that were pretty much broken.
This version also disallows a situation where the nickname that server
sets initially for the client could be a bad nickname (like nick
including whitespaces). It used to be possible but now server checks
for this. Johnny also introduces a new logging system to this version
with log files being open all the time and not opened every time
something is logged, and log rotation support.
0.7.5: Hopefully fixed the most nasty bugs. I found bunch of weird bugs
that causes server syncing problems. Upgrading is strongly
recommended as soon as possible.
0.7.6: Only a minor bugfix release to fix the CUMODE command that allowed
non-founder channel users to remove modes of the founder, and to fix
GETKEY always return server's public key if it is requested, and to
fix the TOPIC_CHANGE notify to not route it twice to router.
Patch submitted by Lubomir Sedlacik <salo@Xtrmntr.org> in PR 15373
Submitted by Lubomir Sedlacik <salo@silcnet.org> in PR 14887
Changes in the NetBSD's package from version 0.6.4 -> 0.7.1:
- upgrade to silc-server-0.7.1 (the main changes below)
the biggest change is the ipv6 support (new configuration file format is
needed, though)
- removed patch-ac because it was integrated into distribution
(patch-ad was moved in its place)
- completely rewritten rc.d script to use rc.subr instead and fixed the
problem with removing pidfile so now status) works fine.
- added default motd file
- INSTALL and DEINSTALL scripts are cleaner and more useful, check for logs
directory before creating it, added motd.txt installing/removing.
- better and more helpful default configuration file (added Example:
sections for each variable)
- added examples/ directory containing sample configurations of various
scenarios into $DOCDIR
changes in the silc-server itself:
o Fixed WHOIS and IDENTIFY commands to return correct replies,
and correct error replies. This fixes various weird bugs
related to these commands.
o Send NO_SUCH_CLIENT_ID error notify if received private
message to invalid Client ID. It is guaranteed that if
private message is sent to unknown client, the sender will
receive a notification for it.
o Send the kicker's information in KICK command to the kicked
client.
o Fixed LIST command to return correct amount of channels.
This fixes the weird bug that LIST would show like 50 channels
and some channels multiple times.
o Channel topics, and users SILC modes are announced now during
server->router connecting.
o Implemented the founder authentication during JOIN command.
o Support for IPv6 based Server ID added.
o Memory leak fixes.
SILC (Secure Internet Live Conferencing) is a protocol which provides
secure conferencing services in the Internet over insecure channel.
Contributed by Lubomir Sedlacik <salo@xtrmntr.org> in PR 14562
