Log message:
Updated to version 0.9.14.

This version is a major upgrade release and everyone running older version is
strongly recommended to upgrade to this version.  This version introduces
several bugfixes, security fixes and bunch of new features.  This also
completes the development work for the SILC protocol version 1.2.

Changes:

- removed patch-ac, merged into distribution
- create server keys with strict permissions

0.9.14:
=======
- Several bugfixes and security fixes were made.  A major remote exploit
  was also fixed.

- The SILC Server now ignores SIGXFSZ and SIGXCPU signals which will
  terminate the process if they occur.  They can occur in poorly
  configured environment.

- Fixed SERVER_SIGNOFF notify handling which caused ghosts to remain in
  the network.

- Fixed inviting and banning by public key.  Fixed invite and ban string
  handling.  Implemented SILC 1.2 complying invite and ban data
  distribution between routers and servers.  To also comply with SILC 1.2,
  prohibited using '@' and '!' characters in invite and ban strings.

- Support for channel public keys added.  A new feature in SILC 1.2, that
  allows join authentication using digital signatures.  Use the latest
  SILC Client to take advantage of this feature.

- Support for SILC 1.2 backup protocol.  This version introduces rewritten
  version of the backup router protocol.  The purpose of the backup router
  protocol is to prevent servers from splitting from the rest of the SILC
  network if the primary router becomes unresponsive.  There are no
  changes to the configuration of the backup router support, and old
  configurations will work with this version too.

  This version is now able to detect much better different network failure
  situations and understand how to work with them.  The servers are now
  able to actually detect when the backup router can/must be used.  They
  are also able, in case of error in backup router protocol, to resume
  back to either to the backup router or to the primary router, and always
  recover from desyncs automatically (usually within 60 seconds).

- Support for command reply error arguments was added.  This allows
  clients to better handle error conditions within command execution.

- The founder public key distribution now complies with the SILC 1.2.

Log message:
Add definitions for DEINSTALL_EXTRA_TMPL and INSTALL_EXTRA_TMPL if
USE_PKGINSTALL is "YES".  bsd.pkg.install.mk will no longer automatically
pick up a INSTALL/DEINSTALL script in the package directory and assume that
you want it for the corresponding *_EXTRA_TMPL variable.

Log message:
s/netbsd.org/NetBSD.org/

Log message:
Dependency bumps, needed because of devel/pth's major bump, and related
dependency bumps.

Log message:
Updated to version 0.9.13.

Changes:

- Fixed EOF handling in SILC Config.

- Do not send full INVITE and BAN lists in INVITE and BAN
  notifys, only the changed information.

- Fixed INVITE notify sending in INVITE command, send it
  only when needed.

- Handle the founder key change properly in CMODE_CHANGE
  notify.  Bug #122.

- Remove the mark for output (mark it only for input) after
  purging outgoing queue.  Prevents the "Error in select()"
  floods.

- Check server private key file permissions before starting
  the server.

- NULL terminate allocated string in silc_buffer_strformat.

- Rewrote the invite/ban list string handling in server to
  use SilcBuffer instead.

- Fixed double free in CMODE command when setting new HMAC
  for channel.

- Added couple of missing memset's to zero sensitive memory.

Log message:
Instead of including bsd.pkg.install.mk directly in a package Makefile,
have it be automatically included by bsd.pkg.mk if USE_PKGINSTALL is set
to "YES".  This enforces the requirement that bsd.pkg.install.mk be
included at the end of a package Makefile.  Idea suggested by Julio M.
Merino Vidal <jmmv at menta.net>.

Log message:
Update to version 0.9.12.

- use SHLIBTOOL_OVERRIDE instead of LIBTOOL_OVERRIDE, the ugly
  static libraries hack is now gone.

Changes from 0.9.11 to 0.9.12
=============================

 * Added macros SILC_SWAB_[16|32] to swab byte order of
   16-bit and 32-bit unsigned integers.
 * Use the SILC_SWAB_16 instead of htons() in server when
   handling ports since the ports in structures are always
   in little-endian order (regardless of platform).
 * Send DISCONNECT in close admin command in server.
 * Check whether we are already connecting to a remote router
   (in addition of checking whether we are already connected)
   before creating new connection.
 * Check that socket is valid after QoS is applied to data.
 * Make sure the socket connecetion is not closed to early
   when closing connection in server.  Also make sure the
   connection is always closed after error in a protocol.
 * Fixed server crash with double Primary block in config file.
 * Fixed various memory leaks around the config file parser.
 * Fixed a double free in INVITE command error handling in
   server.

Log message:
Update to version 0.9.11

IMPORTANT NOTE: This version does not include backwards support
                for the old style SILC private key so if you
                skipped 0.9.10 version you won't be able to run
                this server without generating new key pair.

Changes from 0.9.10 to 0.9.11
=============================

 * Workaround GCC bug which causes memory exhaustion when
   compiling sha1 with optimizations on UltraSPARC.  from openbsd

 * Added some sanity checks in server for correctness of the
   server configuration.
 * More log printing during backup router protocol.

 * Removed backwards support for old private key file format.
 * Removed backwards support for not-so-strict decryption length
   check, it's strict now.

 * Fixed error handling of invalid client entry when calling
   commands in server.  Fixes a crash.
 * Fixed double free in async host lookup code.
 * On backup router handle now the SERVER_SIGNOFF from router
   for local connected servers too, and close the connections.
   Do not process them as normally signing off servers when they
   really signoff by sending EOF fe, but always assume that
   router sends the SERVER_SIGNOFF.
 * Fixed socket unsetting when closing connections.
 * Fixed close command to use the port correctly when closing
   server connections.
 * Check for NULL outbuf in silc_socket_write.  It is possible
   that it is NULL is some odd case.
 * Do not call final protocol callback for backup router
   resuming protocol when closing connection.  It is closed
   by timeout in case of error.
 * Backup reconnect to router if backup resuming protocol failed.
 * Fixed double free in SKE library error hadling when signature
   error occurred.
 * Fixed double free in invite list adding code when adding
   invite strings.

Log message:
An important note to all server users:

The private key file format has changed due to a bug in the
older code.  When you run this server version it automatically
changes your private key file to the correct format.
The future versions of the SILC Server will not do that, so
do not skip this version or you will need to generate new key
pair after 0.9.11 is released.

Also backup router bugs was fixed which caused several
interesting decryption problems, so upgrading regardless
if you are runinng normal server, backup router or primary
router is strongly recommended.

Changes from 0.9.9.1 to 0.9.10
==============================

* Added the config directive PublicKeyDir for the client
  block.
* Extended the SILC_SERVER_LOG_ERROR macro to all available
  logging channels.
* Load only files with .pub suffix in PublicKeyDir.

* Fixed a typo in resuming code that fixed detach/resume
  code in server.
* Fixed CMODE setting in server when founder mode was set.
* Fixed wrong invite and ban list handling in server command
  reply.
* Fixed CUMODE founder authentication in server to not check
  for client's public key since it's not supposed to do that.
* Fixed backup router bugs: When backup resumes router and
  receives a CHANNEL_MESSAGE packet the backup must not act
  as router since the packet header decryption would be
  different.  Also, when relaying packets to channel, do not
  re-encrypt packets on backup that came from the primary
  since the connection isn't really router-router connection.

Log message:
Update to version 0.9.9.1.

Changes from 0.9.8 to 0.9.9.1
=============================

* Updated protocol version to 1.2.

  Clients and servers with support for 1.1 are not compatible with
  the new protocol!

* Print notify for server opers when backup router comes online.
* Resolve the client's public key in JOIN command if the founder auth
  data is being requested but we don't know the client's public key.
* Added idle and signon fields to the ATTRIBUTE_SERVICE attribute to
  indicate the user's current idle and signon timeof a service.
* Added MAC field to the Private Message Payload to protect against
  chosen ciphertext attacks.
* Defined the SILC_MESSAGE_FLAG_SIGNED.
* Added ERR_UNSUPPORTED_PUBLIC_KEY and ERR_OPERATION_ALLOWED status
  types.
* Added support for normal client to kill its own entries from
  the network.
* Compute maximum padding for authentication packets to make
  passphrase approximation attacks impossible (padding must be at
  least 8 bytes now).
* Added support for rekey before 2^32 sequence number wraps.
* Added Encrypt-Then-MAC order to SILC packet MAC generation.
  Deprecated the old Encrypt-And-MAC order.
* Added Encrypt-Then-MAC order to Channel Message Payload MAC
  generation.
* Added support for setting FOUNDER mode on channel with specific
  public key which can be set with CMODE command.
* Don't wait for EOF after socket error has occurred, but close the
  connection.
* Assure the RESUME_CLIENT packet is not sent to twice to backup
  router if the detached client was originated from the backup.
* Added support for removing client from invite list when kicked
  from channel, as SILC 1.2 dictates.
* Added support for the SILC 1.2 BAN and INVITEcommands and new
  ban and invite lists to server.
* Remove client from invite list in KILLED notify and in KILL
  command.
* Do not send invite list back unless asked (when sending no
  arguments) or when list was modified.
* MARS is now gone.
* Added manual pages for silcd(8) and silcd.conf(5).

* Fixed WATCH command reply handling on normal server which was
  missing altogether.
* Fixed double free in WHOIS query on normal server when forwarding
  query to router.
* Fixed MOTD command reply sending.
* Fixed the INVITE command to send the invite list in command reply.
* Fixed PING command sending in client library and handling in
  server.  The server ID must be ID Payload, not raw ID data.
* Fixed NICK command to not crash if nickname was not sent.
* Fixed channel's global_user boolean checking after detaching.
  Check it after changing the owner of the client not before.
* Fixed channel key distribution after resuming detached client.
* Fixed memory leaks with SIMs in server.
* Fixed bugs in invite list handling in INVITE command.