Context Navigation

source: trunk/docs/Changelog@ 18

Last change on this file since 18 was 18, checked in by rainer, 19 years ago
Optimized version of tiger algorithm, and basic ingredients for unit testing (part 2)
File size: 65.7 KB

Line
1	2.2.0:
2	* added a bit of unit testing
3	* improved the windows howto according to suggestions by
4	Jorge Morgado
5	* minor optimizations in various places
6	* optimized implementation of tiger checksum algorithm
7	* read in 64k blocks (faster than 4k)
8	* sh_unix.c, sh_hash.c: support file flags on *BSD, update Linux
9	file attribute code
10	* kern_head: fix compilation of kernel check module on OpenBSD
11	* updated samhainrc.linux, samhainrc.freebsd
12	* sh_unix.c: fix setrlimit (RLIMIT_NOFILE, ..)
13	* sh_files.c: fix missing use of flag_err_info
14	* sh_tiger0.c: remove repetitive use of mlock
15	* slib.c: remove fcntl's from sl_read_timeout (caller sets O_NONBLOCK),
16	add function sl_read_timeout_prep
17
18	2.1.2 (10-01-2006):
19	* fix startup error with combination of gpg+prelude
20
21	2.1.1a (22-12-2005):
22	* fixed a stupid bug in sh_files.c (break if file = dir)
23
24	2.1.1 (21-12-2005):
25	* sh_calls.c: protect sh_calls_set_bind_addr against overriding
26	* comINSTALL, updateDB: use locking
27	* samhainadmin.pl: use locking
28	* fix typos in samhainrc.solaris (noticed by Robby Cauwerts)
29	* improve zAVLSearch (remove redundant strcmp)
30	* use AVL tree in sh_files.c instead of linked list (better scaling)
31	* fix bug with suidcheck (no update/check in one-shot mode with
32	schedule instead of check interval; noticed by R. Rati)
33	* fix for problem with '-t update -i' if daemon mode (problem report
34	by Peter van der Does)
35	* fix for bug in sh_util_ask_update (two returns were required ...)
36
37	2.1.0 (31-10-2005):
38	* minor fix for cross-compiling with --with-kcheck
39	* sh_forward.c: handle bad fds in the select() fd sets
40	(reported by hmy)
41	* sh_extern.c: fix debugging code
42	* slib.c, sh_calls.c, sh_calls.h: improve handling of O_NOATIME
43	(reported by Gabor Kiss)
44	* makefile.in: fix for solaris package creation
45	* sh_mail.c, sh_readconf.c: mail filtering options
46	* sh_database.c: Oracle reconnect on connection failure
47	(bug report by Alexander A. Sobyanin)
48	* sh_unix.c: don't purge MYSQL_UNIX_PORT environment variable
49	(problem reported by Peter)
50	* sh_calls.c: fix for a HP-UX accept() problem caused by the gcc4 fix
51	* fixes for gcc 4.0.2 compiler warnings
52	* ability to use daemon mode together with update
53	(wishlist Yoan Vandoorselaere)
54	* fixes for debugging
55
56	2.0.10a (22-08-2005):
57	* fix for overlapping directory check specification (reported by Bub)
58
59	2.0.10 (21-08-2005):
60	* fix for segfault (free() on a constant string) with libprelude
61	(problem reported by Grae Noble)
62	* upgrade FreeBSD kernel check to 5.4, minor fixes
63	* useful script for users of Linux kernel check
64	(contributed by marc heisterkamp)
65	* documentation improvements (suggested by Brian Seklecki and Robby)
66
67	2.0.9 (25-08-2005):
68	* samhain_erase.c: add #define for NULL
69	* sh_suidchk.c: fix incorrect use of escaped filename
70	* sh_prelude.[ch], sh_readconf.c: configurable mapping from
71	samhain severity to prelude severity
72	* sh_unix.h: second arg of gettimeofday should be NULL
73	* sh_files.c: fix checking of directory special file (use specified
74	policy, not that of parent dir, problem found by Brian A. Seklecki)
75	* sh_entropy.c: longer timeout for entropy collector
76	* sh_socket.c, sh_forward.c: allow probing of clients for
77	necessity of configuration reload
78	* yulectl: minor fixes, option -v (verbose), new command PROBE
79	* fix 'File not found' messages for files flagged with IgnoreMissing
80	* sh_database.c: strip newline from oracle error messages
81	* sh_files.c: fix rsrc fork issue with MacOS X Tiger
82	(reported by A. Koren)
83	* never compute checksum if not checked (problem report by D.Hughes)
84	* sh_prelude.c: cleanup and bugfix by Yoann
85	* sh_hash.c: for prelude, make sure mode is supplied with user/group
86	and vice versa
87	* sh_prelude.c: provide proper FileAccess objects (bug
88	report by Mihai Ilinca)
89
90	2.0.8 (03-07-2005):
91	* configure.ac: use $LIBPRELUDE_PTHREAD_CFLAGS rather than
92	$LIBPRELUDE_CFLAGS (bugfix by Yoann)
93	* samhain.spec.in: remove support for chkconfig (it's too buggy).
94	Strangely, if invoked as install_initd it behaves sanely ...
95	* src/sh_err_log.c: fix key input (this time for real)
96	* fix --with-altlogserver (bug from 2.0.7b)
97	* remove server socket in start/stop script
98
99	2.0.7e (not released):
100	* Makefile.in: introduce a total of 6 sec delay for 'make' utilities
101	that use 1 sec resolution, and consider target out-of-date if
102	timestamp(target) = timestamp(dependency) ...
103	* src/sh_err_log.c: fix key input
104	* another fix for yulectl (use pwent->pw_dir)
105	* dsys/comINSTALL, dsys/comUNINSTALL, dsys/comBUILD: fix PATH
106
107	2.0.7d (not released):
108	* one more fix for the spec file (stupid rpm finds tags in comments!!!)
109
110	2.0.7c (not released):
111	* test/testrun_1b.sh, test/testrun_2b.sh: use $GPG_PATH
112	* dsys/comINSTALL, dsys/funcDB, dsys/funcINSTALL: some bugfixes
113	* samhain-install.sh.in: fix test -z $verbose
114	* sh_hash.c: speedup database reading
115	* Makefile.in: fix the problem that BSD make would make too much
116	* deploy: yulerc.clients -> yulerc.install.db, provide
117	$defdatabase for backward compatibility
118	* deploy: allow for comma in client_install_date
119
120	2.0.7b (not released):
121	* hp_ux.psf.in: fix psf file
122	* dsys/comINSTALL: fix $yule_date -> $yule_data
123	* Makefile.in: fix 'make depot'
124	* sh_tools.c, sh_unix.c: fix detection of open file limit
125	* sh_readconf.c: reset read_mode after reading conf file
126	* yulectl.c: better error messages, use homedir from getpwuid(geteuid)
127	* init/samhain.startLSB.in: fix misleading message in lsb init script
128	* sh_forward.c: better display for nonce u in debug mode
129	* sh_tiger*.c: fix checksum for HP-UX 64bit
130	* samhain.c: don't fetch database twice
131	* configure.ac: accept nodename for --with-logserver=...
132	* samhain_setpwd.c: return proper exit status for samhain_setpwd
133	* respond to SIGTERM on initializing
134	* fix problems with samhainadmin.pl
135	* sh_utils.c: fix bug with AddOKChars (found by Karol)
136
137	2.0.7a (not released):
138	* remove 'df' from entropy gatherer (NFS may hang)
139	* modify va_copy check (doesn't work with HP-UX PA64 compiler)
140	* fix compile warnings in sh_database.c
141	* samhain-install.sh.in: check for /usr/bin/false in /etc/shells
142	* fix install-boot on HP-UX
143	* aclocal.m4: fix configure CL parsing to recognize VAR=VALUE
144
145	2.0.7 (11-06-2005):
146	* yet another fix for the spec file (use internal dependency generator)
147	* sh_error.c, sh_prelude.c: init libprelude after open fds are closed
148	* error message if queue is full
149	* fix two compiler warnings on HP-UX
150	* fix sh_mail.c for Interix (no resolver routines)
151	* fix sh_unix_initgroups2() if no initgroups() function (bug reported
152	by Geries Handal)
153	* remove references to 'struct timezone' (Interix; problem
154	reported by Geries Handal)
155	* init/stop for prelude on SIGHUP
156	* sh_cat.h: fix a stupid bug with messages classes
157	* manual: new section on nagios (with help from kiarna),
158	more on prelude
159	* sh_prelude.c: cleanup and improvements (Yoann Vandorselaere)
160	* default prelude profile name now is 'samhain' (lowercase)
161	* sh_readconf.c: new option PreludeProfile (by Yoann Vandorselaere)
162	* remove obsolete check for linux/module.h, linux/unistd.h
163	* remove dependency on virtual/glibc in gentoo ebuild
164	(problem reported by Willis Sarka)
165
166	2.0.6 (01-03-2005):
167	* sh_prelude.c, configure.ac, aclocal.m4: support for
168	libprelude 0.9 (Yoann Vandoorselaere)
169	* sh_html.c: fix bug with entry.html template (reported by
170	Stephane Sanchez)
171	* Install.sh: fix mandir option (reported by Rodney Smith)
172	* Fixed Linux/64bit bug in definition of EUIDSLOT
173	* New targets 'make depot', 'make depot-light' (HP-UX, untested)
174	* Use sstrip for RPMs and DEBs (automatic stripping disabled)
175	* Fix aclocal.m4 for autoconf 2.59 (missing $ac_cr_alnum et al.,
176	problem noticed by Yoann Vandoorselaere)
177	* Modify samhain.spec.in to disable automatic stripping upon install
178	* Fix deploy.sh + '--enable-gpg', and fix 'make rpm' and 'make deb'
179	for '--with-khide' (problems reported by Mark)
180	* Fix compile error in sh_tools.c on HP-UX 10.20
181	(problem reported by Dennis Boylan)
182	* Runtime configuration of server listening port (wishlist)
183	* Runtime configuration of server listening interface (wishlist)
184	* Ignore SIGTTIN (consistency)
185	* Use SIGTTOU to force file check (wishlist)
186
187	2.0.5b (01-04-2005):
188	* Fix build problem b/o timestamp on stamp file
189
190	2.0.5a (16-03-2005):
191	* Fix problem with 'make rpm' (reported by Dirk Brümmer)
192
193	2.0.5 (02-03-2005):
194	* Fix bug with partial reads from clients in server
195	(bug report by Brian)
196	* Support gpg checksum bootstrap with yule
197	* Support mount option check on HP-UX
198	* For MAIL FROM, use 'example.com' as domain part if
199	hostname is numeric (problem reported by Eric Raymond)
200	* The HOWTO-write-modules has been updated.
201	* Convenience functions to insert data in database have been
202	added.
203	* Use int0x03 only on i386 in sh_derr() (portability problem
204	reported by John Mandeville)
205
206	2.0.4 (09-02-2005):
207	* Fixed broken 'make deb' (problem report by olfi)
208	* Fixed minor bug in test scripts (detection of gmake vs. make)
209	* Fixed Tru64/OSF compile warnings (reported by B. Terp)
210	* Normalize list parsing to allow comma, space, and tab as separators
211	* Some more descriptive error messages in kern_head.c
212	* Absolute path to utilities in init/samhain.startLinux.in
213	* Fixed is_root variable in deploy.sh
214	* Fixed 'deploy.sh info'
215	* Fixed 'deploy.sh install' client startup
216	* Fixed 'make tbz': don't remove ebuild scripts in 'make dist'
217	(issue reported by W. Sarky)
218
219	2.0.3 (14-12-2004):
220	* Fix CPPFLAGS with mysql/postgresql (repoted by P. Smith)
221	* Fix missing sys/time.h include in slib.c (reported by Jonas)
222	* Workaround for file closing problem with Prelude+GPG
223	* Fixed memory leak with Prelude.
224	* Fixed bug in samhain_stealth (PGP signature not correctly
225	retrieved from hidden configuration; report and patch by V. Tuska)
226	* Added Perl script to concatenate file signature database files
227	* Fix compile error with combination of --enable-nocl and
228	--enable-stealth (reported by Zdenek Polach)
229	* Fix bug in dsys/initscript with --enable-nocl
230	* Fix declaration of sh_kern_timer()
231	* Fix missing Mounts+Userfiles options in appendix of manual
232	* Updated the README (bug report by H. Franzke)
233	* Fix some compiler warnings
234
235	2.0.2a (09-11-2004):
236	* Fixed OoM condition when client rc file not found (reported by Eilko)
237
238	2.0.2 (08-11-2004):
239	* Fixed buffer overflow in sh_hash_compdata() (only in 'update' code)
240	* Fixed uninitialized variable in sh_mail_msg() (problem reported
241	by Michael Milvich)
242	* Fixed potential NULL pointer dereference in sh_hash_compdata()
243
244	2.0.1 (01-11-2004):
245	* Fixed compilation bug reported by jue (--with-kcheck broken).
246	* Fixed start option (bug reported by sanek). Behaviour wrt.
247	environment variables depended on the way the daemon was started.
248
249	2.0.0 (31-10-2004):
250	* The deployment system has been rewritten from scratch in
251	a cleaner and more modular and extensible way. Deployment
252	of native packages is supported now.
253	* The build system has been revised. Building outside the source
254	directory is supported now.
255	* Support for checksumming of prelinked executables / libraries
256	has been added.
257	* The configure script now checks for the SSP/ProPolice patch in GCC,
258	and enables it if present.
259	* The install-boot option in samhain-install.sh has been fixed
260	(use absolute paths for sbin utilities).
261	* A nagios plugin (scripts/check_samhain.pl) has been added.
262	* The LSB (Linux Standard Base) init script has been fixed (the output
263	was incorrect).
264	* Fetching of built binary packages has been
265	fixed ($(PACKAGE)->@install_name@).
266	* For files in proc, the timeout has been reduced, and no error
267	messages are issued upon timeout.
268	* A function has been added to print out full details for missing
269	files if encountered while in sh_files().
270	* The reporting for SuidCheck has been fixed (incorrect policy
271	noticed by JiM).
272	* On Linux, SuidCheck does not report on files marked as candidates
273	for mandatory locking (group-id bit set, group-execute bit cleared).
274	* Fix for oracle init script (by Matt Warner)
275
276	1.8.12b (11-10-2004):
277	* fix bug in MSG_MSTAMP (%ld -> %lu)
278	* fix bugs in sh_suidchk.c (%ld -> %lu), check fopen for NULL,
279	mkdir mode for quarantine directory
280	* fix the fix for modlist_lock search in System.map
281
282	1.8.12a (01-10-2004):
283	* fix bug in samhain-install.sh.in (only occurs on Solaris), reported
284	by J. Roland
285
286	1.8.12 (27-09-2004):
287	* fix compile bug with --enable-static + --with-database=postgresql
288	* fix search for modlist_lock in System.map
289	* password auth for yule command socket (request by D. Kocic)
290	* more info about pending/sent commands to clients
291
292	1.8.11 (30-08-2004):
293	* fix static linking on Linux by use of replacement routines from
294	uClib - however, this means, there is no NIS support anymore
295	* new option AddOKChars=... to modify the set of characters for
296	filenames considered 'obscure'
297	* new option HardlinkOffset=... to specify an offset from the canonical
298	hardlink count for a directory
299	* fix some warning with HP 11.23 native compiler
300	* fix minor OpenBSD portability problems (EIDRM, compiler warning)
301	* samhainrc.5, samhain.8: updated the man pages
302	* sh_unix.c, sh_files.c: ignore 'no user/group' and 'obscure name'
303	for AllIgnore
304	* sh_kern.c: fix 'update' to display modifications
305	* sh_kern.c: fix bug with IDT check (spurious alerts b/o uninitialized
306	fields)
307	* stealth kernel modules: fix for linux 2.6, fix
308	redefine of KERNEL_VERSION
309	* warn about stealth kernel module problem with 2.6 in manual
310	* sh_unix.c: remove some cruft
311	* fix a typo in the manual (noticed by J. Rubin)
312	* configure.ac: re-order output from libprelude-config (required
313	for static linking - problem reported by E. Neber)
314	* kern_head.h, kern_head.c: fixes for Linux 2.6 kernel
315
316	1.8.10b (13-07-2004):
317	* fix incorrect usage of 'retry_msleep()' in sh_kern.c (reported
318	by Pat Smith)
319
320	1.8.10a (13-07-2004):
321	* depend-gen.c: fix for FreeBSD 'make' which does not understand
322	the dependencies ... (problem reported by David Thiel)
323
324	1.8.10 (13-07-2004):
325	* sh_unix.c/sh_unix.h: fix defaults for 'GrowingLogFiles' policy
326	(bug report by VZoubkov)
327	* fix some warnings (unreachable statement) with HP-UX native compiler
328	* kern_check.c: silence warning about 'sendfile' for 4.10
329	(noticed by Ryan Beasley)
330	* modify depend-gen.c to ignore sh_gpg_chksum.h
331	* add a non-plaintext version of GPG_HASH (sh_gpg_chksum.h)
332	* .. and for fingerprint
333	* sh_suidchk.c: fix some compiler warnings on solaris
334	* allow commas to separate multiple entries in a RedefXXX= directive
335	* replace sleep/usleep with nanosleep wrapper function
336	* replace alarm() for read timeout with select() in sl_read_timeout
337	(should fix bug reported by Scott Kelley)
338	* increase lstat/open timeout to 6 sec
339
340	1.8.9 (16-06-2004):
341	* made 'no action specified' error message more informative
342	(suggested by Stephen Gill)
343	* fix memory leak in mysql sh_database_query() (bug report by Dejan)
344	* remove some cruft from the code
345	* sh_files.c: check MacOS X resource forks (idea from Osiris)
346	* sh_files.c: no hardlink check for MacOS X
347	* sh_util_ask_update: fix bug with no terminal in non-interactive mode
348	(report and debug data by Kris Dom)
349	* manual refactored
350	* fix redundant messages when updating with suidcheck
351	* allow interactive update for suid files
352	* don't remove the TZ environment variable to guard against
353	misconfigured hosts
354	* also use gethostname if uname returns possibly truncated name
355	* fix improper file descriptor handling in sh_mail.c (bug report
356	by Alex Weiss)
357	* cleanup MBLK cruft
358	* use SH_ALLOC/SH_FREE in sh_prelude.c
359	* update sstrip to Version 2.0
360
361	1.8.8 (25-05-2004):
362	* fix compilation problem on AIX 5.2 (nameser_compat.h; report by
363	Tim Evans and Ian McCulloch)
364	* don't check for trusted paths on Cygwin
365	* add Windows HOWTO written by Kris Dom
366	* kern_check.h: extend FreeBSD syscall table for 5.x
367
368	1.8.7a (03-05-2004):
369	* sh_mail.c: fix subject length
370	* sh_mail.c: fix the sh.mailNum.alarm_last fix (report by Kris Dom)
371	* sh_utils.c: sh_util_ask_update(): fix ISO C conformance bug
372	(compile problem reported by Kris Dom)
373
374	1.8.7 (01-05-2004):
375	* sh_mail.c: fix incorrect count of sh.mailNum.alarm_last, causing
376	empty mails (introduced with segfault fix in 1.8.6, report
377	by Kris Dom)
378	* sh_utils.c: sh_util_ask_update(): check whether stdin is a terminal,
379	try to reopen on controlling terminal if not
380	* sh_utmp.c: fix order of options (problem report by Uri)
381	* sh_files.c: sh_files_chk(): set tmp = NULL at end of loop
382	(may cause segfault on null dereference for missing files)
383	* sh_unix.c: patch by Marc Schütz (order of sh_unix_getinfo_type,
384	sh_unix_getinfo_attr)
385	* don't use dh_installmanpages in 'make deb' (samhain/yule conflict
386	reported by xavier)
387	* on HP-UX, define _XOPEN_SOURCE_EXTENDED in sh_mail.c and sh_tools.c
388	(suggested by Kris)
389	* include nameser_compat.h in sh_mail.c (for MacOS X,
390	suggestion by jna)
391	* sh_utmp.c: fix time for logout events (reported by Erich
392	van der Velde)
393
394	1.8.6 (15-04-2004):
395	* add CL option to set threshold for prelude and RDBMS
396	* sh_mail.c: fix bug with MailSubject option (segfault on NULL pointer
397	dereference; reported by Micha Silver)
398	* fix compiling with --disable-encrypt (reported by Pat Smith)
399	* fix minor problem in scheduler (don't return before all schedules
400	are tested, to set last_exec correctly)
401
402	1.8.5 (05-04-2004):
403	* fix bugs in sh_utmp.c (unlinking of list head); may fix an OpenBSD
404	problem (endless loop; report and debugging aid by Joe MacDonald)
405	* fix hardlink check (null dereference in error message, segfaults
406	on solaris - noticed by Bob Bloom)
407	* sh_suidcheck: don't truncate quarantined file if nlink > 1
408	* fix Install.sh (no --seperate-output with --radiolist); patch by
409	Greg Kimberly
410
411	1.8.4 (17-03-2004):
412	* add Prelude patch by Patrice Bourgin
413	* add license statement to sh_mounts.c, sh_userfiles.c after
414	receiving a clarifying e-mail from Cian Synnott
415	* support UsePersistent = no for Oracle (problem spotted and fix
416	tested by Michael Somers)
417	* fix bug in samhainadmin.pl
418	* sh_gpg.c: describe type of gpg error (if any)
419	* fix persistent connections with postgresql (reported by
420	Erwin Van de Velde)
421	* prelude: local 'meaning' shadows global in sh_prelude_alert
422	(spotted by David Maciejak)
423	* uname: workaround for cases where nodename would be a possibly
424	truncated FQDN (problem reported by Cian Synnott)
425	* re-write parts of sh_kern.c, store kernel info in baseline database
426	-> no need to recompile after kernel upgrade
427	* modify timeouts in sh_unix_getinfo, add timeout warning
428	* change handling of dangling symlinks (store in db)
429	* fix typo with MSG_FI_OBSC2 (double slash)
430	* remove redundant operation in sh_utils_safe_name
431	* fix occasional random start bytes of long messages in
432	sh_error_string (sl_strlcat -> sl_strlcpy)
433	* provide details for missing files (as for added files)
434	* remove duplicate message for no such group/user
435	* add fixes for samhain.oracle.init (supplied by Michael Somers)
436	* fix date insertion for Oracle (fix by Michael Somers)
437	* manual: fix incorrect statement about RPM (noticed by
438	Lars Kellogg-Stedman)
439
440	1.8.3 (02-02-2004):
441	* add a HOWTO-client+server-troubleshooting document
442	* fix another bug with SIGUSR2 (suspend mode)
443	* new option SetBindAddress (--bind-address=...) to force
444	interface for outgoing connections on multi-interface box
445	* don't link against libgmp if not required (i.e. standalone)
446	* test for ext2fs/ext2_fs.h or linux/ext2_fs.h
447	* new make targets 'emerge' and 'tbz2' for gentoo
448	* update rules.deb.in based on the Debian package
449	by Javier Fernandez-Sanguino
450	* updated config.guess, config.sub to version 2002-09-05
451	* external command: report failure only once
452	* console: reset failure status after success
453	* README.UPGRADE: explain 1.7.x <-> 1.8.x client/server compatibility
454	* use persistent connection to database by default
455	* option UsePersistent=no to switch off persistent connection
456
457	1.8.2 (19-01-2004):
458	* sh_userfiles.c: new option UserfilesCheckUids (requested)
459	* sh_error.c: server: don't log to logfile before dropping root
460	* new script scripts/samhainadmin.pl (administrative tasks for
461	signed config/database files)
462	* add changes code to log_msg for reports on modified files
463	* change default log threshold to 'mark', as 'none' tends
464	to confuse new users
465	* faster response time for SIGUSR2
466	* revised (mostly backward-compatible) message classes
467	* fix missing check of mailTime in server select loop
468	* add support for libprelude (version 0.8.10)
469	* fix format for MSG_E_GRNULL (reported by Stefan Hudson)
470	* fix Bourne shell incompatibility (export) in samhain-install.sh
471	(first reported by David Thiel)
472	* fix typo in spec file (first reported by Christian Vanguers)
473	* remove some cruft (signal handler, memory handling)
474	* return from sigterm handler, rather than exit directly
475	(re-entrancy problem causes more problems than it's worth)
476
477	1.8.1 (03-12-2003):
478	* fix gmp detection (problem pointed out by Nix)
479	* fix/improve the error message if test compiling with mysql fails
480	* new CL option --interactive for interactive db update
481	* fix some compiler warnings from IRIX MIPS compiler
482	* kern_head.h, kern_head.c: option to disable IDT check
483	* kern_head.h, kern_head.c: update kernel syscall table (2.4.20,2.6)
484	* sh_utmp.c: count number of logins (request by Erwin Van De Velde)
485	* change username -> userid, remove (long) userid (bug noticed
486	by Erwin Van De Velde)
487	* emit ADDED message for new SUID/SGID files
488	* add trailing slash to excluded directory if there is none
489
490	1.8.0a (04-11-2003):
491	* sh_error.c: remove two debug printf's
492
493	1.8.0 (31-10-2003):
494	* manual: make ps file fit on both a4 and letter paper
495	* sh_socket.c, sh_socket.h, sh_forward.c: socket interface
496	to send (quit/reload) commands to clients
497	* sh_forward.c, configure.ac: enable build with libwrap
498	(Wietse Venema's TCP Wrappers library)
499	* sh_ignore.c, sh_ignore.h, sh_files.c, sh_hash.c, sh_readconf.c:
500	new option to suppress messages for new and/or deleted files
501	* samhainrc.aix5.2.0: contributed by Christoph Kiefer
502	* samhain.c: fix compile warning on solaris (noticed by Ian Hunt)
503	* sh_database.c: undef debug code for oracle
504	* samhain.oracle.init: contributed by Joern Michael Krueger
505	* configure.ac, sh_utils.ac, Makefile.in, sh_modules.c,
506	sh_cat.c, sh_cat.h, sh_mounts.c/h, sh_userfiles.c/h:
507	check-mounts and userfiles modules contributed by eircom.net
508	* sh_utils.c: fix off-by-one bug in sh_util_compress()
509	* sh_forward.c, sh_tools.c, configure.ac:
510	version 2 client/server protocol
511	* sh_mail.c: add %S to include severity in subject (user request)
512	* sh_suidchk.c, 1093: fix warning about unused var 'flags' on FreeBSD
513	* samhain.h, sh_unix.h, sh_unix.c: extern inline -> static inline
514	for --enable-ptrace
515	* samhain.c: lower priority for 'uninitialized module' message
516	* sh_entropy.c: lower priority for message if /dev/random blocks and
517	/dev/urandom is available
518	* improved error messages in sh_readconf.c
519	* print system error message for getpwuid, getgrgid
520	* fix missing module init after SIGHUP (noticed by Cian Synnott)
521
522	1.7.12 (13-10-2003):
523	* sh_mail.c: fix buffer overflow in mail handler (introduced in 1.7.10)
524	thanks to bug reports by Jason Martin and Matthew P. Cox
525
526	1.7.11 (01-09-2003):
527	* samhain.c, samhain.h, sh_unix.c, sh_forward.c, sh_html.h:
528	- change SIG_USR1 to switch between dbg on/off
529	- change SIG_USR2 to switch between suspend on/off
530	- fix CLT_ILLEGAL to actually work
531	- introduce new state CLT_SUSPEND
532	- force reauthentication after suspend
533	* slib.c: change MAXFD from FOPEN_MAX (16) -> 1024
534	* sh_suidchk.c: better AIX fs detection (Christoph)
535	* sh_entropy.c: increase buffer size for unix entropy gatherer
536	(problem reported by D. Danielson)
537	* default config files: add lots of comments, list more options
538	* sh_error.c: set default severities to 'crit'
539	* sh_readconf.c, sh_cat.c, sh_cat.h: stricter check on config
540	file syntax, issue warnings (triggered by C. Kiefer)
541	* Makefile.in: handle depend-gen errors more gracefully
542	* sh_err_console.c: fix bug in enable_msgq (reported by F. Behrens)
543	* configure.ac: workaround for mysql_config weird output
544	(reported by G. Faron)
545	* sh_unix.c, sh_tiger0.c: check IO limit during read of large files
546	* depend-gen.c: close streams before attempting to rename (Cygwin)
547	* Makefile.in: fail gracefully if depend-gen fails
548	* sh_database.c: sh_database_query(postgresql): fixed missing SL_ENTER
549
550	1.7.10 (27-07-2003):
551	* FreeBSD init script: define $pidfile (reported by D. Thiel)
552	* sh_unix.c, sh_unix.h: fix compile error on AIX 4.2
553	* sh_schedule.c: fix bad array size
554	* samhain.c: fix pid_t <> int casts
555	* sh_kern.c: fix repetitive messages
556	* configure.ac: try to bootstrap if TIGER192 not supported by gpg,
557	provide a detailed error message
558	* configure.ac: try harder to locate mysql
559	* docs/Changelog: retroactively add release dates, if known
560	* sh_mail.c: fix potential message truncation in mailer
561	* sh_unix.c, samhain.c, samhain.h: make --enable-ptrace more portable
562	* sh_readconf.c: fix segfault (dereference of uninitialized pointer)
563	if --with-gpg and --enable-stealth are used together (reported
564	by Anthony Caetano)
565	* sh_unix.c, samhain.c, sh_calls.c: fix problems with descriptive
566	error messages (larger GLOB_LEN, stat fills aud_err_message)
567
568	1.7.9 (30-06-2003):
569	* sh_err_log.c: fix segfault on SIGABRT (dereference of freed memory),
570	problems with SIGABRT noticed by Brian and Alf B Lervåg
571	* deploy.sh.in: fix some bugs (found by Alf B Lervåg)
572	* scripts/chroot.sh: fix typo (found by Alf B Lervåg)
573	* configure.ac (khide): search also for 'd sys_call_table' (noted by
574	cuek_saja)
575	* strip whitespace before checking gpg checksum (noted by D. Thiel)
576	* manual (faq section): explain how to stop console output
577	* Makefile.in: fix re-naming of yule with --enable-install-name
578	* HOWTO-client+server.html: fix typo (noted by xavier renaut)
579	* configure.ac: escape '-' in awk regex (required by GNU awk 3.1.1)
580
581	1.7.8 (28-05-2003):
582	* sh_unix.c: new mlock implementation with reference count
583	and page alignment (fix for solaris problem)
584	* kern_head.c: search also for 'xxxxxxxx d sys_call_table'
585	* sh_html.c: write status comment (for Beltane 2)
586	* add CL option --delimited for comma-delimited signature database dump
587	* sh_mail.c: check exit status of push_list to fix counting bug
588	(bug reported by Alan Moore)
589	* configure.ac: add error message to --with-libs
590	* fix spelling of $DAEMON in init script (noted by C. Grigoriu)
591	* fix missing initgroups()
592
593	1.7.7 (06-05-2003):
594	* sh_forward.c: fix bug if compiled with --enable-udp, but disabled
595	in config file (found by Andy OBrien)
596	* sh_database.c: sh_database_entry(): size -> c_size (two places)
597	to fix writing of '\0' to arbitrary places :(
598	(problem pointed out by Stefan Giesen)
599	* profiles/*/configopts: fix --with-base -> --enable-base
600
601	1.7.6 (24-04-2003):
602	* sh_forward.c, entry.html, head.html: fix/additions by Stefan Giesen
603	* fix samhain_hide for the O(1) scheduler used by RedHat:
604	configure.ac, acconfig.h: check for next_task in struct task_struct
605	samhain_hide.c: use find_task_by_pid if no next_task in task_struct
606	* samhain_erase.c: add MODULE_LICENSE("GPL") to fix warning
607
608	1.7.5 (15-04-2003):
609	* sh_cat.c, sh_forward.c, sh_hash.c: fix double 'msg' tag
610	* manual: point out the bmaxdata problem on AIX in faq section
611	* trustfile.c: don't check symlinks (permissions of directory count)
612	* sh_schedule.c: fix problem with daylight saving switchover
613	* sh_samhain.c: close all open fd's >2 before reading the conf file
614	* sh_unix.c: fix dereferenced NULL pointer when exiting on non-existing
615	user
616	* sh_forward.c: fix dereferenced NULL pointer when exiting on udp error
617	* sh_forward.c: place timestamp code before select() timeout handler
618	* fix incorrect class of timestamp messages (conflict with manual)
619	* sh_readconf.c, sh_forward.c: new config option SetStripDomain
620	* configure.ac: add warning if /lib/modules/`uname -r`/build/include
621	not found
622	* samhain_hide.c: adapt for RedHat 2.4 kernel (fetch sys_call_table
623	address from System.map)
624	* sh_err_syslog.c: fix for Solaris
625	* samhain.spec.in: strip REQ_FROM_SERVER from config file install path
626
627	1.7.4 (21-03-2003):
628	* configure.ac: fix bug in defargs (--with-base > --enable-base)
629	* aclocal.ac: detect unsupported options
630	* kern_check: add syscalls, skip unused syscalls
631	* fix Manual (--enable.../--with... inconsistency)
632	* add two HOWTOs (signed files, server/client)
633	* moved manual into new subdirectory docs/
634	* add admin scripts by S.Bailey/M.Redinger
635	* option to have a version string in db file
636
637	1.7.3 (23-02-2003):
638	* samhain-install.sh: use yule user key for signing on install
639	* fix a bug in sh_err_console.c (attempted write to const char)
640	* sh_gpg.c: if server, always use ~unprivileged_user/.gnupg
641	* Makefile.in: make target 'trustfile' depend on config.h
642	* configure.ac: don't use install_name before it is defined ...
643	* sh_tiger0.c: fix bug in checksum computation introduced in 1.7.2
644	* samhain.c: make sure daemon cannot be forced into 'update' mode
645	* sh_hash.c: remove AIX workaround (AIX has been fixed meanwhile)
646
647	1.7.2 (04-02-2003):
648	* sh_kern.c: use sys_call_table address from System.map
649	* fix for reserved SQL keyword 'group'
650	* add AC_SYS_LARGEFILE to configure.ac
651	* allow separate client-specific log files for server
652	* sstrip.c: compile sstrip code only for i386
653	* sh_unix.c: closeall: don't close trace file
654	* slib.c: don't trace sl_is_suid (leads to recursion in trace handler)
655	* samhain-install.sh.in: fix detection of LSB compliant systems
656	* sh_tools.c: get_client_*_file: lstat -> stat to allow symlinks
657	* sh_forward.c: sh_forward_do_write: set O_NONBLOCK for fd
658	(may block otherwise, for no good reason apparently ...)
659	* samhain.spec.in: replace %configure with ./configure
660	* sh_unix.c: re-write signal handling (use __malloc_hook et al. to
661	check whether we are in the middle of a free/malloc/realloc/memalign)
662	* sh_unix.c: use new safe_logger() function to log from signal handler
663	* sh_err_log.c: fix xml
664	*
665	* fix Makefile.in to exit non-zero on compile failure
666	* database init: create index on log_host, entry_status
667	* sh_suidchk.c: fix path building
668	* sh_tiger0.c: read larger blocks
669	* sh_hash.c: cast inode to UINT32
670	* sh_tools.c: check that config/database files size fits in uint
671	* sh_error.c: export flag_err_debug to avoid unnecessary calls
672	* sh_unix.c: save the open() call in sh_unix_getinfo_attr()
673	* profiles/redhat_i386/bootscript: add # description field
674	* deploy.sh.in: set owner + permissions for files in yule_filedir
675	* profiles/debianlinux_i386: fix bootscript
676	* Makefile.in: fix deploy file lists and targets (include init+scripts)
677	* MLOCK GOOD/BAD -> SL_FALSE/SL_TRUE
678	* sh_mail.c: GOOD/BAD -> SL_FALSE/SL_TRUE (AIX sys/param.h)
679	* sh_err_syslog.c: split long messages rather than truncating
680	* sh_error.c: allocate msg to fix truncation limit
681	* sh_unix.c: closeall fd's >= 3 in non-daemon mode (inherited
682	filedescriptors may exceed FOPEN_MAX, causing problems in
683	sl_open_file)
684	* sh_err_console.c: avoid stdio
685	* trustfile: dirz: make swp[] static
686	* slib.c: speed up sl_strlcat
687	* clean up some bad heap allocation (PATH_MAX+(1\|2) -> PATH_MAX)
688	* remove some unused code
689	* slib.c: support long long int in the snprintf replacement
690	* configure.ac: new configure macro to check whether sa_sigaction works
691	* Makefile.in: make sstrip, encode dependent on config.h
692
693	1.7.1a (08-01-2003):
694	* fix a syntax error in samhain-install.sh.in
695
696	1.7.1 (07-01-2003):
697	* search runlevel scripts in ./init or ./
698	* handle all distro-specific Linux runlevel script issues
699	within a single script
700	* support install-boot on Yellow Dog Linux and Slackware
701	* samhain-install.sh: fix a bug for unknown Linux
702	('"' not closed, DVER not set)
703	* samhain-install.sh: check for /etc/yellowdog-release
704	* sh_database.c: fix missing entry for 'userid' in attr_tab[]
705	* fix debian.rules.in (disable sstrip)
706	* update make targets: 'srpm', 'srpm-dist', 'rpm'
707	* check for zlib if mysql is used
708	* workaround for NetBSD bug with libresolve
709	* fixed problems with spec files
710
711	1.7.0 (22-12-2002):
712	* improved spec files (Andre Oliveira da Costa <brblueser@uol.com.br>)
713	* sh_unix.c: fix a dereferenced static pointer in tf_trust_check
714	* runlevel scripts: remove pid file after stop
715	* make the data directory read-only for the daemon
716	* treat 'localhost' specially in MX resolver
717	* sh_err_log.c: set sh.flag.log_start == TRUE after writing </trail>
718	* deploy.sh.in: fix quoting (fix by Simon Bailey)
719	* slib.c: make sl_get_euid et al. behave well if uids not stored
720	* trustfile.c: use euid = uid(SH_IDENT) if server
721	* sh_mail.c: include an MX resolver
722	* Makefile.in: install-user routine for user installation
723	* have yule drop root
724	* sh_tools.c: open_temp use logdir if server
725	* unified options for runlevel script
726	* HP-UX, IRIX runlevel scripts
727	* AIX inittab entry
728
729	1.6.6 (13-12-2002):
730	* configure.ac: solaris cc -O2 -> -xO2
731	* sstrip.c: avoid alpha architecture
732	* profiles/solaris/configopts: no --enable-static
733	* sh_forward.c: sh_forward_req_file: copy argument to local array
734
735	1.6.5 (04-12-2002):
736	* sh_utmp.c: set userlist = NULL in sh_utmp_end ()
737	* sh_unix.c: do not assume that environ is sane
738	* exit handler: write </trail>
739	* sh_log_file(NULL): test sh.flag.log_start != S_TRUE
740	* FreeBSD rc script does not blindly accept content of pid file
741	* configure.ac: allow 'localhost' for log server
742	* sh_calls.c: retry_connect: ntohs (port)
743	* testrun_2[abc].sh: --with-logserver=localhost for client
744
745	1.6.4 (12-11-2002):
746	* sh_tools.c: fix error when escaping '=<'
747	* fix the 'make srpm' target
748	* deploy.sh.in: avoid that client is named 'yule'
749	* define memset to sl_memset
750	* fix type cast of uid_t, gid_t
751
752	1.6.3 (31-10-2002):
753	* fix options for Sun/Solaris native compiler
754	* sh_unix.c: MSG_FI_LIST (line 2333): cast theFile->size to fix error
755	* test sstrip on freebsd
756	* default config file for freebsd
757	* make target to build .deb packages
758	* sh_readconf.c: fix bug in error message
759	* samhain.c, sh_suidchk.c: fix initialization of suidchk
760	* samhain-install.sh.in: don't remove config file by default
761	* samhain-install.sh.in: support complete de-installation
762	* samhain-install.sh.in: add support for Gentoo, FreeBSD, and Solaris
763	* samhain-install.sh.in: check more paths
764	* sh_unix.c: fix sys_siglist declaration [NetBSD portability issue]
765	* sh_calls.c: save error message in retry_lstat()
766
767	1.6.2 (04-10-2002):
768	* make target to build rpms
769	* update samhain.spec.in, samhain.startRedHat
770	* support DESTDIR, as in 'make DESTDIR=/what/ever install'
771	* explicitely set -fno-omit-frame-pointer b/o gcc bug
772	* mv configure.in to configure.ac to benefit from autoconf wrapper
773	* sh_modules.c, sh_modules.h: add mod_reconf() to run at SIGHUP
774	* slib.c: fix debug messages (no msgs for dlogActive <= 1)
775	* sh_schedule.c, samhain.c, sh_suidchk.c:
776	scheduler may accept multiple schedules
777
778	1.6.1 (04-09-2002):
779	* sh_schedule.c: bugfix (executes only after first day)
780	* rm obsolete WITH_TRACE stuff
781	* new dlog() function for debug logging
782	* some more descriptive error messages
783
784	1.6.0 (27-08-2002):
785	* omit the -fomit-frame-pointer option (bugs in some gcc versions ?)
786	* sh_error.c: fix escape mode when logging to database
787	* sh_forward.c: fix error (twice escape) in recv_syslog_socket
788	* sh_tools.c: change escape mode for server-received data
789	* sh_mem.c: change ulong -> size_t in sh_mem_malloc()
790	* configure.in: fix localstatedir if --prefix=USR
791	* sh_hash.c: snprintf() -> sl_snprintf()
792
793	1.5.5 (07-08-2002):
794	* sh_err_log.c: fix incorrect xml syntax for client messages
795	logged by server
796	* sh_err_log.c: fix incorrect '</trail>' entries on client EXIT
797	* sh_files.c: introduce file_class_next
798	this fixes the problem that a policy for the directory
799	inode erroneously becomes a policy for the directory itself.
800
801	1.5.4 (17-07-2002):
802	* sh_hash.c: fix buffer overflow with (micro-)stealth
803	* sh_database.c: set path[] 1024 -> 12288
804	* sh_database.c: set query[] 2048 -> 16383
805	* sh_database.c: set values[] 1024 -> 16383
806	* sh_forward.c: larger limit for message size (16 kB)
807	* trustfile.c: set MAXFILENAME 2048 -> 4096
808	* fixed a bug in the handling of filenames with embedded newlines
809	* sh_files.c: fix missing sh_util_safe_name() in debug output
810	* --with-sender can specify a full address
811	* fix xml log in a backwards compatible way
812
813	1.5.3 (03-07-2002):
814	* fix combination of stealth and sql logging
815	* fix some more places where invalid UIDs/GIDs trigger errors
816
817	1.5.2 (01-07-2002):
818	* include solaris config file from (sean [at] boran d.o.t com)
819	* test for files/dirz defined twice in the configuration file
820	* option to disable reverse lookup on outbound connections
821	* option to use socket peer as client name (with name resolving)
822	* sh_html.c: fix an HTML bug (twice </head><body>)
823	* sh_suidchk.c: fix warning on AIX b/o dirname()
824	* allow logging server -> syslog if yule is NOT configured to
825	receive syslog messages
826	* define PRIi64 to "lld" if undefined
827	* invalid UIDs: use gid/uid as name, error level SeverityNames
828	* minor fixes for connect_port
829	* sh_hash.c: flush output of db listing before _exit()
830	* configure.in: fix incorrect default ${install_name} for server
831	* configure.in: try harder to find mysql.h / libpq-fe.h
832	* sh_files.c: sh_files_checkdir:
833	closedir() early to not exhaust OPEN_MAX
834
835	1.5.1a (30-05-2002):
836	* fix missing LSB init script
837
838	1.5.1 (27-05-2002):
839	* fix '-t update' option
840
841	1.5.0a (23-05-2002):
842	* fix configure.in
843
844	1.5.0 (22-05-2002):
845	* include solaris nosuid patch from (nathoo [at] co d.o.t ru)
846	* similar fix for bsd nosuid
847	* speed up -t update
848	* convert manual to DocBook, distribute html and ps
849	* fix some more problems with configure.in, Makefile.in
850	* fix testsuite, add tests for udp, mysql
851	* MSG_TCP_MSG: host -> remote_host
852	* convert to autoconf 2.53
853	* make c_bits.sh exit with status 0
854	* sh_database.c #include "mysql.h" --> <mysql.h>, ditto libpq-fe.h
855	to avoid dependency tracking problems
856	* samhain.c remove YULE #ifdefs
857	* acconfig.h remove YULE #undefs
858	* samhain.c: procdirSamhain: lstat --> stat (allow symlink)
859	* configure.in: add checks for correct user input
860	* Makefile.in: add automatic dependency tracking
861	* depend-gen: tool to figure out dependencies
862	* chkconfig comments in redhat start scripts
863
864	1.4.8:
865	* sh_database.c: fix missing attr_old, attr_new, (from)host columns
866	* configure.in, Makefile.in: fix an error in the configfile
867	definition with REQ_FROM_SERVER
868	* sh_err_console, sh_err_log: avoid recurrent failure messages
869	* timeout on read from files (/proc)
870	* fix errrors with setjmp/longjmp/alarm
871	* fix memory leak in server (~20 byte/file download in sh_tools, 930)
872	* check gpg signature for files downloaded from server, add a
873	regression test
874	* fix chown in solaris bootscript
875	* provide second scheduler for file check
876	* provide scheduler for file check
877	* provide scheduler for SUID check
878
879	1.4.7 (08-04-2002):
880	* make daemon control LSB-compliant (arguments, exit status)
881	* set log_ref = 0 for server messages
882	* boolean option SetDBServerTstamp to disable entering server
883	timestamps for received client messages into database
884	* sh_suidcheck: check for "nosuid" mount option if getmntent is used
885	* fix logrotate script in manual (reported by Scott Worthington)
886	* don't strip numerical IP addresses
887	* check item->status_now != CLT_TOOLONG in client_time_check()
888	* set log_host to client in db client message
889
890	1.4.6a (20-03-2002):
891	* define prefix in deploy.sh
892
893	1.4.6 (19-03-2002):
894	* modify samhain_hide.c to hide processes on new Linux kernels
895	* better error diagnostics in kern_head.c
896	* fix compile error in all_items ()
897	* check length of install-name in enable-khide (max is 15)
898	* define exec_prefix in deploy.sh.in
899	* make configure a bit more cross-compiler friendly
900
901	1.4.5 (07-03-2002):
902	* Make sure missing file is reported even if ptr->reported == S_TRUE
903	because the file has been added.
904	* propagate 'reported' flag from sh_files_checkdir() into file list
905	* close checkfd in sh_gpg_check_file_sign()
906	* sh_derr(): kill(parent, SIGCONT) after ptrace(PT_DETACH,...)
907	* use sh.srvcons.name in dbg() to get debugging info from daemon
908	* option to log file timestamps with localtime instead of GMT
909	* comment out MSG_FI_ADD in sh_dirs_chk () - obsoleted by mandatory
910	sh_files_filecheck(directory) that triggers MSG_FI_ADD in sh_hash.c
911	* set ptr->reported = S_FALSE; for reappeared files in sh_files_chk()
912	to make sure re-disappearing will get reported
913	* new function sh_hash_set_missing() to remove file record
914	without (duplicate) 'missing' message
915	* make sure all items are reported for added files
916	* fix stealth mode with sh_kern (encode sh_ks.h -> sh_ks_xor.h)
917	* clarify in the documentation which gpg options to use for signing
918
919	1.4.4 (11-02-2002):
920	* check that parent process has exited before writing PID file
921	* promote MGG_W_CHDIR to SH_ERR_ERR
922	* add error message to sh_unix_testlock
923	* fix missing _() macro in sh_aud_set_functions
924
925	1.4.3 (05-02-2002):
926	* don't check attributes for symlinks (may cause device access)
927	* add USE mysql; USE samhain; to samhain.mysql.init
928	* point out the MessageHeader/mysql problem in manual
929	* add -lz to LIBS for mysql
930	* strip after install, avoid double strip
931
932	1.4.2 (27-01-2002):
933	* support for EGD
934	* fix some more problems with install-deploy / deploy.sh
935	* fix a bug in profiles/suselinux_i386/bootscript (INSTALL_NAME_)
936	* fixed the 'external logging' test (init rather than none in rc file)
937
938	1.4.1:
939	* SuSE: include run level 4+5
940	* install location of hiding kernel modules changed - some insmod
941	variants do not test for /lib/modules/$(uname -r)/module_name.o
942	* new make targets 'install-deploy', 'uninstall-deploy'
943	* fixed make targets 'deploydir', 'deploydirfast'
944	* bail on unsupported CL option in deploy.sh
945	* fix various bugs in deploy.sh
946
947	1.4.0 (16-01-2002):
948	* fixed missing 'dirname' on Mac OS X
949	* fixed && tested for/with postgres
950	* 'user=' -> 'userid=' (reserved word in sql)
951	* fix the endianess + size of file database; this changes db format
952	for any non-Linux OS
953	* --enable-old-format for old (V1.3) database format
954	* getopt, samhain.c, samhain.h: option -f to loop if not daemon
955	* sh_hash: list numeric + char data to allow file db update on
956	server side
957	* sh_database: modify handling of integer (long) data
958	* sh_database: datetime in database
959	* sh_database: hash field in database
960	* sh_database: rewrite database insert string construction
961	[use INSERT INTO log (fields) VALUES (values);]
962	* makefile suse 7.x runlevel entries
963
964	1.3.7 (06-01-2002):
965	* fix incorrect escape in sh_tools_safe_name
966	* fix sh_error_handle (4. argument) in sh_extern.c
967
968	1.3.6c:
969	* fix segfault in sh_database (mysql logging) on solaris
970
971	1.3.6b (03-01-2002):
972	* fix syntax error ('==') in Makefile.in
973	* fix configure.in (path for /lib/modules/$(uname -r)/build/include)
974	* fix sh_kern.c (redeclaration of 'j')
975
976	1.3.6 (03-01-2002):
977	* sh_kern.c: check integrity of int 80h vector
978	(SucKIT rootkit - Phrack 58)
979	* make sure childs in sh_kern are wait()'ed for
980	* provide start/stop/restart/reload/status interface
981	* fix a potential segfault (dereferenced NULL pointer) in the server
982	* use sh_util_flagval for sh_unix_setdaemon
983	* documentation for logging to SQL database
984	* configure.in: check for -I/lib/modules/$(uname -r)/build/include
985	* fix trustfile.c to ignore invalid users
986	* separate 'make install-samhain' and 'make install-yule'
987	* separate default log/pid/config files for server/client
988	- less problems running server and client on same host
989	* rewrite deploy.sh(.in):
990	- don't use (make\|install) if deploying
991	- use command line options
992	- better integrate into server environment
993	- write install db
994	* always write a pidfile if daemon
995	* don't use server's config file as fallback for downloading client
996	* don't overwrite config file when doing 'make install'
997
998	1.3.5 (28-12-2001):
999	* fix --enable-message-queue for newer glibc versions
1000	* log to SQL database: implemented, but undocumented yet,
1001	needs to be tested further
1002	* xml: escape received syslog messages
1003	* xml: rename 'time' to 'tstamp'
1004	* make targets: make [un]install-[boot-]yule
1005	(for server-only installation)
1006	* fix samhain_hide.c for 2.4 kernel
1007	* fix sh_kern for updated samhain_hide.c
1008	* new option -j to just list the logfile
1009	* sh_getopt.c: recognize -Dt check for -D -t check
1010	* sh_tiger0.c: fix compiler warning (memmove) on Solaris
1011
1012	1.3.4 (12-12-2001):
1013	* sh_suidchk.c: option to limit files per second
1014	* sh_unix.c: option to limit (kilo)bytes per second
1015	* sh_hash.c: fix potential problem with '\n' in filename
1016	(not backward compatible if there are filenames with '=')
1017
1018	1.3.3 (03-12-2001):
1019	* sh_readconf.c, samhain.h, samhain.c, sh_suidchk.c:
1020	option SetNiceLevel to set scheduling priority
1021	* sh_hash.c: bugfix for database listing on Solaris
1022	* taus_seed: bugfix for emergency backup rng seed
1023	* sh_util_safe_name: fix for XML
1024	* sh_utmp_set_login_activate: use sh_util_flagval
1025	* sh_utils.c: sh_util_obscurename: rm 'space' from list
1026	* more backtrace macros
1027	* sh_util_flagval: fix bug to recognize 1/0
1028	* fix test scripts testtimesrv.sh, testext.sh (test.sh 6/5)
1029	* rm stray debug fprintf in sh_srp.c
1030
1031	1.3.2 (27-11-2001):
1032	* sh_hash.c: fix an error introduced in 1.3.1
1033	* set RLIMIT_CORE to RLIM_INFINITY if --enable-debug
1034
1035	1.3.1 (25-11-2001):
1036	* slib.c: get backtrace with --enable-debug
1037	* sh_unix.c: allow core dumps when --enable-debug
1038	* configure.in: fix default message queue permissions
1039	* sh_suidchk.c: automatically include suid/sgid files in database
1040	* sh_suidchk.c: check all suid/sgid files
1041	* sh_hash.c: don't insert duplicates when reading the database
1042	* sh_utmp, sh_kern, samhain: fix 1sec offset in timer
1043	* sh_unix.c: don't require /dev/random to be non-world-writeable
1044	* server: fix segfault in zAVLTree.c if avltree == NULL (no clients)
1045	* client: fix segfault on Solaris if path_conf == NULL
1046	* testrun_1b.sh: \(^/.\) -> \(/.\) for Solaris sed
1047
1048	1.3.0 (31-10-2001):
1049	* support compiling with GNU gmp library
1050	* set 3 sec timer on client_time_check to avoid excessive (and
1051	unnecessary) calls under heavy load
1052	* replace sl_strlen with a macro
1053	* store client_t structure in AVL tree
1054	* database format incompatible with previous format, up the magic#
1055	* sh_html.c: cache entry template for speedup
1056	* slib.c: reset islong(double) in sl_printf_count
1057	* sh_hash.c: report on rdev change
1058	* sh_hash.c: print size in 64 bit
1059	* sh_hash.c: save in absolute size types
1060	* sh_unix.c: get values as appropriate type (time_t, dev_t, ...)
1061
1062	1.2.10:
1063	* update MANUAL
1064	* sh_unix.c: tiger_hash -> tiger_generic_hash
1065	* sh_readcon.c: DigestAlgo option
1066	* sh_tiger0.c: add MD5 and SHA1
1067	* sh_unix.c: fix minor problem with win2k/cygwin
1068
1069	1.2.9 (17-10-2001):
1070	* fix problem with entry template/empty hostname
1071	* fix MASK_USER_ (MTM -> ATM)
1072	* typo fixed in configure.in (${install_name} -> {install_name})
1073	* bugfix group_old -> size_old in XML code
1074	* skip armor header in signed files
1075
1076	1.2.8 (29-09-2001):
1077	* Mac OS X: in sh_getopt.c, rename table[] to op_table[] to avoid
1078	obscure compiler warning
1079	* Mac OS X: fix test scripts
1080	* Mac OS X: import newest config.guess, config.sub from ftp.gnu.org
1081	* implement deadtime in syslog recv code to protect against flooding
1082	* sh_err_log: sl_close(fd) if lock\|forward fails
1083	* compliance with Filesystem Hierarchy Standard -- Version 2.2 final
1084	* add policies User0, User1
1085	* fix compile problem (FreeBSD) in sh_suidchk.c
1086	* macro to check for debugger breakpoints (linux/i386)
1087	* check for solaris (does not work) in sh_derr (--enable-ptrace)
1088	* option to listen on 514/udp for syslog, drop root
1089	irrevocably if compiled thus
1090	* use (check_mask & MODI_ATM) to decide whether to reset utime
1091	* reset the policy masks on sighup
1092	* option to write XML log messages
1093	* cleanup of message catalog
1094	* modified error messages for BADCONN
1095	* error messages for Rijndael
1096	* block recursive error messages within sh_error_handler()
1097	- would hang the machine ... -
1098
1099	1.2.7:
1100	* sh_files, sh_utils: check top level directory
1101	* sh_kern, sh_cat, kern_head: check syscall code, fork subprocess
1102	for reading from /dev/kmem
1103	* include /boot in default samhainrc
1104	* change source distribution signing/packaging system
1105	* Makefile, README, MANUAL: adhere to file system standard,
1106	document new locations
1107	* fix a bug in samhain_hide.c
1108
1109	1.2.6:
1110	* reset list of trusted users before config file re-read
1111	* TrustedUser=... can be a list
1112	* fix severity for files missing from IgnoreAll
1113
1114	1.2.5:
1115	* include example_pager.pl, example_sms.pl scripts
1116	* explain paging/sms setup in docs
1117	* allow manual exclusion of a directory in suidcheck
1118	* automatically track all file changes
1119	* remove missing files from in-memory database
1120	* add $(KERN) to DEPLOYFILES
1121
1122	1.2.4:
1123	* log IP address for login/logout events, if supported by the OS
1124	* release block in globerr (callback)
1125
1126	-------------
1127
1128	1.2.3:
1129	* fix problem with reading stealth configuration
1130	* fix a few formats in sh_cat.c
1131	* always use strncmp for file system type check in sh_suidchk.c
1132	(trailing 'fs' may be system specific for some types)
1133	* no bare LF in messages (RFC 2822)
1134	* no lines longer than 998 chars (RFC 2822)
1135	* fix error in testrc_1
1136
1137	1.2.2:
1138	* make tmp file directory a compile time option
1139	* fix minor bugs in tmp file allocator (potential memory leak,
1140	double slash if root directory)
1141	* obsolete testpipe script removed
1142
1143	1.2.1:
1144	* fix memory alignment in rijndael-api-fst.c: blockEncrypt()
1145	* fix byte order in HMAC code (compatibility fix for Linux/HP-UX)
1146	* removed a debug fprintf()
1147
1148	1.2.0:
1149	* fix a bug in the HMAC implementation (thanks to Cesar Tascon
1150	for help in tracking down this one)
1151	* module to check the file system for SUID/SGID files
1152
1153	1.1.16 (never released):
1154	* fix the recursion depth -1 option as described in the manual
1155	* optional database reload on SIGHUP
1156	* fix a race condition when checking that /dev/random is a charakter
1157	device
1158	* redirect stderr to /dev/null for c_random
1159	(AIX may segfault in netstat...)
1160	* check whether /dev/random is a charakter device in c_random.sh
1161	(we know at least one sysadmin who has set up a fake /dev/random ...)
1162	* don't give NULL as 2. and 3. arg to execve if not Linux - some
1163	Unices (notably Solaris) don't like it
1164	* init ptr = NULL in my_malloc (compiler warning)
1165	* make the bitmask for tests configureable (suggestion by A. Dunkel)
1166	* make the bitmask for tests a static variable
1167	* make (database/logfile/lockfile) path configurable
1168	(to run multiple instances of samhain from an NFS share - on the
1169	wishlist of J. Patton)
1170
1171	1.1.15 (never released):
1172	* fix minor error in testcompile.sh (rm test_log only at start)
1173	* return from subroutines on sig_terminate == 1
1174	(faster exit on SIGTERM)
1175	* fix re-configuration of addresses
1176	* use sh_util_flagval() in sh_mail_setFlag and sh_kern_set_activate
1177	* SysV message queue as compile option
1178	* config file option to set console device
1179	* removed the pre 1.1.9 code bloat
1180	* don't print the LOGKEY to the console
1181
1182	1.1.14:
1183	* fix an error in the setup consistency check
1184	* make target to uninstall runtime files
1185	* trustfile.c: check return code of readlink(), fix off-by-one error
1186	* sh_files.c: fix placement of terminator after readlink() call
1187	* sh_files.c: fix a missing set_suid()/unset_suid()
1188	- suid should work, but is not recommended -
1189	* more debug statements in c/s code
1190	* avoid re-entry in sh_unix_sigexit
1191	* put a block around free() and malloc() in wrapper functions
1192	* ditto for glob()/globfree(), regcomp()/regfree(), fdopen()/fclose()
1193	- i.e. avoid corrupting the heap from a signal handler -
1194
1195	1.1.13:
1196	* optimized the size of the configure script somewhat
1197	* modify the compile and hash test scripts
1198	* read '\0's in sh_unix_getline
1199	* exponential schedule for connection attempts
1200	* make stealth working properly with signed files
1201	- config file should be signed now before embedding in picture -
1202	* fix a race in using signed files
1203	* updated err messages for PWNULL, GRNULL
1204	* add missing shell script for test 11
1205	* add mandatory source file/line info with -p debug
1206	* add mandatory source line info with BADCONN
1207	* fix a latex error in the manual
1208
1209	1.1.12:
1210	* debug output to console if compiled with --enable-debug and
1211	running as daemon
1212	* make reportonlyonce=true the default
1213	* make sure state changes of a file are always reported, even
1214	with reportonlyonce=true
1215	* Linux kernel modules (samhain_hide, samhain_erase)
1216	* fixed incorrect return value of sh_util_flagval
1217	* fixed an error in sh_files.c: happens with -t init and first
1218	file that is checked does not exist
1219	* revised install/uninstall targets in the Makefile
1220	* module to check for clobbered kernel syscalls (tested on Linux 2.2)
1221	* more diagnostic error messages in sh_gpg.c
1222	* more diagnostic error messages in sh_mail.c
1223	* error in mail.c fixed
1224	(address -> address_list[i] for multiple recipients)
1225	* docs updated, better(?) explanation of signed files
1226	* skip over path in gpg checksum output
1227	* check client name against IP address and FQDN
1228	* fix for --disable-* in config file
1229	* fixed a server crash (MSG_TCP_OKMSG without arg)
1230	if the server is run with debug level output threshold
1231	* catch EAGAIN in sh_gpg.c pipe reader
1232	* fix the 'external logging' test to make it work on BSD
1233	* error message if no local path to init DB
1234	* check for i86/Solaris in configure (vsnprintf prototype)
1235	* make SRP the default
1236
1237	1.1.11:
1238	* make log file verification more convenient
1239	* fix problem with message classes in stealth mode
1240	* linux: do not try to read file attributes for devices
1241	* handle the root directory correctly (avoid "//" in listing)
1242	* fix problems with blockin on FIFOs/char dev
1243	pointed out by I. Rogalsky (rog@iis.fhg.de)
1244	- open in nonblocking mode for read, then set to blocking
1245	- open file only if regular
1246	* fix alignment in memory profiler
1247
1248	1.1.10:
1249	* minor code cleanup
1250	* fix an error in trustfile.c (handling of empty/incomplete
1251	group entries in /etc/group, bug report by A. Capriotti )
1252
1253	1.1.9:
1254	* compatibility option for old behaviour (plain hash instead
1255	of HMAC, ECB instead of CBC mode)
1256	* use CBC rather than ECB mode for encryption
1257	* use HMAC-TIGER for message authentication codes
1258	* handle NULL data in sh_tiger_hash
1259	* option to set syslog facility (default is LOG_AUTHPRIV)
1260	* longer timeout (300 sec) on /dev/random if no /dev/urandom
1261	* fix minor output error with stealth option
1262	* option not to log names of config/database files on startup
1263
1264	1.1.8:
1265	* fix error in syslog routine
1266	* fix missing 'test' in configure.in
1267	* fix error in replace_tab() in sh_html.c
1268	* fix minor memory leak in sh_util_regcmp()
1269
1270	1.1.7:
1271	* timeout on read_mbytes (from /dev/random; fallback to /dev/urandom)
1272	* fix for FreeBSD: ut_user -> ut_name in sh_utmp.c
1273	* fix for Alpha: consider $ac_cv_sizeof_unsigned_int_ in configure.in
1274	* fix for Alpha: format string in sh_tiger0.sh
1275	* on Linux, now compiles cleanly with
1276	-Wall -W -Wstrict-prototypes -Wcast-align
1277	* fix problem with recursion depth
1278	(pointed out by Vic <hvicha@mail.ru>)
1279	* #include "sh_tools.h" in sh_unix.c and fix the
1280	--with-timeserver option (reported by Vic <hvicha@mail.ru>)
1281	* place read_port(), MSG_TCP_NETRP outside ifdefs
1282	* close fd/zero skey before execve
1283	* verify client name against socket peer
1284	* ... with configureable error priority
1285	* use strcmp() rather than strncmp() in search_register()
1286	* fix race between lstat() and open() for checksum
1287	(reported by dynamo <dynamo@ime.net>,
1288	JJohnson <JJohnson@penguincomputing.com>)
1289	* enable globbing for filenames
1290	* fix Solaris problem: siginfo_t may be NULL
1291	* fix missing SL_EBADGID in tf_trust_check
1292	* test case for external scripts, fix flushing pipe
1293	* fix a typo in sh_ext_type
1294	* do an fdexec w/checksum on Linux if calling external program
1295	* even safer tmp file creation
1296	* allow db update
1297	* fix compile options for --enable-debug
1298	* fixed a spelling error in the output
1299	* test program for full CS support (config/database download)
1300	* tell which file is searched for cs download
1301
1302	1.1.6:
1303	* fix bug in sh_readconf_line (segfault on erroneous config lines)
1304
1305	1.1.5:
1306	* sh_unix.c: sh_unix_getinfo_attr: f -> flags
1307	* use gettimeofday as last resort
1308	1.1.4:
1309	* fix AIX compiler warning in sh_forward (cast arg1 of sh_tiger_hash
1310	to (char *)
1311	* configure: add static link flags for some more os (from tar)
1312	* don't strip twice (some stupid systems abort)
1313	* fix for reading from /dev/random on non-Linux systems (untested)
1314	* sh_mail.c: end all message lines with \r\n
1315	* stealth: ignore \r, \"
1316	* take out tracing from --enable-debug (presently useless anyway)
1317	* fix some remaining cleartext with debug && stealth combined
1318	* fixed a small memory leak in sh_err_log.c
1319
1320	1.1.3:
1321	* fixed circular logic in taus_seed() (fallback method only)
1322	* fix for missing _SC_OPEN_MAX (runaway close())
1323
1324	1.1.2:
1325	* implement message classes
1326	* let server recognize client message severity and class
1327	* secondary log server
1328	* keep database in memory (allows to close file
1329	if retrieved from server)
1330	* encrypt client/server communication
1331
1332	1.1.1:
1333	* Compilation problems with native Solaris compiler fixed
1334	* fill in euid/ruid variable
1335	* manual.pdf --> MANUAL.pdf
1336	* debug sh_util_formatted()
1337	* http refresh 120sec for server stat page
1338	* trace/debug options
1339	* fixed problem with utmp.c options
1340	* fixed problem with sh_mail_setaddress
1341	* option for custom message header
1342	* fixed problem in compdata
1343	* fixed problem in mail verification
1344	* remove eventual trailing '/' in file names
1345	* fixed problem with report string for modified files
1346	* option to report in full detail
1347
1348	1.1.0:
1349	* Move error messages to catalog
1350	* Make error message format more uniform
1351	* Wrap sytem calls that could be interrupted by signals
1352	* Warn on append to database
1353	* Option for full details on mod. files
1354	* Option to report only once on mod. files
1355	* Generally speaking, major modifications with potential new bugs
1356
1357	0.9.5:
1358	* sh_hash.c: fixed erroneous checksum for config file
1359	* sh_html.c: fixed erroneous timestamp (last)
1360	* sh_tools.c: fixed connect_port (set port for cached address)
1361	* sh_srp.c: fix for '00' (='\0') in pw
1362	(last two fixes by Andreas Piesk)
1363
1364	0.9.4:
1365	* samhain.c: fcntl(1, ..) -> fcntl(2, ..)
1366	* sh_hash.c: copy 12 instead of 10 byte for c_attributes
1367	* 'empty directory' WARN -> INFO
1368
1369	0.9.3:
1370	* FreeBSD fixes:
1371	- c_random.sh: make sure /dev/random provides something
1372	rather than nothing
1373	- check for <netinet/in.h> and include it
1374	- include <sys/types.h> early
1375	- sh_utmp.c: fixed an occurence of ut_user
1376	- sh_utmp.c: #ifdef HAVE_UTTYPE static char terminated_line #endif
1377	- sh_forward.c: EBADMSG -> ENOMSG
1378	* sh_unix.c: check return value of gethostbyname
1379	* sh_entropy.c: fallback on /dev/urandom if /dev/random blocks for
1380	more than 30 sec
1381	* ... and fix the timestamp format ...
1382
1383	0.9.2:
1384	* ISO 8601 timestamps
1385	* Bugfix in sh_utmp (timestring overwrite)
1386	* don't use siginfo_t on Linux (garbage as of 2.2.14)
1387	* check for Linux capabilities bug when dropping root
1388	* include README for gcc compiler bug (pointed out by A. Piesk)
1389	* explicitely set -fno-strength-reduce with gcc
1390	* fixed ignoring missing files with the IgnoreAll policy
1391
1392	0.9.1:
1393	* more ext2flags (breaks backward database compatibility on Linux)
1394	* IgnoreAll policy modified - missing/added files reported with
1395	SeverityIgnoreAll (to handle files that may or may not be present)
1396	* Check all files, not only regular ones
1397	(bug in sh_files, originally introduced because checksum of
1398	regular files only is computed)
1399
1400	0.9:
1401	* use O_NOATIME if supported
1402	* --with-nocl takes argument (PW to re-enable CL parsing)
1403	* no daemon mode if initializing database
1404	* fixed segfault in yule with 'unknown file type' request
1405	* enlarged MAX_GLOBS 24 -> 32 and made the array linear
1406	* server uses last registry entry for any given client now
1407	* deploy.sh script to deploy clients to remote hosts
1408	* enhanced signal handling: SIGUSR1/SIGUSR2/SIGABRT/SIGQUIT/SIGHUP
1409	* allow y/Y/n/N for login monitoring (in addition to 0/1)
1410	* external logging scripts/programs
1411	* trustfile.c: define STICKY on Linux
1412	* reset signal mask when initializing
1413	* EINTR_RETRY wrapper
1414	* slib: sl_read, sl_write EINTR update
1415	* use sstrip when installing
1416	* more compact database format (breaks backward database compatibility)
1417	* larger download packets
1418	* TcpFlags unsigned char
1419	* cast to (char *) head in write_port
1420	* m(un)lock cast to (char *)
1421	* (1 << 31) --> (1UL << 31)
1422	* support e2fs attributes on Linux
1423	* fixes for AIX and Solaris native compilers
1424	* fixed Makefile for non-GNU make (pattern rule --> suffix rule)
1425
1426	0.8.1:
1427	* fixed 'is_numeric()' return value
1428
1429	0.8:
1430	* added option for static compilation
1431	* added option for stealth with non-hidden config file
1432	* added option for disabling command line parsing
1433	* all options can be set in the configuration file now
1434	* stealth: xor strings in database file
1435	* fixed bug in mailer code ([] in HELO)
1436	* print timestamp when asking for key
1437	* 'micro' stealth mode (no hidden configuration file)
1438	* simplified slib
1439	* int->long for uids/gids in trustfile
1440	* moved mailkey from data to code
1441	* shell script for entropy (stronger default key)
1442	* general code cleanup
1443	* better error checking in client/server code
1444	* detect out-of-sync messages
1445	* check state across protocol passes in server
1446	* make sure authentication is mutual
1447	* file download to client
1448	* reserve six file descriptors in server
1449	* mlock queue buffer if LOG_KEY
1450	* improved robustness in bignum (don't fail on free())
1451	* per-directory recursion depths
1452	* RFC821 compliance: empty line at end of header, To field, Date field
1453	* RFC821 compliance: make e-mail transfer relieable
1454	* fix detection of hardlink changes
1455	* checksum verification for calling gpg/pgp
1456	* CL option '-S' not required for server-only binary
1457	* eliminate CL options that may leak privileged information
1458	if the program is SUID
1459	* skip leading white space in configuration file
1460	* allow nested conditionals in configuration file
1461	* allow whitespace before and after '=' in configuration file
1462	* don't leak file descriptors to child processes
1463	* make message transfer relieable
1464	* always report error on abnormal termination of connection
1465
1466	0.7:
1467	* support for alpha machines
1468	* stop TCP logging after exit message
1469	* limit connections in server (DoS attacks)
1470	* move string handling to slib
1471	* move file handling to slib
1472	* timestring without space
1473	* changed report format
1474	* SUID bugfix - use euid when checking logfile ownership
1475	* SUID bugfix - get root for lstat()
1476	* SUID bugfix - get root for opendir()
1477	* store number of hardlinks
1478	* send no message if polling empty queue
1479	* include tiger 64-bit implementation (portability)
1480	* codes for error conditions
1481	* mail check: handle multiple, overlapping audit trails
1482	* security fix: no append to database if SUID
1483	* fix sh_entropy.c (BUFSIZ -> BUF_ENT)
1484	* read command line before config file
1485	* PGP signing of config/database files
1486	* checksum of config file reported
1487	* checking for attributes only
1488
1489	0.6:
1490	* more syslogish priority specification
1491	* fixed segfault in sh_mem_check, apparently this was also
1492	the reason for the segfault in atexit()
1493	* allow for compilation with SRP authentication
1494	* fixed tiger checksum computation
1495	* fixed broken logfile verification for second and further audit trails
1496	* test program added
1497	* documentation improved
1498	* sh_forward_make_client: bug fixed in[8]->in[i]
1499	* sh_error.h: fixed missing #include <errno.h>
1500	* configure.in: fixed missing strerror() test
1501	* sh_utmp.c: check logins/logouts
1502	* check for missing files
1503	* only reset access time if necessary
1504	* O_EXCL in open()
1505	* limit environment to TZ in execve (sh_entropy.c, not used on Linux)
1506	* use trustfile() to determine whether logfile dir is trustworthy
1507	* strip head instead of tail for numerical address
1508	* store messages in fifo during log server outage
1509	* re-init session key after server outage
1510
1511	0.5 (21-12-1999):
1512	* added option for mail relay server
1513	* own popen() implementation in sh_entropy() (portability)
1514	* fixed error in sh_util_basename() (returned NULL for base == "/")
1515	* fixed segfault in strlcpy/strlcat (check for src == NULL)
1516	* FILENAME_MAX -> PATH_MAX (HP-UX 10.20)
1517	* use TIGER for 32-byte compilers (portability)
1518	* fixed hash function (do not include stdlib.h)
1519	* flush buffer before write in mailer code (IBM AIX 4.1)
1520	* make mailer code non-forking
1521	* cast argument of is...() to int (portability)
1522	* return() after _exit() for braindead compilers (portability)
1523	* optionally use inet_addr (portability)
1524	* check for broken mlock() (HP-UX 10.20)
1525	* minor code cleanups
1526	* fixed incorrect size of munlock()'ed memory in sh_error_string()
1527	* fixed a buffer overflow in the error printing routine
1528	* fixed a buffer overflow in sh_util_safe_name ()
1529	* implement SRP session key exchange
1530	* implement client/server facility
1531	* implement @host/@end construct in configuration file
1532	* preferably use uname(), and do gethostbyname() for FQDN
1533	* make vernam cipher base numeric
1534	* make OnlyStderr private in sh_error
1535	* test -e "/dev/random" --> test -r "/dev/random" (portability)
1536	* check for libsocket (portability)
1537	* add #defines for IPPORT_SMTP, IPPORT_TIMESERVER (portability)
1538	* eliminate superfluous /proc test
1539	* some unreachable code removed
1540	* cast to (byte) replaced by cast to (word64) in sh_tiger_hash()
1541	* check for setresuid() if no seteuid() (HP-UX 10.20)
1542
1543	0.4 (09-11-1999):
1544	* make sure output from /dev/random has no NULL's
1545	* one-time pad encryption for emailed keys
1546	(better than nothing ...)
1547
1548	0.3 (04-11-1999):
1549	* logfile readable for group
1550	* verify signatures for any file
1551	* signature block in tarball
1552	* use select() in time server routine
1553	* better protection for session keys (mlock)
1554
1555	0.2:
1556	* fixed incorrect man page
1557	* fixed incorrect example rc file
1558	* recursive error logging should work now
1559
1560	0.1:
1561	* initial release -- on Samhain 1999, of course
1562
1563	development start:
1564	* probably 29-06-1999
1565

Note: See TracBrowser for help on using the repository browser.

Download in other formats: