Index: trunk/docs/Changelog =================================================================== --- trunk/docs/Changelog (revision 591) +++ trunk/docs/Changelog (revision 1) @@ -1,1187 +1,6 @@ -4.5.3: - * fix inadvertent inclusion of scripts/logrotate and init/samhain.startSystemd - (reported by kjd) - * fix annoying message from systemd about read permissions for service file - (reported by kjd) - * fix compiler warnings about unused variables - * move logfile monitor module from PCRE to PCRE2 (PCRE is end of life and no - longer actively maintained) - * fix obsolete gpg option --secret-keyring used in samhainadmin script - * fix some more warnings, mostly false positives from cppcheck - -4.5.2 (02-01-2025): - * fix segfault with --enable-static on unresolvable host name - * fix autoreconf (problem reported by Pascal de Bruijn) - * add missing items to distclean Makefile target (problem - reported by Pascal de Bruijn) - -4.5.1 (08-09-2024): - * fix for regression in SHELL option for log file monitoring - (issue reported by ssha) - -4.5.0 (31-10-2023): - * fix for reading file attributes on Linux file systems - * new option UseAttributesCheck (boolean, default=yes) - -4.4.10 (14-05-2023): - * fix for (very minor) memleak in sh_unix.c: sh_check_rotated_log() - * fix for memleak in sh_files.c: sh_files_checkdir(), not all cases for - scandir() covered (issue reported by T. Greulich) - -4.4.9 (10-05-2022): - * fix for double newline stripping when reading from database - -4.4.8 (01-05-2022): - * new server option Alias=alias@hostname (based on - patch by A. Hofland) - -4.4.7 (07-03-2022): - * fix compile error on MacOS - * disable dnmalloc for gcc 11 (regexec does not work) - * fix minor compile issues with gcc 11.2 - * fix problem with login/logout monitoring on MacOS (reported - by Peter) - * fix problem caused by switch from pubkey.gpg to pubkey.kbx - (reported by A. Hofland) - -4.4.6 (05-10-2021): - * fix Debian 10 compile problem in dnmalloc (mallinfo2), - reported by A. Hofland and others - * fix compile problem on Ubuntu 20 with 'make deb' - (Debian optimization CFLAGS clash with ASM for Tiger) - * fix 'make deb' issue when compiling as client - (reported by A. Hofland) - * fix issue with inotify (reported by Thorsten) - -4.4.5 (01-07-2021): - * fix a memory leak introduced in 4.4.4 - -4.4.4 (30-06-2021): - * fix more gcc 10 compiler warnings - * fix bug with signify-openbsd in client/server setup (reported - by Sdoba) - * patch by K. Hacene for reproducible database generation - * fix recognition of invalid compiler options in configure.ac - -4.4.3 (31-10-2020): - * allow console logging to a unix domain socket - * fix spurious cppcheck warnings - * fix gcc 10 compiler warning in sh_audit.c - * fix gcc 10 compiler warning in sh_ipvx.c - * fix gcc 10 compile problem in sh_tiger1_64.c - * fix gcc 10 compiler warning in sh_portcheck.c - -4.4.2 (01-08-2020): - * re-enabled reading options from option group [samhain] in my.cnf - * fix server install in configure.ac: samhainadmin.pl <-> ..-gpg.pl, ..-sig.pl - * add more verbosity to portable binary installer, fix minor issues - -4.4.1 (27-02-2020): - * fix compatibility problem with older (version 2.0.x) GnuPG - -4.4.0 (31-10-2019): - * support for OpenBSD signify as alternative to GnuPG - -4.3.3 (11-07-2019): - * fix broken 'make deb' makefile target - * eliminate obsolete 'sstrip' utility - * systemd support - * fix broken rpm specfile (patch by Franky Van L.) - * fix broken mysql init script - * fix some issues with link-time optimisation (option -flto with - recent gcc versions) - * fix compiler warning in sh_prelude.c - * add patch (by Kamel H.) to init for alternative root fs) - -4.3.2 (07-01-2019): - * fix compile failure on OpenBSD (reported by Mithrond) - -4.3.1 (25-09.2018): - * fix compile failure on non-Linux systems (reported by Romain and Tim) - * provide more information for error message about bad baseline - database file (issue raised by Romain) - -4.3.0 (10-09-2018): - * add support for /etc/subuid, /etc/subgid maps - * fix compiler warning on Ubuntu 18.04 - -4.2.4 (21-12-2017): - * fix 'clobbered by..' compiler warning is src/sh_portcheck.c - * fix compiler warning because of deprecated _BSD_SOURCE macro - * fix 'make deb' for Debian stretch (reported by Alasdair) - * add RPM spec file patch for SLES12 (by Pirmin) - * better fix for RPMTOP detection - * fix missing entry for yuleadmin.pl in RPM spec file - * fix bug in static dns resolver (reported by Piotr G.) - -4.2.3 (31-10-2017): - * fix order of search directories for 'make rpm' (issue reported by - Z. Drableg) - -4.2.2 (03-07-2017): - * fix bug with PortCheckSkip: for any given port, only first interface - specified in config is checked (reported by A. Hofland) - * fix PortCheck bug that occasionally causes spurious detections of - open ports (patch by A. Hofland) - * add success/failure message for closing baseline database at init - -4.2.1 (06-04-2017): - * fix for broken SetSocketPassword authentication - (reported by Todd Stansell) - * fix compile issue on Solaris 11 (reported by Rolf) - * fix alignment problem with semget() (reported by Rolf) - * fix dependency on chkconfig package on Redhat/CentOS: search - /etc/init.d/functions also under /etc/rc.d/init.d/functions - (issue reported by Ernie) - * fix build issue with musl libc (report & patch by A. Kuster) - * fix case sensitivity (tcp vs TCP, udp vs UDP) in portcheck - directives (reported by A. Hofland) - * fix documentation typo ('make deploy-install' -> - 'make install-deploy', reported by Ben) - * fix dsys/funcINSTALL: proper error message if no binary - packages built yet (problem reported by Ben) - * fix install-data: make datadir chmod conditional and - align with documentation - -4.2.0 (31-10-2016): - * fix handle tracefs (permission for stat denied) when running - suidcheck without root privilege (for testing) - * fix compiler warnings on gcc 6.2 - * fix incorrect mandir option in Install.sh (reported by David) - * add option 'SetAuditdFlags = r|w|x|a' to (re-)define flags supplied - to auditd (request by David) - * fix minor bug in error message (tf_trust_errfile needs copy to - keep relevant value). - * fix SH_DEADFILE (too big, some architectures have nlink_t - as uint16, e.g. FreeBSD). - * add portcheck option 'PortCheckDevice = device' to monitor a - device regardless of address assigned to it (patch by A. Hofland, plus - some additions) - * fix case sensitivity of severity/class options (issue raised by - A. Hofland). - * clarify restrictions for ProcessCheckPSArg (user manual) - -4.1.5 (09-08-2016): - * fix memory leak in server (reported by C. Doerr). - -4.1.4 (02-06-2016): - * fix problems with wildcard pattern re-evaluation (reported by - A. Ansari): - - not stored if no match at startup - - only one (the first) stored if same pattern for file and dir - * fix problems with directory creation in inotify watched tree - (reported by A. Ansari): - - recursive depth not decreased - - watched as directory even when recursion depth should drop below zero - -4.1.3 (19-04-2016): - * on Cygwin, the AvoidBlock function is now off by default - (problem reported by Fred C) - * tighter sanity checks in sh_static.c - * fix regression with '--enable-static' in sh_static.c - (reported by amaiket). - -4.1.2 (21-12-2015): - * add options --enable-selinux and --enable-posix-acl for "hard fail" - if libraries aren't found (requested feature) - * fix wrong policy assignment when inotify is active and change occurs - during a reload (reported by Bond) - * fix failure to detect open UDP port for some daemons - (reported by James) - * fix broken 'rpm' and 'rpm-light' makefile targets - (reported by Bond) - * fix message for self-check - -4.1.1 (01-11-2015): - * fix problem with timezone calculation on month rollover for - negative timezones (west of GMT; reported by Bond) - * fix problem with rotated logfiles when content is always constant, - i.e. checksum does not change (reported by Bond). - * fix problem with baseline update on FreeBSD and probably other - non-GNU/Linux systems (reported by L.Vasiliev) - * fix bad check_libwrap() call in sh_xfer_server.c - (reported by L.Vasiliev) - -4.1.0 (24-09-2015): - * fix quirks with Linux audit support - * implement 'silent check' (requested feature) - * fix call of self_check for exit on sigterm - * fix safe_logger() - uses the logger utility with a non-posix option - * fix missing reporting on shell expansion capability in --version - * fix missing error message on invalid list for skipchecksum - (reported by Bond) - * fix missing definition for a sh_dummy_ var on BSD et al. - (reported by Andrew) - -4.0.0 (20-07-2015): - * fix and document default settings for mounts check - * new -w CL option to wait on scan completion - * new option ReportCheckflags - * enhance testsuite to cover new functionality - * implement draft for change control integration: - * new database format to store change flags - * refactoring of db I/O and client/server code - * option StartupLoadDelay - * --create-database CL option - * --outfile CL option - * --binary, --list-filter CL options - * --verify-database CL option - * yulectl -c DELTA: command - * option SetDeltaRetryCount - * option SetDeltaRetryInterval - * update documentation - * remove old/unused code - * fix compiler warnings with gcc 5.1.0 - * update config.sub, config.guess - -3.1.6 (08-06-2015): - * Modify testcompile.sh to remove 'smatch' and use 'clang' - instead. - * Fix compile problems with clang. - * Modify testcompile.sh to remove 'uno' and use 'cppcheck' - for static checking - * Move AC_CHECK_FUNCS( getnameinfo getaddrinfo ) behind - the check for libsocket to have them found on Solaris - * Fix IPv4-only bug in bind_addr use in retry_connect() - * Add more debug code in connect_port() - -3.1.5 (26-03-2015): - * Fix IPv6 issue with portcheck (need to be able to specify - IPv6 interfaces). - * Fix minor issues with bugs in testing code - * Add command line option '--server-host' to set the log server - * In samhain.startLinux.in start script template, add code to read - options from /etc/sysconfig/${NAME} for RedHat - -3.1.4 (17-02-2015): - * Add non-existent file to the regression test config - * Fix erroneous call to sh_hash_init when a missing file - is specified in the configuration - * Fix buffer allocation for getgrnam_r for large groups - (problem reported by Sergio B) - * Search RPM in $HOME/rpmbuild if test -d _topdir fails (CentOS - recommends '%(echo $HOME)/topdir', reported by E. Taft) - -3.1.3 (01-11-2014): - * Remove initgroups() from the popen call in unix entropy gatherer - * Add error message for update mode if local baseline cannot be found - -3.1.2 (07-08-2014): - * Fixed incorrect memset in sh_checksum.c (sha256) - * Circumvent a gcc compiler bug with inline asm (gcc 4.8) - * Allow multiple exclusions for SUID check - * Use calloc instead of malloc - * Add overflow check in minilzo.c (but the potential integer - overflow [CVE-2014-4607,LMS-2014-06-16-1] is irrelevant anyway - because the function is never used on external data). - * Fixed a minor bug in exepack_fill.c that was unearthed by the minilzo - overflow check (the required buffer length information for the check - wasn't provided) - * Fixed incorrect logic in setting the ALLIGNORE flag (more specific - directory / file directives were ignored) - * Fix for tickets #358 (repetitive lstat warning about deleted - directory) and #359 (reporting of deleted/added top level directory) - * Fix a free() on NULL (harmless but avoids spurious warning) - -3.1.1 (01-05-2014): - * Disable inline asm on Cygwin (issue reported by Erik) - * Fix sh_ipvx_is_ipv4 such that numeric hostnames are not - incorrectly recognised as IP address (reported by A. Hofland) - * Fix sh_ipvx_is_ipv6 - -3.1.0 (31-10-2013): - * Add support for SHA2-256 checksum function - * Drop support for --enable-khide on kernel version 3.x and above - * Fix IgnoreAdded to anchor regex at beginning of path (reported by - R.Lindner) - * Add check to detect availability of pmap_getmaps() (missing in - static library on recent Linux systems as reported by Ian Baldwin) - * Fixes for Ubuntu 13.4: - - no error msg for failing stat on /run/user/Username/gvfs in - suidcheck - - no error message for failing hardlink check on /run/user/Username - - eliminate compiler warnings - * Add option '--disable-asm' to work around a gcc issue in Debian - unstable (reported by micah) - * Remove option '-i' from mkitab in samhain-install.sh.in (reported - by N. Kerski) - -3.0.13 (11-06-2013): - * Fix detection of nonfunctional /dev/kmem - * Fix race condition in GrowingLogfiles policy that - causes spurious reports (problem noticed by J. Daubert) - -3.0.12 (16-05-2013): - * Fix compiler warning in bignum.c (unused parameter) - * Detect if /var/run is a symlink and /run exists - * Fix for broken support for audit subsystem (reported - by isquish) - * Fix for incorrect use of sh_inotify_add_watch_later - which causes a steady increase in memory usage - (issue reported by Maxime V) - * Fix for potential minor memory leak - * Fix for bug in negated conditionals for config file - (reported by M. Ward) - -3.0.11 (08-04-2013): - * Fix for compile error on HP-UX (reported by P. Alves) - * Propagate ERANGE error from getgrxxx_r (issue raised by C. Feikes) - * Fix reconnecting to database for Oracle - * Add better logrotate handling for the GrowingLogs policy (search - rotated log and verify it, don't report if this succeeds) - * Add ability to create debian packages with preset password (use - env var PASSWORD) - * Add option KernelCheckProc (bool) to suppress kernel /proc test - * Add option IgnoreModified to cover transient files that - not only get added/deleted but also modified - -3.0.10 (13-01-2013): - * Revert to previous logic in samhain.c because it will block - otherwise (reported by Alexandr Sabitov) - -3.0.9 (21-12-2012): - * Fixed a Cygwin compile warning - * Change logic in samhain.c to make sure inotify doesn't cause - excessive full scans - * Add option IgnoreTimestampsOnly in Windows registry check (ignore - changes if only timestamp has changed) - * Fix the probe command (misses clients if their startup message - has been missed) - * Fix the RPM spec file for --enable-network=client and no password - (reported by Mitch St Martin) - * Fix build error with Linux audit (reported by Andy Jack) - * Fix detection of utmpx.h (reported by D. Thiel) - -3.0.8 (01-11-2012): - * rename to 3.0.8 for release - * useful exit status for samhainadmin.pl --examine - -3.0.7a (25-12-2012): - * add ability to create RPM with preset password (use - env var PASSWORD) - * fix the rpm-light makefile target - * fix minor bug in samhain_setpwd.c (incorrect error message) - -3.0.7 (25-10-2012): - * update documentation for prelude - * fix configure to properly search for Oracle Instantclient SDK - * pass through TNS_ADMIN environment variable for Oracle - * optimize audit rules automatically - * zero out the html status file at server exit - * don't check for assembly optimization unless linux or *BSD - -3.0.6 (01-09-2012): - * install logrotate script if /etc/logrotate.d is detected - * new option --enable-suid for nagios - * fix for --enable-ptrace: make the save_tv variable thread specific - * fix bug in inotify code which made it follow symlinks (by [anonymous]) - * fix two missing SH_MUTEX_LOCK(mutex_thread_nolog) (by [anonymous]) - * fix for 'no such process' message from sh_fInotify_init_internal() - (by [anonymous]) - * fix for --enable-ptrace with threads (by [anonymous]) - * option SetReportFile for writing out summary after file check - -3.0.5 (11-07-2012): - * fix xml format templates for registry check - * fix database download on registry check init (reported by ldieu) - -3.0.4 (01-05-2012): - * fix verbosity of message for alerts on already deleted watches - (set it to debug - suggested by xrx) - * fix extraneous error messages about file not found from - sh_fInotify_init_internal() (bug reports by xrx and aj) - -3.0.3 (28-03-2012): - * fix potential deadlock in sh_ext_popen() - * make sure sh_processes_readps cannot hang forever - * fix for deadlock if sh_processes_readps hangs - * fix for deadlock if suid check and inotify are used together - (reported by A. Jack) - * fixed problem with samhain_stealth.c (handle input config - files that don't end with a newline) - * fixed compiler warnings for yulectl.c with stealth - * fixed lacking support for O_NOATIME on 64bit linux - -3.0.2a (23-02-2012): - * Fix compile error on Solaris 10 - -3.0.2 (16-02-2012): - * change sql init scripts to make bigint fields unsigned (problem - reported by A. Sabitov) - * patch by Andy Jack for issue with the --with-gpg option (hangs with - high cpu load at startup) - * call ./samhain-install.sh as /bin/sh ./samhain-install.sh in the - RPM spec file, because /var might be mounted noexec (reported by GC) - * fixed configure.ac for the case that --with-gpg and --enable-nocl are - used (./samhain for gpg checksum; problem report by Andy Jack) - * fixed a potential NULL pointer dereference in sh_inotify.c on - systems where inotify is not available (reported by ) - * fixed: the config file template mentions (in a comment) the - non-existent directive SetLockPath instead of the correct - SetLockfilePath (reported by Curtis). - * fixed: the definition of O_NOATIME isn't seen in sh_files.c. - -3.0.1 (07-12-2011): - * fix a memory leak (reported by C. Westlake) - * fix an uninitialized variable in the suidcheck code (problem - reports by T- Luettgert and Kai) - * fix a bug in the port check with --disable-ipv6 (reported - by C. Westlake) - * fix potential deadlock in sh_files.c (reported by S. Mirolo) - * change Makefile.in to stop on compile error rather than at link stage - (suggested by S. Mirolo) - * fix compile errors caused by missing #define (pthread disabled) and - wrong function call (OSX specific code), reported by S. Mirolo - * fix warning by the llvm/clang static checker - * fix compile issues on freebsd - * handle (ignore) SIGPIPE more thoroughly - * update config.guess, config.sub - -3.0.0a (06-10-2011): - * Fix compile-time issues on RHEL5 (reported by Thomas) - -3.0.0 (01-11-2011): - * Add support for the inotify API - * If --disable-shellexpand is used, also disable setting - the prelink/ps paths - * Fix missing check_mask storage for glob pattern - * Add support for integer keys in zAVL - * Fix compiler warnings with gcc 4.6.1 (variables that get set - but then remain unused) - * Add more server-side debugging for IPv6 - * Make kern_head compile with 3.x kernels - -2.8.6 (20-09-2011): - * Manual updated. - * Added an option LogmonDeadtime to avoid repetitive reporting - on correlated events. - * Fix problems with timestamp handling in logfile correlation - (problem reported by D. Dearmore) - * List the policy under which a directory/file is checked - * Option to use a textfile with a list of files for update - * Fix --enable-db-reload option (reported by David L.) - * Fix samhain_kmem compilation, need to compile under chosen - name if --enable-install-name is used (reported by David L.) - * Fix uninitialized string in error message (reported by mimox) - -2.8.5a (16-06-2011): - * Fix autolocal.m4 for new configure option - -2.8.5 (15-06-2011): - * Detect non-working /dev/kmem in configure script, and fix - a bug in the samhain_kmem kernel module. - * Fix wrong handler for LogmonMarkSeverity (reported by S. Chittenden) - * Better protection against the 'intruder on server' scenario - pointed out by xrx. Add option to disable shell expansion in - configuration files, and check gpg signature earlier. - * Support /opt/local/bin in the Unix entropy gatherer (suggestion - by Sean Chittenden) - * Cache timeserver response for one second (suggestion by - Sean Chittenden) - -2.8.4a (11-05-2011): - * Fix for compile error with --with-prelude - (reported by Sean Chittenden), missing regression test added - * Fix for compile error with --enable-udp (reported by Sean Chittenden), - missing regression test added - -2.8.4 (30-04-2011): - * Fix another reload bug in the log monitoring module - * Add unit tests for IgnoreAdded/IgnoreDeleted configuration directives - * Fix deadlock after reload when compiled with --enable-login-watch - (reported by M. Teege and O. Cobanoglu) - * Fix compile error for samhain_hide.ko with recent kernel - * Include patch by J. Graumann to specify the location of the - secret keyring with samhainadmin.pl - * Fix potential timeout problem in sh_sub_stat_int() and propagate the - error (issue reported by mtg) - * Add support for X-Forwarded-For in apache logfile parser, add - option 'RE{regex}' to insert arbitrary regex - * New options PortcheckMinPort, PortcheckMaxPort for the open ports - check - -2.8.3a (23-03-2011): - * Fix two 'label at end of compound statement' errors on FreeBSD - (reported by David E. Thiel) - -2.8.3 (22-03-2011): - * init scripts: load samhain_kmem.ko before samhain starts - * slib.c: eliminate mutex from sl_create_ticket() - * sh_entropy.c: move pthread usage out of child - * sh_hash.c, sh_pthread.c, sh_pthread.h: sh_hash_hashdelete() - needs deadlock detection, may be called from within sh_hash_init() - via atexit handler on error condition - * sh_suidchk.c, sh_calls.c, sh_calls.h: need a nosub version of lstat() - to use with relative path after chdir() - * samhain.c, sh_calls.c, sh_calls.h: only run (l)stat() in subprocess - after reading config file (to allow disabling) - * sh_unix.c: run sh_sub_kill() in parent after forking the daemon - * fix zeroing of result from getnameinfo() (problem reported by Richard) - * fix spurious warnings about unsupported address family (reported - by N Silverman) - * option to run lstat/stat in subprocess to avoid hanging on NFS mounts - (off by default) - * fix Windows/Cygwin compile error (reported by A. Schmidt) - -2.8.2 (16-02-2011): - * add function to skip checksumming - * Fix missing check for recursion depth >= 0 if not IgnoreAll - * Fix hardcoded path for temp directory in deployment scripts - * Fix bad compile on CentOS 4.8 with gcc 4.1.2 - * Fix minor bug in check_samhain.pl (pointed out by J.-S. Eon long ago) - -2.8.1 (17-11-2010): - * Document handling of missing files with secondary schedule - * Fix incorrect handling of missing files when secondary schedule - is used (reported by Sergey) - * Fix null pointer dereference in config parse handler for SetMailAlias - (reported by Sergey) - * Fix incorrect memset() in sh_kern.c (passed struct by value...), - reported by Roman and Stefan - * Fix 'make install' to create user-defined directory - * fix minor issues noticed by T. Luettgert (test code assumes port - 0/tcp is unused, wrong ifdef order (without impact on compilation)) - * fix compile error on AIX 5.3 with --enable-login-watch, - reported by M. El Nahass (time.h missing in src/sh_login_track.c) - -2.8.0 (01-11-2010): - * Support IPv6 - * Add registry checking - * Use auditd records to find out who did it - -2.7.2c (23-09-2010): - * Fix uppercase hostname problem in client/server communication - - -2.7.2b (05-09-2010): - * Fix compile errors on Solaris 10 (reported by A. Saheba) - -2.7.2a (23-08-2010): - * rewrote rijndaelKeySched() in a more conservative way to fix - compile problem on SLES 11. - -2.7.2 (16-08-2010): - * sh_utils.c: fixed an endianess issue that prevented cross-verification - of email signatures (reported by A. Zangerl) - * sh_login_track.c: fix compiler warning (ignored return value - of fwrite) - * sh_readconf.c: fix comparison of SeverityUserX string - (reported by max__) - * sh_processcheck.c: sh_prochk_set_maxpid: set retval on success - (reported by max__) - * fixed some compiler warnings on cygwin - * sh_extern.c: As reported by T. Luettgert, gcc 4.4.4 on Fedora 13 - will throw a warning if execve is called with a NULL argv pointer. - Need to provide a dummy argp[]. - -2.7.1 (07-06-2010): - * samhain_kmem.c: fix compile problems - * fix problems with config file parser: increase max. line length, - support quoting/escaping of filenames (as in 'ls --quoting-style=c') - * check for pcre_dfa_exec (not available in old versions - of libpcre, reported by Shinoj) - * patch to allow server to log client reports to prelude - (by J. Ventura) - -2.7.0a (09-05-2010): - * fix /dev/kmem detection (reported by S. Clormann) - -2.7.0 (01-05-2010): - * sh_utmp.c, sh_login_track.c: additional login checks - * sh_unix.c: use SIGTTIN as alternative for SIGABRT - (SIGABRT seems not to work on AIX, reported by Peter) - * sh_utmp.c: fix compile error without pthreads (inotify_watch used) - * sh_kern.c, kern_head.c: fix some 64bit issues - * dnmalloc.c: fix compiler warning (ignored ret value) - * Fix LSB init script for kernel module - * samhain_kmem kernel module for /proc/kmem added - -2.6.4 (22-03-2010): - * Don't read proc_root_iops in sh_kern.c (Problem report - by H. R.) - * Logfile check can check output of shell commands - * Use data directory as default for logfile checkpoints - * Fix broken checkpoint save/restore for logfiles - -2.6.3 (10-03-2010): - * Fix bug in mail module, recipients incorrectly flagged - as aliases, which breaks immediate mail for 'alert' - (reported by Jesse) - -2.6.2 (28-01-2010): - * Makefile.in: fix problem in deploy system caused - by adding build number for debs in 2.5.9 (reported - by roman) - * add option for per-rule email alias in log monitoring - module - * sh_readconf.c: make keywords case-independent - * sh_mail.c: on error, report full reply of mail server - * sh_mail.c: report smtp transcript at debug level - * make sure mail aliases are not emailed twice, and - recipients cannot be defined after aliasing them - * handle named pipes in log monitoring module - (open in nonblocking mode, ignore read error if empty) - * fix bug in the server function to probe for necessity - of configuration reload for client - -2.6.1b (23-12-2009): - * fix missing include for sh_inotify.h in sh_inotify.c - (reported by Ack) - -2.6.1a (22-12-2009): - * fix typo in code for older inotify versions without - inotify_init1(), reported by Forll - -2.6.1 (21-12-2009): - * add a routine to log monitoring module to guess the proper year - for timestamps without year (standard syslog) - * add feature to automatically detect and report bursts of - similar messages in log monitoring module - * add feature to check for missing heartbeat messages in - log monitoring module - * cache UIDs/GIDs to reduce the number of lookups - * use inotify to track login/logout (sh_inotify.c, sh_utmp.c) - * support event correlation in log monitoring module - * make sure host matching is done in a case insensitive way - (reported by Tracy) - * fix invalid use of mutex_mlock in src/sh_unix.c, function - sh_unix_count_mlock() (reported by Remco Landegge). - -2.6.0 (01-11-2009): - * don't use statvfs() for process checking on FreeBSD - * fix bug with parallel compilation of cutest in Makefile - * sh_mem.c: fix deadlock in debug-only code - * Evaluate glob patterns for each run of file check - * Add compile option to disable compiling with SSP - * Run SUID check in separate thread - * By default disable scanning ..namedfork/rsrc (deprecated by Apple) - -2.5.10 (12-10-2009): - * sh_suidchk.c: handle $HOME/.gvfs mount gracefully - * slib.c: fix race condition caused by closing a stream and the fd - -2.5.9c (01-10-2009): - * move stale file record error message closer to problem zone - * sh_port2proc.c: fix flawed logic for interpreting /proc/net/udp,tcp - -2.5.9b (22-09-2009): - * remove stale file record when creating handle, and raise diagnostic - error to find origin of stale record - * sh_port2proc.c: check /proc/net/upd6 for IPv6-only UDP sockets - -2.5.9a (17-09-2009): - * fixed a race condition in closing of file handles - -2.5.9 (11-09-2009): - * added code to generate directory for pid file, since it - would get cleaned if /var/run is a tmpfs mount (problem - reported by M. Athanasiou) - * fixed a bug that prevented reporting of user/executable path - for open UDP ports (issue reported by N. Rath) - * added more debugging code - -2.5.8a (18-08-2009): - * fixed a bug in sh_files.c that would prevent samhain from - running on MacOS X (reported by David) - -2.5.8 (06-08-2009): - * fixed a bug in the MX resolver routine which causes it to fail - sometimes (issue reported by N. Rath). - * fixed deadlock with mutex_listall in sh_nmail_test_recipients() if - error occurs within sh_nmail_flush (problem reported by N. Rath) - -2.5.7 (21-07-2009): - * sh_userfiles.c: set userUids = NULL at reconfiguration (issue - reported by U. Melzer) - * if available, use %z to print timezone as hour offset from GMT - in email date headers (problem reported by NP, solution suggested - by TimB). - * eliminate C99-style comments (problem reported by - venkat) - * fix bad variable name for AC_CACHE_CHECK - * fix potential deadlock when external programm is called - (problem reported by A. Dunkel) - -2.5.6 (09-06-2009): - * recognize fdesc filesystem on MacOS X for suid check (Problem - reported by David) - -2.5.5 (01-05-2009): - * fix some warnings from gcc 4.4 (strict aliasing) - * fix minor memory leak in process check - * t-test1.c: change function names because of clashes with an - AIX system header file - * fix warnings with -fstack-check (too large stack frames) - * fix for incorrect handling of hostnames in database insertion - (reported by byron) - -2.5.4 (04-03-2009): - * fix for incorrect input check in SRP implementation (discovered - by Thomas Ptacek) - * option KernelCheckPCI to switch off check of PCI expansion ROMs - -2.5.3 (25-02-2009): - * disable dnmalloc on MacOS X, doesn't work properly - * stat -> lstat in sh_unix_file_exists (OS X nameforks, report - by David) - * Fix problem in standalone trustfile, does not work correctly on - group-writeable files (reported by David). - * Option SetThrottle to throttle throughput for db download - * Option SetConnectionTimeout to configure the client connection - timeout configurable - * Provide getrpcbynumber, getservbyname implementations - to avoid dependencies with static linkage - * Fix missing sh.host.(system|release|machine) on FreeBSD, - reported by D.Lowry - * New option SetMailPort to allow setting of SMTP port (patch - by lucas sizzo org) - * allow POSIX regexes for filters - * consolidate filtering code from sh_extern.c, sh_(n)mail.c - * rewrite mail subsystem to allow individual filtering - for recipients - * allow shell expansion for values of config file options - * allow list as value for option PortCheckInterface - * fix bug in trustfile.c (with slapping on "/../" for symlinks) - * lock baseline database upon writing - -2.5.2b (29-01-2009): - * turn warnings into errors in the compile test suite - * fix missing define in sh_portcheck.c to eliminate compiler warning - (reported by joerg) - -2.5.2a (26-01-2009): - * fix problem building deb package (bit rot; reported by joerg) - -2.5.2 (22-01-2009): - * samhain.c: report module failure with positive offset - * sh_database.c: parse numerical fields into ulong - * fix regression test script for postgresql - * fix regression test script for SELinux/ACL test - * fix reporting of user for open ports to prelude - * report process pid for open ports - * replace _exit() by raise(SIGKILL) b/o pthread problem - * new option LooseDirCheck ([false]/true), request by - Alexander - * improved help output of samhain_stealth (as suggested - by Michael Athanasiou) - * new option ProcessCheckIsOpenVZ ([false]/true) - -2.5.1 (07-12-2008): - * workaround for freebsd7 amd64 lossage (compiler toolchain, - no mmap to 32bit address space) - * samhain-install.sh: check for presence of stealth_template.ps - before trying to create it - * use -Wno-empty-body if supported to suppress warnings about - glibc pthread_cleanup_pop implementation - * fix text relocations for i386 in src/sh_tiger1.s - * implement server->client SCAN command to initiate file check - * implement @if / @else conditionals with more tests in config file - * new option SetDropCache to drop checksummed files from cache - * report process/user for open ports on FreeBSD (code - lifted from FreeBSD sockstat.c) - * fix for config reload issue with stealth mode (reported by - siim) - * add -fstack-protector flags to LDFLAGS - * cygwin fix: don't use dnmalloc, doesn't work with pthreads - * cygwin fix: make trust check in samhain-install.sh return zero - * improved diagnostics for file read errors - * fixed script permissions (754 -> 755), reported by Christoph - * constness patch by Joe MacDonald - * GnuPG key ID patch by Jim Dutton - * sh_kern.c: more error checking for reads from kernel - -2.5.0 (01-11-2008): - * dnmalloc.c: fix inconsistent chunksize on 64bit systems - * fix improved error reporting for failed fstat in checksumming - * report process/user for open ports (Linux only currently) - * fix deadlock on exit in sh_hash_init() - * fix --enable-mounts-check for FreeBSD 7.0 (no MNT_NODEV anymore) - * log monitoring support - * fixed constness in trustfile interface - * remove libprelude 0.8 support (obsolete) - * sh_forward.c: increase TIME_OUT_DEF to 900 secs - * dnmalloc.c: initialize rc in dnmalloc_fork_child(), - reported by B. Podlipnik - -2.4.6a (09-10-2008): - * fix compile problem on Fedora 9 (reported by pierpaolo), - 'struct ucred' in sh_socket.c requires _GNU_SOURCE - -2.4.6 (27-08-2008): - * fix compile failure on win2k/cygwin (sh_unix_mlock prototype), - reported by jhamilton - * fix potential deadlock with dnmalloc upon fork() - * fix non-portable use of 'hostname -f' in regression test suite - (reported by Borut Podlipnik) - -2.4.5a (18-08-2008): - * fix compile problem in dnmalloc.c (remove prototypes for - memset/memcpy), problem reported by Juergen Daubert - -2.4.5 (07-08-2008): - * testscripts: 'chmod -R' -> 'chmod -f -R', since Solaris 10 - bails out on a chmod on a dangling link - * fix bug in check_samhain.pl nagios script (J.-S. Eon) - * use the UNO static checker - * compile as position independent executable (PIE) - * handle EINPROGRESS error (Windows/cygwin issue) - * make sure every function uses less than one page of stack - (proactive security against gap jumping, Gael Delalleau) - * use dnmalloc instead of system malloc - (proactive security against heap buffer overflows) - * fix dnmalloc bugs and portability problems - * check for compressBound, since older zlibs don't have it - -2.4.4 (30-04-2008): - * sh_database.c: fix maximum size of sql query string, maximum - size of strings in struct dbins_ - * sh_hash.c: fix maximum size of message string - * fix typo in the base64 decoder - * fix 'make cutest' for parallel compiling - * fix compile warnings with -Wstrict-prototypes - * sh_static.c: override getgrgid, getpwuid for libacl - * fix more warnings about variables clobbered by 'longjmp' - or 'vfork' (due to library internal handling of mutexes) - * fix configure warning about unused datarootdir - * configure.ac: warn, but accept nonexistent tmp dir - (Problem reported by Brian) - * sh_unix.c: undef P_ALL, P_PID, P_PGID before including - sys/wait.h (compile problem reported by Reputation) - * syslog function tested ok with Syslog Fuzzer v0.1 - by Jaime Blasco (c) 2008 - * slib.c: call fflush when writing trace to file - * sh_readconf.c: don't set OnlyStderr to false if gpg (problem - reported by Irene Reed) - * fix unconditional removal of pid file in atexit handler (bug - reported by Brian) - * fix invalid free() in sh_unix_checksum_size() - * sh_processcheck.c: workaround for stupid OpenBSD bug (returns - ENODEV instead of EAGAIN, because fgetc does - fcntl(0,F_SETFL,O_NONBLOCK) [ENODEV] internally), problem - reported by Roman R. - * fix buf that cause incomplete reporting of modified symlink if - symlink has changed and both old and new paths are >48 bytes - * fix bug that prevented mount check from running in one-shot mode - * enable mount check for openbsd - * fix processcheck default options and test script for openbsd - * option --list-file to list content of file (if saved) - * sh_tools.c: use strcasecmp in reverse lookup since DNS is case - insensitive (bug reported by Phil) - * fill content if MODI_TXT, zlib compress, base64 encode and add - as link_path in sh_unix.c; add to report in sh_hash.c - * testsuite: add test for gpg fingerprint option - * sh_extern.c: add 'CloseCommand' for syntactic sugar, - add in testsuite - -2.4.3a (12-02-2008): - * fix compile error caused by open() with O_CREAT and no third argument - (reported by J.-S. Eon) - -2.4.3 (31-01-2008): - * sh_kern.c: don't require asm/segment.h for kernel check module - * use global var with pid of initial thread instead of getpid(), - since LinuxThreads returns different value in each thread (problem - reported by Steffen Mueller) - * sh_kern.c: no inode check for pci rom (creates spurious messages) - * slib.c: eliminate prototype for vsnprintf (compile problem reported - by eddy_cs) - * Makefile.in: fix missing dependency on 'encode' for $(OBJECTS) - (reported by Matthias Ehrmann) - -2.4.2 (17-01-2008): - * fix broken option --with-checksum (reported by halosfan), - regression test added - * change HP-UX default optimization to +O2 since +O3 breaks - cutest unit testing framework - * put result vector of rng in skey struct - * fix more compiler warnings, and a potential (compiler-dependent) - NULL dereference in the unix entropy collector - * fix some compiler warnings - * use -D_FORTIFY_SOURCE=1 -fstack-protector-all instead - of -fstack-protector - * always add PTHREAD_CFLAGS to LDFLAGS - * sh_tiger0.c: checksum functions return length of file hashed, - needed to fix GrowingLogfile bug (researched by - siim at p6drad dash teel dot net) - * sh_static.c: fix more 'label at end of compound statement' - (SH_MUTEX_UNLOCK closing brace; reported anonymously) - * make sh_hash.c thread-safe - * remove plenty of tiny allocations - * improve sh_mem_dump - * modify port check to run as thread - * new option PortCheckSkip to skip ports - * fix unsetting of sh_thread_pause_flag (was too early) - -2.4.1a (28-11-2007): - * fix overwrite of ErrFlags (functionality bug) - -2.4.1 (26-11-2007): - * security fix: regression in the seeding routine for the PRNG - (detected by C. Mueller) - * regression test added for PRNG seeding routine - * fix problem with PCI ROM check (spurious messages about modified - timestamps, reported by S. Clormann) - -2.4.0a (08-11-2007): - * fix compile failure with --enable-static (reported by S. Clormann) - * fix potential deadlock if SIGHUP is received while suspended - -2.4.0 (01-11-2007): - * eliminate alarm() for I/O timeout (replaced by select) - * use getgrgid_r, getpwnam_r, getpwuid_r, gmtime_r, localtime_r, - rand_r, strtok_r if available - * protect readdir(), getpwent(), gethostname() with mutexes - (readdir_r considered harmful) - * make checksum/hash, entropy, rng functions reentrant - * use thread-specific conversion buffer for globber() - * fixed compile problems and problems with test suite - * modify login watch to run as thread - * modify process check to run as thread - -2.3.8 (03-10-2007): - * new option PortCheckIgnore = interface:portlist - -2.3.7 (13-09-2007): - * Makefile.in: fix 'make deb' target, wrong name of config file - written to debian/conffiles (reported by marc) - * configure.ac: fix incorrect order of with-prelude, enable-static - (libprelude test was always without -static) - -2.3.6 (06-09-2007): - * added yuleadmin.pl script contributed by Riccardo Murri - * fix compile error with -f-stack-protector on some systems (reported - by marc); we now check for libssp - * fix local DoS attack on BSD systems lacking getpeereid() (reported - by Rob Holland). - * fix yulectl password reading from $HOME/.yulectl_cred, erroneously - rejected passwords with exactly 14 chars (reported by Jerry Brown) - * introduce 'fflags' flag for suid files to detect new files already - found in regular file check (problem reported by J. Crutchfield); - also add regression test to ascertain that files in baseline - database are not quarantined erroneously - * sh_hash.c: replace check for prefix 'K' with check for not prefix'/' - to allow for arbitrary module-specific store/lookup in db - * replace 'visited', 'reported', 'allignore' with generic 'fflags' field - * sh_cat.c: reduce priority of MSG_TCP_RESET to avoid spamming if - port checking is used on same host as server (reported by kadafax) - * Install.sh: don't use --separate-output with non-checklist - widgets (problem discovered by D. Denton) - * sh_gpg.c, sh_userfiles.c: use sh_getpwnam et al. wrappers - -2.3.5 (20-06-2007): - * sh_portcheck.c: try to tear down connections more gracefully - (request by S. Petersen) - * fix incorrect handling of files with zero size in GrowingLogFiles - (problem reported by S. Petersen) - * fix incorrect encoding of null checksums in stealth mode - * sh_hash.c: fix repeated printing of acl/attributes in database dump - * sh_unix.c: fix option useaclcheck ignored if both useaclcheck and - useselinuxcheck are supported - -2.3.4 (01-05-2007): - * sh_processcheck.c: fix missing init of sh_prochk_res array before - check (leads to degrading functionality over time and 'fake pid' - warnings; reported by D. Ossenbrueggen and - soren dot petersen at musiker dot nu) - * sh_processcheck.c: fix memory leak - * sh_kern.c: for 2.6.21+ don't check proc_root_lookup (not possible - anymore? proc_root_inode.lookup != proc_root_lookup) - * sh_extern.c: flush streams before forking (problem if [Prelink] - used together with prelude logging, reported by M. deJong) - * fixed compilation of kern_head (regression cause by cross-compiling - fix; problem reported by S. Clormann) - * more typos fixed (reported by John Horne) - -2.3.3 (27-03-2007): - * fixed typos in configure.ac and manual (reported by John Horne) - * don't use mysql_options on x86_64, since libmysql is broken - * fixed cross-compiling (patch by Joe MacDonald) - * refactor sh_kern.c, sh_suidchk.c - * fix bug with leading slashes in linked path of symlinks within - the root directory - * sh_kern.c: check PCI ROM (Linux), refactor code - * move file descriptor closing more towards program startup - * kernel check: support OpenBSD 4.0 (wishlist) - * fix samhain_hide module (in-)compatibility with recent kernels - (reported by Jonny Halfmoon) - -2.3.2 (29-01-2007): - * fix regression in full stealth mode (incorrect comparison of - bytes read vs. maximum capacity), reported by B. Fleming - -2.3.1a (21-01-2007): - * fix incorrect use of sh_gpg_fill_startup if option --with-fp is used - (reported by zeroXten) - -2.3.1 (21-01-2007): - * fix bug that may cause accidental closure of yule TCP socket - (problem reported by B. Masuda) - * fix sh_kern.c for kernel 2.6.19 (reported by S. Clormann) - * don't use sstrip in 'make deb', since dh_shlibdeps uses objdump - (reported by B. Masuda) - * rm report.pl from rules.deb.in (reported by B. Masuda) - * samhainctl(): longer timeout (bad status reporting at startup, - reported by Phil and by Dan Track) - * sh_portcheck.c: make connect errors more descriptive - * sh_portcheck.c: fix ignored setting of PortCheckActive - * sh_processcheck.c: add statvfs, and wrap for EINTR - * sh_portcheck.c: add wrappers for EINTR - * report user and executable for hidden processes - * fix update failure if reportonlyonce = false (reported - by D. Strine) - * fix compile error in sh_portcheck.c (problem on cygwin - reported by J. D. Fiori) - * check filenames ending in space (also for utf8 spaces) - * check and escape csv formatted db listing - * cache results of sl_trustfile_euid() - * trustfile: use 4096 for MAXFILENAME, switch to strncpy - * CL option -v|--version for info on version and compiled-in options - -2.3.0a (01-11-2006): - * fix compile failure with portcheck + stealth (reported by lucas) - -2.3.0 (01-11-2006): - * fix concurrency for inserts in oracle db - * add acl_(new|old) to database schema - * check for selix attributes and/or posix acl - * new option UseSelinuxCheck (bool) - * new option UseAclCheck (bool) - * regression tests for above - * add module to check for open ports - * add module to check processes (hidden/fake/missing) - * use const char* for argument of module configuration callbacks - -2.2.6 (31-10-2006): - * fix missing support for MacOX X init script (reported - by Daniel Kowalewski) - * fix error about non-readable file with no checksum required - * fix server warning about 'no server name known' - * fix 'make deb' makefile target - * fix default export severity for server - -2.2.5 (05-10-2006): - * fix broken Install.sh, reported by Alexander Kraemer - * workaround for glob(3) sillyness on MacOS X (reported by David) - * fix for broken resorce fork check (reported by David) - * fix for broken compilation on cygwin (reported by Elias) - -2.2.4 (03-09-2006): - * add regression test for the GrowingLogFiles issue to test suite - * fixed sh_unix.c: bug in database init if GrowingLogFiles used - with signed database (reported by Timothy Stotts) - * bug in manual fixed (incorrect documentation of --enable-user, - noticed by M. Brown) - * rc.subr compatible init script for FreeBSD/NetBSD - * improve routine to find rpm after build - * add netbsd rc file from Brian Seklecki (taken from pkgsrc-wip) - * fix error in manual (location of lock file) - * fix bug with SuidExclude (files in directory were still checked) - -2.2.3 (31-07-2006): - * fix samhainadmin.pl: check for gpg-agent running if use-agent is set - (ticket #28 by anonymous) - * fix stealth mode (regression in parser), problem reported by - Joschi Kuphal - * fix minor typo in sh_database.c (compile problem reported by - Joschi Kuphal) - -2.2.2 (17-07-2006) - * minor fixes for regression test scripts - * minor updates to the manual (suggested by Brian A. Seklecki) - * fix sh_kern.c, kern_head.c: kernel rootkit detection for 2.6.17+ - (problem reported by Leonhard Maylein) - * fix samhain_hide.c for 2.6.17+: use module_param() if MODULE_PARM - is not defined - -2.2.1c (11-07-2006) - * fix sh_extern.c: sh_ext_add_default() cast to (void) was too early - (Solaris 8 build failure reported by Jesse) - * fix sh_unix.c: wrong prototype for sh_unix_mlock() - if HAVE_BROKEN_MLOCK (AIX 5.2 build failure reported by - Jonathan Kaufman) - -2.2.1b (20-06-2006): - * fix compile error on SuSE 10.1 (reported by Leonhard Maylein) - -2.2.1a (15-06-2006): - * fix compile error on i686/MacOS X (reported by Andreas Neth) - -2.2.1 (13-06-2006): - * fix gcc 4 warnings and build failure on x86_64 (debian bug #370808) - * fix compiling with Oracle (noticed by Colapinto Giovanni) - * fix configure.ac for most recent autoconf version - (debian bug #369503) - * fix a regression that would make impossible local updates w/clients - * fix a few missing '\n' in sh_getopt.c - * sh_kern.c: fall back on mmap() if read() fails on /dev/kmem - * fix Solaris package creation - * recognize Solaris doors and event ports - * fix the idmef_inode_t patch: provide required info to avoid stat() - * fix bug on database update: fill in dev and rdev fields - * fix get_file_infos() in sh_prelude.c: avoid premature return - * GCC_STACK_PROTECT_CC: AC_TRY_COMPILE -> AC_TRY_LINK - * deploy.sh: allow to set a group for hosts upon installation - * patch by Yoann: fix an issue when setting the idmef_inode_t object - * fix memory leaks in error paths in sh_prelude.c - * fix concurrent inserts with postgres in sh_database.c - * code cleanup - * fix manual version in spec file, first noticed by Imre Gergely - -2.2.0 (01-05-2006): - * patch by Jim Simmons for samhainadmin.pl.in - * fix testsuite portability problems - * fix md5 endianess problem detected on HP-UX 11i / PA-RISC 8700 - * fix potential NULL dereference in sh_utmp_endutent() - * patch by Neil Gorsuch for suidchk.c (do not scan lustre, afs, mmfs) - * fix sh_ext_popen (OpenBSD needs non-null argv[0] in execve) - * fix make_tests.sh portability (echo '"\n"' does not work on OpenBSD) - * fix bug in sh_utils_obscurename (check isascii) - * scan h_aliases for FQDN if h_name is not - * add copyright/license info to test scripts - * add copyright/license info to deployment system scripts - * support server-to-server relay - * new CL option --server-port - * minor improvements in manual - * patch by Yoann Vandoorselaere for sh_prelude.c - * allow --longopt arg as well as --longopt=arg - * verify checksum of growing log files (up to previous size) - * rewrite of the test suite - * added a bit of unit testing - * minor optimizations in various places - * optimized implementation of tiger checksum algorithm - * read in 64k blocks (faster than 4k) - * sh_unix.c, sh_hash.c: support file flags on *BSD, update Linux - file attribute code - * kern_head: fix compilation of kernel check module on OpenBSD - * updated samhainrc.linux, samhainrc.freebsd - * sh_unix.c: fix setrlimit (RLIMIT_NOFILE, ..) - * sh_files.c: fix missing use of flag_err_info - * sh_tiger0.c: remove repetitive use of mlock - * slib.c: remove fcntl's from sl_read_timeout (caller sets O_NONBLOCK), - add function sl_read_timeout_prep - -2.1.3 (13-03-2006): - * fix compile problem in slib.c (reported by Lawrence Bowie) - * fix bug with combination of one-shot update mode and file check - schedule (reportedby Dan Track) - * improved the windows howto according to suggestions by - Jorge Morgado - * fix samhain_hide kernel module for new linux kernel versions - * fix minor problem with dead client detection (problem reported - by Michal Kustosik) - -2.1.2 (10-01-2006): - * fix startup error with combination of gpg+prelude - -2.1.1a (22-12-2005): - * fixed a stupid bug in sh_files.c (break if file = dir) - -2.1.1 (21-12-2005): - * sh_calls.c: protect sh_calls_set_bind_addr against overriding - * comINSTALL, updateDB: use locking - * samhainadmin.pl: use locking +2.1.1: * fix typos in samhainrc.solaris (noticed by Robby Cauwerts) * improve zAVLSearch (remove redundant strcmp) - * use AVL tree in sh_files.c instead of linked list (better scaling) + * use AVL tree in sh_files.c instead of linked list (scales way better) * fix bug with suidcheck (no update/check in one-shot mode with schedule instead of check interval; noticed by R. Rati) @@ -1561,5 +380,5 @@ on solaris - noticed by Bob Bloom) * sh_suidcheck: don't truncate quarantined file if nlink > 1 - * fix Install.sh (no --separate-output with --radiolist); patch by + * fix Install.sh (no --seperate-output with --radiolist); patch by Greg Kimberly