zebedee-2.5.3.tar.gz: zebedee-2.5.3/CHANGES.txt

"Fossies" - the Fresh Open Source Software Archive

Member "zebedee-2.5.3/CHANGES.txt" (2 Sep 2005, 17844 Bytes) of package /linux/privat/old/zebedee-2.5.3.tar.gz:

As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "CHANGES.txt":

2.4.1A_vs_2.5.3.

1 * Release 2.5.3 2 3 Fix file descriptor leak when IP address lookup fails. 4 5 Fix problem with running a server in "reverse" mode and detached -- only 6 apparent on Windows. 7 8 Add "maxconnections" to alleviate DoS attack. 9 10 Check for target port 0 to avoid DoS. 11 12 Linux 64-bit port (a result of the "Linux on POWER" contest) courtesy of 13 Stew Benedict <stewb@linuxcontrol.net>. Use the "linux64" OS target. 14 15 Upgraded version of bzip2 and zlib. 16 17 * Release 2.5.2 18 19 Cross-platform fix for checksumming code. This is *incompatible* with version 20 2.5.1. As a temporary workaround, setting "bugcompatibility 251" will maintain 21 compatibility with release 2.5.1 for little-endian platforms (e.g. Intel). 22 This will be removed from the final production release. 23 24 Upgrade to Inno Setup 4. 25 26 More documentation fixes. 27 28 Increased the default thread stack size to 64k and added "threadstacksize" for 29 debug/test purposes. 30 31 Fix handling of HTTP/1.1 responses from proxies. 32 33 Added "acceptconnecttimeout" (supersedes "connecttimeout") along with 34 "connectattempts" (and -C command-line option), "serverconnecttimeout" and 35 "targetconnecttimeout". 36 37 Fixed bug with "clienthost" not being honoured when Zebedee was used as 38 a service. 39 40 Added display of NOTICE.txt to the Windows install process. 41 42 * Release 2.5.1 (2003/07/05) 43 44 Critical fix to the checksumming code, which wouldn't work if messages 45 got out of sync between client and server. This is *incompatible* with 46 version 2.5.0. 47 48 Fixed documentation comments on message integrity. 49 50 * Release 2.5.0 (2003/07/02) 51 52 Dropped backwards compatibility with Zebedee 1.x versions of the protocol. 53 54 Added message integrity checking ("checksumlevel" and "minchecksumlevel" 55 keywords), "dropunknownprotocol" and "lockprotocol" features and per-target 56 address checking. These are all derived from patches submitted by Henrick 57 Lund. Great work Henrick! 58 59 Added the ability to hand the peer address, target address and target 60 port to key generation commands (add a "+" to the end of the command 61 to get three extra arguments provided). 62 63 Added "httpproxyauth" -- thanks to James CE Johnson. 64 65 Added "runasuser/-N" -- thanks to Thomas Melzer. 66 67 Added per-target ID checking -- originally by Alain Turbide. 68 69 Fixed a bug with "anonymous" tunnel specs (using a "*" to default to 70 the server address). 71 72 Fixed bug writing to syslog when detached -- thanks to Kyle Dent. 73 74 Set FD_SETSIZE to 512 by default on Windows, to allow many more simultaneous 75 connections to be handled correctly (approx 250). This can be overridden 76 at compile time. Thanks to John W Campbell. 77 78 Bug fix for 64-bit HPUX support. Thanks to Kris Laporte. 79 80 * Release 2.4.1 (2002/05/29) 81 82 Fixed incorrect selection of client TCP/UDP mode when handler function is 83 run in-line (as a result of debug, multiuse or command setting). 84 85 Fixed message when client requests incompatible TCP/UDP mode. 86 87 Added "dumpdata" keyword to enable a dump of local traffic when this is 88 true (and the verbosity level is 5 or greater). 89 90 Added support for BSD/OS (OS=bsdi) in the Makefile -- thanks to Brett Wynkoop. 91 92 * Release 2.4.0 (2002/05/09) 93 94 Added support for building on MacOS X (sorry, no support for "classic" MacOS 95 yet). This required a larger initial thread stack size, which can now be 96 specified at compile time. 97 98 Fix handling of targets containing sub-net specifications. 99 100 Eliminate use of non-reentrant inet_ntoa() calls. This has never been 101 observed as a problem but could, potentially, cause issues with confusing 102 messages or even incorrect connections. 103 104 "Modernised" vncserver.zbd configuration file. 105 106 Improved the Windows key generation code. Note, however, that Zebedee's key 107 generation for all platforms is still not guaranteed to be cryptographically 108 strong. If you are really, really, concerned with the quality of key 109 generation please examine the code, improve it if necessary or call out to an 110 external command (such as "gpg --gen-random"). However, unless you are trying 111 to defend very sensitive traffic against snooping from determined and 112 well-equipped attackers I wouldn't worry too much. And if you are trying to do 113 that, Zebedee may not be the right choice for you anyway :-) 114 115 Changed server tunnel establishment message to be more informative. 116 117 Fixed (implemented!) "detached" mode for server-initiated connections. It 118 now detaches after having contacted the client but before establishing any 119 tunnels. 120 121 Added -F option to specify configuration file field separator character. 122 123 Added "sharedkey" and "sharedkeygencommand" to allow a pre-established shared 124 secret key to be specified. This and the -F option have been added primarily 125 for use in Ed Suominen's PRIVARIA. 126 127 Included "passphrase.tcl" in the distribution. 128 129 Numerous changes to the (English) documentation. 130 131 * Release 2.3.2 (2002/04/18) 132 133 Tunnel and target ports can now be suffixed with "/tcp" or "/udp" in order to 134 restrict the protocol used. This is useful when "ipmode both" is in effect. 135 So, for example a target of "localhost:5900-5910/tcp,daytime/udp" allows 136 TCP-only tunnels to 5900-5910 and UDP-only tunnels to the "daytime" port. When 137 the protocol is omitted either may be used. 138 139 Added support for UDP source address spoofing when run in "transparent" mode. 140 This makes source to target UDP traffic "transparent" but the target server 141 will be unlikely to be able to reply to any such datagrams received. Note that 142 this is not compiled in by default and requires the use of the "libnet" 143 library. 144 145 Added "readtimeout" to allow some defence against denial of service attacks. 146 If set to non-zero then remote data reads must be completed within this number 147 of seconds. This primarily affects the Zebedee protocol exchanges, idle 148 connection timeouts are handled through "idletimeout". 149 150 Added "no linger" and "keep alive" options to sockets accepted by client 151 or server in order to clean up better in the case of the peer hanging. 152 153 Modified "redirect" to support "redirect none" to turn off any default target 154 ports. 155 156 Rewrote the description of identity checking. Added further documentation 157 about server security issues. 158 159 Prohibit the default target from having an address mask. It's too confusing 160 otherwise! 161 162 Fix handling of TCP connections in mixed mode. 163 164 Fix short writes that show up on OpenBSD (thanks to Jon Leonard for this). 165 166 Revised the example config files to make them more secure by default and to 167 use more modern constructs. 168 169 * Release 2.3.1 (2002/03/15) 170 171 Changed any potentially unsafe sprintf/vsprintf instances to 172 snprintf/vsnprintf. There should never have been a remote exploit possible, 173 this just eliminates any theoretical local ones in case someone has a reason 174 to run this as root ... (Note that use of these functions may be an issue 175 on some platforms although they do appear in the UNIX98 spec and exist 176 on Windows). 177 178 Allowed CIDR address specifications for target (and server name in listenmode). 179 180 Added IP address checking with the "checkaddress" keyword. 181 182 Finally caved in and added "httpproxy" to allow connection via a web proxy 183 server using "CONNECT". 184 185 Added "transparent" keyword to attempt to act as a transparent proxy and 186 forward on the client IP address. It may work on Linux 2.0/2.2. But then 187 again, it might not ... 188 189 * Release 2.3.0 (2002/03/07) 190 191 New functionality (at last!). 192 193 Added "listenip" and -b option to set listening address. 194 195 Added "tcptimeout" and "idletimeout" to allow inactive TCP tunnels to be 196 closed. 197 198 Added "ipmode" and -U option to support mixed traffic mode for a single 199 client or server. 200 201 Makefile changes for Irix and HPUX from Kyle Dent. Others to use latest 202 version of mingw gcc and force use of "native" perl. 203 204 Note that Zebedee will now be linked with MSVCRT.DLL. That should only 205 be a problem on an old Win95 machine. 206 207 Japanese documentation NOT YET updated. 208 209 * Release 2.2.2 (2001/04/13) 210 211 Include missing Japanese documentation. 212 213 Handle files without a terminating newline. 214 215 On FreeBSD, only create a parent process if the program is going to detach. 216 This means there isn't an idle parent process if the program is not run in 217 detached mode. 218 219 Fix "PUT" handling in ftpgw.tcl. 220 221 Added RPM spec file to the distribution. 222 223 Note that all RCS id lines will have changed as the result of importing files 224 into CVS at SourceForge. 225 226 * Release 2.2.1 (2001/02/07) 227 228 Fix bug handling client access using IP address rather than host name. 229 230 * Release 2.2.0 (2001/02/02) 231 232 Add SO_KEEPALIVE code to (eventually) reap dead client connections. 233 234 Modify ftpgw.tcl to mitigate memory leak that shows up with Tcl versions < 8.4 235 (an possibly that too). It's still not perfect, but it's better! 236 237 Fix FreeBSD detaching (again!) 238 239 Handle hostnames that resolve to multiple addresses on both client and server 240 side. 241 242 Fix bug in picking up default target host. 243 244 * Release 2.1.3 (2000/10/13) 245 246 Version numbering changed to common open-source practice -- odd numbered 247 minor releases are development versions. 248 249 Added support and fixes for building on FreeBSD and Tru64 (Compaq Alpha). 250 FreeBSD requires the BUGGY_FORK_WITH_THREADS definition and an interesting 251 method of detaching a process ... 252 253 Changed the definition of SHA_LONG in sha.h for 64-bit platforms. 254 255 Handle the case where the client key-reuse token expires before the server's. 256 This would lead to a client failing to establish any connections after a 257 period of time. 258 259 Make sure messages still get written to stderr before a process actually 260 detaches from the terminal. 261 262 Mutex-protect gethostbyname to cope with platforms where it is not re-entrant. 263 264 Don't erroneously convert addresses returned by inet_addr to network byte 265 order -- they already are. 266 267 Ensure digest and nonce values are formatted correctly on 64-bit platforms. 268 269 Output network address values in host byte order so that the values are 270 consistent across platforms. 271 272 Transfer requested target host addresses by value otherwise big and 273 little-endian platforms will not interwork. 274 275 Changed default installation root to /usr and eliminated warnings when 276 building man-page for better RPM integration. 277 278 Upgraded to a newer version of the Blowfish library (from OpenSSL 0.9.5a). 279 280 Upgraded to a newer version of the bzip2 library (1.0.1). 281 282 Documentation fixes, including missing "target" documentation! 283 284 A Japanese translation of the manual for Zebedee and ftpgw are included in the 285 doc_jp sub-directory. These are not (yet) built by default, you must do so 286 separately. Thanks to NAKAJIMA Taku <tnaka@brain-tokyo.com>. 287 288 * Release 2.1.0 BETA-2 (2000/08/31) 289 290 Fix bug interpreting "*" as a valid server hostname. 291 292 Fix infinite loop if creation of server listen socket fails. 293 294 Fix parsing of tunnel specifications with embedded spaces. 295 296 * Release 2.1.0 BETA-1 (2000/08/26) 297 298 Implemented server-initiated connections. This allows a Zebedee server behind 299 a firewall to connect out to a waiting client. New keywords connecttimeout, 300 listenmode and clienthost have been introduced along with command-line options 301 -c and -l. 302 303 Added support for multiple targets being handled by a single client/server 304 pair. New keywords "tunnel" and "target" have been added to support this 305 (largely obsoleting clientport, localport, targethost and targetport). 306 307 Added -T command line option to allow the "serverport" value to be specified 308 more easily on the command-line. 309 310 Improve UDP mode to handle clients that use "connected" sockets and others 311 that expect the response to come from the same port that they sent the data 312 to. I'm told it should work with Quake now ... 313 314 Stop the private key generation code generating "trivial" key values (0 or 1). 315 It was highly unlikely but ... 316 317 Fix bug with Zebedee failing to exit when running in single-use mode on 318 Windows. 319 320 Fixed the "reusable session token" generation code. It was possible (and on 321 Windows 9x reasonable likely) for a new server to generate the same token 322 stream as a previous one, leading client and server to get out of sync. 323 324 Now close stdin/out/err when detaching for both Windows and UN*X. 325 326 Support for FreeBSD has been added to the Makefile. 327 328 A table summarising all of the keywords and options has been added to the 329 documentation. 330 331 * Release 2.0.1 (2000/08/13) 332 333 Fix bug in parsing configuration file when no command-line target port 334 was specified. 335 336 Fixed bugs compiling for "generic" UNIX, i.e. without threads. 337 338 * Release 2.0.0 (2000/05/30) 339 340 Added support for UDP datagram tunnelling. This is controlled with the new 341 keywords "udpmode" and "udptimeout". There is also a new "-u" command-line 342 option to enable UDP mode. 343 344 Added support for the reuse of a previously established shared secret key for 345 subsequent connections. As part of this change the shared key itself is now no 346 longer used directly for encryption of the data. Instead a unique "session 347 key" is established for each connection. The connection establishment protocol 348 has also been optimized to require far fewer message exchanges. Full support 349 for previous protocol versions has, however, been retained. Key reuse is 350 controlled through the use of the "keylifetime" keyword. 351 352 The default mode of operation is now "multi-use" mode unless a command string 353 has been specified. This change should be largely transparent apart from the 354 fact that it renders the "-m" command-line option obsolete, although it is 355 still supported. 356 357 Zebedee now ships with a "big number" library derived from the Python sources 358 (by way of "mirrordir"). This removes the dependency on the GMP library, 359 although that can still be used if USE_GMP_LIBRARY is defined at compile 360 time. 361 362 By default a Zebedee client now listens on all local addresses and not 363 just "localhost" so that it can act as a gateway. This can be disabled by 364 setting the "localsource" option to "true". 365 366 A number of keywords have been renamed for greater consistency and clarity. 367 The old keywords are still supported for backwards compatibility. The old and 368 new mappings are: 369 370 remoteport -> targetport 371 redirecthost -> targethost 372 remotehost -> serverhost 373 localport -> clientport 374 375 Expanded the sample configuration files to show more examples. 376 377 Fix bug hanging when writing to stderr in detached mode. 378 379 /dev/urandom is now used in preference to /dev/random, when it exists. This 380 is theoretically slightly less secure but it prevents Zebedee blocking too 381 long in key generation. 382 383 The code now includes <sys/select.h> directly (previously it was conditional 384 on AIX). This should be more portable. 385 386 * Release 1.3.0 (2000/01/21) 387 388 If the agreed key-length is zero then the key exchange part of the protocol 389 will now be omitted. If you only want to use Zebedee for compression then 390 it will now be much more efficient at connection setup. Both client and 391 server are fully interoperable with previous protocol versions. 392 393 Added the ability for a single Zebedee client to handle tunnels to multiple 394 destinations on the same remote host. This is much more efficient than having 395 to start a separate process for each. 396 397 Fixed FTP tunnelling, added examples of how to do it and provided the 398 ftpgw.tcl script to facilitate tunnelling to "stricter" FTP servers such 399 as wu-fd. 400 401 Added the "redirecthost" keyword and optional command-line argument in server 402 mode to specify the target host to which tunnels should be connected. 403 Similarly made the client listen on addresses other than localhost. 404 405 Added the "minkeylength" keyword to specify the minimum key length that either 406 client or server will accept. 407 408 Added the "keygenlevel" to specify the strength of the key generation 409 mechanism. This trades security for speed. 410 411 Sockets have has the SO_LINGER option set false so should not hang on closing. 412 413 Documented the use of Zebedee as a service under Windows (the functionality 414 was there from the beginning but I forgot to document it!). Also allowed 415 clients to run as services too. 416 417 Ensured that the status of defunct sub-processes is reaped so that "zombie" 418 processes do not proliferate if using multiple processes rather than 419 threads. 420 421 Changed the Makefile so that the target platform can be specified on the 422 command line rather than having to modify the Makefile. For details of 423 how to support other platforms see the comments in the Makefile. 424 425 Remove the compile-time specification of the use of /dev/random and 426 /proc. This is now done at run-time. 427 428 * Release 1.2.0 (99/11/19) 429 430 Added the ability to set the network buffer size using the "maxbufsize" 431 configuration parameter. (The underlying protocol version has changed to 432 support this but complete backwards compatibility has been maintained). 433 434 Added the ability to access "extended" configuration settings (those that 435 can usually only be set in a configuration file) on the command-line by 436 using the "-x" option. 437 438 Added per-connection data transfer statistics (output at verbosity level 2 439 or greater). 440 441 If the output log-file name is specified as "NULL" all messages are turned 442 off. If it is specified as "SYSLOG" messages are written using syslog() on 443 UNIX/Linux and to the system application event log on Windows. Messages 444 are no longer written to the Windows application event log by default, 445 only if SYSLOG is specified. 446 447 Fixed a number of minor portability and configuration bugs. This includes 448 making SHA figure out the machine byte-order at runtime so there is no 449 need for the BIG/LITTLE_ENDIAN defines. 450 451 * Release 1.1.0 (99/11/06) 452 453 Added the "multi-use" client mode to support "reusable" tunnels between a 454 fixed local end-point and a remote port. New configuration keyword "multiuse" 455 and the -m command-line switch. 456 457 Added support for bzip2 compression. 458 459 "Canonicalize" any modulus and generator values in a config file so that a 460 consistent identity will be generated from equivalent values. 461 462 Fixed a bug in the "vncviewer.zbd" sample configuration file. 463 464 Expanded and corrected the documentation. 465 466 Enabled multi-threading support properly in the Makefile! 467 468 * Release 1.0.1 (99/10/25) 469 470 Fixed a stupid bug in calculating "public key" values. 471 472 * Release 1.0.0 (99/10/22) 473 474 Initial release.