CHANGES.txt

* Release 2.5.7

Add -a option to set outgoing source IP.

* Release 2.5.6

Fix address size for Solaris IPv6 bind() and sendto() calls.

Update --help output, adding option -4.

* Release 2.5.5

Fix compilation of IPv6 support on Mac OS X.

Add command line option -4 to enforce local IPv4 sockets when compiled with
IPv6 support.

Minor IPv6 fix.

Makefile comments completion (system libs).

* Release 2.5.4

Add IPv6 support.

Update to latest libraries (zlib, bzip2 and blowfish/OpenSSL).

Minor fixes (typos and compiler warnings).

* Release 2.5.3

Fix file descriptor leak when IP address lookup fails.

Fix problem with running a server in "reverse" mode and detached -- only
apparent on Windows.

Add "maxconnections" to alleviate DoS attack.

Check for target port 0 to avoid DoS.

Linux 64-bit port (a result of the "Linux on POWER" contest) courtesy of
Stew Benedict <stewb@linuxcontrol.net>. Use the "linux64" OS target.

Upgraded version of bzip2 and zlib.

* Release 2.5.2

Cross-platform fix for checksumming code. This is *incompatible* with version
2.5.1. As a temporary workaround, setting "bugcompatibility 251" will maintain
compatibility with release 2.5.1 for little-endian platforms (e.g. Intel).
This will be removed from the final production release.

Upgrade to Inno Setup 4.

More documentation fixes.

Increased the default thread stack size to 64k and added "threadstacksize" for
debug/test purposes.

Fix handling of HTTP/1.1 responses from proxies.

Added "acceptconnecttimeout" (supersedes "connecttimeout") along with
"connectattempts" (and -C command-line option), "serverconnecttimeout" and
"targetconnecttimeout".

Fixed bug with "clienthost" not being honoured when Zebedee was used as
a service.

Added display of NOTICE.txt to the Windows install process.

* Release 2.5.1 (2003/07/05)

Critical fix to the checksumming code, which wouldn't work if messages
got out of sync between client and server. This is *incompatible* with
version 2.5.0.

Fixed documentation comments on message integrity.

* Release 2.5.0 (2003/07/02)

Dropped backwards compatibility with Zebedee 1.x versions of the protocol.

Added message integrity checking ("checksumlevel" and "minchecksumlevel"
keywords), "dropunknownprotocol" and "lockprotocol" features and per-target
address checking. These are all derived from patches submitted by Henrick
Lund. Great work Henrick!

Added the ability to hand the peer address, target address and target
port to key generation commands (add a "+" to the end of the command
to get three extra arguments provided).

Added "httpproxyauth" -- thanks to James CE Johnson.

Added "runasuser/-N" -- thanks to Thomas Melzer.

Added per-target ID checking -- originally by Alain Turbide.

Fixed a bug with "anonymous" tunnel specs (using a "*" to default to
the server address).

Fixed bug writing to syslog when detached -- thanks to Kyle Dent.

Set FD_SETSIZE to 512 by default on Windows, to allow many more simultaneous
connections to be handled correctly (approx 250). This can be overridden
at compile time. Thanks to John W Campbell.

Bug fix for 64-bit HPUX support. Thanks to Kris Laporte.

* Release 2.4.1 (2002/05/29)

Fixed incorrect selection of client TCP/UDP mode when handler function is
run in-line (as a result of debug, multiuse or command setting).

Fixed message when client requests incompatible TCP/UDP mode.

Added "dumpdata" keyword to enable a dump of local traffic when this is
true (and the verbosity level is 5 or greater).

Added support for BSD/OS (OS=bsdi) in the Makefile -- thanks to Brett Wynkoop.

* Release 2.4.0 (2002/05/09)

Added support for building on MacOS X (sorry, no support for "classic" MacOS
yet). This required a larger initial thread stack size, which can now be
specified at compile time.

Fix handling of targets containing sub-net specifications.

Eliminate use of non-reentrant inet_ntoa() calls. This has never been
observed as a problem but could, potentially, cause issues with confusing
messages or even incorrect connections.

"Modernised" vncserver.zbd configuration file.

Improved the Windows key generation code. Note, however, that Zebedee's key
generation for all platforms is still not guaranteed to be cryptographically
strong. If you are really, really, concerned with the quality of key
generation please examine the code, improve it if necessary or call out to an
external command (such as "gpg --gen-random"). However, unless you are trying
to defend very sensitive traffic against snooping from determined and
well-equipped attackers I wouldn't worry too much. And if you are trying to do
that, Zebedee may not be the right choice for you anyway :-)

Changed server tunnel establishment message to be more informative.

Fixed (implemented!) "detached" mode for server-initiated connections. It
now detaches after having contacted the client but before establishing any
tunnels.

Added -F option to specify configuration file field separator character.

Added "sharedkey" and "sharedkeygencommand" to allow a pre-established shared
secret key to be specified. This and the -F option have been added primarily
for use in Ed Suominen's PRIVARIA.

Included "passphrase.tcl" in the distribution.

Numerous changes to the (English) documentation.

* Release 2.3.2 (2002/04/18)

Tunnel and target ports can now be suffixed with "/tcp" or "/udp" in order to
restrict the protocol used. This is useful when "ipmode both" is in effect.
So, for example a target of "localhost:5900-5910/tcp,daytime/udp" allows
TCP-only tunnels to 5900-5910 and UDP-only tunnels to the "daytime" port. When
the protocol is omitted either may be used.

Added support for UDP source address spoofing when run in "transparent" mode.
This makes source to target UDP traffic "transparent" but the target server
will be unlikely to be able to reply to any such datagrams received. Note that
this is not compiled in by default and requires the use of the "libnet"
library.

Added "readtimeout" to allow some defence against denial of service attacks.
If set to non-zero then remote data reads must be completed within this number
of seconds. This primarily affects the Zebedee protocol exchanges, idle
connection timeouts are handled through "idletimeout".

Added "no linger" and "keep alive" options to sockets accepted by client
or server in order to clean up better in the case of the peer hanging.

Modified "redirect" to support "redirect none" to turn off any default target
ports.

Rewrote the description of identity checking. Added further documentation
about server security issues.

Prohibit the default target from having an address mask. It's too confusing
otherwise!

Fix handling of TCP connections in mixed mode.

Fix short writes that show up on OpenBSD (thanks to Jon Leonard for this).

Revised the example config files to make them more secure by default and to
use more modern constructs.

* Release 2.3.1 (2002/03/15)

Changed any potentially unsafe sprintf/vsprintf instances to
snprintf/vsnprintf. There should never have been a remote exploit possible,
this just eliminates any theoretical local ones in case someone has a reason
to run this as root ... (Note that use of these functions may be an issue
on some platforms although they do appear in the UNIX98 spec and exist
on Windows).

Allowed CIDR address specifications for target (and server name in listenmode).

Added IP address checking with the "checkaddress" keyword.

Finally caved in and added "httpproxy" to allow connection via a web proxy
server using "CONNECT".

Added "transparent" keyword to attempt to act as a transparent proxy and
forward on the client IP address. It may work on Linux 2.0/2.2. But then
again, it might not ...

* Release 2.3.0 (2002/03/07)

New functionality (at last!).

Added "listenip" and -b option to set listening address.

Added "tcptimeout" and "idletimeout" to allow inactive TCP tunnels to be
closed.

Added "ipmode" and -U option to support mixed traffic mode for a single
client or server.

Makefile changes for Irix and HPUX from Kyle Dent. Others to use latest
version of mingw gcc and force use of "native" perl.

Note that Zebedee will now be linked with MSVCRT.DLL. That should only
be a problem on an old Win95 machine.

Japanese documentation NOT YET updated.

* Release 2.2.2 (2001/04/13)

Include missing Japanese documentation.

Handle files without a terminating newline.

On FreeBSD, only create a parent process if the program is going to detach.
This means there isn't an idle parent process if the program is not run in
detached mode.

Fix "PUT" handling in ftpgw.tcl.

Added RPM spec file to the distribution.

Note that all RCS id lines will have changed as the result of importing files
into CVS at SourceForge.

* Release 2.2.1 (2001/02/07)

Fix bug handling client access using IP address rather than host name.

* Release 2.2.0 (2001/02/02)

Add SO_KEEPALIVE code to (eventually) reap dead client connections.

Modify ftpgw.tcl to mitigate memory leak that shows up with Tcl versions < 8.4
(an possibly that too). It's still not perfect, but it's better!

Fix FreeBSD detaching (again!)

Handle hostnames that resolve to multiple addresses on both client and server
side.

Fix bug in picking up default target host.

* Release 2.1.3 (2000/10/13)

Version numbering changed to common open-source practice -- odd numbered
minor releases are development versions.

Added support and fixes for building on FreeBSD and Tru64 (Compaq Alpha).
FreeBSD requires the BUGGY_FORK_WITH_THREADS definition and an interesting
method of detaching a process ...

Changed the definition of SHA_LONG in sha.h for 64-bit platforms.

Handle the case where the client key-reuse token expires before the server's.
This would lead to a client failing to establish any connections after a
period of time.

Make sure messages still get written to stderr before a process actually
detaches from the terminal.

Mutex-protect gethostbyname to cope with platforms where it is not re-entrant.

Don't erroneously convert addresses returned by inet_addr to network byte
order -- they already are.

Ensure digest and nonce values are formatted correctly on 64-bit platforms.

Output network address values in host byte order so that the values are
consistent across platforms.

Transfer requested target host addresses by value otherwise big and
little-endian platforms will not interwork.

Changed default installation root to /usr and eliminated warnings when
building man-page for better RPM integration.

Upgraded to a newer version of the Blowfish library (from OpenSSL 0.9.5a).

Upgraded to a newer version of the bzip2 library (1.0.1).

Documentation fixes, including missing "target" documentation!

A Japanese translation of the manual for Zebedee and ftpgw are included in the
doc_jp sub-directory. These are not (yet) built by default, you must do so
separately. Thanks to NAKAJIMA Taku <tnaka@brain-tokyo.com>.

* Release 2.1.0 BETA-2 (2000/08/31)

Fix bug interpreting "*" as a valid server hostname.

Fix infinite loop if creation of server listen socket fails.

Fix parsing of tunnel specifications with embedded spaces.

* Release 2.1.0 BETA-1 (2000/08/26)

Implemented server-initiated connections. This allows a Zebedee server behind
a firewall to connect out to a waiting client. New keywords connecttimeout,
listenmode and clienthost have been introduced along with command-line options
-c and -l.

Added support for multiple targets being handled by a single client/server
pair. New keywords "tunnel" and "target" have been added to support this
(largely obsoleting clientport, localport, targethost and targetport).

Added -T command line option to allow the "serverport" value to be specified
more easily on the command-line.

Improve UDP mode to handle clients that use "connected" sockets and others
that expect the response to come from the same port that they sent the data
to. I'm told it should work with Quake now ...

Stop the private key generation code generating "trivial" key values (0 or 1).
It was highly unlikely but ...

Fix bug with Zebedee failing to exit when running in single-use mode on
Windows.

Fixed the "reusable session token" generation code. It was possible (and on
Windows 9x reasonable likely) for a new server to generate the same token
stream as a previous one, leading client and server to get out of sync.

Now close stdin/out/err when detaching for both Windows and UN*X.

Support for FreeBSD has been added to the Makefile.

A table summarising all of the keywords and options has been added to the
documentation.

* Release 2.0.1 (2000/08/13)

Fix bug in parsing configuration file when no command-line target port
was specified.

Fixed bugs compiling for "generic" UNIX, i.e. without threads.

* Release 2.0.0 (2000/05/30)

Added support for UDP datagram tunnelling. This is controlled with the new
keywords "udpmode" and "udptimeout". There is also a new "-u" command-line
option to enable UDP mode.

Added support for the reuse of a previously established shared secret key for
subsequent connections. As part of this change the shared key itself is now no
longer used directly for encryption of the data. Instead a unique "session
key" is established for each connection. The connection establishment protocol
has also been optimized to require far fewer message exchanges. Full support
for previous protocol versions has, however, been retained. Key reuse is
controlled through the use of the "keylifetime" keyword.

The default mode of operation is now "multi-use" mode unless a command string
has been specified. This change should be largely transparent apart from the
fact that it renders the "-m" command-line option obsolete, although it is
still supported.

Zebedee now ships with a "big number" library derived from the Python sources
(by way of "mirrordir"). This removes the dependency on the GMP library,
although that can still be used if USE_GMP_LIBRARY is defined at compile
time.

By default a Zebedee client now listens on all local addresses and not
just "localhost" so that it can act as a gateway. This can be disabled by
setting the "localsource" option to "true".

A number of keywords have been renamed for greater consistency and clarity.
The old keywords are still supported for backwards compatibility. The old and
new mappings are:

	remoteport	->	targetport
	redirecthost	->	targethost
	remotehost	->	serverhost
	localport	->	clientport

Expanded the sample configuration files to show more examples.

Fix bug hanging when writing to stderr in detached mode.

/dev/urandom is now used in preference to /dev/random, when it exists. This
is theoretically slightly less secure but it prevents Zebedee blocking too
long in key generation.

The code now includes <sys/select.h> directly (previously it was conditional
on AIX). This should be more portable.

* Release 1.3.0 (2000/01/21)

If the agreed key-length is zero then the key exchange part of the protocol
will now be omitted. If you only want to use Zebedee for compression then
it will now be much more efficient at connection setup. Both client and
server are fully interoperable with previous protocol versions.

Added the ability for a single Zebedee client to handle tunnels to multiple
destinations on the same remote host. This is much more efficient than having
to start a separate process for each.

Fixed FTP tunnelling, added examples of how to do it and provided the
ftpgw.tcl script to facilitate tunnelling to "stricter" FTP servers such
as wu-fd.

Added the "redirecthost" keyword and optional command-line argument in server
mode to specify the target host to which tunnels should be connected.
Similarly made the client listen on addresses other than localhost.

Added the "minkeylength" keyword to specify the minimum key length that either
client or server will accept.

Added the "keygenlevel" to specify the strength of the key generation
mechanism. This trades security for speed.

Sockets have has the SO_LINGER option set false so should not hang on closing.

Documented the use of Zebedee as a service under Windows (the functionality
was there from the beginning but I forgot to document it!). Also allowed
clients to run as services too.

Ensured that the status of defunct sub-processes is reaped so that "zombie"
processes do not proliferate if using multiple processes rather than
threads.

Changed the Makefile so that the target platform can be specified on the
command line rather than having to modify the Makefile. For details of
how to support other platforms see the comments in the Makefile.

Remove the compile-time specification of the use of /dev/random and
/proc. This is now done at run-time.

* Release 1.2.0 (99/11/19)

Added the ability to set the network buffer size using the "maxbufsize"
configuration parameter. (The underlying protocol version has changed to
support this but complete backwards compatibility has been maintained).

Added the ability to access "extended" configuration settings (those that
can usually only be set in a configuration file) on the command-line by
using the "-x" option.

Added per-connection data transfer statistics (output at verbosity level 2
or greater).

If the output log-file name is specified as "NULL" all messages are turned
off. If it is specified as "SYSLOG" messages are written using syslog() on
UNIX/Linux and to the system application event log on Windows. Messages
are no longer written to the Windows application event log by default,
only if SYSLOG is specified.

Fixed a number of minor portability and configuration bugs. This includes
making SHA figure out the machine byte-order at runtime so there is no
need for the BIG/LITTLE_ENDIAN defines.

* Release 1.1.0 (99/11/06)

Added the "multi-use" client mode to support "reusable" tunnels between a
fixed local end-point and a remote port. New configuration keyword "multiuse"
and the -m command-line switch.

Added support for bzip2 compression.

"Canonicalize" any modulus and generator values in a config file so that a
consistent identity will be generated from equivalent values.

Fixed a bug in the "vncviewer.zbd" sample configuration file.

Expanded and corrected the documentation.

Enabled multi-threading support properly in the Makefile!

* Release 1.0.1 (99/10/25)

Fixed a stupid bug in calculating "public key" values.

* Release 1.0.0 (99/10/22)

Initial release.