Home | History | Annotate | Download | only in dropbear
      1 0.49 - Fri 23 February 2007
      2 
      3 - Security: dbclient previously would prompt to confirm a 
      4   mismatching hostkey but wouldn't warn loudly. It will now
      5   exit upon a mismatch.
      6 
      7 - Compile fixes, make sure that all variable definitions are at the start
      8   of a scope.
      9 
     10 - Added -P pidfile argument to the server (from Swen Schillig)
     11 
     12 - Add -N dbclient option for "no command"
     13 
     14 - Add -f dbclient option for "background after auth"
     15 
     16 - Add ability to limit binding to particular addresses, use 
     17   -p [address:]port, patch from Max-Gerd Retzlaff.
     18 
     19 - Try to finally fix ss_family compilation problems (for old
     20   glibc systems)
     21 
     22 - Fix finding relative-path server hostkeys when running daemonized
     23 
     24 - Use $HOME in preference to that from /etc/passwd, so that
     25   dbclient can still work on broken systems.
     26 
     27 - Fix various issues found by Klocwork defect analysis, mostly memory leaks
     28   and error-handling. Thanks to Klocwork for their service.
     29 
     30 - Improve building in a separate directory
     31 
     32 - Add compile-time LOG_COMMANDS option to log user commands
     33 
     34 - Add '-y' flag to dbclient to unconditionally accept host keys,
     35   patch from Luciano Miguel Ferreira Rocha
     36 
     37 - Return immediately for "sleep 10 & echo foo", rather than waiting
     38   for the sleep to return (pointed out by Rob Landley).
     39   
     40 - Avoid hanging after exit in certain cases (such as scp)
     41 
     42 - Various minor fixes, in particular various leaks reported by
     43   Erik Hovland
     44   
     45 - Disable core dumps on startup
     46 
     47 - Don't erase over every single buffer, since it was a bottleneck.
     48   On systems where it really matters, encrypted swap should be utilised.
     49 
     50 - Read /dev/[u]random only once at startup to conserve kernel entropy
     51 
     52 - Upgrade to LibTomCrypt 1.16 and LibTomMath 0.40
     53 
     54 - Upgrade config.status and config.guess 
     55 
     56 0.48.1 - Sat 11 March 2006
     57 
     58 - Compile fix for scp
     59 
     60 0.48 - Thurs 9 March 2006
     61 
     62 - Check that the circular buffer is properly empty before
     63   closing a channel, which could cause truncated transfers
     64   (thanks to Tomas Vanek for helping track it down)
     65 
     66 - Implement per-IP pre-authentication connection limits 
     67   (after some poking from Pablo Fernandez)
     68 
     69 - Exit gracefully if trying to connect to as SSH v1 server 
     70   (reported by Rushi Lala)
     71 
     72 - Only read /dev/random once at startup when in non-inetd mode
     73 
     74 - Allow ctrl-c to close a dbclient password prompt (may
     75   still have to press enter on some platforms)
     76 
     77 - Merged in uClinux patch for inetd mode
     78 
     79 - Updated to scp from OpenSSH 4.3p2 - fixes a security issue
     80   where use of system() could cause users to execute arbitrary
     81   code through malformed filenames, ref CVE-2006-0225
     82 
     83 0.47 - Thurs Dec 8 2005
     84 
     85 - SECURITY: fix for buffer allocation error in server code, could potentially
     86   allow authenticated users to gain elevated privileges. All multi-user systems
     87   running the server should upgrade (or apply the patch available on the
     88   Dropbear webpage).
     89 
     90 - Fix channel handling code so that redirecting to /dev/null doesn't use
     91   100% CPU.
     92 
     93 - Turn on zlib compression for dbclient.
     94 
     95 - Set "low delay" TOS bit, can significantly improve interactivity
     96   over some links.
     97 
     98 - Added client keyboard-interactive mode support, allows operation with
     99   newer OpenSSH servers in default config.
    100 
    101 - Log when pubkey auth fails because of bad ~/.ssh/authorized_keys permissions
    102 
    103 - Improve logging of assertions
    104 
    105 - Added aes-256 cipher and sha1-96 hmac.
    106 
    107 - Fix twofish so that it actually works.
    108 
    109 - Improve PAM prompt comparison.
    110 
    111 - Added -g (dbclient) and -a (dropbear server) options to allow
    112   connections to listening forwarded ports from remote machines.
    113 
    114 - Various other minor fixes
    115 
    116 - Compile fixes for glibc 2.1 (ss_family vs __ss_family) and NetBSD
    117   (netinet/in_systm.h needs to be included).
    118 
    119 0.46 - Sat July 9 2005
    120 
    121 - Fix long-standing bug which caused connections to be closed if an ssh-agent
    122   socket was no longer available
    123 
    124 - Print a warning if we seem to be blocking on /dev/random 
    125   (suggested by Paul Fox)
    126 
    127 - Fixed a memory leak in DSS code (thanks to Boris Berezovsky for the patch)
    128 
    129 - dbclient -L no longer segfaults, allocate correct buffer size (thanks
    130   to David Cook for reporting it, and Christopher Faylor for independently
    131   sending in a patch)
    132 
    133 - Added RSA blinding to signing code (suggested by Dan Kaminsky)
    134 
    135 - Rearranged bignum reading/random generation code
    136 
    137 - Reset the non-blocking status on stderr and stdout as well as stdin,
    138   fixes a problem where the shell running dbclient will exit (thanks to 
    139   Brent Roman for reporting it)
    140 
    141 - Fix so that all file descriptors are closed so the child shell doesn't
    142   inherit descriptors (thanks to Linden May for the patch)
    143 
    144 - Change signkey.c to avoid gcc 4 generating incorrect code
    145 
    146 - After both sides of a file descriptor have been shutdown(), close()
    147   it to avoid leaking descriptors (thanks to Ari Hyttinen for a patch)
    148 
    149 - Update to LibTomCrypt 1.05 and LibTomMath 0.35
    150 
    151 0.45 - Mon March 7 2005
    152 
    153 - Makefile no longer appends 'static' to statically linked binaries
    154 
    155 - Add optional SSH_ASKPASS support to the client
    156 
    157 - Respect HOST_LOOKUP option
    158 
    159 - Fix accidentally removed "return;" statement which was removed in 0.44
    160   (causing clients which sent an empty terminal-modes string to fail to
    161   connect - including pssh, ssh.com, danger hiptop). (patches
    162   independently from Paul Fox, David Horwitt and Sven-Ola Tuecke)
    163 
    164 - Read "y/n" response for fingerprints from /dev/tty directly so that dbclient
    165   will work with scp.
    166 
    167 0.44 - Mon Jan 3 2005
    168 
    169 - SECURITY: Fix for PAM auth so that usernames are logged and conversation
    170   function responses are allocated correctly - all 0.44test4 users with PAM
    171   compiled in (not default) are advised to upgrade.
    172 
    173 - Fix calls to getnameinfo() for compatibility with Solaris
    174 
    175 - Pristine compilation works (run 'configure' from a fresh dir and make it
    176   there)
    177 
    178 - Fixes for compiling with most options disabled.
    179 
    180 - Upgraded to LibTomCrypt 0.99 and LibTomMath 0.32
    181 
    182 - Make sure that zeroing out of values in LTM and LTC won't get optimised away
    183 
    184 - Removed unused functions from loginrec.c
    185 
    186 - /dev/random is now the default entropy source rather than /dev/urandom
    187 
    188 - Logging of IPs in auth success/failure messages for improved greppability
    189 
    190 - Fix dbclient so that "scp -i keyfile" works. (It can handle "-ikeyfile
    191   properly)
    192 
    193 - Avoid a race in server shell-handling code which prevents the exit-code
    194   from being returned to the client in some circumstances.
    195 
    196 - Makefile modified so that install target works correctly (doesn't try
    197   to install "all" binary) - patch from Juergen Daubert
    198 
    199 - Various minor fixes and compile warnings.
    200 
    201 0.44test4 - Tue Sept 14 2004 21:15:54 +0800
    202 
    203 - Fix inetd mode so it actually loads the hostkeys (oops)
    204 
    205 - Changed DROPBEAR_DEFPORT properly everywhere
    206 
    207 - Fix a small memory leak in the auth code
    208 
    209 - WCOREDUMP is only used on systems which support it (ie not cygwin or AIX)
    210 
    211 - Check (and fail for) cases when we can't negotiate algorithms with the
    212   remote side successfully (rather than bombing out ungracefully)
    213 
    214 - Handle authorized_keys files without a terminating newline
    215 
    216 - Fiddle the channel receive window size for possibly better performance
    217 
    218 - Added in the PAM authentication code (finally! thanks to Martin Carlsson)
    219 
    220 0.44test3 - Fri Aug 27 22:20:54 +0800
    221 
    222 - Fixed a bunch of warnings.
    223 
    224 - scp works correctly when passed a username (fix for the dbclient program
    225   itself as well, "-lmatt" works as well as "-l matt").
    226 
    227 - Remove unrequired debian files
    228 
    229 - Exit with the remote process's return code for dbclient
    230 
    231 - Display stderr messages from the server in the client
    232 
    233 - Add circular buffering to the channel code. This should dramatically reduce
    234   the amount of backtraffic sent in response to traffic incoming to the
    235   Dropbear end - improves high-latency performance (ie dialup).
    236 
    237 - Various other related channel-handling fixups.
    238 
    239 - Allow leading lines in the banner when connecting to servers
    240 
    241 - Fixed printing out errors onto the network socket with stderr (for inetd
    242   mode when using xinetd)
    243 
    244 - Remove obselete documentation
    245 
    246 - Fix a null-pointer exception when trying to free non-existant listeners
    247   at cleanup.
    248 
    249 - DEBUG_TRACE now only works if you add "-v" to the program commandline
    250 
    251 - Don't leave stdin non-blocking on exit - this caused the parent shell
    252   of dbclient to close when dbclient exited, for some shells in BusyBox
    253 
    254 - Server connections no longer timeout after 5 minutes
    255 
    256 - Fixed stupid DSS hostkey typo (server couldn't load host keys)
    257 
    258 0.44test2 - Tues Aug 17 2004 17:43:54 +0800
    259 
    260 - Fix up dropbearmulti targets in the Makefile - symlinks are now created
    261 
    262 - Compile fake-rfc2553 even with dropbearconvert/dropbearkey - this 
    263   allows them to work on platforms without a native getaddrinfo()
    264 
    265 - Create ~/.ssh/known_hosts properly if it doesn't exist
    266 
    267 - Fix basename() function prototype
    268 
    269 - Backport some local changes (more #ifdefs for termcodes.c, a fix for missing
    270   defines on AIX).
    271 
    272 - Let dbclient be run as "ssh"
    273 
    274 - Initialise mp_ints by default
    275 
    276 0.44test1 - Sun Aug 16 2005 17:43:54 +0800
    277 
    278 - TESTING RELEASE - this is the first public release of the client codebase,
    279   so there are sure to be bugs to be found. In addition, if you're just using
    280   the server portion, the final binary size probably will increase - I'll
    281   be trying to get it back down in future releases.
    282 
    283 - Dropbear client added - lots of changes to the server code as well to 
    284   generalise things
    285 
    286 - IPv6 support added for client, server, and forwarding
    287 
    288 - New makefile with more generic support for multiple-program binaries
    289 
    290 0.43 - Fri Jul 16 2004 17:44:54 +0800
    291 
    292 - SECURITY: Don't try to free() uninitialised variables in DSS verification
    293   code. Thanks to Arne Bernin for pointing out this bug. This is possibly
    294   exploitable, all users with DSS and pubkey-auth compiled in are advised to
    295   upgrade.
    296 
    297 - Clean up agent forwarding socket files correctly, patch from Gerrit Pape.
    298 
    299 - Don't go into an infinite loop when portforwarding to servers which don't
    300   send any initial data/banner. Patch from Nikola Vladov
    301 
    302 - Fix for network vs. host byte order in logging remote TCP ports, also
    303   from Gerrit Pape.
    304 
    305 - Initialise many pointers to NULL, for general safety. Also checked cleanup
    306   code for mp_ints (related to security issues above).
    307 
    308 0.42 - Wed Jun 16 2004 12:44:54 +0800
    309 
    310 - Updated to Gerrit Pape's official Debian subdirectory
    311 
    312 - Fixed bad check when opening /dev/urandom - thanks to Danny Sung.
    313 
    314 - Added -i inetd mode flag, and associated options in options.h . Dropbear
    315   can be compiled with either normal mode, inetd, or both modes. Thanks
    316   to Gerrit Pape for basic patch and motivation.
    317 
    318 - Use <dirent.h> rather than <sys/dir.h> for POSIX compliance. Thanks to Bill
    319   Sommerfield.
    320 
    321 - Fixed a TCP forwarding (client-local, -L style) bug which caused the whole
    322   session to close if the TCP connection failed. Thanks to Andrew Braund for
    323   reporting it and helping track it down.
    324 
    325 - Re-enable sigpipe for child processes. Thanks to Gerrit Pape for some
    326   suggestions, and BSD manpages for a clearer explanation of the behaviour.
    327 
    328 - Added manpages, thanks to Gerrit Pape.
    329 
    330 - Changed license text for LibTomCrypt and LibTomMath.
    331 
    332 - Added strip-static target
    333 
    334 - Fixed a bug in agent-forwarding cleanup handler - would segfault
    335   (dereferencing a null pointer) if agent forwarding had failed.
    336 
    337 - Fix behaviour of authorized_keys parsing, so larger (>1024 bit) DSA keys will
    338   work. Thanks to Dr. Markus Waldeck for the report. 
    339 
    340 - Fixed local port forwarding code so that the "-j" option will make forwarding
    341   attempts fail more gracefully.
    342 
    343 - Allow repeated requests in a single session if previous ones fail - this fixes  PuTTY and some other SCP clients, which try SFTP, then fall-back to SCP if it
    344   isn't available. Thanks to Stirling Westrup for the report.
    345 
    346 - Updated to LibTomCrypt 0.96 and LibTomMath 0.30. The AES code now uses
    347   smaller non-precomputed tables if DROPBEAR_SMALL_CODE is defined in
    348   options.h, leading to a significant reduction in the binary size.
    349 
    350 0.41 - Mon Jan 19 2004 22:40:19 +0800
    351 
    352 - Fix in configure so that cross-compiling works, thanks to numerous people for
    353   reporting and testing
    354 
    355 - Terminal mode parsing now handles empty terminal mode strings (sent by
    356   Windows ssh.com clients), thanks to Ricardo Derbes for the report
    357 
    358 - Handling is improved for users with no shell specified in /etc/passwd,
    359   thanks again to Ricardo Derbes
    360 
    361 - Fix for compiling with --disable-syslog, thanks to gordonfh
    362 
    363 - Various minor fixes allow scp to work with irix, thanks to Paul Marinceu for
    364   fixing it up
    365 
    366 - Use <stropts.h> not <sys/stropts.h>, since the former seems more common
    367 
    368 0.40 - Tue Jan 13 2004 21:05:19 +0800
    369 
    370 - Remote TCP forwarding (-R) style implemented
    371 
    372 - Local and remote TCP forwarding can each be disabled at runtime (-k and -j
    373   switches)
    374 
    375 - Fix for problems detecting openpty() with uClibc - many thanks to various
    376   people for reporting and testing fixes, including (in random order) Cristian
    377   Ionescu-Idbohrn, James Ewing, Steve Dover, Thomas Lundquist and Frederic
    378   Lavernhe
    379 
    380 - Improved portability for IRIX, thanks to Paul Marinceu
    381 
    382 - AIX and HPUX portability fixes, thanks to Darren Tucker for patches
    383 
    384 - prngd should now work correctly, thanks to Darren Tucker for the patch
    385 
    386 - scp compilation on systems without strlcpy() is fixed, thanks to Peter
    387   Jannesen and David Muse for reporting it (independently and simultaneously :)
    388 
    389 - Merged in new LibTomCrypt 0.92 and LibTomMath 0.28
    390 
    391 0.39 - Tue Dec 16 2003 15:19:19 +0800
    392 
    393 - Better checking of key lengths and parameters for DSS and RSA auth
    394 
    395 - Print fingerprint of keys used for pubkey auth
    396 
    397 - More consistent logging of usernames and IPs
    398 
    399 - Added option to disable password auth (or just for root) at runtime
    400 
    401 - Avoid including bignum functions which don't give much speed benefit but
    402   take up binary size
    403 
    404 - Added a stripped down version of OpenSSH's scp binary
    405 
    406 - Added additional supporting functions for Irix, thanks to Paul Marinceu
    407 
    408 - Don't check for unused libraries in configure script
    409 
    410 - Removed trailing comma in algorithm lists (thanks to Mihnea Stoenescu)
    411 
    412 - Fixed up channel close handling, always send close packet in response
    413   (also thanks to Mihnea Stoenescu)
    414 
    415 - Various makefile improvements for cross-compiling, thanks to Friedrich
    416   Lobenstock and Mihnea Stoenescu
    417 
    418 - Use daemon() function if available (or our own copy) rather than separate
    419   code (thanks to Frdric Lavernhe for the report and debugging, and Bernard
    420   Blackham for his suggestion on what to look at)
    421 
    422 - Fixed up support for first_kex_packet_follows, required to talk to ssh.com
    423   clients. Thanks to Marian Stagarescu for the bug report.
    424 
    425 - Avoid using MAXPATHLEN, pointer from Ian Morris
    426 
    427 - Improved input sanity checking
    428 
    429 0.38 - Sat Oct 11 2003 16:28:13 +0800
    430 
    431 - Default hostkey path changed to /etc/dropbear/dropbear_{rsa,dss}_host_key
    432   rather than /etc/dropbear_{rsa,dss}_host_key
    433 
    434 - Added SMALL and MULTI text files which have info on compiling for multiple
    435   binaries or small binaries
    436 
    437 - Allow for commandline definition of some options.h settings
    438   (without warnings)
    439 
    440 - Be more careful handling EINTR
    441 
    442 - More fixes for channel closing
    443 
    444 - Added multi-binary support
    445 
    446 - Improved logging of IPs, now get logged in all cases
    447 
    448 - Don't chew cpu when waiting for version identification string, also
    449   make sure that we kick off people if they don't auth within 5 minutes.
    450 
    451 - Various small fixes, warnings etc
    452 
    453 - Display MOTD if requested - suggested by
    454   Trent Lloyd <lathiat at sixlabs.org> and
    455   Zach White <zwhite at darkstar.frop.org>
    456 
    457 - sftp support works (relies on OpenSSH sftp binary or similar)
    458 
    459 - Added --disable-shadow option (requested by the floppyfw guys)
    460 
    461 0.37 - Wed Sept 24 2003 19:42:12 +0800
    462 
    463 - Various portability fixes, fixes for Solaris 9, Tru64 5.1, Mac OS X 10.2,
    464   AIX, BSDs
    465 
    466 - Updated LibTomMath to 0.27 and LibTomCrypt to 0.90
    467 
    468 - Renamed util.{c,h} to dbutil.{c,h} to avoid conflicts with system util.h
    469 
    470 - Added some small changes so it'll work with AIX (plus Linux Affinity).
    471   Thanks to Shig for them.
    472 
    473 - Improved the closing messages, so a clean exit is "Exited normally"
    474 
    475 - Added some more robust integer/size checking in buffer.c as a backstop for
    476   integer overflows
    477 
    478 - X11 forwarding fixed for OSX, path for xauth changed to /usr/X11R6/bin/xauth
    479 
    480 - Channel code handles closing more nicely, doesn't sit waiting for an extra
    481   keystroke on BSD/OSX platforms, and data is flushed fully before closing
    482   child processes (thanks to 
    483   Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn at axis.com> for
    484   pointing that out).
    485 
    486 - Changed "DISABLE_TCPFWD" to "ENABLE_TCPFWD" (and for x11/auth) so
    487   "disable DISABLE_TCPWD" isn't so confusing.
    488 
    489 - Fix authorized_keys handling (don't crash on too-long keys, and
    490   use fgetc not getc to avoid strange macro-related issues), thanks to
    491   Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn at axis.com> 
    492   and Steve Rodgers <hwstar at cox.net> for reporting and testing.
    493 
    494 - Fixes to the README with regard to uClibc systems, thanks to 
    495   Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn at axis.com>,
    496   as well as general improvements to documentation (split README/INSTALL)
    497 
    498 - Fixed up some compilation problems with dropbearconvert/dropbearkey if
    499   DSS or RSA were disabled, reported by Patrik Karlsson <patrik at cqure.net>
    500 
    501 - Fix double-free bug for hostkeys, reported by
    502   Vincent Sanders <vince at kyllikki.org>
    503 
    504 - Fix up missing \ns from dropbearconvert help message,
    505   thanks to Mordy Ovits <movits at bloomberg.com> for the patch
    506 
    507 0.36 - Tue August 19 2003 12:16:23 +0800
    508 
    509 - Fix uninitialised temporary variable in DSS signing code
    510   (thanks to Matthew Franz <mdfranz at io.com> for reporting, and the authors
    511   of Valgrind for making it easy to track down)
    512 - Fix remote version-string parsing error
    513   (thanks to Bernard Blackham <bernard at blackham.com.au> for noticing)
    514 - Improved host-algorithm-matching algorithm in algo.c
    515 - Decreased MAX_STRING_LEN to a more realistic value
    516 - Fix incorrect version (0.34) in this CHANGES file for the previous release.
    517 
    518 0.35 - Sun August 17 2003 05:37:47 +0800
    519 
    520 - Fix for remotely exploitable format string buffer overflow.
    521   (thanks to Joel Eriksson <je at bitnux.com>)
    522 
    523 0.34 - Fri August 15 2003 15:10:00 +0800
    524 
    525 - Made syslog optional, both at compile time and as a compile option
    526   (suggested by Laurent Bercot <ska at skarnet.org>)
    527 - Fixup for bad base64 parsing in authorized_keys
    528   (noticed by Davyd Madeley <davyd at zdlcomputing.com>)
    529 - Added initial tcp forwarding code, only -L (local) at this stage
    530 - Improved "make install" with DESTDIR and changing ownership seperately,
    531   don't check for setpgrp on Linux for crosscompiling.
    532   (from Erik Andersen <andersen at codepoet.org>)
    533 - More commenting, fix minor compile warnings, make return values more
    534   consistent etc
    535 - Various signedness fixes
    536 - Can listen on multiple ports
    537 - added option to disable openpty with configure script,
    538   (from K.-P. Kirchdrfer <kapeka at epost.de>)
    539 - Various cleanups to bignum code
    540   (thanks to Tom St Denis <tomstdenis at iahu.ca>)
    541 - Fix compile error when disabling RSA
    542   (from Marc Kleine-Budde <kleine-budde at gmx.de>)
    543 - Other cleanups, splitting large functions for packet and kex handling etc
    544 
    545 0.33 - Sun June 22 2003 22:24:12 +0800
    546 
    547 - Fixed some invalid assertions in the channel code, fixing the server dying
    548   when forwarding X11 connections.
    549 - Add dropbearconvert to convert to/from OpenSSH host keys and Dropbear keys
    550 - RSA keys now keep p and q parameters for compatibility -- old Dropbear keys
    551   still work, but can't be converted to OpenSSH etc.
    552 - Debian packaging directory added, thanks to 
    553   Grahame (grahame at angrygoats.net)
    554 - 'install' target added to the makefile
    555 - general tidying, improve consistency of functions etc
    556 - If RSA or DSS hostkeys don't exist, that algorithm won't be used.
    557 - Improved RSA and DSS key generation, more efficient and fixed some minor bugs
    558   (thanks to Tom St Denis for the advice)
    559 - Merged new versions of LibTomCrypt (0.86) and LibTomMath (0.21)
    560 
    561 0.32 - Sat May 24 2003 12:44:11 +0800
    562 
    563 - Don't compile unused code from libtomcrypt (test vectors etc)
    564 - Updated to libtommath 0.17 and libtomcrypt 0.83. New libtommath results
    565   in smaller binary size, due to not linking unrequired code
    566 - X11 forwarding added
    567 - Agent forwarding added (for OpenSSH.com ssh client/agent)
    568 - Fix incorrect buffer freeing when banners are used
    569 - Hostname resolution works
    570 - Various minor bugfixes/code size improvements etc
    571 
    572 0.31 - Fri May 9 2003 17:57:16 +0800
    573 
    574 - Improved syslog messages - IP logging etc
    575 - Strip control characters from log messages (specified username currently)
    576 - Login recording (utmp/wtmp) support, so last/w/who work - taken from OpenSSH
    577 - Shell is started as a proper login shell, so /etc/profile etc is sourced
    578 - Ptys work on Solaris (2.8 x86 tested) now
    579 - Fixed bug in specifying the rsa hostkey
    580 - Fixed bug in compression code, could trigger if compression resulted in
    581   larger output than input (uncommon but possible).
    582 
    583 0.30 - Thu Apr 17 2003 18:46:15 +0800
    584 
    585 - SECURITY: buffer.c had bad checking for buffer increment length - fixed
    586 - channel code now closes properly on EOF - scp processes don't hang around
    587 - syslog support added - improved auth/login/failure messages
    588 - general code tidying, made return codes more consistent
    589 - Makefile fixed for dependencies and makes libtomcrypt as well
    590 - Implemented sending SSH_MSG_UNIMPLEMENTED :)
    591 
    592 0.29 - Wed Apr 9 2003
    593 
    594 - Fixed a stupid bug in 0.28 release, 'newstr = strdup(oldstr)',
    595   not 'newstr=oldstr'
    596 
    597 0.28 - Sun Apr 6 2003
    598 
    599 - Initial public release
    600 
    601 Development was started in October 2002
    602