
This file describes the changes to xinetd. The base version is 2.0.0.

2.0.0: (not released)

2.0.1: (not released)

2.0.2:
	Changes to the Makefile.
	Trivial mods to the usage() function

2.0.3:
	Changes to the Makefile.
	Fixed a bug in the usage() function

2.0.4:
	Distribution versions of the Makefile no longer contain any 
	references to options.opt

2.0.5:
	1) Clarified what an "unlisted RPC service" is in the man page
	2) Fixed a bug in remote_address_check which caused access to be denied
		for all hosts if no_access was set and only_from was not set.
	3) Fixed a bug which caused arbitrary syslog levels if the log_type
		was specified as SYSLOG in the "defaults" entry

2.0.6:
	bug fix in child.c: replaced strx_sprint with strx_print when naming
	interceptor processes


-------------------------------------------------------------------------------

2.1.0: (not released)
	This was mostly a clean-up of 2.0
	List of changes:

	A. The man page has been split into 3 parts:
			xinetd.man			:	man page describing the program
			xinetd.conf.man	:	man page describing the configuration file 
										This file now includes figures about the
										overhead of interception.
			xinetd.log.man		:	man page describing the log file
	B. New service attributes
			rpc_number			: to support unlisted RPC services
			nice					: to set the nice value of forked servers
	C. The IDONLY service flag was added
	D. Now uses the timer library unless NO_TIMERS is defined. If NO_TIMERS
		is not defined, the following are also available:
			a) a new option, -cc, to do periodic consistency checks
			b) timeout for reconfiguration
	E.	Configuration file man page now mentions that access control is 
		based on IP-address instead of domain address.
	F.	The interception code now sets the TCP_NODELAY option.
	G. The timeout when contacting a remote identification server is
		configurable both when the service request has been accepted and 
		when the request is rejected. In the former case it defaults to
		infinity while in the latter it defaults to 30 sec.
	H. The log line ids are now constants in an include file.
	I. The fsma library is no longer used.
	J. Most structure fields were renamed; certain functions were renamed too.
		Access to structure fields is now via macros.
	K. A bug in not restoring the number of descriptors to the soft limit
		was fixed.
	L. The -pid option works
	M. New internal services:
			"servers"		: lists active servers
			"services"		: lists active services

2.1.1:
	xinetd produces more meaningful messages if it can't start logging

2.1.2:
	Fixed 2 bugs:
		1) xinetd would request a port number for unlisted RPC services
			One could get around this by simply specifying the port attribute
			for the service; the specified value would be ignored anyway.
		2) xinetd initialization might fail sometimes in function msg_init()
			syslog logging was specified (i.e. the option -syslog was used)
			The cause of this bug was that the 
				xlog_control( xlog, XLOG_GETFD, &fd ) 
			operation will not fail for xlogs connected to syslog and
			the value of 'fd' would be used in the subsequent fcntl(). That
			value is arbitrary since 'fd' is a local variable.
			If 'fd' did not happen to refer to an open descriptor, the program 
			would terminate since the fcntl() would fail (btw, the success
			of the fcntl() call would be harmless if 'fd' happened to
			refer to an open descriptor).

2.1.3:
	Bug fix:
		only_from/no_access addresses would get inverted on little-endian
		machines when such addresses were specified using the numeric notation
		(for example, 128.138.45.3). This bug was in the numeric_addr function
		which did not convert the result of inet_addr to host-byte-order.
		A work around for the bug would be to use the factorized address 
		notation (for example, 128.138.45.{3})

2.1.4:
	Bug fixes:
		1) in dgram_echo(), sin_len was not being set before the invocation of
			recvfrom
		2) in finger_shutdown(), it was possible for Srdline() to return NULL
			(if the remote end would close the socket without sending anything).
			If the RECORD option was set in the log_on_failure flags, this
			would cause the forked xinetd process which did the recording to
			die since it would try to dereference a NULL pointer.


2.1.5:
	Bug fixes:
		1) in exec_server() service descriptor might be closed when
		   execing server. This made it impossible to start servers
			for 'nowait' services.  The bug occurred only Ultrix version
			4.3a or (probably) later (bug discovered and fix provided
			by doug@seas.smu.edu)
		
		2) for systems that supported supplementary group id's, the
			set_credentials() function did not set those group id's
			(they were being inherited from xinetd). Now initgroups(3)
			is called to set the supplementary group id's properly.
			(bug discovered and fix provided by maf+@osu.edu)

2.1.6:
	Bug fixes:
		1) xinetd will crash after reconfiguration if there is a running
			server for a service that was removed from the configuration and
			which logs on exit.
		2) xinetd forked process falls in infinite loop if identd server
			sends a reply that is missing the ending CR-LF.
			(bug discovered and fix provided by Laurent.Wacrenier@gin.obspm.fr).

	We also change the LOGUSER_SUCCESS_TIMEOUT constant in config.h from
	0 seconds (i.e. infinite timeout) to 30 seconds. This avoids infinite
	waits in case the remote host does not send a RST reply when we attempt
	to connect to the IDENTD port, and there is no server listening at
	that port.


2.1.7:
	Bug fix: the HOST flag in the 'log_on_success' attribute was ignored;
				the code was incorrectly checking if the HOST flag was
				set in the log_on_failure attribute
				(bug discovered by frolich@corrine.cpc.cs.ucf.edu)

2.1.8.1: 
	Added support for TCP redirect to a remote host.
		--bbraun

2.1.8.2: 
	Added support for binding to specific interface.
		--bbraun

2.1.8.3:
	Changed redirect so that a remote port can be specified as well.
		--bbraun

2.1.8.4 10/98:
	Changed use of varargs to be more modern (and actually work on IRIX 6.5)
	Added use of 1.2.3.4/24 style address ranges for access control
		--bbraun
2.1.8.4p2 11/98:
	Fixed stupid error with logging of ip addresses.  
	Pointed out by Todd R. Eigenschink
2.1.8.4p3 11/98:
	Fixed to compile correctly under HPUX
		Includes fixes from Pavel Roskin <pavel_roskin@geocities.com>
2.1.8.4p4 11/98:
	Fixed to compile correctly under BSDi
2.1.8.4p5 11/98:
	Fixed Linux libc5 to work with RPC.
		Pointed out by Frodo Looijaard <frodol@dds.nl>
2.1.8.4p8 11/98:
	Minor jump because I went through many revisions of testing things
	- Fixed littleendian bug with 1.2.3.4/26 style access control
	- Added support for inet_addr instead of inet_aton, as Solaris 2.5.1
	does not support inet_aton.
		Both the previous bugs were found with the help of
			Thomas E. (tht@inlink.com)
	- Went entirely to stdarg.h version of variable arguement handling,
	since some newer platforms doen't handle varargs.h style very
	gracefully.  If this breaks too many older architectures I'll
	ifdef all the old stuff back in...
2.1.8.5 11/98:
	Fixed /tmp/xinetd.dump symlink problem pointed out on 
		BugTraq by Balazs Nagy <julian7@KVA.HU>
2.1.8.5p1 1/99:
	Fixed compilation problems on BSD systems.
2.1.8.5p2 1/99:
	Fixed compilation problems on AIX 4.1.x/powerpc
2.1.8.5p3 3/99:
	Fixed compilation problems on FreeBSD 
		Thanks to  Sascha Schumann <schumann@schell.de>
	Fixed a bug in sio/sprint.c
		Thanks to Steven Stanfield <sstanf@reston.wcom.net>
2.1.8.6b1 4/99:
	Rudimentary administrative interface added (use the service name
		xadmin).
	Supports the "banner" directive, which is the name of the file
		that will be splatted when a connection is denied.
	Has a fixed open() on the dump file that is much better.
		Thanks to Steven Stanfield <sstanf@reston.wcom.net>
	$REMOTE_HOST environment variable is set to the name of the
		remote host.  Currently, if no name is available, it is set to NULL.
2.1.8.6b2 4/99:
	Fixed a problem with shells that don't define $PWD
2.1.8.6b3 4/99:
	Fixed a problem I introduced with automagic port selection
	If both a port and a protocol are specified, no checks are done.
		xinetd will believe the config, even if /etc/services says 
		otherwise.
	xadmin service is an internal service now, just like tcp echo, etc.
		Use the INTERNAL flag.
	xadmin service now just calls server_dump when a "show run" command
		is executed.
	Added a NAMEINARGS flag, so that you can use tcpd with xinetd.
		Normally, xinetd takes argv[0] from the "server" directive.
		This prevents tcpd from working properly.  Now, you can use
		tcp wrappers like this:
		service telnet
		{
			scoket_type = stream
			protocol = tcp
			flags = NAMEINARGS
			wait = no
			user = root
			server = /usr/libexec/tcpd
			server_args = /usr/libexec/telnetd
		}
2.1.86b4 4/99:
        Added support for libwrap.  Compile with --with-libwrap.  Access 
        checking is done with libwrap (if compiled in) first, then with 
        xinetd's internal access control.
2.1.8.6b5 4/99:
	Some versions of libwrap needed allow_severity.  Added it.
		Changed severity to INFO from WARNING.
2.1.8.6b6 7/99:
	Added ability to use names for the bind and redirect
		functions.  They lookup the name, and use the
		first address it returns.  They only do the
		lookup once.
	Added "interface" as an alias to "bind"
	Fixed potential bug with redirection losing data. 
		Pointed out by Solar Designer
	Fixed potential bug in the parsing of xadmin commands.
		Pointed out by Solar Designer
	Changed default location of the dump file to /var/run/xinetd.dump
		configurable in config.h
	Added Solar Designer's per_source feature.  Allows you to limit
		the number of services spawned per source address.
	Added Solar Designer's supplementary groups fix.
2.1.8.6b7 7/99:
	Updated the make files to not require absolute paths.  This
		will help with people having problems with the LOCATION
		Makefile variable.
	Updated configure to compile properly with Debian's version
		of libwrap and glibc (look for yp_get_default_domain in nsl)
	If banner directive is used, banner is printed regardless of access
		control.  It is actually printed before access control check 
		take place.  banner_success and banner_fail are added to 
		explicitly give a message depending on access control.
	Added banner_success option.  This is a banner that is printed when
		access to the service is granted.  This is before any attempt
		to execute the server has been made.  The service may still fail
		but it will not be for access control reasons.
	Added banner_fail option.  This is a banner that is printed when 
		access to the service has been denied.  This allows you to 
		inform your users that they are doing something bad and they 
		shouldn't be doing it anymore.
	Added max_load option.  This option allows the operator to specify
		the max load at which to run the service.  If the machine 
		reaches the specified max load level, connections are denied to
		that service.  Each service can have a different max_load, and 
		it can be listed in the default service.  Linux is working,
		Solaris is kind of wierd.  Solaris people should try it, but
		don't use it as a real security mechanism yet.  2.6 and 2.7 
		should be fine.  I'm not sure about 2.5.1 and earlier.
2.1.8.7 10/99:
	Fixed per_source to actually work properly.
	Added the NODELAY flag.  This will set the TCP_NODELAY sockopt
		on the socket.  If the service is not a TCP service, then
		this flag has no effect.
	Updated the man page with more explicit definition of the "groups"
		attribute.
	Includes xconv.pl to replace itox.  xconv.pl handles most of the
		inetd.conf files I've seen, including the use of tcpd,
		even though it is recommended that you compile with
		libwrap instead of using tcpd.
	Includes a man page to itox donated by Norbert Veber of Debian.
	Updates to configure and Makefile to better handle the configuration
		of install directories.  Again, changes donated by Debian group.
	Updates to itox to handle user.group syntax and checking on "wait".
2.1.8.8pre1 11/99
	Fixed a problem with the banner_fail parser.
	Added IPv6 support to xinetd.
2.1.8.8pre2 12/99
	Added the option "cps".  This allows you to disable a service if
		the rate of incoming connections is too great.  This number 
		may be set higher than the instances or per_source number.
		This is used as a last ditch measure, if someone is bombarding
		a service, and either 1) logs are piling up because of failed
		attempts, or 2) way too much is happening, ditch the service.
		This actually does a close() on the socket, so nothing is
		listening to that port anymore.  All connections will fail.
2.1.8.8pre3 12/99
	Made the options mask_t an unsigned long long (64bits on x86)
		instead of an unsigned.  xinetd was running out of bits
		to store options in.  Eventually, a real solution will
		need to be implemented, but this works for the short term.
		This may break on compilers that don't understand 
		long long's.  Be aware.  Most modern compilers are ok.
	Added the option "enabled", similar to the "disabled" function.
		If "enabled" is used, only the services listed in the
		enabled line are available, regardless of what other
		services are configured.
	Changed the behavior of only_from and no_access.  First, if you
		specify a host by _name_ in only_from or no_access, a lookup
		happens when a client connects.  The _canonical_ name that
		is returned is compared to the name specified in the access
		control option.  If the _names_ match, access is granted
		or denied.  See the readme for more information.
	Added the ability to specify .domain.com to the access control
		options.  This is very similar to tcp wrapper's method
		of specifying domain access.  If the connecting client's
		reverse lookup returns a name that ends in .domain.com
		then access is granted or denied.  See the readme for
		more information.
2.1.8.8pre4 12/99
	The enable function didn't work.  It worked for one entry, but
		more than 1 entry would not be recognized and xinetd
		would exit with no services available.  I believe this
		has been fixed.
	limits.h is included in parsers.c now, because of LONG_MIN and
		LONG_MAX.  Some setups would automagically include limits.h
		through the other include files, and some wouldn't.  This
		should fix compile problems on those that don't.
	Added a check for sys_siglist in the configuration script.  This
		is better than statically defining #ifdef's in signals.c.
2.1.8.8pre5 12/99
	Fixed numeric addresses being entered in the only_from field.
		host_addr parser was identifying them and marking them as
		HOST_ADDRs instead of NUMERIC_ADDRS.
2.1.8.8pre6 1/100
	Fixed year formatting in log to print 00 instead of 100.
2.1.8.8pre7 1/00
	Fixed the TIMEOFFSET macro in builtins.c so the 'time' service printed
		the correct output.
2.1.8.8pre8 1/00
	Fixed a problem where banners would not work saying "could not find
		banner: bannername<garbage here>".
2.1.8.8pre9 1/00
	The dump file was logging the ip address incorrectly for only_from
		addresses.  For some reason xntoa() was reporting the wrong
		address.  Changed to inet_ntoa, and works fine.
	BSDI 4.1 was not compiling correctly, "inet_ntoa" not found.
		This is because BSDI4.x switched to using bind 8 resolver
		libraries, so you have to include <arpa/inet.h> to #define
		all these functions to __func_name.  
	Some BSD's don't let you set the group permissions of a process to NULL,
		so you get the setgroups(0,NULL) error whenever a connection
		is made.  To avoid this, set 'groups = yes' and be aware of the
		extra group permissions the server may be running with.  A message
		to this effect has been added to the syslog error, so confusion is
		minimized.
2.1.8.8pre10 2/00
	Fixed a syntax error when compiling IPv6 support.
2.1.8.8pre11 2/00
	Always calls no_control_tty().  This then calls setsid(), which
		fixes some problems on FreeBSD.
2.1.8.8 2/00
	Bumped version number.
2.1.8.8p1 2/00
	The setsid() call that fixed problems on FreeBSD caused problems
		with the telnetd on solaris.
2.1.8.8p2 3/00
	Fixed a syntax error in parsers.c that should help people with
		solaris commercial C compilers.  Should also fix some problems
		people have experienced with banner directives.
2.1.8.8p3 6/00
	Fixed a bug in the access lists.  If you specified a host by
		name in only_from, any connection from a host without
		a reverse dns entry would be accepted.

