1.2.2:
	* make tmp file directory a compile time option
	* fix minor bugs in tmp file allocator (potential memory leak,
	  double slash if root directory)
	* obsolete testpipe script removed 

1.2.1:
	* fix memory alignment in rijndael-api-fst.c: blockEncrypt()
	* fix byte order in HMAC code (compatibility fix for Linux/HP-UX)
	* removed a debug fprintf()

1.2.0:
	* fix a bug in the HMAC implementation (thanks to Cesar Tascon
	  for help in tracking down this one)
	* module to check the file system for SUID/SGID files

1.1.16 (never released):
	* fix the recursion depth -1 option as described in the manual
	* optional database reload on SIGHUP
	* fix a race condition when checking that /dev/random is a charakter
	  device
	* redirect stderr to /dev/null for c_random 
	  (AIX may segfault in netstat...)
	* check whether /dev/random is a charakter device in c_random.sh
	  (we know at least one sysadmin who has set up a fake /dev/random ...)
	* don't give NULL as 2. and 3. arg to execve if not Linux - some
	  Unices (notably Solaris) don't like it
	* init ptr = NULL in my_malloc (compiler warning)
	* make the bitmask for tests configureable (suggestion by A. Dunkel)
	* make the bitmask for tests a static variable
	* make (database/logfile/lockfile) path configurable
	  (to run multiple instances of samhain from an NFS share - on the
	  wishlist of J. Patton)

1.1.15 (never released):
	* fix minor error in testcompile.sh (rm test_log only at start)
	* return from subroutines on sig_terminate == 1 
	  (faster exit on SIGTERM)
	* fix re-configuration of addresses
	* use sh_util_flagval() in sh_mail_setFlag and sh_kern_set_activate
	* SysV message queue as compile option
	* config file option to set console device
	* removed the pre 1.1.9 code bloat
	* don't print the LOGKEY to the console

1.1.14:
	* fix an error in the setup consistency check
	* make target to uninstall runtime files
	* trustfile.c: check return code of readlink(), fix off-by-one error
	* sh_files.c: fix placement of terminator after readlink() call
	* sh_files.c: fix a missing set_suid()/unset_suid()
	  - suid should work, but is not recommended -
	* more debug statements in c/s code
	* avoid re-entry in sh_unix_sigexit
	* put a block around free() and malloc() in wrapper functions
	* ditto for glob()/globfree(), regcomp()/regfree(), fdopen()/fclose()
	  - i.e. avoid corrupting the heap from a signal handler -

1.1.13:
	* optimized the size of the configure script somewhat
	* modify the compile and hash test scripts
	* read '\0's in sh_unix_getline
	* exponential schedule for connection attempts
	* make stealth working properly with signed files
	  - config file should be signed now before embedding in picture -
	* fix a race in using signed files
	* updated err messages for PWNULL, GRNULL
	* add missing shell script for test 11
	* add mandatory source file/line info with -p debug 
	* add mandatory source line info with BADCONN
	* fix a latex error in the manual

1.1.12:
	* debug output to console if compiled with --enable-debug and
	  running as daemon
	* make reportonlyonce=true the default
	* make sure state changes of a file are always reported, even
	  with reportonlyonce=true
	* Linux kernel modules (samhain_hide, samhain_erase)
	* fixed incorrect return value of sh_util_flagval
	* fixed an error in sh_files.c: happens with -t init and first
	  file that is checked does not exist 
	* revised install/uninstall targets in the Makefile
	* module to check for clobbered kernel syscalls (tested on Linux 2.2)
	* more diagnostic error messages in sh_gpg.c
	* more diagnostic error messages in sh_mail.c
	* error in mail.c fixed 
          (address -> address_list[i] for multiple recipients)
	* docs updated, better(?) explanation of signed files
	* skip over path in gpg checksum output
	* check client name against IP address and FQDN
	* fix for --disable-* in config file
	* fixed a server crash (MSG_TCP_OKMSG without arg)
	  if the server is run with debug level output threshold
	* catch EAGAIN in sh_gpg.c pipe reader
	* fix the 'external logging' test to make it work on BSD 
	* error message if no local path to init DB
	* check for i86/Solaris in configure (vsnprintf prototype)
	* make SRP the default

1.1.11:
	* make log file verification more convenient
	* fix problem with message classes in stealth mode
	* linux: do not try to read file attributes for devices
	* handle the root directory correctly (avoid "//" in listing)
	* fix problems with blockin on FIFOs/char dev 
	  pointed out by I. Rogalsky (rog@iis.fhg.de)
          - open in nonblocking mode for read, then set to blocking
	  - open file only if regular
	* fix alignment in memory profiler

1.1.10:
	* minor code cleanup
	* fix an error in trustfile.c (handling of empty/incomplete 
	  group entries in /etc/group, bug report by A. Capriotti )

1.1.9:
	* compatibility option for old behaviour (plain hash instead
	  of HMAC, ECB instead of CBC mode)
	* use CBC rather than ECB mode for encryption
	* use HMAC-TIGER for message authentication codes
	* handle NULL data in sh_tiger_hash
	* option to set syslog facility (default is LOG_AUTHPRIV)
	* longer timeout (300 sec) on /dev/random if no /dev/urandom
	* fix minor output error with stealth option
	* option not to log names of config/database files on startup

1.1.8:
	* fix error in syslog routine
	* fix missing 'test' in configure.in
	* fix error in replace_tab() in sh_html.c
	* fix minor memory leak in sh_util_regcmp()

1.1.7:
	* timeout on read_mbytes (from /dev/random; fallback to /dev/urandom)
	* fix for FreeBSD: ut_user -> ut_name in sh_utmp.c
	* fix for Alpha: consider $ac_cv_sizeof_unsigned_int_ in configure.in
	* fix for Alpha: format string in sh_tiger0.sh
	* on Linux, now compiles cleanly with 
	  -Wall -W -Wstrict-prototypes -Wcast-align
	* fix problem with recursion depth
          (pointed out by Vic <hvicha@mail.ru>)
	* #include "sh_tools.h" in sh_unix.c and fix the 
	  --with-timeserver option (reported by Vic <hvicha@mail.ru>)
	* place read_port(), MSG_TCP_NETRP outside ifdefs
	* close fd/zero skey before execve
	* verify client name against socket peer
	* ... with configureable error priority
	* use strcmp() rather than strncmp() in search_register()
	* fix race between lstat() and open() for checksum
	  (reported by dynamo <dynamo@ime.net>, 
	  JJohnson <JJohnson@penguincomputing.com>)
	* enable globbing for filenames
	* fix Solaris problem: siginfo_t may be NULL
	* fix missing SL_EBADGID in tf_trust_check
	* test case for external scripts, fix flushing pipe
	* fix a typo in sh_ext_type
	* do an fdexec w/checksum on Linux if calling external program
	* even safer tmp file creation
	* allow db update
	* fix compile options for --enable-debug
	* fixed a spelling error in the output
	* test program for full CS support (config/database download)
	* tell which file is searched for cs download

1.1.6:
	* fix bug in sh_readconf_line (segfault on erroneous config lines)

1.1.5:
	* sh_unix.c: sh_unix_getinfo_attr: f -> flags
	* use gettimeofday as last resort
1.1.4: 
	* fix AIX compiler warning in sh_forward (cast arg1 of sh_tiger_hash
	  to (char *)
        * configure: add static link flags for some more os (from tar)
        * don't strip twice (some stupid systems abort)
        * fix for reading from /dev/random on non-Linux systems (untested)
        * sh_mail.c: end all message lines with \r\n
	* stealth: ignore \r, \"
	* take out tracing from --enable-debug (presently useless anyway)
	* fix some remaining cleartext with debug && stealth combined
	* fixed a small memory leak in sh_err_log.c

1.1.3:
	* fixed circular logic in taus_seed() (fallback method only)
	* fix for missing _SC_OPEN_MAX (runaway close())

1.1.2:
	* implement message classes
	* let server recognize client message severity and class
	* secondary log server
	* keep database in memory (allows to close file 
	  if retrieved from server)
	* encrypt client/server communication
	
1.1.1:
	* Compilation problems with native Solaris compiler fixed
	* fill in euid/ruid variable
	* manual.pdf --> MANUAL.pdf
	* debug sh_util_formatted()
	* http refresh 120sec for server stat page
	* trace/debug options
	* fixed problem with utmp.c options
	* fixed problem with sh_mail_setaddress
	* option for custom message header
	* fixed problem in compdata
	* fixed problem in mail verification
	* remove eventual trailing '/' in file names
	* fixed problem with report string for modified files
	* option to report in full detail
 
1.1.0:
	* Move error messages to catalog
	* Make error message format more uniform
	* Wrap sytem calls that could be interrupted by signals
	* Warn on append to database
	* Option for full details on mod. files
	* Option to report only once on mod. files
	* Generally speaking, major modifications with potential new bugs

0.9.5:
        * sh_hash.c: fixed erroneous checksum for config file
        * sh_html.c: fixed erroneous timestamp (last)
        * sh_tools.c: fixed connect_port (set port for cached address)
        * sh_srp.c: fix for '00' (='\0') in pw
          (last two fixes by Andreas Piesk)

0.9.4:
        * samhain.c: fcntl(1, ..) -> fcntl(2, ..)
        * sh_hash.c: copy 12 instead of 10 byte for c_attributes
        * 'empty directory' WARN -> INFO

0.9.3:
	* FreeBSD fixes:
	  - c_random.sh: make sure /dev/random provides something 
            rather than nothing
	  - check for <netinet/in.h> and include it
	  - include <sys/types.h> early
          - sh_utmp.c: fixed an occurence of ut_user
	  - sh_utmp.c: #ifdef HAVE_UTTYPE static char terminated_line #endif
	  - sh_forward.c: EBADMSG -> ENOMSG
	* sh_unix.c: check return value of gethostbyname
	* sh_entropy.c: fallback on /dev/urandom if /dev/random blocks for
	  more than 30 sec
	* ... and fix the timestamp format ...

0.9.2:
	* ISO 8601 timestamps
	* Bugfix in sh_utmp (timestring overwrite)
	* don't use siginfo_t on Linux (garbage as of 2.2.14)
	* check for Linux capabilities bug when dropping root
	* include README for gcc compiler bug (pointed out by A. Piesk)
	* explicitely set -fno-strength-reduce with gcc
	* fixed ignoring missing files with the IgnoreAll policy

0.9.1:
	* more ext2flags (breaks backward database compatibility on Linux)
	* IgnoreAll policy modified - missing/added files reported with
	  SeverityIgnoreAll (to handle files that may or may not be present)
	* Check all files, not only regular ones 
	  (bug in sh_files, originally introduced because checksum of
	  regular files only is computed)

0.9:
	* use O_NOATIME if supported
	* --with-nocl takes argument (PW to re-enable CL parsing)
	* no daemon mode if initializing database
	* fixed segfault in yule with 'unknown file type' request
	* enlarged MAX_GLOBS 24 -> 32 and made the array linear
	* server uses last registry entry for any given client now
	* deploy.sh script to deploy clients to remote hosts
	* enhanced signal handling: SIGUSR1/SIGUSR2/SIGABRT/SIGQUIT/SIGHUP
	* allow y/Y/n/N for login monitoring (in addition to 0/1)
	* external logging scripts/programs
	* trustfile.c: define STICKY on Linux
	* reset signal mask when initializing
	* EINTR_RETRY wrapper
	* slib: sl_read, sl_write EINTR update
	* use sstrip when installing
	* more compact database format (breaks backward database compatibility)
	* larger download packets
	* TcpFlags unsigned char
	* cast to (char *) head in write_port
	* m(un)lock cast to (char *)
	* (1 << 31) --> (1UL << 31)
	* support e2fs attributes on Linux
	* fixes for AIX and Solaris native compilers
	* fixed Makefile for non-GNU make (pattern rule --> suffix rule)

0.8.1:
	* fixed 'is_numeric()' return value	

0.8:
	* added option for static compilation
	* added option for stealth with non-hidden config file
	* added option for disabling command line parsing
	* all options can be set in the configuration file now
	* stealth: xor strings in database file
	* fixed bug in mailer code ([] in HELO)
	* print timestamp when asking for key
	* 'micro' stealth mode (no hidden configuration file)
	* simplified slib
	* int->long for uids/gids in trustfile
	* moved mailkey from data to code
	* shell script for entropy (stronger default key)
	* general code cleanup
	* better error checking in client/server code
	* detect out-of-sync messages
	* check state across protocol passes in server
	* make sure authentication is mutual
	* file download to client
	* reserve six file descriptors in server
	* mlock queue buffer if LOG_KEY
	* improved robustness in bignum (don't fail on free())
	* per-directory recursion depths
	* RFC821 compliance: empty line at end of header, To field, Date field
	* RFC821 compliance: make e-mail transfer relieable
	* fix detection of hardlink changes
	* checksum verification for calling gpg/pgp 
	* CL option '-S' not required for server-only binary
	* eliminate CL options that may leak privileged information
	  if the program is SUID
	* skip leading white space in configuration file
	* allow nested conditionals in configuration file
	* allow whitespace before and after '=' in configuration file
	* don't leak file descriptors to child processes
	* make message transfer relieable
	* always report error on abnormal termination of connection

0.7:
	* support for alpha machines
	* stop TCP logging after exit message
	* limit connections in server (DoS attacks)
	* move string handling to slib
	* move file handling to slib
	* timestring without space
	* changed report format
	* SUID bugfix - use euid when checking logfile ownership
	* SUID bugfix - get root for lstat()
	* SUID bugfix - get root for opendir()
	* store number of hardlinks
	* send no message if polling empty queue
	* include tiger 64-bit implementation             (portability)
	* codes for error conditions
	* mail check: handle multiple, overlapping audit trails
	* security fix: no append to database if SUID
	* fix sh_entropy.c (BUFSIZ -> BUF_ENT)
	* read command line before config file
	* PGP signing of config/database files
	* checksum of config file reported
	* checking for attributes only

0.6:
	* more syslogish priority specification 
	* fixed segfault in sh_mem_check, apparently this was also
	  the reason for the segfault in atexit()
	* allow for compilation with SRP authentication
	* fixed tiger checksum computation
	* fixed broken logfile verification for second and further audit trails
	* test program added
	* documentation improved
	* sh_forward_make_client: bug fixed in[8]->in[i]
	* sh_error.h: fixed missing #include <errno.h>
	* configure.in: fixed missing strerror() test
	* sh_utmp.c: check logins/logouts
	* check for missing files
	* only reset access time if necessary
	* O_EXCL in open()
	* limit environment to TZ in execve (sh_entropy.c, not used on Linux)
	* use trustfile() to determine whether logfile dir is trustworthy
	* strip head instead of tail for numerical address
	* store messages in fifo during log server outage
	* re-init session key after server outage

0.5:
	* added option for mail relay server
	* own popen() implementation in sh_entropy()      (portability)
	* fixed error in sh_util_basename() (returned NULL for base == "/")
	* fixed segfault in strlcpy/strlcat (check for src == NULL)
	* FILENAME_MAX -> PATH_MAX                        (HP-UX 10.20)
	* use TIGER for 32-byte compilers                 (portability)
	* fixed hash function (do not include stdlib.h)
	* flush buffer before write in mailer code        (IBM AIX 4.1)
	* make mailer code non-forking
	* cast argument of is...() to int                 (portability)
	* return() after _exit() for braindead compilers  (portability)
	* optionally use inet_addr                        (portability)
	* check for broken mlock()                        (HP-UX 10.20)
	* minor code cleanups
	* fixed incorrect size of munlock()'ed memory in sh_error_string()
	* fixed a buffer overflow in the error printing routine
	* fixed a buffer overflow in sh_util_safe_name ()
	* implement SRP session key exchange
	* implement client/server facility
	* implement @host/@end construct in configuration file
	* preferably use uname(), and do gethostbyname() for FQDN
	* make vernam cipher base numeric
	* make OnlyStderr private in sh_error
	* test -e "/dev/random" --> test -r "/dev/random" (portability)
	* check for libsocket                             (portability)
	* add #defines for IPPORT_SMTP, IPPORT_TIMESERVER (portability)
	* eliminate superfluous /proc test 
	* some unreachable code removed
	* cast to (byte*) replaced by cast to (word64*) in sh_tiger_hash()
	* check for setresuid() if no seteuid()           (HP-UX 10.20)  

0.4:  
	* make sure output from /dev/random has no NULL's
	* one-time pad encryption for emailed keys
	  (better than nothing ...)

0.3:
	* logfile readable for group
	* verify signatures for any file
	* signature block in tarball
	* use select() in time server routine
	* better protection for session keys (mlock)

0.2:
	* fixed incorrect man page
	* fixed incorrect example rc file
	* recursive error logging should work now

0.1:
	* initial release -- on Samhain 1999, of course
