Brief history of changes made to this software:

March 1997 to present - FWTK 2.0+

	Add "pdf" to list of binary file types in http-gw

	Fix typo in syslog.c that was causing builds to fail
	when USE_UDP_SYSLOG defined

	Fix syslogd signal handling botch that leads to syslogd
	crash.

	Correct SYSV switching in smap to remove wait3() reference

	Fix off-by-one check in syslog 

	Fix skey prompting

	Fix authsrv "onetime" parsing/setting

	Correct tn-gw daemon argument processing

	Fix hostmatch() core dump

	Read plug-gw rules using service name, then "plug-gw"

Fixes since 2.0a beta:

	Add patches for AIX 3.x from Pavel P. Zabortsev <ppz@cdu.elektra.ru>

	Fix plug-gw service name rules to look for "plug-gw" lines if
	there's no service name lines.

	Fix various compile warnings and typos found during test.

September, 1996 to January 1997- FWTK 2.0
	Fixes to Linux makefile configuration to try to support
	more variants of Linux. (Especially the dbm library.)

	Clean up README references - especially to suggested mail
	addresses.

	Fix authadduser.sh argument order (the "password" command was
	reversed.)

	Always warn when authdump/authload can't read netperm-table.

	Fix syslog() calls to limit string lengths to avoid buffer
	overflows.

	Fix several buffer termination bugs in authload

	Fix command abiguity bug in authmgr/authsrv

	Remove gets() call in authmgr (replace with fgets() call)

	Fix buffer overflow possibility in authmgr password change

	Rationalize authsrv time checking code

	Fix "enable user one-time" command

	Fix wizard checking in list commands so it works as expected
	(group wizards can check their group only.)

	Clean up authsrv client IO module

	Fix authsrv database routines to open/close when necessary;
	make sure files are closed when done.

	Add SCO5 and OSF/1 conditionals and configuration files

	Allow ftp-gw to be a daemon on other than the normal FTP port

	Fix ftp-gw telnet options processing for IAC IAC, etc.

	Add additional characters to the http-gw reserved list
	(characters that http-gw doesn't change in URLs.)

	Change all http-gw FTP users to "http-gw@host".

	Add "%m" to several http-gw error reports so more detail is available

	Fix netperm-table reader so an unterminated last line in the
	netperm-table is not fatal

	Add hostname length checking in DNS calls

	Fix character set bugs in enargv(); correct several parsing
	errors.

	Improve portability of getpassword() code

	Don't allow empty string to map to UID 0 (root)

	Fixes for syslog() overflow bugs - make buffer static (not on
	the stack), increase buffer size. On overflow bail out.

	Fix port handling in plug-gw so that the target port number is
	not overwritten

	Fix plug-gw destination permit handling

	Fix smap message limit code (552, not 550).
	Correct smap end-of-message handling.

	Change smapd child handling to not use SIGCHLD - poll
	when processing messages instead.

	Properly parse addresses (including route addresses) for
	bad formats. Allow "/" with following whitespace.

	Allow "-daemon" for telnet-gw to permit listening on other
	ports (not just 23).

	Fix telnet options processing

	Fix invalid timeout handling in tn-gw (don't change the timeout).

	Don't allow tn-gw options buffer to overflow

	Remove "mercury.hsi.com" from deny-summ.sh reporting script.

	Fix syslogd signal handling to allow POSIX signals

March, 1996 to September, 1996 - FWTK 2.0 beta

	Centralize configuration differences in Makefile.config and provide
	example copies for BSD/OS, SunOS, Solaris, HPUX.

	Update BSD "fixmake" script to reference Makefile.config, not insert
	it (so that edits to Makefile.config don't require a redundant
	fixmake unfix;fixmake pass).

	Fix porting problems on Solaris, HP-UX.

	Apply authsrv bug to permit extended auth to work

	Fix ftp-gw messages to remove extra null character

	Correct ftp-gw deny message to log then correctly report the
	denial to the client

	Add "+" to list of HTTP reserved characters

	Increase max URL length to 4096 bytes

	Add Carl Claunch's java/javascript/ActiveX filtering to http-gw

	Fix net_write to not error out on zero byte writes

	Block persistent connection attempts

	Upgrade http-gw internal icons (fix Netscape bug)

	Make peername unknown non-fatal

	Background proxy and become process group leader when operating
	a proxy in '-daemon' mode

	Add pattern matching for a single IP address digit (?)

	Fix IP options checking to not hardwire FD 0

	Add ssl tunneling support to http-gw (-ssl on plug-gw line in
	netperm-table).

	Remove trailing nulls in rlogin-gw messages

	Handle overlong host addresses in rlogin, tn-gw

	Add missing newline to smap "Received" line

	String backquotes from mail addresses

	Fix smap temp file handling

	Update smapd waiting to allow multiple children

	Update smapd error handling to minimize looping messages

	Update bad address parsing code to allow additional valid addresses

	Update tn-gw echo negotiation to avoid connect hangs

	Remove trailing nulls from message strings in tn-gw

	Fix "printf" vs "sprintf" botch in x-gw

	Correct x-gw message handling (add newlines, etc.)


Nov 5, 1994 to March, 1996 - Fixes to V1.3
	Changed to allow System V (Solaris) compile

	Fixes to authsrv/authmgr to replace password prompting with
	our own routine (allowing > 8 char passwords) and to permit
	an authorization routine more flexibility in prompting.

	Properly handle too-long lines in netperm-table

	Handle multi-homed hosts in connects (try each address until one
	works).

	Allow all proxies to run as daemons (no longer need to use inetd)

	replace sys_errlist[errno] references with strerror() calls for
	portability.

	Fix urgent handling to use proper fd in SIOCPGRP ioctl call

	Add strerror() and inet_ntoa() source to libfwall directory for
	systems that don't have them.

	Add option to rlogin-gw to automatically start an X session.

	Add timeout processing to rlogin-gw.

	Fix SMAP to allow multiple deliveries in a single transaction.

	Correct SMAPD error/exit handling.

	Make peername() return non-zero on failures.

	Remove duplicate entries in ftp-gw operations table.

	Correct netacl setuid() using a group id (call setgid instead).

	Fix smapd file mode check.

	Fix smapd empty file warning message to not report errno when
	inappropriate.

	Fix ftp-gw cpu loop on connect failures.

	Ensure ftp-gw deny messages get syslog'd.

	http-gw: Fix incorrect quoting in split anchors.

	http-gw: Fix incorrect handling of bad URLs with three / chars

	Use proper fd when querying peername in x-gw.

	Fix http-gw FTP directory listing to strip "*", "@", etc. from
	listings

	Fix core dump when smapd tries to report an unexpected envelope.

	http-gw: disallow embedded newlines in gopher URLs

	Fix stuck http-gw processes (waiting for a read that will never
	complete).

	Add security proxy handoff to http-gw

	Add common default timeout definition to firewall.h

Feb 21 - Nov 5, 1994  - Fixes to V1.2
-------------------------------------

	Added DISCLAIMER -- READ it.

	Added much better header parsing code to smapd (by Wietse Venema)

	Added http proxy

	Added X-windows gateway, and x-gw option in tn-gw and rlogin-gw

	Took out the "loghost" option in syslog.c

	Modified smapd to do more sensible things with its queue. It
	will now keep a limited number of children going at a time,
	and will not completely bury the system on startup after a
	delay.

	Fixed netperm-table reading code to handle all blank lines.

	Fixed timeout code in ftp-gw to be more forgiving of systems
	that decrement the passed timeout value.

	Revamping of Makefiles to include a master Makefile.config.
	Please see comments in Makefile.config.

	Added ip-options detection based on 4.4bsd sources for rlogind.

	Moved the "struct direct" configuration option for smapd into
	firewall.h -- see the comments near where it says DIRECT_STRUCT

	Added improved(I hope!) options negotiation that works better
	with TN3270 and other telnet clients.

	Added checksum printing code to snkkey.c

	Moved the smapd compile directive to scan for bad addresses
	to firewall.h -- see the comments near where it says
	SMAPD_SCANBADADDR

	Clarifications: system log entries now are tagged with
	relevance strings for sorting and searching. If the system
	log entry contains the word:
	"securityalert" -- it's probably something you want to know about
	"fwtkcfgerr" -- a firewall toolkit component thinks it is misconfiged
	"fwtksyserr" -- something in how the fwtk uses the O/S failed in
		a mission-critical way
	Using facilities and levels would be easier but this guarantees
	that other system alerts won't clash with toolkit notices.

	Changed Makefiles to rely on top-level FLAGS and AUXLIBS
	parameters. This makes it easier to add global system
	libraries such as -lresolv or -lsocket, etc.

	Updated README

	Fixed ordering bug in search for permitted destinations
	in cmd_passthrough() of ftp-gw

	Fixed byte count not getting updated by tn-gw when in
	raw mode

	Fix to reset curbytes and currecip in smap upon start
	of new message body (DATA command)

	Added FWTK_VERSION string to firewall.h and included a
	reference to it in lib/config.c, which is linked into
	just about all components of the toolkit. Do a:
	strings file | grep -i toolkit
	to extract it

	Fixed minor pointer problem with "localhost" mapping in ftp-gw

	Added deny connect logging to tn/rlogin/ftpgw

	Added ftp-gw summarizer

	Fixed minor problem in auth/db.c where it failed to check for
		an already closed db in authload

	Added authdump and authload to "make install" target for auth

	Fixed loop drop-out in tn-gw where it failed to let you change
	your s/key password [Remy.Giraud@meteo.fr]

	Modified ftp-gw to exit and log an error if given improper
	configuration options.

	Made authsrv log at LFAC instead of LOG_USER

	S/key challenge now uses spaces instead of quotes, for termkey
	users. (nmh@thumper.bellcore.com)

	Revampment of reporting scripts in tools/admin/reporting


Oct 29, 1993 - Feb 17, 1994 - Fixes to V1.1
-------------------------------------------

	Added a general purpose routine for setting out of band
	signalling (HP/UX and SunOs do it differently). See
	firewall.h

	*updated* user's guide, admin guide, and overview slightly.

	Support rand() interface for systems too crippled to use
	random()

	Changed mapu() to better named mapuid() and added ability
	to set group values as well.

	Included AIX authentication module to talk to auth server.
	(Morten.Hermanrud@ibmuio.uio.no)

	Added support for Enigma Logics Silver Card. (AUTHPROTO_ENIGMA)

	Updated version numbers in rlogin-gw, smap, tn-gw, ftp-gw.

	Changed smapd to fopen() files with "r+" -- System V
	file locking requires [at least on SCO] seekability
	on the file. smap does not share this problem if
	using the provided version on mkstemp().

	Removed unnecessary berklisms (fchmod and ftruncate) from
	smap in an attempt to make it more agreeable to sysV machines.

	Fixed minor oversight in options processing in oktotalkto()
	in tn-gw

	Fixed array offset bug in stash_option in tn-gw

	Fixed "password" length compares in source and docs

	Added update to securid client side to work with latest ACE software

	Fixed ftpd to not permit users without password entries to attempt
	to login

	Added hook into ftp-gw to check for command argument to treat
	as a username. This, combined with an ftpd that supports it permits
	ftpd to exec the ftp-gw if it finds an '@' in the user name.
	Added changes to the user() command in the ftpd in tools/server/ftpd

	Added "user@" through proxy to explicitly mean "localhost"

	Added logic to strip first null byte if first byte is null going
	through telnet proxy. This appears to be a bug in some versions
	of telnet, but the exact nature of it remains unknown. The null
	byte was confusing to some telnet servers, so this appears to be
	an effective, inexpensive, though somewhat ad hoc patch.

	Fixed login-sh to set $SHELL environment variable

	Removed truncation bug in tn-gw that chopped long destination
	names at 20 chars

	Fixed an exit(1) in login-sh that should have been return(1)

	Added welcome banner to rlogin-gw


Oct 22-29, 1993 - Fixes to V1.0
-------------------------------
	Fixed synchronization problem with how FTP proxy talks to
	the authentication server.

	Changed all proxies that use authentication (rlogin-gw, tn-gw,
	ftp-gw) to exit if they have an incorrectly configured option. 
	This was deemed proper, since if someone wants to configure
	authentication, and doesn't get the syntax correct, the proxy
	should fail to work at all, rather than working without using
	authentication.

	Changed rlogin-gw to reset local user identity to whomever the
	user authenticated as, if using authentication server.

	Fixed local/global declaration of confp in crypto/cliio.c

	Re-arranged parameter order for password command in authsrv to
	match order of other commands. Somewhat beefed up diagnostic
	messages.

	Major revamping of how tn-gw lies to the client. No more timers
	and all that stuff. I don't know why I didn't think of doing it
	this way before. Works lots better.

	Made the FTP proxy a little more flexible in its handling of
	responses to challenges. It turns out that challenges with
	whitespace in them make some FTP clients unhappy, which
	raised all manner of quoting issues.

	Made FTP proxy handle "USER" command more sensibly with
	authentication, to replace the somewhat awkward "quote auth user"
	approach.

	Updated docs. Added words on rlogin proxy to user's guide.
	Adjusted man pages.

	Removed logentry and logfile options from smap and netacl.
	Everything should use one logging mechanism: syslog.

	Fixed return() that should have been continue; in login-sh,
	which caused it to exit on comments.

	Fixed handling of "baddir" in smapd.

	Changed auth server issuance of bogus challenge to be optional.
	This means that the auth server protocol now must recognize
	that the responses to an "authenticate username" may now be:
	password
	challenge challengestring
	<other text>
	Where the other text is some form of error message. This change
	was reflected in tn-gw, rlogin-gw, ftp-gw, ftpd, and login-sh
	as well as the documentation.

	Added comment to auth protocol, to permit proxies to give
	better logging information to the server. Now all proxies
	send:
	"authorize username 'comment'"
	which is logged. This entailed changes to authsrv and all
	clients. Change is backwards compatible with existing code.

	Added out of band signal support to rlogin-gw so that window
	size changes now propagate correctly. Note that some systems
	without fcntl F_SETOWN will now have to adapt code.

	Added hooks to drop tn-gw into a "raw" mode when talking to
	non-telnet ports through the proxy. This works OK with many
	versions of telnet but some do not function properly because
	they are broken in the first place (Sun's PC-NFS telnet
	client doesn't map cr/lf right)

	smapd's notion of where the sendmail executable resides is
	now configurable.

	Fixed offset bug in -dest !hosts in tn/ftp/rlogin-gw and documented
	the '!' hosts feature (which was present but broken and undocumented
	in V1.0)

	Added more sample config files to config, including some samples from
	TIS' bastion host.

	Changed smap/smapd to no longer operate on publicly readable
	files.

	Added a sleep timeout to authentication failures (see "badsleep"
	in the man page for authsrv. Instead of locking a user account
	permanently, by configuring badsleep, you can disable account
	locking, or set it to a 5 minute (or whatever) lockout.

	Added "SCANBADADDR" option to smapd. If this is configured in
	the smapd makefile, it will perform a draconian translation
	of all '|' characters found in the message envelope (not header)
	to '#' characters.

	Fixed a bug in how "unknown" was processed.

	Fixed conn.c to check rbuf != null, which caused a core dump. :(