VShell(R) Server for UNIX 2.3.7 Official -- October 13, 2005 Copyright (C) 1995-2005 VanDyke Software, Inc. All rights reserved. This file contains a VShell product history. It includes lists of new features, changes, and bug fixes sorted by release. For a product description, installation notes, registration, and contact information, please refer to readme.txt (downloaded with this package). Changes in VShell 2.3.7 Official -- October 13, 2005 ---------------------------------------------------- Changes: - The VShell and ClientPack installers for HP-UX 11 now install the gcc libraries needed to run VShell into /usr/local/vshell/bin. It is no longer necessary to install a specific version of gcc to use VShell. Bug fixes: - Error under HP-UX 11 during automatic shutdown of the server (when shutting down the machine). The shutdown messages will no longer display an error caused by calling "stop()" instead of "do_stop()" when shutting down vshelld. - vsh: Typo in SSH1 failed authentication error was fixed. Changes in VShell 2.3.6 Official -- August 11, 2005 --------------------------------------------------- New features: - Support for FreeBSD 5.3 and 5.4. - Support for AIX 5.3. - VSH: Option "-e none" which turns off all escape sequence handling. This is best used with VSH when transferring large binary files. - VSH: Support for SSH1. - VSH: An option (-remote) allowing reverse port forwarding. Changes: - Added "RemoteExecution" to available AccessControl types in the error message displayed during startup when the vshelld_config was parsed or when using the -test_config option. - Port-forwarded data was buffered instead of sent immediately. Corrections were made to the use of TCP_NODELAY to resolve the problem. - Changed "can not" to "cannot" in error messages. - Added the connection ID to the "Transport closed cleanly..." log message. - Clients added support for the authentication type "gssapi-deprecated". - Improved error reporting on host name resolution errors. Bug fixes: - Under HP-UX 11, the vshelld startup/shutdown script used the reserved word "stop" which would cause errors when starting or stopping the server using that script. The script no longer uses the reserved word. - Under AIX 5.x, the VShell installer put startup scripts into the wrong location. Now the startup scripts for AIX 5.x are installed to /etc/rc.d/init.d. - Under AIX 4.x, vshelld failed to start because of missing gcc libraries. The gcc libraries used by VShell are now installed in \usr\local\vshell\lib - VShell crashed if a user who was denied logon access in the vshelld_config file tried the same public-key twice in a row. - VShell did not close connections properly and reached connection limit prematurely when using WinSCP clients. - Cipher AES was not thread safe and caused trouble when using different key sizes concurrently under a heavy load. - The VShell installer would overwrite vshelld_primes.txt if it already existed. - Clients could have resolved "localhost" incorrectly on some UNIX platforms, if there were multiple IP addresses assigned to the client's local machine. - When clients connected using an IP address and other key exchange algorithms were allowed, gssapi was not the preferred item in the key exchange list. - VCP: Application did not check if wildcard download destination directories were valid. Downloads to invalid directories would fail but no error code was returned. Now an error exit code is returned. - VSH: Application could have hung when using Subversion or CVS. - VSH: Application modified large binary CVS transfers. Added "-e none" option to turn off all escape sequence handling. Changes in VShell 2.3.5 Official -- May 12, 2005 ------------------------------------------------ Bug fixes: - VShell would occasionally crash during port forwarding when the channel was being closed. Changes in VShell 2.3.4 Official -- March 17, 2005 -------------------------------------------------- Bug fixes: - Incorrect formatting and spelling error in log message, "User does not have privilege to logon on locally; falling back to network logon". - VShell was not internally consistent in using the client SFTP version to determine correct behavior. - VShell could erroneously log an error saying "operation success" instead of bytes transferred. Changes: - Due to changes to the keyboard-interactive draft, VShell now sends an empty language tag. Changes in VShell 2.3.3 Official -- December 9, 2004 ---------------------------------------------------- Bug fixes: - Under AIX, VShell could spuriously report problems "closing a pipe". - Under AIX, VShell failed to properly load and parse /etc/security/users. Changes in VShell 2.3.2 Official -- September 9, 2004 ----------------------------------------------------- Changes: - Changed vcp's progress indicator to be like vsftp. - When matching algorithm names on the command line, the match is now case insensitive. - Improved vsftp error messages. Bug fixes: - VShell failed to propagate exit code to the client for a command run over channel. - If shell or remote execution was disabled, vsh would hang when connecting. - vsftp would display the incorrect file size for large (~5GB) files. - Updated vsftp usage message to reflect correct syntax for put and get. Changes in VShell 2.3.1 Official -- June 8, 2004 ------------------------------------------------ Changes: - When using password via PAM, VShell now warns users if their password is about to expire. - The default order for host key algorithms is now ssh-rsa then ssh-dsa. - Because multiple non-VanDyke SFTP clients fail to handle newline extensions when using SFTP v3, VShell now only sends newline extensions when using SFTP v4. Bug fixes: - Under Solaris, AIX, and HPUX, a valid license was not accepted. - There was a potential for a buffer overflow when processing an SSH2 packet. Changes in VShell 2.3 Official -- May 6, 2004 --------------------------------------------- Bug fixes: - SFTP session from CuteFTP Pro 6 would not correctly display directory listings in some cases when connecting to VShell for UNIX. The main change was to include only HH:MM if the file is less than six months old, and include YYYY if the file was older than that. Changes in VShell 2.3 (Beta 5) -- April 29, 2004 ------------------------------------------------ Changes: - With AIX 5.2, changed from gcc compiler to native xlC compiler which reduced the number of external library dependencies. Changes in VShell 2.3 (Beta 4) -- April 20, 2004 ------------------------------------------------ New features: - Added a "-restart" flag to vshelld which will check for any fatal configuration errors and restart the server only if errors are not found. If errors are found, errors are reported to the user for correction. - vcp: Now shows a transfer progress indicator for each file being transferred. The format is "34% 208KB 38.8KB/s 00:10 ETA". - vsh, vcp, and vsftp now look (read only) at a common location for host keys before looking in the user's private location. If the host is in the common database but the key doesn't match, the user can accept once. Under Solaris, the location is as follows: /opt/vshell/etc/known_hosts And under all other UNIX distributions, it is as follows: /usr/local/etc/known_hosts Changes: - When a user is in either a "ChrootUsers" or "ChrootGroups" list, they are now also chrooted for SFTP access as well. An exception is if the user is also in an "SFTPVirtualDirectories" list, in which case they are given whatever SFTP access is granted to them by that list. - Formerly, VShell failed to load the configuration if a user specified in "AccessControl" lists or "SFTPVirtualDirectories" did not exist in the system. Now VShell considers missing users a warning and continues to load the configuration anyway (printing a warning about the users that do not exist in the log file). - VShell now uses the path /etc/vshelld.pid under AIX 5.2. Bug fixes: - vsh: Calling "cvs update" caused VSH to hang when there were several files to change. - vsh, vcp, or vsftp, when run from Solaris, could get bus errors and core dump when using the Blowfish cipher. - The installer for HPUX 11 used a path for sh that did not correspond to a traditional version of the Bourne shell. Because of syntax differences between the POSIX shell that was referenced, this caused post installer errors. - The setting "Maximum Authentication Retries" was off by one in VShell 2.3 for both UNIX and Windows. For example, this would cause a user authentication failure after four unsuccessful attempts when the limit was set to five. - Authenticating with public key and encrypted passphrases on Solaris and AIX was not working as a result of not having Twofish support. Now, Solaris and AIX have Twofish support and also public key with passphrase support. - VShell was removing file type information from the POSIX modes field in sftp v3 attribute packets. This caused various failures when interoperating with sftp v3 clients such as OpenSSH, CuteFTP Pro 6, etc. - It was possible to get a random RSA BSafe error when attempting public key authentication with a PuTTY RSA public key. Changes in VShell 2.3 (Beta 3) -- April 8, 2004 ----------------------------------------------- New features: - vcp, vsh and vsftp now accept the argument "-accepthostkeys" to avoid being prompted for host keys when connecting to a host for the first time. NOTE: this should be used with caution, since, if a host key has changed, it will invalidate the ability to detect a man-in-the-middle attack. Changes: - Red Hat, Solaris, HPUX and AIX builds are now using RSA BSafe Cryptographic libraries. - vsftp: the "mv" command allows moving multiple files using wildcards only when the destination is a directory. Previously, it was moving multiple files to a single file if a file was specified as the destination. Bug fixes: - Ticket caching with the latest MIT Kerberos was not supported. This was fixed with the addition of new ticket cache-related function calls. - SFTP attrib extensions were not being processed because of a logic error. - In some cases, SFTP v4 was not sending the correct error messages due to changes from v3. VShell now sends the correct error messages for the version of SFTP in use. - vsftp: When using the -q option, output to the screen was still verbose. Changes in VShell 2.3 (Beta 2) -- March 16, 2004 ------------------------------------------------ New features: - vsh: Added the following escape sequences: ~~ (escape), ~? (list escape sequences), ~R (initiate re-key), ~# (list forwarded ports), ~. (disconnect), and ~^Z (background SSH). - vsftp: Support for multiple files (wildcards) in the following commands: cd, ls, lls, rm, lrm, rmdir, lrmdir, mkdir, lmkdir, chown, chgrp, chmod, mv. - vsftp: Support for using wildcard specifications to move multiple files to a directory. Changes: - vsftp: Now overwrites a file if it exists. Prior to this release, vsftp skipped a file if it existed. - vsftp: By default, vsftp no longer reports @domainname after each user and group name when an "ls -l" command is used. To display the domain, you can use the "-domain" option. - vsftp: Output is given when files are removed. Prior to this release, removing files gave no output. - vsftp: Output from an "ls" command is now sorted. - vsftp: "ls" and "lls" commands without the "-l" flag now list files in a tabular format, if the display is a tty. - vsftp: "ls" and "lls" commands now enter directories that are the result of wildcard expansion. - vsftp: The verbosity of output when putting and getting files was reduced. If a "-v" flag has been specified, VShell displays an additional line for each file logging the throughput of the file. - vsftp: A more useful error is now returned when a directory cannot be removed. - vsftp: Added the command "mv" (was previously "move"). - vsftp: Added the command "chgrp" (was previously "chgroup"). Bug fixes: - VShell required a mutual authentication when using the gssapi-with-mic method. If a client did not also request mutual authentication, VShell incorrectly failed the authentication. - The OpenSSH ssh-agent program unexpectedly aborted when used by VanDyke clients. VanDyke clients use agent when performing public-key authentications. - All VanDyke Software products sent invalid sftp v3 attribute packets. This only affected SSH Communications clients connecting to VShell for UNIX servers. If the client was affected by this, they might disconnect. - vsftp: The "mv" command (a.k.a. move) worked incorrectly if the target was a directory (including . and ..). - vsftp: No filename was given in "put" errors if the file didn't exist. - vsftp: The "vsftp>" prompt was interspersed in intermediate messages in some cases. - vsftp: Wildcards with a local listing did not correctly resolve filenames. For example, "lls *.txt" might return an error such as "No such file or directory". - vsftp: Remove with a directory and a wildcard did not remove any files. - vsh: Verbose output began to stair step after port forwarding was accepted. Changes in VShell 2.3 (Beta 1) -- February 24, 2004 --------------------------------------------------- New features: - Added the ability to create a virtual directory structure for granting fine-tuned control to the UNIX directory structure with SFTP access. - Support for keyboard-interactive authentication method allowing integration with PAM password (for better password support) and to methods like SecurID and Radius. - Wildcard and file globbing support for vsftp and vcp. - Support for AIX 5.2. - VShell can now execute triggers (to call a shell script) after a download file operation has completed. Changes: - Changed vpka to use -p for port, -pw for password, and -passphrase for passphrase to be more consistent with other VanDyke Software command-line applications. - If there is an empty "AuthenticationsAllow" list present, VShell now allows no authentications to succeed. It used to allow all in this case. Bug fixes: - vsh/vcp: The -auth flag was not working for vsh and vcp if more than one authentication method was specified. - When host or domain names are used in connection filters, VShell now does a complete forward and backward lookup to prevent spoofing via a malicious DNS setup. - VShell could crash if a disconnect was sent at the same time a key exchange happened. - The command-line clients vsftp, vcp, and vsh, when installed and run with VShell for UNIX, were not reading the correct license file so that they would not work after the hard expire date even if there was a valid VShell license.