                       User-Visible remctl Changes

remctl 2.2 (2006-09-08)

    Add appropriate casts when passing size_t variables to printf on
    64-bit systems.

    Include <sys/socket.h> in appropriate places for socklen_t on Solaris.

    Make the xmalloc test suite indifferent to filename differences from
    builddir != srcdir builds.

    Work around strange GCC 4.1 behavior on AMD64 that creates a const
    temporary variable in the macro expansion of the W* wait macros on
    glibc systems, causing the build of runtests to fail.  For some reason
    this apparently only affects AMD64.

    Redirect /dev/null into kinit in the test suite so that the Heimdal
    syntax doesn't cause an MIT kinit to hang.

    Try all kinit varients in the remctl client test as well as the C API
    tests.

remctl 2.1 (2006-08-22)

    Set REMOTE_USER in the environment for commands run by remctld, using
    the same value as REMUSER.  This makes it easier to use programs that
    also run as CGI scripts.  Also set REMOTE_ADDR to the IP address of
    the remote host and set REMOTE_HOST to the hostname if available.

    Stop setting SCPRINCIPAL in the environment.  This was for backward
    compatibility with sysctl and it's highly unlikely that anyone still
    cares (not to mention that the value was qualified with the realm and
    therefore didn't match sysctld's setting anyway).

    Properly nul-terminate error replies when using the simplified remctl
    client API.

    Support make check with builddir != srcdir builds.  Thanks to Ralf
    Wildenhues for the help in identifying the issues.

remctl 2.0 (2006-08-09)

    Implement a new version 2 protocol, with automatic down-negotiation
    to the old protocol for backward compatibility.  The new protocol is
    more binary-safe for command arguments, supports streaming output
    from the server, allows distinguishing between stdout output and
    stderr output, has no arbitrary limits on output size, and supports
    persistant connections.

    Document the details of the remctl protocol, both the old version 1
    protocol and the new version 2 protocol, in hopefully sufficient
    detail for anyone else to implement it.

    Don't consider inclusion of empty directories in a configuration file
    an error.

    Add the -P flag to remctld to write its PID to a file when invoked in
    stand-alone mode.

    Add an automated test suite.

    Completely rewrite the build system to use Automake, a supporting
    utility library, separate subdirectories for different parts of the
    source tree, and a wrapper include file for system headers.

    Don't use $< in non-pattern rules, fixing a build error on some
    systems with non-GNU make.

remctl 1.12 (2006-01-01)

    Initialize memory properly when parsing the server configuration file.

    Library probes with --enable-static cannot use krb5-config, since we
    can't distinguish between the Kerberos libraries that should be static
    and the system library dependencies that must not be made static.

remctl 1.11 (2005-12-22)

    Support include directives in remctld ACL files with the same syntax
    and semantics as include directives in configuration files.

    Stop option parsing at the first non-option on Linux (this is the
    standard behavior of getopt on other platforms).  Otherwise, calling
    remote programs that take options is annoying.

    Use krb5-config where available to get Kerberos libraries and compiler
    flags unless --enable-reduced-depends is used.

    Fix builds and installs where builddir != srcdir.

    Initial port to Heimdal.  remctl now compiles but isn't able to talk
    to a server built with MIT Kerberos, so further porting is still
    needed.

    Remove some debugging code for displaying the GSS-API OID as a string
    that isn't supported by the Heimdal API and is of questionable
    usefulness regardless.

remctl 1.10 (2005-12-01)

    Move the -v option to remctl and remctld to -d (debug), since the
    verbose output or logging is only really useful when debugging.

    Add -h (show usage) and -v (show version) options to both remctl
    and remctld and add real option parsing (so combining multiple options
    in one switch should now work).

    Overhaul error and status reporting in remctl and remctld.  Among
    other advantages, this should eliminate any lingering format string
    worries and get rid of the trailing newlines in syslog messages from
    remctld, as well as regularize the text of the error messages and the
    priority of syslog messages.

remctl 1.9 (2005-05-10)

    Fix serious bug with inclusion of configuration directories.  When
    reading any file after the first, remctl would use random bits of
    memory as the file name.

remctl 1.8 (2005-05-04)

    Support include <file> in the configuration file.  Also support
    including a directory, which includes every file in that directory
    that doesn't have a period in the name.

    Support continuation lines (using backslash) in the configuration
    file, and clean up the parser to be more flexible about whitespace on
    otherwise empty lines or comment lines.

    Change the default remctl.conf location to be relative to sysconfdir
    (<prefix>/etc by default) instead of the current directory.

    remctld now only logs the initial connection authentication and the
    argument count if -v was given, reducing to one the number of syslog
    messages per command.

    Improve the remctld man page, documenting all of the supported options
    including stand-alone mode.

remctl 1.7 (2005-02-22)

    Close extra file descriptors before spawning a child process in
    remctl.  The only file descriptors open should be standard output and
    standard error.  This will fix problems with using remctld to start
    long-running daemons; before, remctld would never realize that the
    child process had exited.

    Use select to wait for child output in remctld rather than
    busy-waiting so as not to burn CPU cycles when the child takes a while
    to produce output.

    Document the -p option for the client.

remctl 1.6 (2004-05-18)

    Fix format string vulnerabilities when logging the remote command.

remctl 1.5 (2004-03-04)

    Fix a bug in remctld where it would segfault when trying to check the
    ACLs for a command not present in the configuration file.

    Portability fix to return the exit status of the command in network
    byte order.

remctl 1.4 (2003-11-12)

    Add support for a logmask=n option in the configuration file that
    masks those arguments in the logging output (used when some of the
    options for that command contain private information).

    Add optimizations in the GSS code to do fewer network writes.

    Significant improvements to the Java client.

    Some minor cleanups to logging, installation, and the configure
    script.

remctl 1.3 (2003-07-21)

    Exit with non-zero status if the remote command failed rather than
    always exiting with zero status if the network exchange worked
    successfully.

    Adjust logging priorities and include some additional information in
    the log of the command.

    Improved the README and added a make dist target to the makefile.

remctl 1.2 (2003-04-04)

    Read from both standard out and standard error of the spawned command
    in turn to better prevent deadlock.

    Set the REMUSER environment variable to the remote authenticated user
    (and continue setting SCPRINCIPAL as well for backward compatibility).

remctl 1.1 (2003-02-28)

    Add an snprintf implementation for systems that don't have it and use
    it for log messages.

    Additional fleshing out of the Java client.

    Lots of code cleanup and style fixes.

remctl 1.0 (2002-11-22)

    Initial release.
