Sun Feb 4 14:44:39 PST 2007 0.9996 - Ignore SIGTERM, because an orderly shutdown sends this signal, and we have nothing to clean up anyway, and sometimes a system will go into limbo during shutdown, so we want to be around if that happens. Sun Feb 4 16:46:25 GMT 2007 0.9995 - Conditionalized mlockall() use on _POSIX_MEMLOCK - Added DragonFly BSD support, despite DragonFly's lack of a true mlockall() Wed Oct 11 10:47:25 PDT 2006 0.9994 - Eliminated whrandom usage. - Added slightly more entropy when /dev/random, /dev/urandom and prngd are all unavailable Tue Aug 16 20:48:01 PDT 2005 0.9992 - If entropy is all used up, then get some more, instead of exiting Sun Mar 27 17:06:00 PST 2005 0.9991 - Eliminated hardcoded "-ansi -pedantic -Wall" to improve gcc indepence. Tested with tcc on Fedora Core 3. - Moved openssl/evp.h check before EVP_DigestInit check, again to improve tcc (non-gcc) compatibility Fri Mar 25 06:48:48 PST 2005 0.999 - Ported to FreeBSD. Probably will also work on DragonFly (minus proper mlockall(), which is a NOOP?) and NetBSD. I wonder about OS/X :) Port was done with QEMU. - reboot functionality, which is very OS dependent: #ifdef's now #define a REBOOT_FOUND symbol, rather than #else'ing ad nauseum. Someday this stuff should be sorted out by autoconf though. - /usr/local/bin on $PATH in S22fallback-reboot - Information in "Porting" file expanded a bit - Modified fallback-reboot-client to only prompt and turn off echo if it's on a tty. Mon Mar 7 10:50:39 PST 2005 0.998 - DEBUG cpp symbol renamed to AUTH_NO_REBOOT - DEBUG2 cpp symbol renamed to VERBOSE - AIX uses plock() instead of mlockall() now - install-bufsock knows how to set the $PATH more broadly, to be more likely to pick up a python executable - Note: this release not announced on freshmeat. - Jacked entropy collection to 10000 instead of only 100 Sun Mar 6 21:16:03 PST 2005 0.997 - added /dev/random and prngd support to the daemon. The daemon still doesn't support time+pid, and may never :) - fixed a bug in time+pid seed method in gen-pas - Split out rc script install and bufsock.py install into their own shell scripts, to keep the Makefile simpler. Also, these installations are done still more flexibly now - IE, they know about more directories that are good candidates for install - ported to AIX 5.1, partially using IBM's linux source compatibility, which extends to reboot methods - ./configure understands --with-prngd-port=12345 now. Defaults to 708, which I believe to be the most common TCP socket for prngd, and is what used to be hardcoded - ./configure understands --with-fallback-reboot-port=54321 now. Defaults to 3002, which is what used to be hardcoded. Thu Mar 3 12:03:14 PST 2005 0.996 - Improved autoconf portability - Added a safeguard to require the fallback-reboot password to be at least 8 characters long - rc script moved from S11 to S22 - rc script knows to remove /.fallback-reboot-passwd if it is 0 length, and doesn't attempt to run fallback-reboot - rc script attempts to set a $PATH that is likely to include python Mon Feb 21 17:19:50 PST 2005 0.995 - Continuing to look for opportunities to gain experience with the program. {Un,}[Ff]ortunately, our systems are proving too reliable. :) - Since SHA-1 has been broken (number of rounds reduced significantly), I've modified both fallback-reboot.c and fallback-reboot-client to use RIPEMD-160 instead of SHA-1. However, the new client can still use SHA-1 if it encounters an old, SHA-1 based daemon. - This did not change the dependencies significantly for the daemon, fallback-reboot.c. However, the dependencies for the client, fallback-reboot-client, did change quite a bit. - fallback-reboot-client now attempts to use the python "M2Crypto" module, which ships with Fedora Core 3, but not Redhat Enterprise Linux 3 or Solaris 9, and I have my doubts as to whether it will ship with Redhat Enterprise Linux 4. Alternatively, if python cannot import the M2Crypto module, it will attempt to use a bidirectional pipe to the openssl program - this has been tested on Redhat Enterprise 3 and Solaris 9. - Added "DEBUG2" preprocessor symbol. Off by default. It makes fallback-reboot (the daemon) as verbose as it used to be. However, definining this symbol appears to cause problems if the daemon is not on a tty. This actually fixes a DOS attack that would cause the fallback-reboot daemon to exit, rendering the service unusable. Thu Feb 3 17:36:03 PST 2005 0.99 - Fixed accept() to loop if it gets an error, say due to a signal to reread /.fallback-reboot-passwd Thu Feb 3 10:13:49 PST 2005 0.98 - Use $prefix/sbin, not $prefix/bin - Removed umask change from "make install" rule, since the password is no longer compiled into the executable - Added file "Porting" - Added "make uci-install" target to the Makefile - Added comment about collecting the passwords somewhere to the README, so that you have then when you actually need them :) - "make web" uses gzip -9 now Thu Feb 3 08:23:00 PST 2005 0.97 - fallback-reboot daemon rereads /.fallback-reboot-passwd if it receives a SIGUSR1 signal - "make install" no longer creates /.fallback-reboot-passwd. Instead, that is up the rc script, S11fallback-reboot Wed Feb 2 21:38:51 PST 2005 o.96: - S11fallback-reboot respects --prefix now, and is generated from S11fallback-reboot.in - S11fallback-reboot generates /.fallback-reboot-passwd if it does not yet exist - fallback-rewboot daemon uses SO_REUSEADDR - "make install" removes the previous binary to avoid Text File Busy errors - "make clean" also removes S11fallback-reboot Thu Jan 20 15:10:15 PST 2005 0.95: - password goes in /.fallback-reboot-passwd now, instead of being compiled into the binary. The password is read in at IPL, prior to mlockall(); we do -not- wait until it's needed. - gen-pas is installed next to fallback-reboot, in case you want to change your password later, to something equally random. In theory, you should still be able to use a more human-readable password, but I haven't tested that. - configure groks --prefix now. - replaced the search for -lssl with a search for -lcrypto - apparently some versions of openssl put what we need in a different library. So far, -lcrypto has worked more often than -lssl, depending on what symbols are present in which. - added "make pristine" target, to blow away autoconf side effects. "make web" uses it. - $CC is no longer hardcoded to gcc. - Added a "Prerequisites" file, including info about openssl version and python version. - fixed a bug in gen-pas on systems that use prngd instead of /dev/random or /dev/urandom. Also added stderr descriptions on how high quality the entropy for the password is in gen-pas. Sun Jan 16 17:57:52 PST 2005 0.9: - gen-pas generates a 16 byte (32 character) hexadecimal string now, instead of something shorter in base 62 - fallback-reboot now can do both cleartext and cryptographic authentication - one or the other, but not both. That is, the version you compile will use crypto if it can find openssl, and cleartext if it cannot. - added "fallback-reboot-client", a small python script that communicates with fallback-reboot, so we don't have to use telnet anymore, and the password isn't echo'd on the screen anymore. :) - fallback-reboot is partially autoconf'd - mostly just for detecting openssl. The various means of performing reboots may be autoconf'd later as well. Reboot methods are still #ifdef'd, and that only for Linux and Solaris. Sorry 'bout that. :) - fallback-reboot-client uses my "bufsock.py" module. "make install" attempts to put it in /usr/lib/python/site-packages, and failing that, puts it in $HOME/lib. There's likely a better way. 0.7: Added some additional preprocessor symbols for detecting linux Added an rc script 0.6: Added support for Solaris 8. 0.5: First public release. Linux only.