2001/01/31	== Released 0.9.3 ==

2001/01/31
- Bugfix: in debug mode, prngd could crash with "segmentation violation".
	  When printing the argument list of an external gatherer command,
	  the list of arguments is checked for NULL, but the printout was
	  not terminated after finding NULL and later pointers where not
	  initialized.
	  -> initialize all pointers to NULL _and_ stop printing when finding
	     the first NULL pointer.
  (Reported by Ayamura KIKUCHI <ayamura@ayamura.org>.)
  This bug was introduced with printing the gatherer commands in 0.3.2.

2001/01/30
- New function close_on_exec() and make use of it :-)
  When fork()ing and then exec()ing the external gatherer processes,
  file descriptors were leaked to the external gatherers -> fixed.
  (Suggested by Theo De Raadt <deraadt@cvs.openbsd.org>.)
- Add file prngd_version.h with version information. New command line switch
  -v/--version to print version and exit.


2001/01/30	== Released 0.9.2 ==

2001/01/29
- Patches to clean UNIXWARE 7 support from John Hughes <john@Calva.COM>.
- Fix wrong preprocessor statement for AIX43 (John Hughes <john@Calva.COM>).
- Patches for NeXTStep 3 on HPPA from Jacques Distler
  <distler@golem.ph.utexas.edu>.

2001/01/24
- Exchanged several emails with Theo De Raadt <deraadt@cvs.openbsd.org>
  (OpenSSH/OpenBSD) about integrating prngd into OpenSSH -> will probably
  happen.
- Received several hints from Theo De Raadt with improvements and bug fixes
  especially but not only for signal handling. It will take some days to
  work in his comments, the more as my time is actually very limited until
  next week:
  * Clean up signal handling (do not use stdio functions in signal handlers
    and other items).
  * Check out handling of select() when more connections than FD_SETSIZE
    are open.
  * Use setrlimit(), setpriority() to restrict child processes in their
    resource usage.
  * Some points more...

2001/01/22	== Released 0.9.1 ==

2001/01/22
- Add prngd.conf-aix43 and Makefile + config.h entry for AIX 4.3 contributed by
  "Joerg Petersen" <j.petersen@msh.de>.

2001/01/18	== Released 0.9.0 ==
* Remark:
  This version now includes its own PRNG (pseudo random number generator)
  and can do more or less everything I expect it to do :-)
  There are only few things open (like choosing the pool_size at startup
  instead of compilation time), so I call this release 0.9.x as being near
  to the 1.0.0 release...

2001/01/18
- Replace "8" with BITS_PER_BYTE which is better understandable :-)
- memset() to 0 the buffer of returned entropy once the data is delivered
  to the recipient. (If somebody can access the memory or a core dump he
  will not find traces left.)
- Remove the use of the OpenSSL PRNG and include my own PRNG, which is
  inspired by my experiences with the OpenSSL version and the quite interesting
  paper (see reference in rand.c) by Peter Gutmann.
  (This is a small entry in ChangeLog but a severe change in the code :-).

2001/01/17	== Released 0.3.2 ==

2001/01/17
- Make options consistent. All options now have a short and a long version:
  -k = --kill, -c = --cmdfile, -s = --seedfile, -d = --debug.
- New option "-n = --no-seedfile" to allow running without seedfile. No
  file is read on startup, no data is written back. PRNGD only runs on
  its gatherers. Make sure to have enough gatherers configured.
- Make sure gatherers are run continously until enough entropy was returned.
  Default threshold is 4 times the ENTROPY_NEEDED.
  (Actually, this will only make complete sense in the upcoming new version
  0.9.0(?) with its own built-in PRNG and a entropy add/query entropy
  counter. For now it assures, that we do not solely rely on entropy read
  back from file but force new gathering until enough seed was collected
  to fire up the OpenSSL internal PRNG.)
- Be more informative in debug mode: not only tell that a gatherer was
  spawned, also inform about the gatherer process (name and arguments).
- prngd.conf.hpux-10: Do not "tail" a directory. This should have been the
  file /var/adm/syslog/mail.log (the /mail.log was missing...).
- Cleaned inclusion of sys/socket.h vs. conditional SHUT_RDWR definition in 
  "config.h":
  * always include config.h from prngd.h, no additional need to include it
    seperatly any longer.
  * make sure that prngd.h includes <sys/socket.h>, so that SHUT_RDWR is
    defined before "config.h" defines it, if missing.

2001/01/16
- bsd-daemon.c (as of openssh) did not use ANSI C function definition but the
  old k&r style. prngd.h with the prototype for daemon() was not included
  in bsd-daemon.c.

2001/01/16	== Released 0.3.1 ==

2001/01/16
- No further input about the UNIXWARE 7 problem from George Walsh (after
  sending him the 2001/01/13 pre-release). Add remark about "bind(): invalid
  argument" problem to 00README and release 0.3.1 because of the other changes
  and bugfixes.

2001/01/13
- Finished cleanup of the prngd startup code. The check for the properties of
  the socket-to-be (or the socket of the daemon-to-be-killed) in the filesystem
  and for daemons running on it is now intregrated and consistent.

2001/01/12
- Before calling bind(), shutdown() the socket used for testing for an
  already running daemon. Recreate the socket and the sockaddr_un structure.
- Bugreport from James Bourne <jbourne@MtRoyal.AB.CA>:
  * When using --kill mode, the prngd command does not finish correctly
    when no daemon is listening on a socket listed.
  This bug was introduced in the 0.3.0 of prngd. Prngd now supports killing
  several daemons in a loop. When no daemon is listening, prngd will now
  "continue" to the next socket listed. After the loop has finished, prngd
  is now cleanly terminated.

2001/01/11
- Moved NEXTSTEP3 special handling into config.h.
- Added changes for UNIXWARE 7 as supplied by
    George Walsh <gjmwalsh@netscape.net>
  There is an open issue with PRNGD not working: when bind() is called,
  it failes with EINVAL. The manual page states that this is either
  caused by an invalid size given in the namelen parameter given to bind
  (unlikely) or caused by the address (file system entry) already being
  available (more likely). If the last reason is true, the remove() to
  free up the space in the file system did fail; I did not check the reason
  until now, since there is nothing PRNGD can do in this case anyway.
- Added more precise checking on the socket to be created on startup.
  * If the location in the filesystem cannot be reached via stat(), do not
    continue.
  * If the location of the socket is currently used by anything else then
    an unused socket (e.g. a regular file or directory), don't touch it.
  * Only then remove the (unused) socket to make place for the new one to
    be created.

2001/01/04
- Changed all places containing "1024" for the pool size of the OpenSSL PRNG
  to use the new macro PRNGD_STATE_SIZE instead.
- Changed location of "-I." preprocessor flag from the system definitions to
  a common place (must be there on all platforms anyway). Renamed DEFINES
  to DEFS to be more compatible with what autoconf ones expects to find!

2000/12/27	== Released 0.3.0 ==

2000/12/27
- Bugfix: when a gatherer process (child) is finished, status information was
  added to the pool from the signal handling subroutined. This interrupt driven
  adding could interfere with another rand_add() operation currently active.
  * There is a small loss of entropy as collected random bits may be
    overwritten. The percentage of loss is however very small and is not
    a problem by itself. (The user being affected reported around one failure
    every other day, so the percentage is extremely small).
  * This bug can however trigger an "assert()" call from
     openssl/crypto/rand/md_rand.c:ssleay_rand_add()
    when not compiled with "thread" support. This results in an abort() and
    failure of PRNGD.
    When compiled with thread support, the assert() condition is not tested,
    so the problem simply goes by unnoted! All platforms I have been testing
    on before had thread support enabled, TRU64 was the first one to trigger
    this problem.
  * Problem reported including the backtrace needed to finally track this
    bug down by James Bourne <jbourne@mtroyal.ab.ca>.

2000/12/26
- Allow to serve more than one socket: prngd now understands several sockets
  given on the command line. All are fed from the same pool. This allows e.g.
  to have a socket inside a chroot jail and one outside without running two
  distinct processes.
  When more than one socket is given to the kill option, all sockets are
  tried but no abort appears on failure (in case one might try to kill the
  same daemon via several sockets, already the first one should succeed and
  the other sockets should fail).

2000/12/06	== Released 0.2.6 ==

2000/12/06
- Compiler options were not consistent, some platforms had "-g" for debugging,
  some "-O" for optimization. Now use "optimized, no debugging support" for
  all platforms as default.
- Added a 00DESIGN document explaining roughly the idea behind PRNGD.

2000/12/05
- Support for Tru64 UNIX provided by James Bourne <jbourne@mtroyal.ab.ca>
  * configuration file for Tru64
  * defines for Tru64 in config.h
  * Makefile Changes for Tru64

2000/09/20	== Released 0.2.5 ==

2000/09/20
- PRNGD did not compile on NeXTstep, since I moved around the items Michael
  Weiser sent and broke it during the operation.
  Don't declare system functions in config.h, rather include the correct
  libc.h in the source files instead.
- Fixed too high entropy estimates for NeXTstep and IRIX (Michael Weiser).

2000/09/19	== Released 0.2.4 ==

2000/09/19
- PRNGD entropy command files and config.h/Makefile additions for NeXTstep 3
  and IRIX 6.5 have been provided by Michael Weiser
  <michael@weiser.saale-net.de>:
  * Gathering commands are in prngd.conf.nextstep-33 and prngd.conf.irix-65.
  * On NeXTstep, sizeof is long int, so printf() statements must e %ld.

2000/08/15	== Released 0.2.3 ==

2000/08/15
- Changed rand_bytes, so that whenever entropy is requested, the complete
  entropy pool is completely mixed one time and the read-pointer is moved
  to an "arbitrary" position. The data obtained during these operations is
  discarded.
  By perfoming these operations, somebody trying to guess the pool state from
  consequtively retrieving random bytes forces a stronger oposition :-)

2000/08/08	== Released 0.2.2 ==

2000/08/08
- Checked in final open issues from Louis LeBlanc <leblanc@mirror-image.com>:
  * Gathering commands are in prngd.conf.solaris-26
  * On Solaris pid_t is long int, so printf() statements must be %ld.
  * Make gcc shut up about variables that "might be used uninitialized in this
    function".

2000/08/04	== Released 0.2.1 ==

2000/08/04
- Another bug popped up for Louis LeBlanc <leblanc@mirror-image.com>.
  Now the segmentation fault is fixed, but the problematic gatherer
  is called again and again and again, because the step to the next
  gatherer is only performed for normal close. Fixed.
  * I never experienced unclean shutdown, so this went by rather badly
    tested.

2000/08/04	== Released 0.2.0 ==

2000/08/03
- Received report from Louis LeBlanc <leblanc@mirror-image.com> with some
  porting hints for Solaris 2.6:
- Added a typecast to (struct sockaddr *) in serverloop.c for accept().
- On Solaris pid_t is long (HP-UX is int32_t, Linux 2.2 is int). Hence
  for Solaris, I would need the %ld format for printout. I am not sure
  on how to deal with this in a portable manner.
- Louis LeBlanc also reports about a Segmentation Fault he gets. I cannot
  reproduce this on HP-UX or Linux, my PRNGDs are up and running since
  2000/07/03... Have to wait for more input from Louis LeBlanc.
  * Just received a line number: At this place the FD_SET rfds is checked
    against gather_fd. It is possible that gather_fd was just set to -1
    and this was not caught. Fixed.
- Fixed a bug in the initial seeding: Actually when starting up, PRNGD
  should have called all gatherers once to get initial seeding. Unfortunately
  the check was missing so gatherers were called as in normal operation.
- Made startup behaviour more consistent: When no entropy is available
  in the seed-save file, don't bail out but continue running. Our job _is_
  to collect entropy.

2000/07/21
- Received compiler flags for Solaris 7 compilation with gcc from
  Phil Howard <phil-openssh-unix-dev@ipal.net>.

2000/07/03	== Released 0.1.0 ==
