"Fossies" - the Fresh Open Source Software Archive

Member "libksba-1.5.0/NEWS" (18 Nov 2020, 18061 Bytes) of package /linux/privat/libksba-1.5.0.tar.bz2:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "NEWS": 1.4.0_vs_1.5.0.

    1 Noteworthy changes in version 1.5.0 (2020-11-18) [C21/A13/R0]
    2 ------------------------------------------------
    3 
    4  * ksba_cms_identify now identifies OpenPGP keyblock content.
    5 
    6  * Supports TR-03111 plain format ECDSA signature verification.
    7 
    8  * Fixes a CMS signed data parser bug exhibited by a somewhat strange
    9    CMS message.  [b6438e768c]
   10 
   11  * Interface changes relative to the 1.4.0 release:
   12    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   13    KSBA_CT_OPENPGP_KEYBLOCK         NEW.
   14 
   15  Release-info: https://dev.gnupg.org/T5146
   16 
   17 
   18 Noteworthy changes in version 1.4.0 (2020-05-19) [C20/A12/R0]
   19 ------------------------------------------------
   20 
   21  * Supports ECDSA and EdDSA certificate creation and parsing.  [#4896]
   22 
   23  * Supports ECDH enveloped data.  [#4920]
   24 
   25  * Supports ECDSA and EdDSA signed data.  [#4920]
   26 
   27  * Supports rsaPSS signature verification.  [#4538]
   28 
   29  * Supports standard file descriptors in ksba_reader_read. [#3072]
   30 
   31  * New configure flag --disable-doc.
   32 
   33  * Improves supports for reproducible builds.  [#4801]
   34 
   35  * Allows for optional elements in keyinfo objects.  [#4892]
   36 
   37  * Updates the config and M4 scripts to the latest version.
   38 
   39  * Fixes error detection in the CMS parser.  [#4207]
   40 
   41  * Fixes memory leak in ksba_cms_identify.
   42 
   43  * Fixes build warnings on macOS.  [#2910]
   44 
   45  * Uses --disable-new-dtags if LD_LIBRARY_PATH is defined.  [#4298]
   46 
   47  * New constants KSBA_VERSION and KSBA_VERSION_NUMBER.
   48 
   49  * New API to make creation of DER objects easy.
   50 
   51  * Interface changes relative to the 1.3.5 release:
   52  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   53  KSBA_VERSION                     NEW.
   54  KSBA_VERSION_NUMBER              NEW.
   55  KSBA_CT_SPC_IND_DATA_CTX         NEW.
   56  KSBA_CLASS_*                     NEW.
   57  KSBA_TYPE_*                      NEW.
   58  ksba_der_t                       NEW.
   59  ksba_der_release                 NEW.
   60  ksba_der_builder_new             NEW.
   61  ksba_der_builder_reset           NEW.
   62  ksba_der_add_ptr                 NEW.
   63  ksba_der_add_val                 NEW.
   64  ksba_der_add_int                 NEW.
   65  ksba_der_add_oid                 NEW.
   66  ksba_der_add_bts                 NEW.
   67  ksba_der_add_der                 NEW.
   68  ksba_der_add_tag                 NEW.
   69  ksba_der_add_end                 NEW.
   70  ksba_der_builder_get             NEW.
   71 
   72  Release-info: https://dev.gnupg.org/T4943
   73 
   74 
   75 Noteworthy changes in version 1.3.5 (2016-08-22) [C19/A11/R6]
   76 ------------------------------------------------
   77 
   78  * Limit the allowed size of complex ASN.1 objects (e.g. certificates)
   79    to 16MiB.
   80 
   81  * Avoid read access to unitialized memory.
   82 
   83  * Improve detection of invalid RDNs.
   84 
   85  * Encode the OCSP nonce value as an octet string as described by
   86    RFC-6960.
   87 
   88 
   89 Noteworthy changes in version 1.3.4 (2016-05-03) [C19/A11/R5]
   90 ------------------------------------------------
   91 
   92  * Fixed two OOB read access bugs which could be used to force a DoS.
   93 
   94  * Fixed a crash due to faulty curve OID lookup code.
   95 
   96  * Synced the list of supported curves with those of Libgcrypt.
   97 
   98  * New configure option --enable-build-timestamp; a build timestamp is
   99    not anymore used by default.
  100 
  101 
  102 Noteworthy changes in version 1.3.3 (2015-04-10) [C19/A11/R4]
  103 ------------------------------------------------
  104 
  105  * Fixed an integer overflow in the DN decoder.
  106 
  107  * Now returns an error instead of terminating the process for certain
  108    bad BER encodings.
  109 
  110  * Improved the parsing of utf-8 strings in DNs.
  111 
  112  * Allow building with newer versions of Bison.
  113 
  114  * Improvement building on Windows with newer versions of Mingw.
  115 
  116 
  117 Noteworthy changes in version 1.3.2 (2014-11-25) [C19/A11/R3]
  118 ------------------------------------------------
  119 
  120  * Fixed a buffer overflow in ksba_oid_to_str. [CVE-2014-9087]
  121 
  122 
  123 Noteworthy changes in version 1.3.1 (2014-09-18)
  124 ------------------------------------------------
  125 
  126  * Fixed memory leak in CRL parsing.
  127 
  128  * Build fixes for Windows, Android, and ppc64el.
  129 
  130 
  131 Noteworthy changes in version 1.3.0 (2012-09-27)
  132 ------------------------------------------------
  133 
  134  * Changed the license of the library from GPLv3 to LGPLv3/GPLv2; see
  135    the file AUTHORS for details.
  136 
  137  * Minor bug fixes.
  138 
  139 
  140 Noteworthy changes in version 1.2.0 (2011-03-01)
  141 ------------------------------------------------
  142 
  143  * New functions to allow the creation of X.509 certificates.
  144 
  145  * Interface changes relative to the 1.1.0 release:
  146  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  147  ksba_certreq_set_serial          NEW.
  148  ksba_certreq_set_issuer          NEW.
  149  ksba_certreq_set_validity        NEW.
  150  ksba_certreq_set_siginfo         NEW.
  151 
  152 
  153 Noteworthy changes in version 1.1.0 (2010-10-26)
  154 ------------------------------------------------
  155 
  156  * New functions to fix a leak in dirmngr.
  157 
  158  * Interface changes relative to the 1.0.0 release:
  159  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  160  ksba_reader_set_release_notify   NEW
  161  ksba_writer_set_release_notify   NEW
  162 
  163 
  164 Noteworthy changes in version 1.0.8 (2010-07-15)
  165 ------------------------------------------------
  166 
  167  * Support for WindowsCE.
  168 
  169  * Builds cleanly from SVN even when cross-compiling.
  170 
  171  * Fixed a CMS parsing bug exhibited by Lotus Notes.
  172 
  173 
  174 Noteworthy changes in version 1.0.7 (2009-07-03)
  175 ------------------------------------------------
  176 
  177  * Detect overflow while parsing OIDs.  Map BER encoded OIDs to well
  178    known names.
  179 
  180  * Allow mixed case names in DNs.
  181 
  182 
  183 Noteworthy changes in version 1.0.6 (2009-06-05)
  184 ------------------------------------------------
  185 
  186  * Support SHA-{384,512} based signature generation.
  187 
  188  * The RSA algorithmIdentifier ASN.1 sequence is now emitted with an
  189    explicit NULL parameter.  Despite the interop testing we did in the
  190    past, some software still requires this and thus we better follow
  191    the best current practise.
  192 
  193 
  194 Noteworthy changes in version 1.0.5 (2009-01-09)
  195 ------------------------------------------------
  196 
  197  * Minor bug fixes.
  198 
  199 
  200 Noteworthy changes in version 1.0.4 (2008-09-22)
  201 ------------------------------------------------
  202 
  203  * Write smimeCapabilities according to RFC3851 to help Mozilla.
  204 
  205  * Support DSA.
  206 
  207  * The visibility attribute is now used if supported by the toolchain.
  208 
  209 
  210 Noteworthy changes in version 1.0.3 (2008-02-12)
  211 ------------------------------------------------
  212 
  213  * Minor bug fixes.
  214 
  215  * Include the used hash algorithm in sig-val structures.
  216 
  217  * Fix for unknown tags in issuerAltName and subjectAltName.
  218 
  219 
  220 Noteworthy changes in version 1.0.2 (2007-07-04)
  221 ------------------------------------------------
  222 
  223  * Support for SHA-2.
  224 
  225  * Fixed a couple of memory leaks.
  226 
  227  * Experimental support for ECDSA.
  228 
  229  * Minor portability fixes.
  230 
  231  * Switched to GPLv3.
  232 
  233 
  234 Noteworthy changes in version 1.0.1 (2006-11-29)
  235 ------------------------------------------------
  236 
  237  * Fixes for certificates lacking certain objects.
  238 
  239  * Fixes to allow building on systems with a broken ar.
  240 
  241 
  242 Noteworthy changes in version 1.0.0 (2006-08-31)
  243 ------------------------------------------------
  244 
  245  * OCSP nonces are now checked to detect replay attacks.
  246 
  247  * OCSP extensions may no be retrieved.
  248 
  249  * Implemented ksba_ocsp_get_responder_id which used to always return
  250    an error code not_implemented.  Thus we can assume that the
  251    function has never been used and we don't need to see this as an
  252    API break.
  253 
  254  * Interface changes relative to the 0.9.16 release:
  255  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  256  ksba_ocsp_get_extension        NEW
  257  ksba_ocsp_get_responder_id     CHANGED: No ABI break.
  258 
  259 
  260 Noteworthy changes in version 0.9.16 (2006-08-01)
  261 -------------------------------------------------
  262 
  263  * Fixed a character set conversion bug in BMPStrings.
  264 
  265  * New function for better error reporting of DNs.
  266 
  267  * Interface changes relative to the 0.9.13 release:
  268  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  269  ksba_dn_teststr                NEW
  270  ksba_dn_str2der                NEW
  271  ksba_dn_der2str                NEW
  272 
  273 
  274 Noteworthy changes in version 0.9.15 (2006-06-20)
  275 -------------------------------------------------
  276 
  277  * Fixed BER parser which was broken in the last release.
  278 
  279 
  280 Noteworthy changes in version 0.9.14 (2006-05-16)
  281 -------------------------------------------------
  282 
  283  * Fixed broken OCSP requests.
  284 
  285  * Ignore invalid bytes appended to a certificate.
  286 
  287 
  288 Noteworthy changes in version 0.9.13 (2005-11-24)
  289 -------------------------------------------------
  290 
  291  * New functions to associate user data with a certificate object.
  292 
  293  * Interface changes relative to the 0.9.12 release:
  294  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  295  ksba_cert_set_user_data        NEW
  296  ksba_cert_get_user_data        NEW
  297 
  298 
  299 Noteworthy changes in version 0.9.12 (2005-08-01)
  300 -------------------------------------------------
  301 
  302  * GeneralNames types dNSName and Uri are now supported.
  303 
  304  * Minor changes to some function declarations.  This should not
  305    affect any compilation.
  306 
  307  * Interface changes relative to the 0.9.7 release:
  308  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  309  ksba_certreq_add_extension     CHANGED: Argument DER is now a void*.
  310  ksba_cms_set_content_enc_algo  CHANGED: Argument IV is now void*.
  311  ksba_cms_get_content_enc_iv    CHANGED: Argument IV is now void*.
  312  ksba_cms_set_message_digest    CHANGED: Argument DIGEST is now
  313                                          unsigned char*.
  314 
  315 
  316 Noteworthy changes in version 0.9.11 (2005-04-20)
  317 -------------------------------------------------
  318 
  319  * New convenience API function for the subjectKeyIdentifier.
  320 
  321  * Implemented the keyIdentifier part for authorityKeyIdentifier of
  322    CRLs and certificates.
  323 
  324  * Reason codes for CRL items are now returned.
  325 
  326  * Interface changes relative to the 0.9.7 release:
  327 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  328 ksba_cert_get_subj_key_id            NEW.
  329 
  330 
  331 Noteworthy changes in version 0.9.10 (2004-12-03)
  332 -------------------------------------------------
  333 
  334  * Fixed a CMS parsing bug.
  335 
  336 
  337 Noteworthy changes in version 0.9.9 (2004-09-27)
  338 ------------------------------------------------
  339 
  340  * Fixed a couple of bugs which caused parsing errors with some
  341    certificates.
  342 
  343 
  344 Noteworthy changes in version 0.9.8 (2004-07-22)
  345 ------------------------------------------------
  346 
  347  * Fixed a bug in the OCSP request generation.
  348 
  349 
  350 Noteworthy changes in version 0.9.7 (2004-06-08)
  351 ------------------------------------------------
  352 
  353  * New API function to add arbitrary extensions to pkcs#10 requests.
  354 
  355  * Interface changes relative to the 0.9.6 release:
  356 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  357 ksba_certreq_add_extension           NEW.
  358 
  359 
  360 Noteworthy changes in version 0.9.6 (2004-04-29)
  361 ------------------------------------------------
  362 
  363  * New API functions to support v2 CRLs.
  364 
  365  * Interface changes relative to the 0.9.5 release:
  366 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  367 ksba_crl_get_extension               NEW.
  368 ksba_crl_get_auth_key_id             NEW.
  369 ksba_crl_get_crl_number              NEW.
  370 
  371 Noteworthy changes in version 0.9.5 (2004-04-06)
  372 ------------------------------------------------
  373 
  374  * New APIs to get hands on some more information.
  375 
  376  * Interface changes relative to the 0.9.4 release:
  377 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  378 ksba_ocsp_get_responder_id           NEW.
  379 ksba_ocsp_get_cert                   NEW.
  380 ksba_cert_get_authority_info_access  NEW.
  381 ksba_cert_get_subject_info_access    NEW.
  382 ksba_cms_add_smime_capability        NEW.
  383 
  384 
  385 Noteworthy changes in version 0.9.4 (2004-02-20)
  386 ------------------------------------------------
  387 
  388  * Support for Extended Key Usage.
  389 
  390  * ksba_cms_identify may no return a pseudo content type for pkcs#12
  391    files.
  392 
  393  * Interface changes relative to the 0.9.3 release:
  394 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  395 ksba_reader_clear             NEW.
  396 ksba_cert_get_ext_key_usages  NEW.
  397 KSBA_CT_PKCS12                NEW.
  398 
  399 
  400 Noteworthy changes in version 0.9.3 (2004-01-30)
  401 ------------------------------------------------
  402 
  403  * Fixed a serious bug shortly after the last release :-(.
  404 
  405 
  406 Noteworthy changes in version 0.9.2 (2004-01-29)
  407 ------------------------------------------------
  408 
  409  * Cleaned up the DN label table.
  410 
  411  * Fixed a bug in creating CMS signed data.
  412 
  413 
  414 Noteworthy changes in version 0.9.1 (2003-12-19)
  415 ------------------------------------------------
  416 
  417  * Support for OCSP (rfc2560).
  418 
  419  * The new function ksba_set_hash_buffer_function may be used during
  420    intialization to register a simple hash fucntion for internal use
  421    by libksba.
  422 
  423  * Changed the license of the manual to GPL.
  424 
  425  * Interface changes relative to the 0.9.0 release:
  426 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  427 ksba_status_t                 NEW.
  428 ksba_ocsp_t                   NEW.
  429 ksba_ocsp_response_status_t   NEW.
  430 ksba_ocsp_new                 NEW.
  431 void ksba_ocsp_release        NEW.
  432 ksba_ocsp_set_digest_algo     NEW.
  433 ksba_ocsp_set_requestor       NEW.
  434 ksba_ocsp_add_target          NEW.
  435 ksba_ocsp_set_nonce           NEW.
  436 ksba_ocsp_prepare_request     NEW.
  437 ksba_ocsp_hash_request        NEW.
  438 ksba_ocsp_set_sig_val         NEW.
  439 ksba_ocsp_add_cert            NEW.
  440 ksba_ocsp_build_request       NEW.
  441 ksba_ocsp_parse_response      NEW.
  442 ksba_ocsp_get_digest_algo     NEW.
  443 ksba_ocsp_hash_respons        NEW.
  444 ksba_ocsp_get_sig_val         NEW.
  445 ksba_ocsp_get_status          NEW.
  446 ksba_set_hash_buffer_function NEW.
  447 
  448 
  449 Noteworthy changes in version 0.9.0 (2003-11-17)
  450 ------------------------------------------------
  451 
  452  * The time is not any longer described by time_t but through the new
  453    type ksba_isotime_t which is string of excactly 15 characters in
  454    ISO 8601 format (e.g. "19611107T152010") and always stored as
  455    UTC. This is to allow representation of dates beyond the year 2038.
  456    Comparing is a mere strcmp.
  457 
  458  * All type names are nom conforming to the GNU coding standards, the
  459    old names are still available as aliases but flagged as deprecated.
  460 
  461  * All error codes have been replaced by libgpg-error ones.  Libksba
  462    now depends on this package.  Remember to use the gpg_err_code
  463    function when testing for error values other than success.
  464 
  465  * Interface changes relative to the 0.4.7 release:
  466 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  467 ksba_cert_get_validity     CHANGED: Uses ksba_isotime_t instead of time_t.
  468 ksba_crl_get_update_times  CHANGED: Uses ksba_isotime_t instead of time_t.
  469 ksba_crl_get_item          CHANGED: Uses ksba_isotime_t instead of time_t.
  470 ksba_cms_get_signing_time  CHANGED: Uses ksba_isotime_t instead of time_t.
  471 ksba_cms_set_signing_time  CHANGED: Uses ksba_isotime_t instead of time_t.
  472 ksba_cert_new              CHANGED: Returns an error code now.
  473 ksba_cms_new               CHANGED: Returns an error code now.
  474 ksba_name_new              CHANGED: Returns an error code now.
  475 ksba_writer_new            CHANGED: Returns an error code now.
  476 ksba_reader_new            CHANGED: Returns an error code now.
  477 ksba_certreq_new           CHANGED: Returns an error code now.
  478 ksba_crl_new               CHANGED: Returns an error code now.
  479 ksba_isotime_t             NEW.
  480 ksba_error_t               NEW: Should be used instead of KsbaError.
  481 ksba_cert_t                NEW: Should be used instead of KsbaCert.
  482 ksba_certreq_t             NEW: Should be used instead of KsbaCertreq.
  483 ksba_cms_t                 NEW: Should be used instead of KsbaCMS.
  484 ksba_crl_t                 NEW: Should be used instead of KsbaCRL.
  485 ksba_name_t                NEW: Should be used instead of KsbaName.
  486 ksba_sexp_t                NEW: Should be used instead of KsbaSexp.
  487 ksba_reader_t              NEW: Should be used instead of KsbaReader.
  488 ksba_writer_t              NEW: Should be used instead of KsbaWriter.
  489 ksba_strerror              REMOVED: use gpg_strerror instead.
  490 
  491 Noteworthy changes in version 0.4.7 (2003-03-17)
  492 ------------------------------------------------
  493 
  494  * Fixed type detection in creating DNs.
  495 
  496 
  497 Noteworthy changes in version 0.4.6 (2002-12-04)
  498 ------------------------------------------------
  499 
  500  * DNs in pkcs#10 request are now created in reversed order as
  501    specified by rfc2253.
  502 
  503  * The content-type signed attribute is created.
  504 
  505  * Fixed a parser bug with a id-aa-encrypKeyPref attribute.
  506 
  507  * Interface changes relative to the 0.4.3 release:
  508 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  509 ksba_cms_get_sigattr_oids        NEW
  510 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  511 
  512 Noteworthy changes in version 0.4.5 (2002-08-23)
  513 ------------------------------------------------
  514 
  515  * Removed some debugging output.
  516 
  517  * Added an autoconf macro.
  518 
  519 
  520 Noteworthy changes in version 0.4.4 (2002-08-09)
  521 ------------------------------------------------
  522 
  523  * Multiple signatures can now be created and parsed.
  524 
  525 
  526 Noteworthy changes in version 0.4.3 (2002-06-25)
  527 ------------------------------------------------
  528 
  529  * More bug fixes.
  530 
  531  * Interface changes relative to the 0.4.2 release:
  532 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  533 ksba_writer_write_octet_string   NEW
  534 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  535 
  536 Noteworthy changes in version 0.4.2 (2002-06-04)
  537 ------------------------------------------------
  538 
  539  * Some bug fixes and a new function.
  540 
  541  * Interface changes relative to the 0.4.1 release:
  542 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  543 ksba_cms_identify       NEW
  544 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  545 
  546 Noteworthy changes in version 0.4.1 (2002-05-03)
  547 ------------------------------------------------
  548 
  549  * Minor fixes.
  550 
  551 Noteworthy changes in version 0.4.0 (2002-04-15)
  552 ------------------------------------------------
  553 
  554  * Nearly all stuff needed for the Aegypten project is now in place.
  555 
  556 
  557  Copyright 2002, 2003, 2004, 2005, 2006, 2007, 2008,
  558            2009 g10 Code GmbH
  559 
  560  This file is free software; as a special exception the author gives
  561  unlimited permission to copy and/or distribute it, with or without
  562  modifications, as long as this notice is preserved.
  563 
  564  This file is distributed in the hope that it will be useful, but
  565  WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
  566  implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.