NEWS for 0.11

[libisds.git] / NEWS

Version 0.11
============

• This release is fully binary compatible with the previous one. However, API
and and ABI were augmented and thus the applications built against this
version won't run with previous versions of this library.

• A mobile key authentication is implemented with a new isds_login_mep()
function. If the function returns IE_PARTIAL_SUCCESS, an application should
periodically call it again until the server confirms a successful
authentication with IE_SUCCESS error code or raises an error with a different
code. This authentication method requires a distinct base URL. The
applications can use isds_mep_locator[] and isds_mep_testing_locator[]
constant strings.

• Preliminary manual pages are generated from DocBook sources at build time
if not disabled with --disable-doc configure option. Path to the required XSLT
style sheets can be adjusted with --with-docbook-xsl-stylesheets configure
option. Please note that the authoritative documentation is still the isds.h
header file.

• A new isds_get_box_state_history() function that implements
GetDataBoxActivityStatus service was added.

• isds_find_box_by_fulltext() function now supports searching for non-subsidiary
OVM boxes if DBTYPE_OVM_MAIN is passed as isds_DbType box_type argument. 

• isds_DbState enumeration type recognizes box state 6 as
DBSTATE_TEMP_UNACCESSIBLE_LAW. Although latest specification from 2016-04-10
declares all web services return value 2 instead of 6, it was reported the
value 6 was seen in the wild.

• This release adds new enum values to accommodate to changes in specification
published on 2017-03-05 and to changes in not yet released specification
update. Applications built against old library should be able to run against
the new library. Applications built against the new library must be run
against the new library.

• isds_UserType enum type has new USERTYPE_RECEIVER and USERTYPE_GUARDIAN
values.

• isds_DbType enum type has new DBTYPE_PFO_AUDITOR, DBTYPE_OVM_FO,
DBTYPE_OVM_PFO, and DBTYPE_OVM_PO values.

• This release adds a new enum value to isds_event_type type. Because the type
is used only on an output, the new library is fully compatible to the previous
one.

• Now isds_get_delivery_info() recognizes EV8 event (positive virus test) as
EVENT_UNDELIVERED_AV_CHECK value of isds_event_type enum type..

• If a new message was sent, publishing recipient identity controlled by
dmPublishOwnID member of the isds_envelope structure was not respected. This
bug is fixed now.

• Memory leaks in isds_envelope_free(), isds_get_commercial_credit(), and
isds_get_message_sender() were fixed.

• Logging binary blobs on debug level could read uninitialized memory on
platforms where size_t type is not compatible with int type. This is fixed
now.

• Compatibility with OpenSSL 1.1.0 was added.

• Compilation failed if libcurl support was disabled. This is fixed now.

• Dollar characters controlling argument orderding were removed from
printf-like formatting strings. They are not supported in mingw toolchain and
caused one-time password authentication failures on Windows platform.

• An indentation warning reported by GCC 6 was fixed.

• A compile time warning in on-line tests was fixed.

• Testing in environments without a UTF-8 locale does not fail anymore. 

• If GnuTLS and cURL support TLSv1.3, tests do not fail anymore.

• Tests do not fail if libgcrypt does not support MD5.

• Pregenerated certificates used for tests expired causing a test unit to
fail. This release updates the certificates.

Version 0.10
============

• A new ISDSSearch2 service was implemented by an isds_find_box_by_fulltext()
function.

• The OpenSSL library can be used instead of the default GPGme library by
specifying --enable-openssl-backend option to the configure script.

• When parsing ISO 8601 date-time strings from a server response, microsecond
fractions are properly rounded (half up) now.

• An use-after-free bug in parsing SOAP response has been fixed.

• Handling su_seconds_t type used in the timeval structure was corrected to
enable flawless compilation with Mac OS X standard library.

• Various signedness mismataches which could lead to an undefined behaviour
were fixed.

• A work-around for accessing the strdup(3) function in Mac OS X standard
library was applied.

Version 0.9
===========

• New functions isds_PersonName_free(), isds_BirthInfo_free(), and
isds_Address_free() have been added. Applications can use them for deallocating
isds_PersonName, isds_BirthInfo, and isds_Address structures.

• A memory leak in isds_DbOwnerInfo_free() has been fixed.

• A new glibc feature-macro _DEFAULT_SOURCE is used to silent warnings about
deprecated _SVID_SOURCE and _BSD_SOURCE macros. This is will be needed since
glibc-2.20 although current manual pages do not document this change.

• `template' identifier has been renamed in header files not to clash with C++
keywords.

• Global variable definitions have been moved from a private header file into
compilation units to satisfy strict OS X linker.

• This release is binary compatible with previous version 0.8. However
applications built against 0.9 are not guaranteed to work with 0.8.

• Documentation for GetDataBoxList SOAP service has been updated to align with
specification released on 2014-01-14.

• Internal test suite encountered many improvements (more return value checks,
NULL pointer dereference and memory leaks fixes, closing sockets fixed, some
code was simplified).

Version 0.8
===========

• New ISDS service DataBoxCreditInfo has been implemented as
isds_get_commercial_credit(). This allows to retrieve current credit amount
available to the box owner for commercial activities like sending commercial
messages or using long term storage. It also allows to obtain recent history
of credit changes.

• Preliminary support for building with MinGW tool-chain has been added. Not
all tests have been ported yet.

• The MIME type normalization is case insensitive now.

• Status codes 1007 and 2011 of CheckDataBox ISDS service, bad box ID, are
recognized now and reported to the application as IE_INVAL.

• This release is binary compatible with previous version 0.7. However
applications built against 0.8 are not guaranteed to work with 0.7.

• The build system, autotools and gettext scripts namely, has been updated.

• NULL pointer dereference while parsing second and next permissions for
sending commercial messages has been fixed in the
isds_get_commercial_permissions() function.

• Bad arguments handling at isds_get_message_sender() function that could lead
to crash has been fixed.

Version 0.7
===========

• New ISDS service Re-signISDSDocument has been implemented as
isds_resign_message() function. This can be used for adding time stamp to
already signed message or delivery details that had been produced without the
time stamp.

• TLS errors from cURL library are reported as IE_SECURITY to libisds
applications now. This is new isds_error value and it denotes any security
problem leading to abort of requested operation.

• This release is ABI-compatible with previous version 0.6. However
applications built against 0.7 are not guaranteed to work with 0.6.

• Internal test suite checks TLS authentication. GnuTLS is needed for
building tests now.

• Parsing dmRecipientOrgUnitNum value from message envelope has been fixed.

• A memory leak when using XPath has been fixed.

Version 0.6.2
=============

• Building tests out of source tree has been fixed.

Version 0.6.1
=============

• Missing test/simline/server_types.h files has been added into distribution
to fix test suite compilation.

Version 0.6
===========

• ABI changed due to changes in specification. Some functions got additional
parameters or return codes.

• One-time password (OTP) authentication implemented. There is a new argument
at isds_login() and isds_change_password() functions of type struct isds_otp*.
Pass NULL if do not request OTP authentication.  The structure is used to
select OTP method (HMAC- or time-based code), to pass the OTP code (use NULL
to ask server for new time-based code), and to retrieve fine state of OTP
authentication. The functions can return IE_PARTIAL_SUCCESS if time-based
method is selected and server sent the new OTP code successfully.
OTP-authenticated context resides on URL different from others (use NULL or
isds_otp_locator for official instance or isds_otp_testing_locator for testing
instance). You can try client/login tool to check OTP-authenticated log-in.
You can use client/hotp_generator tool to generate series of HMAC-based OTP
codes (requires Perl Authen::OATH module).  There is a bug in cURL < 7.28.0
preventing from correct re-authentication. If you have unpatched cURL,
configure libisds with `--enable-curlreauthorizationbug' option. (See INSTALL
for more details.)

• isds_change_password() has additional argument to retrieve reference number
of the request assigned by the server. Pass NULL if you do not care.

• Internal tests check log-in procedure against simulated ISDS server. You can
run the simulated server as standalone executable in test/simline/server_cli
to check another clients. The server implements besides authentication
DummyRequest, services for changing passwords and EraseMessage.

• New DeleteDataBoxPromptly service implemented as isds_delete_box_promptly().
(This service is not documented in the specification).

• New PDZInfo service implemented as isds_get_commercial_permissions(). This
service enables application to know whether it can send commercial messages,
which subtypes of commercial messages can send (there are differences on
payment type), and to retrieve tokens for sending such messages.

• New service EraseMessage implemented as isds_delete_message_from_storage().
This function can be used to delete messages stored in long term storage (also
known as safe previously). Only messages in the long term storage can be
explicitly deleted.

• New user types USERTYPE_LIQUIDATOR (company liquidator) and
USERTYPE_OFFICIAL_CERT (undocumented in specification) added.

• Return value of isds_normalize_mime_type() is pointer to constant string now
to discourage application from fiddling with the value.

• Autoconf m4 macros have been updated (curl-7.26.0, gettext-0.18.1.1,
gpgme-1.3.1, libgcrypt-1.5.0, libtool-2.4.2, libxml2-2.8.0).

Version 0.5
===========

• ABI changed due to changes in specification. API is preserved. Please
recompile your applications.

• This release has not been tested on real system because devoloper has not
obtained new testing account yet. But he believes library works. Testers are
welcome.

• Delivery events 5, 10, 11, 12, and 13 are recognized now.

• GetMessageAuthor service implemented as get_message_sender() function.

• New isds_envelope member `dmPublishOwnID' added. It allows sender to reveal
his natural name to recipient on sending a message.

• isds_GetDataBoxUsers() can return empty list of users now.

• New document types recognised. MIME types of Software602 forms have been
changed to reflect IANA registry.

• Credential for testing account removed from documentation and code. Owner of
ISDS removed all testing accounts, testers must request for new account and
must agree with new rules including keeping credentials in secret and
non-disclosuring found bugs in ISDS. Example clients and on-line tests read
credentials from environment and central file in build root direcotory. See
README for more details.

• Errors from libxml2 parser are captured by libisds log system as ILF_XML
facility and at ILL_ERROR level. Application can get them by standard library
interface.

• Library can be compiled without support for network operation by passing
`--without-libcurl' option to configure script. All functions dependent on
network remain available and will return IE_NOTSUP return code.

• Dead variables removed to pass compilation by GCC 4.6 in strict mode.

• Prepare test environment to pass without ~/.gnupg directory. Packagers can
remove the hack from their packages now.

Version 0.4
===========

• This version breaks ABI because of ISDS specification change. Please adapt
your application where affected functions are called.

• ABI change: isds_get_password_expiration() will return NULL if password never
expires. Adjust your application to cope with NULL pointer on IE_SUCCESS.

• ABI change: isds_add_box() has new credentials_delivery parameter to request
for on-line credentials delivery and to receive token for that.

• ABI change: isds_add_user() has new credentials_delivery parameter to
request for on-line credentials delivery and to receive token for that.

• ABI change: isds_reset_password() has different arguments to request for
on-line credentials delivery and to receive token for that.

• ABI change: deprecated functions isds_set_tls() and
isds_set_mime_type_normalization() removed. Use isds_set_opt() instead.

• SOAP Fault error message is passed to application via isds_long_message().

• New function isds_get_list_of_sent_message_state_changes() implements
GetMessageStateChanges service. It returns list of message status changes in
requested time interval.

• New function isds_get_box_list_archive() implements GetDataBoxList service.
It returns ZIP archive with comma separate list of boxes. Different types of
lists can be requested. Only type `UPG' is available to public.

• New function isds_activate() implements Activate service.

• New delivery state EV0 is recognized as EVENT_ENTERED_SYSTEM isds_event_type.

• `tsr' document name suffix is recognized as time stamp file type.

• New function isds_pki_credentials_free() to deallocate isds_pki_credentials
structure.

• ISO time string parser fixed (negative or no time zone offset).

• All tests can run in parallel now.

• Lot of internal tests added. Funny color output now.

Version 0.3.1
=============

• Add `server' directory to distribution tar balls because example messages
are needed for some tests.

Version 0.3
===========

• This library breaks API because of new features and changes in ISDS.

• This library version covers complete ISDS specification as released on
2010-05-23.

• Support for XML documents added. Use isds_document.is_xml to distinguish
between binary and XML document types. Because XML node list
(isds_document.xml_node_list) is used to describe XML document, your
application must link to libxml2 library too since now. Please note this
feature has not been heavily tested and that the interface is a little tricky
(regarding memory allocation). See client/sendxmldoc.c and
client/loadsentmessagewithxmldocuments.c examples for hints how to use it.

• Box creation (isds_add_box()) supports requesting for token. This
functionality is not covered by specification as it's not implemented on
server side yet.

• Message authenticity verification through new web service
AuthenticateMessage (isds_authenticate_message()) is supported. This function
sends a signed message encapsulated in CMS to ISDS where the system resolves
originality of the message.

• isds_envelope->dmType is input/output now. The one letter value is
transferred while sending new message. However ISDS ignores this option as
semantic is not defined yet.

• isds_envelope->timestamp is optional now. Some ISDS services can return
message without time stamp as can do not exist yet.

• Cookie-tracked session authentication changed to stateless. That means
password is transmitted to server on each request. Password is cached by
libcurl library until connection gets closed. Also different server locators
for non-certificate and certificate client authentication emerged. Old log-in
method will be canceled on 2010-07-01. Old libisds versions become useless.
Upgrade is strongly recommended.

• Static and out-of-source directory compilation is supported now.

• New function isds_normalize_mime_type(): translates file name extension to
MIME type (because official ISDS client is broken). This can be globally
enabled by isds_set_opt().

• Context parameters can be set by isds_set_opt(): TLS options (isds_set_tls()
is deprecated now), MIME type normalization (new: mangle document MIME type
in incoming messages into more reasonable values).

• Deprecated functions removed: isds_load_received_message(),
isds_log_signed_message().

• isds_DbUserInfo.caState added (country of contact address).

• isds_get_delivery_info() fixed to produce standard raw representation of
delivery details that can be loaded by isds_load_delivery() back.

• New function guess_raw_type(): detects type of supported message and
delivery details formats. Detected format can be supplied to
isds_load_message(). This way, application can automagically load and parse
any supported format.

• libcurl debug messages are caught by libisds and redirected to library
logger (ILF_HTTP facility).

Version 0.2.1
=============

• Libs value in libisds.pc pkg-config module fixed.

Version 0.2
===========

• X.509 client certificate authentication is supported (but not tested yet).
Underlying HTTPS cURL library supports OpenSSL, GnuTLS and NSS cryptographic
back ends currently.

Current legislation requires to use cryptographic module with unexportable
private key. I've tested ASEKey produced by Athena Smartcard Solution
with OpenSSL back end successfully (a patch for curl-7.20.0 is required).

Example code client/certauth.c and server/tls/peer server and CA, server and
client cryptographic material are bundled. 

• Application can pass CRL PEM file to cryptographic library.

• Library offers pkg-config integration. Application build scripts can check
`libisds' pkg-config module and use PKG_CHECK_MODULES() m4 macro.

• Application can get dynamic string describing library version and its
dependencies at run-time (isds_version()).

• API changed and is not backward compatible. Please adjust and recompile your
applications.

• Library tests have been splitted to off-line (--enable-test) and on-line
(--enable-online-test) tests. On-line tests can not be compiled without
off-line tests. All tests are switched off by default.

• Server base URL for isds_login() does not contain path anymore. Application
must supply schema and hostname only (e.g. https://localhost/). Undefined base
URL will be interpreted as official ISDS locator.

• Base URLs of official ISDS server (isds_locator) and testing ISDS server
(isds_testing_locator) are provided by library. Application can offer them as
default choices to the user.

• Documents can be submitted for authorize conversion into Czech POINT system
(czp_convert_document(), requires specific isds_ctx).

• Application can catch all global log messages and redirect them wherever it
needs.

Version 0.1
===========

• This is first public release. Whole ISDS 2010-01-22 specification is covered
except: XML documents, X.509 authentication