Removed --convert and automatic conversion code.

[pwmd.git] / NEWS

PWMD v2.21
----------
Check for glib 2.14.0 at configure time.

Fixed a huge bug by initalizing pth_init. Was unnoticed until I got a new
machine. So if things weren't working before they should now.

The default recursion depth when resolving target attributes is now 100.

Removed the KEEPALIVE status message since some commands will be unable
process them and cause the command to fail.

Added the NEWFILE status message when opening a new file.

COPY and MOVE command bugfixes. See ChangeLog for details.

Another huge bugfix: salt the passphrase to prevent dictionary attacks.

Require libgcrypt 1.5.0.

Removed the --base64 OPEN and SAVE command options.

Removed the --convert command line option and automatic conversion from pwmd
version prior to 2.14.


PWMD v2.20
----------
Do as the documentation says and let CLEARCACHE always return 0 even when a
filename is specified.

Exit when there is a failure adding files to the cache on startup unless
the new option --ignore is passed on the command line.

The VERSION command now appends compile time features to the version number.

A few minor bugfixes. See ChangeLog for details.


PWMD v2.19
----------
Changed the HELP command to send parsable data to the client (data response).

Fixed validating element names again. They wont allow any whitespace
(including newlines).

The "key" configuration parameter was previously reset to an empty string
after parsing. It is now removed completely from the configuration handle.
This fixes the GETCONFIG command returning an empty string. It now returns an
error.

GETCONFIG now returns GPG_ERR_UNKNOWN_OPTION rather than GPG_ERR_NO_VALUE for
unknown configuration options.


PWMD v2.18
----------
Added OPEN and SAVE command option --inquire to use a server inquire to
retrieve the filename and passphrase. This lets the passphrase be more than
the assuan protocol line limit of 1000 bytes. This option also changes how the
"key_file" configuration parameter is handled when it exists for a file that
doesn't have a cache entry: an --inquire can be used to set the key rather
than returning an error.

Added OPEN and SAVE command option --base64 to specifiy that the passphrase is
Base64 encoded. The passphrase will be decoded before encryption and
decryption. This allows for binary keys which may be sent via an --inquire.

GPG_ERR_NOT_IMPLEMENTED is returned when a known pinentry command or option is
requested but no pinentry support was compiled in. Previously,
GPG_ERR_UNKNOWN_OPTION or other error was returned.

Fixed the CLEARCACHE command corrupting the key_cache when clearing all cache
entries.

A few other changes and cleanups. See ChangeLog for details.


PWMD v2.17
----------
This version introduces command options which should be specified before
command arguments. The SET command which used to be the way to specify an
option is deprecated for the option that can be used in a command.

Added OPEN options --lock and --pinentry.

Added SAVE options --reset, --pinentry, --iterations and --cipher.

Added LIST options --no-recurse and --verbose.

Fixed a segfault in pinentry on the second try of the same client.

Changed how the OPEN command handles a previously opened file on failure. Now,
the previously opened file will be closed rather then kept open.

The _mtime attribute is now modified when creating root elements and with the
IMPORT, RENAME, COPY and MOVE commands.

COPY command bugfix when the source element path contained no child element
nodes. The node was being renamed.

The cipher for the data file is now properly restored during the next SAVE. It
always reverted back to AES256.


PWMD v2.16
----------
Portability fix for systems without SO_PEERCRED.

Use xmlSetProp() for settings attributes. May fix something, not sure.

Added an "_mtime" attribute which is updated each time an element is modified.


PWMD v2.15
----------
Fixed the RC_ON_LOCKED and LOCK_ON_OPEN options when opening another file
using the same connection.

Fixed cleaning up the client when it disconnects while waiting for a file
mutex lock. This fixes sending the STATUS_CLIENTS message to other connected
clients rather than having to wait for the next client connect or disconnect.


PWMD v2.14
----------
Security fix for the key_file configuration parameter. Previous versions used
fgets() to read up to one line of key data. The problem is that it stops
reading at a null byte or a newline character which will truncate your key
data at that byte position. This can be very bad if you think you have secure
randomly generated key data since those bytes can be anywhere in the key file.

The fix is to pay attention to the log message warning about truncated key
data and make note of the byte position. If you were to SAVE the associated
data file and haven't already truncated your key_file to the mentioned byte
position then the next OPEN will fail. You'll can truncate the actual key_file
by doing:

        head -c BYTE_OFFSET < key_file > new_key_file

The BYTE_OFFSET is the truncated byte position mentioned in the log message.
Then move the new_key_file to replace the old key_file.

Or you can skip that step and do:

        echo DUMP | pwmc datafile > raw_xml

Then do an pwmd XML import (--import) of raw_xml file using a newly generated
key_file (--key-file) which may now contain null bytes or newline characters
without any problems. The 'pwmc' command is included with libpwmd.


PWMD v2.13
----------
Fixed a segfault in the MOVE command.

Fixed the MOVE command to allow overwriting the destination even if the
destination is a parent of the source.

Fixed a segfault in do_assuan_command() do to an invalid free().

Fixed commands returning GPG_ERR_ASS_WRITE_ERROR when no keepalive timeout was
specified (disabled). Don't create a timeout event. Also changed the timeout
event error code to return GPG_ERR_TIMEOUT.

The default iteration_progress has changed from 0 to 1000.

Fixed a segfault in the COPY command that would get triggered when copying a
tree previously copied and the destination was to a child of the copy.

Changed how the SAVE command handles a specified key when encryption
iterations is 0. Rather than keep the iterations at 0, reset it to the global
iterations settings or 1 if that setting is also 0. Since a key was specified
it is assumed that the file should be encrypted. This prevents misuse and
confusion.


PWMD v2.12
----------
This version changes how the elements are accessed and breaks data file
compatibility with previous versions. Conversion is done automatically unless
you have elements in your data file name "element" or attributes named "_name".
The reason for the change is that the XML parser doesn't like commonly used
characters in element names (for example, an email address or digit as the
first character). So the solution is to use an attribute to store the name of
the element and let the actual element be generic. All elements in your data
file will be renamed to "element" with an attribute "_name" being the original
element name. Be sure to make a backup copy of your data file. I hope you find
the change worth it.

Fixed creating element paths that had children of the same name as the parent.

Added the MOVE command. This will move an element path to another location in
the document. Faster than a COPY/DELETE.

Added client option RC_ON_LOCKED. If set, rather than sending a status message
when the file mutex is locked, an error code will be sent instead; stopping
the command.


PWMD v2.11
----------
Another fix for the COPY command. This one fixes copy siblings of the source
element and also fixes references to a free'd pointer.


PWMD v2.10
----------
Added command XPATHATTR. This will operate on attributes of the expression
nodeset.

XPATH now return GPG_ERR_ELEMENT_NOT_FOUND when the expression doens't match
any elements. It used to return GPG_ERR_NO_VALUE.

ATTR SET no longer requires a value.

GPG_ERR_NO_VALUE is returned from ATTR GET for attributes without a value.


PWMD v2.9
----------
Don't require libassuan 2.0 anymore. Use the static library included in the
archive like was done before pwmd 2.2. This is needed for use with libpwmd
and fixes a bug with libgpg-error return codes.

Fixed another stupid bug with the RENAME command.

Added SET option LOCK_ON_OPEN to lock the file mutex after a successful OPEN
as if the LOCK command had been sent.

Added the LS protocol command to list files in data_directory.


PWMD v2.8
----------
Fixed the RENAME command to handle target attributes and ambiguities.

Unicode fixes.

Fixed validating element names.


PWMD v2.7
----------
Fixed the COPY command to handle root elements and to copy attributes too.

Fixed the RENAME command to overwrite an existing element tree of the same
value.

Since Valgrind and dmalloc don't like PTH threads --enable-debug now prints
out a backtrace of each allocation so finding memory leaks is easier/possible.
The output of xdump() shows non-freed pointers which can be found in the
backtrace output then processed through addr2line to find where it occured.

Fixed a few memory leaks.

Fixed handling of SIGABRT.


PWMD v2.6
----------
Fixed a nasty bug that may have existed in all previous versions that would
cause a segfault do to an invalid return value from pth_exit().

The default keepalive is now 0 or disabled. It was added during testing of
remote connections over TLS and kept for use with libpwmd and SSH connections.
The development version of libssh2 has connection timeout support so there
really isn't any reason for doing keepalives in pwmd. This also fixes longer
running processes linked with libpwmd that keep a connection open but do not
parse status messages. pwmd would therefore kill the connection.


PWMD v2.5
----------
New configuration parameter "allowed" to specify which users are allowed to
connect to the unix domain socket. The default is the invoking user only.

Fixed the IMPORT command to let it handle "target" attributes properly.

Let "disable_list_and_dump" be resetable during SIGHUP but only if not
permissive (TRUE).


PWMD v2.4
----------
Reworked the IMPORT command to let it create root elements. The syntax has
changed to have the content as the first argument and the element path, if
any, as the remaining arguments after the content which is now TAB, rather
than space, separated.

Changed how the "target" attribute value is stored in the document.  Rather
than storing the resolved destination argument, first check to see if the
element path (which may contain other target attributes) is valid then store
the specified path as the "target" attribute value.

A few bugfixes. See ChangeLog for details.


PWMD v2.3
----------
The DISPLAY and TERM environment variables are unset just before entering the
server loop. Clients wanting to use pinentry must set these options manually
or configure ~/.pwmd/pinentry.conf. This fixes pwmd using these variables
which may no longer be valid.

Ported to libassuan 2.0. There is no longer a static libassuan included in the
archive since this version supports building a DSO.

Fixed the COPY command copying only the the first element of the tree. How'd
that happen?


PWMD v2.2
----------
Bugfix for pushing non-encrypted files into the cache.


PWMD v2.1
----------
A new GnuPG key is being used to sign releases and git tags. The new key-id is
0xB140DCE2. The old key-id 0xF2B33BEF should be considered revoked do to a
data loss (not pwmd's fault, though).

Added an "age" attribute to the document element. This attribute is updated to
the time of the last SAVE.

Added support for using different ciphers when saving a data file. This adds a
new configuration parameter "cipher" and also adds a new option "SET CIPHER".
See the manual page for supported ciphers.

Added a new configuration parameter "log_level".

Added the RENAME command to rename an element.

Added the COPY command to copy an element tree to an element path.

Always use the passphrase specified with the OPEN command, if any, even when
the (encrypted) file has been cached.

Fixed converting an unencrypted data file.

A few portability fixes for 64-bit machines.

Added configuration parameter "debug_file" to log all protocol IO to the
specified file.


PWMD v2.0
----------
This version breaks data file compatibility with previous versions but has an
option to convert your existing data file to the new format. See the manual
page about the --convert command line switch. Future versions that have data
file changes shouldn't have this problem.

Requires a C99 compiler.

libassuan is included statically. There is no longer an external dependency.

Better handling of unexpected client disconnects and status messages.

Added new protocol command VERSION.

Added new protocol commands SET and UNSET. SET replaces the old OPTION
command. UNSET resets an option to its default value.

Pinentry is used when importing, converting and pushing files from the command
line. It can also be disabled to use regular terminal input.

The file cache is a GSList rather than a mmap()'ed page of memory. This allows
for an unlimited number of data files but changes the CACHE status message to
only show the number of cached files and not any total.

Removed EPWMD_MAX_SLOTS, EPWMD_ERROR and EPWMD_ELOOP.

Added new XFER status message. This is sent after every ASSUAN_LINELENGTH
bytes when tranferring data lines. This adds a new configurations parameter
"xfer_progress".

Option ACL (Access Control List) support. When --enable-acl is passed to
configure, data files with an ACL will be retained after a SAVE or inherited
from the data_directory if new.

The ISCACHED command now checks for file existance. Returns GPG_ERR_NOT_FOUND
if it exists but not found in the file cache or an errno from access(2).

Renamed a few SET (old OPTION command) parameters to match the rcfile
parameter names so GETCONFIG will work better:
        PINENTRY -> ENABLE_PINENTRY
        TIMEOUT  -> PINENTRY_TIMEOUT
        PATH     -> PINENTRY_PATH

Removed the old CLIENT option. The old NAME sub-option can be set with SET
NAME=VALUE.

Changed how GETCONFIG handles per-session option changes for some options. If
no file is specified and the specified option was previouly SET, then the SET
value is returned. Else the option for the specified file is read from the
configuration file.

GETCONFIG <filename> ITERATIONS will read the file header of the specified
file. Useful if using a local pinentry and you need to determine if a filename
is encrypted or not.

SET ITERATIONS requires an open file.

The configuration parameters "pinentry_timeout" and "enable_pinentry" can now
be set per-file in the configuration file.

Can now use both short and long command line options.

The CACHETIMEOUT command has had its arguments flipped to keep consistancy
with other commands: CACHETIMEOUT <filename> <seconds>