| blob | 8cff5e643caf49a2b53f31d08889623b50f55aa9 |
1 PWMD v3.2
2 ---------
3 Add the BULK protocol command to allow sending multiple commands using an
4 (semi) s-expression syntax. This can speed up remote connections quite a bit
5 since less socket IO is needed. This also adds a BULK status message to inform
6 the client of the current bulk command being run which may be needed when a
7 command inquires data from the client.
9 No longer flood a TLS client with assuan protocol comment lines when spinning
10 in a read.
12 The _mtime and _ctime element attributes can no longer be modified or removed
13 by a client.
15 All known attributes to pwmd are now prefixed with an _:
16 "target" -> "_target"
17 "expire" -> "_expire"
18 "expire_increment" -> "_age"
20 Added a "_version" attribute to the document root element to hold the current
21 version of pwmd.
24 PWMD v3.1.1
25 -----------
26 The XFER status message is now sent only once and before the transfer starts
27 leaving it to the client to calculate the amount of data tranferred.
29 Added "LS --verbose" to include the filesystem atime, mtime and ctime
30 timestamps of data files.
32 Build, portability and other bug fixes. See ChangeLog for details.
35 PWMD v3.1
36 ---------
37 The project has moved to GitLab (https://gitlab.com/bjk/pwmd/wikis). Downloads
38 are still available at SourceForge but the issue tracker, git repository and
39 wiki are now hosted at GitLab.
41 Re-added the "tls_use_crl" configuration parameter although it is disabled by
42 default.
44 DELETE no longer does any confirmation before deleting public and private
45 keys.
47 Portability and undefined behavior bugfixes. See ChangeLog for details.
50 PWMD v3.1-beta3
51 ---------------
52 The LS command now sorts filenames.
54 Fixed a long standing memory leak related to a client's thread name.
56 Key expiration is now ignored when OPEN'ing a data file. The next SAVE will
57 fail if using an expired key. See docs for details about what to do.
59 The CACHETIMEOUT command now requires an opened data file and no longer
60 considers an "invoking_user". The syntax has also changed to require only a
61 timeout parameter.
63 Added GENKEY --no-expire to allow creating keys that do not expire.
65 GENKEY now requires an opened data file.
67 Bug fixes. See ChangeLog for details.
70 PWMD v3.1-beta2
71 ---------------
72 New GENKEY command to generate a new keypair or subkey of an existing key
73 without saving the data file to disk.
75 Removed key generation altogether from the SAVE command. You must generate a
76 new key with the GENKEY command or use an existing key and pass the
77 fingerprint to the --keyid option. The --sign-keyid option is also required
78 for new data files.
80 The SAVE command now allows only a single signer. Although, multiple
81 recipients may be specified.
83 LISTKEYS no longer requires an open data file.
85 Added configuration parameter "strict_open" to prevent a (non-invoking) client
86 from creating a new data file.
88 New command DELETEKEY to remove the private key associated with the currently
89 opened data file from the keyring.
91 Added copy-on-write for commands that modify the document.
93 The DUMP command no longer does a checksum test.
96 PWMD v3.1-beta1
97 ---------------
98 Ported to libgpgme. Data files are now OpenPGP encrypted and signed. A signer
99 is required when using asymmetric encryption and optional if using symmetric
100 encryption.
102 New global configuration parameter "gpg_homedir". The default is
103 ~/.pwmd/.gnupg which will spawn a gpg-agent process with this as it's homedir.
104 The secret and public keyrings live here. To use your regular keyring set this
105 to ~/.gnupg. This removes the "gpg_agent_socket" configuration parameter.
107 Added the pwmd-dump(1) utility to dump the contents of a v3.0.x data file. The
108 output file can then be imported by using 'pwmd --import'. pwmd-dump can also
109 update a v3.1 raw XML file to the latest element or attribute changes by
110 passing the --xml option. See the pwmd-dump(1) manual page for details.
112 Removed the notion of "literal" elements. Targets are always followed for
113 elements that have a 'target' attribute. This changes how the ATTR command
114 works. See the pwmd texinfo or html docs for details. Also note the inherited
115 and reserved attributes for elements with a target.
117 The LIST command now always implies the deprecated '--verbose' and
118 '--with-target' switches and adds the '--recurse' switch to replace the also
119 deprecated '--all' switch.
121 Rewrote the LIST command to better handle recursion loops. Still needs some
122 work, though. See KnownBugs.
124 New special attributes 'expire' and 'expire_increment'. See docs for details.
125 This also adds a new STATUS_EXPIRE status message.
127 New command LISTKEYS to show available (secret) keyid's.
129 New command KEYINFO to show encryption and signing keyid's for an opened data
130 file and --learn to create private key stubs for keys stored on a smartcard.
132 New global configuration parameters "encrypt_to" and "always_trust".
134 Added connected timestamp field to 'GETINFO --verbose CLIENTS'.
136 New status messages PASSPHRASE_HINT and PASSPHRASE_INFO when pinentry is
137 disabled.
139 New global configuration option "backlog" to set the TCP backlog for TLS
140 connections. The default is 128 (Linux default, too).
142 All clients now are cancelled upon SIGINT and SIGTERM without waiting for them
143 to disconnect themselves.
145 Added OPTION CLIENT-STATE to allow a client to opt-in to receive client STATE
146 status messages. By default, no client state is sent.
148 CACHETIMEOUT now allows access to an invoking user.
150 TLS rehandshake support upon SIGHUP.
152 New configuration option "tls_dh_params_file". This removes "tls_dh_level".
154 Removed configuration option "tcp_wait".
156 OPEN: Always allow an invoking user.
158 CLEARCACHE: Reworked to test the client ACL for each data file.