You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
pEpEngine/NEWS

120 lines
5.7 KiB

* update pEpEngineSequoiaBackend dependency: this in its turn will use a more
recent sequoia-openpgp, which fixes a performance bug.
* update_pEp_user_trust_vals: fix and generalise my previous fix.
v3.2.0-RC14
* Provide a local.conf.example
* In local.conf.example explain how the DEBUG variable has changed behaviour
in an incompatible way since Engine 3.2.0-RC13
* New API function stringpair_list_find_case_insensitive
* When searching for message headers always compare names case-insensitively.
This is an incompatibile change, but the previous behaviour was incorrect.
* bug fix in set_as_pEp_user: do not hardwire the pEp protocol version to 2.1!
The code doing that was particularly treacherous. In order to prevent such
errors in the future, introduce and use...
* PEP_PROTOCOL_VERSION_MAJOR, PEP_PROTOCOL_VERSION_MINOR: ...New macros.
* PEP_VERSION is now only a deprecated alias for PEP_PROTOCOL_VERSION,
automatically computed from the two macros above.
* Rename PEP_CANNOT_SET_PEP_VERSION to PEP_CANNOT_SET_PEP_PROTOCOL_VERSION; keep
the old name as a compatibility alias
* PEP_enc_format: new case aliases PEP_enc_PEP_message_v1 and
PEP_enc_PEP_message_v2; the numeric values have not changes.
* rating_to_string: add a case for PEP_rating_media_key_protected, fixing #94.
* fix windows compilation problem releated to strcasecmp; problem reported by
Alex. This fixes
https://gitea.pep.foundation/pEp.foundation/pEpEngine/issues/109 .
* New protocol version 3.3.
The only difference is the new handling of trustwords with RIPEMD-160.
* Unfortunately we have to disable backward compatibility by default to prevent
downgrade attacks.
Compatibility with older protocols requiring xor trustwords is kept if the
Engine is built with the CPP macro
PEP_TRUSTWORDS_XOR_COMPATIBILITY defined. This can be accomplished by adding
-DPEP_TRUSTWORDS_XOR_COMPATIBILITY=1
to the command line, or (when using our Makefile) by building with the make
variable TRUSTWORDSXORCOMPATIBILITY defined.
Explicitly calling get_xor_trustwords_for_fprs will always yield xor
trustwords.
* A further incompatible change in xor trustwords, "[A_XOR_A]": combining an fpr
with itself no longer returns the same fpr as the result. In other words we
no longer have a special case to force
for every A A xor A == A
. Instead I am switching to the correct alternative: now
for every A A xor A == 0
. The test suite used to explicitly check this case; I changed the test suite
to agree with Mathematics.
I significantly factored, rewrote and and cleand up the old trustword code in
src/message_api.c .
* local.conf.example: document TRUSTWORDSXORCOMPATIBILITY.
* PUBLIC_API get_trustwords_for_fprs ranamed to
get_xor_trustwords_for_fprs : this implements the old, weaker FPR combination
which might be vulnerable to a collision attack
(It is not possible to write a higher-level backwards-compatible function
get_trustwords_for_fprs which decides the best algorithm: the two FPRs are
not enough to decide which algorithm is needed)
* New PUBLIC_API:
get_ripemd_trustwords_for_fprs : this implement the new, stronger FPR
combination
* The following PUBLIC_API functions have a new behaviour but the same API:
* get_trustwords (taking identity arguments)
* get_message_trustwords (taking a message and a recipient identity)
In case xor-trustwords-compatibility is disabled these function now return
PEP_TRUSTWORD_NOT_FOUND (instead of mismatching trustwords) when refusing to
downgrade.
* Bug fix: update the pEp protocol version supported by a communication partner
on successful decrpyption of a message from her (including on PEP_UNENCRYPTED);
I believe that this behaviour had always been intended.
* add a THANKS file
v3.2.0-RC13
* add NEWS file
* add release script (for the Engine maintainer): the Engine version is now in a
machine-generated file src/pEpEngine_version.h
* Merge pull request 'PEMA-41 Make the ObjC adapterbuild for iOS agains the
latest engine (master/v3.2.0-RC11)' (#92) from dirk/pEpEngine:PEMA-41 into
master
v3.2.0-RC12
* handle_pong: fix bug preventing notification from being called, reported by
Alex Sualdea
* Merge pull request 'PEMA-103-hotfix' (#88) from
TSaschabc/pEpEngine:PEMA-103-hotfix into master
* Update sqlite amalgamation to 3.40.0
v3.2.0-RC11
* add the new pEp_log functionality -- notice that some platform code is
UNTESTED; I am waiting for feedback from platform maintainers;
* add the new pEp_debug functionality;
* convert existing code to use the new logging and debugging functionality;
* set_debug_color: remove DYNAMIC_API function.
* log_event, log_service, _service_error_log: remove DYNAMIC_API functions,
replaced by the new log functionality in src/pEp_log.h; I could re-implement
the old functions based on the new API if people want that, but using the API
v3.2.0-RC10
From this point on we consistently adopt the new naming scheme for tags: we
start the tag name with "v" instead of "Release_".
* fix compilation on windows (probably: untested).
Release_3.2.0-RC9
* BUILD: Fix - Effectively add include and lib dir from local.conf' (#82)
* unfinished debug / log changes
* (broken on windows)
v3.2.0-RC8
No complete change log for this RC, the first in the 3.x series to be actually
used. The most important change from 2.x is Key-Election Removal; the list of
other changes (but not the changes themselves) is now lost.
Highligths:
* Switch from the old Sequoia-FFI to pEpEngineSequoiaBackend;
* Distribution.Echo protocol, ported from 2.x;
* Media keys, ported from 2.x;
This is a list of changes since Autumn 2022. We did not formally keep track of
changes older than that, and in particular the changes from v2 to v3 are too
numerous to list.
Newer changes are at the top of this file.