398 lines
20 KiB

v3.3.0-RC14 2023-08-29
* build system changes by Heck: switched from local.conf to build.conf, made
more flexible in order to support one single build configuration file for
every pEp component.
This is definitely an improvement, but is an *incompatbile* change.
v3.3.0-RC13 2023-07-24
* fix test suite failures by restoring is_me to its previous counter-intuitive
Re-implement the same logic as the previous replacement for is_me ia a new
separate function used by encrypt_message, so that we do not weaken the fix
for .
v3.3.0-RC12 2023-07-18
* fix bug in fix for 168. This closes
Yes, again.
v3.3.0-RC11 2023-07-18
* fix bug in fix for 168. This closes
v3.3.0-RC10 2023-07-13
* Make echo_api.h easy to #include from adapters and not only from the Engine
v3.3.0-RC9 2023-07-13
* Make send_ping an API function. It is useful to have it available from
adapters and possibly from expert-oriented applications such as pEp-mail-tool.
v3.3.0-RC8 2023-07-10
* Fix
* Fix
v3.3.0-RC7 2023-06-23
* New API functions (temporary):
stringpair_list_delete_by_key_possibly_case_sensitive ,
stringpair_list_delete_by_key, stringpair_list_delete_by_key_case_insensitive
v3.3.0-RC6 2023-06-22
* New API functions message_remove_opt_field, message_set_opt_field.
* Refuse to encrypt or compute output rating unless the From identity is own.
This closes
v3.3.0-RC5 2023-06-12
* append_string: fix potentially serious pointer bug in utility function.
v3.3.0-RC4 2023-05-26
* Dependencies: use the latest YML, 2.7.6.
* Fix , cleanly.
Remove the temporary kludge hiding the known violated requirement.
v3.3.0-RC3 2023-05-22
* fix NEWS.
* build system: fix the '-dirty' suffix in the commit identifier generated by
Makefile.conf .
* As a temporary workaround for
replace an assertion with a visible log message printing “WRONG WRONG WRONG
This will make it possible to test the Engine without being bothered by crashes
* DEPENDENCIES: Require pEpEngineSequoiaBackend v1.1.0 , which contains some
security fixes.
v3.3.0-RC2 2023-05-18
* Make PEP_LOG_ASYNC actually take effect, but calling
config_enable_log_synchronous *after* the log subsystem has been initialised.
No visible API change, but when defining PEP_LOG_ASYNC and with the database
log destination configured in the user should feel the Engine to be faster.
* pEp_abort_unless_PEP_NOABORT: add a session parameter (as the only parameter);
this is important in case the function is called by adapters.
* build system improvements: add the CPP macros
defined by the makefile directly on the compiler command line, as string
literals. Platforms not using make to build the Engine should supply these.
* in case of assertion or requirement failure print the expansion of the macros
above, to help people reporting bugs. No API change.
* minor internals overhaul: build system, logging entries, whitespace, some
minor factoring.
* When initialising database connection run the correct pragma:
PRAGMA foreign_keys=ON;
with an "s". The incorrect PRAGMA name I had written before, omitting the
trailing "s", was silently ignored; some SQL statements in the Engine rely on
CASCADE constraints being enforced, and the missing constraint caused very
subtle inconsistencies and changes of behaviour, for example breaking
Closes (this
bug probably did not affect any released version).
v3.3.0-RC1 2023-05-11
* Make string lists and identity lists nicer to use, with new non-destructive
functions. These functions are all declared as API functions in order for
them to be accessible to the adaptors as well.
New API functions stringlist_cons, stringlist_reversed, identity_list_cons,
identity_list_cons_copy, identity_list_reversed .
* Improve SQL concurrency. The current change should be a proper fix to ; I was able
to see that problem again after upgrading to the latest Thunderbird, but now
even that is solved.
Solving this required a trick which is conceptually dirty, even if not complex
in terms of code size. No external API change.
* Add the pEp-engine-print-log script, useful to print database-destination logs
in a compact textual format. This simple bash script is useful for developers
and possibly service people.
* Be consistently case-insensitive when handling header names and MIME types.
* Merge dirk's two xcode build-system commits from .
* Remove support for _PEP_SQLITE_DEBUG; fail cleanly at compilation time if a
user tries to build with it.
v3.2.1 2023-03-23
* DEPENDENCIES: require an official release of libpEpTransport.
v3.2.0 2023-03-23
* CI fixes, thanks to dvn:
Closes .
* Update the API specification in api/ so that we can machine-generate more
code. Not finished yet, but this might help concurrent development such as .
* Solve a benign but distracting intermittent test suite failure, that happens
on the CI machine but not on positron's laptop.
Closes .
v3.2.0-RC27 2023-03-16
* Fix management database upgrading from versions older than 13; no API changes.
* Fix benign test suite failures: we are back to zero expected failures.
v3.2.0-RC26 2023-03-03
* Merge from
Dirk: build system updates, after I added a new compilation unit.
v3.2.0-RC25 2023-03-01
* Merge (build
fixes for ios, thanks to Dirk).
* New environment variable PEP_LOG_ASYNC: when defined (to any value) make
database-destination logging asynchronous, which is less reliable in case of
crashes but faster by several orders of magnitide.
New API function to control the same feature at configuration level, per
DYNAMIC_API void config_enable_log_synchronous(PEP_SESSION session, bool enable);
* Fix API function get_crashdump_log: it is now back to work correctly if
logging is enabled with a database destination; otherwise, return a status
different from PEP_STATUS_OK.
Closes .
* Update YML2 dependency (reported by Dvn).
* Release builds of the Engine are now compiled (on platforms using make)
without debugging symbols, in order to work around .
v3.2.0-RC24 2023-02-20
* log the current thread id along with the current process id. When stuck on
a backoff loop write a log line once every PEP_BACKOFF_TIMES_BEFORE_LOGGING
failed attempts.
Closes .
v3.2.0-RC23 2023-02-09
* some documentation updates: link build instructions from .
* improve logging, in particular making it very visible when we discover that a
key expired or was revoked.
* Give the asn en/de-coders a much bigger stack size by patching asn_internal.h
. This is a direct fix (thanks to Dirk) of a problem presumably already
solved by rate-limitation; building with sanitisers on ios should now be
convenient again.
Closes .
Closes .
* Build system fixes to compile on Windows, contributed by Alex Sualdea and Jörg
Closes .
* Incompatible API change: remove unused obj parameters from API functions
do_sync_protocol and do_sync_protocol_step ; this change is easy to adjust to
but will break every adapter.
Closes .
v3.2.0-RC22 2023-02-01
* New API function PEP_STATUS_is_error.
Closes .
* Avoid the use of #warning, not supported by the microsoft compiler.
Closes .
v3.2.0-RC21 2023-02-01
* DEPENDENCIES: use the new pEpEngineSequoiaBackend release; this includes some
build system improvements to which we Engine people contributed, making
pEpEngineSequoiaBackend easy to install with make following the pEp
* local.conf.example: in order to build the Engine in safety mode 'release' the
DEBUG variable must now be defined as 'release', instead of being set to be
* bug fix: actually keep into account the safety mode to determine the Engine
compiler flags, so that optimisation and the presence debugging symbols can
be controlled.
Now default to *always* compiling with debugging symbols; however this new
behaviour can be overridden...
* local.conf.example: ...with new user-overridable variable
COMPILEWITHDEBUGGINGSYMBOLS , which lets the user decide whether the Engine is
compiled with the -g (or equivalent) option.
* Build system: PER_MACHINE_DIRECTORY: change the default value to use PREFIX.
I suspect the previous default was not used much.
* Add cute banner shown when invoking make.
* Fix zero-argument C function prototypes and definitions so as to use (void)
rather than (). This is the correct solution and the fix prevents huge
volumes of distracting warnings from some compilers (reported by heck with
least apple clang 14).
This fixes .
* Fix in 3.x as
well by adding a test case documenting the behaviour difference; the
unexpected ugly status code was only returned in 2.x, which required a
non-trivial fix.
* If the environment variable PEP_NOABORT is defined, to any value, never abort
on failure indepdendently from the fatality mode. This is meant for internal
use with the pEp Engine test suite, but users and developers of other pEp
components might also find this useful.
This solves .
* documentation: mention do_sync_protocol_init , previously forgottem, in the
NEWS entry for v3.2.0-RC20 (2023-01-23).
* Fix : no
longer prematurely free identity list in update_identity.
* Echo: add pEp-auto-consume header.
v3.2.0-RC20 2023-01-23
* make register_sync_callbacks really side-effect-free; this fixes (Thanks to
Heck.) This contributes to unblock .
* In relation to the change above: new API function do_sync_protocol_init ,
which initialises the Sync state machinery independently from
register_sync_callbacks (which now *only* sets callback functions).
* undo recent Makefile changes related to Sequoia: a cleaner solution is
v3.2.0-RC19 2023-01-18
* The logging facility can now enabled and disabled from a configuration
function, the new API function
DYNAMIC_API void config_enable_log(PEP_SESSION session, bool enable)
. By default logging is now disabled, unless the environment variable PEP_LOG
is defined to any value.
This solves
* sql_reliability: remove debugging prints, replace with more generally useful
v3.2.0-RC18 2023-01-18
* Fix : it is
now possible to open multiple concurrent threads with a database logging
No user-visible changes, other than more reliability.
* Make SQL transactions robust by not assuming, incorrectly, that COMMIT
SQLITE_LOCKED inside an EXCLUSIVE tranaction. This improves
with a fix in the same spirit of .
Again no user-visible changes, other than more reliability.
v3.2.0-RC17 2023-01-18
* general overhaul of concurrent SQL execution, adding loops with exponential
backoff and EXCLUSIVE transactions. This should solve many concurrency
problems (see src/sql_reliability.h ).
This fixes .
Even if this is an important change there is no API change related to this
v3.2.0-RC16 2023-01-17
* rewrite some CPP macros working around problems (I indeed suspect a bug:
macro expansion contained parentheses not in macro definitions) with
microsoft's compiler. Reported by Alex, who helped testing my proposed
redefinitions. The current code is meant to work on every platform.
v3.2.0-RC15 2023-01-13
* move state machine initialisation out for callback registering. This avoids
that Sync beacon messages are sent at session initialisation (thanks to Volker
* Echo protocol: implement a rate limit on Ping and Pong messages to each
destination identity, from each device. This prevents flooding with Ping or
Pong messages.
* update pEpEngineSequoiaBackend dependency: this in its turn will use a more
recent sequoia-openpgp, which fixes a performance bug.
* update_pEp_user_trust_vals: fix and generalise my previous fix.
v3.2.0-RC14 2022-12-22
* Provide a local.conf.example .
* In local.conf.example explain how the DEBUG variable has changed behaviour
in an incompatible way since Engine 3.2.0-RC13 .
* New API function stringpair_list_find_case_insensitive .
* When searching for message headers always compare names case-insensitively.
This is an incompatibile change, but the previous behaviour was incorrect.
* bug fix in set_as_pEp_user: do not hardwire the pEp protocol version to 2.1!
The code doing that was particularly treacherous. In order to prevent such
errors in the future, introduce and use...
* PEP_VERSION is now only a deprecated alias for PEP_PROTOCOL_VERSION,
automatically computed from the two macros above.
the old name as a compatibility alias
* PEP_enc_format: new case aliases PEP_enc_PEP_message_v1 and
PEP_enc_PEP_message_v2; the numeric values have not changes.
* rating_to_string: add a case for PEP_rating_media_key_protected, fixing #94.
* fix windows compilation problem releated to strcasecmp; problem reported by
Alex. This fixes .
* New protocol version 3.3.
The only difference is the new handling of trustwords with RIPEMD-160.
* Unfortunately we have to disable backward compatibility by default to prevent
downgrade attacks.
Compatibility with older protocols requiring xor trustwords is kept if the
Engine is built with the CPP macro
PEP_TRUSTWORDS_XOR_COMPATIBILITY defined. This can be accomplished by adding
to the command line, or (when using our Makefile) by building with the make
Explicitly calling get_xor_trustwords_for_fprs will always yield xor
* A further incompatible change in xor trustwords, "[A_XOR_A]": combining an fpr
with itself no longer returns the same fpr as the result. In other words we
no longer have a special case to force
for every A A xor A == A
. Instead I am switching to the correct alternative: now
for every A A xor A == 0
. The test suite used to explicitly check this case; I changed the test suite
to agree with Mathematics.
I significantly factored, rewrote and and cleand up the old trustword code in
src/message_api.c .
* local.conf.example: document TRUSTWORDSXORCOMPATIBILITY.
* PUBLIC_API get_trustwords_for_fprs ranamed to
get_xor_trustwords_for_fprs : this implements the old, weaker FPR combination
which might be vulnerable to a collision attack
(It is not possible to write a higher-level backwards-compatible function
get_trustwords_for_fprs which decides the best algorithm: the two FPRs are
not enough to decide which algorithm is needed)
get_ripemd_trustwords_for_fprs : this implement the new, stronger FPR
* The following PUBLIC_API functions have a new behaviour but the same API:
* get_trustwords (taking identity arguments)
* get_message_trustwords (taking a message and a recipient identity)
In case xor-trustwords-compatibility is disabled these function now return
PEP_TRUSTWORD_NOT_FOUND (instead of mismatching trustwords) when refusing to
* Bug fix: update the pEp protocol version supported by a communication partner
on successful decrpyption of a message from her (including on PEP_UNENCRYPTED);
I believe that this behaviour had always been intended.
* add a THANKS file
v3.2.0-RC13 (not announced)
* add NEWS file
* add release script (for the Engine maintainer): the Engine version is now in a
machine-generated file src/pEpEngine_version.h
* Merge pull request 'PEMA-41 Make the ObjC adapterbuild for iOS agains the
latest engine (master/v3.2.0-RC11)' (#92) from dirk/pEpEngine:PEMA-41 into
v3.2.0-RC12 2022-11-22
* handle_pong: fix bug preventing notification from being called, reported by
Alex Sualdea
* Merge pull request 'PEMA-103-hotfix' (#88) from
TSaschabc/pEpEngine:PEMA-103-hotfix into master
* Update sqlite amalgamation to 3.40.0
v3.2.0-RC11 2022-11-16
* add the new pEp_log functionality -- notice that some platform code is
UNTESTED; I am waiting for feedback from platform maintainers;
* add the new pEp_debug functionality;
* convert existing code to use the new logging and debugging functionality;
* set_debug_color: remove DYNAMIC_API function.
* log_event, log_service, _service_error_log: remove DYNAMIC_API functions,
replaced by the new log functionality in src/pEp_log.h; I could re-implement
the old functions based on the new API if people want that, but using the API
v3.2.0-RC10 2022-10-12
From this point on we consistently adopt the new naming scheme for tags: we
start the tag name with "v" instead of "Release_".
* fix compilation on windows (probably: untested).
Release_3.2.0-RC9 2022-10-12
* BUILD: Fix - Effectively add include and lib dir from local.conf' (#82)
* unfinished debug / log changes
* (broken on windows)
v3.2.0-RC8 2022-10-05
No complete change log for this RC, the first in the 3.x series to be actually
used. The most important change from 2.x is Key-Election Removal; the list of
other changes (but not the changes themselves) is now lost.
* Switch from the old Sequoia-FFI to pEpEngineSequoiaBackend;
* Distribution.Echo protocol, ported from 2.x;
* Media keys, ported from 2.x;
This is a list of changes since Autumn 2022. We did not formally keep track of
changes older than that, and in particular the changes from v2 to v3 are too
numerous to list.
Newer changes are at the top of this file.