2 - clarify documentation of oauth_curl
3 - fix possible memleak in oauth_curl (only relevant if an error occurs)
4 - fix TOCTOU in oauth_curl_post_file: the file may change between stat() and fopen()
7 - fix typos in documentation
8 - add xfree, xstrdup patch from Kedar Sovani
9 - prepare repository migration to github
10 - built-in sha1 support big&little endian
11 - (no changes to the actual library API or ABI)
14 - do not url-escape RSA-key for signature
17 - fix body-hash example code
18 - mark all oauth_http functions a deprecated
19 - freeze interface defitions for good
20 - enter maintenance/bug-fix only cycle
23 - fixed tiny memory leak when oauth_curl_get() fails
24 - fixed double-encoding of plaintext signature
27 - fixed typo, do not print a separator before first parameter
28 when serializing url for auth-header.
31 - added "built-in" hmac-sha1 hashing (no RSA).
32 - added some CURL options available via enviroment variables
33 - fixed issue with decoding already encoded characters
34 in the base-URL (not parameters).
35 reported by L. Alberto Giménez
38 - fixed possible memory corrution in oauth_curl_get
39 thanks to Bruce Rosen for reporting this issue
42 - yet more build-system fixes:
43 - allow to override HASH_LIBS and CURL_LIBS using envoronment variables
44 - include them in .pc and tests/Makefile.am
47 - fixed typo in build-system (LDFLAGS, -Wl,--as-needed detection)
51 oauth_time_indepenent_equals[_n] is now deprecated in favor of
52 oauth_time_independent_equals[_n]
53 - added check for 'Wl,--as-needed' linker flag.
56 - fixed typo in pkg-config file.
59 - added constant-time string compare function motivated by
60 http://rdist.root.org/2010/01/07/timing-independent-array-comparison/
61 - updated the build-system
62 - avoid indirect linking (curl, ssl)
63 - AS_IF expansion for PKG_PROG_PKG_CONFIG
64 - only build tests when running `make check`
67 minor changes to the build-system
68 - allow to overrice HASH_LIBS/CFLAGS (NSS, SpenSSL)
69 - fixes for static linking in src/Makefile.am
72 fixed whitespace in interface revision number
73 fixed test-build system:
78 removed non-posix prototypes
81 cleaned up man-page & added logo to html doc.
84 fixed pkgconfig dependencies (OpenSSL vs NSS)
87 added an interface to generate an OAuth HTTP Authorization header
88 and oauth_http_[get|post]2 to preform such requests,
89 as well as example code 'oauthtest2' to do so.
92 fixed potential NULL pointer exception when sorting
93 duplicate URL parameters without value.
94 It's a extremly rare edge-case - there's no practial
95 use for duplicate empty URL parameters - but it could
96 be used as a DOS attack-vector.
99 replaced a few forgotten mallocs with xmalloc.
102 replaced xmalloc with custom MIT-licensed version.
103 removed --enable-gpl configure option.
104 minor updates to README, documentation, etc.
107 added NSS as alternative to OpenSSL.
108 use OpenSSL or NSS random number generator for nonce.
111 proper naming: replaced oAuth -> OAuth.
112 fixed a few typos in the documentation.
115 resolved licensing issues:
117 * openSSL & GPL exemption
120 also use curl timeout for commandline curl
121 renamed --with-libcurl-timeout to --with-curl-timeout
124 added CURLOPT_TIMEOUT option.
125 available at compile time with configure --with-libcurl-timeout=<int>
128 added oauth_curl_send_data_with_callback
129 to use HTTP-methods other than GET&POST with libcurl.
132 configure options to disable curl & libcurl
133 replaced tabs with spaces in source
136 added oauth_post_data_with_callback() and
137 fixes for MSVC/WIN32 platform
141 added oauth_body_hash calulation
142 support for HTTP Posting data from memory.
145 added support for HTTP request methods other than GET & POST.
148 added oauth_sign_array() function - which allows to modify the parameters
150 fixed url-splitting to url-decode parameters when generating the parameter
154 fixed debian package liboauth -> liboauth0
155 minor fixes in the manual
156 else unchanged it's 0.4.5 after six month of stress tests in production
159 fixed dependencies in pkgconfig pc.in
162 libtool interface version number
165 added oauth_url_unescape()
168 fixed escaping of PLAINTEXT signature.
171 added oauth_serialize_url_sep()
172 and OAUTH_VERSION defines in header file.
175 release on googlecode under MIT license
176 and on sourceforge/debian under LGPL
179 allow to configure MIT only or LGPL licensed code (xmalloc)
181 removed mixed declarations and code
184 added Eran's test-cases.
185 removing ':80' portnumber from URL before signing
186 when splitting URL parameters: use '\001' as request param value as alias for ampersand ('&')
189 added NULL uri check to oauth_split_post_paramters()
190 testcode comment updates.
193 added #ifndef _OAUTH_H to header - avoid double include errors
194 fixed some typos in the doc.
197 prefixed all public oauth.h functions with "oauth_"
198 added RSA-SHA1 signature support
201 detect absoluteURI by ":/" (it was /^http/) - used to detect empty abs_path
202 added shell escape for (bash like) `sh` to invoke curl/wget
203 cleaned up example code and doc a bit.
206 fixed '?' in GET URL¶meter concatenation
207 added cURL HTTP-GET function and test/example code
208 test/example code using http://term.ie/oauth/example/
211 fixed "empty HTTP Paths" see http://wiki.oauth.net/TestCases and
212 http://groups.google.com/group/oauth/browse_thread/thread/c44b6f061bfd98c?hl=en
213 fixed some compiler warnings
214 made signature function args 'const char *'
215 and mem-zero some possibly sensitive strings before free()ing them.
218 prepared for MIT license
219 all c sources and headers by Robin Gareus are now MIT licensed.
222 updated documentation
226 removed getpid() on random-number initialization for win.
227 moving to sourceforge.
230 different handlers for POST and GET query string. Get escapes '+' to ' '.
231 oauth_sign_url() returns escaped query string.
232 added oauth_curl_post_file - preparing for xoauth_body_signature.
236 fixed parameter normalization and sorting for some edge cases.
237 added Test Cases from http://wiki.oauth.net/TestCases
238 added simple HTTP POST using libcurl or a command-line HTTP client.
241 added xmalloc - removed NULL checks after [re|m|c]alloc.
242 libtoolized and prepared packaging.
243 fixed a couple of typos
244 added a some more documentation.
248 oAuth parameter escape and URL request signing functions.