1 Noteworthy changes in version 1.3.4 (2016-05-03) [C19/A11/R4]
2 ------------------------------------------------
4 * Fixed two OOB read access bugs which could be used to force a DoS.
6 * Fixed a crash due to faulty curve OID lookup code.
8 * Synced the list of supported curves with those of Libgcrypt.
10 * New configure option --enable-build-timestamp; a build timestamp is
11 not anymore used by default.
14 Noteworthy changes in version 1.3.3 (2015-04-10) [C19/A11/R4]
15 ------------------------------------------------
17 * Fixed an integer overflow in the DN decoder.
19 * Now returns an error instead of terminating the process for certain
22 * Improved the parsing of utf-8 strings in DNs.
24 * Allow building with newer versions of Bison.
26 * Improvement building on Windows with newer versions of Mingw.
29 Noteworthy changes in version 1.3.2 (2014-11-25) [C19/A11/R3]
30 ------------------------------------------------
32 * Fixed a buffer overflow in ksba_oid_to_str. [CVE-2014-9087]
35 Noteworthy changes in version 1.3.1 (2014-09-18)
36 ------------------------------------------------
38 * Fixed memory leak in CRL parsing.
40 * Build fixes for Windows, Android, and ppc64el.
43 Noteworthy changes in version 1.3.0 (2012-09-27)
44 ------------------------------------------------
46 * Changed the license of the library from GPLv3 to LGPLv3/GPLv2; see
47 the file AUTHORS for details.
52 Noteworthy changes in version 1.2.0 (2011-03-01)
53 ------------------------------------------------
55 * New functions to allow the creation of X.509 certificates.
57 * Interface changes relative to the 1.1.0 release:
58 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
59 ksba_certreq_set_serial NEW.
60 ksba_certreq_set_issuer NEW.
61 ksba_certreq_set_validity NEW.
62 ksba_certreq_set_siginfo NEW.
65 Noteworthy changes in version 1.1.0 (2010-10-26)
66 ------------------------------------------------
68 * New functions to fix a leak in dirmngr.
70 * Interface changes relative to the 1.0.0 release:
71 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
72 ksba_reader_set_release_notify NEW
73 ksba_writer_set_release_notify NEW
76 Noteworthy changes in version 1.0.8 (2010-07-15)
77 ------------------------------------------------
79 * Support for WindowsCE.
81 * Builds cleanly from SVN even when cross-compiling.
83 * Fixed a CMS parsing bug exhibited by Lotus Notes.
86 Noteworthy changes in version 1.0.7 (2009-07-03)
87 ------------------------------------------------
89 * Detect overflow while parsing OIDs. Map BER encoded OIDs to well
92 * Allow mixed case names in DNs.
95 Noteworthy changes in version 1.0.6 (2009-06-05)
96 ------------------------------------------------
98 * Support SHA-{384,512} based signature generation.
100 * The RSA algorithmIdentifier ASN.1 sequence is now emitted with an
101 explicit NULL parameter. Despite the interop testing we did in the
102 past, some software still requires this and thus we better follow
103 the best current practise.
106 Noteworthy changes in version 1.0.5 (2009-01-09)
107 ------------------------------------------------
112 Noteworthy changes in version 1.0.4 (2008-09-22)
113 ------------------------------------------------
115 * Write smimeCapabilities according to RFC3851 to help Mozilla.
119 * The visibility attribute is now used if supported by the toolchain.
122 Noteworthy changes in version 1.0.3 (2008-02-12)
123 ------------------------------------------------
127 * Include the used hash algorithm in sig-val structures.
129 * Fix for unknown tags in issuerAltName and subjectAltName.
132 Noteworthy changes in version 1.0.2 (2007-07-04)
133 ------------------------------------------------
137 * Fixed a couple of memory leaks.
139 * Experimental support for ECDSA.
141 * Minor portability fixes.
146 Noteworthy changes in version 1.0.1 (2006-11-29)
147 ------------------------------------------------
149 * Fixes for certificates lacking certain objects.
151 * Fixes to allow building on systems with a broken ar.
154 Noteworthy changes in version 1.0.0 (2006-08-31)
155 ------------------------------------------------
157 * OCSP nonces are now checked to detect replay attacks.
159 * OCSP extensions may no be retrieved.
161 * Implemented ksba_ocsp_get_responder_id which used to always return
162 an error code not_implemented. Thus we can assume that the
163 function has never been used and we don't need to see this as an
166 * Interface changes relative to the 0.9.16 release:
167 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
168 ksba_ocsp_get_extension NEW
169 ksba_ocsp_get_responder_id CHANGED: No ABI break.
172 Noteworthy changes in version 0.9.16 (2006-08-01)
173 -------------------------------------------------
175 * Fixed a character set conversion bug in BMPStrings.
177 * New function for better error reporting of DNs.
179 * Interface changes relative to the 0.9.13 release:
180 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
186 Noteworthy changes in version 0.9.15 (2006-06-20)
187 -------------------------------------------------
189 * Fixed BER parser which was broken in the last release.
192 Noteworthy changes in version 0.9.14 (2006-05-16)
193 -------------------------------------------------
195 * Fixed broken OCSP requests.
197 * Ignore invalid bytes appended to a certificate.
200 Noteworthy changes in version 0.9.13 (2005-11-24)
201 -------------------------------------------------
203 * New functions to associate user data with a certificate object.
205 * Interface changes relative to the 0.9.12 release:
206 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
207 ksba_cert_set_user_data NEW
208 ksba_cert_get_user_data NEW
211 Noteworthy changes in version 0.9.12 (2005-08-01)
212 -------------------------------------------------
214 * GeneralNames types dNSName and Uri are now supported.
216 * Minor changes to some function declarations. This should not
217 affect any compilation.
219 * Interface changes relative to the 0.9.7 release:
220 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
221 ksba_certreq_add_extension CHANGED: Argument DER is now a void*.
222 ksba_cms_set_content_enc_algo CHANGED: Argument IV is now void*.
223 ksba_cms_get_content_enc_iv CHANGED: Argument IV is now void*.
224 ksba_cms_set_message_digest CHANGED: Argument DIGEST is now
228 Noteworthy changes in version 0.9.11 (2005-04-20)
229 -------------------------------------------------
231 * New convenience API function for the subjectKeyIdentifier.
233 * Implemented the keyIdentifier part for authorityKeyIdentifier of
234 CRLs and certificates.
236 * Reason codes for CRL items are now returned.
238 * Interface changes relative to the 0.9.7 release:
239 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
240 ksba_cert_get_subj_key_id NEW.
243 Noteworthy changes in version 0.9.10 (2004-12-03)
244 -------------------------------------------------
246 * Fixed a CMS parsing bug.
249 Noteworthy changes in version 0.9.9 (2004-09-27)
250 ------------------------------------------------
252 * Fixed a couple of bugs which caused parsing errors with some
256 Noteworthy changes in version 0.9.8 (2004-07-22)
257 ------------------------------------------------
259 * Fixed a bug in the OCSP request generation.
262 Noteworthy changes in version 0.9.7 (2004-06-08)
263 ------------------------------------------------
265 * New API function to add arbitrary extensions to pkcs#10 requests.
267 * Interface changes relative to the 0.9.6 release:
268 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
269 ksba_certreq_add_extension NEW.
272 Noteworthy changes in version 0.9.6 (2004-04-29)
273 ------------------------------------------------
275 * New API functions to support v2 CRLs.
277 * Interface changes relative to the 0.9.5 release:
278 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
279 ksba_crl_get_extension NEW.
280 ksba_crl_get_auth_key_id NEW.
281 ksba_crl_get_crl_number NEW.
283 Noteworthy changes in version 0.9.5 (2004-04-06)
284 ------------------------------------------------
286 * New APIs to get hands on some more information.
288 * Interface changes relative to the 0.9.4 release:
289 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
290 ksba_ocsp_get_responder_id NEW.
291 ksba_ocsp_get_cert NEW.
292 ksba_cert_get_authority_info_access NEW.
293 ksba_cert_get_subject_info_access NEW.
294 ksba_cms_add_smime_capability NEW.
297 Noteworthy changes in version 0.9.4 (2004-02-20)
298 ------------------------------------------------
300 * Support for Extended Key Usage.
302 * ksba_cms_identify may no return a pseudo content type for pkcs#12
305 * Interface changes relative to the 0.9.3 release:
306 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
307 ksba_reader_clear NEW.
308 ksba_cert_get_ext_key_usages NEW.
312 Noteworthy changes in version 0.9.3 (2004-01-30)
313 ------------------------------------------------
315 * Fixed a serious bug shortly after the last release :-(.
318 Noteworthy changes in version 0.9.2 (2004-01-29)
319 ------------------------------------------------
321 * Cleaned up the DN label table.
323 * Fixed a bug in creating CMS signed data.
326 Noteworthy changes in version 0.9.1 (2003-12-19)
327 ------------------------------------------------
329 * Support for OCSP (rfc2560).
331 * The new function ksba_set_hash_buffer_function may be used during
332 intialization to register a simple hash fucntion for internal use
335 * Changed the license of the manual to GPL.
337 * Interface changes relative to the 0.9.0 release:
338 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
341 ksba_ocsp_response_status_t NEW.
343 void ksba_ocsp_release NEW.
344 ksba_ocsp_set_digest_algo NEW.
345 ksba_ocsp_set_requestor NEW.
346 ksba_ocsp_add_target NEW.
347 ksba_ocsp_set_nonce NEW.
348 ksba_ocsp_prepare_request NEW.
349 ksba_ocsp_hash_request NEW.
350 ksba_ocsp_set_sig_val NEW.
351 ksba_ocsp_add_cert NEW.
352 ksba_ocsp_build_request NEW.
353 ksba_ocsp_parse_response NEW.
354 ksba_ocsp_get_digest_algo NEW.
355 ksba_ocsp_hash_respons NEW.
356 ksba_ocsp_get_sig_val NEW.
357 ksba_ocsp_get_status NEW.
358 ksba_set_hash_buffer_function NEW.
361 Noteworthy changes in version 0.9.0 (2003-11-17)
362 ------------------------------------------------
364 * The time is not any longer described by time_t but through the new
365 type ksba_isotime_t which is string of excactly 15 characters in
366 ISO 8601 format (e.g. "19611107T152010") and always stored as
367 UTC. This is to allow representation of dates beyond the year 2038.
368 Comparing is a mere strcmp.
370 * All type names are nom conforming to the GNU coding standards, the
371 old names are still available as aliases but flagged as deprecated.
373 * All error codes have been replaced by libgpg-error ones. Libksba
374 now depends on this package. Remember to use the gpg_err_code
375 function when testing for error values other than success.
377 * Interface changes relative to the 0.4.7 release:
378 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
379 ksba_cert_get_validity CHANGED: Uses ksba_isotime_t instead of time_t.
380 ksba_crl_get_update_times CHANGED: Uses ksba_isotime_t instead of time_t.
381 ksba_crl_get_item CHANGED: Uses ksba_isotime_t instead of time_t.
382 ksba_cms_get_signing_time CHANGED: Uses ksba_isotime_t instead of time_t.
383 ksba_cms_set_signing_time CHANGED: Uses ksba_isotime_t instead of time_t.
384 ksba_cert_new CHANGED: Returns an error code now.
385 ksba_cms_new CHANGED: Returns an error code now.
386 ksba_name_new CHANGED: Returns an error code now.
387 ksba_writer_new CHANGED: Returns an error code now.
388 ksba_reader_new CHANGED: Returns an error code now.
389 ksba_certreq_new CHANGED: Returns an error code now.
390 ksba_crl_new CHANGED: Returns an error code now.
392 ksba_error_t NEW: Should be used instead of KsbaError.
393 ksba_cert_t NEW: Should be used instead of KsbaCert.
394 ksba_certreq_t NEW: Should be used instead of KsbaCertreq.
395 ksba_cms_t NEW: Should be used instead of KsbaCMS.
396 ksba_crl_t NEW: Should be used instead of KsbaCRL.
397 ksba_name_t NEW: Should be used instead of KsbaName.
398 ksba_sexp_t NEW: Should be used instead of KsbaSexp.
399 ksba_reader_t NEW: Should be used instead of KsbaReader.
400 ksba_writer_t NEW: Should be used instead of KsbaWriter.
401 ksba_strerror REMOVED: use gpg_strerror instead.
403 Noteworthy changes in version 0.4.7 (2003-03-17)
404 ------------------------------------------------
406 * Fixed type detection in creating DNs.
409 Noteworthy changes in version 0.4.6 (2002-12-04)
410 ------------------------------------------------
412 * DNs in pkcs#10 request are now created in reversed order as
413 specified by rfc2253.
415 * The content-type signed attribute is created.
417 * Fixed a parser bug with a id-aa-encrypKeyPref attribute.
419 * Interface changes relative to the 0.4.3 release:
420 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
421 ksba_cms_get_sigattr_oids NEW
422 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
424 Noteworthy changes in version 0.4.5 (2002-08-23)
425 ------------------------------------------------
427 * Removed some debugging output.
429 * Added an autoconf macro.
432 Noteworthy changes in version 0.4.4 (2002-08-09)
433 ------------------------------------------------
435 * Multiple signatures can now be created and parsed.
438 Noteworthy changes in version 0.4.3 (2002-06-25)
439 ------------------------------------------------
443 * Interface changes relative to the 0.4.2 release:
444 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
445 ksba_writer_write_octet_string NEW
446 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
448 Noteworthy changes in version 0.4.2 (2002-06-04)
449 ------------------------------------------------
451 * Some bug fixes and a new function.
453 * Interface changes relative to the 0.4.1 release:
454 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
455 ksba_cms_identify NEW
456 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
458 Noteworthy changes in version 0.4.1 (2002-05-03)
459 ------------------------------------------------
463 Noteworthy changes in version 0.4.0 (2002-04-15)
464 ------------------------------------------------
466 * Nearly all stuff needed for the Aegypten project is now in place.
469 Copyright 2002, 2003, 2004, 2005, 2006, 2007, 2008,
472 This file is free software; as a special exception the author gives
473 unlimited permission to copy and/or distribute it, with or without
474 modifications, as long as this notice is preserved.
476 This file is distributed in the hope that it will be useful, but
477 WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
478 implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.