1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
|
Changes in version 3.3.92 are:
* Use runtime dir instead of /tmp for sockets
* Updated translations
* Fix copyright headers
* Build fixes
Changes in version 3.3.91 are:
* Fix regression in changing a keyring master password
* Set better button labels for the prompts
* Fix assertion when cancelling a unlock prompt
* Use a single CA certificates file by default
* Updated translations
Changes in version 3.3.5 are:
* Updated translations
* Fix introspection data for SearchItems()
* Fix regression when an invalid password used to unlock keyring
Changes in version 3.3.4 are:
* Updated translations
* Build fixes
Changes in version 3.3.3.1 are:
* No message in gnome-keyring-pkcs11.so module, when no daemon running
* Updated translations
* Build fixes
Changes in version 3.3.3 are:
* Distribute correct desktop autostart files
* Use GcrPrompt and GcrSystemPrompt for prompting
* Do not crash when reading a truncated keyring file
* Add test tool for dumping the keyring format
* Update for GckBuilder changes in libgck
* Fix for deprecations in glib 2.31.x
* Fix ReadAlias() returning null when 'login' keyring exists
* Build fixes, bug fixes
Changes in version 3.3.2 are:
* Do not make label selectionnable in prompt dialog
* Fix deadlock in the 'unsafe storage' prompt
* Better locking for the old gnome2-store
* Updated translations
* Build fixes
Changes in version 3.3.1.1 are:
* Build correctly against glib 2.31
Changes in version 3.3.1 are:
* Return most recent secret first when searching
* Split the Gcr and Gck libraries out of gnome-keyring
* Build fixes
* Updated translations
Changes in version 3.2.2 are:
* Fix problem with 'unsafe storage' prompt deadlocking
* Remove XFCE & LXDE from OnlyShowIn for autostart files
* Use g_random_int_range() for pseudo-random hash iteration count
* Return password results with the most recent result first
* Make clear source of warnings from the rpc module
* Updated translations
* Build fixes
Changes in version 3.2.1 are:
* Fix debugging output, and erroneous warnings
* Updated translations
Changes in version 3.2.0 are:
* Don't install setuid when filesystem capabilities not available
* Updated translations
Changes in version 3.1.92 are:
* Add back the file format "documentation"
* Make .desktop file match prompt process so icon and title are shown
* Fix packaging issues installing the pkcs11 module
* return correct error code in gpg-agent for unimplemented stuff
* Fixes for parsing/viewing various (sometimes slightly invalid) PKCS#12 files
* Allow daemon to access secrets of internal PKCS#11 modules, so that we can
do things like hash NTLM and Kerberos secrets in the future.
* Build and documentation fixes
* Updated translations
Changes in version 3.1.91 are:
* gcr-viewer will now display errors when failing to load a file.
* gcr-viewer can now prompt for passwords to unlock files
* Add support for getting the current data block being parsed in GcrParser.
* Add debug output to various points in the GCR and GCK libraries.
* When replacing another gnome-keyring-daemon, wait a moment before initializing.
* Fix GCR library initialization bugs loading PKCS#11 modules.
* Fine tuning of GcrParser when parsing PKCS#12 files.
* Build and packaging fixes
* Updated translations
Changes in version 3.1.90 are:
* Install better xdg-mime files for identifying crypto related file types
* New gcr-viewer for viewing certificates and keys, hooked up to file types
* Display tweaks for the certificate and key widgets
* Don't initialize PKCS#11 modules automatically in gcr library unless needed.
* Cleanup the libgck API since we're bumping the major version.
* ABI fixes for the GCR library for changes in the 3.1.x release cycle
* New automatic checks for symbols that have changed in the ABI
* Add async PKCS#11 initialization functions to libgck
* Display Certificate otherName subject-alt-name for xmppAddr and DNS SRV
* Documentation, testing, translation and build fixes.
Changes in version 3.1.4 are:
* New GcrListSelector class for selecting multiple keys.
* Add icons for key and key pair.
* Gcr now has support for loading of GnuPG keys from gpg, including photos.
* New gcr dependency on p11-kit for loading PKCS#11 modules.
* Remove support for GTK+ 2.x
* Implement calculation of fingerprints in gcr for keys.
* Fix problems in daemon if IPC lock or FS capabilities are not available.
* Bug fixes and build fixes.
* Code cleanup and refactoring.
Changes in version 3.1.1 are:
* Add 'Export Certificate' option to right click of certificate widget.
* Use file system linux capabilities for memory locking.
* Set correct daemon SELinux context when started from PAM module.
* Fix assertions in parser.
* Add GcrCollection interface to represent collections of objects.
* Add GcrGnupgCollection to libgcr.
* Implement functionality in renderers to populate GtkTreeModel
* Add a GcrSelector widget.
* Cleanup unregistering from session.
* Translations and translation fixes.
Changes in version 3.0.3 are:
* Build fixes on OpenBSD.
* Don't prompt multiple times for simultaneous unlocking of keyrings.
Changes in version 3.0.2 are:
* Add documentation images for gcr widgets.
* Translation fixes.
* Build fixes.
Changes in version 3.0.1 are:
* Fix clicking buttons in 'unsafe storage' dialog on GTK+3
* Build with GTK+3 by default
* More tests and test fine tuning: --enable-tests=yes/no/full
* Expand path in gnome-keyring-prompt.desktop properly
* Implement debug tracing in parts of gcr library.
* Complete documentation in gcr and gck libraries.
* Fix assertions in gcr library during parsing of a stream.
* Build fixes
Changes in version 3.0.0 are:
* Translations
Changes in version 2.91.93 are:
* Use full interface.Property form for CreateCollection and CreateItem
in the DBus API.
* Add deprecated functions for libgcr symbols lost since 2.32.x
* Don't crash when the GPG agent is asked for a passhprase without a
key id.
Changes in version 2.91.92 are:
* Don't leak login name from PAM when logging error.
* Also start daemon in XFCE
* Fix inability to save password for other keyrings.
* Build and test fixes.
* Support removal of aliases via the secret service API
* Fix race condition when multiple applications create the default
keyring at the same time.
* Add a desktop file for gnome-keyring-prompt, so the icon shows up
properly in gnome-shell.
* Implement HKDF for transport encryption security.
Changes in version 2.91.91 are:
* Fix the certificate details expander when used with GTK+3
* Calculate the minimum/natural size of the certificate widget better.
* Fix gnome-keyring-prompt for GTK+3 release.
* Fix problems with the URIs used for trust lookup and storage.
* Pass around a content-type for secrets in the DBus Secret Service API.
* If DBus couldn't be initialized when starting up the daemon, try
again at a later point.
* Build and testing fixes.
* Remove support for the pkcs11-options file, and wait for a proper
configuration file setup being worked on in p11-kit.
* Add support for --version argument to gnome-keyring-daemon and
gnome-keyring
* Create necessary directory when storing trust assertion objects.
Changes in version 2.91.4 are:
* gck library loads PKCS#11 modules from /usr/lib/pkcs11
* PKCS#11 config file in /etc/xdg/pkcs11.conf[.defaults]
* Many ASN.1 encoding fixes.
* Refactor how tests work.
* Install standalone PKCS#11 modules to a consistent location.
* Memory leaks and other bug fixes.
* Allow enumeration of objects in specific PKCS#11 slots as well
as modules.
* Add GcrCertificateChain for building certificate chains.
* Implementation of the initial PKCS#11 Trust Assertions spec.
* Add GcrPkcs11Certificate for looking up certificates in PKCS#11
modules by issuer.
* Expose gcr functionality for setting which PKCS#11 modules to use.
* Find the root certificates by default.
* Move to a single header model for libgcr.
* Don't load *.la files when looking for PKCS#11 modules.
* Fixes for GTK+3.0
* New xdg-store PKCS#11 module with support for storing trust
assertions.
* Rename old user-store to gnome2-store since it stores its data
in old formats in the old .gnome2 location.
Changes in version 2.91.3 are:
* Shutdown module timer when holding proper mutex.
* Linux capabilities to overcome limits on locked memory.
* Update HACKING with coding style
* Build fixes.
Changes in version 2.91.2 are:
* Add timeout if PAM startup doesn't complete shortly.
* Fix login keyring password when it doesn't match unix login.
* Replace gp11-0 with gck in pkgconfig file
* Fix broken dispose of GcrCertificateWidget
* Remove gp11 library.
Changes in version 2.91.1 are:
* Fix build problem in gpg-agent.
* Properly distribute pkgconfig file for gck library.
* Better certificate widget in gcr library.
* Add extra debug guard around printing of prompt io.
* Rework how the gcr parser and importer work together.
* More GTK+ 3.0 fixes.
Changes in version 2.91.0 are:
* String and punctuation fixes.
* Add libgck library to soon replace libgp11
* Migrate everything in gnome-keyring to libgp11
* Fix invalid memory access in PKCS#11 rpc-layer
* Fix race condition in tests
Changes in version 2.32.0 are:
* Make bulids silent by default.
Changes in version 2.31.92 are:
* Require glib 2.25 or later.
* Require automake 1.7 or later.
* Fix assertion in secure memory code.
* Don't go into endless loop when GPG Agent client disconnects.
* Fix double free in gp11 library.
* Fix crash during keyring unlock operation.
* Expand prompt details when a non-default unlock option is chosen.
* Migrate to gsettings.
* Use gsettings for GPG agent unlock options.
* Fix library header installation directory for libgcr.
* Fix some errors parsing certificates.
* Rework how unlock options are loaded and handled.
* Fix saving of auto-unlock passwords.
* Support building with GTK+ 3.0
* No warning message when SSH unlock prompt is cancelled.
* Build fix finding PAM headers.
* Build fix of PAM module for Hurd.
Changes in version 2.31.91 are:
* Fix problem with keyring names that contain foreign charaters.
* Build fixes and warning fixes.
* Better GPG Agent prompt strings.
* More internal documentation.
* Remove gconf as part of migration to gsettings.
* Add --replace option to daemon.
* Fix race condition in tests.
* Use new DER decoding and encoding routines.
* Only try to authenticate once if PKCS#11 slot has
protected auth path.
* Better handling of when PKCS#11 token is write protected.
Changes in version 2.31.4 are:
* New GPG Agent built into gnome-keyring-daemon
* Start building (but not using) new DER parser and writer.
* Fix building of desktop and service files.
* Fix problems displaying prompts with certain characters in strings.
* Fix deadlock on secure memory usage.
* Refactor the way prompting works for PKCS#11 components.
* Refactor the way testing works and files are named.
* Implement coverage testing.
* Cleanup whitespace issues and rename certain modules.
* Tests can now involve prompts and responses.
* Fix possible threading race condition in gp11.
* Fix broken startup when used with gdm and password-less login.
* Fix checking of uninitialized value in prompting code.
Changes in version 2.30.1 are:
* Updated translations.
* Build fixes for errors and distribution problems.
* Fixes for building on recent GTK versions.
* Remove accidental storage of user's login password in login keyring.
* Fix assertion when exiting.
Changes in version 2.30.0 are:
* More robust error display and handling.
* Don't assert on va_list.
* Don't save session keyring to disk.
* Allow unlocking even when always unlock is not available.
* Hide the automatically unlock check when login not usable.
* Fix various issues storing and using auto unlock passwords.
* Updated translations.
Changes in version 2.29.92 are:
* Fix various problems with not storing secret value properly.
* Return no results when a search includes a bad collection identifier.
* Don't raise error if ssh client disconnects early.
* Allow running in a test environment.
* Fix error when setting default keyring to NULL.
* Autostart gnome-keyring-daemon in LXDE as well.
* Rework the startup again, to use a singleton crontrolled via dbus, to help
when no process was started by pam.
* Display password and confirm prompts when creating keyring.
* Allow specifying CKA_ID when creating collection.
* Give translatable label to created login keyring.
* When no default keyring set, use login keyring.
* Fix problem initializing socket path in rpc module.
* Fix endless loop in reading data.
* Potential fix or sporadic crash.
* Solaris build fixes.
* Updated translations.
Changes in version 2.29.90 are:
* Quit daemon when the dbus session is disconnected.
* GNU Hurd build fixes.
* Solaris build fixes.
* Translation fixes.
* Don't print out warnings on SSH v1 keys.
* Remove erroneous egg-dbus dependency.
* Allow saving password for encryption keys.
* Fix problems storing secrets in keyrings.
* Expose idle and timeout lock options for keyrings in the
prompt dialog. Fix remaining issues to get this to work.
* Display a different message when unlocking the login keyring.
* Fix problem with phantom 'xxx_1' keyrings appearing.
* Load and use the default keyring properly.
* Support accessing template style pkcs11 attributes.
* Fix endless loop when looking for encryption key password
in login keyring.
Changes in version 2.29.5 are:
* Implement lookup collection passwords in login keyring.
* Various prompting fixes.
* Store PKCS#11 objects after any attribute change.
* Add 'Type' property to Secret Service API DBus item interface
* Various warning, and uninitialized memory fixes.
Changes in version 2.29.4 are:
* Refactor how the daemon starts up.
* Allow init with already present environment variables, using --start.
* Install autostart files for each component of the daemon.
* New DBus Secret Service API for accessing passwords and secrets.
* Old protocol for accessing secrets is no longer present.
* libgnome-keyring is now its own module, and no longer bundled
with gnome-keyring.
* Use normal GtkEntry when prompting for passwords.
* Requires GTK+ 2.18
* Implement new more flexible control protocol for pam and startup.
* Complete more of the gp11 PKCS#11 wrapper library.
* Implement AES key wrapping and unwrapping in PKCS#11 components.
* Implement DH key generation and derivation in PKCS#11 components.
* Integrate testing of PKCS#11 components via p11-tests.
* Implement PKCS#11 component for storing 'keyring' style secrets.
* Don't complain if we can't set session environment variables.
* When running a debug build, warnings are fatal.
* Refactor testing.
* Encrypted channel for password with prompting dialog.
Changes in version 2.28.2 are:
* Add license to reference documentation.
* Sent output of g_printerr to syslog.
* No error when can't unlock login keyring.
* Fix assertion when comparing attributes.
* Fix freeing of unallocated memory in test.
* Don't barf on certificates with unsupported algorithm.
* Fix some memory leaks.
Changes in version 2.28.1 are:
* Fix support for SSH RSA1 keys.
* Fix a delay when the daemon quits.
* Use default D-Bus timeout when finding daemon.
* Make custom pkcs11 constants unsigned longs.
* Use unsigned long for module handle counter.
* Fix assertion when releasing secure memory block.
Changes in version 2.28.0 are:
* Fix build problems.
Changes in version 2.27.92 are:
* Some uses of glib memory routines to explicitly allocate memory.
* Fix erroneous assertion hit by gtk-doc and tests.
* Revert change which bumped libtasn1 required to 1.0.
* Fix logic for only_if option in PAM module.
* Handle unix signals on one thread.
* Better daemon startup and forking logic.
* Optional use of automake silent rules when available.
* No warning when a disk doesn't have a UDI identifier.
Changes in version 2.27.90 are:
* Build fixes on Solaris and FreeBSD.
* Take length of ASN.1 elements into account, when parsing.
Changes in version 2.27.5 are:
* Add support for lifetime constrained SSH identities.
* Use GtkBuilder files where glade files were used.
* Write private key files with tighter file permissions.
* Use gio instead of libhal for monitoring volumes.
Changes in version 2.27.4 are:
* Insurance in parsing keyring format for future changes.
* Add 'use_authtok' option to pam module.
* Test utility fix [Jon Downland]
* Add 'only_if=' option to pam module.
* Make 'Password:' prompt translatable in pam module.
* Use libgcrypt to generate iv/salt where needed.
* Remove old cu-test style unit tests.
* Code refactoring and cleanup, removed 'common' component.
* Auto generated ChangeLog.
* Cleanup unit tests, and make them run with 'make check'
Changes in version 2.26.3 are:
* Build fixes. [Alexis Ballier, Daniel Macks]
* Fix problem with RSA key sizes that are not a multiple of 8.
This affected use of SSH keys in particular.
* Fix crash related to secure memory. [Ryan Beasley]
Changes in version 2.26.1 are:
* Fix many problems with the new secure memory allocator.
* DBus now automatically starts the gnome-keyring service properly.
* When auto activating the gnome-keyring DBus service, check for an
already running daemon.
* Don't print critical warnings when registering with DBus fails.
* Bump glib dependency.
* Add DBus method for getting the gnome-keyring environment variables.
* Fix crash when prompting to unlock the keyring.
* Initialize daemon with LOGNAME and USERNAME environment variables.
* Build fixes [Ed Schouten]
Changes in version 2.26.0 are:
* Implement support for running gnome-keyring-daemon under valgrind.
* Checks for asn1Parser tool when configuring. [Alberto Ruiz].
* Only automatically expose PKCS#11 public key objects for private keys.
* Have the SSH agent only log into the token when we have a private
key that we want to access.
* Disable input method in password. [Takao Fujiwara]
Changes in version 2.25.92 are:
* Fix problems when multiple processes tried to initialize the
gnome-keyring-daemon at the same time, often resulting in a user
session that hung on login.
* Add compatibility support for loading SSH unlock passwords from
previous versions of gnome-keyring.
* Fix compiler warnings on 32-bit systems.
* Fix uninitialized variable usage. These resulted in crashes.
* Initialize PKCS#11 tokens before importing certificates or keys
to them. Remove previous auto-initialize idea.
* Add basic support for PKCS#11 SO logins.
* Fix focus issues in the import certificate/key dialog.
* When looking for PKCS#11 objects, skip tokens that have not been
initialized.
* Exit properly when an error occurs on importing a certificate or key.
* Hash objects when storing them in PKCS#11 user-store and validate the
hashes when loading them.
* Build fix on Solaris [Jeff Cai]
* If login keyring doesn't exist when changing a PAM password, don't
create it automatically. [Vincent Untz]
* Close stdin/stdout when not running the daemon in foreground. This
fixes a regression in scripts starting gnome-keyring-daemon.
Changes in version 2.25.91 are:
* Complete certificate details display in the gcr library.
* Correctly escape prompt markup. [Joe Shaw, Magnus Boman]
* Show correct MD5 hash in certificate display. [Fabrizio Tarizzo]
* Overhaul the secure memory allocator to have memory guards,
and also be more sparing with secure memory.
* Add C++ header guards to public headers. [Xan Lopez]
* Prompt to initialize new PKCS#11 tokens with a password.
* Fix output of RSA keys to be interoperable.
* Translation fixes.
* Fix problems importing certificates and keys.
* More code reorganization.
* Add support for netscape trust objects, so Root CA certificates
can be trusted by NSS.
* Fixes to the PKCS#11 headers on 64-bit systems. [Christophe Fergeau]
Changes in version 2.25.90 are:
* Add certificate UI bit to gcr library.
* Can now again clear the cached authentication from an SSH key.
* Add some additional helper functions to gp11 library.
* Fix some corner cases in signal handling. [James Henstridge]
* Don't crash when trying to lock keyrings that don't have a password.
* Fix problems running on 64-bit systems. [Christophe Fergeau]
* Build fixes [Theppitak Karoonboonyanan, Saleem Abdulrasool]
Changes in version 2.25.5 are:
* Refactor out gcr library for crypto UI and related tasks.
* Code refactoring.
* Support automatically initializing a PKCS#11 token when not initialized.
* Add modular user-store module for general storage of keys and certs.
* Build fixes [Saleem Abdulrasool, Jeff Cai]
* Add modular roots-store module for storage of trusted CA certs.
* Add modular rpc-layer for communication between module and daemon.
* Add modular ssh-agent as the main gnome-keyring-daemon agent.
Changes in version 2.25.4.2 are:
* The modular ssh agent uses keys from all available PKCS#11 slots.
* Fix compiler warnings.
* Fix broken release.
Changes in version 2.25.4.1 are:
* Fix broken release.
Changes in version 2.25.4 are:
* Half way through refactoring of PKCS#11 support.
* Add crypto support to gp11 library.
* gp11 library is now by and large thread-safe.
* Add modular ssh-store, roots and rpc-layer PKCS#11 components.
* Beginnings of a PKCS#11 based ssh-agent.
* Transactional storage of PKCS#11 objects.
* Add auto-authenticate support in GP11 library, which greatlty
simplifies figuring out when to provide passwords.
* Fix initialization problems which prevented SSH agent from setting
environment variables properly [Yanko Kaneti]
* Translation fixes [Gabor Kelemen]
Changes in version 2.25.2 are:
* Fix PKCS#11 corner cases highlighted by p11-tests tool.
* Solaris fixes [Halton Huo, Jeff Cai]
* Don't use non-pageable memory for public keys.
* Rework initialization of daemon, and the way that it integrates
with the session.
* Close open file descriptors before starting daemon from PAM module.
* Don't try and unlock keyring from PAM if daemon isn't
running. [Vincent Untz]
* Don't leave keyring daemon running if PAM just started it for
a password change. [Vincent Untz]
* Add a keyboard accelerator to the 'Deny' button. [Gabor Kelemen]
* Use pkg-config to detect libtasn1. [Jeff Cai]
* Register environment variables with session properly.
* Make DBUS a required dependency of gnome-keyring.
Changes in version 2.25.1 are:
* Remove usage of deprecated glib/gtk stuff.
Changes in version 2.24.1 are:
* Fix crash on logout on Solaris. [Jeff Cai]
* Add missing 'server' attribute to the NETWORK_PASSWORD schema.
Changes in version 2.24.0 are:
* Update documentation for functions in gp11 library
* Ungrab the keyboard properly when a password prompt is minimized.
* Report errors from keyboard grabbing.
* Fix build problems with gcc 4.3.
* PKCS#11 initialize compatibility fix for OpenSC. [Joe Orton]
* Make all errors from prompt process go to syslog.
* When prompting for a password on import, don't go into an endless
loop for blank passwords.
* Fix problems with PK indexes overwriting one another.
* Don't add additional extensions on storage files when the extension
is already correct.
* Load all objects when a PKCS#11 session is opened, regardless of
whether a C_FindObjects is run or not.
Changes in version 2.23.92 are:
* Build fix for Solaris. [Jeff Cai]
* Import the LANG environment variable into daemon enviroment
so that dialogs display with correct translations.
Changes in version 2.23.91 are:
* Use 'Change' instead of 'Create' when prompting the user for
a password to change keyring password. [Adam Schreiber]
* Fix RSA signing with X509 mechanism.
* Tweaking of the asynchronous scheduling to prevent hangs.
* Add some documentation for GP11 library.
* Translation fixes.
* Build fixes. [Götz Waschk]
Changes in version 2.23.90 are:
* Use 'Create' button instead of 'OK' when prompting the user for
a password to create a new keyring. [Adam Schreiber]
* Fix more cases where 'Deny' choice by a user resulted in
more subsequent prompts.
* Automatically create non-existant directories when storing files.
* Fix problem prompting for the same password twice when parsing a
PFX or PKCS#12 file.
* Don't offer to store password during import operation.
* Don't try to store certificates encrypted on the disk.
* Add command line tool for importing of keys and certificates.
* Fix problems with SSH agent not unlocking keys properly.
* Build fixes. [John Ralls]
Changes in version 2.23.6 are:
* If the user denies a prompt, then don't prompt the same prompt
again for that connection to the daemon.
* Bug fixes for loading of SSH keys.
* Add gconf schema for noting the user's configured PKCS#11 modules.
* Update and bug fixes for the new GP11 library.
* Better reference counting of internal objects.
* When a certificate is in the roots storage, assume it is a CA if
no basic constraints are present.
* Add ability of PKCS#11 module to accept a string on its reserved
initialization argument, similar to NSS's libsoftkn3 module.
* Translation fixes.
* Build fixes.
Changes in version 2.23.5 are:
* Load all SSH keys in ~/.ssh named id_?sa*, not just id_rsa
and id_dsa. Also load public portions of keys when needed ie: *.pub
* Include new GP11 library, which is a GLib wrapper for PKCS#11
* Add ability to import keys/certificates to PKCS#11.
* Better storage and creation of PKCS#11 objects.
* Start using GTest for new unit testing.
* Better indexing of keys and certificates.
* Better buffer handling, and threading fixes. [Jon Burgress]
* Fix warnings in logs caused by programs checking whether
gnome-keyring is available.
* Standardize on libgcrypt random number generator.
* Add --disable-acl-prompts option to disable all ACL prompting [Colin Walters]
* Build fixes.
Changes in version 2.22.2 are:
* Streamline the importing of keys and make the proper prompts show up
consistently. Better fixes for this to come in 2.24.x
* Don't show 'location' field in most password prompts.
* Return serial number of certificates properly to requesting programs.
* Fix crash when receiving certain HAL events.
* Build fixes [Brian Cameron, Matthias Drochner, Antoine Jacoutot]
Changes in version 2.22.1 are:
* Add SSH agent protocol 1 support.
* Make 'ssh-add -D' lock any SSH private keys that gnome-keyring is
automatically loading.
* Reconnect to system DBus whenever the system bus restarts. [Sjoerd Simons]
* Log to syslog even when running in the foreground [Tony Espy]
* Add a configure option to disable building of the SSH agent.
* Build fixes. [Alex Converse, Andrea Del Signore]
Changes in version 2.22.0 are:
* Build fix. [Jens Granseuer]
Changes in version 2.21.92 are:
* Sync up user's session environment with the daemon, so that
things like X authentication, DBUS etc... work properly.
* Shutdown socket connections properly, so things don't hang, when
wrong versions of daemon/library are used.
* Limit PKCS#12 parsing to a clearly defined subset of the format.
* Decrypt PKCS#12 with empty passwords properly.
* Build fixes.
* Translation fixes.
Changes in version 2.21.91 are:
* Don't prompt for a password from the PAM module since
gnome-keyring is not an authenticator. [Ray Strode]
* Check that PKCS#11 socket connections come from same user.
* Don't lock the entire gnome-keyring-ask process in memory.
Just the password text. Works better when less non-pageable
memory is available.
* Basic serializing of certificates and keys.
* Build fixes.
* Translation fixes.
Changes in version 2.21.90 are:
* Fix problem where most keyrings were being treated as insecure
from the point of view of storing passwords for keys or certificates.
* Fix race condition that is causing deadlocks and freezes.
Changes in version 2.21.5 are:
* Proper support for creating and destroying objects through PKCS#11.
* Support for setting PKCS#11 attributes.
* Fix hanging of daemon under certain conditions.
* Add gconf setting for determining which components of the daemon
(such as SSH) are run at startup.
* Better parsing of objects and prompting for passwords in PKCS#12 files.
* Calculate trust and purpose/usage of certificates.
* Mark certain key/certificate directories as special requiring certain
special treatment (such as the CA root store, SSH keys etc...)
* Add support for unencrypted keyrings which are used when the user
specifies a blank password.
* Fix crasher [Jeff Cai]
* Build fixes.
Changes in version 2.21.4 are:
* x86_64 memory alignment fixes
* Other build and install fixes
* Solaris build fixes [Halton Huo]
* Automatically activate keyring daemon via DBus if it is not already
running. [Tom Parker]
Changes in version 2.21.3.2 are:
* x86_64 build fixes
* Build and install fixes
* Fix problems with assertions when not in debug mode.
* Fix some crashers
* Better ASN.1 and PKCS#11 date parsing and handling
* Fix return results from C_GetAttributeValue
* Lookup certificates related to keys properly.
Changes in version 2.21.3.1 are:
* Build fixes
* Use SHA1 instead of MD5 where possible.
* Install PKCS#11 module to a better prefix
Changes in version 2.21.3 are:
* Added basic X.509 certificate and key store
* PKCS#11 module for accessing certificates and keys
* Now includes an SSH agent
* PAM module now works with SELinux [Alexander Larrson]
* Add a simpler API for accessing and storing passwords.
Changes in version 2.20.3 are:
* Use correct environment to startup gnome-keyring-daemon from PAM.
* Fix crash when comparing item attributes. [Sam Morris]
* Fix crash on shutdown. [Jeff Cai]
* Build fix for OpenBSD [Martynas Venckus]
Changes in version 2.20.2 are:
* Build fixes for systems that require GNU_SOURCE to be defined. [Christopher Taylor]
* Builds with the latest DBus [Owen Taylor]
* Build fix for OpenBSD [Jasper Lievisse Adriaanse]
* Don't print out a warning message in applications using libgnome-keyring when
non-pageable memory cannot be allocated.
Changes in version 2.20.1 are:
* Link pam module properly with libpam [Sebastian Dröge]
* Remove 'install-pam' make target [Rémi Cardona]
* Return a 'not found' result when no results are returned
from a find operation.
* Don't remove 'default' file on exit. [Alex Larrson]
* Recognize newly created keyrings properly. [Darren Kenny]
Changes in version 2.20 are:
* Build fixes [Halton Huo]
* Translation fixes [Claude Paroz]
Changes in version 2.19.91 are:
* Builds with newer versions of DBus [Theppitak Karoonboonyanan]
* In the PAM module we now support starting gnome-keyring-daemon when
the user's session actually starts, rather than during password validation.
This makes us more solid and sane with GDM and well behaved PAM using
applications. [Chris Rivera]
* In the PAM module check that the socket is owned by the same user, before
sending the login password there.
* Don't read from /dev/random when not needed. This makes startup faster
in many cases, as it won't block for entropy.
* Get around more optimizations that cancel out wiping of strings in
memory before freeing.
* Now builds on FreeBSD [Joe Marcus Clarke]
Changes in version 2.19.90 are:
* Fix problem where keyrings are created in wrong directory [Nathaniel McCallum]
* Incorporated security fixes from Novell
* Fix crashers when the ask dialog sends back bad data.
* Now builds on Solaris [Damien Carbery]
* Configure PAM module directory better [Matthias Clasen]
* Fix memory leaks
Changes in version 2.19.6.1 are:
* Fix uninitialized variable in 'get_item_info' operation
* Better installing of PAM module on Fedora. [Matthias Clasen]
* Build fixes [Jens Granseuer, Claudio Saavedra]
Changes in version 2.19.6 are:
* Grab the keyboard when prompting for passwords, and always put the prompt
window above other windows.
* Now supports use of keyrings on removable drives.
* PAM module to automatically unlock keyrings on login, or unlocking
* Simplify daemon code (now uses cooperative threading) and get it ready for
other PKCS#11, SSH and other stuff running in same process.
Changes in version 2.19.5 are:
* Allow passing NULL as a password to gnome_keyring_unlock()
* Added strerror() like functionality for GnomeKeyringResult
* Added support for async version of gnome_keyring_item_grant_access_rights_sync()
* Handle unix signals properly, quit gracefully.
* Fix memory leaks [Alexander Sack]
* Make unit tests automatic when building a distribution tarball
* Fix prompt messages [Jürg Billeter]
* Fix problems prompting for access to items when the keyring is locked.
* Non-pageable memory degrades gracefully on Solaris, FreeBSD
* Build fixes [Theppitak Karoonboonyanan, Christian Kirbach]
* API Documentation
Changes in version 2.19.4.1 are:
* Build fix for unit tests
Changes in version 2.19.4 are:
* Fixed problem where zero find results returned 'denied'.
* Fixed ugly password prompt for making a new keyring.
* Consistent use of NULL in the API to represent the default keyring.
* Use non-pageable memory for secrets and passwords.
* Log warning and error messages to syslog when running as a daemon.
* Added unit tests for the gnome-keyring API.
* Refactored and reorganized the code.
Changes in version 2.19.2 are:
* Sync up version number with GNOME release schedule
* Use libgcrypt instead of hand-rolled encryption algorithms.
* Internationalization fixes [Elijah Newren]
* Solaris build fixes.
Changes in version 0.8 are:
* Translations
Changes in version 0.7.92 are:
* Fix build by including sys/types.h
* In gnome_keyring_free() don't crash on NULL parameter.
Changes in version 0.7.91 are:
* Add method for library to discover daemon via DBus. Adds soft
DBus dependency.
* Fixes for building on kFreeBSD.
Changes in version 0.7.3 are:
* Fix endless loop when creating a keyring and a file by that name
already exists.
* Fix crasher when deleting session keyring.
* Fix crasher when doing find operation with NULL attribute string.
* Sync files to disk after writing to keyring.
Changes in version 0.7.2 are:
* Don't have multiple password dialogs presented for the same
keyring
Changes in version 0.7.1 are:
* Added GNOME_KEYRING_ITEM_APPLICATION_SECRET which allows an item
to be for a single application only with strict access controls.
* New function gnome_keyring_item_get_info_full(_sync) which allow
retrieval of item meta data without the secret, thus not incurring
an ACL prompt.
* Translation updates
Changes in version 0.6.0 are:
* NetBSD fixes
* Crash fix
* Typo fix
* Translations
Changes in version 0.5.2 are:
* Translation updates
* Better title in docs
* Fixed crashes
* New function: gnome_keyring_item_grant_access_rights_sync
Changes in version 0.5.1 are:
* Support changing password of a keyring
* Create ~/.gnome2 if needed
* Save keyring when an ACL is added
* Add password strength meter
* Small bugfixes
Changes in version 0.4.9 are:
* Fix return value for some sync calls
* Translation updates
Changes in version 0.4.8 are:
* Fix crash when asking for password
* Translation updates
Changes in version 0.4.7 are:
* Fix --disable-nls
* Translation updates
Changes in version 0.4.6 are:
* Confirm password when selecting new password
Changes in version 0.4.5 are:
* Fix a crash in some sync functions.
Changes in version 0.4.4 are:
* Translation updates
* warning fixes
* require gtk 2.6
Changes in version 0.4.3 are:
* Translation updates
* Fix bug in acl functions
* implement gnome_keyring_set_info
* add sync function for all operations
* fix leaks
Changes in version 0.4.2 are:
* AIX portability fixes
* Translation updates
Changes in version 0.4.1 are:
* Support for slaving lifecycle to a file descriptor
* Translation updates
Changes in version 0.4.0 are:
* Build fix on some systems
* Translation updates
Changes in version 0.3.3 are:
* Translation updates
Changes in version 0.3.2 are:
* New API functions for getting/setting ACL
* Implemented delete keyring operation
Changes in version 0.3.1 are:
* New and updated translations.
* New introduction document
* unlocking the NULL keyring unlocks the default keyring
Changes in version 0.2.1 are:
* New and updated translations.
Changes in version 0.2.0 are:
* New and updated translations.
Changes in version 0.1.91 are:
* New translations
Changes in version 0.1.90 are:
* New translations
* uninstalled pkg-config file
Changes in version 0.1.4 are:
* New translations
* put gnome-keyring-ask in libexec
Changes in version 0.1.3 are:
* Fixed leaks
* Portability fixes
* Don't split strings for translations
Changes in version 0.1.2 are:
* Spelling fix in API
* require latest gtk/glib
* use g_get_tmp_dir instead of hardcoding /tmp
* More translations
Changes in version 0.1.2 are:
* Slave lifecycle to session
* More translations
* Nicer user interface
* FreeBSD fixes
* Solaris fixes
|