4 * Merges gpgstats 0.0.2 (never released).
8 * Added support for subpacket type 0x83 (critical key expiration)
9 * Fixed bug in parsing of one byte new format packet length.
10 * Added support for 4 byte old format packet lengths.
11 * Changed various error statements to output to stderr instead of stdout.
12 * Fixed bug in deleting keys in Postgres backend.
13 * Moved code to merge a list of keys to merge.c and changed add.c to use it
14 rather than just replacing existing keys.
15 * Added comment & trust packets as known but ignored types.
16 * Added storage of uids to Postgres backend; this speeds up verbose indexing
17 and will also allow searching on UIDs.
18 * Fixed bug in armor handling (didn't like 2 newlines before the armor header).
19 * Made dearmor gracefully handle non armored input.
20 * Added support for incoming incremental update mails.
21 * Added searching on uids to lookup & keydb_pg.
22 * Changed Postgres backend to use 64 bit keyids instead of 32 bit.
23 * Made dearmor ignore CRs when looking for 2 blank lines.
27 * Added index on keyid for key table in Postgres backend.
28 * Twiddled transaction support in an attempt to speed up mass key adding.
29 * Changed putchar_func to take a character count rather than doing one char at
30 a time (massive speed up in Postgres case).
31 * Introduced onak binary for general keyserver operations.
32 * Changed all version number references to use VERSION macro.
33 * Made lldel free the unused list structure. (pointed out by Simon Huggins)
34 * Made llfind assert that the cmp function is non NULL. (Simon Huggins again)
35 * Fixed gpgwww; after the move to 64bit keyids internally it was trying to
36 compare the 32bit user supplied keyid to the retrieved 64bit one and never
38 * Various tidying up I've forgotten.
39 * Fixed bug with removing signed packets while merging.
40 * Fixed bug with potentially adding an already existing uid to a key when
42 * Fixed stupid typo bug in merging keys.
44 0.0.4 - 10th November 2002
46 * Made keydb_file backend compile again.
47 * Changed merging to compare signature keyids rather than packet contents
48 so we don't add the same signature multiple times.
49 * Changed keydb_pg backend over to using PQescapeString to escape SQL data.
50 * Added list of keyids in a path to gpgwww output (suitable for C&P into
51 a gnupg command line for example).
52 * Pulled out HTML start/end code to getcgi.c and added a DOCTYPE and charset
54 * Did some work on getting onak-mail.pl to output incrementals as well as
56 * Some cleanup in getting signature keyids.
57 * Made sure we freed more things after we've finished with them.
58 * Changed maxpath to display the path found.
59 * Added use of onak_sigs to keydb_pg to speed up retrieval of key sigs. Should
60 speed up the pathfinder a lot.
61 * Added llfree for freeing up linked lists.
62 * Wrote DB3 backend; although much work is still needed it vastly outperforms
63 the PostgreSQL backend and should hopefully not suffer from the problems of
64 the DB2 implementation.
66 0.1.0 - 13th November 2002
68 * Code cleanup; pull out common character functions.
69 * Make DB3 backend support proper searching.
71 * Fixed ASCII armor bug (we'd output NULLs in the headers/footer).
72 * Added bidirectional syncing (previously we could receive but wouldn't send).
74 0.1.1 - 2nd December 2002
76 * Fixed utf8 content type - should be UTF-8. (Thanks to Simon Huggins)
77 * Made getfullkeyid not assert if the key isn't found. (Thanks to Simon
78 Huggins for reporting this.)
79 * Fixed onak-mail.pl to check the stdout of onak before stderr to prevent
80 blocking when reading the output update.
81 * Used ccmalloc to find various memory leaks and fixed them.
82 * Added display of key subkeys.
83 * Tightened up table creation SQL a bit.
84 * Fixed bug with merging keys that have no new content (we'd sometimes stop
85 processing the incoming stream of keys).
86 * Updated README to be a bit more useful.
87 * Code cleanup; removed circular dependencies.
90 0.1.2 - 15th February 2003
92 * Added fingerprint calculation/display.
93 * Cleanup sixdegrees binary/object file on make clean.
94 * Introduced transaction support to DB3 backend, along with deadlock detection.
95 * Added keydb dumping ability.
96 * Added logging infrastructure to help more easily track down problems.
100 * Output multiple paths in gpgwww (thanks to Simon Huggins).
101 * Allow a keyid on the command line for sixdegrees (Simon Huggins).
102 * Make db2 backend check for a num_keydb file to know how many db files to use.
103 * Add 0x to generated URLs as pks needs these.
104 * Add "Find Reverse Path" link to gpgwww output.
105 * Checkpoint the db3 database upon clean exit.
106 * Fix bug with logging where the month was one less than it should have been.
107 * Fall back to stderr if we can't open the logfile.
108 * Move dependancy list from Makefile to separate file.
109 * Checkpoint the DB on clean shutdown.
110 * First cut at MRHKP support.
111 * Clean up various compile warnings under gcc 3.3
112 * Log a critical error when we can't handle a critical subpacket rather than
114 * Make the Postgres backend compile again.
115 * First attempt at supporting revoked keys.
117 0.2.1 - 11th October 2003
119 * Added support for multiple backend DB3 key files.
120 * Fixed DB3 database dumping to be outside a transaction (otherwise the
121 transaction is too big and we run out of memory).
122 * Change over onak-mail.pl to use the config file more.
123 * Fix bug where we always read one byte from stdin in rather than allowing
125 * Tightened up error checking in a couple of places to allow proper DB cleanup.
126 * Changed a printf error message over to using logthing.
127 * Allow read_openpgp_stream to append to an existing packet list.
128 * Tidy up various character functions into charfuncs.c
129 * Add splitkeys for spliting up keyrings.
130 * Various code cleanups to help reduce warnings under C99.
131 * Add (verbose) index support to onak-mail.pl
133 0.3.0 - 14th September 2004
135 * Add the ability to choose a config file at runtime.
136 * Fix extra LF when the last line of the key is a full line.
137 * Relax restriction on Type 2/3 keys being RSA - log the fact, but don't error.
138 * Stop trying to parse a key if we get an unexpected character.
139 * Make onak-mail.pl only run a single copy of onak at a time.
140 * Add photoid support; lookup and onak both use this.
141 * Move db3 backend to db4.
142 * Move db4 backend to 64bit keyids.
143 * Add keyfs backend. (Daniel Silverstone)
144 * Pull MD5/SHA1 implementations from sigcheck as they're more portable.
145 * Add readonly open mode for DB backends if we're not going to add keys.
146 * Log assertions before exiting.
147 * Add man pages for onak and splitkeys.
148 * autoconf; very basic at present - endianness and file paths.
149 * Clean up various compiler and preprocessor warnings. With --std=c99 and
150 -D_BSD_SOURCE=1 we should be almost warning free.
151 * Fix gpg --search support (it doesn't like uid/sub at the start of the index
153 * Let gpgwww return all the key data for the keys listed in the paths. Thanks
154 to Ian Haywood <ihaywood@gnu.org>.
155 * Add support for searching on subkeys.
156 * Fix writing packets that are larger than 8k.
157 * Fix bug with reading new format packet lengths.
158 * Relax some assertions in mem.c as we can hit them legitimately.
159 * Initial key cleaning routines; de-dupe key uids.
160 * Add loglevel setting in the configuration file.
161 * Add logging for the various CGI interfaces.
162 * Add stripkey from Daniel Silverstone.
163 * Add signal catching infrastructure; this is primarily due to db4's fragile
164 behaviour in the face of abnormal termination.
165 * Add Apache2 example config info.
166 * Update mathopd example config to newer version.
168 0.3.1 - 23rd October 2004
170 * Add onak-mail.pl man page (Debian bug #276879)
171 * Add links to HTML index output. (Debian bug #275227)
172 * Speed up fetch_key_text (use of lladdend/sorted keyid array).
173 * Cleanup db4 properly if we fail to open it.
174 * Change buffer_put/fetchchar functions to use memcpy (speed up).
175 * Add key iteration functionality to keydb backends.
176 * Move dumpdb to iterate_keys.
177 * Add keyd backend (persistant database access over Unix socket)
178 * Cleanup logging in sixdegrees.c
179 * Fix maxpath to initialise the logging infrastructure.
180 * Fix sixdegrees to initialise the logging infrastructure.
181 * Fix transaction around id32 updating in DB4 backend.
182 * Compile warning cleanup; add missed include file.
183 * Hard error when db version is < 4.
185 0.3.2 - 25th March 2005
187 * Change word split routine to split on punctuation/spaces. (Jason Harris)
188 * Fix problem parsing empty config lines. (Thanks to Fred Strauss)
189 * Do some checking before closing stderr in add.c. Fixes an issue seen in
191 * Make sure we use the configured path to the MTA in sendsync.c
192 * Support UID revokations. Thanks to Hanna Wallach for reporting this.
194 0.3.3 - 4th March 2007
196 * Make onak-mail sequentially processes requests.
197 * Fix db4 memory leak.
198 * Add support for dynamic loading of backends.
199 * Use 64bit key ids for HTML keyindex links and support these in lookup.
200 * Add support for ADD to onak-mail.
201 * Fix replyto address bug in onak-mail.
202 * Gracefully fail when we can't open a db4 db.
203 * Fix assumption that a signature on a public key is a revocation.
204 * Document test keys.
205 * Check signature time as well as keyid for key merges.
207 0.3.4 - 29th December 2007
209 * Fix dynamic backends bug involving passing the config to the backend.
210 * Add an install target to the Makefile.
211 * Add a man page for keyd.
213 0.3.5 - 16th January 2008
215 * Fix dumb mistake with db4 backend. Serves me right for testing with
218 0.3.6 - 7th June 2008
220 * Make key addition success text more like SKS/PKS. (Thanks to Timothy Legge)
221 * Allow the use of search text for gets, rather than just keyids. ""
222 * Fix fetching key by text bug in db4 backend (we'd fetch too many keys).
223 * Fix lookup display for more than one photo id. (Thanks to Philippe Teuwen)
224 * "Recognize" some extra critical subpacket types.
225 * Add support for upgrading db4 DBs built with older DB4 version.
226 * Various minor code cleanups.
228 0.3.7 - 2nd June 2009
230 * Escape colons and similar in MRHKP output. (Debian bug #487284)
231 * Add support for displaying Elgamal encrypt or sign keys. (deprecated)
232 * Ensure DB4 backend dbconns memory is initialised to zero.
233 * Open DB read only for onak lookup function.
234 * Obey binary flag for "onak get".
236 0.3.8 - 29th December 2009
238 * Fix "onak dump" to actually generate multiple output files.
239 * Limit key dump files to 100,000 keys for "onak dump".
240 * Correct formatting of some places we output a keyid. (Debian bug #540196)
241 * Don't add a key to the stats hash if it doesn't have any sigs. (Debian bug
243 * Change PostgreSQL backend to use PQescapeStringConn
244 * Fix PostgreSQL backend key iteration
246 0.4.0 - 19th April 2011
248 * Fix delete_key function in keyd backend
249 * Send close command when cleaning up keyd backend
250 * Actually close the socket in keyd/the keyd backend
251 * Update the copy of my key to my 4096R one
252 * Update maxpath/sixdegrees to my "new" RSA key
253 * Add -c option to specify keyd config file on command line
254 * Make keyd background itself by default
255 * Add use_keyd config file option to select keyd as the backend
256 * Clean up remaining uses of %llX for printing keyids
257 * Fix fs backend compilation/linking
258 * Configure db4 locks according to maxkeys and actually check maxkeys
259 * Explicitly use 32 bits for keyd socket commands
260 * Log when we're doing a clean keyd shutdown
261 * Add help text for keyd
262 * Add keydctl for talking to keyd backend
263 * Add the bzr version number to non release builds
264 * Allow db4 backend to compile with later versions of Berkeley DB
265 * Add a stats command to keyd
266 * Clean up use of PATH_MAX in keydb_fs.c
267 * Output details of key search after retrieval for pks/lookup
269 0.4.1 - 24th April 2012
271 * Add basic testing infrastructure + initial tests
272 * Change fd_write to use fwrite instead of fputc
273 * Fix buffer_getchar to only error if we'd exceed the buffer size
274 * Add support for calculating SKS style key hashes
275 * Add support for key retrieval by SKS hash
276 * Add support for displaying/retrieving by SKS hash to lookup and onak CLI
278 * Cleanup lookup/gpgwww trailers
279 * Define OpenPGP constants and use them rather than magic numbers
280 * Clean up file header copyrights
281 * Add some more subpacket types to the list to ignore
282 * Clean up "set but not used" GCC warnings
283 * Use nettle for hashing when available rather than internal MD5/SHA1 routines
284 * Add AC_PROG_CC_C99 to configure.ac
285 * Fix display of SHA-1 fingerprints
286 * Always put a leading 0x on keyids in HTML output links
287 * Allow retrieval of key by full fingerprint
288 * Add keyid to DB4 backend deletion error messages
290 0.4.2 - 1st October 2013
292 * Add support for RIPEMD160, SHA224, SHA384 & SHA512 when available
293 * Fix stripkeys to output all the keys at the end rather as it goes along
294 * Add support for checking signature hashes
295 * Use Doxygen for some initial code documentation generation
296 * Cleanup code in preparation for a separate libonak for general PGP bits
297 * Prevent read_openpgp_stream from returning empty packages + causing crashes
298 * Allow maxpath + splitkeys to take a -c option to specify the config file
299 * Add wotsap tool to generate data files for wotsap
300 * Add HKP backend to allow onak to be used as a proxying keyserver
302 0.4.3 - 30th September 2014
304 * Set our user agent in the HKP backend
305 * Allow keyd to serve multiple clients at once
306 * Improve HKP backend URL parsing, adding support for HKPS
307 * Add support for a user specific config file for onak binary
308 * Make wotsap output tool ignore revoked keys
309 * Add support for old Elgamal v3 key IDs
310 * Add support for displaying EC/ECDSA key types + sizes
311 * Extend database backends to support key fetching by fingerprint
312 * Remove legacy pksd compatible DB2 backend
313 * Add SHA1x hash support
314 * Ignore X509 signatures for signature hash checking
315 * Code cleanups for issues found using scan-build (llvm) + valgrind
316 * Extend tests to include retrieval by subkey ID
317 * Switch DB4 backend to using key fingerprint as primary index
318 * Sanity check signature data lengths
319 * Add support for systemd socket activation
321 0.4.4 - 30th September 2014
323 * Fix key ID lookups using onak CLI tool on 32 bit platforms
325 0.4.5 - 3rd October 2014
327 * Fix for detecting systemd socket support with more recent versions of systemd
329 0.4.6 - 25th August 2015
331 * Add additional ECC OIDs (Ed25519/Brainpool/secp256k1/Curve25519)
332 * Re-order linking for backend plugins to cope with ld --as-needed
333 * Add de-duplication of subkeys on a key
334 * Add support for displaying EDDSA keys (type 22)
335 * Add config file option to specify keyd socket directory
337 0.5.0 - 28th August 2016
339 * Use mail_dir for the incoming mail lock file
340 * Switch to .ini style config file
341 * Add dumpconfig command to dump running config in .ini format
342 * Add stacked backend
343 * Include statistics for fetch by SKS hash in 'keydctl status'
344 * Pull key updates into keyd protocol rather than using delete/store
345 * Various robustness cleanups from American Fuzzy Lop testing
347 0.6.0 - 13th September 2020
349 * Move to CMake over autoconf
350 * Add support for issuer fingerprint subpackets
351 * Add experimental support for v5 keys
352 * Add read-only OpenPGP keyring backed DB backend
353 * Move various bits into their own subdirectories in the source tree
354 * Add support for full signature verification
355 * Drop v3 keys by default when cleaning keys
356 * Various code cleanups
357 * Implement pieces of draft-dkg-openpgp-abuse-resistant-keystore-03
358 * Add support for a fingerprint blacklist (e.g. Evil32)
359 * Deprecate the .conf configuration file format
360 * Drop version info from armored output
361 * Add option to deny new keys and only allow updates to existing keys
362 * Various pieces of work removing support for 32 bit key IDs and coping
363 with colliding 64 bit key IDs.
364 * Remove support for libnettle versions that lack the full SHA2 suite
366 0.6.1 - 13th September 2020
368 * Fixes for compilation without nettle + with later releases of nettle
370 0.6.2 - 27th November 2022
372 * Don't take creation time from unhashed subpackets
373 * Fix ECDSA/SHA1 signature check
374 * Fix handling of other signature requirement
375 * Fix deletion of keys with PostgreSQL backend
376 * Add support for verifying v3 signature packets