Changelog ========= 3.3.0 2021-11-24 Feature release to make the package more useful for servers Bugfix: canlock-mhp utility no longer hangs if field name was not found Bugfix: Potential NULL-pointer dereference fixed in canlock utility (Reported by Dennis Preiser) Bugfix: Two memory leaks fixed in canlock-hfp utility (Reported by Dennis Preiser) Bugfix: Multiple bugs in test suite fixed, where return values from library functions were not handled correctly (Reported by Dennis Preiser) Bugfix: Two memory leaks fixed in test suite for legacy API (Found by Valgrind) Bugfix: NAME sections of cl_clear_secret(), cl_get_lock(), cl_split() and cl_verify() man pages fixed (Reported by Julien Elie) Bugfix: Typos in canlock-mhp, cl_get_key() and cl_get_lock() man pages fixed (Reported by Julien Elie) Bugfix: Typos in comments and documentation fixed (Reported by Urs Janssen) Separate library libcanlock-hp added to execute the header parsers (for operating systems with POSIX API) New libcanlock-hp API function to unfold header fields added (Suggested by Julien Elie) Manual pages added for the new library Test suite extended for the new library. Tests for parser functions are skipped by default (because they require the installed parser utilities) New libcanlock API function cl_verify_multi() added to check multiple keys against multiple locks Library API and ABI are backward compatible Test suite extended: It now tests cl_verify_multi() too canlock utility now supports the option "-m" to check multiple keys against multiple locks Option "-m" added to SYNOPSIS section of canlock man page (Suggested by Marcel Logen) Example programs added to the "examples" and "hp/examples" subdirectories (Suggested by Julien Elie) Documentation for RFC 8315 Section 4 added to cl_get_key() and cl_get_lock() man pages (Suggested by Julien Elie) Paragraph for optional User-ID (<uid> in RFC 8315 notation) added to cl_get_key() and cl_get_lock() man pages (Suggested by Julien Elie) Examples for minimum size of local secret added to cl_get_key() and cl_get_lock() man pages (Suggested by Julien Elie) Removed some redundant notes from the output of "canlock -h" (Suggested by Julien Elie) 3.2.2 2021-01-07 Bugfix: Header field name is not found by canlock-mhp if there is another header field for which only the prefix differs (and that other field is processed first) Test suite for canlock-mhp parser extended: It now tests headers larger than 4 KiByte and for the field prefix bug fixed in this version Lexer of canlock-hfp has problems to detect T_CTEXT tokens on HP-UX (relevant only if the header field contains comments). The syntax of the ERE for T_CTEXT was rewritten to be compatible with the SysV lex of HP-UX 11.11 Test suite for canlock-hfp parser extended to test comments harder Namespace clash of internal library functions with libc on NetBSD Changed internal API function names hmac* to RFC2104Hmac* Changed internal API function names hkdf* to RFC5869Hkdf* Library API and ABI are fully compatible if no undocumented functions are used libcanlock-3.pc: Changed protocol in URL from http to https 3.2.1 2020-11-28 Bugfix: off-by-one heap buffer overflow fixed in canlock-mhp (If header is larger than 4 KiByte. Found by Valgrind) Bugfix: canlock-mhp end of header detection fixed (Found by test suite on openSUSE. Reported by Martin Hauke) 3.2.0 2020-05-11 Support for pkg-config with option "--enable-pc-files" added (Default behaviour is unchanged). This option installs the pkg-config file "libcanlock-3.pc". The standard option "--with-pkgconfigdir" can be used to specify the target directory Shared library no longer exports internal symbols, if possible (using #pragma GCC visibility). Library API and ABI are fully compatible if no undocumented functions are used. Build system: Distributed autotools files updated 3.1.1 2019-12-29 Bugfix: Potential buffer overflows in code from RFC6234 fixed. Related code is used for test suite only, installed library and utilities are not affected (Reported by Florian Schlichting) Build system: Makefile rules fixed that use DIST_SUBDIRS variable src/canlock.c: Fixed typo in comment (Reported by Urs Janssen) 3.1.0 2019-01-26 Merged canlock-hp into libcanlock package (now tracking the version number of the libcanlock package) Configure option "--disable-hp" added (Default is set to build canlock-hp, use this option to get the behaviour from 3.0.x) Manual page of canlock-hfp utility updated Library API and ABI are unchanged 3.0.3 2018-12-05 Build system fixed for cross build (Patch suggested by Helmut Grohne, modified to work on macOS) 3.0.2 2018-08-18 Configure option "--disable-legacy-api" added (Default behaviour is unchanged) Test suite updated: API test 5 with <clue-string> removed (Obsolete since 20 years) API test 8 with unknown <scheme> added API test 9 with <scheme> mismatch added Manual page of canlock utility updated 3.0.1 2018-03-16 Man page section numbers fixed (Patch from Florian Schlichting) Minimum required automake version set to 1.11.6 (there is a security vulnerability in 1.11.5) 3.0.0 2018-01-17 API for arbitrary hash algorithm added (Written by Dennis Preiser) Support for SHA2 added (Using code from RFC6234 section 8) SHA1 implementation replaced (Using code from RFC6234 section 8) Function to overwrite secret data in memory added Command line utility added Test program for new API added Test program for SHA implementation replaced New portable build system added (Based on GNU autotools) Man pages added Release version scheme changed EOF