Changelog
=========
3.3.1 2024-05-11
Bugfix: Add path "$PREFIX/include" to pkg-config files. The
former "$PREFIX/include/libcanlock-3" is still present for
compatibility to existing code. The "libcanlock-3" directory
should be part of preprocessor directives (as documented)
Bugfix: Replace license name "MIT-like" with "ICU". Note that
the license terms are unchanged (only the name was fixed)
Add machine readable SPDX license identifiers.
3.3.0 2021-11-24
Feature release to make the package more useful for servers
Bugfix: canlock-mhp utility no longer hangs if field name was
not found
Bugfix: Potential NULL-pointer dereference fixed in canlock
utility (Reported by Dennis Preiser)
Bugfix: Two memory leaks fixed in canlock-hfp utility
(Reported by Dennis Preiser)
Bugfix: Multiple bugs in test suite fixed, where return
values from library functions were not handled correctly
(Reported by Dennis Preiser)
Bugfix: Two memory leaks fixed in test suite for legacy API
(Found by Valgrind)
Bugfix: NAME sections of cl_clear_secret(), cl_get_lock(),
cl_split() and cl_verify() man pages fixed (Reported by
Julien Elie)
Bugfix: Typos in canlock-mhp, cl_get_key() and cl_get_lock()
man pages fixed (Reported by Julien Elie)
Bugfix: Typos in comments and documentation fixed (Reported
by Urs Janssen)
Separate library libcanlock-hp added to execute the header
parsers (for operating systems with POSIX API)
New libcanlock-hp API function to unfold header fields added
(Suggested by Julien Elie)
Manual pages added for the new library
Test suite extended for the new library. Tests for parser
functions are skipped by default (because they require the
installed parser utilities)
New libcanlock API function cl_verify_multi() added to check
multiple keys against multiple locks
Library API and ABI are backward compatible
Test suite extended: It now tests cl_verify_multi() too
canlock utility now supports the option "-m" to check
multiple keys against multiple locks
Option "-m" added to SYNOPSIS section of canlock man page
(Suggested by Marcel Logen)
Example programs added to the "examples" and "hp/examples"
subdirectories (Suggested by Julien Elie)
Documentation for RFC 8315 Section 4 added to cl_get_key()
and cl_get_lock() man pages (Suggested by Julien Elie)
Paragraph for optional User-ID (<uid> in RFC 8315 notation)
added to cl_get_key() and cl_get_lock() man pages (Suggested
by Julien Elie)
Examples for minimum size of local secret added to cl_get_key()
and cl_get_lock() man pages (Suggested by Julien Elie)
Removed some redundant notes from the output of "canlock -h"
(Suggested by Julien Elie)
3.2.2 2021-01-07
Bugfix: Header field name is not found by canlock-mhp if there
is another header field for which only the prefix differs (and
that other field is processed first)
Test suite for canlock-mhp parser extended: It now tests headers
larger than 4 KiByte and for the field prefix bug fixed in this
version
Lexer of canlock-hfp has problems to detect T_CTEXT tokens on
HP-UX (relevant only if the header field contains comments).
The syntax of the ERE for T_CTEXT was rewritten to be compatible
with the SysV lex of HP-UX 11.11
Test suite for canlock-hfp parser extended to test comments harder
Namespace clash of internal library functions with libc on NetBSD
Changed internal API function names hmac* to RFC2104Hmac*
Changed internal API function names hkdf* to RFC5869Hkdf*
Library API and ABI are fully compatible if no undocumented
functions are used
libcanlock-3.pc: Changed protocol in URL from http to https
3.2.1 2020-11-28
Bugfix: off-by-one heap buffer overflow fixed in canlock-mhp
(If header is larger than 4 KiByte. Found by Valgrind)
Bugfix: canlock-mhp end of header detection fixed
(Found by test suite on openSUSE. Reported by Martin Hauke)
3.2.0 2020-05-11
Support for pkg-config with option "--enable-pc-files" added
(Default behaviour is unchanged). This option installs the
pkg-config file "libcanlock-3.pc". The standard option
"--with-pkgconfigdir" can be used to specify the target directory
Shared library no longer exports internal symbols, if possible
(using #pragma GCC visibility). Library API and ABI are fully
compatible if no undocumented functions are used.
Build system: Distributed autotools files updated
3.1.1 2019-12-29
Bugfix: Potential buffer overflows in code from RFC6234 fixed.
Related code is used for test suite only, installed library and
utilities are not affected (Reported by Florian Schlichting)
Build system: Makefile rules fixed that use DIST_SUBDIRS variable
src/canlock.c: Fixed typo in comment (Reported by Urs Janssen)
3.1.0 2019-01-26
Merged canlock-hp into libcanlock package (now tracking the version
number of the libcanlock package)
Configure option "--disable-hp" added (Default is set to build
canlock-hp, use this option to get the behaviour from 3.0.x)
Manual page of canlock-hfp utility updated
Library API and ABI are unchanged
3.0.3 2018-12-05
Build system fixed for cross build (Patch suggested by Helmut Grohne,
modified to work on macOS)
3.0.2 2018-08-18
Configure option "--disable-legacy-api" added (Default behaviour is
unchanged)
Test suite updated:
API test 5 with <clue-string> removed (Obsolete since 20 years)
API test 8 with unknown <scheme> added
API test 9 with <scheme> mismatch added
Manual page of canlock utility updated
3.0.1 2018-03-16
Man page section numbers fixed (Patch from Florian Schlichting)
Minimum required automake version set to 1.11.6 (there is a security
vulnerability in 1.11.5)
3.0.0 2018-01-17
API for arbitrary hash algorithm added (Written by Dennis Preiser)
Support for SHA2 added (Using code from RFC6234 section 8)
SHA1 implementation replaced (Using code from RFC6234 section 8)
Function to overwrite secret data in memory added
Command line utility added
Test program for new API added
Test program for SHA implementation replaced
New portable build system added (Based on GNU autotools)
Man pages added
Release version scheme changed
EOF