Changes in version 3.28.2 are:
* Fix glitches in ssh-agent [#795699]
Changes in version 3.28.0.2 are:
* Fix glitches in ssh-agent [#794361, #794368, #794369, #794500, #794631]
Changes in version 3.28.0.1 are:
* Fix linking with "-z defs" [#794274]
Changes in version 3.28.0 are:
* Fix TAP test driver
Changes in version 3.27.92 are:
* Wrap stock ssh-agent from OpenSSH [#775981]
* Stop installing p11-kit configuration file for the PKCS#11 module [#791401]
* Updated translations
Changes in version 3.27.4 are:
* Add support for SHA2 extension for RSA signatures in ssh-agent [#790910]
* Build fixes [#792278, #787387]
* Updated translations
Changes in version 3.27.2 are:
* Add support for ECDSA in ssh-agent [#641082]
* Wipe passwords stored by the PAM module [#781486]
* Fix shared key derivation between libsecret and gnome-keyring [#778357]
* Fix erroneous handling of partial writes in write_sync_close [#778269]
* Set CKF_LOGIN_REQUIRED flag in ssh-module
* Build and testing fixes [#774312, #781785]
* Updated translations
Changes in version 3.20.0 are:
* Updated translations
Changes in version 3.19.90 are:
* Accept empty passwords for --unlock [#762095]
* srcdir != builddir fixes
* Updated translations
Changes in version 3.19.4 are:
* Fix up startup and initialization [#756324]
* Fix DBus "Type" property of org.freedesktop.Secret.Item [#759399]
* Build fixes [#753698]
* Updated translations
Changes in version 3.18.3 are:
* Fix regression looking up secrets in default keyring [#756865]
* Updated translations
* Fix manpage typos [#756812]
Changes in version 3.18.2 are:
* Fix regression in ported GDBus prompting [#756032]
* Other minor fixes
Changes in version 3.18.1 are:
* Fix regression initializing gnome-keyring-daemon [#756059]
* Fix regression racing for DBus name during startup [#756006]
* Build and testing fixes [#755873]
* Updated translations
Changes in version 3.18.0 are:
* Fix test crash [#731802]
Changes in version 3.17.91 are:
* More fixes for GDBus migration [#622905]
* Fix a memory leak [#752919]
Changes in version 3.17.4 are:
* Remove temporary files on failure [#746334]
* Migrate DBus code to GVariant and GDBus [#622905]
* Remove the GnuPG agent [#750514]
* Updated translations
Changes in version 3.16.0 are:
* Fix build issues highlighted by GCC 5.x
* Updated translations
Changes in version 3.15.92 are:
* pam: Make sure to never block SIGCHLD [#745673]
* Revert "ssh-agent: Fix leak in seach_keys_like_attributes()"
* Updated translations
Changes in version 3.15.90 are:
* Fix leaks [#738508]
* Refactoring
* Build fixes [#740190]
* Updated translations
Changes in version 3.14.0 are:
* Remove residual GTK+ usage
* Updated translations
* Build fixes
Changes in version 3.13.91 are:
* Initialize correctly with empty passwords during login [#736085]
* Don't use geteuid() to get UID for user in PAM module [#733418]
* Fix for libgcrypt 1.6+
* Build fixes
Changes in version 3.12.2 are:
* Build fixes
Changes in version 3.12.0 are:
* Build and testing fixes
Changes in version 3.11.92 are:
* Use $XDG_RUNTIME_DIR to create keyring socket directory [#725801]
* Stop exporting the $GNOME_KEYRING_CONTROL env variable [#725801]
* Stop exposing a GNOME_KEYRING_PID variable [#725801]
* Pass XDG_RUNTIME_DIR to new gnome-keyring-daemon process [#726196]
* Fix issue with changed password not unlocking keyring [#726196]
* Add new --unlock option to prompt for login password [#710187]
* When in foreground mode, close stdout when done initializing
* Exit gnome-keyring-daemon when the DBus connection closes [#708765]
* Don't initialize in an idle handler, this is racy
* Don't log debug messages to syslog [#711537]
* Documentation fixes [#711581 ...]
* License fixes [#721549]
* Dependency on GLib 2.38+
* Updated translations
* Modernize autotools setup and other build fixes
* Parallel testing and add new tests
Changes in version 3.10.1 are:
* Build fix on OpenBSD [#706405]
* Add manual page
* Minor error message fixes
* Updated translations
Changes in version 3.10.0 are:
* Minor logic fix [#708483]
Changes in version 3.9.90 are:
* Fix running gnome-keyring-daemon under test harness
* Test fixes [#702367]
Changes in version 3.9.1 are:
* Fix implementation of LockService dbus method [#690466]
* Updated translations [nl]
* Build fixes
Changes in version 3.8.1 are:
* Updated translations
Changes in version 3.8.0 are:
* Updated translations
Changes in version 3.7.92 are:
* Update introspection data of Collection.SearchItems() [#695115]
* Update the Item.Created and Item.Modified properties correctly [#695052]
* Updated translations
* Build fixes
Changes in version 3.7.91 are:
* Remove the roots-store module replaced by p11-kit 0.16+ trust module
* Only return one object path list from Collection.SearchItems() [#695115]
* Fix order of items returned from SearchItems() [#693884]
* Build fixes
Changes in version 3.7.5 are:
* Set correct type for Collection's "Locked" property
* Don't warn if the GNOME session manager is not available
* Updated Translations
* Fix crasher in armor code
* Build fixes
Changes in version 3.7.2 are:
* Bring over DER parsing fixes from GCR library
* Fix corner case where long DER length overflows
* Fix crash when parsing invalid DER files
* Handle empty secrets correctly
* Only print debug message if no pkcs11 socket
* Other minor fixes
* More complete test coverage
Changes in version 3.7.1 are:
* Remove dependency on GTK+
* Build fixes
Changes in version 3.6.1 are:
* Fix regressions with keyring master password changing
* Load schema for secret items correctly, prevents storing multiple times
for items stored via libsecret
* Setup translations properly when daemon starts
* Fix memory leak in PKCS#11 module
* Updated translations
Changes in version 3.6.0 are:
* Updated translations
Changes in version 3.5.92 are:
* Updated translations
Changes in version 3.5.91 are:
* Updated translations
Changes in version 3.5.90 are:
* Use the XDG directories for storing keys
* Updated translations
* Better handling of the --replace argument to gnome-keyring-daemon
* Fix ability to store keyring files without using hardlinks
* Make the GPG agent password caching options work correctly
Changes in version 3.5.5 are:
* Initialize PKCS#11 correctly in gnome-keyring tool
* Rename the p11-kit module file
* Use setsid() to become a process leader when daemonizing
* Build fixes
Changes in version 3.5.4 are:
* Support the xdg:schema attribute on secret items
* Update to newer glib dependency and remove redundant code
* Encode passwords correctly for gpg2 in the gpg-agent
* Fix types of the DBus Created and Modified properties
* Expose the 'session' and 'login' keyrings as aliases
* Emit Secret Service signals when collections/items change
* Fix some spurious warnings
* Testing fixes
Changes in version 3.5.3 are:
* Return correct introspect data for Secret Service
* Fix the gnome2-store for gcr importer, and test
* Debug and logging fixes
* Updated translations
* Build fixes
Changes in version 3.4.1 are:
* Set 'text/plain' content type on secrets returned from daemon
* Use correct XDG_RUNTIME_DIR when started from PAM
* Updated translations
* License fix
* More tests
* Build fixes
Changes in version 3.4.0 are:
* Updated translations
Changes in version 3.3.92 are:
* Use runtime dir instead of /tmp for sockets
* Updated translations
* Fix copyright headers
* Build fixes
Changes in version 3.3.91 are:
* Fix regression in changing a keyring master password
* Set better button labels for the prompts
* Fix assertion when cancelling a unlock prompt
* Use a single CA certificates file by default
* Updated translations
Changes in version 3.3.5 are:
* Updated translations
* Fix introspection data for SearchItems()
* Fix regression when an invalid password used to unlock keyring
Changes in version 3.3.4 are:
* Updated translations
* Build fixes
Changes in version 3.3.3.1 are:
* No message in gnome-keyring-pkcs11.so module, when no daemon running
* Updated translations
* Build fixes
Changes in version 3.3.3 are:
* Distribute correct desktop autostart files
* Use GcrPrompt and GcrSystemPrompt for prompting
* Do not crash when reading a truncated keyring file
* Add test tool for dumping the keyring format
* Update for GckBuilder changes in libgck
* Fix for deprecations in glib 2.31.x
* Fix ReadAlias() returning null when 'login' keyring exists
* Build fixes, bug fixes
Changes in version 3.3.2 are:
* Do not make label selectionnable in prompt dialog
* Fix deadlock in the 'unsafe storage' prompt
* Better locking for the old gnome2-store
* Updated translations
* Build fixes
Changes in version 3.3.1.1 are:
* Build correctly against glib 2.31
Changes in version 3.3.1 are:
* Return most recent secret first when searching
* Split the Gcr and Gck libraries out of gnome-keyring
* Build fixes
* Updated translations
Changes in version 3.2.2 are:
* Fix problem with 'unsafe storage' prompt deadlocking
* Remove XFCE & LXDE from OnlyShowIn for autostart files
* Use g_random_int_range() for pseudo-random hash iteration count
* Return password results with the most recent result first
* Make clear source of warnings from the rpc module
* Updated translations
* Build fixes
Changes in version 3.2.1 are:
* Fix debugging output, and erroneous warnings
* Updated translations
Changes in version 3.2.0 are:
* Don't install setuid when filesystem capabilities not available
* Updated translations
Changes in version 3.1.92 are:
* Add back the file format "documentation"
* Make .desktop file match prompt process so icon and title are shown
* Fix packaging issues installing the pkcs11 module
* return correct error code in gpg-agent for unimplemented stuff
* Fixes for parsing/viewing various (sometimes slightly invalid) PKCS#12 files
* Allow daemon to access secrets of internal PKCS#11 modules, so that we can
do things like hash NTLM and Kerberos secrets in the future.
* Build and documentation fixes
* Updated translations
Changes in version 3.1.91 are:
* gcr-viewer will now display errors when failing to load a file.
* gcr-viewer can now prompt for passwords to unlock files
* Add support for getting the current data block being parsed in GcrParser.
* Add debug output to various points in the GCR and GCK libraries.
* When replacing another gnome-keyring-daemon, wait a moment before initializing.
* Fix GCR library initialization bugs loading PKCS#11 modules.
* Fine tuning of GcrParser when parsing PKCS#12 files.
* Build and packaging fixes
* Updated translations
Changes in version 3.1.90 are:
* Install better xdg-mime files for identifying crypto related file types
* New gcr-viewer for viewing certificates and keys, hooked up to file types
* Display tweaks for the certificate and key widgets
* Don't initialize PKCS#11 modules automatically in gcr library unless needed.
* Cleanup the libgck API since we're bumping the major version.
* ABI fixes for the GCR library for changes in the 3.1.x release cycle
* New automatic checks for symbols that have changed in the ABI
* Add async PKCS#11 initialization functions to libgck
* Display Certificate otherName subject-alt-name for xmppAddr and DNS SRV
* Documentation, testing, translation and build fixes.
Changes in version 3.1.4 are:
* New GcrListSelector class for selecting multiple keys.
* Add icons for key and key pair.
* Gcr now has support for loading of GnuPG keys from gpg, including photos.
* New gcr dependency on p11-kit for loading PKCS#11 modules.
* Remove support for GTK+ 2.x
* Implement calculation of fingerprints in gcr for keys.
* Fix problems in daemon if IPC lock or FS capabilities are not available.
* Bug fixes and build fixes.
* Code cleanup and refactoring.
Changes in version 3.1.1 are:
* Add 'Export Certificate' option to right click of certificate widget.
* Use file system linux capabilities for memory locking.
* Set correct daemon SELinux context when started from PAM module.
* Fix assertions in parser.
* Add GcrCollection interface to represent collections of objects.
* Add GcrGnupgCollection to libgcr.
* Implement functionality in renderers to populate GtkTreeModel
* Add a GcrSelector widget.
* Cleanup unregistering from session.
* Translations and translation fixes.
Changes in version 3.0.3 are:
* Build fixes on OpenBSD.
* Don't prompt multiple times for simultaneous unlocking of keyrings.
Changes in version 3.0.2 are:
* Add documentation images for gcr widgets.
* Translation fixes.
* Build fixes.
Changes in version 3.0.1 are:
* Fix clicking buttons in 'unsafe storage' dialog on GTK+3
* Build with GTK+3 by default
* More tests and test fine tuning: --enable-tests=yes/no/full
* Expand path in gnome-keyring-prompt.desktop properly
* Implement debug tracing in parts of gcr library.
* Complete documentation in gcr and gck libraries.
* Fix assertions in gcr library during parsing of a stream.
* Build fixes
Changes in version 3.0.0 are:
* Translations
Changes in version 2.91.93 are:
* Use full interface.Property form for CreateCollection and CreateItem
in the DBus API.
* Add deprecated functions for libgcr symbols lost since 2.32.x
* Don't crash when the GPG agent is asked for a passhprase without a
key id.
Changes in version 2.91.92 are:
* Don't leak login name from PAM when logging error.
* Also start daemon in XFCE
* Fix inability to save password for other keyrings.
* Build and test fixes.
* Support removal of aliases via the secret service API
* Fix race condition when multiple applications create the default
keyring at the same time.
* Add a desktop file for gnome-keyring-prompt, so the icon shows up
properly in gnome-shell.
* Implement HKDF for transport encryption security.
Changes in version 2.91.91 are:
* Fix the certificate details expander when used with GTK+3
* Calculate the minimum/natural size of the certificate widget better.
* Fix gnome-keyring-prompt for GTK+3 release.
* Fix problems with the URIs used for trust lookup and storage.
* Pass around a content-type for secrets in the DBus Secret Service API.
* If DBus couldn't be initialized when starting up the daemon, try
again at a later point.
* Build and testing fixes.
* Remove support for the pkcs11-options file, and wait for a proper
configuration file setup being worked on in p11-kit.
* Add support for --version argument to gnome-keyring-daemon and
gnome-keyring
* Create necessary directory when storing trust assertion objects.
Changes in version 2.91.4 are:
* gck library loads PKCS#11 modules from /usr/lib/pkcs11
* PKCS#11 config file in /etc/xdg/pkcs11.conf[.defaults]
* Many ASN.1 encoding fixes.
* Refactor how tests work.
* Install standalone PKCS#11 modules to a consistent location.
* Memory leaks and other bug fixes.
* Allow enumeration of objects in specific PKCS#11 slots as well
as modules.
* Add GcrCertificateChain for building certificate chains.
* Implementation of the initial PKCS#11 Trust Assertions spec.
* Add GcrPkcs11Certificate for looking up certificates in PKCS#11
modules by issuer.
* Expose gcr functionality for setting which PKCS#11 modules to use.
* Find the root certificates by default.
* Move to a single header model for libgcr.
* Don't load *.la files when looking for PKCS#11 modules.
* Fixes for GTK+3.0
* New xdg-store PKCS#11 module with support for storing trust
assertions.
* Rename old user-store to gnome2-store since it stores its data
in old formats in the old .gnome2 location.
Changes in version 2.91.3 are:
* Shutdown module timer when holding proper mutex.
* Linux capabilities to overcome limits on locked memory.
* Update HACKING with coding style
* Build fixes.
Changes in version 2.91.2 are:
* Add timeout if PAM startup doesn't complete shortly.
* Fix login keyring password when it doesn't match unix login.
* Replace gp11-0 with gck in pkgconfig file
* Fix broken dispose of GcrCertificateWidget
* Remove gp11 library.
Changes in version 2.91.1 are:
* Fix build problem in gpg-agent.
* Properly distribute pkgconfig file for gck library.
* Better certificate widget in gcr library.
* Add extra debug guard around printing of prompt io.
* Rework how the gcr parser and importer work together.
* More GTK+ 3.0 fixes.
Changes in version 2.91.0 are:
* String and punctuation fixes.
* Add libgck library to soon replace libgp11
* Migrate everything in gnome-keyring to libgp11
* Fix invalid memory access in PKCS#11 rpc-layer
* Fix race condition in tests
Changes in version 2.32.0 are:
* Make bulids silent by default.
Changes in version 2.31.92 are:
* Require glib 2.25 or later.
* Require automake 1.7 or later.
* Fix assertion in secure memory code.
* Don't go into endless loop when GPG Agent client disconnects.
* Fix double free in gp11 library.
* Fix crash during keyring unlock operation.
* Expand prompt details when a non-default unlock option is chosen.
* Migrate to gsettings.
* Use gsettings for GPG agent unlock options.
* Fix library header installation directory for libgcr.
* Fix some errors parsing certificates.
* Rework how unlock options are loaded and handled.
* Fix saving of auto-unlock passwords.
* Support building with GTK+ 3.0
* No warning message when SSH unlock prompt is cancelled.
* Build fix finding PAM headers.
* Build fix of PAM module for Hurd.
Changes in version 2.31.91 are:
* Fix problem with keyring names that contain foreign charaters.
* Build fixes and warning fixes.
* Better GPG Agent prompt strings.
* More internal documentation.
* Remove gconf as part of migration to gsettings.
* Add --replace option to daemon.
* Fix race condition in tests.
* Use new DER decoding and encoding routines.
* Only try to authenticate once if PKCS#11 slot has
protected auth path.
* Better handling of when PKCS#11 token is write protected.
Changes in version 2.31.4 are:
* New GPG Agent built into gnome-keyring-daemon
* Start building (but not using) new DER parser and writer.
* Fix building of desktop and service files.
* Fix problems displaying prompts with certain characters in strings.
* Fix deadlock on secure memory usage.
* Refactor the way prompting works for PKCS#11 components.
* Refactor the way testing works and files are named.
* Implement coverage testing.
* Cleanup whitespace issues and rename certain modules.
* Tests can now involve prompts and responses.
* Fix possible threading race condition in gp11.
* Fix broken startup when used with gdm and password-less login.
* Fix checking of uninitialized value in prompting code.
Changes in version 2.30.1 are:
* Updated translations.
* Build fixes for errors and distribution problems.
* Fixes for building on recent GTK versions.
* Remove accidental storage of user's login password in login keyring.
* Fix assertion when exiting.
Changes in version 2.30.0 are:
* More robust error display and handling.
* Don't assert on va_list.
* Don't save session keyring to disk.
* Allow unlocking even when always unlock is not available.
* Hide the automatically unlock check when login not usable.
* Fix various issues storing and using auto unlock passwords.
* Updated translations.
Changes in version 2.29.92 are:
* Fix various problems with not storing secret value properly.
* Return no results when a search includes a bad collection identifier.
* Don't raise error if ssh client disconnects early.
* Allow running in a test environment.
* Fix error when setting default keyring to NULL.
* Autostart gnome-keyring-daemon in LXDE as well.
* Rework the startup again, to use a singleton crontrolled via dbus, to help
when no process was started by pam.
* Display password and confirm prompts when creating keyring.
* Allow specifying CKA_ID when creating collection.
* Give translatable label to created login keyring.
* When no default keyring set, use login keyring.
* Fix problem initializing socket path in rpc module.
* Fix endless loop in reading data.
* Potential fix or sporadic crash.
* Solaris build fixes.
* Updated translations.
Changes in version 2.29.90 are:
* Quit daemon when the dbus session is disconnected.
* GNU Hurd build fixes.
* Solaris build fixes.
* Translation fixes.
* Don't print out warnings on SSH v1 keys.
* Remove erroneous egg-dbus dependency.
* Allow saving password for encryption keys.
* Fix problems storing secrets in keyrings.
* Expose idle and timeout lock options for keyrings in the
prompt dialog. Fix remaining issues to get this to work.
* Display a different message when unlocking the login keyring.
* Fix problem with phantom 'xxx_1' keyrings appearing.
* Load and use the default keyring properly.
* Support accessing template style pkcs11 attributes.
* Fix endless loop when looking for encryption key password
in login keyring.
Changes in version 2.29.5 are:
* Implement lookup collection passwords in login keyring.
* Various prompting fixes.
* Store PKCS#11 objects after any attribute change.
* Add 'Type' property to Secret Service API DBus item interface
* Various warning, and uninitialized memory fixes.
Changes in version 2.29.4 are:
* Refactor how the daemon starts up.
* Allow init with already present environment variables, using --start.
* Install autostart files for each component of the daemon.
* New DBus Secret Service API for accessing passwords and secrets.
* Old protocol for accessing secrets is no longer present.
* libgnome-keyring is now its own module, and no longer bundled
with gnome-keyring.
* Use normal GtkEntry when prompting for passwords.
* Requires GTK+ 2.18
* Implement new more flexible control protocol for pam and startup.
* Complete more of the gp11 PKCS#11 wrapper library.
* Implement AES key wrapping and unwrapping in PKCS#11 components.
* Implement DH key generation and derivation in PKCS#11 components.
* Integrate testing of PKCS#11 components via p11-tests.
* Implement PKCS#11 component for storing 'keyring' style secrets.
* Don't complain if we can't set session environment variables.
* When running a debug build, warnings are fatal.
* Refactor testing.
* Encrypted channel for password with prompting dialog.
Changes in version 2.28.2 are:
* Add license to reference documentation.
* Sent output of g_printerr to syslog.
* No error when can't unlock login keyring.
* Fix assertion when comparing attributes.
* Fix freeing of unallocated memory in test.
* Don't barf on certificates with unsupported algorithm.
* Fix some memory leaks.
Changes in version 2.28.1 are:
* Fix support for SSH RSA1 keys.
* Fix a delay when the daemon quits.
* Use default D-Bus timeout when finding daemon.
* Make custom pkcs11 constants unsigned longs.
* Use unsigned long for module handle counter.
* Fix assertion when releasing secure memory block.
Changes in version 2.28.0 are:
* Fix build problems.
Changes in version 2.27.92 are:
* Some uses of glib memory routines to explicitly allocate memory.
* Fix erroneous assertion hit by gtk-doc and tests.
* Revert change which bumped libtasn1 required to 1.0.
* Fix logic for only_if option in PAM module.
* Handle unix signals on one thread.
* Better daemon startup and forking logic.
* Optional use of automake silent rules when available.
* No warning when a disk doesn't have a UDI identifier.
Changes in version 2.27.90 are:
* Build fixes on Solaris and FreeBSD.
* Take length of ASN.1 elements into account, when parsing.
Changes in version 2.27.5 are:
* Add support for lifetime constrained SSH identities.
* Use GtkBuilder files where glade files were used.
* Write private key files with tighter file permissions.
* Use gio instead of libhal for monitoring volumes.
Changes in version 2.27.4 are:
* Insurance in parsing keyring format for future changes.
* Add 'use_authtok' option to pam module.
* Test utility fix [Jon Downland]
* Add 'only_if=' option to pam module.
* Make 'Password:' prompt translatable in pam module.
* Use libgcrypt to generate iv/salt where needed.
* Remove old cu-test style unit tests.
* Code refactoring and cleanup, removed 'common' component.
* Auto generated ChangeLog.
* Cleanup unit tests, and make them run with 'make check'
Changes in version 2.26.3 are:
* Build fixes. [Alexis Ballier, Daniel Macks]
* Fix problem with RSA key sizes that are not a multiple of 8.
This affected use of SSH keys in particular.
* Fix crash related to secure memory. [Ryan Beasley]
Changes in version 2.26.1 are:
* Fix many problems with the new secure memory allocator.
* DBus now automatically starts the gnome-keyring service properly.
* When auto activating the gnome-keyring DBus service, check for an
already running daemon.
* Don't print critical warnings when registering with DBus fails.
* Bump glib dependency.
* Add DBus method for getting the gnome-keyring environment variables.
* Fix crash when prompting to unlock the keyring.
* Initialize daemon with LOGNAME and USERNAME environment variables.
* Build fixes [Ed Schouten]
Changes in version 2.26.0 are:
* Implement support for running gnome-keyring-daemon under valgrind.
* Checks for asn1Parser tool when configuring. [Alberto Ruiz].
* Only automatically expose PKCS#11 public key objects for private keys.
* Have the SSH agent only log into the token when we have a private
key that we want to access.
* Disable input method in password. [Takao Fujiwara]
Changes in version 2.25.92 are:
* Fix problems when multiple processes tried to initialize the
gnome-keyring-daemon at the same time, often resulting in a user
session that hung on login.
* Add compatibility support for loading SSH unlock passwords from
previous versions of gnome-keyring.
* Fix compiler warnings on 32-bit systems.
* Fix uninitialized variable usage. These resulted in crashes.
* Initialize PKCS#11 tokens before importing certificates or keys
to them. Remove previous auto-initialize idea.
* Add basic support for PKCS#11 SO logins.
* Fix focus issues in the import certificate/key dialog.
* When looking for PKCS#11 objects, skip tokens that have not been
initialized.
* Exit properly when an error occurs on importing a certificate or key.
* Hash objects when storing them in PKCS#11 user-store and validate the
hashes when loading them.
* Build fix on Solaris [Jeff Cai]
* If login keyring doesn't exist when changing a PAM password, don't
create it automatically. [Vincent Untz]
* Close stdin/stdout when not running the daemon in foreground. This
fixes a regression in scripts starting gnome-keyring-daemon.
Changes in version 2.25.91 are:
* Complete certificate details display in the gcr library.
* Correctly escape prompt markup. [Joe Shaw, Magnus Boman]
* Show correct MD5 hash in certificate display. [Fabrizio Tarizzo]
* Overhaul the secure memory allocator to have memory guards,
and also be more sparing with secure memory.
* Add C++ header guards to public headers. [Xan Lopez]
* Prompt to initialize new PKCS#11 tokens with a password.
* Fix output of RSA keys to be interoperable.
* Translation fixes.
* Fix problems importing certificates and keys.
* More code reorganization.
* Add support for netscape trust objects, so Root CA certificates
can be trusted by NSS.
* Fixes to the PKCS#11 headers on 64-bit systems. [Christophe Fergeau]
Changes in version 2.25.90 are:
* Add certificate UI bit to gcr library.
* Can now again clear the cached authentication from an SSH key.
* Add some additional helper functions to gp11 library.
* Fix some corner cases in signal handling. [James Henstridge]
* Don't crash when trying to lock keyrings that don't have a password.
* Fix problems running on 64-bit systems. [Christophe Fergeau]
* Build fixes [Theppitak Karoonboonyanan, Saleem Abdulrasool]
Changes in version 2.25.5 are:
* Refactor out gcr library for crypto UI and related tasks.
* Code refactoring.
* Support automatically initializing a PKCS#11 token when not initialized.
* Add modular user-store module for general storage of keys and certs.
* Build fixes [Saleem Abdulrasool, Jeff Cai]
* Add modular roots-store module for storage of trusted CA certs.
* Add modular rpc-layer for communication between module and daemon.
* Add modular ssh-agent as the main gnome-keyring-daemon agent.
Changes in version 2.25.4.2 are:
* The modular ssh agent uses keys from all available PKCS#11 slots.
* Fix compiler warnings.
* Fix broken release.
Changes in version 2.25.4.1 are:
* Fix broken release.
Changes in version 2.25.4 are:
* Half way through refactoring of PKCS#11 support.
* Add crypto support to gp11 library.
* gp11 library is now by and large thread-safe.
* Add modular ssh-store, roots and rpc-layer PKCS#11 components.
* Beginnings of a PKCS#11 based ssh-agent.
* Transactional storage of PKCS#11 objects.
* Add auto-authenticate support in GP11 library, which greatlty
simplifies figuring out when to provide passwords.
* Fix initialization problems which prevented SSH agent from setting
environment variables properly [Yanko Kaneti]
* Translation fixes [Gabor Kelemen]
Changes in version 2.25.2 are:
* Fix PKCS#11 corner cases highlighted by p11-tests tool.
* Solaris fixes [Halton Huo, Jeff Cai]
* Don't use non-pageable memory for public keys.
* Rework initialization of daemon, and the way that it integrates
with the session.
* Close open file descriptors before starting daemon from PAM module.
* Don't try and unlock keyring from PAM if daemon isn't
running. [Vincent Untz]
* Don't leave keyring daemon running if PAM just started it for
a password change. [Vincent Untz]
* Add a keyboard accelerator to the 'Deny' button. [Gabor Kelemen]
* Use pkg-config to detect libtasn1. [Jeff Cai]
* Register environment variables with session properly.
* Make DBUS a required dependency of gnome-keyring.
Changes in version 2.25.1 are:
* Remove usage of deprecated glib/gtk stuff.
Changes in version 2.24.1 are:
* Fix crash on logout on Solaris. [Jeff Cai]
* Add missing 'server' attribute to the NETWORK_PASSWORD schema.
Changes in version 2.24.0 are:
* Update documentation for functions in gp11 library
* Ungrab the keyboard properly when a password prompt is minimized.
* Report errors from keyboard grabbing.
* Fix build problems with gcc 4.3.
* PKCS#11 initialize compatibility fix for OpenSC. [Joe Orton]
* Make all errors from prompt process go to syslog.
* When prompting for a password on import, don't go into an endless
loop for blank passwords.
* Fix problems with PK indexes overwriting one another.
* Don't add additional extensions on storage files when the extension
is already correct.
* Load all objects when a PKCS#11 session is opened, regardless of
whether a C_FindObjects is run or not.
Changes in version 2.23.92 are:
* Build fix for Solaris. [Jeff Cai]
* Import the LANG environment variable into daemon enviroment
so that dialogs display with correct translations.
Changes in version 2.23.91 are:
* Use 'Change' instead of 'Create' when prompting the user for
a password to change keyring password. [Adam Schreiber]
* Fix RSA signing with X509 mechanism.
* Tweaking of the asynchronous scheduling to prevent hangs.
* Add some documentation for GP11 library.
* Translation fixes.
* Build fixes. [Götz Waschk]
Changes in version 2.23.90 are:
* Use 'Create' button instead of 'OK' when prompting the user for
a password to create a new keyring. [Adam Schreiber]
* Fix more cases where 'Deny' choice by a user resulted in
more subsequent prompts.
* Automatically create non-existant directories when storing files.
* Fix problem prompting for the same password twice when parsing a
PFX or PKCS#12 file.
* Don't offer to store password during import operation.
* Don't try to store certificates encrypted on the disk.
* Add command line tool for importing of keys and certificates.
* Fix problems with SSH agent not unlocking keys properly.
* Build fixes. [John Ralls]
Changes in version 2.23.6 are:
* If the user denies a prompt, then don't prompt the same prompt
again for that connection to the daemon.
* Bug fixes for loading of SSH keys.
* Add gconf schema for noting the user's configured PKCS#11 modules.
* Update and bug fixes for the new GP11 library.
* Better reference counting of internal objects.
* When a certificate is in the roots storage, assume it is a CA if
no basic constraints are present.
* Add ability of PKCS#11 module to accept a string on its reserved
initialization argument, similar to NSS's libsoftkn3 module.
* Translation fixes.
* Build fixes.
Changes in version 2.23.5 are:
* Load all SSH keys in ~/.ssh named id_?sa*, not just id_rsa
and id_dsa. Also load public portions of keys when needed ie: *.pub
* Include new GP11 library, which is a GLib wrapper for PKCS#11
* Add ability to import keys/certificates to PKCS#11.
* Better storage and creation of PKCS#11 objects.
* Start using GTest for new unit testing.
* Better indexing of keys and certificates.
* Better buffer handling, and threading fixes. [Jon Burgress]
* Fix warnings in logs caused by programs checking whether
gnome-keyring is available.
* Standardize on libgcrypt random number generator.
* Add --disable-acl-prompts option to disable all ACL prompting [Colin Walters]
* Build fixes.
Changes in version 2.22.2 are:
* Streamline the importing of keys and make the proper prompts show up
consistently. Better fixes for this to come in 2.24.x
* Don't show 'location' field in most password prompts.
* Return serial number of certificates properly to requesting programs.
* Fix crash when receiving certain HAL events.
* Build fixes [Brian Cameron, Matthias Drochner, Antoine Jacoutot]
Changes in version 2.22.1 are:
* Add SSH agent protocol 1 support.
* Make 'ssh-add -D' lock any SSH private keys that gnome-keyring is
automatically loading.
* Reconnect to system DBus whenever the system bus restarts. [Sjoerd Simons]
* Log to syslog even when running in the foreground [Tony Espy]
* Add a configure option to disable building of the SSH agent.
* Build fixes. [Alex Converse, Andrea Del Signore]
Changes in version 2.22.0 are:
* Build fix. [Jens Granseuer]
Changes in version 2.21.92 are:
* Sync up user's session environment with the daemon, so that
things like X authentication, DBUS etc... work properly.
* Shutdown socket connections properly, so things don't hang, when
wrong versions of daemon/library are used.
* Limit PKCS#12 parsing to a clearly defined subset of the format.
* Decrypt PKCS#12 with empty passwords properly.
* Build fixes.
* Translation fixes.
Changes in version 2.21.91 are:
* Don't prompt for a password from the PAM module since
gnome-keyring is not an authenticator. [Ray Strode]
* Check that PKCS#11 socket connections come from same user.
* Don't lock the entire gnome-keyring-ask process in memory.
Just the password text. Works better when less non-pageable
memory is available.
* Basic serializing of certificates and keys.
* Build fixes.
* Translation fixes.
Changes in version 2.21.90 are:
* Fix problem where most keyrings were being treated as insecure
from the point of view of storing passwords for keys or certificates.
* Fix race condition that is causing deadlocks and freezes.
Changes in version 2.21.5 are:
* Proper support for creating and destroying objects through PKCS#11.
* Support for setting PKCS#11 attributes.
* Fix hanging of daemon under certain conditions.
* Add gconf setting for determining which components of the daemon
(such as SSH) are run at startup.
* Better parsing of objects and prompting for passwords in PKCS#12 files.
* Calculate trust and purpose/usage of certificates.
* Mark certain key/certificate directories as special requiring certain
special treatment (such as the CA root store, SSH keys etc...)
* Add support for unencrypted keyrings which are used when the user
specifies a blank password.
* Fix crasher [Jeff Cai]
* Build fixes.
Changes in version 2.21.4 are:
* x86_64 memory alignment fixes
* Other build and install fixes
* Solaris build fixes [Halton Huo]
* Automatically activate keyring daemon via DBus if it is not already
running. [Tom Parker]
Changes in version 2.21.3.2 are:
* x86_64 build fixes
* Build and install fixes
* Fix problems with assertions when not in debug mode.
* Fix some crashers
* Better ASN.1 and PKCS#11 date parsing and handling
* Fix return results from C_GetAttributeValue
* Lookup certificates related to keys properly.
Changes in version 2.21.3.1 are:
* Build fixes
* Use SHA1 instead of MD5 where possible.
* Install PKCS#11 module to a better prefix
Changes in version 2.21.3 are:
* Added basic X.509 certificate and key store
* PKCS#11 module for accessing certificates and keys
* Now includes an SSH agent
* PAM module now works with SELinux [Alexander Larrson]
* Add a simpler API for accessing and storing passwords.
Changes in version 2.20.3 are:
* Use correct environment to startup gnome-keyring-daemon from PAM.
* Fix crash when comparing item attributes. [Sam Morris]
* Fix crash on shutdown. [Jeff Cai]
* Build fix for OpenBSD [Martynas Venckus]
Changes in version 2.20.2 are:
* Build fixes for systems that require GNU_SOURCE to be defined. [Christopher Taylor]
* Builds with the latest DBus [Owen Taylor]
* Build fix for OpenBSD [Jasper Lievisse Adriaanse]
* Don't print out a warning message in applications using libgnome-keyring when
non-pageable memory cannot be allocated.
Changes in version 2.20.1 are:
* Link pam module properly with libpam [Sebastian Dröge]
* Remove 'install-pam' make target [Rémi Cardona]
* Return a 'not found' result when no results are returned
from a find operation.
* Don't remove 'default' file on exit. [Alex Larrson]
* Recognize newly created keyrings properly. [Darren Kenny]
Changes in version 2.20 are:
* Build fixes [Halton Huo]
* Translation fixes [Claude Paroz]
Changes in version 2.19.91 are:
* Builds with newer versions of DBus [Theppitak Karoonboonyanan]
* In the PAM module we now support starting gnome-keyring-daemon when
the user's session actually starts, rather than during password validation.
This makes us more solid and sane with GDM and well behaved PAM using
applications. [Chris Rivera]
* In the PAM module check that the socket is owned by the same user, before
sending the login password there.
* Don't read from /dev/random when not needed. This makes startup faster
in many cases, as it won't block for entropy.
* Get around more optimizations that cancel out wiping of strings in
memory before freeing.
* Now builds on FreeBSD [Joe Marcus Clarke]
Changes in version 2.19.90 are:
* Fix problem where keyrings are created in wrong directory [Nathaniel McCallum]
* Incorporated security fixes from Novell
* Fix crashers when the ask dialog sends back bad data.
* Now builds on Solaris [Damien Carbery]
* Configure PAM module directory better [Matthias Clasen]
* Fix memory leaks
Changes in version 2.19.6.1 are:
* Fix uninitialized variable in 'get_item_info' operation
* Better installing of PAM module on Fedora. [Matthias Clasen]
* Build fixes [Jens Granseuer, Claudio Saavedra]
Changes in version 2.19.6 are:
* Grab the keyboard when prompting for passwords, and always put the prompt
window above other windows.
* Now supports use of keyrings on removable drives.
* PAM module to automatically unlock keyrings on login, or unlocking
* Simplify daemon code (now uses cooperative threading) and get it ready for
other PKCS#11, SSH and other stuff running in same process.
Changes in version 2.19.5 are:
* Allow passing NULL as a password to gnome_keyring_unlock()
* Added strerror() like functionality for GnomeKeyringResult
* Added support for async version of gnome_keyring_item_grant_access_rights_sync()
* Handle unix signals properly, quit gracefully.
* Fix memory leaks [Alexander Sack]
* Make unit tests automatic when building a distribution tarball
* Fix prompt messages [Jürg Billeter]
* Fix problems prompting for access to items when the keyring is locked.
* Non-pageable memory degrades gracefully on Solaris, FreeBSD
* Build fixes [Theppitak Karoonboonyanan, Christian Kirbach]
* API Documentation
Changes in version 2.19.4.1 are:
* Build fix for unit tests
Changes in version 2.19.4 are:
* Fixed problem where zero find results returned 'denied'.
* Fixed ugly password prompt for making a new keyring.
* Consistent use of NULL in the API to represent the default keyring.
* Use non-pageable memory for secrets and passwords.
* Log warning and error messages to syslog when running as a daemon.
* Added unit tests for the gnome-keyring API.
* Refactored and reorganized the code.
Changes in version 2.19.2 are:
* Sync up version number with GNOME release schedule
* Use libgcrypt instead of hand-rolled encryption algorithms.
* Internationalization fixes [Elijah Newren]
* Solaris build fixes.
Changes in version 0.8 are:
* Translations
Changes in version 0.7.92 are:
* Fix build by including sys/types.h
* In gnome_keyring_free() don't crash on NULL parameter.
Changes in version 0.7.91 are:
* Add method for library to discover daemon via DBus. Adds soft
DBus dependency.
* Fixes for building on kFreeBSD.
Changes in version 0.7.3 are:
* Fix endless loop when creating a keyring and a file by that name
already exists.
* Fix crasher when deleting session keyring.
* Fix crasher when doing find operation with NULL attribute string.
* Sync files to disk after writing to keyring.
Changes in version 0.7.2 are:
* Don't have multiple password dialogs presented for the same
keyring
Changes in version 0.7.1 are:
* Added GNOME_KEYRING_ITEM_APPLICATION_SECRET which allows an item
to be for a single application only with strict access controls.
* New function gnome_keyring_item_get_info_full(_sync) which allow
retrieval of item meta data without the secret, thus not incurring
an ACL prompt.
* Translation updates
Changes in version 0.6.0 are:
* NetBSD fixes
* Crash fix
* Typo fix
* Translations
Changes in version 0.5.2 are:
* Translation updates
* Better title in docs
* Fixed crashes
* New function: gnome_keyring_item_grant_access_rights_sync
Changes in version 0.5.1 are:
* Support changing password of a keyring
* Create ~/.gnome2 if needed
* Save keyring when an ACL is added
* Add password strength meter
* Small bugfixes
Changes in version 0.4.9 are:
* Fix return value for some sync calls
* Translation updates
Changes in version 0.4.8 are:
* Fix crash when asking for password
* Translation updates
Changes in version 0.4.7 are:
* Fix --disable-nls
* Translation updates
Changes in version 0.4.6 are:
* Confirm password when selecting new password
Changes in version 0.4.5 are:
* Fix a crash in some sync functions.
Changes in version 0.4.4 are:
* Translation updates
* warning fixes
* require gtk 2.6
Changes in version 0.4.3 are:
* Translation updates
* Fix bug in acl functions
* implement gnome_keyring_set_info
* add sync function for all operations
* fix leaks
Changes in version 0.4.2 are:
* AIX portability fixes
* Translation updates
Changes in version 0.4.1 are:
* Support for slaving lifecycle to a file descriptor
* Translation updates
Changes in version 0.4.0 are:
* Build fix on some systems
* Translation updates
Changes in version 0.3.3 are:
* Translation updates
Changes in version 0.3.2 are:
* New API functions for getting/setting ACL
* Implemented delete keyring operation
Changes in version 0.3.1 are:
* New and updated translations.
* New introduction document
* unlocking the NULL keyring unlocks the default keyring
Changes in version 0.2.1 are:
* New and updated translations.
Changes in version 0.2.0 are:
* New and updated translations.
Changes in version 0.1.91 are:
* New translations
Changes in version 0.1.90 are:
* New translations
* uninstalled pkg-config file
Changes in version 0.1.4 are:
* New translations
* put gnome-keyring-ask in libexec
Changes in version 0.1.3 are:
* Fixed leaks
* Portability fixes
* Don't split strings for translations
Changes in version 0.1.2 are:
* Spelling fix in API
* require latest gtk/glib
* use g_get_tmp_dir instead of hardcoding /tmp
* More translations
Changes in version 0.1.2 are:
* Slave lifecycle to session
* More translations
* Nicer user interface
* FreeBSD fixes
* Solaris fixes