Skip to content
Snippets Groups Projects
Normal view Permalink
CHANGELOG.rst 4.15 KiB
Newer Older
  • Learn to ignore specific revisions
    • manuroe's avatar
    OLMKit: Add it to olm from version 2.0.1  
    manuroe committed
    1 2 3 4 5 6 7 
    Changes in `2.0.1 <http://matrix.org/git/olm/commit/?h=2.0.1>`_
===============================================================

This release includes the following changes since 2.0.0

* Add OLMKit, the Objective-C wrapper.
    Richard van der Hoff's avatar
    Prepare changelog for v2.0.0  
    Richard van der Hoff committed
    8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 
    Changes in `2.0.0 <http://matrix.org/git/olm/commit/?h=2.0.0>`_
===============================================================

This release includes the following changes since 1.3.0:

* Fix a buffer bounds check when decoding group messages.
* Update ``olm_group_decrypt`` to return the ratchet index for decrypted
  messages.
* Fix ``olm_pickle_account``, ``olm_pickle_session``,
  ``olm_pickle_inbound_group_session`` and
  ``olm_pickle_outbound_group_session`` to correctly return the length of the
  pickled object.
* Add a `specification <./docs/megolm.rst>`_ of the Megolm ratchet, and add
  some information on mitigating unknown key-share attacks to the `Olm
  specification <./docs/olm.rst>`_.
    Richard van der Hoff's avatar
    Changelog: Mention install-headers  
    Richard van der Hoff committed
    23 24 
    * Add an ``install-headers`` target to the Makefile (and run it when installing
  the library). (Credit to Emmanuel Gil Peyrot).
    Richard van der Hoff's avatar
    Prepare changelog for v2.0.0  
    Richard van der Hoff committed
    25
    Mark Haines's avatar
    Changelog and version bump for 1.3.0  
    Mark Haines committed
    26 27 28 
    Changes in `1.3.0 <http://matrix.org/git/olm/commit/?h=1.3.0>`_
===============================================================
    Richard van der Hoff's avatar
    Prepare changelog for v2.0.0  
    Richard van der Hoff committed
    29 30 
    This release updates the group session identifier to avoid collisions.
Group sessions are now identified by their ed25519 public key.
    Mark Haines's avatar
    Changelog and version bump for 1.3.0  
    Mark Haines committed
    31 32 33 34 35 36 37 38 39 40 41 
    
These changes alter the pickle format of outbound group sessions, attempting
to unpickle an outbound group session created with a previous version of olm
will give ``OLM_CORRUPTED_PICKLE``. Inbound sessions are unaffected.

This release alters the format of group session_key messages to include the
ratchet counter. The session_key messages are now self signed with their
ed25519 key. No attempt was made to preserve backwards-compatibility.
Attempting to send session_keys between old and new versions will give
``OLM_BAD_SESSION_KEY``.
    Richard van der Hoff's avatar
    Prepare changelog for v1.2.0  
    Richard van der Hoff committed
    42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 
    Changes in `1.2.0 <http://matrix.org/git/olm/commit/?h=1.2.0>`_
===============================================================

This release updates the implementation of group session communications, to
include Ed25519 signatures on group messages, to ensure that participants in
group sessions cannot masquerade as each other.

These changes necessitate changes to the pickle format of inbound and outbound
group sessions, as well as the session_keys exchanged between them. No attempt
has been made to preserve backwards-compatibility:

* Attempting to restore old pickles will give ``OLM_CORRUPTED_PICKLE``.
* Attempting to send session_keys between old and new versions will give
  ``OLM_BAD_SESSION_KEY``.
* Attempting to send messages between old and new versions will give one of a
  number of errors.

There were also a number of implementation changes made as part of this
release, aimed at making the codebase more consistent, and to help with the
implementation of the group message signatures.
    Richard van der Hoff's avatar
    Fix Ed25519 keypair generation  
    Richard van der Hoff committed
    64 65 66 67 68 
    Changes in `1.1.0 <http://matrix.org/git/olm/commit/?h=1.1.0>`_
===============================================================

This release includes a fix to a bug which caused Ed25519 keypairs to be
generated and used insecurely. Any Ed25519 keys generated by libolm 1.0.0
    Richard van der Hoff's avatar
    update changelog  
    Richard van der Hoff committed
    69 
    or earlier should be considered compromised.
    Richard van der Hoff's avatar
    Fix Ed25519 keypair generation  
    Richard van der Hoff committed
    70 71 72 73 74 75 
    
The fix necessitates a change to the format of the OlmAccount pickle; since
existing OlmAccounts should in any case be considered compromised (as above),
the library refuses to load them, returning OLM_BAD_LEGACY_ACCOUNT_PICKLE.
    Richard van der Hoff's avatar
    Prepare 1.0.0 release
    Richard van der Hoff committed
    76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 
    Changes in `1.0.0 <http://matrix.org/git/olm/commit/?h=1.0.0>`_
===============================================================

This release includes a fix to a bug which had the potential to leak sensitive
data to the application: see
https://github.com/vector-im/vector-web/issues/1719. Users of pre-1.x.x
versions of the Olm library should upgrade. Our thanks to `Dmitry Luyciv
<https://github.com/dluciv>`_ for bringing our attention to the bug.

Other changes since 0.1.0:

 * *Experimental* implementation of the primitives for group sessions. This
   implementation has not yet been used in an application and developers are
   advised not to rely on its stability.

 * Replace custom build scripts with a Makefile.

 * Include the major version number in the soname of libolm.so (credit to
   Emmanuel Gil Peyrot).