Changes in version 2.30.3 are: * Fix deadlock that we inadvertently created in 2.30.2 Changes in version 2.30.2 are: * Fix possible race condition in gp11 library. * Use proper locking for secure memory in daemon. * Fix broken startup when used with gdm and password-less login. * Fix checking of uninitialized value in prompting code. * Make sure the service files are created correctly * Add dbus activation service file for org.freedesktop.secrets * Build fixes of *.desktop and *.service files Changes in version 2.30.1 are: * Updated translations. * Build fixes for errors and distribution problems. * Fixes for building on recent GTK versions. * Remove accidental storage of user's login password in login keyring. * Fix assertion when exiting. Changes in version 2.30.0 are: * More robust error display and handling. * Don't assert on va_list. * Don't save session keyring to disk. * Allow unlocking even when always unlock is not available. * Hide the automatically unlock check when login not usable. * Fix various issues storing and using auto unlock passwords. * Updated translations. Changes in version 2.29.92 are: * Fix various problems with not storing secret value properly. * Return no results when a search includes a bad collection identifier. * Don't raise error if ssh client disconnects early. * Allow running in a test environment. * Fix error when setting default keyring to NULL. * Autostart gnome-keyring-daemon in LXDE as well. * Rework the startup again, to use a singleton crontrolled via dbus, to help when no process was started by pam. * Display password and confirm prompts when creating keyring. * Allow specifying CKA_ID when creating collection. * Give translatable label to created login keyring. * When no default keyring set, use login keyring. * Fix problem initializing socket path in rpc module. * Fix endless loop in reading data. * Potential fix or sporadic crash. * Solaris build fixes. * Updated translations. Changes in version 2.29.90 are: * Quit daemon when the dbus session is disconnected. * GNU Hurd build fixes. * Solaris build fixes. * Translation fixes. * Don't print out warnings on SSH v1 keys. * Remove erroneous egg-dbus dependency. * Allow saving password for encryption keys. * Fix problems storing secrets in keyrings. * Expose idle and timeout lock options for keyrings in the prompt dialog. Fix remaining issues to get this to work. * Display a different message when unlocking the login keyring. * Fix problem with phantom 'xxx_1' keyrings appearing. * Load and use the default keyring properly. * Support accessing template style pkcs11 attributes. * Fix endless loop when looking for encryption key password in login keyring. Changes in version 2.29.5 are: * Implement lookup collection passwords in login keyring. * Various prompting fixes. * Store PKCS#11 objects after any attribute change. * Add 'Type' property to Secret Service API DBus item interface * Various warning, and uninitialized memory fixes. Changes in version 2.29.4 are: * Refactor how the daemon starts up. * Allow init with already present environment variables, using --start. * Install autostart files for each component of the daemon. * New DBus Secret Service API for accessing passwords and secrets. * Old protocol for accessing secrets is no longer present. * libgnome-keyring is now its own module, and no longer bundled with gnome-keyring. * Use normal GtkEntry when prompting for passwords. * Requires GTK+ 2.18 * Implement new more flexible control protocol for pam and startup. * Complete more of the gp11 PKCS#11 wrapper library. * Implement AES key wrapping and unwrapping in PKCS#11 components. * Implement DH key generation and derivation in PKCS#11 components. * Integrate testing of PKCS#11 components via p11-tests. * Implement PKCS#11 component for storing 'keyring' style secrets. * Don't complain if we can't set session environment variables. * When running a debug build, warnings are fatal. * Refactor testing. * Encrypted channel for password with prompting dialog. Changes in version 2.28.2 are: * Add license to reference documentation. * Sent output of g_printerr to syslog. * No error when can't unlock login keyring. * Fix assertion when comparing attributes. * Fix freeing of unallocated memory in test. * Don't barf on certificates with unsupported algorithm. * Fix some memory leaks. Changes in version 2.28.1 are: * Fix support for SSH RSA1 keys. * Fix a delay when the daemon quits. * Use default D-Bus timeout when finding daemon. * Make custom pkcs11 constants unsigned longs. * Use unsigned long for module handle counter. * Fix assertion when releasing secure memory block. Changes in version 2.28.0 are: * Fix build problems. Changes in version 2.27.92 are: * Some uses of glib memory routines to explicitly allocate memory. * Fix erroneous assertion hit by gtk-doc and tests. * Revert change which bumped libtasn1 required to 1.0. * Fix logic for only_if option in PAM module. * Handle unix signals on one thread. * Better daemon startup and forking logic. * Optional use of automake silent rules when available. * No warning when a disk doesn't have a UDI identifier. Changes in version 2.27.90 are: * Build fixes on Solaris and FreeBSD. * Take length of ASN.1 elements into account, when parsing. Changes in version 2.27.5 are: * Add support for lifetime constrained SSH identities. * Use GtkBuilder files where glade files were used. * Write private key files with tighter file permissions. * Use gio instead of libhal for monitoring volumes. Changes in version 2.27.4 are: * Insurance in parsing keyring format for future changes. * Add 'use_authtok' option to pam module. * Test utility fix [Jon Downland] * Add 'only_if=' option to pam module. * Make 'Password:' prompt translatable in pam module. * Use libgcrypt to generate iv/salt where needed. * Remove old cu-test style unit tests. * Code refactoring and cleanup, removed 'common' component. * Auto generated ChangeLog. * Cleanup unit tests, and make them run with 'make check' Changes in version 2.26.3 are: * Build fixes. [Alexis Ballier, Daniel Macks] * Fix problem with RSA key sizes that are not a multiple of 8. This affected use of SSH keys in particular. * Fix crash related to secure memory. [Ryan Beasley] Changes in version 2.26.1 are: * Fix many problems with the new secure memory allocator. * DBus now automatically starts the gnome-keyring service properly. * When auto activating the gnome-keyring DBus service, check for an already running daemon. * Don't print critical warnings when registering with DBus fails. * Bump glib dependency. * Add DBus method for getting the gnome-keyring environment variables. * Fix crash when prompting to unlock the keyring. * Initialize daemon with LOGNAME and USERNAME environment variables. * Build fixes [Ed Schouten] Changes in version 2.26.0 are: * Implement support for running gnome-keyring-daemon under valgrind. * Checks for asn1Parser tool when configuring. [Alberto Ruiz]. * Only automatically expose PKCS#11 public key objects for private keys. * Have the SSH agent only log into the token when we have a private key that we want to access. * Disable input method in password. [Takao Fujiwara] Changes in version 2.25.92 are: * Fix problems when multiple processes tried to initialize the gnome-keyring-daemon at the same time, often resulting in a user session that hung on login. * Add compatibility support for loading SSH unlock passwords from previous versions of gnome-keyring. * Fix compiler warnings on 32-bit systems. * Fix uninitialized variable usage. These resulted in crashes. * Initialize PKCS#11 tokens before importing certificates or keys to them. Remove previous auto-initialize idea. * Add basic support for PKCS#11 SO logins. * Fix focus issues in the import certificate/key dialog. * When looking for PKCS#11 objects, skip tokens that have not been initialized. * Exit properly when an error occurs on importing a certificate or key. * Hash objects when storing them in PKCS#11 user-store and validate the hashes when loading them. * Build fix on Solaris [Jeff Cai] * If login keyring doesn't exist when changing a PAM password, don't create it automatically. [Vincent Untz] * Close stdin/stdout when not running the daemon in foreground. This fixes a regression in scripts starting gnome-keyring-daemon. Changes in version 2.25.91 are: * Complete certificate details display in the gcr library. * Correctly escape prompt markup. [Joe Shaw, Magnus Boman] * Show correct MD5 hash in certificate display. [Fabrizio Tarizzo] * Overhaul the secure memory allocator to have memory guards, and also be more sparing with secure memory. * Add C++ header guards to public headers. [Xan Lopez] * Prompt to initialize new PKCS#11 tokens with a password. * Fix output of RSA keys to be interoperable. * Translation fixes. * Fix problems importing certificates and keys. * More code reorganization. * Add support for netscape trust objects, so Root CA certificates can be trusted by NSS. * Fixes to the PKCS#11 headers on 64-bit systems. [Christophe Fergeau] Changes in version 2.25.90 are: * Add certificate UI bit to gcr library. * Can now again clear the cached authentication from an SSH key. * Add some additional helper functions to gp11 library. * Fix some corner cases in signal handling. [James Henstridge] * Don't crash when trying to lock keyrings that don't have a password. * Fix problems running on 64-bit systems. [Christophe Fergeau] * Build fixes [Theppitak Karoonboonyanan, Saleem Abdulrasool] Changes in version 2.25.5 are: * Refactor out gcr library for crypto UI and related tasks. * Code refactoring. * Support automatically initializing a PKCS#11 token when not initialized. * Add modular user-store module for general storage of keys and certs. * Build fixes [Saleem Abdulrasool, Jeff Cai] * Add modular roots-store module for storage of trusted CA certs. * Add modular rpc-layer for communication between module and daemon. * Add modular ssh-agent as the main gnome-keyring-daemon agent. Changes in version 2.25.4.2 are: * The modular ssh agent uses keys from all available PKCS#11 slots. * Fix compiler warnings. * Fix broken release. Changes in version 2.25.4.1 are: * Fix broken release. Changes in version 2.25.4 are: * Half way through refactoring of PKCS#11 support. * Add crypto support to gp11 library. * gp11 library is now by and large thread-safe. * Add modular ssh-store, roots and rpc-layer PKCS#11 components. * Beginnings of a PKCS#11 based ssh-agent. * Transactional storage of PKCS#11 objects. * Add auto-authenticate support in GP11 library, which greatlty simplifies figuring out when to provide passwords. * Fix initialization problems which prevented SSH agent from setting environment variables properly [Yanko Kaneti] * Translation fixes [Gabor Kelemen] Changes in version 2.25.2 are: * Fix PKCS#11 corner cases highlighted by p11-tests tool. * Solaris fixes [Halton Huo, Jeff Cai] * Don't use non-pageable memory for public keys. * Rework initialization of daemon, and the way that it integrates with the session. * Close open file descriptors before starting daemon from PAM module. * Don't try and unlock keyring from PAM if daemon isn't running. [Vincent Untz] * Don't leave keyring daemon running if PAM just started it for a password change. [Vincent Untz] * Add a keyboard accelerator to the 'Deny' button. [Gabor Kelemen] * Use pkg-config to detect libtasn1. [Jeff Cai] * Register environment variables with session properly. * Make DBUS a required dependency of gnome-keyring. Changes in version 2.25.1 are: * Remove usage of deprecated glib/gtk stuff. Changes in version 2.24.1 are: * Fix crash on logout on Solaris. [Jeff Cai] * Add missing 'server' attribute to the NETWORK_PASSWORD schema. Changes in version 2.24.0 are: * Update documentation for functions in gp11 library * Ungrab the keyboard properly when a password prompt is minimized. * Report errors from keyboard grabbing. * Fix build problems with gcc 4.3. * PKCS#11 initialize compatibility fix for OpenSC. [Joe Orton] * Make all errors from prompt process go to syslog. * When prompting for a password on import, don't go into an endless loop for blank passwords. * Fix problems with PK indexes overwriting one another. * Don't add additional extensions on storage files when the extension is already correct. * Load all objects when a PKCS#11 session is opened, regardless of whether a C_FindObjects is run or not. Changes in version 2.23.92 are: * Build fix for Solaris. [Jeff Cai] * Import the LANG environment variable into daemon enviroment so that dialogs display with correct translations. Changes in version 2.23.91 are: * Use 'Change' instead of 'Create' when prompting the user for a password to change keyring password. [Adam Schreiber] * Fix RSA signing with X509 mechanism. * Tweaking of the asynchronous scheduling to prevent hangs. * Add some documentation for GP11 library. * Translation fixes. * Build fixes. [Götz Waschk] Changes in version 2.23.90 are: * Use 'Create' button instead of 'OK' when prompting the user for a password to create a new keyring. [Adam Schreiber] * Fix more cases where 'Deny' choice by a user resulted in more subsequent prompts. * Automatically create non-existant directories when storing files. * Fix problem prompting for the same password twice when parsing a PFX or PKCS#12 file. * Don't offer to store password during import operation. * Don't try to store certificates encrypted on the disk. * Add command line tool for importing of keys and certificates. * Fix problems with SSH agent not unlocking keys properly. * Build fixes. [John Ralls] Changes in version 2.23.6 are: * If the user denies a prompt, then don't prompt the same prompt again for that connection to the daemon. * Bug fixes for loading of SSH keys. * Add gconf schema for noting the user's configured PKCS#11 modules. * Update and bug fixes for the new GP11 library. * Better reference counting of internal objects. * When a certificate is in the roots storage, assume it is a CA if no basic constraints are present. * Add ability of PKCS#11 module to accept a string on its reserved initialization argument, similar to NSS's libsoftkn3 module. * Translation fixes. * Build fixes. Changes in version 2.23.5 are: * Load all SSH keys in ~/.ssh named id_?sa*, not just id_rsa and id_dsa. Also load public portions of keys when needed ie: *.pub * Include new GP11 library, which is a GLib wrapper for PKCS#11 * Add ability to import keys/certificates to PKCS#11. * Better storage and creation of PKCS#11 objects. * Start using GTest for new unit testing. * Better indexing of keys and certificates. * Better buffer handling, and threading fixes. [Jon Burgress] * Fix warnings in logs caused by programs checking whether gnome-keyring is available. * Standardize on libgcrypt random number generator. * Add --disable-acl-prompts option to disable all ACL prompting [Colin Walters] * Build fixes. Changes in version 2.22.2 are: * Streamline the importing of keys and make the proper prompts show up consistently. Better fixes for this to come in 2.24.x * Don't show 'location' field in most password prompts. * Return serial number of certificates properly to requesting programs. * Fix crash when receiving certain HAL events. * Build fixes [Brian Cameron, Matthias Drochner, Antoine Jacoutot] Changes in version 2.22.1 are: * Add SSH agent protocol 1 support. * Make 'ssh-add -D' lock any SSH private keys that gnome-keyring is automatically loading. * Reconnect to system DBus whenever the system bus restarts. [Sjoerd Simons] * Log to syslog even when running in the foreground [Tony Espy] * Add a configure option to disable building of the SSH agent. * Build fixes. [Alex Converse, Andrea Del Signore] Changes in version 2.22.0 are: * Build fix. [Jens Granseuer] Changes in version 2.21.92 are: * Sync up user's session environment with the daemon, so that things like X authentication, DBUS etc... work properly. * Shutdown socket connections properly, so things don't hang, when wrong versions of daemon/library are used. * Limit PKCS#12 parsing to a clearly defined subset of the format. * Decrypt PKCS#12 with empty passwords properly. * Build fixes. * Translation fixes. Changes in version 2.21.91 are: * Don't prompt for a password from the PAM module since gnome-keyring is not an authenticator. [Ray Strode] * Check that PKCS#11 socket connections come from same user. * Don't lock the entire gnome-keyring-ask process in memory. Just the password text. Works better when less non-pageable memory is available. * Basic serializing of certificates and keys. * Build fixes. * Translation fixes. Changes in version 2.21.90 are: * Fix problem where most keyrings were being treated as insecure from the point of view of storing passwords for keys or certificates. * Fix race condition that is causing deadlocks and freezes. Changes in version 2.21.5 are: * Proper support for creating and destroying objects through PKCS#11. * Support for setting PKCS#11 attributes. * Fix hanging of daemon under certain conditions. * Add gconf setting for determining which components of the daemon (such as SSH) are run at startup. * Better parsing of objects and prompting for passwords in PKCS#12 files. * Calculate trust and purpose/usage of certificates. * Mark certain key/certificate directories as special requiring certain special treatment (such as the CA root store, SSH keys etc...) * Add support for unencrypted keyrings which are used when the user specifies a blank password. * Fix crasher [Jeff Cai] * Build fixes. Changes in version 2.21.4 are: * x86_64 memory alignment fixes * Other build and install fixes * Solaris build fixes [Halton Huo] * Automatically activate keyring daemon via DBus if it is not already running. [Tom Parker] Changes in version 2.21.3.2 are: * x86_64 build fixes * Build and install fixes * Fix problems with assertions when not in debug mode. * Fix some crashers * Better ASN.1 and PKCS#11 date parsing and handling * Fix return results from C_GetAttributeValue * Lookup certificates related to keys properly. Changes in version 2.21.3.1 are: * Build fixes * Use SHA1 instead of MD5 where possible. * Install PKCS#11 module to a better prefix Changes in version 2.21.3 are: * Added basic X.509 certificate and key store * PKCS#11 module for accessing certificates and keys * Now includes an SSH agent * PAM module now works with SELinux [Alexander Larrson] * Add a simpler API for accessing and storing passwords. Changes in version 2.20.3 are: * Use correct environment to startup gnome-keyring-daemon from PAM. * Fix crash when comparing item attributes. [Sam Morris] * Fix crash on shutdown. [Jeff Cai] * Build fix for OpenBSD [Martynas Venckus] Changes in version 2.20.2 are: * Build fixes for systems that require GNU_SOURCE to be defined. [Christopher Taylor] * Builds with the latest DBus [Owen Taylor] * Build fix for OpenBSD [Jasper Lievisse Adriaanse] * Don't print out a warning message in applications using libgnome-keyring when non-pageable memory cannot be allocated. Changes in version 2.20.1 are: * Link pam module properly with libpam [Sebastian Dröge] * Remove 'install-pam' make target [Rémi Cardona] * Return a 'not found' result when no results are returned from a find operation. * Don't remove 'default' file on exit. [Alex Larrson] * Recognize newly created keyrings properly. [Darren Kenny] Changes in version 2.20 are: * Build fixes [Halton Huo] * Translation fixes [Claude Paroz] Changes in version 2.19.91 are: * Builds with newer versions of DBus [Theppitak Karoonboonyanan] * In the PAM module we now support starting gnome-keyring-daemon when the user's session actually starts, rather than during password validation. This makes us more solid and sane with GDM and well behaved PAM using applications. [Chris Rivera] * In the PAM module check that the socket is owned by the same user, before sending the login password there. * Don't read from /dev/random when not needed. This makes startup faster in many cases, as it won't block for entropy. * Get around more optimizations that cancel out wiping of strings in memory before freeing. * Now builds on FreeBSD [Joe Marcus Clarke] Changes in version 2.19.90 are: * Fix problem where keyrings are created in wrong directory [Nathaniel McCallum] * Incorporated security fixes from Novell * Fix crashers when the ask dialog sends back bad data. * Now builds on Solaris [Damien Carbery] * Configure PAM module directory better [Matthias Clasen] * Fix memory leaks Changes in version 2.19.6.1 are: * Fix uninitialized variable in 'get_item_info' operation * Better installing of PAM module on Fedora. [Matthias Clasen] * Build fixes [Jens Granseuer, Claudio Saavedra] Changes in version 2.19.6 are: * Grab the keyboard when prompting for passwords, and always put the prompt window above other windows. * Now supports use of keyrings on removable drives. * PAM module to automatically unlock keyrings on login, or unlocking * Simplify daemon code (now uses cooperative threading) and get it ready for other PKCS#11, SSH and other stuff running in same process. Changes in version 2.19.5 are: * Allow passing NULL as a password to gnome_keyring_unlock() * Added strerror() like functionality for GnomeKeyringResult * Added support for async version of gnome_keyring_item_grant_access_rights_sync() * Handle unix signals properly, quit gracefully. * Fix memory leaks [Alexander Sack] * Make unit tests automatic when building a distribution tarball * Fix prompt messages [Jürg Billeter] * Fix problems prompting for access to items when the keyring is locked. * Non-pageable memory degrades gracefully on Solaris, FreeBSD * Build fixes [Theppitak Karoonboonyanan, Christian Kirbach] * API Documentation Changes in version 2.19.4.1 are: * Build fix for unit tests Changes in version 2.19.4 are: * Fixed problem where zero find results returned 'denied'. * Fixed ugly password prompt for making a new keyring. * Consistent use of NULL in the API to represent the default keyring. * Use non-pageable memory for secrets and passwords. * Log warning and error messages to syslog when running as a daemon. * Added unit tests for the gnome-keyring API. * Refactored and reorganized the code. Changes in version 2.19.2 are: * Sync up version number with GNOME release schedule * Use libgcrypt instead of hand-rolled encryption algorithms. * Internationalization fixes [Elijah Newren] * Solaris build fixes. Changes in version 0.8 are: * Translations Changes in version 0.7.92 are: * Fix build by including sys/types.h * In gnome_keyring_free() don't crash on NULL parameter. Changes in version 0.7.91 are: * Add method for library to discover daemon via DBus. Adds soft DBus dependency. * Fixes for building on kFreeBSD. Changes in version 0.7.3 are: * Fix endless loop when creating a keyring and a file by that name already exists. * Fix crasher when deleting session keyring. * Fix crasher when doing find operation with NULL attribute string. * Sync files to disk after writing to keyring. Changes in version 0.7.2 are: * Don't have multiple password dialogs presented for the same keyring Changes in version 0.7.1 are: * Added GNOME_KEYRING_ITEM_APPLICATION_SECRET which allows an item to be for a single application only with strict access controls. * New function gnome_keyring_item_get_info_full(_sync) which allow retrieval of item meta data without the secret, thus not incurring an ACL prompt. * Translation updates Changes in version 0.6.0 are: * NetBSD fixes * Crash fix * Typo fix * Translations Changes in version 0.5.2 are: * Translation updates * Better title in docs * Fixed crashes * New function: gnome_keyring_item_grant_access_rights_sync Changes in version 0.5.1 are: * Support changing password of a keyring * Create ~/.gnome2 if needed * Save keyring when an ACL is added * Add password strength meter * Small bugfixes Changes in version 0.4.9 are: * Fix return value for some sync calls * Translation updates Changes in version 0.4.8 are: * Fix crash when asking for password * Translation updates Changes in version 0.4.7 are: * Fix --disable-nls * Translation updates Changes in version 0.4.6 are: * Confirm password when selecting new password Changes in version 0.4.5 are: * Fix a crash in some sync functions. Changes in version 0.4.4 are: * Translation updates * warning fixes * require gtk 2.6 Changes in version 0.4.3 are: * Translation updates * Fix bug in acl functions * implement gnome_keyring_set_info * add sync function for all operations * fix leaks Changes in version 0.4.2 are: * AIX portability fixes * Translation updates Changes in version 0.4.1 are: * Support for slaving lifecycle to a file descriptor * Translation updates Changes in version 0.4.0 are: * Build fix on some systems * Translation updates Changes in version 0.3.3 are: * Translation updates Changes in version 0.3.2 are: * New API functions for getting/setting ACL * Implemented delete keyring operation Changes in version 0.3.1 are: * New and updated translations. * New introduction document * unlocking the NULL keyring unlocks the default keyring Changes in version 0.2.1 are: * New and updated translations. Changes in version 0.2.0 are: * New and updated translations. Changes in version 0.1.91 are: * New translations Changes in version 0.1.90 are: * New translations * uninstalled pkg-config file Changes in version 0.1.4 are: * New translations * put gnome-keyring-ask in libexec Changes in version 0.1.3 are: * Fixed leaks * Portability fixes * Don't split strings for translations Changes in version 0.1.2 are: * Spelling fix in API * require latest gtk/glib * use g_get_tmp_dir instead of hardcoding /tmp * More translations Changes in version 0.1.2 are: * Slave lifecycle to session * More translations * Nicer user interface * FreeBSD fixes * Solaris fixes