CHANGELOG.rst 7.54 KB
Newer Older
David Baker's avatar
David Baker committed
1
2
3
4
5
6
7
8
Changes in latest release

BREAKING CHANGE: Olm now uses WebAssembly which means it needs
to load the wasm file asynchronously, and therefore needs to be
started up asynchronously. The imported module now has an init()
method which returns a promise. The library cannot be used until
this promise resolves. It will reject if the library fails to start.

David Baker's avatar
David Baker committed
9
10
11
12
olm_pk_generate_key() and olm_pk_generate_key_random_length() have
been removed: to generate a random key, use olm_pk_key_from_private()
with random bytes as the private key.

Hubert Chathi's avatar
Hubert Chathi committed
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
Changes in `2.3.0 <http://matrix.org/git/olm/commit/?h=2.3.0>`_

This release includes the following changes since 2.2.2:

* Support building on Windows. Thanks to Marcel Radzio.
* Avoid C99 inside C++ code. Thanks to Alexey Rusakov.
* Support building as a static library. Thanks to Andreas Zwinkau.

New functionality:

* Add a number of methods for public key encryption and decryption. This
  functionality is meant for use with allowing virus scanning of encrypted
  attachments, server-side encrypted key backups, and possibly other uses. The
  methods are listed in the ``olm/pk.h`` header file. Corresponding wrappers
  are available in the JavaScript and Android wrappers. Objective-C and Python
  wrappers will be available in a future release.

Android wrapper:

* Update build tool dependencies
* Apply some hardening flags and fix some compilation and run-time issues.
  Thanks in part to Arnaud Fontaine.

Objective-C wrapper:

* Update project file
* Fix compiler warnings

Python wrapper:

* Add binding for ``olm_remove_one_time_keys``. Thanks to Wilfried Klaebe.
* Add utility module for ``ed25519_verify``. Thanks to Alexander Maznev.
* Improve portability. Thanks to Jan Jancar.

Richard van der Hoff's avatar
Richard van der Hoff committed
47
48
49
50
51
52
53
54
Changes in `2.2.2 <http://matrix.org/git/olm/commit/?h=2.2.2>`_
===============================================================

Objective-C wrapper:

* Fixed type of ``messageIndex`` argument in
  ``exportSessionAtMessageIndex``. Thanks to Greg Hughes.

Richard van der Hoff's avatar
Richard van der Hoff committed
55
56
57
58
59
60
Changes in `2.2.1 <http://matrix.org/git/olm/commit/?h=2.2.1>`_
===============================================================

The only change in this release is a fix to the build scripts for the
Objective-C wrapper which made it impossible to release the 2.2.0 CocoaPod.

61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
Changes in `2.2.0 <http://matrix.org/git/olm/commit/?h=2.2.0>`_
===============================================================

This release includes the following changes since 2.1.0:

* Add Java wrappers to allow use under Android.

New functionality:

* Add a number of methods allowing InboundGroupSessions to be exported and
  imported. These are: ``olm_inbound_group_session_first_known_index``,
  ``olm_export_inbound_group_session_length``,
  ``olm_export_inbound_group_session``, ``olm_import_inbound_group_session``
  and ``olm_inbound_group_session_is_verified``. Corresponding wrappers are
  available in the Javascript, Python, Objective-C and Android wrappers.

Objective-C wrapper:

* Fix a number of issues with the build scripts which prevented it being used
  for macOS/Swift projects. Thanks to Avery Pierce.

Richard van der Hoff's avatar
Richard van der Hoff committed
82
Changes in `2.1.0 <http://matrix.org/git/olm/commit/?h=2.1.0>`_
83
84
===============================================================

Richard van der Hoff's avatar
Richard van der Hoff committed
85
86
87
88
89
90
91
92
93
94
95
96
This release includes the following changes since 2.0.0:

* Add OLMKit, the Objective-C wrapper. Thanks to Chris Ballinger for the
  initial work on this.

Javascript wrapper:

* Handle exceptions during loading better (don't leave a half-initialised
  state).
* Allow applications to tune emscripten options (such as the amount of heap).
* Allocate memory for encrypted/decrypted messages on the empscripten heap,
  rather than the stack, allowing more efficient memory use.
97
98


99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
Changes in `2.0.0 <http://matrix.org/git/olm/commit/?h=2.0.0>`_
===============================================================

This release includes the following changes since 1.3.0:

* Fix a buffer bounds check when decoding group messages.
* Update ``olm_group_decrypt`` to return the ratchet index for decrypted
  messages.
* Fix ``olm_pickle_account``, ``olm_pickle_session``,
  ``olm_pickle_inbound_group_session`` and
  ``olm_pickle_outbound_group_session`` to correctly return the length of the
  pickled object.
* Add a `specification <./docs/megolm.rst>`_ of the Megolm ratchet, and add
  some information on mitigating unknown key-share attacks to the `Olm
  specification <./docs/olm.rst>`_.
114
115
* Add an ``install-headers`` target to the Makefile (and run it when installing
  the library). (Credit to Emmanuel Gil Peyrot).
116

Richard van der Hoff's avatar
Richard van der Hoff committed
117

118
119
120
Changes in `1.3.0 <http://matrix.org/git/olm/commit/?h=1.3.0>`_
===============================================================

121
122
This release updates the group session identifier to avoid collisions.
Group sessions are now identified by their ed25519 public key.
123
124
125
126
127
128
129
130
131
132
133

These changes alter the pickle format of outbound group sessions, attempting
to unpickle an outbound group session created with a previous version of olm
will give ``OLM_CORRUPTED_PICKLE``. Inbound sessions are unaffected.

This release alters the format of group session_key messages to include the
ratchet counter. The session_key messages are now self signed with their
ed25519 key. No attempt was made to preserve backwards-compatibility.
Attempting to send session_keys between old and new versions will give
``OLM_BAD_SESSION_KEY``.

134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
Changes in `1.2.0 <http://matrix.org/git/olm/commit/?h=1.2.0>`_
===============================================================

This release updates the implementation of group session communications, to
include Ed25519 signatures on group messages, to ensure that participants in
group sessions cannot masquerade as each other.

These changes necessitate changes to the pickle format of inbound and outbound
group sessions, as well as the session_keys exchanged between them. No attempt
has been made to preserve backwards-compatibility:

* Attempting to restore old pickles will give ``OLM_CORRUPTED_PICKLE``.
* Attempting to send session_keys between old and new versions will give
  ``OLM_BAD_SESSION_KEY``.
* Attempting to send messages between old and new versions will give one of a
  number of errors.

There were also a number of implementation changes made as part of this
release, aimed at making the codebase more consistent, and to help with the
implementation of the group message signatures.


156
157
158
159
160
Changes in `1.1.0 <http://matrix.org/git/olm/commit/?h=1.1.0>`_
===============================================================

This release includes a fix to a bug which caused Ed25519 keypairs to be
generated and used insecurely. Any Ed25519 keys generated by libolm 1.0.0
Richard van der Hoff's avatar
Richard van der Hoff committed
161
or earlier should be considered compromised.
162
163
164
165
166
167

The fix necessitates a change to the format of the OlmAccount pickle; since
existing OlmAccounts should in any case be considered compromised (as above),
the library refuses to load them, returning OLM_BAD_LEGACY_ACCOUNT_PICKLE.


Richard van der Hoff's avatar
Richard van der Hoff committed
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
Changes in `1.0.0 <http://matrix.org/git/olm/commit/?h=1.0.0>`_
===============================================================

This release includes a fix to a bug which had the potential to leak sensitive
data to the application: see
https://github.com/vector-im/vector-web/issues/1719. Users of pre-1.x.x
versions of the Olm library should upgrade. Our thanks to `Dmitry Luyciv
<https://github.com/dluciv>`_ for bringing our attention to the bug.

Other changes since 0.1.0:

 * *Experimental* implementation of the primitives for group sessions. This
   implementation has not yet been used in an application and developers are
   advised not to rely on its stability.

 * Replace custom build scripts with a Makefile.

 * Include the major version number in the soname of libolm.so (credit to
   Emmanuel Gil Peyrot).