Skip to content

Latest commit

 

History

History
140 lines (99 loc) · 5.86 KB

CHANGELOG.rst

File metadata and controls

140 lines (99 loc) · 5.86 KB

Changes in 2.2.2

Objective-C wrapper:

  • Fixed type of messageIndex argument in exportSessionAtMessageIndex. Thanks to Greg Hughes.

Changes in 2.2.1

The only change in this release is a fix to the build scripts for the Objective-C wrapper which made it impossible to release the 2.2.0 CocoaPod.

Changes in 2.2.0

This release includes the following changes since 2.1.0:

  • Add Java wrappers to allow use under Android.

New functionality:

  • Add a number of methods allowing InboundGroupSessions to be exported and imported. These are: olm_inbound_group_session_first_known_index, olm_export_inbound_group_session_length, olm_export_inbound_group_session, olm_import_inbound_group_session and olm_inbound_group_session_is_verified. Corresponding wrappers are available in the Javascript, Python, Objective-C and Android wrappers.

Objective-C wrapper:

  • Fix a number of issues with the build scripts which prevented it being used for macOS/Swift projects. Thanks to Avery Pierce.

Changes in 2.1.0

This release includes the following changes since 2.0.0:

  • Add OLMKit, the Objective-C wrapper. Thanks to Chris Ballinger for the initial work on this.

Javascript wrapper:

  • Handle exceptions during loading better (don't leave a half-initialised state).
  • Allow applications to tune emscripten options (such as the amount of heap).
  • Allocate memory for encrypted/decrypted messages on the empscripten heap, rather than the stack, allowing more efficient memory use.

Changes in 2.0.0

This release includes the following changes since 1.3.0:

  • Fix a buffer bounds check when decoding group messages.
  • Update olm_group_decrypt to return the ratchet index for decrypted messages.
  • Fix olm_pickle_account, olm_pickle_session, olm_pickle_inbound_group_session and olm_pickle_outbound_group_session to correctly return the length of the pickled object.
  • Add a specification of the Megolm ratchet, and add some information on mitigating unknown key-share attacks to the Olm specification.
  • Add an install-headers target to the Makefile (and run it when installing the library). (Credit to Emmanuel Gil Peyrot).

Changes in 1.3.0

This release updates the group session identifier to avoid collisions. Group sessions are now identified by their ed25519 public key.

These changes alter the pickle format of outbound group sessions, attempting to unpickle an outbound group session created with a previous version of olm will give OLM_CORRUPTED_PICKLE. Inbound sessions are unaffected.

This release alters the format of group session_key messages to include the ratchet counter. The session_key messages are now self signed with their ed25519 key. No attempt was made to preserve backwards-compatibility. Attempting to send session_keys between old and new versions will give OLM_BAD_SESSION_KEY.

Changes in 1.2.0

This release updates the implementation of group session communications, to include Ed25519 signatures on group messages, to ensure that participants in group sessions cannot masquerade as each other.

These changes necessitate changes to the pickle format of inbound and outbound group sessions, as well as the session_keys exchanged between them. No attempt has been made to preserve backwards-compatibility:

  • Attempting to restore old pickles will give OLM_CORRUPTED_PICKLE.
  • Attempting to send session_keys between old and new versions will give OLM_BAD_SESSION_KEY.
  • Attempting to send messages between old and new versions will give one of a number of errors.

There were also a number of implementation changes made as part of this release, aimed at making the codebase more consistent, and to help with the implementation of the group message signatures.

Changes in 1.1.0

This release includes a fix to a bug which caused Ed25519 keypairs to be generated and used insecurely. Any Ed25519 keys generated by libolm 1.0.0 or earlier should be considered compromised.

The fix necessitates a change to the format of the OlmAccount pickle; since existing OlmAccounts should in any case be considered compromised (as above), the library refuses to load them, returning OLM_BAD_LEGACY_ACCOUNT_PICKLE.

Changes in 1.0.0

This release includes a fix to a bug which had the potential to leak sensitive data to the application: see element-hq/element-web#1719. Users of pre-1.x.x versions of the Olm library should upgrade. Our thanks to Dmitry Luyciv for bringing our attention to the bug.

Other changes since 0.1.0:

  • Experimental implementation of the primitives for group sessions. This implementation has not yet been used in an application and developers are advised not to rely on its stability.
  • Replace custom build scripts with a Makefile.
  • Include the major version number in the soname of libolm.so (credit to Emmanuel Gil Peyrot).