Changes in version 42.0 are: * secret-portal: Properly check the default keyring [!49] * Build fixes [!44, !48, !50] * ssh-agent: Fix crash by uninitialized GMutex [!45] * fix looping off the end of the operations array [#105, !47] * readme: Mention libsecret instead of deprecated libgnome-keyring [!37] * daemon: Make it systemd-activatable through the control socket [!35] * Updated translations Changes in version 40.0 are: * Update libcap-ng capability handling [!33, !34] * Updated translations Changes in version 3.36.0 are: * Updated translations Changes in version 3.35.90 are: * Use shorter strings for prompt titles [!30] * pam: Provide more insight from pam_gnome_keyring about unlocking [!28] * Don't use GTimeVal/g_get_current_time() [!26] * Don't use g_type_class_add_private() [!26] * Build fixes [!29] * Updated translations Changes in version 3.35.1 are: * dbus: Implement secret portal backend [!18] * Updated translations Changes in version 3.34.0 are: * dbus-environment: Race fix in Setenv request to gnome-session [!19] * egg: Request that secure memory not be dumped to disk [!15] * Build and test fixes [!16, !20, !24, ...] * Updated translations Changes in version 3.31.91 are: * pam: fix daemon control file detection [!11] * Updated translations Changes in version 3.31.90 are: * pam: lookup XDG_RUNTIME_DIR using get_any_env [!5] * Reinstate pkcs11 module for specific programs [!7, !8] * Build fixes [!4, !9, !10] * Updated translations Changes in version 3.28.0.1 are: * Fix linking with "-z defs" [#794274] Changes in version 3.28.0 are: * Fix TAP test driver Changes in version 3.27.92 are: * Wrap stock ssh-agent from OpenSSH [#775981] * Stop installing p11-kit configuration file for the PKCS#11 module [#791401] * Updated translations Changes in version 3.27.4 are: * Add support for SHA2 extension for RSA signatures in ssh-agent [#790910] * Build fixes [#792278, #787387] * Updated translations Changes in version 3.27.2 are: * Add support for ECDSA in ssh-agent [#641082] * Wipe passwords stored by the PAM module [#781486] * Fix shared key derivation between libsecret and gnome-keyring [#778357] * Fix erroneous handling of partial writes in write_sync_close [#778269] * Set CKF_LOGIN_REQUIRED flag in ssh-module * Build and testing fixes [#774312, #781785] * Updated translations Changes in version 3.20.0 are: * Updated translations Changes in version 3.19.90 are: * Accept empty passwords for --unlock [#762095] * srcdir != builddir fixes * Updated translations Changes in version 3.19.4 are: * Fix up startup and initialization [#756324] * Fix DBus "Type" property of org.freedesktop.Secret.Item [#759399] * Build fixes [#753698] * Updated translations Changes in version 3.18.3 are: * Fix regression looking up secrets in default keyring [#756865] * Updated translations * Fix manpage typos [#756812] Changes in version 3.18.2 are: * Fix regression in ported GDBus prompting [#756032] * Other minor fixes Changes in version 3.18.1 are: * Fix regression initializing gnome-keyring-daemon [#756059] * Fix regression racing for DBus name during startup [#756006] * Build and testing fixes [#755873] * Updated translations Changes in version 3.18.0 are: * Fix test crash [#731802] Changes in version 3.17.91 are: * More fixes for GDBus migration [#622905] * Fix a memory leak [#752919] Changes in version 3.17.4 are: * Remove temporary files on failure [#746334] * Migrate DBus code to GVariant and GDBus [#622905] * Remove the GnuPG agent [#750514] * Updated translations Changes in version 3.16.0 are: * Fix build issues highlighted by GCC 5.x * Updated translations Changes in version 3.15.92 are: * pam: Make sure to never block SIGCHLD [#745673] * Revert "ssh-agent: Fix leak in seach_keys_like_attributes()" * Updated translations Changes in version 3.15.90 are: * Fix leaks [#738508] * Refactoring * Build fixes [#740190] * Updated translations Changes in version 3.14.0 are: * Remove residual GTK+ usage * Updated translations * Build fixes Changes in version 3.13.91 are: * Initialize correctly with empty passwords during login [#736085] * Don't use geteuid() to get UID for user in PAM module [#733418] * Fix for libgcrypt 1.6+ * Build fixes Changes in version 3.12.2 are: * Build fixes Changes in version 3.12.0 are: * Build and testing fixes Changes in version 3.11.92 are: * Use $XDG_RUNTIME_DIR to create keyring socket directory [#725801] * Stop exporting the $GNOME_KEYRING_CONTROL env variable [#725801] * Stop exposing a GNOME_KEYRING_PID variable [#725801] * Pass XDG_RUNTIME_DIR to new gnome-keyring-daemon process [#726196] * Fix issue with changed password not unlocking keyring [#726196] * Add new --unlock option to prompt for login password [#710187] * When in foreground mode, close stdout when done initializing * Exit gnome-keyring-daemon when the DBus connection closes [#708765] * Don't initialize in an idle handler, this is racy * Don't log debug messages to syslog [#711537] * Documentation fixes [#711581 ...] * License fixes [#721549] * Dependency on GLib 2.38+ * Updated translations * Modernize autotools setup and other build fixes * Parallel testing and add new tests Changes in version 3.10.1 are: * Build fix on OpenBSD [#706405] * Add manual page * Minor error message fixes * Updated translations Changes in version 3.10.0 are: * Minor logic fix [#708483] Changes in version 3.9.90 are: * Fix running gnome-keyring-daemon under test harness * Test fixes [#702367] Changes in version 3.9.1 are: * Fix implementation of LockService dbus method [#690466] * Updated translations [nl] * Build fixes Changes in version 3.8.1 are: * Updated translations Changes in version 3.8.0 are: * Updated translations Changes in version 3.7.92 are: * Update introspection data of Collection.SearchItems() [#695115] * Update the Item.Created and Item.Modified properties correctly [#695052] * Updated translations * Build fixes Changes in version 3.7.91 are: * Remove the roots-store module replaced by p11-kit 0.16+ trust module * Only return one object path list from Collection.SearchItems() [#695115] * Fix order of items returned from SearchItems() [#693884] * Build fixes Changes in version 3.7.5 are: * Set correct type for Collection's "Locked" property * Don't warn if the GNOME session manager is not available * Updated Translations * Fix crasher in armor code * Build fixes Changes in version 3.7.2 are: * Bring over DER parsing fixes from GCR library * Fix corner case where long DER length overflows * Fix crash when parsing invalid DER files * Handle empty secrets correctly * Only print debug message if no pkcs11 socket * Other minor fixes * More complete test coverage Changes in version 3.7.1 are: * Remove dependency on GTK+ * Build fixes Changes in version 3.6.1 are: * Fix regressions with keyring master password changing * Load schema for secret items correctly, prevents storing multiple times for items stored via libsecret * Setup translations properly when daemon starts * Fix memory leak in PKCS#11 module * Updated translations Changes in version 3.6.0 are: * Updated translations Changes in version 3.5.92 are: * Updated translations Changes in version 3.5.91 are: * Updated translations Changes in version 3.5.90 are: * Use the XDG directories for storing keys * Updated translations * Better handling of the --replace argument to gnome-keyring-daemon * Fix ability to store keyring files without using hardlinks * Make the GPG agent password caching options work correctly Changes in version 3.5.5 are: * Initialize PKCS#11 correctly in gnome-keyring tool * Rename the p11-kit module file * Use setsid() to become a process leader when daemonizing * Build fixes Changes in version 3.5.4 are: * Support the xdg:schema attribute on secret items * Update to newer glib dependency and remove redundant code * Encode passwords correctly for gpg2 in the gpg-agent * Fix types of the DBus Created and Modified properties * Expose the 'session' and 'login' keyrings as aliases * Emit Secret Service signals when collections/items change * Fix some spurious warnings * Testing fixes Changes in version 3.5.3 are: * Return correct introspect data for Secret Service * Fix the gnome2-store for gcr importer, and test * Debug and logging fixes * Updated translations * Build fixes Changes in version 3.4.1 are: * Set 'text/plain' content type on secrets returned from daemon * Use correct XDG_RUNTIME_DIR when started from PAM * Updated translations * License fix * More tests * Build fixes Changes in version 3.4.0 are: * Updated translations Changes in version 3.3.92 are: * Use runtime dir instead of /tmp for sockets * Updated translations * Fix copyright headers * Build fixes Changes in version 3.3.91 are: * Fix regression in changing a keyring master password * Set better button labels for the prompts * Fix assertion when cancelling a unlock prompt * Use a single CA certificates file by default * Updated translations Changes in version 3.3.5 are: * Updated translations * Fix introspection data for SearchItems() * Fix regression when an invalid password used to unlock keyring Changes in version 3.3.4 are: * Updated translations * Build fixes Changes in version 3.3.3.1 are: * No message in gnome-keyring-pkcs11.so module, when no daemon running * Updated translations * Build fixes Changes in version 3.3.3 are: * Distribute correct desktop autostart files * Use GcrPrompt and GcrSystemPrompt for prompting * Do not crash when reading a truncated keyring file * Add test tool for dumping the keyring format * Update for GckBuilder changes in libgck * Fix for deprecations in glib 2.31.x * Fix ReadAlias() returning null when 'login' keyring exists * Build fixes, bug fixes Changes in version 3.3.2 are: * Do not make label selectionnable in prompt dialog * Fix deadlock in the 'unsafe storage' prompt * Better locking for the old gnome2-store * Updated translations * Build fixes Changes in version 3.3.1.1 are: * Build correctly against glib 2.31 Changes in version 3.3.1 are: * Return most recent secret first when searching * Split the Gcr and Gck libraries out of gnome-keyring * Build fixes * Updated translations Changes in version 3.2.2 are: * Fix problem with 'unsafe storage' prompt deadlocking * Remove XFCE & LXDE from OnlyShowIn for autostart files * Use g_random_int_range() for pseudo-random hash iteration count * Return password results with the most recent result first * Make clear source of warnings from the rpc module * Updated translations * Build fixes Changes in version 3.2.1 are: * Fix debugging output, and erroneous warnings * Updated translations Changes in version 3.2.0 are: * Don't install setuid when filesystem capabilities not available * Updated translations Changes in version 3.1.92 are: * Add back the file format "documentation" * Make .desktop file match prompt process so icon and title are shown * Fix packaging issues installing the pkcs11 module * return correct error code in gpg-agent for unimplemented stuff * Fixes for parsing/viewing various (sometimes slightly invalid) PKCS#12 files * Allow daemon to access secrets of internal PKCS#11 modules, so that we can do things like hash NTLM and Kerberos secrets in the future. * Build and documentation fixes * Updated translations Changes in version 3.1.91 are: * gcr-viewer will now display errors when failing to load a file. * gcr-viewer can now prompt for passwords to unlock files * Add support for getting the current data block being parsed in GcrParser. * Add debug output to various points in the GCR and GCK libraries. * When replacing another gnome-keyring-daemon, wait a moment before initializing. * Fix GCR library initialization bugs loading PKCS#11 modules. * Fine tuning of GcrParser when parsing PKCS#12 files. * Build and packaging fixes * Updated translations Changes in version 3.1.90 are: * Install better xdg-mime files for identifying crypto related file types * New gcr-viewer for viewing certificates and keys, hooked up to file types * Display tweaks for the certificate and key widgets * Don't initialize PKCS#11 modules automatically in gcr library unless needed. * Cleanup the libgck API since we're bumping the major version. * ABI fixes for the GCR library for changes in the 3.1.x release cycle * New automatic checks for symbols that have changed in the ABI * Add async PKCS#11 initialization functions to libgck * Display Certificate otherName subject-alt-name for xmppAddr and DNS SRV * Documentation, testing, translation and build fixes. Changes in version 3.1.4 are: * New GcrListSelector class for selecting multiple keys. * Add icons for key and key pair. * Gcr now has support for loading of GnuPG keys from gpg, including photos. * New gcr dependency on p11-kit for loading PKCS#11 modules. * Remove support for GTK+ 2.x * Implement calculation of fingerprints in gcr for keys. * Fix problems in daemon if IPC lock or FS capabilities are not available. * Bug fixes and build fixes. * Code cleanup and refactoring. Changes in version 3.1.1 are: * Add 'Export Certificate' option to right click of certificate widget. * Use file system linux capabilities for memory locking. * Set correct daemon SELinux context when started from PAM module. * Fix assertions in parser. * Add GcrCollection interface to represent collections of objects. * Add GcrGnupgCollection to libgcr. * Implement functionality in renderers to populate GtkTreeModel * Add a GcrSelector widget. * Cleanup unregistering from session. * Translations and translation fixes. Changes in version 3.0.3 are: * Build fixes on OpenBSD. * Don't prompt multiple times for simultaneous unlocking of keyrings. Changes in version 3.0.2 are: * Add documentation images for gcr widgets. * Translation fixes. * Build fixes. Changes in version 3.0.1 are: * Fix clicking buttons in 'unsafe storage' dialog on GTK+3 * Build with GTK+3 by default * More tests and test fine tuning: --enable-tests=yes/no/full * Expand path in gnome-keyring-prompt.desktop properly * Implement debug tracing in parts of gcr library. * Complete documentation in gcr and gck libraries. * Fix assertions in gcr library during parsing of a stream. * Build fixes Changes in version 3.0.0 are: * Translations Changes in version 2.91.93 are: * Use full interface.Property form for CreateCollection and CreateItem in the DBus API. * Add deprecated functions for libgcr symbols lost since 2.32.x * Don't crash when the GPG agent is asked for a passhprase without a key id. Changes in version 2.91.92 are: * Don't leak login name from PAM when logging error. * Also start daemon in XFCE * Fix inability to save password for other keyrings. * Build and test fixes. * Support removal of aliases via the secret service API * Fix race condition when multiple applications create the default keyring at the same time. * Add a desktop file for gnome-keyring-prompt, so the icon shows up properly in gnome-shell. * Implement HKDF for transport encryption security. Changes in version 2.91.91 are: * Fix the certificate details expander when used with GTK+3 * Calculate the minimum/natural size of the certificate widget better. * Fix gnome-keyring-prompt for GTK+3 release. * Fix problems with the URIs used for trust lookup and storage. * Pass around a content-type for secrets in the DBus Secret Service API. * If DBus couldn't be initialized when starting up the daemon, try again at a later point. * Build and testing fixes. * Remove support for the pkcs11-options file, and wait for a proper configuration file setup being worked on in p11-kit. * Add support for --version argument to gnome-keyring-daemon and gnome-keyring * Create necessary directory when storing trust assertion objects. Changes in version 2.91.4 are: * gck library loads PKCS#11 modules from /usr/lib/pkcs11 * PKCS#11 config file in /etc/xdg/pkcs11.conf[.defaults] * Many ASN.1 encoding fixes. * Refactor how tests work. * Install standalone PKCS#11 modules to a consistent location. * Memory leaks and other bug fixes. * Allow enumeration of objects in specific PKCS#11 slots as well as modules. * Add GcrCertificateChain for building certificate chains. * Implementation of the initial PKCS#11 Trust Assertions spec. * Add GcrPkcs11Certificate for looking up certificates in PKCS#11 modules by issuer. * Expose gcr functionality for setting which PKCS#11 modules to use. * Find the root certificates by default. * Move to a single header model for libgcr. * Don't load *.la files when looking for PKCS#11 modules. * Fixes for GTK+3.0 * New xdg-store PKCS#11 module with support for storing trust assertions. * Rename old user-store to gnome2-store since it stores its data in old formats in the old .gnome2 location. Changes in version 2.91.3 are: * Shutdown module timer when holding proper mutex. * Linux capabilities to overcome limits on locked memory. * Update HACKING with coding style * Build fixes. Changes in version 2.91.2 are: * Add timeout if PAM startup doesn't complete shortly. * Fix login keyring password when it doesn't match unix login. * Replace gp11-0 with gck in pkgconfig file * Fix broken dispose of GcrCertificateWidget * Remove gp11 library. Changes in version 2.91.1 are: * Fix build problem in gpg-agent. * Properly distribute pkgconfig file for gck library. * Better certificate widget in gcr library. * Add extra debug guard around printing of prompt io. * Rework how the gcr parser and importer work together. * More GTK+ 3.0 fixes. Changes in version 2.91.0 are: * String and punctuation fixes. * Add libgck library to soon replace libgp11 * Migrate everything in gnome-keyring to libgp11 * Fix invalid memory access in PKCS#11 rpc-layer * Fix race condition in tests Changes in version 2.32.0 are: * Make bulids silent by default. Changes in version 2.31.92 are: * Require glib 2.25 or later. * Require automake 1.7 or later. * Fix assertion in secure memory code. * Don't go into endless loop when GPG Agent client disconnects. * Fix double free in gp11 library. * Fix crash during keyring unlock operation. * Expand prompt details when a non-default unlock option is chosen. * Migrate to gsettings. * Use gsettings for GPG agent unlock options. * Fix library header installation directory for libgcr. * Fix some errors parsing certificates. * Rework how unlock options are loaded and handled. * Fix saving of auto-unlock passwords. * Support building with GTK+ 3.0 * No warning message when SSH unlock prompt is cancelled. * Build fix finding PAM headers. * Build fix of PAM module for Hurd. Changes in version 2.31.91 are: * Fix problem with keyring names that contain foreign charaters. * Build fixes and warning fixes. * Better GPG Agent prompt strings. * More internal documentation. * Remove gconf as part of migration to gsettings. * Add --replace option to daemon. * Fix race condition in tests. * Use new DER decoding and encoding routines. * Only try to authenticate once if PKCS#11 slot has protected auth path. * Better handling of when PKCS#11 token is write protected. Changes in version 2.31.4 are: * New GPG Agent built into gnome-keyring-daemon * Start building (but not using) new DER parser and writer. * Fix building of desktop and service files. * Fix problems displaying prompts with certain characters in strings. * Fix deadlock on secure memory usage. * Refactor the way prompting works for PKCS#11 components. * Refactor the way testing works and files are named. * Implement coverage testing. * Cleanup whitespace issues and rename certain modules. * Tests can now involve prompts and responses. * Fix possible threading race condition in gp11. * Fix broken startup when used with gdm and password-less login. * Fix checking of uninitialized value in prompting code. Changes in version 2.30.1 are: * Updated translations. * Build fixes for errors and distribution problems. * Fixes for building on recent GTK versions. * Remove accidental storage of user's login password in login keyring. * Fix assertion when exiting. Changes in version 2.30.0 are: * More robust error display and handling. * Don't assert on va_list. * Don't save session keyring to disk. * Allow unlocking even when always unlock is not available. * Hide the automatically unlock check when login not usable. * Fix various issues storing and using auto unlock passwords. * Updated translations. Changes in version 2.29.92 are: * Fix various problems with not storing secret value properly. * Return no results when a search includes a bad collection identifier. * Don't raise error if ssh client disconnects early. * Allow running in a test environment. * Fix error when setting default keyring to NULL. * Autostart gnome-keyring-daemon in LXDE as well. * Rework the startup again, to use a singleton crontrolled via dbus, to help when no process was started by pam. * Display password and confirm prompts when creating keyring. * Allow specifying CKA_ID when creating collection. * Give translatable label to created login keyring. * When no default keyring set, use login keyring. * Fix problem initializing socket path in rpc module. * Fix endless loop in reading data. * Potential fix or sporadic crash. * Solaris build fixes. * Updated translations. Changes in version 2.29.90 are: * Quit daemon when the dbus session is disconnected. * GNU Hurd build fixes. * Solaris build fixes. * Translation fixes. * Don't print out warnings on SSH v1 keys. * Remove erroneous egg-dbus dependency. * Allow saving password for encryption keys. * Fix problems storing secrets in keyrings. * Expose idle and timeout lock options for keyrings in the prompt dialog. Fix remaining issues to get this to work. * Display a different message when unlocking the login keyring. * Fix problem with phantom 'xxx_1' keyrings appearing. * Load and use the default keyring properly. * Support accessing template style pkcs11 attributes. * Fix endless loop when looking for encryption key password in login keyring. Changes in version 2.29.5 are: * Implement lookup collection passwords in login keyring. * Various prompting fixes. * Store PKCS#11 objects after any attribute change. * Add 'Type' property to Secret Service API DBus item interface * Various warning, and uninitialized memory fixes. Changes in version 2.29.4 are: * Refactor how the daemon starts up. * Allow init with already present environment variables, using --start. * Install autostart files for each component of the daemon. * New DBus Secret Service API for accessing passwords and secrets. * Old protocol for accessing secrets is no longer present. * libgnome-keyring is now its own module, and no longer bundled with gnome-keyring. * Use normal GtkEntry when prompting for passwords. * Requires GTK+ 2.18 * Implement new more flexible control protocol for pam and startup. * Complete more of the gp11 PKCS#11 wrapper library. * Implement AES key wrapping and unwrapping in PKCS#11 components. * Implement DH key generation and derivation in PKCS#11 components. * Integrate testing of PKCS#11 components via p11-tests. * Implement PKCS#11 component for storing 'keyring' style secrets. * Don't complain if we can't set session environment variables. * When running a debug build, warnings are fatal. * Refactor testing. * Encrypted channel for password with prompting dialog. Changes in version 2.28.2 are: * Add license to reference documentation. * Sent output of g_printerr to syslog. * No error when can't unlock login keyring. * Fix assertion when comparing attributes. * Fix freeing of unallocated memory in test. * Don't barf on certificates with unsupported algorithm. * Fix some memory leaks. Changes in version 2.28.1 are: * Fix support for SSH RSA1 keys. * Fix a delay when the daemon quits. * Use default D-Bus timeout when finding daemon. * Make custom pkcs11 constants unsigned longs. * Use unsigned long for module handle counter. * Fix assertion when releasing secure memory block. Changes in version 2.28.0 are: * Fix build problems. Changes in version 2.27.92 are: * Some uses of glib memory routines to explicitly allocate memory. * Fix erroneous assertion hit by gtk-doc and tests. * Revert change which bumped libtasn1 required to 1.0. * Fix logic for only_if option in PAM module. * Handle unix signals on one thread. * Better daemon startup and forking logic. * Optional use of automake silent rules when available. * No warning when a disk doesn't have a UDI identifier. Changes in version 2.27.90 are: * Build fixes on Solaris and FreeBSD. * Take length of ASN.1 elements into account, when parsing. Changes in version 2.27.5 are: * Add support for lifetime constrained SSH identities. * Use GtkBuilder files where glade files were used. * Write private key files with tighter file permissions. * Use gio instead of libhal for monitoring volumes. Changes in version 2.27.4 are: * Insurance in parsing keyring format for future changes. * Add 'use_authtok' option to pam module. * Test utility fix [Jon Downland] * Add 'only_if=' option to pam module. * Make 'Password:' prompt translatable in pam module. * Use libgcrypt to generate iv/salt where needed. * Remove old cu-test style unit tests. * Code refactoring and cleanup, removed 'common' component. * Auto generated ChangeLog. * Cleanup unit tests, and make them run with 'make check' Changes in version 2.26.3 are: * Build fixes. [Alexis Ballier, Daniel Macks] * Fix problem with RSA key sizes that are not a multiple of 8. This affected use of SSH keys in particular. * Fix crash related to secure memory. [Ryan Beasley] Changes in version 2.26.1 are: * Fix many problems with the new secure memory allocator. * DBus now automatically starts the gnome-keyring service properly. * When auto activating the gnome-keyring DBus service, check for an already running daemon. * Don't print critical warnings when registering with DBus fails. * Bump glib dependency. * Add DBus method for getting the gnome-keyring environment variables. * Fix crash when prompting to unlock the keyring. * Initialize daemon with LOGNAME and USERNAME environment variables. * Build fixes [Ed Schouten] Changes in version 2.26.0 are: * Implement support for running gnome-keyring-daemon under valgrind. * Checks for asn1Parser tool when configuring. [Alberto Ruiz]. * Only automatically expose PKCS#11 public key objects for private keys. * Have the SSH agent only log into the token when we have a private key that we want to access. * Disable input method in password. [Takao Fujiwara] Changes in version 2.25.92 are: * Fix problems when multiple processes tried to initialize the gnome-keyring-daemon at the same time, often resulting in a user session that hung on login. * Add compatibility support for loading SSH unlock passwords from previous versions of gnome-keyring. * Fix compiler warnings on 32-bit systems. * Fix uninitialized variable usage. These resulted in crashes. * Initialize PKCS#11 tokens before importing certificates or keys to them. Remove previous auto-initialize idea. * Add basic support for PKCS#11 SO logins. * Fix focus issues in the import certificate/key dialog. * When looking for PKCS#11 objects, skip tokens that have not been initialized. * Exit properly when an error occurs on importing a certificate or key. * Hash objects when storing them in PKCS#11 user-store and validate the hashes when loading them. * Build fix on Solaris [Jeff Cai] * If login keyring doesn't exist when changing a PAM password, don't create it automatically. [Vincent Untz] * Close stdin/stdout when not running the daemon in foreground. This fixes a regression in scripts starting gnome-keyring-daemon. Changes in version 2.25.91 are: * Complete certificate details display in the gcr library. * Correctly escape prompt markup. [Joe Shaw, Magnus Boman] * Show correct MD5 hash in certificate display. [Fabrizio Tarizzo] * Overhaul the secure memory allocator to have memory guards, and also be more sparing with secure memory. * Add C++ header guards to public headers. [Xan Lopez] * Prompt to initialize new PKCS#11 tokens with a password. * Fix output of RSA keys to be interoperable. * Translation fixes. * Fix problems importing certificates and keys. * More code reorganization. * Add support for netscape trust objects, so Root CA certificates can be trusted by NSS. * Fixes to the PKCS#11 headers on 64-bit systems. [Christophe Fergeau] Changes in version 2.25.90 are: * Add certificate UI bit to gcr library. * Can now again clear the cached authentication from an SSH key. * Add some additional helper functions to gp11 library. * Fix some corner cases in signal handling. [James Henstridge] * Don't crash when trying to lock keyrings that don't have a password. * Fix problems running on 64-bit systems. [Christophe Fergeau] * Build fixes [Theppitak Karoonboonyanan, Saleem Abdulrasool] Changes in version 2.25.5 are: * Refactor out gcr library for crypto UI and related tasks. * Code refactoring. * Support automatically initializing a PKCS#11 token when not initialized. * Add modular user-store module for general storage of keys and certs. * Build fixes [Saleem Abdulrasool, Jeff Cai] * Add modular roots-store module for storage of trusted CA certs. * Add modular rpc-layer for communication between module and daemon. * Add modular ssh-agent as the main gnome-keyring-daemon agent. Changes in version 2.25.4.2 are: * The modular ssh agent uses keys from all available PKCS#11 slots. * Fix compiler warnings. * Fix broken release. Changes in version 2.25.4.1 are: * Fix broken release. Changes in version 2.25.4 are: * Half way through refactoring of PKCS#11 support. * Add crypto support to gp11 library. * gp11 library is now by and large thread-safe. * Add modular ssh-store, roots and rpc-layer PKCS#11 components. * Beginnings of a PKCS#11 based ssh-agent. * Transactional storage of PKCS#11 objects. * Add auto-authenticate support in GP11 library, which greatlty simplifies figuring out when to provide passwords. * Fix initialization problems which prevented SSH agent from setting environment variables properly [Yanko Kaneti] * Translation fixes [Gabor Kelemen] Changes in version 2.25.2 are: * Fix PKCS#11 corner cases highlighted by p11-tests tool. * Solaris fixes [Halton Huo, Jeff Cai] * Don't use non-pageable memory for public keys. * Rework initialization of daemon, and the way that it integrates with the session. * Close open file descriptors before starting daemon from PAM module. * Don't try and unlock keyring from PAM if daemon isn't running. [Vincent Untz] * Don't leave keyring daemon running if PAM just started it for a password change. [Vincent Untz] * Add a keyboard accelerator to the 'Deny' button. [Gabor Kelemen] * Use pkg-config to detect libtasn1. [Jeff Cai] * Register environment variables with session properly. * Make DBUS a required dependency of gnome-keyring. Changes in version 2.25.1 are: * Remove usage of deprecated glib/gtk stuff. Changes in version 2.24.1 are: * Fix crash on logout on Solaris. [Jeff Cai] * Add missing 'server' attribute to the NETWORK_PASSWORD schema. Changes in version 2.24.0 are: * Update documentation for functions in gp11 library * Ungrab the keyboard properly when a password prompt is minimized. * Report errors from keyboard grabbing. * Fix build problems with gcc 4.3. * PKCS#11 initialize compatibility fix for OpenSC. [Joe Orton] * Make all errors from prompt process go to syslog. * When prompting for a password on import, don't go into an endless loop for blank passwords. * Fix problems with PK indexes overwriting one another. * Don't add additional extensions on storage files when the extension is already correct. * Load all objects when a PKCS#11 session is opened, regardless of whether a C_FindObjects is run or not. Changes in version 2.23.92 are: * Build fix for Solaris. [Jeff Cai] * Import the LANG environment variable into daemon enviroment so that dialogs display with correct translations. Changes in version 2.23.91 are: * Use 'Change' instead of 'Create' when prompting the user for a password to change keyring password. [Adam Schreiber] * Fix RSA signing with X509 mechanism. * Tweaking of the asynchronous scheduling to prevent hangs. * Add some documentation for GP11 library. * Translation fixes. * Build fixes. [Götz Waschk] Changes in version 2.23.90 are: * Use 'Create' button instead of 'OK' when prompting the user for a password to create a new keyring. [Adam Schreiber] * Fix more cases where 'Deny' choice by a user resulted in more subsequent prompts. * Automatically create non-existant directories when storing files. * Fix problem prompting for the same password twice when parsing a PFX or PKCS#12 file. * Don't offer to store password during import operation. * Don't try to store certificates encrypted on the disk. * Add command line tool for importing of keys and certificates. * Fix problems with SSH agent not unlocking keys properly. * Build fixes. [John Ralls] Changes in version 2.23.6 are: * If the user denies a prompt, then don't prompt the same prompt again for that connection to the daemon. * Bug fixes for loading of SSH keys. * Add gconf schema for noting the user's configured PKCS#11 modules. * Update and bug fixes for the new GP11 library. * Better reference counting of internal objects. * When a certificate is in the roots storage, assume it is a CA if no basic constraints are present. * Add ability of PKCS#11 module to accept a string on its reserved initialization argument, similar to NSS's libsoftkn3 module. * Translation fixes. * Build fixes. Changes in version 2.23.5 are: * Load all SSH keys in ~/.ssh named id_?sa*, not just id_rsa and id_dsa. Also load public portions of keys when needed ie: *.pub * Include new GP11 library, which is a GLib wrapper for PKCS#11 * Add ability to import keys/certificates to PKCS#11. * Better storage and creation of PKCS#11 objects. * Start using GTest for new unit testing. * Better indexing of keys and certificates. * Better buffer handling, and threading fixes. [Jon Burgress] * Fix warnings in logs caused by programs checking whether gnome-keyring is available. * Standardize on libgcrypt random number generator. * Add --disable-acl-prompts option to disable all ACL prompting [Colin Walters] * Build fixes. Changes in version 2.22.2 are: * Streamline the importing of keys and make the proper prompts show up consistently. Better fixes for this to come in 2.24.x * Don't show 'location' field in most password prompts. * Return serial number of certificates properly to requesting programs. * Fix crash when receiving certain HAL events. * Build fixes [Brian Cameron, Matthias Drochner, Antoine Jacoutot] Changes in version 2.22.1 are: * Add SSH agent protocol 1 support. * Make 'ssh-add -D' lock any SSH private keys that gnome-keyring is automatically loading. * Reconnect to system DBus whenever the system bus restarts. [Sjoerd Simons] * Log to syslog even when running in the foreground [Tony Espy] * Add a configure option to disable building of the SSH agent. * Build fixes. [Alex Converse, Andrea Del Signore] Changes in version 2.22.0 are: * Build fix. [Jens Granseuer] Changes in version 2.21.92 are: * Sync up user's session environment with the daemon, so that things like X authentication, DBUS etc... work properly. * Shutdown socket connections properly, so things don't hang, when wrong versions of daemon/library are used. * Limit PKCS#12 parsing to a clearly defined subset of the format. * Decrypt PKCS#12 with empty passwords properly. * Build fixes. * Translation fixes. Changes in version 2.21.91 are: * Don't prompt for a password from the PAM module since gnome-keyring is not an authenticator. [Ray Strode] * Check that PKCS#11 socket connections come from same user. * Don't lock the entire gnome-keyring-ask process in memory. Just the password text. Works better when less non-pageable memory is available. * Basic serializing of certificates and keys. * Build fixes. * Translation fixes. Changes in version 2.21.90 are: * Fix problem where most keyrings were being treated as insecure from the point of view of storing passwords for keys or certificates. * Fix race condition that is causing deadlocks and freezes. Changes in version 2.21.5 are: * Proper support for creating and destroying objects through PKCS#11. * Support for setting PKCS#11 attributes. * Fix hanging of daemon under certain conditions. * Add gconf setting for determining which components of the daemon (such as SSH) are run at startup. * Better parsing of objects and prompting for passwords in PKCS#12 files. * Calculate trust and purpose/usage of certificates. * Mark certain key/certificate directories as special requiring certain special treatment (such as the CA root store, SSH keys etc...) * Add support for unencrypted keyrings which are used when the user specifies a blank password. * Fix crasher [Jeff Cai] * Build fixes. Changes in version 2.21.4 are: * x86_64 memory alignment fixes * Other build and install fixes * Solaris build fixes [Halton Huo] * Automatically activate keyring daemon via DBus if it is not already running. [Tom Parker] Changes in version 2.21.3.2 are: * x86_64 build fixes * Build and install fixes * Fix problems with assertions when not in debug mode. * Fix some crashers * Better ASN.1 and PKCS#11 date parsing and handling * Fix return results from C_GetAttributeValue * Lookup certificates related to keys properly. Changes in version 2.21.3.1 are: * Build fixes * Use SHA1 instead of MD5 where possible. * Install PKCS#11 module to a better prefix Changes in version 2.21.3 are: * Added basic X.509 certificate and key store * PKCS#11 module for accessing certificates and keys * Now includes an SSH agent * PAM module now works with SELinux [Alexander Larrson] * Add a simpler API for accessing and storing passwords. Changes in version 2.20.3 are: * Use correct environment to startup gnome-keyring-daemon from PAM. * Fix crash when comparing item attributes. [Sam Morris] * Fix crash on shutdown. [Jeff Cai] * Build fix for OpenBSD [Martynas Venckus] Changes in version 2.20.2 are: * Build fixes for systems that require GNU_SOURCE to be defined. [Christopher Taylor] * Builds with the latest DBus [Owen Taylor] * Build fix for OpenBSD [Jasper Lievisse Adriaanse] * Don't print out a warning message in applications using libgnome-keyring when non-pageable memory cannot be allocated. Changes in version 2.20.1 are: * Link pam module properly with libpam [Sebastian Dröge] * Remove 'install-pam' make target [Rémi Cardona] * Return a 'not found' result when no results are returned from a find operation. * Don't remove 'default' file on exit. [Alex Larrson] * Recognize newly created keyrings properly. [Darren Kenny] Changes in version 2.20 are: * Build fixes [Halton Huo] * Translation fixes [Claude Paroz] Changes in version 2.19.91 are: * Builds with newer versions of DBus [Theppitak Karoonboonyanan] * In the PAM module we now support starting gnome-keyring-daemon when the user's session actually starts, rather than during password validation. This makes us more solid and sane with GDM and well behaved PAM using applications. [Chris Rivera] * In the PAM module check that the socket is owned by the same user, before sending the login password there. * Don't read from /dev/random when not needed. This makes startup faster in many cases, as it won't block for entropy. * Get around more optimizations that cancel out wiping of strings in memory before freeing. * Now builds on FreeBSD [Joe Marcus Clarke] Changes in version 2.19.90 are: * Fix problem where keyrings are created in wrong directory [Nathaniel McCallum] * Incorporated security fixes from Novell * Fix crashers when the ask dialog sends back bad data. * Now builds on Solaris [Damien Carbery] * Configure PAM module directory better [Matthias Clasen] * Fix memory leaks Changes in version 2.19.6.1 are: * Fix uninitialized variable in 'get_item_info' operation * Better installing of PAM module on Fedora. [Matthias Clasen] * Build fixes [Jens Granseuer, Claudio Saavedra] Changes in version 2.19.6 are: * Grab the keyboard when prompting for passwords, and always put the prompt window above other windows. * Now supports use of keyrings on removable drives. * PAM module to automatically unlock keyrings on login, or unlocking * Simplify daemon code (now uses cooperative threading) and get it ready for other PKCS#11, SSH and other stuff running in same process. Changes in version 2.19.5 are: * Allow passing NULL as a password to gnome_keyring_unlock() * Added strerror() like functionality for GnomeKeyringResult * Added support for async version of gnome_keyring_item_grant_access_rights_sync() * Handle unix signals properly, quit gracefully. * Fix memory leaks [Alexander Sack] * Make unit tests automatic when building a distribution tarball * Fix prompt messages [Jürg Billeter] * Fix problems prompting for access to items when the keyring is locked. * Non-pageable memory degrades gracefully on Solaris, FreeBSD * Build fixes [Theppitak Karoonboonyanan, Christian Kirbach] * API Documentation Changes in version 2.19.4.1 are: * Build fix for unit tests Changes in version 2.19.4 are: * Fixed problem where zero find results returned 'denied'. * Fixed ugly password prompt for making a new keyring. * Consistent use of NULL in the API to represent the default keyring. * Use non-pageable memory for secrets and passwords. * Log warning and error messages to syslog when running as a daemon. * Added unit tests for the gnome-keyring API. * Refactored and reorganized the code. Changes in version 2.19.2 are: * Sync up version number with GNOME release schedule * Use libgcrypt instead of hand-rolled encryption algorithms. * Internationalization fixes [Elijah Newren] * Solaris build fixes. Changes in version 0.8 are: * Translations Changes in version 0.7.92 are: * Fix build by including sys/types.h * In gnome_keyring_free() don't crash on NULL parameter. Changes in version 0.7.91 are: * Add method for library to discover daemon via DBus. Adds soft DBus dependency. * Fixes for building on kFreeBSD. Changes in version 0.7.3 are: * Fix endless loop when creating a keyring and a file by that name already exists. * Fix crasher when deleting session keyring. * Fix crasher when doing find operation with NULL attribute string. * Sync files to disk after writing to keyring. Changes in version 0.7.2 are: * Don't have multiple password dialogs presented for the same keyring Changes in version 0.7.1 are: * Added GNOME_KEYRING_ITEM_APPLICATION_SECRET which allows an item to be for a single application only with strict access controls. * New function gnome_keyring_item_get_info_full(_sync) which allow retrieval of item meta data without the secret, thus not incurring an ACL prompt. * Translation updates Changes in version 0.6.0 are: * NetBSD fixes * Crash fix * Typo fix * Translations Changes in version 0.5.2 are: * Translation updates * Better title in docs * Fixed crashes * New function: gnome_keyring_item_grant_access_rights_sync Changes in version 0.5.1 are: * Support changing password of a keyring * Create ~/.gnome2 if needed * Save keyring when an ACL is added * Add password strength meter * Small bugfixes Changes in version 0.4.9 are: * Fix return value for some sync calls * Translation updates Changes in version 0.4.8 are: * Fix crash when asking for password * Translation updates Changes in version 0.4.7 are: * Fix --disable-nls * Translation updates Changes in version 0.4.6 are: * Confirm password when selecting new password Changes in version 0.4.5 are: * Fix a crash in some sync functions. Changes in version 0.4.4 are: * Translation updates * warning fixes * require gtk 2.6 Changes in version 0.4.3 are: * Translation updates * Fix bug in acl functions * implement gnome_keyring_set_info * add sync function for all operations * fix leaks Changes in version 0.4.2 are: * AIX portability fixes * Translation updates Changes in version 0.4.1 are: * Support for slaving lifecycle to a file descriptor * Translation updates Changes in version 0.4.0 are: * Build fix on some systems * Translation updates Changes in version 0.3.3 are: * Translation updates Changes in version 0.3.2 are: * New API functions for getting/setting ACL * Implemented delete keyring operation Changes in version 0.3.1 are: * New and updated translations. * New introduction document * unlocking the NULL keyring unlocks the default keyring Changes in version 0.2.1 are: * New and updated translations. Changes in version 0.2.0 are: * New and updated translations. Changes in version 0.1.91 are: * New translations Changes in version 0.1.90 are: * New translations * uninstalled pkg-config file Changes in version 0.1.4 are: * New translations * put gnome-keyring-ask in libexec Changes in version 0.1.3 are: * Fixed leaks * Portability fixes * Don't split strings for translations Changes in version 0.1.2 are: * Spelling fix in API * require latest gtk/glib * use g_get_tmp_dir instead of hardcoding /tmp * More translations Changes in version 0.1.2 are: * Slave lifecycle to session * More translations * Nicer user interface * FreeBSD fixes * Solaris fixes