69 lines
3.1 KiB
ReStructuredText
69 lines
3.1 KiB
ReStructuredText
Changes in `1.3.0 <http://matrix.org/git/olm/commit/?h=1.3.0>`_
|
|
===============================================================
|
|
|
|
The release updates the group session identifier to avoid collisions.
|
|
The group sessions are now identified by their ed25519 public key.
|
|
|
|
These changes alter the pickle format of outbound group sessions, attempting
|
|
to unpickle an outbound group session created with a previous version of olm
|
|
will give ``OLM_CORRUPTED_PICKLE``. Inbound sessions are unaffected.
|
|
|
|
This release alters the format of group session_key messages to include the
|
|
ratchet counter. The session_key messages are now self signed with their
|
|
ed25519 key. No attempt was made to preserve backwards-compatibility.
|
|
Attempting to send session_keys between old and new versions will give
|
|
``OLM_BAD_SESSION_KEY``.
|
|
|
|
Changes in `1.2.0 <http://matrix.org/git/olm/commit/?h=1.2.0>`_
|
|
===============================================================
|
|
|
|
This release updates the implementation of group session communications, to
|
|
include Ed25519 signatures on group messages, to ensure that participants in
|
|
group sessions cannot masquerade as each other.
|
|
|
|
These changes necessitate changes to the pickle format of inbound and outbound
|
|
group sessions, as well as the session_keys exchanged between them. No attempt
|
|
has been made to preserve backwards-compatibility:
|
|
|
|
* Attempting to restore old pickles will give ``OLM_CORRUPTED_PICKLE``.
|
|
* Attempting to send session_keys between old and new versions will give
|
|
``OLM_BAD_SESSION_KEY``.
|
|
* Attempting to send messages between old and new versions will give one of a
|
|
number of errors.
|
|
|
|
There were also a number of implementation changes made as part of this
|
|
release, aimed at making the codebase more consistent, and to help with the
|
|
implementation of the group message signatures.
|
|
|
|
|
|
Changes in `1.1.0 <http://matrix.org/git/olm/commit/?h=1.1.0>`_
|
|
===============================================================
|
|
|
|
This release includes a fix to a bug which caused Ed25519 keypairs to be
|
|
generated and used insecurely. Any Ed25519 keys generated by libolm 1.0.0
|
|
or earlier should be considered compromised.
|
|
|
|
The fix necessitates a change to the format of the OlmAccount pickle; since
|
|
existing OlmAccounts should in any case be considered compromised (as above),
|
|
the library refuses to load them, returning OLM_BAD_LEGACY_ACCOUNT_PICKLE.
|
|
|
|
|
|
Changes in `1.0.0 <http://matrix.org/git/olm/commit/?h=1.0.0>`_
|
|
===============================================================
|
|
|
|
This release includes a fix to a bug which had the potential to leak sensitive
|
|
data to the application: see
|
|
https://github.com/vector-im/vector-web/issues/1719. Users of pre-1.x.x
|
|
versions of the Olm library should upgrade. Our thanks to `Dmitry Luyciv
|
|
<https://github.com/dluciv>`_ for bringing our attention to the bug.
|
|
|
|
Other changes since 0.1.0:
|
|
|
|
* *Experimental* implementation of the primitives for group sessions. This
|
|
implementation has not yet been used in an application and developers are
|
|
advised not to rely on its stability.
|
|
|
|
* Replace custom build scripts with a Makefile.
|
|
|
|
* Include the major version number in the soname of libolm.so (credit to
|
|
Emmanuel Gil Peyrot).
|