cpm (0.23beta) unstable; urgency=low * GUI + The statusline now reflects the correct ESC command which now switches from 'Exit' to 'Back' on deeper levels. + Modified the CDK support so it now runs with the current version 5 of this library * General + Finally the Debian repository is signed. For this, some scripts were modified. -- Harry Brueckner <harry_b@mm.st> Fri, 12 Apr 2006 19:13:18 +0100 cpm (0.22beta) unstable; urgency=medium * Bugs + Fixed bug #1457707 where a new comment caused a segmentation fault when the comment was left empty. + Fixed bug #1458208 where CTRL+E caused a weird string to show up at certain occasions. The list control was not checked correctly for the available number of entries. * GUI + Added a dialog to ask the user if the lockfile should be removed in case it exists on program startup. -- Harry Brueckner <harry_b@mm.st> Sun, 26 Mar 2006 16:01:57 +0100 cpm (0.21beta) unstable; urgency=low * Bugs + Fixed bug #1437432 which created a lockfile even if cpm was started with the --readonly option. * GUI + GPGME 1.1 is now supported and the binary directly encrypts the datafile for the same recipients as it was encrypted before; the wrapper script is no longer necessary. -- Harry Brueckner <harry_b@mm.st> Fri, 24 Feb 2006 17:32:23 +0100 cpm (0.20beta) unstable; urgency=medium * Bugs + Fixed bug #1370314 which didn't allow @ characters in strings during the security checks. * GUI + The configuration option 'TemplateLock' now can be used so it's no longer possible to extend the tree structure with unknwon nodes. If set to 'no' the behaviour is like it has been before. + If no encryption key has been specified, the user is now asked if he wants to quit without saving. * General + Fixed CLI search 3 check so the regex error message test is ignored; it's enough to verify that there is an error, not which error exactly since the message has been changed between versions + Fixed bug in the configure script which did not examine the cdk.h file properly and also added a check for the version of GPGME + Modified the apt repository on the server to be able to hold repositories for several Debian versions + Added Debian package for Debian Sarge. -- Harry Brueckner <harry_b@mm.st> Sat, 1 Dec 2005 09:26:44 +0100 cpm (0.19beta) unstable; urgency=low * Bugs + Fixed wrong encoding of the user identity which was extracted from the GPG realm + Wrong max. memory limits were not reported correctly since the application run out of memory before it could report it; now memory does not get locked if not enough memory is available * General + Switched from CVS to darcs + Added UTF-8 encoding check during program startup -- Harry Brueckner <harry_b@mm.st> Mon, 26 Sep 2005 19:38:56 +0100 cpm (0.18beta) unstable; urgency=low * Bugs + Fixed a bug in the configure script where --with-xml2 did not work like it was expected + Datafiles with size 0 now create an error and no segmentation fault * General + Added check to the configure script so CDK versions >4.9.10 can no longer be used since these versions can not handle empty lists properly + The default gpg key is no longer used to sign the database files; instead all keys which are used for encryption and have the ability to be used for signing are used -- Harry Brueckner <harry_b@mm.st> Fri, 16 Sep 2005 19:00:47 +0100 cpm (0.17beta) unstable; urgency=low * Bugs + Some versions of CDK could not be used for compilation; the --with-cdk-v4 option fixes those problems (e.g. with CDK version 4.9.10) + Added a warning to the Gentoo ebuild -- Harry Brueckner <harry_b@mm.st> Fri, 2 Sep 2005 17:25:23 +0100 cpm (0.16beta) unstable; urgency=medium * Bugs + Fixed bug in the environment variable check where GPG_AGENT_INFO needs the ':' character * CLI + Duplicate search results are no longer displayed. The output list is made unique and the entries are alphabetically sorted. * GUI + The GUI now compiles with later CDK versions as well (highest tested version is 5.0-20050424) * General + Added check for the 'max locked memory' setting in the security checks; the behaviour can be controlled by the configure option --with-memlock + Makefile cleanup to cleanup temorary files of the check process -- Harry Brueckner <harry_b@mm.st> Sun, 28 Aug 2005 20:37:54 +0100 cpm (0.15beta) unstable; urgency=low * Bugs + Bug #1235984 has been fixed + Bug #1235987 has been fixed * CLI + Added regular expression search * GUI + Resizing of the terminal does not trigger any weird keys anymore + The info panel uses the full screen width + Fixed invalid display of umlauts in GPG keys * General + added a gettext check to verify if the locale for de_DE is installed; otherwise the gettext check would fail one step later -- Harry Brueckner <harry_b@mm.st> Sun, 7 Aug 2005 21:54:28 +0100 cpm (0.14beta) unstable; urgency=medium * CLI + Added an additional test for the CLI search * GUI + If you go deeper than password level, the password is not listed in the headline area of the GUI + In the comment field, manual line breaks are possible by specifying \n in the editor + When a comment is empty, the node in the XML document is removed + The screen now gets properly refreshed when popup windows close + Special entity characters like & did not get encoded properly in the comment field * General + Added a xmllint call to the import process so the created XML code gets generally validated + Added configure option --without-crack-lib to not use the library; this way cpm can be compiled on sytems without that library + Added missing zlib dependency to the Debian package. + Moved the import tools to a new directory in /usr/share/cpm with the proper permissions -- Harry Brueckner <harry_b@mm.st> Thu, 22 Jul 2005 14:30:14 +0100 cpm (0.13beta) unstable; urgency=medium * Bugs + Fixed short options in the wrapper script + Fixed memory leak when file was written in --noencrypt mode (this had absolutely no effect on encrypted files) + Fixed problems with the encoding of special characters, encoding should now be properly implemented * General + man page slightly modified + renamed the import script cvs2cpm.pl to the correct name csv2cpm.pl -- Harry Brueckner <harry_b@mm.st> Sun, 3 Jul 2005 12:21:47 +0100 cpm (0.12beta) unstable; urgency=low * Bugs + Short options which don't take an argument did not get recognized correctly + The save dialog did get displayed even when the file was opened in read-only mode + Fixed a memory leak in the CLI search routine which was the reason that the search did not find matches * General + Added GPG signatures of the tar.gz and tar.bz2 files to the website -- Harry Brueckner <harry_b@mm.st> Wed, 15 Jun 2005 09:09:14 +0100 cpm (0.11beta) unstable; urgency=low * Bugs + Fixed bug with the help screen; pressing CTRL+H caused a core dump due to the new and improved guiDialogOk() function which can reformat long lines * General + man page for cpm added -- Harry Brueckner <harry_b@mm.st> Tue, 7 Jun 2005 15:11:34 +0100 cpm (0.10beta) unstable; urgency=high * Bugs + Fixed a bug in the de- and encryption function which might cause large files to get garbled + Fixed core dump when a none-validatable document was read; the program didn't terminate properly in this case * General + Added a much better encryption test - which caused the now fixed bugs to show up -- Harry Brueckner <harry_b@mm.st> Fri, 3 Jun 2005 09:30:56 +0100 cpm (0.9beta) unstable; urgency=medium * Bugs + Fixed outdated calls to tail where '+n' was used instead of '--lines=+n' * General + Added several security checks to prevent core dumps, swapping of the application's memory, ptracing and environment variable checks + Added zlib compression support so the XML data inside the encrypted file is compressed and 'known plaintext' attacks against the encrypted database are harder to mount + Added filelocking mechanism so multiple users can not overwrite each other's data (when more than one user opens a file, only the first one gets writepermissions) + Signal handlers for SIGINT and SIGTERM remove the lockfile, if it exists + Added several more tests for the 'make check' run, to provide a more secure package creation process + Added a check during package creation using flawfinder; code has been cleaned up to match the checks + Added --readonly commandline option + Modified version check so it now properly handles the difference between version 0.1, 0.2 and 0.10. + Internal code and configuration/runtime information cleanup + Fixed dependency in the Gentoo ebuild file -- Harry Brueckner <harry_b@mm.st> Tue, 31 May 2005 10:29:07 +0100 cpm (0.8beta) unstable; urgency=medium * Bugs + Fixed a bug in the fileExists() function which did not check the requested filename * General + Added Gentoo ebuild file (by Marc Jauvin <marc@r4l.com>) + Fixed the Makefile so it should now work with the Gentoo ebuild process (patch provided by Marc Jauvin <marc@r4l.com>) + Added backup files when data is saved; this feature can be configured by the resource directive 'CreateBackup'. + Added a general import interface so it should be easy to add new formats + Added a conversion tool for Password Safe (http://passwordsafe.sourceforge.net/) + Created files now get their permissions fixed right after they are created; this should be safer than after closing the file + File status are checked on filehandles where possible; this should make it harder to trick the code * GUI + Set the default colors to transparent so the GUI also looks nice on transparent terminals -- Harry Brueckner <harry_b@mm.st> Fri, 13 May 2005 19:47:21 +0100 cpm (0.7beta) unstable; urgency=low * Bugs + The source did not compile on Gentoo Linux. configure failed on the library checks due to the wrong order of the library checks. This issue was fixed with the help of Christopher Hesse <christopher.hesse@case.edu>. * General + A DTD has been added and the data files are now verified against this DTD with each program start + configure now also knows the parameter --with-crack-dict to specify the path to the cracklib dictionary files -- Harry Brueckner <harry_b@mm.st> Wed, 11 May 2005 14:53:32 +0100 cpm (0.6beta) unstable; urgency=low * Bugs + Fixed a core dump if an unsigned file was used during the decryption * CLI + Added the --key option. + Added automatic addition of the used encryption key to the default keys * GUI + Added a key listing to the save data dialog so the user now sees the used keys before encrypting the message + Added a warning if none of the users secret keys is used to encrypt the database + During the creation of random passwords a dialog is displayed, which explains how to create entropy in case /dev/random runs out of numbers + Added a more descriptive error message for hash and validity error messages (gpgme) * General + Added a wrapper script so gpg can now be used to find the recipients of the database file and this information is passed on to CPM via the new --key option + Added the wrapper script to the installation -- Harry Brueckner <harry_b@mm.st> Tue, 26 Apr 2005 10:00:35 +0100 cpm (0.5beta) unstable; urgency=low * Bugs + Fixed severe bug in the tar archive which made it impossible to compile the source. control.in and the gettext files were missing; check added so this won't happen again + Fixed missing resource file parsing for flag 'CrackLibCheck' which was already in the example resource file but nut yet supported * GUI + Added <CTRL><W> to save the database + Added a statusline * General + Added the --configtest option and added a check to the package preparation to check the current example configuration -- Harry Brueckner <harry_b@mm.st> Thu, 21 Apr 2005 20:15:55 +0100 cpm (0.4beta) unstable; urgency=low * Bugs + fixed wrong autoconf setup; config.h.in wasn't updated properly + fixed check procedure which now stops when an error occurs * General + Added usage of cracklib + Added cracklib check to the password generation function + Added configuration of which templates are used as passwords + Added cracklib support to check password templates via cracklib for secure passwords + Added gettext support + Added first German translation data + Added gettext check for the check make target + Added check for maximum argument length on the commandline, the resource file and all user input -- Harry Brueckner <harry_b@mm.st> Wed, 20 Apr 2005 16:43:12 +0100 cpm (0.3beta) unstable; urgency=medium * Bugs + Fixed SIGSEG when options like --file were passed to the binary without handing over a filename + Fixed wrong error message which assumed the file as read-only when the GID of the file was in a supplemental group. + Removed the creation of backup files since this is not possible if the file is not owned by the current user. * General + Moved some functions into a general function collection file. * GUI + Fixed the commands edit, delete and comment to behave like the navigation; only the highlighted entry is used now + I hopefully fixed a little problem which occures when slow connections are used. The draw functions of CDK are hopefully a little faster now. * Migration of PMS + Added a little script to migrate from PMS + Dennis Pries <eisbaer82@users.sourceforge.net> agreed that I take over his project PMS (hosted at http://sourceforge.net/projects/passwordms/) since he no longer has the time to maintain it. We both agreed that CPM will be the official followup of PMS. -- Harry Brueckner <harry_b@mm.st> Tue, 19 Apr 2005 10:40:12 +0100 cpm (0.2eta) unstable; urgency=low * GUI + Moved the stderr error messages on program startup (in GUI mode) into dialog boxes. + The headline of the navigation list now shows your current 'location' and the data path you are currently in. + Modified the selection of a node to descend into the tree. Now the highlighted entry is used and it's not tried to add a new node. -- Harry Brueckner <harry_b@mm.st> Fri, 15 Apr 2005 09:04:44 +0100 cpm (0.1beta) unstable; urgency=low * Initial Release. -- Harry Brueckner <harry_b@mm.st> Thu, 14 Apr 2005 09:52:12 +0100