From f4ded6a75809a84e330e7f3b66436bd2ea2c9974 Mon Sep 17 00:00:00 2001 From: Lorry Date: Wed, 18 Jul 2012 21:33:10 +0100 Subject: Tarball conversion --- ChangeLog | 227 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 227 insertions(+) create mode 100644 ChangeLog (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog new file mode 100644 index 0000000..1e573d0 --- /dev/null +++ b/ChangeLog @@ -0,0 +1,227 @@ +version 0.9.7 + - fixed tiny memory leak when oauth_curl_get() fails + - fixed double-encoding of plaintext signature + +version 0.9.6 + - fixed typo, do not print a separator before first parameter + when serializing url for auth-header. + +version 0.9.5 + - added "built-in" hmac-sha1 hashing (no RSA). + - added some CURL options available via enviroment variables + - fixed issue with decoding already encoded characters + in the base-URL (not parameters). + reported by L. Alberto Giménez + +version 0.9.4 + - fixed possible memory corrution in oauth_curl_get + thanks to Bruce Rosen for reporting this issue + +version 0.9.3 + - yet more build-system fixes: + - allow to override HASH_LIBS and CURL_LIBS using envoronment variables + - include them in .pc and tests/Makefile.am + +version 0.9.2 + - fixed typo in build-system (LDFLAGS, -Wl,--as-needed detection) + +version 0.9.1 + - fixed typo in API: + oauth_time_indepenent_equals[_n] is now deprecated in favor of + oauth_time_independent_equals[_n] + - added check for 'Wl,--as-needed' linker flag. + +version 0.9.0 + - fixed typo in pkg-config file. + +version 0.8.9 + - added constant-time string compare function motivated by + http://rdist.root.org/2010/01/07/timing-independent-array-comparison/ + - updated the build-system + - avoid indirect linking (curl, ssl) + - AS_IF expansion for PKG_PROG_PKG_CONFIG + - only build tests when running `make check` + +version 0.8.8 + minor changes to the build-system + - allow to overrice HASH_LIBS/CFLAGS (NSS, SpenSSL) + - fixes for static linking in src/Makefile.am + +version 0.8.7 + fixed whitespace in interface revision number + fixed test-build system: + - unhardcode -lssl + - add CFLAGS_CURL + +version 0.8.6 + removed non-posix prototypes + +version 0.8.5 + cleaned up man-page & added logo to html doc. + +version 0.8.4 + fixed pkgconfig dependencies (OpenSSL vs NSS) + +version 0.8.3 + added an interface to generate an OAuth HTTP Authorization header + and oauth_http_[get|post]2 to preform such requests, + as well as example code 'oauthtest2' to do so. + +version 0.8.2 + fixed potential NULL pointer exception when sorting + duplicate URL parameters without value. + It's a extremly rare edge-case - there's no practial + use for duplicate empty URL parameters - but it could + be used as a DOS attack-vector. + +version 0.8.1 + replaced a few forgotten mallocs with xmalloc. + +version 0.8.0 + replaced xmalloc with custom MIT-licensed version. + removed --enable-gpl configure option. + minor updates to README, documentation, etc. + +version 0.7.2 + added NSS as alternative to OpenSSL. + use OpenSSL or NSS random number generator for nonce. + +version 0.7.1 + proper naming: replaced oAuth -> OAuth. + fixed a few typos in the documentation. + +version 0.7.0 + resolved licensing issues: + * xmalloc = GPL + * openSSL & GPL exemption + +version 0.6.3 + also use curl timeout for commandline curl + renamed --with-libcurl-timeout to --with-curl-timeout + +version 0.6.2 + added CURLOPT_TIMEOUT option. + available at compile time with configure --with-libcurl-timeout= + +version 0.6.1 + added oauth_curl_send_data_with_callback + to use HTTP-methods other than GET&POST with libcurl. + +version 0.6.0 + configure options to disable curl & libcurl + replaced tabs with spaces in source + +version 0.5.4 + added oauth_post_data_with_callback() and + fixes for MSVC/WIN32 platform + by Dave Gamble + +version 0.5.3 + added oauth_body_hash calulation + support for HTTP Posting data from memory. + +version 0.5.2 + added support for HTTP request methods other than GET & POST. + +version 0.5.1 + added oauth_sign_array() function - which allows to modify the parameters + before siging them. + fixed url-splitting to url-decode parameters when generating the parameter + array. + +version 0.5.0 + fixed debian package liboauth -> liboauth0 + minor fixes in the manual + else unchanged it's 0.4.5 after six month of stress tests in production + +version 0.4.5 + fixed dependencies in pkgconfig pc.in + +version 0.4.4 + libtool interface version number + +version 0.4.3 + added oauth_url_unescape() + +version 0.4.2 + fixed escaping of PLAINTEXT signature. + +version 0.4.1 + added oauth_serialize_url_sep() + and OAUTH_VERSION defines in header file. + +version 0.4.0 + release on googlecode under MIT license + and on sourceforge/debian under LGPL + +version 0.3.4 + allow to configure MIT only or LGPL licensed code (xmalloc) + reorganized tests + removed mixed declarations and code + +version 0.3.3 + added Eran's test-cases. + removing ':80' portnumber from URL before signing + when splitting URL parameters: use '\001' as request param value as alias for ampersand ('&') + +version 0.3.2 + added NULL uri check to oauth_split_post_paramters() + testcode comment updates. + +version 0.3.1 + added #ifndef _OAUTH_H to header - avoid double include errors + fixed some typos in the doc. + +version 0.3.0 + prefixed all public oauth.h functions with "oauth_" + added RSA-SHA1 signature support + +version 0.2.4 + detect absoluteURI by ":/" (it was /^http/) - used to detect empty abs_path + added shell escape for (bash like) `sh` to invoke curl/wget + cleaned up example code and doc a bit. + +version 0.2.3 + fixed '?' in GET URL¶meter concatenation + added cURL HTTP-GET function and test/example code + test/example code using http://term.ie/oauth/example/ + +version 0.2.2 + fixed "empty HTTP Paths" see http://wiki.oauth.net/TestCases and + http://groups.google.com/group/oauth/browse_thread/thread/c44b6f061bfd98c?hl=en + fixed some compiler warnings + made signature function args 'const char *' + and mem-zero some possibly sensitive strings before free()ing them. + +version 0.2.1 + prepared for MIT license + all c sources and headers by Robin Gareus are now MIT licensed. + +version 0.2.0 + updated documentation + fixed configure.ac + +version 0.1.3 + removed getpid() on random-number initialization for win. + moving to sourceforge. + +version 0.1.2 + different handlers for POST and GET query string. Get escapes '+' to ' '. + oauth_sign_url() returns escaped query string. + added oauth_curl_post_file - preparing for xoauth_body_signature. + updated test code. + +version 0.1.1 + fixed parameter normalization and sorting for some edge cases. + added Test Cases from http://wiki.oauth.net/TestCases + added simple HTTP POST using libcurl or a command-line HTTP client. + +version 0.1.0 + added xmalloc - removed NULL checks after [re|m|c]alloc. + libtoolized and prepared packaging. + fixed a couple of typos + added a some more documentation. + +version 0.0.1 + first public release + oAuth parameter escape and URL request signing functions. -- cgit v1.2.1