Date unknown
(The developer himself was too lazy to update the changelog for this release, so it was done by a civilian.)
Date unknown
(The developer himself was too lazy to update the changelog for this release, so it was done by a civilian.)
At the time, the changes were described as:
29 June, 2001
More things have changed than I can remember. Documentation is extremely poor, but we do have a brief introduction to the New World Order Gale, as implemented in this release.
Gale now uses OpenSSL for cryptography support rather than RSAREF.
All operations, including AKD, are now asynchronous and can be performed in parallel with other operations.
Messages can be signed by multiple keys.
The "Terror" is fully implemented; keys and categories are unified into "locations".
17 November, 2000
This is an interim release to test usability aspects of the changes documented in "Terror". It implements the new unified category/key "location" concept on top of the existing Gale infrastructure. A future version will include "native" location support. This release also introduces improved Unicode support and a number of bug fixes (most of which aren't listed here).
Portability fixes for FreeBSD and other systems without libresolv.
Unicode I/O support! By using CHARSET, GALE_CHARSET, or GALE_CHARSET_{CONSOLE,FILESYSTEM,CMDLINE,SYSTEM}, you can control the encoding used for I/O. The default is now ASCII (instead of ISO-8859-1), but you can use anything you like, including ISO-8859-1, UTF-8, or even GB or Big5.
13 July, 2000
This release mostly fixes minor bugs in 0.99. If version 0.99 works for you, there's no great need to upgrade.
The gsub client properly reports decryption failures again.
Fixed key corruption in some cases when generating new keys.
Incorporated fixes to gzgw, which didn't even build... (Thanks!)
The new GALE_COLUMNS variable allows the user to override the terminal width. (By default, Gale tries to guess it with a variety of techniques.) This is particularly relevant to gsub.
When one gsub (or gwatch or ...) kills off another, it starts with a SIGTERM and eventually uses SIGKILL if the other process won't go away. This is helpful if you're replacing a program that's stuck waiting for a key or something. It also displays more information about what it's doing.
20 May, 2000
Version number notwithstanding, this is a minor change from 0.91b. From here on, I'd like to stabilize Gale in preparation for a 1.0 release. While these releases aren't critical for anyone happy with 0.91b, I'd like as many people as possible to try them out for testing.
Gale clients do not require the user's key to exist for trivial operations (like getting a usage message).
Gale clients should notice key changes on the local disk much faster. It should no longer be necessary to restart "gsub" or "gdomain" to pick up a newly generated key.
Sundry bug fixes.
30 January, 2000
The key format generated by 0.91 is not compatible with older versions.
0.91 introduces a new key format which is not compatible with older versions. Older keys will continue to work, but everyone should upgrade so they won't choke on newly generated keys. 0.91a fixes a stupid bug introduced in 0.91. 0.91b fixes fatal bugs in "gdomain" and "gkinfo", and adds a "-v" (verbose) flag to "gkinfo".
Newly generated keys will use a more extensible (but incompatible) format.
"Symlink keys" (or "redirector keys") are now supported, using "gkgen -s". Ask JTR how they work.
Users and system administrators may define aliases by creating broken Unix symlinks in the ".gale/aliases/" and "etc/gale/aliases/" directories, respectively. If you create a link of the form "ugcs -> ugcs.caltech.edu", you can then "gsend foo@ugcs" to send a message to Blake. (Yes, this link doesn't point to anything; it's the content of the link that matters.) This also works at any level of the hierarchy (e.g. for individual keys). Aliases are evaluated recursively; they can reference each other.
Various bug fixes.
ADNS is on by default again. Use version 0.5 (0.6 crashes).
10 October, 2000
0.90a was only released very briefly; everyone using it should upgrade. Version 0.90b fixes some installation bugs, and most importantly, alters the directed category loop detection logic so that it works more reliably on some non-Linux systems (like IRIX). 0.90c further refines the local loop detector, fixes more installation problems, and disables adns support (since it fails with all released adns versions).
The introduction of directed categories requires some changes to server configuration.
Never officially released, 0.90 was an internal test version.
Directed categories are now supported. The new Gale server uses direct routing for categories beginning with '@'. This means that your Gale domains need to have actual matching entries in the DNS now.
Clients now ignore GALE_SERVER. Instead, they derive the location of a server from GALE_DOMAIN; override this with GALE_PROXY.
Gale now uses Ian Jackson's adns resolver, if available, for asynchronous hostname lookups. (This is mostly only useful for the server.)
Puffs can now have negative categories, just like subscriptions. This is mostly only useful to make directed categories work, but it's also available to end users. If you send a message to "foo:-bar" it will treat all subscriptions to "bar" as negative subscriptions. (That means it matters whether someone subscribes to "foo:bar" or "bar:foo".)
The gsub client now prints notices when connecting to a server and terminating. This should make it easier to keep track of what your gsub is doing.
More stringent restrictions on AKD resubmission; even in the face of an unverified signature, clients will not attempt AKD for any given key more than once every 20 minutes. This should reduce or eliminate "auth storms".
Daemons (gdomain, galed) now report errors via Gale puffs, on categories of the form "@<dom.ain>/server/{galed,gdomain}". This should make it much easier to monitor the status of server connections, among other things.
Lots of miscellaneous bug fixes, (probably) replaced by lots of miscellaneous new bugs.
2 August, 1999
Gale now uses liboop for low-level event processing; the library interface changed dramatically as a result. The end result should be simpler, more asynchronous, and less buggy. Signal handling should work better now.
This release fixes a number of minor bugs. Deathpolling should work properly now, among other things.
Directed categories aren't here yet, but we're closer.
Interactive installation steps have been broken out into an independent "gale-install" script, rather than being dependent on the build directory (as "make config" and "make domain" were).
4 April, 1999
Users of previous versions (particularly those who run their own servers) should upgrade immediately to avoid bugs which can cause crashes and net-splits.
This is a bug fix release.
10 March, 1999
Word-wrap algorithm in gsub, using the "wacky quoting proposal", to allow people to puff independently of terminal width.
New, and hopefully much more rational, interface to gkgen. This now subsumes gkeys, which I've removed.
A new -r flag to gsub for running the default gsubrc directly (useful for filtering-only gsubrcs).
Better formatting for notices received by gsub (creeping up on replacing gwatch).
Various minor bug fixes.
8 January, 1999
Yet another bug-fix release. Anyone running 0.19a should upgrade.
AKD was accidentally disabled in 0.19a. Re-enabled here.
SA_RESTART is turned off, so gsub will die properly on systems with BSD-ish signals.
Messed-up dependency on RSAREF header removed.
2 January, 1999
This is a bug-fix release. If Gale works for you, don't bother upgrading.
The infamous "cannot create temp file" message now informs you of the filename it tried to create.
The libgale should keep all its global data in a heap block allocated (indirectly) with GC_malloc_uncollectable. This should fix problems people were having with shared libraries and the libgc.
I stole the patches to ltmain.sh gtk uses, so --disable-shared should actually work now.
21 December, 1998
The default gsubrc in gsub word-wraps now. Eventually gsend will also word-wrap, and not include newlines.
Gale builds shared libraries (with libtool). I've coalesced the three Gale libraries (libgale, libgmisc, libgauth) into one (libgale).
A new "gale-config" program can output the prefix, exec-prefix, version, include directives, and link directives in the Gale installation.
A slew of internal changes and minor tweaks to the libgale API.
22 July, 1998
This fixes some minor but annoying bugs, most prominently the tendency for gsub to create lots of zombies.
This release is (mostly) a minor bug-fix release.
Some "minor" formatting changes in gsub.
The build should work much better now.
Added "--enable-gzgw" and "--enable-glog". By default, those clients are not built.
Fixed the "tab bug".
Included the fix for the "cross-device link bug".
This release attempts to fix a number of problems introduced in 0.18.
"Interrupted system call" messages should appear no longer.
The log viewer will no longer attempt to request keys.
Clients now create ".gale/auth/random" with the right permissions.
The system really shouldn't have problems with temp files now.
Error messages now highlight their initial "!" character.
The "stealth mode" now works properly again.
Clients should more properly escape weird text now.
Environment variable stuff might work better now.
21 June, 1998
This release contains a time bomb! After midnight in the morning of Friday, July 3, 1998, it will become incompatible with previous releases. I strongly encourage everyone to upgrade by that date.
New message format. This format is not backward compatible with old versions of Gale! Make sure to upgrade by the time bomb date. Note that some of the features below may not work until the cutover.
Changes to the gsubrc protocol to support the new message format. The "HEADER_..." environment variables are deprecated, take a look at the new "GALE_{TEXT,TIME,NUMBER}_..." variables instead for direct access to the new tagged message fragments.
Presence notification now handles provides more information than "login" and "logout". It distinguishes gsub start and stop from connection failure, reconnection, and automatic restart. Users can customize the presence information they broadcast with the new "-p" option to gsub: "gsub -p out/to/lunch", "gsub -p in/da/house". Both gwatch (login, logout, "ping") and gsub (receipts) display this information.
Part of the message format change replaces the old "Agent" and "Time" headers with standardized "id/class", "id/instance" and "id/time" fragments. Everyone who generates these should adhere to the same general format for these values as the existing clients.
We now use the Boehm conservative garbage collector to manage allocation. This has simplified the code quite a bit.
All output has a consistently placed and formatted timestamp.
The "deathpolling" in gsub happens in gwatch now too.
The auth system does a better job tracking and deleting invalid keys.
I've reviewed and simplified the key replacement code.
AKD no longer uses "ping" messages.
15 March, 1998
This version fixes a massive security hole. Every previous version would generate the same private key all the time! This version will invalidate all the old keys, requiring you to regenerate (and re-sign) all the keys you use.
Key generation works better now; even in the presence of errors, keys won't end up with names like "(uninitialized)".
Key replacement works now. (We'll need this!)
This version should fix the message delay and loss problems people saw with 0.16 versions.
Readline now works in gsend again.
I have consolidated "-p" and "-a" flags to gsub into just "-a".
The output from gwatch looks more like the receipts from gsub.
9 March, 1998
This version fixes an install problem (certain scripts didn't get included in the distribution), and removes a spurious "invalid key request" warning from gsub.
9 March, 1998
The authentication system has been extended significantly. Keys generated with this version (and future) will not be usable by older versions (but this version can use old keys fine). Key signatures now store a timestamp (so newer keys can replace older ones) and an optional expiration date. This makes keys even longer, but we no longer send the full key around with messages. This will make older versions of gale unable to recognize signatures generated with this version, so you should probably upgrade fairly quickly. Of course, this places more burden on AKD; make sure to run "gdomain".
The package is now structured, configured, distributed and built with GNU automake. This should improve the build process and get rid of some problems (like install-sh path issues). We're no longer dependent on GNU make! Automatic VPATH builds even work and stuff.
I've changed the network protocol Gale uses, and the port number has changed as well. (We now use 11511 rather than 8413.) The server will continue to support the old protocol (listening on the old port) for some time; the clients all speak the new protocol now. If all goes well, you won't notice a difference, but some bugs might have crept in. In particular, I'd like to know how well this works for those of you with ridiculously terrible network connections to the "core" Gale servers (you know who you are!).
Tremendous internal reorganization. Unicode strings are now used much more prevalently; another library split off from libgale; all sorts of stuff.
The default formatter no longer ignores messages to categories ending in "/ping", except for the "/ping" category itself. Send pings with a crosspost like "...:/ping". The AKD system and "gwatch" now do this.
Problems compiling under non-gcc compilers fixed.
$GALE_FROM always determines the From: header set by gsend, even if you use the "-S" flag.
By default, gsub beeps when you receive a private message. The "-b" option disables beeping, or you can of course write your own gsubrc.
The flags for gsend have changed subtly. In particular, "-c" adds to the category list and disables encryption; "-C" replaces the category list. This makes it easy to send "mixed public/private" messages.
The rather pointless "-r" flag to gsend, gsub and gwatch has gone away.
Fixed infinite loop in gsub when errors happen (!).
3 January, 1998
Versions 0.15a, b, and c fix some minor problems with 0.15, including bugs in "gwatch" and "gdomain", inappropriate warnings and the like.
25 December, 1997
This version has a time bomb! See below.
At the change of the New Year (1997 to 1998), Pacific Standard Time, Gale clients will start using the new naming scheme for user categories. Rather than using "user/dom.ain/username" they will use "@dom.ain/user/username". Update your subscription lists! If you maintain your own installation, make sure to upgrade before the deadline. (If you don't upgrade in time, don't panic. Public messages will still work; you'll just be using the wrong categories for private messages.)
We now use readline for "gsend", if available. Readline does not support multi-line editing, but it beats the kernel "line editor".
Dropped the silly requirement that receipt categories to begin with "receipt/".
Now default to asking for receipts for private messages to category "user/domain/username/receipt". Hopefully users will pick up on this form of acknowledgement; the gsub formats them specially: * Received by <bozo@ofb.net> (Dan Egnor) 12/23 02:15
The meaning of "-p" has changed; it no longer takes an argument. Use an explicit header if you want to direct the receipt category specially.
The gsub argument "-y" is now "-a".
The gsub polls its TTY to see if the user has logged out, for systems with unreliable delivery of SIGHUP.
Portability fixes for Solaris (and others).
Sundry bug fixes.
This version changes the user interface for "gsend" and "gsub" to make usage less confusing and error-prone for newbies. Beware!
Recipients are now expressed directly on the "gsend" command line, category names with "-c" (this is the opposite of the old behavior; "-e" is no longer used).
Categories specified on the "gsub" command line now add to the default categories, rather than replacing them (unless you use "-e"). $GALE_SUBS overrides all categories; $GALE_GSUB adds to the defaults. New users should specify GALE_GSUB to define their subscriptions, unless they need to remove the default "user/..." subscription.
This doesn't really mark a change in gale itself, but I've started distributing gale compressed with bzip2 rather than gzip.
Recently, I've observed some rather unfortunate incidents where people became confused about their command-line history and posted sensitive, private messages to public categories without encryption. In a futile attempt to combat this problem, gsend now tries to make it obvious when you're sending a public message: % gsend -c pub/test ** PUBLIC ** message in category "pub/test": (End your message with EOF or a solitary dot.) ...
Added a second interface for gsub modules, "gsubrc2", and a header file, "gale/gsubrc.h", prototyping and documenting the options.
I've only added a single feature in this version: dynamic linking of gsub formatters. On supported systems (those with a dlopen() interface, including Linux, Solaris, and hopefully others), gsub will look for "gsubrc.so" in the same places it looks for "gsubrc" (you can change the name with the new "-l" flag). It will look attempt to load this as a shared library, and look for a symbol named "gsubrc", assumed to refer to a void function which takes no arguments. It will call this function for each incoming puff, with the same environment variable settings and standard input contents as for an independent "gsubrc" process.
The installation process has changed significantly. Make sure to read the INSTALL notes!
Use of GNU autoconf for configuration and installation. This means a few short-term configuration bugs, but long-term portability, easier installation on new platforms and systems, and consistency with other freeware products.
Miscellaneous bug fixes.
I released version 0.12 "early" because some people needed some of the bug fixes in the authentication system to perform their setup. Version 0.12a contains the originally intended feature set for version 0.12.
AKD! When clients (such as "gsend") can't find a key, they now go to the net looking for it, simultaneously sending a "ping" to the user and a request to a domain server. If the user is logged in (and has not disabled return receipts), the "ping" will return a key; if the user's domain has a domain server running, it can return the key whether or not the user has logged on. The domain server can also make negative answers, authoritatively telling the client that a certain username does not exist in that domain. If the client receives no responses within 20 seconds, it gives up.
The above necessitates a new program, namely the domain server, "gdomain". This is very simple to set up; simply run it as a user with access to the domain's private keys and local key repository, and it will background itself and start working.
The gsub client now emits warnings again when it receives messages it can't decrypt. These got lost in the shuffle of the new auth system.
The new authentication system included support for multiple encryption recipients, but none of the clients made this functionality available to the user. This version adds the ability to specify multiple "-e" parameters in gsend to multiply encrypt a message.
You can also select the ID to use for signing a message via the new "-S" command-line option to gsend, without having to change GALE_ID.
The gzgw now uses the new authentication system to find the user ID to use for the Zephyr sender field. It also no longer uses the Zephyr class in the Gale instance, and folds case in the instance string.
The Web-based log display CGI, glcgi, now uses the new authentication system to display the user ID.
Return receipts are now encrypted for greater privacy.
The authentication system will now try to call a program named "gkfind" (in the usual places) to find an otherwise-absend public key, before making an AKD request (not yet implemented). You can use this as a hook for your own local key store (possibly of interest to AFS freaks); you can put a hook in "gksign" to store keys as they're generated.
Sundry bug fixes.
Versions 0.11, 0.11a and 0.11b are bug fix releases. Version 0.11, in particular, cleans up the setup process quite a bit; 0.11a incorporates some fixes to icky problems discovered quickly in 0.11. 0.11b fixes one particularly nasty bug that made gsub crash when it received messages signed by an unverifiable stub key. There are no new features here.
This version contains a time bomb! Prior to midnight, PDT, Wednesday, October 8, 1997, it will use the old authentication system. After that time, it will use the new system. Messages sent under the new system will crash old clients! Upgrade now!
AKD is not quite here, but the framework is. The transition to AKD will not break compatibility the way this version did.
This version generates and signs new-style keys. You will want to get a key for your domain signed by me (the owner of ROOT).
This version will accept both old and new-style messages. In later versions, I will phase out support for old-style authentication.
Otherwise, you should see few changes (though a great deal has changed underneath in the authentication system). No doubt a few bugs were introduced.
This version wasn't very widely distributed. I made a tarball and installed on OFB, but not UGCS.
Fixed SIGUSR1: it now properly restarts gale programs. (Before, it would sometimes kill them, sometimes have no effect.)
The gsend intro message is a little more verbose about telling you the category and encryption key (if any) in use for a message.
The server uses non-blocking sockets. This should fix the server-stuffing problems. IRIX has strange behavior with select() and sockets.
If a user-defined gsubrc returns a nonzero exit code, gsub doesn't send a receipt acknowledging the message. This means receipts are now delayed until after the gsubrc runs. This allows user gsubrc programs to indicate error conditions, or just the fact that they blocked the message.
I've removed the 256-character limit on lines in the ".gale/conf" file. Furthermore, you may break a long logical line over several physical lines; simply make sure to indent each line beyond the first with some whitespace. Here's an example (my subscription set): GALE_SUBS user/egnor:user/ofb.net/egnor:user/ugcs.caltech.edu/egnor: zephyr:pub:local/eastside:local/seattle:local/earth: ms:ofb:group/ms:group/ofb:receipt/egnor This does mean that entries must start at the left margin or have blank lines keeping them apart.
The "-l" command-line switch for the server has gone away, replaced by the "GALE_LINKS" variable. That way I'll stop forgetting to link the UGCS server to OFB. In general, this is a persistent option, and thus belongs in a variable rather than on the command line.
I've made a few fixes that should make it compile slightly easier on Solaris. It still won't build out of the box, but it should come closer.
The default gsubrc adds highlights to the header and filters out unprintable characters in the message body. This should prevent Jacques' cheesy puff-spoofing technique.
The log server handles category expressions properly now.
Daemon processes (gsub, galed, glog, etc) will now restart themselves upon receipt of a SIGUSR1 signal.
The server is now called "galed" instead of "server".
Clients now set the SO_KEEPALIVE socket option, which should help alleviate some of the client-death problems.
Gale programs now catch SIGPIPE. Writes to closed sockets can generate this; under some conditions this would cause the server to die.
I've fixed a number of bugs and rationalized some things internally. You can no longer append "@serverhost" to category lists on the command line, but you generally don't need to do that anyway.
The system configuration file has moved. It's now in /home/egnor/etc/gale/conf, and the /home/egnor/etc/gale directory mirrors the per-user .gale directories. I have a systemwide public-key repository there as well.
The standard user category for personal messages is now "user/domain/username/". Note the trailing slash; this prevents conflicts when one username is a prefix substring of another. Existing subscription lists will still work with this, of course.
The beginnings of a user location service are here. The main program is called "gwatch"; it's available in my bin directory (the sysadmins should link it into /usr/contrib shortly). Not all the features listed in the usage message work. In brief, enter gwatch -i userid [-i userid ...] to monitor logins and logouts for several users. The userid values are the usual Gale ID's, e.g. "egnor" or "tots@ofb.net". You may alternatively create a .gale/spylist file with entries like these: id bozo@ofb.net domain ugcs.caltech.edu ping public/ping The "id" entries are equivalent to the -i flag; I'll leave it up to you to figure out what the others do and their command-line equivalents. In any case, if you have such a file, it will establish your defaults if you do not specify any command-line arguments to gwatch. The gwatch program backgrounds itself and kills other copies of itself on the same tty a la gsub. Note that it will only see logins and logouts for version 0.02 (or above) gsub clients.
I can now restart everyone's gsub and gwatch programs remotely. (You can't, unless you steal my private key.) I will do this in the future when I release new versions to keep everyone in sync.
This is the first version of Gale to actually get a version number. Here are its features:
Public messages with subscriptions; private messages with cryptography.
A logger that uses the Berkeley db libraries and has a Web interface.
Zephyr gatewaying.