ChangeLog.md (8937B)
1 # Tomb ChangeLog 2 3 ## 2.4 4 ### April 2017 5 6 This release introduces a major new feature with support for 7 asymmetric encryption of Tomb keys using public/private GPG key 8 pairs. It is now possible to protect a Tomb key using a GPG key (which 9 can also be password-less for automations) as well encrypt a Tomb key 10 for multiple recipients (list of GPG ids). Other improvements include: 11 a fix to the 'slam' command with better detection of running programs 12 using 'lsof' (new optional dependency); a fix to 'forge' key creation 13 to really use 512 bits long keys to really trigger usage of AES256; 14 correct support for opening tombs in read-only mode; update of the 15 Tomber python wrapper in extras. Documentation has been updated. 16 17 ## 2.3 18 ### January 2017 19 20 Fix to bug occurring when using ZSh version 5.3 or higher. Fix to 21 inclusion of final newline in keys generated with 2.2, only affecting 22 third-party software. Removed chmod/chown of tombs when open. Enhanced 23 continuous integration script with regression tests with usage of old 24 stable versions of Tomb and shellcheck linting. Improved parser and 25 post-hooks to avoid usage of external binaries (grep and cat) also 26 improving security when decrypting keys. Fix for clean execution via 27 sudo nopasswd. Updated extras/gtomb to latest stable version. Various 28 documentation updatesabout kdf, using images as keys, deniability and 29 gpg-agent usage. New experimental port to Android platforms in extras. 30 31 ## 2.2 32 ### December 2015 33 34 New Qt5 desktop tray in extras/qt-tray. 35 New Zenity based Gtk interface in extras/gtomb (experimental). 36 Better resizing procedure recovers from failure without starting over 37 with a new dig. Fixes for correct handling of bind-hooks mountpoints 38 containing whitespaces, implying a refactoring of how the mtab is 39 parsed, along with workaround for Debian bugs. Updated all strings to 40 report MiB sizes. Fix to correctly show last time opened. Fix to EUID 41 detection and to installed manpage permissions. 42 43 ## 2.1.1 44 ### August 2015 45 46 Added translations to Italian and Swedish. 47 Minor documentation updates. 48 49 50 ## 2.1 51 ### July 2015 52 53 All users updating should close their tombs first, then update and 54 reopen them with this new version. However, lacking to do so will not 55 cause any data loss, just an unclean umount of tombs. 56 57 This new stable release including several bugfixes to smooth the user 58 experience in various situations. Documentation is reviewed and 59 extended and translations are updated. 60 61 More in detail, fixes to: mountpoint removal, language localization, 62 gtk-2 pinentry themeing, udisk2 compatibility (/run/media/$USER 63 mountpoint support), handling of key failures, kdf documentation, 64 swish-e file contents search and encrypted swap detection. 65 66 Deniability is improved by allowing any filename to be used for tombs 67 (also without .tomb extension). Code has been overall cleaned up. 68 69 70 ## 2.0.1 71 ### December 2014 72 73 Fix for usage with GnuPG 1.4.11, a problem affecting long term 74 GNU/Linux distribution releases like Ubuntu 12.04 and Mint 13. 75 Minor messaging fixes. 76 77 ## 2.0 78 ### November 2014 79 80 Tomb goes international: now translated to Russian, French, Spanish 81 and German. 82 83 The usability has improved: steganographed images can now be used 84 directly as keys using `-k`. Tomb now works also across ssh 85 connections: it is possible to pipe cleartext secrets from stdin using 86 `-k cleartext` but that requires the --unsafe flag. 87 88 The security is also improved by avoiding most uses of temporary 89 files. The privilege escalation model has been simplified and sudo is 90 called only when needed. All code has been refactored for readability 91 and integration with zsh features. Signal handlers are now in place, 92 global arrays are used to keep track of temp files. Namespace has been 93 revisioned and corrected, described in [HACKING](docs/HACKING.txt). 94 95 ## 1.5.3 96 ### June 2014 97 98 Various usability fixes and documentation updates. Password changing 99 and key changing procedures have been refactored and dev-mode 100 operation from scripts has been tested against a few new wrappers 101 being developed. A strings file is made available for translators. 102 103 ## 1.5.2 104 ### February 2014 105 106 Removed automatic guessing of key file besides tomb to encourage 107 users to keep tomb and key separated, but also to simplify the 108 code in key retrieval and avoid a bug occurring in the previous 109 version. 110 111 ## 1.5.1 112 ### February 2014 113 114 Fix to stdin piping of keys, which were not correctly processed 115 nor were deleted from volatile memory (tmpfs). 116 117 Version is now updated accordingly. 118 119 ## 1.5 120 ### January 2014 121 122 Minor bugfixes to documentation, error handling, support for 123 multiple and encrypted swap partitions and qr code engraving. 124 125 This release also includes some minor code refactoring of 126 load_key() and loop mount checks. Also the tray app is updated 127 to gtk-3 and works simply with a tomb name as argument. 128 129 Documentation was updated accordingly. 130 131 ## 1.4 132 ### June 2013 133 134 This release fixes an important bug affecting Tomb 1.3.* which 135 breaks backward compatibility with older tombs and invalidates 136 keys created using 1.3 or 1.3.1. For more information about it 137 read the file KNOWN_BUGS. 138 139 New features are also included: 140 indexing and search of file contents, engraving of keys into paper 141 printable QRCodes for backup purposes and improvements in key 142 encryption. A setkey command is added to change the key file that 143 is locking a Tomb. 144 145 This release restores backward compatibility 146 with tombs created before the 1.3 release series. 147 148 ## 1.3.1 (DEPRECATED, see [KNOWN_BUGS](KNOWN_BUGS.md)) 149 ### June 2013 150 151 Major bugfixes following the recent refactoring. 152 153 This release fixes various advanced commands as search/index, KDF key 154 protection against dictionary attacks and steganographic hiding of 155 keys. It provides compatibility across GnuPG 1.4.11 and .12 which 156 broke the decoding of keys. Usage of commandline option is made 157 consistent and full paths are honored. 158 159 A new test suite is included and documentation is updated accordingly. 160 161 ## 1.3 (DEPRECATED, see [KNOWN_BUGS](KNOWN_BUGS.md)) 162 ### May 2013 163 164 A refactoring of Tomb's main script internals was made, including 165 a new messaging system, machine parsable output, cleaner code and 166 updated compatibility to Debian 7. A new search feature lets users 167 index and run fast filename searches in their open tombs. Creation 168 of tombs is broken out in three steps (dig, forge and lock). 169 170 Source distribution includes experimental add-ons for a python 171 GUI, KDF key encryption and a key "undertaker". Documentation was 172 updated. 173 174 175 ## 1.2 176 ### Nov 2011 177 178 Includes an Important fix to password parsing for spaces and 179 extended chars, plus a new 'passwd' command to change a key's 180 password. Tomb now checks for swap to avoid its usage (see SWAP 181 section in manpage) and warns the user when the tomb is almost 182 full. 183 184 ## 1.1 185 ### May 2011 186 187 Fixes to mime types, icons and desktop integration. 188 189 A new 'list' command provides an overview on all tombs currently open. 190 191 Now a tomb cannot be mounted multiple times, the message console has 192 colors and better messages. 193 194 Different mount options (like read-only) can also be specified by hand on the commandline. 195 196 ## 1.0 197 ### March 2011 198 199 Clean and stable. Now passwords are handled exclusively using 200 pinentry. Also support for steganography of keys (bury and exhume) 201 was added to the commandline. 202 203 Commandline and desktop operations are well separated so that tomb can be used via remote terminal. 204 205 A new command 'slam' immediately closes a tomb killing all processes that keep it busy. 206 207 ## 0.9.2 208 ### February 2011 209 210 The tomb-open wizard now correctly guides you through the creation 211 of new tombs and helps when saving the keys on external USB 212 storage devices. The status tray now reliably closes its tomb. 213 214 ## 0.9.1 215 ### February 2011 216 217 Sourcecode cleanup, debugging and testing. 218 219 Integrated some feedback after filing Debian's ITP and RFS. 220 221 ## 0.9 222 ### January 2011 223 224 Tomb is now a desktop application following freedesktop standards: 225 it provides a status tray and integrates with file managers. 226 227 The main program has been thoroughly tested and many bugs were fixed. 228 229 ## August 2010 230 231 The first usable version of Tomb goes public among hacker friends 232 233 ## During the year 2009 234 235 Tomb has been extensively tested, perfectioned and documented 236 after being used by its author. 237 238 ## Sometime in 2007 239 240 [MKNest](http://code.dyne.org/dynebolic/tree/dyneII/startup/bin/mknest) 241 was refactored to work on the Debian distribution and since 242 then renamed to Tomb. [dyne:bolic](http://www.dynebolic.org) specific dependencies where 243 removed, keeping Zsh as the shell script it is written with. 244 245 ## Back in 2005 246 247 The "nesting" feature of [dyne:bolic](http://www.dynebolic.org) 248 GNU/Linux lets users encrypt their home in a file, using a shell script and a graphical 249 interface called Taschino. 250 251 Taschino included a shell script wrapping cryptsetup to encrypt 252 loopback mounted partitions with the algo AES-256 (cbc-essiv 253 mode): this script was called 'mkNest' and its the ancestor of 254 Tomb.