mirrors/rage
1
0
Fork 0
mirror of https://github.com/str4d/rage.git synced 2025-04-04 11:27:43 +03:00
Code Issues Projects Releases Packages Wiki Activity

Changelog updates

Browse source
This commit is contained in:
Jack Grigg 2021-03-14 21:23:22 +13:00
parent 083284eeed
commit 8fc525b86a
3 changed files with 14 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

16
age-core/CHANGELOG.md
View file

@ -7,6 +7,14 @@ and this project adheres to Rust's notion of
to 1.0.0 are beta releases.
## [Unreleased]
### Security
- `age_core::primitives::aead_decrypt` now takes a `size` argument, checked
against the plaintext length. This is to mitigate multi-key attacks, where a
ciphertext can be crafted that decrypts successfully under multiple keys.
Short ciphertexts can only target two keys, which has limited impact. See
[this commit message](https://github.com/FiloSottile/age/commit/2194f6962c8bb3bca8a55f313d5b9302596b593b)
for more details.
### Added
- `age_core::format::FILE_KEY_BYTES` constant.
- `age_core::plugin` module, which contains common backend logic used by both
@ -23,14 +31,6 @@ to 1.0.0 are beta releases.
API `age_core::format::read::legacy_age_stanza` accepts either kind of stanza
body encoding (the legacy minimal encoding, and the new explicit encoding).
### Security
- `age_core::primitives::aead_decrypt` now takes a `size` argument, checked
against the plaintext length. This is to mitigate multi-key attacks, where a
ciphertext can be crafted that decrypts successfully under multiple keys.
Short ciphertexts can only target two keys, which has limited impact. See
[this commit message](https://github.com/FiloSottile/age/commit/2194f6962c8bb3bca8a55f313d5b9302596b593b)
for more details.
## [0.5.0] - 2020-11-22
### Added
- Several structs used when implementing the `age::Identity` and

3
age/CHANGELOG.md
View file

@ -41,6 +41,9 @@ to 1.0.0 are beta releases.
### Changed
- MSRV is now 1.47.0.
- `age::cli_common::file_io::OutputWriter::File` will now *overwrite* the file
if it exists, instead of returning an error. This makes it consistent with
`age::cli_common::file_io::OutputWriter::Stdout`, as well as most UNIX tools.
- Files encrypted with this version of `age` might not decrypt with previous
beta versions, due to changes in how stanza bodies are canonically encoded.
This should only affect a small fraction of files (if grease that triggers the

3
rage/CHANGELOG.md
View file

@ -21,6 +21,9 @@ to 1.0.0 are beta releases.
### Changed
- MSRV is now 1.47.0.
- `-o/--output` will now *overwrite* existing files instead of returning an
error. This makes the behaviour consistent with most UNIX tools, as well as
when using pipes.
- Files encrypted with this version of `rage` might not decrypt with previous
beta versions, due to changes in how stanza bodies are canonically encoded.
This should only affect a small fraction of files (if grease that triggers the