Final cleanup and preparation for 1.1.5

SKS-Keyserver · May 5, 2014 · d02d57f · d02d57f
1 parent 25863c4
commit d02d57f
Show file tree

Hide file tree

Showing 7 changed files with 39 additions and 11 deletions.
diff --git a/ANNOUNCEMENT b/ANNOUNCEMENT
@@ -9,13 +9,38 @@ spotty connectivity, can fully synchronize with rest of the system.
 
 What's New in 1.1.5
 ====================
-[XXXXXX]
+  - Fixes for machine-readable indices. Key expiration times are now read
+    from self-signatures on the key's UIDs. In addition, instead of 8-digit
+    key IDs, index entries now return the most specific key ID possible:
+    16-digit key ID for V3 keys, and the full fingerprint for V4 keys.
+  - Add metadata information (number of keys, number of files, 
+    checksums, etc) to key dump. This allows for information on the
+    key dump ahead of download/import, and direct verification of checksums
+    using md5sum -c <metadata-file>.  
+  - Replaced occurrances of the deprecated operator 'or' with '||' (BB issue #2)
+  - Upgraded to cryptlib-1.7 and own changes are now packaged as separate 
+    patches that is installed during 'make'. Added the SHA-3 algorithm, Keccak
+  - Option max_matches was setting max_internal_matches. Fixed (BB issue #4)
+  - op=hget now supports option=mr for completeness (BB issue #17)
+  - Add CORS header to web server responses. Allows JavaScript code to
+    interact with keyservers, for example the OpenPGP.js project.
+  - Change the default hkp_address and recon_address to making the 
+    default configuration support IPv6. (Requires OCaml 3.11.0 or newer)
+  - Only use '-warn-error A' if the source is marked as development as per
+    the version suffix (+) (part of BB Issue #2)
+  - Reduce logging verbosity for debug level lower than 6 for (i) bad requests, 
+    and (ii) no results found (removal of HTTP headers in log) (BB Issue #13)
+  - Add additional OIDs for ECC RFC6637 style implementations
+    (brainpool and secp256k1) (BB Issue #25) and fix issue for 32 bit arches.
+  - Fix a non-persistent cross-site scripting possibility resulting from 
+    improper input sanitation before writing to client. (BB Issue #26 | CVE-2014-3207)
+
 
 Note when upgrading from earlier versions of SKS
 ====================
 The default values for pagesize settings changed in SKS 1.1.4. To continue
-using an existing DB without rebuilding, explicit settings have to be
-added to the sksconf file.
+using an existing DB from earlier versions without rebuilding, explicit settings 
+have to be added to the sksconf file.
 pagesize:       4
 ptree_pagesize: 1
 

diff --git a/CHANGELOG b/CHANGELOG
@@ -1,4 +1,4 @@
-Development trunk
+1.1.5
   - Fixes for machine-readable indices. Key expiration times are now read
     from self-signatures on the key's UIDs. In addition, instead of 8-digit
     key IDs, index entries now return the most specific key ID possible:
@@ -7,7 +7,6 @@ Development trunk
     checksums, etc) to key dump. This allows for information on the
     key dump ahead of download/import, and direct verification of checksums
     using md5sum -c <metadata-file>.  
-  - OID fixes for ECC -- force int64 use (fixes issue on 32-bit systems)
   - Replaced occurrances of the deprecated operator 'or' with '||' (BB issue #2)
   - Upgraded to cryptlib-1.7 and own changes are now packaged as separate 
     patches that is installed during 'make'. Added the SHA-3 algorithm, Keccak
@@ -22,9 +21,9 @@ Development trunk
   - Reduce logging verbosity for debug level lower than 6 for (i) bad requests, 
     and (ii) no results found (removal of HTTP headers in log) (BB Issue #13)
   - Add additional OIDs for ECC RFC6637 style implementations
-    (brainpool and secp256k1) (BB Issue #25)
+    (brainpool and secp256k1) (BB Issue #25) and fix issue for 32 bit arches.
   - Fix a non-persistent cross-site scripting possibility resulting from 
-    improper input sanitation before writing to client. (BB Issue #26 | [CVE?])
+    improper input sanitation before writing to client. (BB Issue #26 | CVE-2014-3207)
 
 1.1.4
   - Fix X-HKP-Results-Count so that limit=0 returns no results, but include

diff --git a/README.md b/README.md
@@ -152,7 +152,7 @@ This file should be called `membership`, and should be stored in the
 SKS directory.  Note that in order for synchronization to work, both
 hosts have to have each other in their membership lists.  Send mail to
 <[email protected]> to get other SKS administrators to add you to
-their membership lsits.
+their membership lists.
 
 **IMPORTANT NOTE**: if you include the server itself in the membership
 file, you should make sure that you also specify the `hostname`

diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-1.1.4
+1.1.5
diff --git a/common.ml b/common.ml
@@ -47,7 +47,7 @@ let version_tuple = (__VERSION__)
 (* for Release versions, COMMONCAMLFLAGS in Makefile should include          *)
 (* '-warn-error a'. Development work should use '-warn-error A' for stricter *)
 (* language checking. This affects the Ocaml compiler beginning with v4.01.0 *)
-let version_suffix = "+" (* + for development branch *)
+let version_suffix = "" (* + for development branch *)
 let compatible_version_tuple = (0,1,5)
 let version =
   let (maj_version,min_version,release) = version_tuple in

diff --git a/sks.pod b/sks.pod
@@ -110,6 +110,10 @@ Seed used by RNG.
 
 Current hostname.
 
+=item -nodename
+
+Current nodename.
+
 =item -d
 
  Number of keys to drop at random when synchronizing.

diff --git a/wserver.ml b/wserver.ml
@@ -366,7 +366,7 @@ let accept_connection f ~recover_timeout addr cin cout =
         | Bad_request s ->
             ignore (Unix.alarm recover_timeout);
             plerror 2 "Bad request %s: %s"
-              (request_to_string_logdepend request) (HtmlTemplates.html_quote s);
+              (request_to_string_logdepend request) s;
             let output = HtmlTemplates.page ~title:"Bad request"
                  ~body:(sprintf "Bad request: %s" (HtmlTemplates.html_quote s))
             in