ChangeLog
=========
# 0.4.0
- Support GNU coreutils format for checksums in addition to the BSD
format.
- Improve confirm passphrase prompt usability by attempting three times
before bailing out.
- Improve passphrase prompt usability by looping through the prompt
until user enters a strong enough passphrase rather than bailing out
on first error.
- Enforce password strength using
[`zxcvbn`](https://crates.io/crates/zxcvbn) crate; reject weak
passphrases with actionable feedback.
- Fix CLI argument validation to be compatible with the reference
implementation.
- Remove the insecure key auto-locate functionality.
- Print help after CLI errors.
- Set Memory-Deny-Write-Execute refuse-exec-gain flag on Linux.
- Harden file opens to check for safe filenames using [David A.
Wheeler's Safename Linux Security Module (LSM)
rules](https://dwheeler.com/essays/fixing-unix-linux-filenames.html).
# 0.3.0
- Harden open() with _openat2_(2) on Linux and `O_NOFOLLOW` on Unix.
- Support embedded signing from standard input to standard output.
# 0.2.0
- Generate deterministic signatures bit-exact with the reference
implementation.
# 0.1.3
- Set no-new-privileges (NNP) bit on Linux, and Android.
- Confine using _landlock_(7) on Linux and Android.
- Confine using _pledge_(2) and _unveil_(2) on OpenBSD.
- Confine using _capsicum_(4) on FreeBSD.
- Set resource limits for confinement on UNIX.
- Port to WASM.
# 0.1.2
- Extract library code into
[`libsignify-rs`](https://crates.io/crates/libsignify-rs) crate.
# 0.1.1
- Write unit tests, property based tests, and
[AFL++](https://aflplus.plus/) fuzz tests to ensure code correctness.
- Compile _keyrings_(7) support by default on Linux and Android, and
remove the `keyring` feature.
- Port OpenBSD regression tests and fix issues related to CLI option
parsing spotted by them.
- Use a 1KB buffer rather than 4KB for password input which is
consistent with OpenBSD.
# 0.1.0
- Initial public release.