Skip to content

Latest commit

 

History

History
736 lines (535 loc) · 37.1 KB

CHANGELOG.md

File metadata and controls

736 lines (535 loc) · 37.1 KB

Changelog

All notable changes to this project will be documented in this file.

This project adheres to Semantic Versioning, except that – as is typical in the Rust community – the minimum supported Rust version may be increased without a major version increase.

Since version 0.36.2, the format of this changelog is based on Keep a Changelog.

24 October 2024

Documented

  • Update API documentation (#621)

17 October 2024

Fixed

  • Adds identified RangeType to region of interest (#631)

15 October 2024

Fixed

  • Harden SDK against attempting buffers that are too large (#628)

07 October 2024

Fixed

  • Changelog contained duplicate entries for 0.16.1 (#618)

07 October 2024

  • No-op change to start using release-plz to manage releases

0.36.1

04 October 2024

  • fix: Make sure algorithm is being respected in data_hash.rs (#613)
  • fix: Make sure RSTn segment names are included in the data box hashes list (#612)
  • Update mp4 requirement from 0.13.0 to 0.14.0 in /sdk (#595)
  • chore: Add m4a test (#606)
  • fix: Write absolute urls to manifest store resource references. (#603)
  • doc: Removes xmp_write feature from README.md.
  • chore: Remove deprecated actions-rs/clippy-check action (#601)
  • chore: bump stefanzweifel/git-auto-commit-action from 4 to 5 (#600)
  • chore: bump actions/github-script from 3 to 7 (#599)
  • chore: bump paulhatch/semantic-version from 5.2.1 to 5.4.0 (#598)
  • chore: Use Dependabot to upgrade GitHub Actions steps (#597)
  • chore: Fix dependabot issues (#594)
  • Fixes issue where nested assertion-uri-hash errors were being reported at the active manifest level. (#593)
  • Feature/add content length to tsa request (#587)

0.36.0

23 September 2024

  • (MINOR) ensures release bumps minor version (#592)
  • fix: requires "StatusTracker" to implement "Send" (#589)

0.35.1

17 September 2024

  • Fix error when trying to sign BMFF content with Builder. (#582)

0.35.0

12 September 2024

  • upgrades to riff@2.0.0, preventing panic on invalid riff files (#579)
  • EC signature DER support (#581)
  • Update base64 requirement from 0.21.2 to 0.22.1 in /sdk (#519)
  • (MINOR) Rust API enhancements and fixes. (#575)
  • Fix GIF off by one with XMP (#562)

0.34.0

30 August 2024

  • (MINOR) Fragmented BMFF media (#572)

0.33.4

29 August 2024

  • Depend on url crate version 2.5.2 or newer (#573)

0.33.3

17 August 2024

  • Inline certs for wasm test signer (#564)

0.33.2

15 August 2024

  • Bmff write fix (#552)
  • Fix remote embedding RIFF when specifying mime type (#551)
  • Fix data hash out of bounds when using placeholder beyond stream length (#546)
  • Adds embeddable apis and remote_url/no_embed options (#537)
  • export_schema: add unstable_api feature (#542)
  • Ingredient checks (#529)
  • Add base_path field to Builder (#539)
  • Export AssertionDefinition and ActionTemplate in public API (#522)

0.33.1

30 July 2024

  • Use timestamp with OpenSSL validation to prevent check chain check er… (#531)
  • Fix GIF remove_cai_store_from_stream behavior (#524)

0.33.0

26 July 2024

  • Update crate to fix bad certificate dump content (#525)
  • Introduce a mutex around the FFI calls to OpenSSL (#516)
  • Bump bcder minimum version to 0.7.3 (#526)
  • (MINOR) Updates needed for v2 JavaScript SDK (#521)
  • Add region of interest assertion definition (#506)
  • Fix CI tests (#520)
  • Builder Archive update (#507)
  • Update range-set requirement from 0.0.9 to 0.0.11 in /sdk (#442)
  • Make sure reading past end of JUMBF box is an error (#518)
  • added final details (#517)

0.32.7

18 July 2024

  • Ensure Ingredient data_types make it to the store and back. (#514)
  • draft security md (#508)
  • Make data_types field optional when serializing data-box-map (#512)
  • Fix box hash placeholder len (set to 1) (#511)
  • Set data box placeholder len to at least 1 for GIF (#510)
  • Rewind mp3 streams when reading/writing (#509)
  • Update README.md (#351)
  • Add GIF support (#489)
  • Update image requirement from 0.24.7 to 0.25.1 in /make_test_images (#445)
  • Upgrade uuid to 1.7.0 & fix removed wasm-bindgen feature (#450)
  • Expose SignatureInfo publicly (#501)
  • Cleanup empty/unused files + lints (#500)

0.32.6

15 July 2024

  • Fetching of databoxes must always use HashedURI to enforce hash checks. (#505)
  • Temporarily allow unused JsonAssertionData to fix unused error in CI (#498)
  • Add remote manifest support to MP3 (#496)

0.32.5

28 June 2024

  • (PATCH) ensures temp files are removed (#494)
  • Update async_generic to 1.1 (#493)

0.32.4

25 June 2024

  • Add data_type (future) to Ingredient_V2 (#490)
  • Let's not assume that third-party assertions are using serde_cbor (#491)

0.32.3

24 June 2024

  • External placed manifest (#472)
  • Support metadata field in claims. (#488)

0.32.2

19 June 2024

  • Add iterators over manifests and resources in unstable API (#482)
  • OCSP certificate should be valid at signing time (#481)
  • url crate version 2.5.1 introduces new license "Unicode-3.0" (#483)
  • Implement Debug w/ detailed manifest for Reader (#473)
  • Bump MSRV to 1.74 (#478)
  • Allow empty Merkle proof for last leaf node. (#470)

0.32.1

10 May 2024

  • Steps toward removing RemoteSigner APIs. (#466)

0.32.0

07 May 2024

  • (Minor) Additional unit tests and fixes for injection (or previously untested) issues. (#464)
  • Expose authoring support in WASM (#369)
  • Move signer to first parameter on Builder.sign (#457)
  • Gpeacock/embed_remote_settings (#460)
  • (MINOR) Removes xmp_write feature and xmp_toolkit (#461)
  • Async Signer: add support for async OCSP call (#458)
  • Use cargo test in CI (#459)
  • (MINOR) Initial V2 API work (#437)

0.31.3

05 April 2024

  • Add video/quicktime to the list of BMFF MIME types (#441)
  • Streaming XMP write support for PNG (#439)

0.31.2

03 April 2024

  • Fixed temp file auto delete (#438)
  • Add Sync trait to TrustHandlerConfig (#440)
  • remove file_io dependency on fetch_remote_manifests (#434)
  • Remove verify after signing when compiling without openssl (#404)
  • Streaming write support for BMFF (#435)
  • Added support for XMP streaming writes for TIFF/DNG (#433)
  • Implements embed_reference_to_stream for jpeg (#430)

0.31.1

25 March 2024

  • Adds Action changes field as option vec of serde_json value (#431)

0.31.0

13 March 2024

  • (MINOR) Adds Send trait to TrustHandlerConfig (#426)

0.30.3

12 March 2024

  • Roll back rasn-* version requirements since 0.12.6 was yanked (#425)

0.30.2

12 March 2024

  • Adds a Manifest::composed manifest method (#424)
  • Allow cert dump to work in WASM (#420)
  • Update minimum dependency of rasn-* crates (#423)

0.30.1

08 March 2024

  • Fix include_byte references that were not available in external crate builds

0.30.0

08 March 2024

  • (MINOR) Remove testing function that was inadvertently public (#421)

0.29.3

08 March 2024

  • Trust support (#415)

0.29.2

08 March 2024

  • add a thumb resource when referencing an embedded uri (#419)

0.29.1

07 March 2024

  • Adds Manifest.remote_manifest_url() (CAI-5437) (#418)
  • Fix use of deprecated method chrono::NaiveDateTime::timestamp (#417)
  • Fix up some random typos. (#353)

0.29.0

26 February 2024

  • SDK configuration settings support (infrastructure) (#408)
  • Support streaming writes for TIFF (#410)
  • Fixed typo in comment (#409)
  • (MINOR) Update xmp_toolkit to v1.7.1, remove Ring dependency, fix build errors (#407)
  • Crate udate to fix jpeg parsing error (#402)
  • allows builds to pass (#403)
  • Ocsp support (#371)

0.28.5

06 February 2024

  • Finish async signing implementation for cose_sign (#370)
  • adds read_cai test for PDF with content credentials (#366)
  • [IGNORE] README edits (#356)
  • Update ci.yml
  • Remove deprecated twoway crate (#361)
  • Fix response strings for BMFF and Box hash statuses (#360)
  • Restore correct 1.3 CoseSign1 headers (#359)
  • Openssl update to version 3.x (#357)
  • Add support for ARW and NEF (#355)

0.28.4

04 December 2023

  • CAI-5041 Clear Windows temp attribute (#352)

0.28.3

22 November 2023

  • Remove Blake3 dependency from c2pa-rs (#348)

0.28.2

21 November 2023

  • Fix PDF reading of manifest from wrong key (#346)

0.28.1

17 November 2023

  • readme update (#345)
  • Add support for embeddable manifests with RemoteSigner (#344)
  • Blake build fix (#343)
  • Update image crate dependency and limit features (#341)
  • Bump xmp_toolkit requirement to 1.6 (#339)
  • Disable Windows builds with latest Rust version (#342)

0.28.0

01 November 2023

  • (PATCH) switches af relationship for a reference to the c2pa data to an array of references, one of which is the c2pa spec (#333)
  • Restore async versions of embed functions (#327)
  • (MINOR) Support databox thumbnails CAI-4142 (#325)
  • (MINOR) Reuse claim thumbnail as ingredient thumbnail if the store is valid (#322)
  • (MINOR) Use JUMBF URIs for ManifestStore identifiers (#323)
  • Add ManifestStore::from_stream (#319)
  • Adds embed_to_stream (#313)

0.27.1

04 October 2023

  • Support for validating JPEGs that contain MPF (multi-picture format). (#317)
  • Add ability to customize HTTP headers on timestamp request to Signer and AsyncSigner traits (#315)
  • Add all of the MIME types that are associated with WAV files (#316)
  • Allow MS_C2PA_SIGNING OID to pass (#314)

0.27.0

29 September 2023

  • supports removal of manifests from pdf (#312)
  • Support for MP3 (#295)
  • (MINOR) Signer can call timestamp authority directly (#311)
  • implements pdf read support (#309)

0.26.0

13 September 2023

  • Add support for default SVG MIME type (#305)
  • Support for writing and reading manifest data from simple PDFs (without incremental updates or signatures) (#249)
  • Increase actix requirement to 0.13.1 (#304)
  • (MINOR) Expose HashRange (#300)
  • Lock openssl-sys version to 0.9.92 (#302)
  • Update links to C2PA spec to 1.3 (#292)
  • Error saving stream writes (#290)
  • Fix for overly harsh checks when checking Merkle trees. (#289)

0.25.2

02 August 2023

  • Adds a way to force no claim thumbnail generation (#288)
  • adds ManifestStoreReport::cert_chain_from_bytes (#286)

0.25.1

14 July 2023

  • Expose DataHash and BoxHash to public SDK (#284)
  • Remove debug statement (#283)

0.25.0

14 July 2023

  • (MINOR) User, UserCbor and Uuid assertions removed from SDK (#141)
  • Fix for #195 make_test_images missing ingredient references (#254)
  • Return ResourceNotFound instead of NotFound for resource get (#279)
  • (MINOR) Minor improvements for Wasm and Node.js interoperability (#276)
  • Fix iloc extent_offsets when offset_size is 0 (#277)
  • (MINOR) Converts DataHash and BoxHash methods to use RemoteSigner instead of AsyncSigner (#280)
  • (MINOR) Embeddable manifest support (#266)
  • Repair CI tests (#278)

0.24.0

21 June 2023

  • (MINOR) force minor version change (#273)

0.23.3

21 June 2023

  • Bump minor version and update README.md (#272)
  • Updates (#270)
  • Add Send to CAIRead trait so that it can be used across threads (#271)
  • Generate old COSE headers for temporary backwards support (#269)

0.23.2

19 June 2023

  • Fix for returning input stream data when using embed_from_memory (#268)

0.23.1

13 June 2023

  • Remove no-default ci test (#259)
  • includes the cert serial number in the ValidationInfo output (#263)
  • adds ManifestStoreReport::cert_chain (#265)
  • Update Timestamp message imprint to include entire protected header (#264)

0.23.0

09 June 2023

  • Box hash support (#261)
  • Fix timestamp Accuracy decoding (#262)
  • Make remote manifest handling consistent across input types (#260)
  • (MINOR) Support for Ingredients V2 and Actions V2 (#258)
  • Generate and validate 1.3 Cose signatures (#256)
  • Add type exports via JSON Schema (#255)
  • Bmff v2 (#251)

0.22.0

18 May 2023

  • (MINOR) Improved Remote Manifest handling (#250)
  • Riff streaming support (#248)

0.21.0

04 May 2023

  • (MINOR) Added ResourceNotFound error (#244)

0.20.3

03 May 2023

  • backed out calls to set_memory_thumbnail (#243)
  • Revert "backed out calls to set_memory_thumbnail"
  • backed out calls to set_memory_thumbnail This was causing thumbnail files to not be generated.

0.20.2

24 April 2023

  • Fixes bug in Ingredient_from_stream_info (#241)

0.20.1

20 April 2023

  • Ingredient async and thumbnail support (#240)
  • Update actix requirement from 0.11.0 to 0.13.0 in /sdk (#209)
  • Update uuid requirement from 0.8.1 to 1.3.1 in /sdk (#237)
  • Upgrade x509-parser to 0.15.0 (#229)
  • Add support for ARM on Linux (#233)

0.20.0

05 April 2023

  • (MINOR) SVG support (#226)
  • (MINOR) Update several X509-related crate dependencies (#225)
  • Update thiserror to 1.0.40 in /sdk (#223)
  • Avoid chrono's transitive dependency on time crate (#222)
  • Require openssl >0.10.48 to address multiple RUSTSEC warnings (#221)
  • Apply code format to doc comments (#220)

0.19.1

28 March 2023

  • Update README (#215)

0.19.0

23 March 2023

  • Makefile update (#213)
  • Streaming enhancement (#212)
  • Adds base_path_take to ResourceStore (#205)
  • Add write support for HEIC, HEIF, AVIF (#210)
  • (MINOR) Riff support with refactored AssetIO (#203)
  • (MINOR) Resource format and is_parent / relationship changes (#202)
  • Fix hash algo warning in Wasm and hashing for RSA-PSS SHA-384/512 (#206)
  • Derive impl of Default for Relationship enum (#204)

0.18.1

07 March 2023

  • Update Validation Status codes (#200)
  • Fix async path to support ingredient box hashing (#201)

0.18.0

02 March 2023

  • Fix issue where value was inadvertently included in Exclusion structure (#197)
  • (MINOR) Bump MSRV to 1.63.0 (#198)
  • Fixed unit test failure (invalid unique name generation). (#190)

0.17.0

22 February 2023

  • Disable mdat exclusion (#187)
  • Bmff v2 (#186)
  • Fix for using non-c2pa segment when add required segments (#185)
  • Update Ingredient and VC hashes to 1.2 spec (#184)
  • (MINOR) Create a ResourceStore for binary assets (#180)
  • Fix Clippy warnings from new Rust 1.67 (#182)
  • Visualizations (#163)

0.16.1

19 December 2022

  • Update xmp-toolkit from 0.6.0 to 1.0.0 (#165)
  • Address new Clippy warnings for Rust 1.66 (#164)
  • Create external manifests for unknown types (#162)

0.16.0

03 December 2022

  • Updates some cargo dependencies (#159)
  • makes manifest#add_redaction public; adds test (#156)
  • Fixes support for instanceId on action and generate parameters.ingredient field when possible (#158)
  • Support digitalSourceType field in Action (#154)
  • (MINOR) Add sign feature for signing manifests without file I/O (#125)
  • TIFF/DNG support (#152)

0.15.0

09 November 2022

  • Fix bad error response when manifest is stripped (#153)
  • (MINOR) Bump MSRV to 1.61 (#142)
  • Fix new Clippy warnings generated by Rust 1.65 (#151)
  • Build infrastructure improvements (#150)
  • Fix manifest.set_thumbnail when add_thumbnails is enabled (#148)
  • Fix for XMP links being mistaken for remote URLs (#147)
  • Upgrade xmp_toolkit to 0.6.0 (#146)
  • create jpeg thumbnails for pngs without alpha (#145)
  • Add test_embed_with_ingredient_err (#134)

0.14.1

04 October 2022

  • Add homepage and repository links to crates.io (#132)
  • Add Exif Assertion support (#140)

0.14.0

23 September 2022

  • (MINOR) Remove previously embedded manifests for remote manifests (#136)
  • (MINOR) Add support for manifest removal (#123)

0.13.2

21 September 2022

  • manifest_data was missing for remote manifests (#135)

0.13.1

13 September 2022

  • Add ManifestStore::from_manifest_and_asset_bytes_async (#130)

0.13.0

26 August 2022

  • Add RemoteManifestUrl Error, returning url (#120)
  • Convert status_log error val to a string so that we can return full errors (#121)
  • Report failures from remote manifest fetch (#116)
  • Fast XMP extraction from PNG (#117)
  • Bump MSRV to 1.59.0 (#118)
  • Make sure there is a single manifest store in the asset (#114)
  • (MINOR) Switch to "lib" for crate-type (#113)

0.12.0

16 August 2022

  • Update C2PA manifest store mime type (#112)
  • Updates Manifest API to support remote and external manifests (#107)
  • Support validating remote and external manifest stores (#108)
  • Fix build error when xmp_write is not defined (#105)
  • Fix box order for BMFF (#104)
  • Added support for external manifests (#101)

0.11.3

03 August 2022

  • Remove inadvertent 1.0.0 release from changelog (#97)
  • Treat 'meta' box as standard container (#95)
  • Fix for sign_claim masking error (#96)

0.11.1

01 August 2022

  • Bug fix: Ingredients with valid claims not reporting correct thumbnails (#94)
  • Update make_test_images to use timestamp authority (#90)
  • Fix bad response for case when there is no timestamp (#89)

0.11.0

21 July 2022

  • (MINOR) Add support for remotely generated CoseSign1 signatures (#87)
  • Optimize performance of large assets (#84)

0.10.0

20 July 2022

  • Add Unicode license to allow-list (#85)
  • (MINOR) IngredientOptions allow override of hash and thumbnail generation; image library is now a default feature (#79)

0.9.1

19 July 2022

  • Fix publish workflow (#82)

0.9.0

19 July 2022

  • (MINOR) Introduce a new SigningAlg enum (#76)
  • Support for asynchronous signing of claims (#57)
  • Adds an add_validation_status method to Ingredient (#68)

0.8.1

15 July 2022

  • Use rsa crate for RSA-PSS verification in Wasm (#77)

0.8.0

15 July 2022

  • Add a new API to provide access to COSE signing logic for external signers (#75)
  • (MINOR) Move crate-level functions for creating signers to new public create_signer mod (#72)

0.7.2

14 July 2022

  • Fix broken documentation build (#74)

0.7.1

14 July 2022

  • Configure docs.rs to include feature-gated items (#73)
  • Update XMP Toolkit to 0.5.0 (#71)
  • Refactor code to limit memory usage and remove data copies during hash generation (#67)

0.7.0

29 June 2022

  • (MINOR) Return specific errors for FileNotFound and UnsupportedType (#62)

0.6.1

28 June 2022

  • Fix up changelog noise
  • Fix bug with multiple ingredients in Manifest::from_store (#61)

0.6.0

28 June 2022

  • (MINOR) Initial BMFF support (#39)

0.5.2

23 June 2022

  • Return assertion instance values starting at 1 instead of 2 (#60)

0.5.1

22 June 2022

  • Update thumbnail to be Vec<u8>, add serialization feature (#59)
  • Adds xmp_write feature to make xmp-toolkit inclusion optional (#53)

0.5.0

20 June 2022

  • (MINOR) Add asset attribute getters for manifest (#56)
  • (MINOR) Remove temp_signer from sdk; update docs and examples to use get_signer_from_files (#52)
  • (MINOR) Clean up client example; update actions and schema (#51)

0.4.2

16 June 2022

  • Fix bug in updating crate reference in README (#50)

0.4.1

16 June 2022

  • Fix bug in Cargo.toml updates (#49)

0.4.0

16 June 2022

  • Add status badges for CI validation, crates.io, and code coverage (#46)
  • Remove self-signed end-entity cert support (#48)
  • Add rustfmt toml to get edition 2018 formatting (#36)
  • (MINOR) Update from_bytes(_async) to return a Result (#43)
  • Adjust temp signer reserved sizes to account for large timestamps (#45)
  • Fix bug in verify_from_buffer (#44)
  • Remove cargo edit from publish workflow (#42)
  • Apply fix from c2patool publish workflow (#40)
  • Remove need for using OpenSSL to generate certs by using pre-generated certs (#41)
  • Update README and pull request template with formatting changes (#38)

0.3.0

08 June 2022

  • Make most jumbf_io functions crate private and move Store dependencies to Store (#37)
  • Remove c2patool source now that it's in its own repo (#35)
  • (MINOR) Update ManifestAssertion supporting instances (#34)
  • Export top level signing functions, hide other signature details (#32)
  • Add documentation for the Actions and Metadata assertions (#30)
  • Rework how c2patool is configured (#28)
  • Convert make_tests into a scriptable engine; rename to make_test_images (#29)
  • Update thiserror requirement from >= 1.0.20, < 1.0.26 to >= 1.0.20, < 1.0.32 in /sdk (#9)
  • Update base64 requirement from 0.12.2 to 0.13.0 in /sdk (#10)
  • Update range-set requirement from 0.0.7 to 0.0.9 in /sdk (#13)
  • Make Assertions opaque in the public SDK (#22)
  • Update c2pa requirement from 0.1 to 0.2 in /c2patool (#23)

0.2.0

26 May 2022

  • Fix dependency reference from c2patool crate to c2pa crate (#21)
  • (MINOR) Detailed API review for Ingredient struct (#17)

0.1.3

26 May 2022

  • Publish c2patool crate (#20)
  • Improve documentation (#14)

0.1.2

26 May 2022

  • No-op change to verify correct handling of PR numbers (#19)
  • Fix error in formatting changelog
  • Fix missing links in changelog

0.1.1

26 May 2022

  • Add Makefile for local testing (#18)
  • Add workflow for automatically releasing c2pa crate (#16)
  • Reduce fixtures size (#15)
  • Add codecov.io integration (#4)
  • Configure dependabot (#8)
  • Configure dependabot (#7)
  • Remove unnecessary steps from cargo-deny job (#6)
  • Update to latest GH Actions checkout action (#5)
  • Change ring license hash to decimal (#3)

0.1.0

23 May 2022

  • Initial public release