0.0.1 - 16th May 2002.

* First release.
* Merges gpgstats 0.0.2 (never released).

0.0.2 - 28th May 2002.

* Added support for subpacket type 0x83 (critical key expiration)
* Fixed bug in parsing of one byte new format packet length.
* Added support for 4 byte old format packet lengths.
* Changed various error statements to output to stderr instead of stdout.
* Fixed bug in deleting keys in Postgres backend.
* Moved code to merge a list of keys to merge.c and changed add.c to use it
  rather than just replacing existing keys.
* Added comment & trust packets as known but ignored types.
* Added storage of uids to Postgres backend; this speeds up verbose indexing
  and will also allow searching on UIDs.
* Fixed bug in armor handling (didn't like 2 newlines before the armor header).
* Made dearmor gracefully handle non armored input.
* Added support for incoming incremental update mails.
* Added searching on uids to lookup & keydb_pg.
* Changed Postgres backend to use 64 bit keyids instead of 32 bit.
* Made dearmor ignore CRs when looking for 2 blank lines.

0.0.3 - 2nd July 2002

* Added index on keyid for key table in Postgres backend.
* Twiddled transaction support in an attempt to speed up mass key adding.
* Changed putchar_func to take a character count rather than doing one char at
  a time (massive speed up in Postgres case).
* Introduced onak binary for general keyserver operations.
* Changed all version number references to use VERSION macro.
* Made lldel free the unused list structure. (pointed out by Simon Huggins)
* Made llfind assert that the cmp function is non NULL. (Simon Huggins again)
* Fixed gpgwww; after the move to 64bit keyids internally it was trying to
  compare the 32bit user supplied keyid to the retrieved 64bit one and never
  finding paths.
* Various tidying up I've forgotten.
* Fixed bug with removing signed packets while merging.
* Fixed bug with potentially adding an already existing uid to a key when
  merging.
* Fixed stupid typo bug in merging keys.

0.0.4 - 10th November 2002

* Made keydb_file backend compile again.
* Changed merging to compare signature keyids rather than packet contents
  so we don't add the same signature multiple times.
* Changed keydb_pg backend over to using PQescapeString to escape SQL data.
* Added list of keyids in a path to gpgwww output (suitable for C&P into
  a gnupg command line for example).
* Pulled out HTML start/end code to getcgi.c and added a DOCTYPE and charset
  of utf8.
* Did some work on getting onak-mail.pl to output incrementals as well as
  receiving them.
* Some cleanup in getting signature keyids.
* Made sure we freed more things after we've finished with them.
* Changed maxpath to display the path found.
* Added use of onak_sigs to keydb_pg to speed up retrieval of key sigs. Should
  speed up the pathfinder a lot.
* Added llfree for freeing up linked lists.
* Wrote DB3 backend; although much work is still needed it vastly outperforms
  the PostgreSQL backend and should hopefully not suffer from the problems of
  the DB2 implementation.

0.1.0 - 13th November 2002

* Code cleanup; pull out common character functions.
* Make DB3 backend support proper searching.
* Added config file.
* Fixed ASCII armor bug (we'd output NULLs in the headers/footer).
* Added bidirectional syncing (previously we could receive but wouldn't send).

0.1.1 - 2nd December 2002

* Fixed utf8 content type - should be UTF-8. (Thanks to Simon Huggins)
* Made getfullkeyid not assert if the key isn't found. (Thanks to Simon 
  Huggins for reporting this.)
* Fixed onak-mail.pl to check the stdout of onak before stderr to prevent
  blocking when reading the output update.
* Used ccmalloc to find various memory leaks and fixed them.
* Added display of key subkeys.
* Tightened up table creation SQL a bit.
* Fixed bug with merging keys that have no new content (we'd sometimes stop
  processing the incoming stream of keys).
* Updated README to be a bit more useful.
* Code cleanup; removed circular dependencies.
* Added sixdegrees.

0.1.2 - 15th February 2003

* Added fingerprint calculation/display.
* Cleanup sixdegrees binary/object file on make clean.
* Introduced transaction support to DB3 backend, along with deadlock detection.
* Added keydb dumping ability.
* Added logging infrastructure to help more easily track down problems.

0.2.0 - 8th June 2003

* Output multiple paths in gpgwww (thanks to Simon Huggins).
* Allow a keyid on the command line for sixdegrees (Simon Huggins).
* Make db2 backend check for a num_keydb file to know how many db files to use.
* Add 0x to generated URLs as pks needs these.
* Add "Find Reverse Path" link to gpgwww output.
* Checkpoint the db3 database upon clean exit.
* Fix bug with logging where the month was one less than it should have been.
* Fall back to stderr if we can't open the logfile.
* Move dependancy list from Makefile to separate file.
* Checkpoint the DB on clean shutdown.
* First cut at MRHKP support.
* Clean up various compile warnings under gcc 3.3
* Log a critical error when we can't handle a critical subpacket rather than
  asserting.
* Make the Postgres backend compile again.
* First attempt at supporting revoked keys.

0.2.1 - 11th October 2003

* Added support for multiple backend DB3 key files.
* Fixed DB3 database dumping to be outside a transaction (otherwise the
  transaction is too big and we run out of memory).
* Change over onak-mail.pl to use the config file more.
* Fix bug where we always read one byte from stdin in rather than allowing
  zero.
* Tightened up error checking in a couple of places to allow proper DB cleanup.
* Changed a printf error message over to using logthing.
* Allow read_openpgp_stream to append to an existing packet list.
* Tidy up various character functions into charfuncs.c
* Add splitkeys for spliting up keyrings.
* Various code cleanups to help reduce warnings under C99.
* Add (verbose) index support to onak-mail.pl

0.3.0 - 14th September 2004

* Add the ability to choose a config file at runtime.
* Fix extra LF when the last line of the key is a full line.
* Relax restriction on Type 2/3 keys being RSA - log the fact, but don't error.
* Stop trying to parse a key if we get an unexpected character.
* Make onak-mail.pl only run a single copy of onak at a time.
* Add photoid support; lookup and onak both use this.
* Move db3 backend to db4.
* Move db4 backend to 64bit keyids.
* Add keyfs backend. (Daniel Silverstone)
* Pull MD5/SHA1 implementations from sigcheck as they're more portable.
* Add readonly open mode for DB backends if we're not going to add keys.
* Log assertions before exiting.
* Add man pages for onak and splitkeys.
* autoconf; very basic at present - endianness and file paths.
* Clean up various compiler and preprocessor warnings. With --std=c99 and
  -D_BSD_SOURCE=1 we should be almost warning free.
* Fix gpg --search support (it doesn't like uid/sub at the start of the index
  lines).
* Let gpgwww return all the key data for the keys listed in the paths. Thanks
  to Ian Haywood <ihaywood@gnu.org>.
* Add support for searching on subkeys.
* Fix writing packets that are larger than 8k.
* Fix bug with reading new format packet lengths.
* Relax some assertions in mem.c as we can hit them legitimately.
* Initial key cleaning routines; de-dupe key uids.
* Add loglevel setting in the configuration file.
* Add logging for the various CGI interfaces.
* Add stripkey from Daniel Silverstone.
* Add signal catching infrastructure; this is primarily due to db4's fragile
  behaviour in the face of abnormal termination.
* Add Apache2 example config info.
* Update mathopd example config to newer version.

0.3.1 - 23rd October 2004

* Add onak-mail.pl man page (Debian bug #276879)
* Add links to HTML index output. (Debian bug #275227)
* Speed up fetch_key_text (use of lladdend/sorted keyid array).
* Cleanup db4 properly if we fail to open it.
* Change buffer_put/fetchchar functions to use memcpy (speed up).
* Add key iteration functionality to keydb backends.
* Move dumpdb to iterate_keys.
* Add keyd backend (persistant database access over Unix socket)
* Cleanup logging in sixdegrees.c
* Fix maxpath to initialise the logging infrastructure.
* Fix sixdegrees to initialise the logging infrastructure.
* Fix transaction around id32 updating in DB4 backend.
* Compile warning cleanup; add missed include file.
* Hard error when db version is < 4.

0.3.2 - 25th March 2005

* Change word split routine to split on punctuation/spaces. (Jason Harris)
* Fix problem parsing empty config lines. (Thanks to Fred Strauss)
* Do some checking before closing stderr in add.c. Fixes an issue seen in
  RH by Fred Strauss.
* Make sure we use the configured path to the MTA in sendsync.c
* Support UID revokations. Thanks to Hanna Wallach for reporting this.

0.3.3 - 4th March 2007

* Make onak-mail sequentially processes requests.
* Fix db4 memory leak.
* Add support for dynamic loading of backends.
* Use 64bit key ids for HTML keyindex links and support these in lookup.
* Add support for ADD to onak-mail.
* Fix replyto address bug in onak-mail.
* Gracefully fail when we can't open a db4 db.
* Fix assumption that a signature on a public key is a revocation.
* Document test keys.
* Check signature time as well as keyid for key merges.

0.3.4 - 29th December 2007

* Fix dynamic backends bug involving passing the config to the backend.
* Add an install target to the Makefile.
* Add a man page for keyd. 

0.3.5 - 16th January 2008

* Fix dumb mistake with db4 backend. Serves me right for testing with
  the file one.

0.3.6 - 7th June 2008

* Make key addition success text more like SKS/PKS. (Thanks to Timothy Legge)
* Allow the use of search text for gets, rather than just keyids. ""
* Fix fetching key by text bug in db4 backend (we'd fetch too many keys).
* Fix lookup display for more than one photo id. (Thanks to Philippe Teuwen)
* "Recognize" some extra critical subpacket types.
* Add support for upgrading db4 DBs built with older DB4 version.
* Various minor code cleanups.

0.3.7 - 2nd June 2009

* Escape colons and similar in MRHKP output. (Debian bug #487284)
* Add support for displaying Elgamal encrypt or sign keys. (deprecated)
* Ensure DB4 backend dbconns memory is initialised to zero.
* Open DB read only for onak lookup function.
* Obey binary flag for "onak get".

0.3.8 - 29th December 2009

* Fix "onak dump" to actually generate multiple output files.
* Limit key dump files to 100,000 keys for "onak dump".
* Correct formatting of some places we output a keyid. (Debian bug #540196)
* Don't add a key to the stats hash if it doesn't have any sigs. (Debian bug
  #542187)
* Change PostgreSQL backend to use PQescapeStringConn
* Fix PostgreSQL backend key iteration

0.4.0 - 19th April 2011

* Fix delete_key function in keyd backend
* Send close command when cleaning up keyd backend
* Actually close the socket in keyd/the keyd backend
* Update the copy of my key to my 4096R one
* Update maxpath/sixdegrees to my "new" RSA key
* Add -c option to specify keyd config file on command line
* Make keyd background itself by default
* Add use_keyd config file option to select keyd as the backend
* Clean up remaining uses of %llX for printing keyids
* Fix fs backend compilation/linking
* Configure db4 locks according to maxkeys and actually check maxkeys
* Explicitly use 32 bits for keyd socket commands
* Log when we're doing a clean keyd shutdown
* Add help text for keyd
* Add keydctl for talking to keyd backend
* Add the bzr version number to non release builds
* Allow db4 backend to compile with later versions of Berkeley DB
* Add a stats command to keyd
* Clean up use of PATH_MAX in keydb_fs.c
* Output details of key search after retrieval for pks/lookup

0.4.1 - 24th April 2012

* Add basic testing infrastructure + initial tests
* Change fd_write to use fwrite instead of fputc
* Fix buffer_getchar to only error if we'd exceed the buffer size
* Add support for calculating SKS style key hashes
* Add support for key retrieval by SKS hash
* Add support for displaying/retrieving by SKS hash to lookup and onak CLI
* Add /pks/hashquery
* Cleanup lookup/gpgwww trailers
* Define OpenPGP constants and use them rather than magic numbers
* Clean up file header copyrights
* Add some more subpacket types to the list to ignore
* Clean up "set but not used" GCC warnings
* Use nettle for hashing when available rather than internal MD5/SHA1 routines
* Add AC_PROG_CC_C99 to configure.ac
* Fix display of SHA-1 fingerprints
* Always put a leading 0x on keyids in HTML output links
* Allow retrieval of key by full fingerprint
* Add keyid to DB4 backend deletion error messages

0.4.2 - 1st October 2013

* Add support for RIPEMD160, SHA224, SHA384 & SHA512 when available
* Fix stripkeys to output all the keys at the end rather as it goes along
* Add support for checking signature hashes
* Use Doxygen for some initial code documentation generation
* Cleanup code in preparation for a separate libonak for general PGP bits
* Prevent read_openpgp_stream from returning empty packages + causing crashes
* Allow maxpath + splitkeys to take a -c option to specify the config file
* Add wotsap tool to generate data files for wotsap
* Add HKP backend to allow onak to be used as a proxying keyserver

0.4.3 - 30th September 2014

* Set our user agent in the HKP backend
* Allow keyd to serve multiple clients at once
* Improve HKP backend URL parsing, adding support for HKPS
* Add support for a user specific config file for onak binary
* Make wotsap output tool ignore revoked keys
* Add support for old Elgamal v3 key IDs
* Add support for displaying EC/ECDSA key types + sizes
* Extend database backends to support key fetching by fingerprint
* Remove legacy pksd compatible DB2 backend
* Add SHA1x hash support
* Ignore X509 signatures for signature hash checking
* Code cleanups for issues found using scan-build (llvm) + valgrind
* Extend tests to include retrieval by subkey ID
* Switch DB4 backend to using key fingerprint as primary index
* Sanity check signature data lengths
* Add support for systemd socket activation

0.4.4 - 30th September 2014

* Fix key ID lookups using onak CLI tool on 32 bit platforms

0.4.5 - 3rd October 2014

* Fix for detecting systemd socket support with more recent versions of systemd

0.4.6 - 25th August 2015

* Add additional ECC OIDs (Ed25519/Brainpool/secp256k1/Curve25519)
* Re-order linking for backend plugins to cope with ld --as-needed
* Add de-duplication of subkeys on a key
* Add support for displaying EDDSA keys (type 22)
* Add config file option to specify keyd socket directory

0.5.0 - 28th August 2016

* Use mail_dir for the incoming mail lock file
* Switch to .ini style config file
* Add dumpconfig command to dump running config in .ini format
* Add stacked backend
* Include statistics for fetch by SKS hash in 'keydctl status'
* Pull key updates into keyd protocol rather than using delete/store
* Various robustness cleanups from American Fuzzy Lop testing

0.6.0 - 13th September 2020

* Move to CMake over autoconf
* Add support for issuer fingerprint subpackets
* Add experimental support for v5 keys
* Add read-only OpenPGP keyring backed DB backend
* Move various bits into their own subdirectories in the source tree
* Add support for full signature verification
* Drop v3 keys by default when cleaning keys
* Various code cleanups
* Implement pieces of draft-dkg-openpgp-abuse-resistant-keystore-03
* Add support for a fingerprint blacklist (e.g. Evil32)
* Deprecate the .conf configuration file format
* Drop version info from armored output
* Add option to deny new keys and only allow updates to existing keys
* Various pieces of work removing support for 32 bit key IDs and coping
  with colliding 64 bit key IDs.
* Remove support for libnettle versions that lack the full SHA2 suite

0.6.1 - 13th September 2020

* Fixes for compilation without nettle + with later releases of nettle

0.6.2 - 27th November 2022

* Don't take creation time from unhashed subpackets
* Fix ECDSA/SHA1 signature check
* Fix handling of other signature requirement
* Fix deletion of keys with PostgreSQL backend
* Add support for verifying v3 signature packets

0.6.3 - 26th September 2023

* Fix systemd detection + socket activation
* Add CMake checking for Berkeley DB
* Minor improvements to keyd logging
* Fix decoding of signature creation time
* Relax version check on parsing signature + key packets
* Improve HTML escaping
* Handle failed database initialisation more gracefully
* Fix bug with EDDSA signatures with top 8+ bits unset

0.6.3 - 7th September 2025

* Fix building with CMake 4.0
* Fixes for building with GCC 15
* Rename keyd(ctl) to onak-keyd(ctl)