For general information about the keyserver, visit . ***** Changes since version 0.9.6 - Added IPv6 support. - Added support for binding to multiple sockets. - Removed pgpdump. (A more widely-used and frequently updated pgpdump application is available at: http://pgp.iijlab.net/pgpdump.html) - Ported cryptographic code (MD5 and SHA-1 hashing) to use OpenSSL. - Began adding X.509 support. (Currently, self-signed X.509 certificates are displayed as if they were an OpenPGP self-signature.) - Ported to the db4 backend. - More and better autoconf usage. (This is more bloated now, though.) - Added chroot() jail support. - Added setuid/setgid support. - Added several contributed scripts and other files. ***** Changes in version 0.9.6 - A new machine-readable format exists for easy parsing by GPG, et al. - Lots of bug squashing, documentation updates, etc. - Temporary fixes for corruption that occurs with subkeys. (The packets are dropped instead of being added in a corrupt format.) READ THE FILE "UPGRADING" FOR INFORMATION ON UPGRADING TO 0.9.6!!! ***** Changes in version 0.9.5 - Allow 16-digit and 40-digit keyids/fingerprints. Currently only the low 8 digits are used, but this should smooth a transition to a future pksd that allows long keyid or fingerprint searches. - Nickolai Zeldovich's fix for garbage mixed in with large keys. - Add missing transaction hooks (patch2) - Make checkpoint code retry if necessary (patch2) - Change the way memory is allocated in some places to reduce the number of extra calls to malloc and free (patch2) - Fix a bug in db 2.7.5 which causes db_recover to fail under some circumstances. (patch2) - Stopped flooding caused by multiple revokation certs (flood.patch) - In kd_search, fixed bug in using maxid when keyid not found (kdsearch_error.patch) - WWW key submissions disabled by default (JHPatch1) - nicer formatting of SHA-1 fingerprints (JHPatch1) - pksdctl() usage page improvements (JHPatch1) - manual page improvements (JHPatch1) - Fixed buffer overflow from long arguments to search in HDP requests, as mentioned on bugtraq (kd_search by Jason Harris) - Fixed problem of randomly not sending updated sigs to syncsites due to improperly initialized memory. (patch_pf20020615) - Added compile-time support for X509 recognition (x509.patch) - Fixed makefiles to more support rpm build roots (pks-bldroot.patch) - Changed install to put db2 in own subdir (pks-db2-install.patch) - Added libwrap support (pks-libwrap.patch) - Added sample init script (pks-rc.patch) - Beautified some of the web output (pks-beauty.patch) - Fixed a buffer overflow (from Teun Nijssen's source tree) - Client connection aborts are now handled properly on newer versions of Solaris (from Teun Nijssen's source tree - original change by Xander Jansen of SURFnet) - Added checkpointing after so many transactions. (patch3) - Added more logging to kvcv.c (patch3) - Added some messages regarding the non-support of X.509. (patch3) - Added max_last_reply_keys configuration option (patch3) - The spec file was radically updated for the upcoming pks-0.9.5rc1. o The database is now stored in /var/lib/pks instead of /home/keyserver o The PREFIX is now /usr instead of /usr/local o For more details, see the %changelog that is within the spec file. ***** Changes in version 0.9.4 - Converted to Sleepycat Software Berkeley DB version 2.7.5. - mmap()d input files instead of reading them when possible. - The database may be split into multiple smaller files. - When a key does not parse, return a soft error to the user and continue processing the input keyblock. - When extending lists in the database, do so in chunks, rather than one entry at a time. This improves performance when adding keys. - Allow the administrator to limit the maximum duration of the LAST mail server command. - Allow the administrator to limit the number of keys returned by index, verbose index, get, and last requests. - Use the log, lock, and transaction features of Berkeley DB. ***** Changes in version 0.9.2 - Added support for pgp 5's DSA and ElGamal keys. - Added support to short-circuit the normal output paths in pksclient, and instead output indexes and binary keys directly to stdout. This saves a lot of virtual memory. - Removed many gmake-isms from the Makefile. - In the index pages from the web server, links in the User ID look up by KeyID instead of name, to eliminate ambiguity. - Fixed defunct process leak on some platforms, notably solaris. - Check for and, if necessary, use bsd4.2/ultrix 2-argument openlog. - The help files now must have a (possibly empty) MIME header block. This allows help files to use non-ascii character sets. - keyrings returned by the mail server have content-type application/pgp-keys, as per rfc2015. - fixed a double-memory-free. - pksd is more careful about shutting down cleanly when it receives a non-fatal signal (INT, QUIT, HUP, TERM).