Source release 16.4.0

CHANGELOG.md

@@ -2,6 +2,134 @@
 
 [TOC]
 
+## 16.4.0 (2020-10-09)
+
+Features:
+  - The included version of the ODK has been updated to v16.4. CE CDM 16.4.0 is
+    required to take advantage of the changes in ODK v16.4.
+    - New OEMCrypto tests have been added to test whether OEMCrypto correctly
+      handles huge buffer size edge cases.
+  - The warning and error flags used by the example `x86-64` platform have been
+    significantly revamped with the goal of greater strictness and better GCC
+    compatibility. As always, these flags are strict to help Widevine detect and
+    debug problems and may not be the best for your platform, particularly on
+    debug builds. You should always use the flags that are best for your
+    platform.
+    - As part of this, the sample `x86-64` platform now enables [ASan][asan] and
+      [UBSan][ubsan] on debug builds. These have a significant memory and
+      performance impact. Feel free to not enable ASan and UBSan if your
+      platform does not support them or if their memory and performance impact
+      are unacceptable to you. The sample `x86-64` platform does not enable ASan
+      or UBSan for release builds.
+    - To maximize the benefit of UBSan, the sample `x86-64` platform now turns
+      on RTTI for debug builds. The Widvine CE CDM does not use RTTI and will
+      still build correctly without it. Feel free to turn it off if your
+      platform does not support RTTI. The sample `x86-64` platform turns off
+      RTTI for release builds.
+  - Several changes have been made to how `build.py` handles build
+    configurations. (e.g. "debug" builds vs. "release" builds)
+    - Previous CE CDM releases assumed that the platform's `settings.gypi` file
+      would define, at a minimum, build configurations called `Debug` and
+      `Release`. This requirement was undocumented, but failing to define them —
+      even if your platform did not need them — would result in build failures.
+      `build.py` has been reworked to not make any assumptions about what build
+      configurations the platform defines. You are now free to define any build
+      configuration names you like.
+    - The example debug build configuration is now named `debug`. (all
+      lowercase)
+    - The example release build configuration is now named `release`. (all
+      lowercase)
+    - The `build.py` script now requires that callers explicitly indicate which
+      build flavor they would like to build. There are three ways to do this:
+      - The `--config` flag allows you to specify any build configuration that
+        you have defined in your platform's `settings.gypi` file.
+      - `--debug` is a shorthand for `--config debug`.
+      - `--release` is a shorthand for `--config release`.
+  - License renewals are now tested against both the original licensing service
+    and the service specified in the license.
+
+[asan]: https://github.com/google/sanitizers/wiki/AddressSanitizer
+[ubsan]: https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html
+
+Dependency Updates:
+  - The bundled version of Protobuf has been updated to [v3.12.4][proto-3.12.4].
+    Note that, as before, Widevine CE CDM will work with any version of Protobuf
+    back to 2.6. However, we provide the version of Protobuf that we test with
+    internally as a default.
+    - This copy of Protobuf has been patched with Protobuf
+      [pull request #7428][proto-pr-7428], which is necessary to let Protobuf
+      3.12.4 build when RTTI is disabled.
+
+[proto-3.12.4]: https://github.com/protocolbuffers/protobuf/releases/tag/v3.12.4
+[proto-pr-7428]: https://github.com/protocolbuffers/protobuf/pull/7428
+
+Bugfixes:
+  - Fixed issues preventing several offline license use cases from working on
+    devices that do not support usage tables.
+    - If your device does not support usage tables, you *must* use CE CDM 16.4
+      and ODK v16.4 to properly support offline licenses and license expiry.
+      Older 16.x releases will not work.
+    - We consider usage tables a standard feature, and not supporting them is an
+      exception. Usage tables are used to save playback times for offline
+      licenses and are needed to support several use cases that restrict
+      playback duration. They are also used to support secure stops, which are
+      used by several major content providers. If your device does not support
+      usage tables but expects to support offline license, please talk to your
+      Widevine TAM so that we may understand what is blocking this support.
+      OEMCrypto is planning to make usage table support mandatory in a
+      future release.
+  - Fixed issues that could occur if the device reports it has unlimited usage
+    table capacity.
+  - Fixed an issue where nonce-free licenses with nonzero durations would not
+    expire/renew correctly.
+  - Fixed an issue where offline licenses with offline renewals would either
+    fail to load or load correctly but send multiple state change messages to
+    the app.
+  - The enums exported by the CE CDM API in `cdm/include/cdm.h` now have defined
+    backing types. This helps avoid some benign undefined behavior.
+  - Fixed a crash that could occur when using OpenSSL with the CE CDM.
+  - Fixed some missing header errors when compiling the CE CDM with OpenSSL
+    instead of BoringSSL.
+  - Fixed several issues in the OEMCrypto unit tests that were erroneously
+    requiring OEMCrypto to hold onto the session key longer than required by the
+    OEMCrypto specification.
+    - An issue where tests would sometimes derive keys from the session key
+      twice.
+    - An issue where tests were deriving keys from the session key too early.
+  - Fixed an issue where the OEMCrypto unit tests were asking OEMCrypto to read
+    past the end of a buffer.
+  - Fixed an issue where the CDM would not allow a license to be loaded and
+    restored in the same session.
+  - The OEMCrypto Reference Implementation now has more stringent
+    bounds-checking in some places.
+  - Fixed an issue where the `TimeRollbackPrevention` tests would fail on some
+    devices.
+  - Fixed an issue where the metrics unit tests could fail if the device uses
+    Provisioning 3.0.
+  - Fixed an issue where the OEMCrypto unit tests would not respond correctly if
+    if the RSA key failed to load.
+  - Fixed many places where the wrong format string was being used to format
+    log messages. Format strings are now checked at compile-time on the sample
+    `x86-64` platform.
+  - The `build.py` script will no longer write `.pyc` files to the filesystem.
+  - Fixed an error that would occur on devices that return
+    `OEMCrypto_ERROR_NOT_IMPLEMENTED` from `OEMCrypto_SupportsDecryptHash()`.
+  - Fixed an issue where expiry of the renewal delay was not accurately
+    detected when using some OEMCrypto v16 implementations.
+  - Fixed an issue where debug symbols were sometimes turned on for third-party
+    code even when they were turned off otherwise.
+  - Fixed several issues in the OEMCrypto Reference Implementation where it
+    would crash or behave incorrectly when given huge enough buffers.
+  - Fixed an error when trying to do key rotation with a `kTemporary` session
+    with licenses from an upcoming license server release.
+  - Fixed a rare bug where certain usage table entries could not be reloaded if
+    other entries were created and loaded in a certain order.
+  - The CDM will now correctly treat devices with only local displays as having
+    no SRM version.
+  - Fixed some typos in `OEMCryptoCENC.h` and the OEMCrypto tests.
+  - The help text for the flags in `build.py` has been improved and clarified.
+  - The header comments in `OEMCryptoCENC.h` have had some minor revision.
+
 ## 16.3.0 (2020-07-24)
 
 Features: