diff options
author | dfr <dfr@FreeBSD.org> | 2008-05-07 13:39:42 +0000 |
---|---|---|
committer | dfr <dfr@FreeBSD.org> | 2008-05-07 13:39:42 +0000 |
commit | 52bf09d8197dd1ec84e1ab72684f2058f0eae9e1 (patch) | |
tree | 07a0d6761d1b42410a27e4c7d583b766d6671f80 /crypto/heimdal/NEWS | |
parent | 6c68306921f6e85bce52c905cf2606c25acdb436 (diff) | |
parent | 51b6601db456e699ea5d4843cbc7239ee92d9c13 (diff) | |
download | FreeBSD-src-52bf09d8197dd1ec84e1ab72684f2058f0eae9e1.zip FreeBSD-src-52bf09d8197dd1ec84e1ab72684f2058f0eae9e1.tar.gz |
This commit was generated by cvs2svn to compensate for changes in r178825,
which included commits to RCS files with non-trunk default branches.
Diffstat (limited to 'crypto/heimdal/NEWS')
-rw-r--r-- | crypto/heimdal/NEWS | 177 |
1 files changed, 177 insertions, 0 deletions
diff --git a/crypto/heimdal/NEWS b/crypto/heimdal/NEWS index 262038b..f050427 100644 --- a/crypto/heimdal/NEWS +++ b/crypto/heimdal/NEWS @@ -1,3 +1,180 @@ +Changes in release 1.1 + + * Read-only PKCS11 provider built-in to hx509. + + * Documentation for hx509, hcrypto and ntlm libraries improved. + + * Better compatibilty with Windows 2008 Server pre-releases and Vista. + + * Mac OS X 10.5 support for native credential cache. + + * Provide pkg-config file for Heimdal (heimdal-gssapi.pc). + + * Bug fixes. + +Changes in release 1.0.2 + +* Ubuntu packages. + +* Bug fixes. + +Changes in release 1.0.1 + + * Serveral bug fixes to iprop. + + * Make work on platforms without dlopen. + + * Add RFC3526 modp group14 as default. + + * Handle [kdc] database = { } entries without realm = stanzas. + + * Make krb5_get_renewed_creds work. + + * Make kaserver preauth work again. + + * Bug fixes. + +Changes in release 1.0 + + * Add gss_pseudo_random() for mechglue and krb5. + + * Make session key for the krbtgt be selected by the best encryption + type of the client. + + * Better interoperability with other PK-INIT implementations. + + * Inital support for Mac OS X Keychain for hx509. + + * Alias support for inital ticket requests. + + * Add symbol versioning to selected libraries on platforms that uses + GNU link editor: gssapi, hcrypto, heimntlm, hx509, krb5, and libkdc. + + * New version of imath included in hcrypto. + + * Fix memory leaks. + + * Bugs fixes. + +Changes in release 0.8.1 + + * Make ASN.1 library less paranoid to with regard to NUL in string to + make it inter-operate with MIT Kerberos again. + + * Make GSS-API library work again when using gss_acquire_cred + + * Add symbol versioning to libgssapi when using GNU ld. + + * Fix memory leaks + + * Bugs fixes + +Changes in release 0.8 + + * PK-INIT support. + + * HDB extensions support, used by PK-INIT. + + * New ASN.1 compiler. + + * GSS-API mechglue from FreeBSD. + + * Updated SPNEGO to support RFC4178. + + * Support for Cryptosystem Negotiation Extension (RFC 4537). + + * A new X.509 library (hx509) and related crypto functions. + + * A new ntlm library (heimntlm) and related crypto functions. + + * Updated the built-in crypto library with bignum support using + imath, support for RSA and DH and renamed it to libhcrypto. + + * Subsystem in the KDC, digest, that will perform the digest + operation in the KDC, currently supports: CHAP, MS-CHAP-V2, SASL + DIGEST-MD5 NTLMv1 and NTLMv2. + + * KDC will return the "response too big" error to force TCP retries + for large (default 1400 bytes) UDP replies. This is common for + PK-INIT requests. + + * Libkafs defaults to use 2b tokens. + + * Default to use the API cache on Mac OS X. + + * krb5_kuserok() also checks ~/.k5login.d directory for acl files, + see manpage for krb5_kuserok for description. + + * Many, many, other updates to code and info manual and manual pages. + + * Bug fixes + +Changes in release 0.7.2 + +* Fix security problem in rshd that enable an attacker to overwrite + and change ownership of any file that root could write. + +* Fix a DOS in telnetd. The attacker could force the server to crash + in a NULL de-reference before the user logged in, resulting in inetd + turning telnetd off because it forked too fast. + +* Make gss_acquire_cred(GSS_C_ACCEPT) check that the requested name + exists in the keytab before returning success. This allows servers + to check if its even possible to use GSSAPI. + +* Fix receiving end of token delegation for GSS-API. It still wrongly + uses subkey for sending for compatibility reasons, this will change + in 0.8. + +* telnetd, login and rshd are now more verbose in logging failed and + successful logins. + +* Bug fixes + +Changes in release 0.7.1 + +* Bug fixes + +Changes in release 0.7 + + * Support for KCM, a process based credential cache + + * Support CCAPI credential cache + + * SPNEGO support + + * AES (and the gssapi conterpart, CFX) support + + * Adding new and improve old documentation + + * Bug fixes + +Changes in release 0.6.6 + +* Fix security problem in rshd that enable an attacker to overwrite + and change ownership of any file that root could write. + +* Fix a DOS in telnetd. The attacker could force the server to crash + in a NULL de-reference before the user logged in, resulting in inetd + turning telnetd off because it forked too fast. + +Changes in release 0.6.5 + + * fix vulnerabilities in telnetd + + * unbreak Kerberos 4 and kaserver + +Changes in release 0.6.4 + + * fix vulnerabilities in telnet + + * rshd: encryption without a separate error socket should now work + + * telnet now uses appdefaults for the encrypt and forward/forwardable + settings + + * bug fixes + Changes in release 0.6.3 * fix vulnerabilities in ftpd |