oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Update NEWS

Browse Source
This commit is contained in:
Viktor Dukhovni
2016-12-21 23:51:16 +00:00
parent f1bc9f2ff9
commit 8645828040
1 changed files with 57 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
NEWS
View File

@@ -1,15 +1,23 @@
Release Notes - Heimdal - Version Heimdal 1.6 Release Notes - Heimdal - Version Heimdal 7.1
Security Security
- ...
- kx509 realm-chopping security bug - kx509 realm-chopping security bug
- non-authorization of alias additions/removals in kadmind - non-authorization of alias additions/removals in kadmind
(CVE-2016-2400)
Feature Feature
- iprop has been revamped to fix a number of race conditions that could
lead to inconsistent replication
- Hierarchical capath support
- AES Encryption with HMAC-SHA2 for Kerberos 5
draft-ietf-kitten-aes-cts-hmac-sha2-11
- hcrypto is now thread safe on all platforms
- libhcrypto has new backends: CNG (Windows), PKCS#11 (mainly for - libhcrypto has new backends: CNG (Windows), PKCS#11 (mainly for
Solaris), and OpenSSL. OpenSSL is now a first-class libhcrypto backend. Solaris), and OpenSSL. OpenSSL is now a first-class libhcrypto backend.
OpenSSL 1.0.x and 1.1 are both supported. OpenSSL 1.0.x and 1.1 are both supported. AES-NI used when supported by
backend
- HDB now supports LMDB - HDB now supports LMDB
- Thread support on Windows - Thread support on Windows
- RFC 6113 Generalized Framework for Kerberos Pre-Authentication (FAST) - RFC 6113 Generalized Framework for Kerberos Pre-Authentication (FAST)
@@ -21,10 +29,10 @@ Release Notes - Heimdal - Version Heimdal 1.6
- asn1_compile 64-bit INTEGER functionality - asn1_compile 64-bit INTEGER functionality
- HDB key history support including --keepold kadmin password option - HDB key history support including --keepold kadmin password option
- Improved cross-realm key rollover safety - Improved cross-realm key rollover safety
- New krb5_kuserok() plug-in interface - New krb5_kuserok() and krb5_aname_to_localname() plug-in interfaces
- Improved MIT compatibility - Improved MIT compatibility
. kadm5 API . kadm5 API
. Migration from MIT KDB via "mitdb" HDB backend. . Migration from MIT KDB via "mitdb" HDB backend
. Capable of writing the HDB in MIT dump format . Capable of writing the HDB in MIT dump format
- Improved Active Directory interoperability - Improved Active Directory interoperability
. Enctype selection issues for PAC and other authz-data signatures . Enctype selection issues for PAC and other authz-data signatures
@@ -34,6 +42,8 @@ Release Notes - Heimdal - Version Heimdal 1.6
. svc-use-strongest-session-key . svc-use-strongest-session-key
. preauth-use-strongest-session-key . preauth-use-strongest-session-key
. use-strongest-server-key . use-strongest-server-key
- The KDC process now uses a multi-process model improving
resiliency and performance
- Allow batch-mode kinit with password file - Allow batch-mode kinit with password file
- SIGINFO support added to kinit cmd - SIGINFO support added to kinit cmd
- New kx509 configuration options: - New kx509 configuration options:
@@ -44,6 +54,8 @@ Release Notes - Heimdal - Version Heimdal 1.6
- Improved Heimdal library/plugin version safety - Improved Heimdal library/plugin version safety
- Name canonicalization - Name canonicalization
. DNS resolver searchlist . DNS resolver searchlist
. Improved referral support
. Support host:port host-based services
- Pluggable libheimbase interface for DBs - Pluggable libheimbase interface for DBs
- Improve IPv6 Support - Improve IPv6 Support
- LDAP - LDAP
@@ -51,6 +63,17 @@ Release Notes - Heimdal - Version Heimdal 1.6
. Start TLS . Start TLS
- klist --json - klist --json
- DIR credential cache type - DIR credential cache type
- Updated upstream SQLite and libedit
- Removed legacy applications: ftp, kx, login, popper, push, rcp, rsh,
telnet, xnlock
- Completely remove RAND_egd support
- Moved kadmin and ktutil to /usr/bin
- Stricter fcache checks (see fcache_strict_checking krb5.conf setting)
. use O_NOFOLLOW
. don't follow symlinks
. require cache files to be owned by the user
. require sensible permissions (not group/other readable)
- Implemented gss_store_cred()
- Many more - Many more
Bug fixes Bug fixes
@@ -67,27 +90,44 @@ Release Notes - Heimdal - Version Heimdal 1.6
- Plugins are now preferentially loaded from the run-time install tree - Plugins are now preferentially loaded from the run-time install tree
- Reauthentication after password change in init_creds_password - Reauthentication after password change in init_creds_password
- Memory leak in the client kadmin library - Memory leak in the client kadmin library
- TGS client requests renewable/forwardable/proxiable when possible. - TGS client requests renewable/forwardable/proxiable when possible
- Locking issues in DB1 and DB3 HDB backends - Locking issues in DB1 and DB3 HDB backends
- Master HDB can remain locked while waiting for network I/O - Master HDB can remain locked while waiting for network I/O
- Renewal/refresh logic when kinit is provided with a command - Renewal/refresh logic when kinit is provided with a command
- KDC handling of enterprise principals - KDC handling of enterprise principals
- Use correct bit for anon-pkinit
- Many more - Many more
Acknowledgements Acknowledgements
This release of Heimdal includes contributions from: This release of Heimdal includes contributions from:
Andrew Bartlett, Andrew Tridgell, Arran Cudbard-Bell, Arvid Requate,
Ben Kaduk, Dana Koch, Daniel Schepler, Eray Aslan, Fredrik Pettai, Abhinav Upadhyay Heath Kehoe Nico Williams
Gustavo Zacarias, Harald Barth, Howard Chu, Igor Sobrado, Ingo Schwarze, Andreas Schneider Henry Jacques Patrik Lundin
James Le Cuirot, James Lee, Jeffrey Altman, Jeffrey Clark, Jeffrey Hutzelman, Andrew Bartlett Howard Chu Philip Boulain
Jelmer Vernooij, Ken Dreyer, Kumar Thangavelu, Landon Fuller, Linus Nordberg, Andrew Tridgell Igor Sobrado Ragnar Sundblad
Love Hörnquist Åstrand, Luke Howard, Magnus Ahltorp, Marco Molteni, Antoine Jacoutot Ingo Schwarze Remi Ferrand
Michael Meffie, Moritz Lenz, Nico Williams, Nicolas Williams, Patrik Lundin, Arran Cudbard-Bell Jakub Čajka Rod Widdowson
Philip Boulain, Ragnar Sundblad, Rod Widdowson, Roland C. Dowdeswell, Arvid Requate James Le Cuirot Rok Papež
Ross L Richardson, Russ Allbery, Samuel Thibault, Simon Wilkinson, Asanka Herath James Lee Roland C. Dowdeswell
Stef Walter, Stefan Metzmacher, Steffen Jaeckel, Tollef Fog Heen, Tony Acero, Ben Kaduk Jeffrey Altman Ross L Richardson
Viktor Dukhovni Benjamin Kaduk Jeffrey Clark Russ Allbery
Bernard Spil Jeffrey Hutzelman Samuel Cabrero
Brian May Jelmer Vernooij Samuel Thibault
Chas Williams Ken Dreyer Santosh Kumar Pradhan
Chaskiel Grundman Kiran S J Sean Davis
Dana Koch Kumar Thangavelu Sergio Gelato
Daniel Schepler Landon Fuller Simon Wilkinson
David Mulder Linus Nordberg Stef Walter
Douglas Bagnall Love Hörnquist Åstrand Stefan Metzmacher
Ed Maste Luke Howard Steffen Jaeckel
Eray Aslan Magnus Ahltorp Timothy Pearson
Florian Best Marc Balmer Tollef Fog Heen
Fredrik Pettai Marcin Cieślak Tony Acero
Greg Hudson Marco Molteni Uri Simchoni
Gustavo Zacarias Matthieu Hautreux Viktor Dukhovni
Günther Deschner Michael Meffie Volker Lendecke
Harald Barth Moritz Lenz
Release Notes - Heimdal - Version Heimdal 1.5.3 Release Notes - Heimdal - Version Heimdal 1.5.3