oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Update NEWS

Browse Source
This commit is contained in:
Viktor Dukhovni
2016-12-21 23:51:16 +00:00
parent f1bc9f2ff9
commit 8645828040
1 changed files with 57 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
NEWS
View File

@@ -1,15 +1,23 @@
Release Notes - Heimdal - Version Heimdal 1.6
Release Notes - Heimdal - Version Heimdal 7.1
Security
- ...
- kx509 realm-chopping security bug
- non-authorization of alias additions/removals in kadmind
(CVE-2016-2400)
Feature
- iprop has been revamped to fix a number of race conditions that could
lead to inconsistent replication
- Hierarchical capath support
- AES Encryption with HMAC-SHA2 for Kerberos 5
draft-ietf-kitten-aes-cts-hmac-sha2-11
- hcrypto is now thread safe on all platforms
- libhcrypto has new backends: CNG (Windows), PKCS#11 (mainly for
Solaris), and OpenSSL. OpenSSL is now a first-class libhcrypto backend.
OpenSSL 1.0.x and 1.1 are both supported.
OpenSSL 1.0.x and 1.1 are both supported. AES-NI used when supported by
backend
- HDB now supports LMDB
- Thread support on Windows
- RFC 6113 Generalized Framework for Kerberos Pre-Authentication (FAST)
@@ -21,10 +29,10 @@ Release Notes - Heimdal - Version Heimdal 1.6
- asn1_compile 64-bit INTEGER functionality
- HDB key history support including --keepold kadmin password option
- Improved cross-realm key rollover safety
- New krb5_kuserok() plug-in interface
- New krb5_kuserok() and krb5_aname_to_localname() plug-in interfaces
- Improved MIT compatibility
. kadm5 API
. Migration from MIT KDB via "mitdb" HDB backend.
. Migration from MIT KDB via "mitdb" HDB backend
. Capable of writing the HDB in MIT dump format
- Improved Active Directory interoperability
. Enctype selection issues for PAC and other authz-data signatures
@@ -34,6 +42,8 @@ Release Notes - Heimdal - Version Heimdal 1.6
. svc-use-strongest-session-key
. preauth-use-strongest-session-key
. use-strongest-server-key
- The KDC process now uses a multi-process model improving
resiliency and performance
- Allow batch-mode kinit with password file
- SIGINFO support added to kinit cmd
- New kx509 configuration options:
@@ -44,6 +54,8 @@ Release Notes - Heimdal - Version Heimdal 1.6
- Improved Heimdal library/plugin version safety
- Name canonicalization
. DNS resolver searchlist
. Improved referral support
. Support host:port host-based services
- Pluggable libheimbase interface for DBs
- Improve IPv6 Support
- LDAP
@@ -51,6 +63,17 @@ Release Notes - Heimdal - Version Heimdal 1.6
. Start TLS
- klist --json
- DIR credential cache type
- Updated upstream SQLite and libedit
- Removed legacy applications: ftp, kx, login, popper, push, rcp, rsh,
telnet, xnlock
- Completely remove RAND_egd support
- Moved kadmin and ktutil to /usr/bin
- Stricter fcache checks (see fcache_strict_checking krb5.conf setting)
. use O_NOFOLLOW
. don't follow symlinks
. require cache files to be owned by the user
. require sensible permissions (not group/other readable)
- Implemented gss_store_cred()
- Many more
Bug fixes
@@ -67,27 +90,44 @@ Release Notes - Heimdal - Version Heimdal 1.6
- Plugins are now preferentially loaded from the run-time install tree
- Reauthentication after password change in init_creds_password
- Memory leak in the client kadmin library
- TGS client requests renewable/forwardable/proxiable when possible.
- TGS client requests renewable/forwardable/proxiable when possible
- Locking issues in DB1 and DB3 HDB backends
- Master HDB can remain locked while waiting for network I/O
- Renewal/refresh logic when kinit is provided with a command
- KDC handling of enterprise principals
- Use correct bit for anon-pkinit
- Many more
Acknowledgements
This release of Heimdal includes contributions from:
Andrew Bartlett, Andrew Tridgell, Arran Cudbard-Bell, Arvid Requate,
Ben Kaduk, Dana Koch, Daniel Schepler, Eray Aslan, Fredrik Pettai,
Gustavo Zacarias, Harald Barth, Howard Chu, Igor Sobrado, Ingo Schwarze,
James Le Cuirot, James Lee, Jeffrey Altman, Jeffrey Clark, Jeffrey Hutzelman,
Jelmer Vernooij, Ken Dreyer, Kumar Thangavelu, Landon Fuller, Linus Nordberg,
Love Hörnquist Åstrand, Luke Howard, Magnus Ahltorp, Marco Molteni,
Michael Meffie, Moritz Lenz, Nico Williams, Nicolas Williams, Patrik Lundin,
Philip Boulain, Ragnar Sundblad, Rod Widdowson, Roland C. Dowdeswell,
Ross L Richardson, Russ Allbery, Samuel Thibault, Simon Wilkinson,
Stef Walter, Stefan Metzmacher, Steffen Jaeckel, Tollef Fog Heen, Tony Acero,
Viktor Dukhovni
Abhinav Upadhyay Heath Kehoe Nico Williams
Andreas Schneider Henry Jacques Patrik Lundin
Andrew Bartlett Howard Chu Philip Boulain
Andrew Tridgell Igor Sobrado Ragnar Sundblad
Antoine Jacoutot Ingo Schwarze Remi Ferrand
Arran Cudbard-Bell Jakub Čajka Rod Widdowson
Arvid Requate James Le Cuirot Rok Papež
Asanka Herath James Lee Roland C. Dowdeswell
Ben Kaduk Jeffrey Altman Ross L Richardson
Benjamin Kaduk Jeffrey Clark Russ Allbery
Bernard Spil Jeffrey Hutzelman Samuel Cabrero
Brian May Jelmer Vernooij Samuel Thibault
Chas Williams Ken Dreyer Santosh Kumar Pradhan
Chaskiel Grundman Kiran S J Sean Davis
Dana Koch Kumar Thangavelu Sergio Gelato
Daniel Schepler Landon Fuller Simon Wilkinson
David Mulder Linus Nordberg Stef Walter
Douglas Bagnall Love Hörnquist Åstrand Stefan Metzmacher
Ed Maste Luke Howard Steffen Jaeckel
Eray Aslan Magnus Ahltorp Timothy Pearson
Florian Best Marc Balmer Tollef Fog Heen
Fredrik Pettai Marcin Cieślak Tony Acero
Greg Hudson Marco Molteni Uri Simchoni
Gustavo Zacarias Matthieu Hautreux Viktor Dukhovni
Günther Deschner Michael Meffie Volker Lendecke
Harald Barth Moritz Lenz
Release Notes - Heimdal - Version Heimdal 1.5.3