xref: /src/crypto/external/bsd/heimdal/dist/NEWS

Release Notes - Heimdal - Version Heimdal 7.8

 Bug fixes

 - CVE-2022-42898 PAC parse integer overflows

 - CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour

 - CVE-2021-44758 Heimdal KDC: invalid free in ASN.1 codec

    This is a 10.0 on the Common Vulnerability Scoring System (CVSS) v3.

    Heimdal's ASN.1 compiler generates code that allows specially
    crafted DER encodings of CHOICEs to invoke the wrong free function
    on the decoded structure upon decode error.  This is known to impact
    the Heimdal KDC, leading to an invalid free() of an address partly
    or wholly under the control of the attacker, in turn leading to a
    potential remote code execution (RCE) vulnerability.

    This error affects the DER codec for all CHOICE types used in
    Heimdal, though not all cases will be exploitable.  We have not
    completed a thorough analysis of all the Heimdal components
    affected, thus the Kerberos client, the X.509 library, and other
    parts, may be affected as well.

    This bug has been in Heimdal since 2005.  It was first reported by
    Douglas Bagnall, though it had been found independently by the
    Heimdal maintainers via fuzzing.

    While no zero-day exploit is known, such an exploit will likely be
    available soon after public disclosure.

 - Bugs found by UBSAN (including the incorrect encoding of unconstrained
   INTEGER value -1).

 - Errors found by the LLVM scan-build static analyzer.

 - Errors found by the valgrind memory debugger.

 - Work around GCC Bug 95189 (memcmp wrongly stripped like strcmp).

 - Fix Unicode normalization read of 1 bytes past end of array.

 - Correct ASN.1 OID typo for SHA-384

 - Fix a deadlock in in the MEMORY ccache type.

 - TGS: strip forwardable and proxiable flags if the server is
   disallowed.

 - CVE-2019-14870: Validate client attributes in protocol-transition
 - CVE-2019-14870: Apply forwardable policy in protocol-transition
 - CVE-2019-14870: Always lookup impersonate client in DB

 - Incremental HDB propagation improvements

    - Refactor send_diffs making it progressive
    - Handle partial writes on non-blocking sockets
    - Disable Nagle in iprop master and slave
    - Use async I/O
    - Don't send I_HAVE in response to AYT
    - Do not recover log in kadm5_get_principal()
    - Don't send diffs to slaves with not yet known version
    - Don't stutter in send_diffs

 - Optional backwards-compatible anon-pkinit behaviour

Release Notes - Heimdal - Version Heimdal 7.7

 Bug fixes

 - PKCS#11 hcrypto back-end
   . initialize the p11_module_load function list
   . verify that not only is a mechanism present but that its mechanism
     info states that it offers the required encryption, decryption or
     digest services
 - krb5:
   . Starting with 7.6, Heimdal permitted requesting authenticated
     anonymous tickets.  However, it did not verify that a KDC in fact
     returned an anonymous ticket when one was requested.
   - Cease setting the KDCOption reaquest_anonymous flag when issuing
     S4UProxy (constrained delegation) TGS requests.
   . when the Win2K PKINIT compatibility option is set, do
     not require krbtgt otherName to match when validating KDC
     certificate.
   . set PKINIT_BTMM flag per Apple implementation
   . use memset_s() instead of memset()
 - kdc:
   . When generating KRB5SignedPath in the AS, use the reply client name
     rather than the one from the request, so validation will work
     correctly in the TGS.
   . allow checksum of PA-FOR-USER to be HMAC_MD5.  Even if tgt used
     an enctype with a different checksum.  Per [MS-SFU] 2.2.1
     PA-FOR-USER the checksum is always HMAC_MD5, and that's what
     Windows and MIT clients send.

     In heimdal both the client and kdc use instead the
     checksum of the tgt, and therefore work with each other
     but Windows and MIT clients fail against heimdal KDC.

     Both Windows and MIT KDCs would allow any keyed checksum
     to be used so Heimdal client interoperates with them.

     Change Heimdal KDC to allow HMAC_MD5 even for non RC4
     based tgt in order to support per-spec clients.
   . use memset_s() instead of memset().
   - Detect Heimdal 1.0 through 7.6 clients that issue S4UProxy
     (constrained delegation) TGS Requests with the request
     anonymous flag set.  These requests will be treated as
     S4UProxy requests and not anonymous requests.
 - HDB:
   . Set SQLite3 backend default page size to 8KB.
   . Add hdb_set_sync() method
 - kadmind:
   . disable HDB sync during database load avoiding unnecessary disk i/o.
 - ipropd:
   . disable HDB sync during receive_everything.  Doing an fsync
     per-record when receiving the complete HDB is a performance
     disaster.  Among other things, if the HDB is very large, then
     one slave receving a full HDB can cause other slaves to timeout
     and, if HDB write activity is high enough to cause iprop log
     truncation, then also need full syncs, which leads to a cycle of
     full syncs for all slaves until HDB write activity drops.
     Allowing the iprop log to be larger helps, but improving
     receive_everything() performance helps even more.
 - kinit:
   . Anonymous PKINIT tickets discard the realm information used
     to locate the issuing AS. Store the issuing realm in the
     credentials cache in order to locate a KDC which can renew them.
   . Do not leak the result of krb5_cc_get_config() when determining
     anonymous PKINIT start realm.
  - klist:
    . Show transited-policy-checked, ok-as-delegate and anonymous
      flags when listing credentials.
 - tests:
   . Regenerate certs so that they expire before the 2038 armageddon
     so the test suite will pass on 32-bit operating systems until the
     underlying issues can be resolved.
 - Solaris:
   . Define _STDC_C11_BCI for memset_s prototype
 - build tooling:
   . Convert from python 2 to python 3
 - documentation
   . rename verify-password to verify-password-quality
   . hprop default mode is encrypt
   . kadmind "all" permission does not include "get-keys"
   . verify-password-quality might not be stateless

Release Notes - Heimdal - Version Heimdal 7.6

 Security

 - CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum

    When the Heimdal KDC checks the checksum that is placed on the
    S4U2Self packet by the server to protect the requested principal
    against modification, it does not confirm that the checksum
    algorithm that protects the user name (principal) in the request
    is keyed.  This allows a man-in-the-middle attacker who can
    intercept the request to the KDC to modify the packet by replacing
    the user name (principal) in the request with any desired user
    name (principal) that exists in the KDC and replace the checksum
    protecting that name with a CRC32 checksum (which requires no
    prior knowledge to compute).

    This would allow a S4U2Self ticket requested on behalf of user
    name (principal) user (a] EXAMPLE.COM to any service to be changed
    to a S4U2Self ticket with a user name (principal) of
    Administrator (a] EXAMPLE.COM. This ticket would then contain the
    PAC of the modified user name (principal).

 - CVE-2019-12098, client-only:

    RFC8062 Section 7 requires verification of the PA-PKINIT-KX key excahnge
    when anonymous PKINIT is used.  Failure to do so can permit an active
    attacker to become a man-in-the-middle.

 Bug fixes
     
 - Happy eyeballs: Don't wait for responses from known-unreachable KDCs.
 - kdc: check return copy_Realm, copy_PrincipalName, copy_EncryptionKey
 - kinit:
   . cleanup temporary ccaches
   . see man page for "kinit --anonymous" command line syntax change
 - kdc: Make anonymous AS-requests more RFC8062-compliant.
 - Updated expired test certificates
 - Solaris:
   . PKCS#11 hcrypto backend broken since 7.0.1
   . Building with Sun Pro C

 Features

 - kuser: support authenticated anonymous AS-REQs in kinit
 - kdc: support for anonymous TGS-REQs
 - kgetcred support for anonymous service tickets
 - Support builds with OpenSSL 1.1.1

Release Notes - Heimdal - Version Heimdal 7.5

 Security

 - Fix CVE-2017-17439, which is a remote denial of service
   vulnerability:

     In Heimdal 7.1 through 7.4, remote unauthenticated attackers
     are able to crash the KDC by sending a crafted UDP packet
     containing empty data fields for client name or realm.

 Bug fixes

 - Handle long input lines when reloading database dumps.

 - In pre-forked mode (default on Unix), correctly clear
   the process ids of exited children, allowing new child processes
   to replace the old.

 - Fixed incorrect KDC response when no-cross realm TGT exists,
   allowing client requests to fail quickly rather than time
   out after trying to get a correct answer from each KDC.

Release Notes - Heimdal - Version Heimdal 7.4

 Security

 - Fix CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation

   This is a critical vulnerability.

   In _krb5_extract_ticket() the KDC-REP service name must be obtained from
   encrypted version stored in 'enc_part' instead of the unencrypted version
   stored in 'ticket'.  Use of the unecrypted version provides an
   opportunity for successful server impersonation and other attacks.

   Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams.

   See https://www.orpheus-lyre.info/ for more details.

Release Notes - Heimdal - Version Heimdal 7.3

 Security

 - Fix transit path validation.  Commit f469fc6 (2010-10-02) inadvertently
   caused the previous hop realm to not be added to the transit path
   of issued tickets.  This may, in some cases, enable bypass of capath
   policy in Heimdal versions 1.5 through 7.2.

   Note, this may break sites that rely on the bug.  With the bug some
   incomplete [capaths] worked, that should not have.  These may now break
   authentication in some cross-realm configurations.
   (CVE-2017-6594)

Release Notes - Heimdal - Version Heimdal 7.2

 Bug fixes
 - Portability improvements
 - More strict parsing of encoded URI components in HTTP KDC
 - Fixed memory leak in malloc error recovery in NTLM GSSAPI mechanism
 - Avoid overly specific CPU info in krb5-config in aid of reproducible builds
 - Don't do AFS string-to-key tests when feature is disabled
 - Skip mdb_stat test when the command is not available
 - Windows: update SHA2 timestamp server
 - hdb: add missing export hdb_generate_key_set_password_with_ks_tuple
 - Fix signature of hdb_generate_key_set_password()
 - Windows: enable KX509 support in the KDC
 - kdc: fix kx509 service principal match
 - iprop: handle case where master sends nothing new
 - ipropd-slave: fix incorrect error codes
 - Allow choice of sqlite for HDB pref
 - check-iprop: don't fail to kill daemons
 - roken: pidfile -> rk_pidfile
 - kdc: _kdc_do_kx509 fix use after free error
 - Do not detect x32 as 64-bit platform.
 - No sys/ttydefaults.h on CYGWIN
 - Fix check-iprop races
 - roken_detach_prep() close pipe

Release Notes - Heimdal - Version Heimdal 7.1

 Security

 - kx509 realm-chopping security bug
 - non-authorization of alias additions/removals in kadmind
   (CVE-2016-2400)

 Feature

 - iprop has been revamped to fix a number of race conditions that could
   lead to inconsistent replication
 - Hierarchical capath support
 - AES Encryption with HMAC-SHA2 for Kerberos 5
   draft-ietf-kitten-aes-cts-hmac-sha2-11
 - hcrypto is now thread safe on all platforms
 - libhcrypto has new backends: CNG (Windows), PKCS#11 (mainly for
   Solaris), and OpenSSL.  OpenSSL is now a first-class libhcrypto backend.
   OpenSSL 1.0.x and 1.1 are both supported. AES-NI used when supported by
   backend
 - HDB now supports LMDB
 - Thread support on Windows
 - RFC 6113  Generalized Framework for Kerberos Pre-Authentication (FAST)
 - New GSS APIs:
   . gss_localname
 - Allow setting what encryption types a principal should have with
   [kadmin] default_key_rules, see krb5.conf manpage for more info
 - Unify libhcrypto with LTC (libtomcrypto)
 - asn1_compile 64-bit INTEGER functionality
 - HDB key history support including --keepold kadmin password option
 - Improved cross-realm key rollover safety
 - New krb5_kuserok() and krb5_aname_to_localname() plug-in interfaces
 - Improved MIT compatibility
   . kadm5 API
   . Migration from MIT KDB via "mitdb" HDB backend
   . Capable of writing the HDB in MIT dump format
 - Improved Active Directory interoperability
   . Enctype selection issues for PAC and other authz-data signatures
   . Cross realm key rollover (kvno 0)
 - New [kdc] enctype negotiation configuration:
   . tgt-use-strongest-session-key
   . svc-use-strongest-session-key
   . preauth-use-strongest-session-key
   . use-strongest-server-key
 - The KDC process now uses a multi-process model improving
   resiliency and performance
 - Allow batch-mode kinit with password file
 - SIGINFO support added to kinit cmd
 - New kx509 configuration options:
   . kx509_ca
   . kca_service
   . kx509_include_pkinit_san
   . kx509_template
 - Improved Heimdal library/plugin version safety
 - Name canonicalization
   . DNS resolver searchlist
   . Improved referral support
   . Support host:port host-based services
 - Pluggable libheimbase interface for DBs
 - Improve IPv6 Support
 - LDAP
   . Bind DN and password
   . Start TLS
 - klist --json
 - DIR credential cache type
 - Updated upstream SQLite and libedit
 - Removed legacy applications: ftp, kx, login, popper, push, rcp, rsh,
   telnet, xnlock
 - Completely remove RAND_egd support
 - Moved kadmin and ktutil to /usr/bin
 - Stricter fcache checks (see fcache_strict_checking krb5.conf setting)
    . use O_NOFOLLOW
    . don't follow symlinks
    . require cache files to be owned by the user
    . require sensible permissions (not group/other readable)
 - Implemented gss_store_cred()
 - Many more

 Bug fixes
 - iprop has been revamped to fix a number of race conditions that could
   lead to data loss
 - Include non-loopback addresses assigned to loopback interfaces
   when requesting tickets with addresses
 - KDC 1DES session key selection (for AFS rxkad-k5 compatibility)
 - Keytab file descriptor and lock leak
 - Credential cache corruption bugs
   (NOTE: The FILE ccache is still not entirely safe due to the
   fundamentally unsafe design of POSIX file locking)
 - gss_pseudo_random() interop bug
 - Plugins are now preferentially loaded from the run-time install tree
 - Reauthentication after password change in init_creds_password
 - Memory leak in the client kadmin library
 - TGS client requests renewable/forwardable/proxiable when possible
 - Locking issues in DB1 and DB3 HDB backends
 - Master HDB can remain locked while waiting for network I/O
 - Renewal/refresh logic when kinit is provided with a command
 - KDC handling of enterprise principals
 - Use correct bit for anon-pkinit
 - Many more

 Acknowledgements

 This release of Heimdal includes contributions from:

    Abhinav Upadhyay        Heath Kehoe             Nico Williams
    Andreas Schneider       Henry Jacques           Patrik Lundin
    Andrew Bartlett         Howard Chu              Philip Boulain
    Andrew Tridgell         Igor Sobrado            Ragnar Sundblad
    Antoine Jacoutot        Ingo Schwarze           Remi Ferrand
    Arran Cudbard-Bell      Jakub ajka             Rod Widdowson
    Arvid Requate           James Le Cuirot         Rok Pape
    Asanka Herath           James Lee               Roland C. Dowdeswell
    Ben Kaduk               Jeffrey Altman          Ross L Richardson
    Benjamin Kaduk          Jeffrey Clark           Russ Allbery
    Bernard Spil            Jeffrey Hutzelman       Samuel Cabrero
    Brian May               Jelmer Vernooij         Samuel Thibault
    Chas Williams           Ken Dreyer              Santosh Kumar Pradhan
    Chaskiel Grundman       Kiran S J               Sean Davis
    Dana Koch               Kumar Thangavelu        Sergio Gelato
    Daniel Schepler         Landon Fuller           Simon Wilkinson
    David Mulder            Linus Nordberg          Stef Walter
    Douglas Bagnall         Love Hrnquist strand  Stefan Metzmacher
    Ed Maste                Luke Howard             Steffen Jaeckel
    Eray Aslan              Magnus Ahltorp          Timothy Pearson
    Florian Best            Marc Balmer             Tollef Fog Heen
    Fredrik Pettai          Marcin Cielak          Tony Acero
    Greg Hudson             Marco Molteni           Uri Simchoni
    Gustavo Zacarias        Matthieu Hautreux       Viktor Dukhovni
    Gnther Deschner        Michael Meffie          Volker Lendecke
    Harald Barth            Moritz Lenz

Release Notes - Heimdal - Version Heimdal 1.5.3

 Bug fixes
 - Fix leaking file descriptors in KDC
 - Better socket/timeout handling in libkrb5
 - General bug fixes
 - Build fixes

Release Notes - Heimdal - Version Heimdal 1.5.2

 Security fixes
 - CVE-2011-4862 Buffer overflow in libtelnet/encrypt.c in telnetd - escalation of privilege
 - Check that key types strictly match - denial of service

Release Notes - Heimdal - Version Heimdal 1.5.1

 Bug fixes
 - Fix building on Solaris, requires c99
 - Fix building on Windows
 - Build system updates

Release Notes - Heimdal - Version Heimdal 1.5

New features

 - Support GSS name extensions/attributes
 - SHA512 support
 - No Kerberos 4 support
 - Basic support for MIT Admin protocol (SECGSS flavor)
   in kadmind (extract keytab)
 - Replace editline with libedit

Release Notes - Heimdal - Version Heimdal 1.4

 New features
 
 - Support for reading MIT database file directly
 - KCM is polished up and now used in production
 - NTLM first class citizen, credentials stored in KCM
 - Table driven ASN.1 compiler, smaller!, not enabled by default
 - Native Windows client support

Notes

 - Disabled write support NDBM hdb backend (read still in there) since
   it can't handle large records, please migrate to a diffrent backend
   (like BDB4)

Release Notes - Heimdal - Version Heimdal 1.3.3

 Bug fixes
 - Check the GSS-API checksum exists before trying to use it [CVE-2010-1321]
 - Check NULL pointers before dereference them [kdc]

Release Notes - Heimdal - Version Heimdal 1.3.2

 Bug fixes

 - Don't mix length when clearing hmac (could memset too much)
 - More paranoid underrun checking when decrypting packets
 - Check the password change requests and refuse to answer empty packets
 - Build on OpenSolaris 
 - Renumber AD-SIGNED-TICKET since it was stolen from US
 - Don't cache /dev/*random file descriptor, it doesn't get unloaded
 - Make C++ safe
 - Misc warnings

Release Notes - Heimdal - Version Heimdal 1.3.1

 Bug fixes

 - Store KDC offset in credentials
 - Many many more bug fixes

Release Notes - Heimdal - Version Heimdal 1.3.1

 New features

 - Make work with OpenLDAPs krb5 overlay

Release Notes - Heimdal - Version Heimdal 1.3

 New features

 - Partial support for MIT kadmind rpc protocol in kadmind
 - Better support for finding keytab entries when using SPN aliases in the KDC
 - Support BER in ASN.1 library (needed for CMS)
 - Support decryption in Keychain private keys
 - Support for new sqlite based credential cache
 - Try both KDC referals and the common DNS reverse lookup in GSS-API
 - Fix the KCM to not leak resources on failure
 - Add IPv6 support to iprop
 - Support localization of error strings in
   kinit/klist/kdestroy and Kerberos library
 - Remove Kerberos 4 support in application (still in KDC)
 - Deprecate DES
 - Support i18n password in windows domains (using UTF-8)
 - More complete API emulation of OpenSSL in hcrypto
 - Support for ECDSA and ECDH when linking with OpenSSL

 API changes

 - Support for settin friendly name on credential caches
 - Move to using doxygen to generate documentation.
 - Sprinkling __attribute__((__deprecated__)) for old function to be removed
 - Support to export LAST-REQUST information in AS-REQ
 - Support for client deferrals in in AS-REQ
 - Add seek support for krb5_storage.
 - Support for split AS-REQ, first step for IA-KERB
 - Fix many memory leaks and bugs
 - Improved regression test
 - Support krb5_cccol
 - Switch to krb5_set_error_message
 - Support krb5_crypto_*_iov	
 - Switch to use EVP for most function
 - Use SOCK_CLOEXEC and O_CLOEXEC (close on exec)
 - Add support for GSS_C_DELEG_POLICY_FLAG
 - Add krb5_cc_[gs]et_config to store data in the credential caches
 - PTY testing application

Bugfixes
 - Make building on AIX6 possible.
 - Bugfixes in LDAP KDC code to make it more stable
 - Make ipropd-slave reconnect when master down gown


Release Notes - Heimdal - Version Heimdal 1.2.1

* Bug

  [HEIMDAL-147] - Heimdal 1.2 not compiling on Solaris
  [HEIMDAL-151] - Make canned tests work again after cert expired
  [HEIMDAL-152] - iprop test: use full hostname to avoid realm
                  resolving errors
  [HEIMDAL-153] - ftp: Use the correct length for unmap, msync

Release Notes - Heimdal - Version Heimdal 1.2

* Bug

  [HEIMDAL-10] - Follow-up on bug report for SEGFAULT in
  		 gss_display_name/gss_export_name when using SPNEGO
  [HEIMDAL-15] - Re: [Heimdal-bugs] potential bug in Heimdal 1.1
  [HEIMDAL-17] - Remove support for depricated [libdefaults]capath
  [HEIMDAL-52] - hdb overwrite aliases for db databases
  [HEIMDAL-54] - Two issues which affect credentials delegation
  [HEIMDAL-58] - sockbuf.c calls setsockopt with bad args
  [HEIMDAL-62] - Fix printing of sig_atomic_t
  [HEIMDAL-87] - heimdal 1.1 not building under cygwin in hcrypto
  [HEIMDAL-105] - rcp: sync rcp with upstream bsd rcp codebase
  [HEIMDAL-117] - Use libtool to detect symbol versioning (Debian Bug#453241)

* Improvement
  [HEIMDAL-67] - Fix locking and store credential in atomic writes
                 in the FILE credential cache
  [HEIMDAL-106] - make compile on cygwin again
  [HEIMDAL-107] - Replace old random key generation in des module
                  and use it with RAND_ function instead
  [HEIMDAL-115] - Better documentation and compatibility in hcrypto
                  in regards to OpenSSL

* New Feature
  [HEIMDAL-3] - pkinit alg agility PRF test vectors
  [HEIMDAL-14] - Add libwind to Heimdal
  [HEIMDAL-16] - Use libwind in hx509
  [HEIMDAL-55] - Add flag to krb5 to not add GSS-API INT|CONF to
                 the negotiation
  [HEIMDAL-74] - Add support to report extended error message back
                 in AS-REQ to support windows clients
  [HEIMDAL-116] - test pty based application (using rkpty)
  [HEIMDAL-120] - Use new OpenLDAP API (older deprecated)

* Task
  [HEIMDAL-63] - Dont try key usage KRB5_KU_AP_REQ_AUTH for TGS-REQ.
                 This drop compatibility with pre 0.3d KDCs.
  [HEIMDAL-64] - kcm: first implementation of kcm-move-cache
  [HEIMDAL-65] - Failed to compile with --disable-pk-init
  [HEIMDAL-80] - verify that [VU#162289]: gcc silently discards some
                 wraparound checks doesn't apply to Heimdal

Changes in release 1.1

 * Read-only PKCS11 provider built-in to hx509.

 * Documentation for hx509, hcrypto and ntlm libraries improved.

 * Better compatibilty with Windows 2008 Server pre-releases and Vista.

 * Mac OS X 10.5 support for native credential cache.

 * Provide pkg-config file for Heimdal (heimdal-gssapi.pc).

 * Bug fixes.

Changes in release 1.0.2

* Ubuntu packages.

* Bug fixes.

Changes in release 1.0.1

 * Serveral bug fixes to iprop.

 * Make work on platforms without dlopen.

 * Add RFC3526 modp group14 as default.

 * Handle [kdc] database = { } entries without realm = stanzas.

 * Make krb5_get_renewed_creds work.

 * Make kaserver preauth work again.

 * Bug fixes.

Changes in release 1.0

 * Add gss_pseudo_random() for mechglue and krb5.

 * Make session key for the krbtgt be selected by the best encryption
   type of the client.

 * Better interoperability with other PK-INIT implementations.

 * Inital support for Mac OS X Keychain for hx509.

 * Alias support for inital ticket requests.

 * Add symbol versioning to selected libraries on platforms that uses
   GNU link editor: gssapi, hcrypto, heimntlm, hx509, krb5, and libkdc.

 * New version of imath included in hcrypto.

 * Fix memory leaks.

 * Bugs fixes.

Changes in release 0.8.1

 * Make ASN.1 library less paranoid to with regard to NUL in string to
   make it inter-operate with MIT Kerberos again.

 * Make GSS-API library work again when using gss_acquire_cred

 * Add symbol versioning to libgssapi when using GNU ld.

 * Fix memory leaks 

 * Bugs fixes

Changes in release 0.8

 * PK-INIT support.

 * HDB extensions support, used by PK-INIT.

 * New ASN.1 compiler.

 * GSS-API mechglue from FreeBSD.

 * Updated SPNEGO to support RFC4178.

 * Support for Cryptosystem Negotiation Extension (RFC 4537).

 * A new X.509 library (hx509) and related crypto functions.

 * A new ntlm library (heimntlm) and related crypto functions.

 * Updated the built-in crypto library with bignum support using
   imath, support for RSA and DH and renamed it to libhcrypto.

 * Subsystem in the KDC, digest, that will perform the digest
   operation in the KDC, currently supports: CHAP, MS-CHAP-V2, SASL
   DIGEST-MD5 NTLMv1 and NTLMv2.

 * KDC will return the "response too big" error to force TCP retries
   for large (default 1400 bytes) UDP replies.  This is common for
   PK-INIT requests.

 * Libkafs defaults to use 2b tokens.

 * Default to use the API cache on Mac OS X.

 * krb5_kuserok() also checks ~/.k5login.d directory for acl files,
   see manpage for krb5_kuserok for description.

 * Many, many, other updates to code and info manual and manual pages.

 * Bug fixes

Changes in release 0.7.2

* Fix security problem in rshd that enable an attacker to overwrite
  and change ownership of any file that root could write.

* Fix a DOS in telnetd. The attacker could force the server to crash
  in a NULL de-reference before the user logged in, resulting in inetd
  turning telnetd off because it forked too fast.

* Make gss_acquire_cred(GSS_C_ACCEPT) check that the requested name
  exists in the keytab before returning success. This allows servers
  to check if its even possible to use GSSAPI.

* Fix receiving end of token delegation for GSS-API. It still wrongly
  uses subkey for sending for compatibility reasons, this will change
  in 0.8.

* telnetd, login and rshd are now more verbose in logging failed and
  successful logins.

* Bug fixes

Changes in release 0.7.1

* Bug fixes

Changes in release 0.7

 * Support for KCM, a process based credential cache

 * Support CCAPI credential cache

 * SPNEGO support

 * AES (and the gssapi conterpart, CFX) support

 * Adding new and improve old documentation

 * Bug fixes

Changes in release 0.6.6

* Fix security problem in rshd that enable an attacker to overwrite
  and change ownership of any file that root could write.

* Fix a DOS in telnetd. The attacker could force the server to crash
  in a NULL de-reference before the user logged in, resulting in inetd
  turning telnetd off because it forked too fast.

Changes in release 0.6.5

 * fix vulnerabilities in telnetd

 * unbreak Kerberos 4 and kaserver

Changes in release 0.6.4

 * fix vulnerabilities in telnet

 * rshd: encryption without a separate error socket should now work

 * telnet now uses appdefaults for the encrypt and forward/forwardable
   settings

 * bug fixes

Changes in release 0.6.3

 * fix vulnerabilities in ftpd

 * support for linux AFS /proc "syscalls"

 * support for RFC3244 (Windows 2000 Kerberos Change/Set Password) in
   kpasswdd

 * fix possible KDC denial of service

 * bug fixes

Changes in release 0.6.2

 * Fix possible buffer overrun in v4 kadmin (which now defaults to off)

Changes in release 0.6.1

 * Fixed ARCFOUR suppport

 * Cross realm vulnerability

 * kdc: fix denial of service attack

 * kdc: stop clients from renewing tickets into the future

 * bug fixes
	
Changes in release 0.6

* The DES3 GSS-API mechanism has been changed to inter-operate with
  other GSSAPI implementations. See man page for gssapi(3) how to turn
  on generation of correct MIC messages. Next major release of heimdal 
  will generate correct MIC by default.

* More complete GSS-API support

* Better AFS support: kdc (524) supports 2b; 524 in kdc and AFS
  support in applications no longer requires Kerberos 4 libs

* Kerberos 4 support in kdc defaults to turned off (includes ka and 524)

* other bug fixes

Changes in release 0.5.2

 * kdc: add option for disabling v4 cross-realm (defaults to off)

 * bug fixes

Changes in release 0.5.1

 * kadmind: fix remote exploit

 * kadmind: add option to disable kerberos 4

 * kdc: make sure kaserver token life is positive

 * telnet: use the session key if there is no subkey

 * fix EPSV parsing in ftp

 * other bug fixes

Changes in release 0.5

 * add --detach option to kdc

 * allow setting forward and forwardable option in telnet from
   .telnetrc, with override from command line

 * accept addresses with or without ports in krb5_rd_cred

 * make it work with modern openssl

 * use our own string2key function even with openssl (that handles weak
   keys incorrectly)

 * more system-specific requirements in login

 * do not use getlogin() to determine root in su

 * telnet: abort if telnetd does not support encryption

 * update autoconf to 2.53

 * update config.guess, config.sub

 * other bug fixes

Changes in release 0.4e

 * improve libcrypto and database autoconf tests

 * do not care about salting of server principals when serving v4 requests

 * some improvements to gssapi library

 * test for existing compile_et/libcom_err

 * portability fixes

 * bug fixes

Changes in release 0.4d

 * fix some problems when using libcrypto from openssl

 * handle /dev/ptmx `unix98' ptys on Linux

 * add some forgotten man pages

 * rsh: clean-up and add man page

 * fix -A and -a in builtin-ls in tpd

 * fix building problem on Irix

 * make `ktutil get' more efficient

 * bug fixes

Changes in release 0.4c

 * fix buffer overrun in telnetd

 * repair some of the v4 fallback code in kinit

 * add more shared library dependencies

 * simplify and fix hprop handling of v4 databases

 * fix some building problems (osf's sia and osfc2 login)

 * bug fixes

Changes in release 0.4b

 * update the shared library version numbers correctly

Changes in release 0.4a

 * corrected key used for checksum in mk_safe, unfortunately this
   makes it backwards incompatible

 * update to autoconf 2.50, libtool 1.4

 * re-write dns/config lookups (krb5_krbhst API)

 * make order of using subkeys consistent

 * add man page links

 * add more man pages

 * remove rfc2052 support, now only rfc2782 is supported

 * always build with kaserver protocol support in the KDC (assuming
   KRB4 is enabled) and support for reading kaserver databases in
   hprop

Changes in release 0.3f

 * change default keytab to ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab,
   the new keytab type that tries both of these in order (SRVTAB is
   also an alias for krb4:)

 * improve error reporting and error handling (error messages should
   be more detailed and more useful)

 * improve building with openssl

 * add kadmin -K, rcp -F 

 * fix two incorrect weak DES keys

 * fix building of kaserver compat in KDC

 * the API is closer to what MIT krb5 is using

 * more compatible with windows 2000

 * removed some memory leaks

 * bug fixes

Changes in release 0.3e

 * rcp program included

 * fix buffer overrun in ftpd

 * handle omitted sequence numbers as zeroes to handle MIT krb5 that
   cannot generate zero sequence numbers

 * handle v4 /.k files better

 * configure/portability fixes

 * fixes in parsing of options to kadmin (sub-)commands

 * handle errors in kadmin load better

 * bug fixes

Changes in release 0.3d

 * add krb5-config

 * fix a bug in 3des gss-api mechanism, making it compatible with the
   specification and the MIT implementation

 * make telnetd only allow a specific list of environment variables to
   stop it from setting `sensitive' variables

 * try to use an existing libdes

 * lib/krb5, kdc: use correct usage type for ap-req messages.  This
   should improve compatability with MIT krb5 when using 3DES
   encryption types

 * kdc: fix memory allocation problem

 * update config.guess and config.sub

 * lib/roken: more stuff implemented

 * bug fixes and portability enhancements

Changes in release 0.3c

 * lib/krb5: memory caches now support the resolve operation

 * appl/login: set PATH to some sane default

 * kadmind: handle several realms

 * bug fixes (including memory leaks)

Changes in release 0.3b

 * kdc: prefer default-salted keys on v5 requests

 * kdc: lowercase hostnames in v4 mode

 * hprop: handle more types of MIT salts

 * lib/krb5: fix memory leak

 * bug fixes

Changes in release 0.3a:

 * implement arcfour-hmac-md5 to interoperate with W2K

 * modularise the handling of the master key, and allow for other
   encryption types. This makes it easier to import a database from
   some other source without having to re-encrypt all keys.

 * allow for better control over which encryption types are created

 * make kinit fallback to v4 if given a v4 KDC

 * make klist work better with v4 and v5, and add some more MIT
   compatibility options

 * make the kdc listen on the krb524 (4444) port for compatibility
   with MIT krb5 clients

 * implement more DCE/DFS support, enabled with --enable-dce, see
   lib/kdfs and appl/dceutils

 * make the sequence numbers work correctly

 * bug fixes

Changes in release 0.2t:

 * bug fixes

Changes in release 0.2s:

 * add OpenLDAP support in hdb

 * login will get v4 tickets when it receives forwarded tickets

 * xnlock supports both v5 and v4

 * repair source routing for telnet

 * fix building problems with krb4 (krb_mk_req)

 * bug fixes

Changes in release 0.2r:

 * fix realloc memory corruption bug in kdc

 * `add --key' and `cpw --key' in kadmin

 * klist supports listing v4 tickets

 * update config.guess and config.sub

 * make v4 -> v5 principal name conversion more robust

 * support for anonymous tickets

 * new man-pages

 * telnetd: do not negotiate KERBEROS5 authentication if there's no keytab.

 * use and set expiration and not password expiration when dumping
   to/from ka server databases / krb4 databases

 * make the code happier with 64-bit time_t

 * follow RFC2782 and by default do not look for non-underscore SRV names

Changes in release 0.2q:

 * bug fix in tcp-handling in kdc

 * bug fix in expand_hostname

Changes in release 0.2p:

 * bug fix in `kadmin load/merge'

 * bug fix in krb5_parse_address

Changes in release 0.2o:

 * gss_{import,export}_sec_context added to libgssapi

 * new option --addresses to kdc (for listening on an explicit set of
   addresses)

 * bug fixes in the krb4 and kaserver emulation part of the kdc

 * other bug fixes

Changes in release 0.2n:

 * more robust parsing of dump files in kadmin
 * changed default timestamp format for log messages to extended ISO
   8601 format (Y-M-DTH:M:S)
 * changed md4/md5/sha1 APIes to be de-facto `standard'
 * always make hostname into lower-case before creating principal
 * small bits of more MIT-compatability
 * bug fixes

Changes in release 0.2m:

 * handle glibc's getaddrinfo() that returns several ai_canonname

 * new endian test

 * man pages fixes

Changes in release 0.2l:

 * bug fixes

Changes in release 0.2k:

 * better IPv6 test

 * make struct sockaddr_storage in roken work better on alphas

 * some missing [hn]to[hn]s fixed.

 * allow users to change their own passwords with kadmin (with initial
   tickets)

 * fix stupid bug in parsing KDC specification

 * add `ktutil change' and `ktutil purge'

Changes in release 0.2j:

 * builds on Irix

 * ftpd works in passive mode

 * should build on cygwin

 * work around broken IPv6-code on OpenBSD 2.6, also add configure
   option --disable-ipv6

Changes in release 0.2i:

 * use getaddrinfo in the missing places.

 * fix SRV lookup for admin server

 * use get{addr,name}info everywhere.  and implement it in terms of
   getipnodeby{name,addr} (which uses gethostbyname{,2} and
   gethostbyaddr)

Changes in release 0.2h:

 * fix typo in kx (now compiles)

Changes in release 0.2g:

 * lots of bug fixes:
   * push works
   * repair appl/test programs
   * sockaddr_storage works on solaris (alignment issues)
   * works better with non-roken getaddrinfo
   * rsh works
   * some non standard C constructs removed

Changes in release 0.2f:

 * support SRV records for kpasswd
 * look for both _kerberos and krb5-realm when doing host -> realm mapping

Changes in release 0.2e:

 * changed copyright notices to remove `advertising'-clause.
 * get{addr,name}info added to roken and used in the other code
   (this makes things work much better with hosts with both v4 and v6
    addresses, among other things)
 * do pre-auth for both password and key-based get_in_tkt
 * support for having several databases
 * new command `del_enctype' in kadmin
 * strptime (and new strftime) add to roken
 * more paranoia about finding libdb
 * bug fixes

Changes in release 0.2d:

 * new configuration option [libdefaults]default_etypes_des
 * internal ls in ftpd builds without KRB4
 * kx/rsh/push/pop_debug tries v5 and v4 consistenly
 * build bug fixes
 * other bug fixes

Changes in release 0.2c:

 * bug fixes (see ChangeLog's for details)

Changes in release 0.2b:

 * bug fixes
 * actually bump shared library versions

Changes in release 0.2a:

 * a new program verify_krb5_conf for checking your /etc/krb5.conf
 * add 3DES keys when changing password
 * support null keys in database
 * support multiple local realms
 * implement a keytab backend for AFS KeyFile's
 * implement a keytab backend for v4 srvtabs
 * implement `ktutil copy'
 * support password quality control in v4 kadmind
 * improvements in v4 compat kadmind
 * handle the case of having the correct cred in the ccache but with
   the wrong encryption type better
 * v6-ify the remaining programs.
 * internal ls in ftpd
 * rename strcpy_truncate/strcat_truncate to strlcpy/strlcat
 * add `ank --random-password' and `cpw --random-password' in kadmin
 * some programs and documentation for trying to talk to a W2K KDC
 * bug fixes

Changes in release 0.1m:

 * support for getting default from krb5.conf for kinit/kf/rsh/telnet.
   From Miroslav Ruda <ruda (a] ics.muni.cz>
 * v6-ify hprop and hpropd
 * support numeric addresses in krb5_mk_req
 * shadow support in login and su. From Miroslav Ruda <ruda (a] ics.muni.cz>
 * make rsh/rshd IPv6-aware
 * make the gssapi sample applications better at reporting errors
 * lots of bug fixes
 * handle systems with v6-aware libc and non-v6 kernels (like Linux
   with glibc 2.1) better
 * hide failure of ERPT in ftp
 * lots of bug fixes

Changes in release 0.1l:

 * make ftp and ftpd IPv6-aware
 * add inet_pton to roken
 * more IPv6-awareness
 * make mini_inetd v6 aware

Changes in release 0.1k:

 * bump shared libraries versions
 * add roken version of inet_ntop
 * merge more changes to rshd

Changes in release 0.1j:

 * restore back to the `old' 3DES code.  This was supposed to be done
   in 0.1h and 0.1i but I did a CVS screw-up.
 * make telnetd handle v6 connections

Changes in release 0.1i:

 * start using `struct sockaddr_storage' which simplifies the code
   (with a fallback definition if it's not defined)
 * bug fixes (including in hprop and kf)
 * don't use mawk which seems to mishandle roken.awk
 * get_addrs should be able to handle v6 addresses on Linux (with the
   required patch to the Linux kernel -- ask within)
 * rshd builds with shadow passwords

Changes in release 0.1h:

 * kf: new program for forwarding credentials
 * portability fixes
 * make forwarding credentials work with MIT code
 * better conversion of ka database
 * add etc/services.append
 * correct `modified by' from kpasswdd
 * lots of bug fixes

Changes in release 0.1g:

 * kgetcred: new program for explicitly obtaining tickets
 * configure fixes
 * krb5-aware kx
 * bug fixes

Changes in release 0.1f;

 * experimental support for v4 kadmin protokoll in kadmind
 * bug fixes

Changes in release 0.1e:

 * try to handle old DCE and MIT kdcs
 * support for older versions of credential cache files and keytabs
 * postdated tickets work
 * support for password quality checks in kpasswdd
 * new flag --enable-kaserver for kdc
 * renew fixes
 * prototype su program
 * updated (some) manpages
 * support for KDC resource records
 * should build with --without-krb4
 * bug fixes

Changes in release 0.1d:

 * Support building with DB2 (uses 1.85-compat API)
 * Support krb5-realm.DOMAIN in DNS
 * new `ktutil srvcreate'
 * v4/kafs support in klist/kdestroy
 * bug fixes

Changes in release 0.1c:

 * fix ASN.1 encoding of signed integers
 * somewhat working `ktutil get'
 * some documentation updates
 * update to Autoconf 2.13 and Automake 1.4
 * the usual bug fixes

Changes in release 0.1b:

 * some old -> new crypto conversion utils
 * bug fixes

Changes in release 0.1a:

 * new crypto code
 * more bug fixes
 * make sure we ask for DES keys in gssapi
 * support signed ints in ASN1
 * IPv6-bug fixes

Changes in release 0.0u:

 * lots of bug fixes

Changes in release 0.0t:

 * more robust parsing of krb5.conf
 * include net{read,write} in lib/roken
 * bug fixes

Changes in release 0.0s:

 * kludges for parsing options to rsh
 * more robust parsing of krb5.conf
 * removed some arbitrary limits
 * bug fixes

Changes in release 0.0r:

 * default options for some programs
 * bug fixes

Changes in release 0.0q:

 * support for building shared libraries with libtool
 * bug fixes

Changes in release 0.0p:

 * keytab moved to /etc/krb5.keytab
 * avoid false detection of IPv6 on Linux
 * Lots of more functionality in the gssapi-library
 * hprop can now read ka-server databases
 * bug fixes

Changes in release 0.0o:

 * FTP with GSSAPI support.
 * Bug fixes.

Changes in release 0.0n:

 * Incremental database propagation.
 * Somewhat improved kadmin ui; the stuff in admin is now removed.
 * Some support for using enctypes instead of keytypes.
 * Lots of other improvement and bug fixes, see ChangeLog for details.