xref: /netbsd/crypto/external/bsd/heimdal/dist/NEWS (revision 25596981)
1Release Notes - Heimdal - Version Heimdal 7.8
2
3 Bug fixes
4
5 - CVE-2022-42898 PAC parse integer overflows
6
7 - CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour
8
9 - CVE-2021-44758 Heimdal KDC: invalid free in ASN.1 codec
10
11    This is a 10.0 on the Common Vulnerability Scoring System (CVSS) v3.
12
13    Heimdal's ASN.1 compiler generates code that allows specially
14    crafted DER encodings of CHOICEs to invoke the wrong free function
15    on the decoded structure upon decode error.  This is known to impact
16    the Heimdal KDC, leading to an invalid free() of an address partly
17    or wholly under the control of the attacker, in turn leading to a
18    potential remote code execution (RCE) vulnerability.
19
20    This error affects the DER codec for all CHOICE types used in
21    Heimdal, though not all cases will be exploitable.  We have not
22    completed a thorough analysis of all the Heimdal components
23    affected, thus the Kerberos client, the X.509 library, and other
24    parts, may be affected as well.
25
26    This bug has been in Heimdal since 2005.  It was first reported by
27    Douglas Bagnall, though it had been found independently by the
28    Heimdal maintainers via fuzzing.
29
30    While no zero-day exploit is known, such an exploit will likely be
31    available soon after public disclosure.
32
33 - Bugs found by UBSAN (including the incorrect encoding of unconstrained
34   INTEGER value -1).
35
36 - Errors found by the LLVM scan-build static analyzer.
37
38 - Errors found by the valgrind memory debugger.
39
40 - Work around GCC Bug 95189 (memcmp wrongly stripped like strcmp).
41
42 - Fix Unicode normalization read of 1 bytes past end of array.
43
44 - Correct ASN.1 OID typo for SHA-384
45
46 - Fix a deadlock in in the MEMORY ccache type.
47
48 - TGS: strip forwardable and proxiable flags if the server is
49   disallowed.
50
51 - CVE-2019-14870: Validate client attributes in protocol-transition
52 - CVE-2019-14870: Apply forwardable policy in protocol-transition
53 - CVE-2019-14870: Always lookup impersonate client in DB
54
55 - Incremental HDB propagation improvements
56
57    - Refactor send_diffs making it progressive
58    - Handle partial writes on non-blocking sockets
59    - Disable Nagle in iprop master and slave
60    - Use async I/O
61    - Don't send I_HAVE in response to AYT
62    - Do not recover log in kadm5_get_principal()
63    - Don't send diffs to slaves with not yet known version
64    - Don't stutter in send_diffs
65
66 - Optional backwards-compatible anon-pkinit behaviour
67
68Release Notes - Heimdal - Version Heimdal 7.7
69
70 Bug fixes
71
72 - PKCS#11 hcrypto back-end
73   . initialize the p11_module_load function list
74   . verify that not only is a mechanism present but that its mechanism
75     info states that it offers the required encryption, decryption or
76     digest services
77 - krb5:
78   . Starting with 7.6, Heimdal permitted requesting authenticated
79     anonymous tickets.  However, it did not verify that a KDC in fact
80     returned an anonymous ticket when one was requested.
81   - Cease setting the KDCOption reaquest_anonymous flag when issuing
82     S4UProxy (constrained delegation) TGS requests.
83   . when the Win2K PKINIT compatibility option is set, do
84     not require krbtgt otherName to match when validating KDC
85     certificate.
86   . set PKINIT_BTMM flag per Apple implementation
87   . use memset_s() instead of memset()
88 - kdc:
89   . When generating KRB5SignedPath in the AS, use the reply client name
90     rather than the one from the request, so validation will work
91     correctly in the TGS.
92   . allow checksum of PA-FOR-USER to be HMAC_MD5.  Even if tgt used
93     an enctype with a different checksum.  Per [MS-SFU] 2.2.1
94     PA-FOR-USER the checksum is always HMAC_MD5, and that's what
95     Windows and MIT clients send.
96
97     In heimdal both the client and kdc use instead the
98     checksum of the tgt, and therefore work with each other
99     but Windows and MIT clients fail against heimdal KDC.
100
101     Both Windows and MIT KDCs would allow any keyed checksum
102     to be used so Heimdal client interoperates with them.
103
104     Change Heimdal KDC to allow HMAC_MD5 even for non RC4
105     based tgt in order to support per-spec clients.
106   . use memset_s() instead of memset().
107   - Detect Heimdal 1.0 through 7.6 clients that issue S4UProxy
108     (constrained delegation) TGS Requests with the request
109     anonymous flag set.  These requests will be treated as
110     S4UProxy requests and not anonymous requests.
111 - HDB:
112   . Set SQLite3 backend default page size to 8KB.
113   . Add hdb_set_sync() method
114 - kadmind:
115   . disable HDB sync during database load avoiding unnecessary disk i/o.
116 - ipropd:
117   . disable HDB sync during receive_everything.  Doing an fsync
118     per-record when receiving the complete HDB is a performance
119     disaster.  Among other things, if the HDB is very large, then
120     one slave receving a full HDB can cause other slaves to timeout
121     and, if HDB write activity is high enough to cause iprop log
122     truncation, then also need full syncs, which leads to a cycle of
123     full syncs for all slaves until HDB write activity drops.
124     Allowing the iprop log to be larger helps, but improving
125     receive_everything() performance helps even more.
126 - kinit:
127   . Anonymous PKINIT tickets discard the realm information used
128     to locate the issuing AS. Store the issuing realm in the
129     credentials cache in order to locate a KDC which can renew them.
130   . Do not leak the result of krb5_cc_get_config() when determining
131     anonymous PKINIT start realm.
132  - klist:
133    . Show transited-policy-checked, ok-as-delegate and anonymous
134      flags when listing credentials.
135 - tests:
136   . Regenerate certs so that they expire before the 2038 armageddon
137     so the test suite will pass on 32-bit operating systems until the
138     underlying issues can be resolved.
139 - Solaris:
140   . Define _STDC_C11_BCI for memset_s prototype
141 - build tooling:
142   . Convert from python 2 to python 3
143 - documentation
144   . rename verify-password to verify-password-quality
145   . hprop default mode is encrypt
146   . kadmind "all" permission does not include "get-keys"
147   . verify-password-quality might not be stateless
148
149Release Notes - Heimdal - Version Heimdal 7.6
150
151 Security
152
153 - CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum
154
155    When the Heimdal KDC checks the checksum that is placed on the
156    S4U2Self packet by the server to protect the requested principal
157    against modification, it does not confirm that the checksum
158    algorithm that protects the user name (principal) in the request
159    is keyed.  This allows a man-in-the-middle attacker who can
160    intercept the request to the KDC to modify the packet by replacing
161    the user name (principal) in the request with any desired user
162    name (principal) that exists in the KDC and replace the checksum
163    protecting that name with a CRC32 checksum (which requires no
164    prior knowledge to compute).
165
166    This would allow a S4U2Self ticket requested on behalf of user
167    name (principal) user@EXAMPLE.COM to any service to be changed
168    to a S4U2Self ticket with a user name (principal) of
169    Administrator@EXAMPLE.COM. This ticket would then contain the
170    PAC of the modified user name (principal).
171
172 - CVE-2019-12098, client-only:
173
174    RFC8062 Section 7 requires verification of the PA-PKINIT-KX key excahnge
175    when anonymous PKINIT is used.  Failure to do so can permit an active
176    attacker to become a man-in-the-middle.
177
178 Bug fixes
179
180 - Happy eyeballs: Don't wait for responses from known-unreachable KDCs.
181 - kdc: check return copy_Realm, copy_PrincipalName, copy_EncryptionKey
182 - kinit:
183   . cleanup temporary ccaches
184   . see man page for "kinit --anonymous" command line syntax change
185 - kdc: Make anonymous AS-requests more RFC8062-compliant.
186 - Updated expired test certificates
187 - Solaris:
188   . PKCS#11 hcrypto backend broken since 7.0.1
189   . Building with Sun Pro C
190
191 Features
192
193 - kuser: support authenticated anonymous AS-REQs in kinit
194 - kdc: support for anonymous TGS-REQs
195 - kgetcred support for anonymous service tickets
196 - Support builds with OpenSSL 1.1.1
197
198Release Notes - Heimdal - Version Heimdal 7.5
199
200 Security
201
202 - Fix CVE-2017-17439, which is a remote denial of service
203   vulnerability:
204
205     In Heimdal 7.1 through 7.4, remote unauthenticated attackers
206     are able to crash the KDC by sending a crafted UDP packet
207     containing empty data fields for client name or realm.
208
209 Bug fixes
210
211 - Handle long input lines when reloading database dumps.
212
213 - In pre-forked mode (default on Unix), correctly clear
214   the process ids of exited children, allowing new child processes
215   to replace the old.
216
217 - Fixed incorrect KDC response when no-cross realm TGT exists,
218   allowing client requests to fail quickly rather than time
219   out after trying to get a correct answer from each KDC.
220
221Release Notes - Heimdal - Version Heimdal 7.4
222
223 Security
224
225 - Fix CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
226
227   This is a critical vulnerability.
228
229   In _krb5_extract_ticket() the KDC-REP service name must be obtained from
230   encrypted version stored in 'enc_part' instead of the unencrypted version
231   stored in 'ticket'.  Use of the unecrypted version provides an
232   opportunity for successful server impersonation and other attacks.
233
234   Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams.
235
236   See https://www.orpheus-lyre.info/ for more details.
237
238Release Notes - Heimdal - Version Heimdal 7.3
239
240 Security
241
242 - Fix transit path validation.  Commit f469fc6 (2010-10-02) inadvertently
243   caused the previous hop realm to not be added to the transit path
244   of issued tickets.  This may, in some cases, enable bypass of capath
245   policy in Heimdal versions 1.5 through 7.2.
246
247   Note, this may break sites that rely on the bug.  With the bug some
248   incomplete [capaths] worked, that should not have.  These may now break
249   authentication in some cross-realm configurations.
250   (CVE-2017-6594)
251
252Release Notes - Heimdal - Version Heimdal 7.2
253
254 Bug fixes
255 - Portability improvements
256 - More strict parsing of encoded URI components in HTTP KDC
257 - Fixed memory leak in malloc error recovery in NTLM GSSAPI mechanism
258 - Avoid overly specific CPU info in krb5-config in aid of reproducible builds
259 - Don't do AFS string-to-key tests when feature is disabled
260 - Skip mdb_stat test when the command is not available
261 - Windows: update SHA2 timestamp server
262 - hdb: add missing export hdb_generate_key_set_password_with_ks_tuple
263 - Fix signature of hdb_generate_key_set_password()
264 - Windows: enable KX509 support in the KDC
265 - kdc: fix kx509 service principal match
266 - iprop: handle case where master sends nothing new
267 - ipropd-slave: fix incorrect error codes
268 - Allow choice of sqlite for HDB pref
269 - check-iprop: don't fail to kill daemons
270 - roken: pidfile -> rk_pidfile
271 - kdc: _kdc_do_kx509 fix use after free error
272 - Do not detect x32 as 64-bit platform.
273 - No sys/ttydefaults.h on CYGWIN
274 - Fix check-iprop races
275 - roken_detach_prep() close pipe
276
277Release Notes - Heimdal - Version Heimdal 7.1
278
279 Security
280
281 - kx509 realm-chopping security bug
282 - non-authorization of alias additions/removals in kadmind
283   (CVE-2016-2400)
284
285 Feature
286
287 - iprop has been revamped to fix a number of race conditions that could
288   lead to inconsistent replication
289 - Hierarchical capath support
290 - AES Encryption with HMAC-SHA2 for Kerberos 5
291   draft-ietf-kitten-aes-cts-hmac-sha2-11
292 - hcrypto is now thread safe on all platforms
293 - libhcrypto has new backends: CNG (Windows), PKCS#11 (mainly for
294   Solaris), and OpenSSL.  OpenSSL is now a first-class libhcrypto backend.
295   OpenSSL 1.0.x and 1.1 are both supported. AES-NI used when supported by
296   backend
297 - HDB now supports LMDB
298 - Thread support on Windows
299 - RFC 6113  Generalized Framework for Kerberos Pre-Authentication (FAST)
300 - New GSS APIs:
301   . gss_localname
302 - Allow setting what encryption types a principal should have with
303   [kadmin] default_key_rules, see krb5.conf manpage for more info
304 - Unify libhcrypto with LTC (libtomcrypto)
305 - asn1_compile 64-bit INTEGER functionality
306 - HDB key history support including --keepold kadmin password option
307 - Improved cross-realm key rollover safety
308 - New krb5_kuserok() and krb5_aname_to_localname() plug-in interfaces
309 - Improved MIT compatibility
310   . kadm5 API
311   . Migration from MIT KDB via "mitdb" HDB backend
312   . Capable of writing the HDB in MIT dump format
313 - Improved Active Directory interoperability
314   . Enctype selection issues for PAC and other authz-data signatures
315   . Cross realm key rollover (kvno 0)
316 - New [kdc] enctype negotiation configuration:
317   . tgt-use-strongest-session-key
318   . svc-use-strongest-session-key
319   . preauth-use-strongest-session-key
320   . use-strongest-server-key
321 - The KDC process now uses a multi-process model improving
322   resiliency and performance
323 - Allow batch-mode kinit with password file
324 - SIGINFO support added to kinit cmd
325 - New kx509 configuration options:
326   . kx509_ca
327   . kca_service
328   . kx509_include_pkinit_san
329   . kx509_template
330 - Improved Heimdal library/plugin version safety
331 - Name canonicalization
332   . DNS resolver searchlist
333   . Improved referral support
334   . Support host:port host-based services
335 - Pluggable libheimbase interface for DBs
336 - Improve IPv6 Support
337 - LDAP
338   . Bind DN and password
339   . Start TLS
340 - klist --json
341 - DIR credential cache type
342 - Updated upstream SQLite and libedit
343 - Removed legacy applications: ftp, kx, login, popper, push, rcp, rsh,
344   telnet, xnlock
345 - Completely remove RAND_egd support
346 - Moved kadmin and ktutil to /usr/bin
347 - Stricter fcache checks (see fcache_strict_checking krb5.conf setting)
348    . use O_NOFOLLOW
349    . don't follow symlinks
350    . require cache files to be owned by the user
351    . require sensible permissions (not group/other readable)
352 - Implemented gss_store_cred()
353 - Many more
354
355 Bug fixes
356 - iprop has been revamped to fix a number of race conditions that could
357   lead to data loss
358 - Include non-loopback addresses assigned to loopback interfaces
359   when requesting tickets with addresses
360 - KDC 1DES session key selection (for AFS rxkad-k5 compatibility)
361 - Keytab file descriptor and lock leak
362 - Credential cache corruption bugs
363   (NOTE: The FILE ccache is still not entirely safe due to the
364   fundamentally unsafe design of POSIX file locking)
365 - gss_pseudo_random() interop bug
366 - Plugins are now preferentially loaded from the run-time install tree
367 - Reauthentication after password change in init_creds_password
368 - Memory leak in the client kadmin library
369 - TGS client requests renewable/forwardable/proxiable when possible
370 - Locking issues in DB1 and DB3 HDB backends
371 - Master HDB can remain locked while waiting for network I/O
372 - Renewal/refresh logic when kinit is provided with a command
373 - KDC handling of enterprise principals
374 - Use correct bit for anon-pkinit
375 - Many more
376
377 Acknowledgements
378
379 This release of Heimdal includes contributions from:
380
381    Abhinav Upadhyay        Heath Kehoe             Nico Williams
382    Andreas Schneider       Henry Jacques           Patrik Lundin
383    Andrew Bartlett         Howard Chu              Philip Boulain
384    Andrew Tridgell         Igor Sobrado            Ragnar Sundblad
385    Antoine Jacoutot        Ingo Schwarze           Remi Ferrand
386    Arran Cudbard-Bell      Jakub Čajka             Rod Widdowson
387    Arvid Requate           James Le Cuirot         Rok Papež
388    Asanka Herath           James Lee               Roland C. Dowdeswell
389    Ben Kaduk               Jeffrey Altman          Ross L Richardson
390    Benjamin Kaduk          Jeffrey Clark           Russ Allbery
391    Bernard Spil            Jeffrey Hutzelman       Samuel Cabrero
392    Brian May               Jelmer Vernooij         Samuel Thibault
393    Chas Williams           Ken Dreyer              Santosh Kumar Pradhan
394    Chaskiel Grundman       Kiran S J               Sean Davis
395    Dana Koch               Kumar Thangavelu        Sergio Gelato
396    Daniel Schepler         Landon Fuller           Simon Wilkinson
397    David Mulder            Linus Nordberg          Stef Walter
398    Douglas Bagnall         Love Hörnquist Åstrand  Stefan Metzmacher
399    Ed Maste                Luke Howard             Steffen Jaeckel
400    Eray Aslan              Magnus Ahltorp          Timothy Pearson
401    Florian Best            Marc Balmer             Tollef Fog Heen
402    Fredrik Pettai          Marcin Cieślak          Tony Acero
403    Greg Hudson             Marco Molteni           Uri Simchoni
404    Gustavo Zacarias        Matthieu Hautreux       Viktor Dukhovni
405    Günther Deschner        Michael Meffie          Volker Lendecke
406    Harald Barth            Moritz Lenz
407
408Release Notes - Heimdal - Version Heimdal 1.5.3
409
410 Bug fixes
411 - Fix leaking file descriptors in KDC
412 - Better socket/timeout handling in libkrb5
413 - General bug fixes
414 - Build fixes
415
416Release Notes - Heimdal - Version Heimdal 1.5.2
417
418 Security fixes
419 - CVE-2011-4862 Buffer overflow in libtelnet/encrypt.c in telnetd - escalation of privilege
420 - Check that key types strictly match - denial of service
421
422Release Notes - Heimdal - Version Heimdal 1.5.1
423
424 Bug fixes
425 - Fix building on Solaris, requires c99
426 - Fix building on Windows
427 - Build system updates
428
429Release Notes - Heimdal - Version Heimdal 1.5
430
431New features
432
433 - Support GSS name extensions/attributes
434 - SHA512 support
435 - No Kerberos 4 support
436 - Basic support for MIT Admin protocol (SECGSS flavor)
437   in kadmind (extract keytab)
438 - Replace editline with libedit
439
440Release Notes - Heimdal - Version Heimdal 1.4
441
442 New features
443
444 - Support for reading MIT database file directly
445 - KCM is polished up and now used in production
446 - NTLM first class citizen, credentials stored in KCM
447 - Table driven ASN.1 compiler, smaller!, not enabled by default
448 - Native Windows client support
449
450Notes
451
452 - Disabled write support NDBM hdb backend (read still in there) since
453   it can't handle large records, please migrate to a diffrent backend
454   (like BDB4)
455
456Release Notes - Heimdal - Version Heimdal 1.3.3
457
458 Bug fixes
459 - Check the GSS-API checksum exists before trying to use it [CVE-2010-1321]
460 - Check NULL pointers before dereference them [kdc]
461
462Release Notes - Heimdal - Version Heimdal 1.3.2
463
464 Bug fixes
465
466 - Don't mix length when clearing hmac (could memset too much)
467 - More paranoid underrun checking when decrypting packets
468 - Check the password change requests and refuse to answer empty packets
469 - Build on OpenSolaris
470 - Renumber AD-SIGNED-TICKET since it was stolen from US
471 - Don't cache /dev/*random file descriptor, it doesn't get unloaded
472 - Make C++ safe
473 - Misc warnings
474
475Release Notes - Heimdal - Version Heimdal 1.3.1
476
477 Bug fixes
478
479 - Store KDC offset in credentials
480 - Many many more bug fixes
481
482Release Notes - Heimdal - Version Heimdal 1.3.1
483
484 New features
485
486 - Make work with OpenLDAPs krb5 overlay
487
488Release Notes - Heimdal - Version Heimdal 1.3
489
490 New features
491
492 - Partial support for MIT kadmind rpc protocol in kadmind
493 - Better support for finding keytab entries when using SPN aliases in the KDC
494 - Support BER in ASN.1 library (needed for CMS)
495 - Support decryption in Keychain private keys
496 - Support for new sqlite based credential cache
497 - Try both KDC referals and the common DNS reverse lookup in GSS-API
498 - Fix the KCM to not leak resources on failure
499 - Add IPv6 support to iprop
500 - Support localization of error strings in
501   kinit/klist/kdestroy and Kerberos library
502 - Remove Kerberos 4 support in application (still in KDC)
503 - Deprecate DES
504 - Support i18n password in windows domains (using UTF-8)
505 - More complete API emulation of OpenSSL in hcrypto
506 - Support for ECDSA and ECDH when linking with OpenSSL
507
508 API changes
509
510 - Support for settin friendly name on credential caches
511 - Move to using doxygen to generate documentation.
512 - Sprinkling __attribute__((__deprecated__)) for old function to be removed
513 - Support to export LAST-REQUST information in AS-REQ
514 - Support for client deferrals in in AS-REQ
515 - Add seek support for krb5_storage.
516 - Support for split AS-REQ, first step for IA-KERB
517 - Fix many memory leaks and bugs
518 - Improved regression test
519 - Support krb5_cccol
520 - Switch to krb5_set_error_message
521 - Support krb5_crypto_*_iov
522 - Switch to use EVP for most function
523 - Use SOCK_CLOEXEC and O_CLOEXEC (close on exec)
524 - Add support for GSS_C_DELEG_POLICY_FLAG
525 - Add krb5_cc_[gs]et_config to store data in the credential caches
526 - PTY testing application
527
528Bugfixes
529 - Make building on AIX6 possible.
530 - Bugfixes in LDAP KDC code to make it more stable
531 - Make ipropd-slave reconnect when master down gown
532
533
534Release Notes - Heimdal - Version Heimdal 1.2.1
535
536* Bug
537
538  [HEIMDAL-147] - Heimdal 1.2 not compiling on Solaris
539  [HEIMDAL-151] - Make canned tests work again after cert expired
540  [HEIMDAL-152] - iprop test: use full hostname to avoid realm
541                  resolving errors
542  [HEIMDAL-153] - ftp: Use the correct length for unmap, msync
543
544Release Notes - Heimdal - Version Heimdal 1.2
545
546* Bug
547
548  [HEIMDAL-10] - Follow-up on bug report for SEGFAULT in
549  		 gss_display_name/gss_export_name when using SPNEGO
550  [HEIMDAL-15] - Re: [Heimdal-bugs] potential bug in Heimdal 1.1
551  [HEIMDAL-17] - Remove support for depricated [libdefaults]capath
552  [HEIMDAL-52] - hdb overwrite aliases for db databases
553  [HEIMDAL-54] - Two issues which affect credentials delegation
554  [HEIMDAL-58] - sockbuf.c calls setsockopt with bad args
555  [HEIMDAL-62] - Fix printing of sig_atomic_t
556  [HEIMDAL-87] - heimdal 1.1 not building under cygwin in hcrypto
557  [HEIMDAL-105] - rcp: sync rcp with upstream bsd rcp codebase
558  [HEIMDAL-117] - Use libtool to detect symbol versioning (Debian Bug#453241)
559
560* Improvement
561  [HEIMDAL-67] - Fix locking and store credential in atomic writes
562                 in the FILE credential cache
563  [HEIMDAL-106] - make compile on cygwin again
564  [HEIMDAL-107] - Replace old random key generation in des module
565                  and use it with RAND_ function instead
566  [HEIMDAL-115] - Better documentation and compatibility in hcrypto
567                  in regards to OpenSSL
568
569* New Feature
570  [HEIMDAL-3] - pkinit alg agility PRF test vectors
571  [HEIMDAL-14] - Add libwind to Heimdal
572  [HEIMDAL-16] - Use libwind in hx509
573  [HEIMDAL-55] - Add flag to krb5 to not add GSS-API INT|CONF to
574                 the negotiation
575  [HEIMDAL-74] - Add support to report extended error message back
576                 in AS-REQ to support windows clients
577  [HEIMDAL-116] - test pty based application (using rkpty)
578  [HEIMDAL-120] - Use new OpenLDAP API (older deprecated)
579
580* Task
581  [HEIMDAL-63] - Dont try key usage KRB5_KU_AP_REQ_AUTH for TGS-REQ.
582                 This drop compatibility with pre 0.3d KDCs.
583  [HEIMDAL-64] - kcm: first implementation of kcm-move-cache
584  [HEIMDAL-65] - Failed to compile with --disable-pk-init
585  [HEIMDAL-80] - verify that [VU#162289]: gcc silently discards some
586                 wraparound checks doesn't apply to Heimdal
587
588Changes in release 1.1
589
590 * Read-only PKCS11 provider built-in to hx509.
591
592 * Documentation for hx509, hcrypto and ntlm libraries improved.
593
594 * Better compatibilty with Windows 2008 Server pre-releases and Vista.
595
596 * Mac OS X 10.5 support for native credential cache.
597
598 * Provide pkg-config file for Heimdal (heimdal-gssapi.pc).
599
600 * Bug fixes.
601
602Changes in release 1.0.2
603
604* Ubuntu packages.
605
606* Bug fixes.
607
608Changes in release 1.0.1
609
610 * Serveral bug fixes to iprop.
611
612 * Make work on platforms without dlopen.
613
614 * Add RFC3526 modp group14 as default.
615
616 * Handle [kdc] database = { } entries without realm = stanzas.
617
618 * Make krb5_get_renewed_creds work.
619
620 * Make kaserver preauth work again.
621
622 * Bug fixes.
623
624Changes in release 1.0
625
626 * Add gss_pseudo_random() for mechglue and krb5.
627
628 * Make session key for the krbtgt be selected by the best encryption
629   type of the client.
630
631 * Better interoperability with other PK-INIT implementations.
632
633 * Inital support for Mac OS X Keychain for hx509.
634
635 * Alias support for inital ticket requests.
636
637 * Add symbol versioning to selected libraries on platforms that uses
638   GNU link editor: gssapi, hcrypto, heimntlm, hx509, krb5, and libkdc.
639
640 * New version of imath included in hcrypto.
641
642 * Fix memory leaks.
643
644 * Bugs fixes.
645
646Changes in release 0.8.1
647
648 * Make ASN.1 library less paranoid to with regard to NUL in string to
649   make it inter-operate with MIT Kerberos again.
650
651 * Make GSS-API library work again when using gss_acquire_cred
652
653 * Add symbol versioning to libgssapi when using GNU ld.
654
655 * Fix memory leaks
656
657 * Bugs fixes
658
659Changes in release 0.8
660
661 * PK-INIT support.
662
663 * HDB extensions support, used by PK-INIT.
664
665 * New ASN.1 compiler.
666
667 * GSS-API mechglue from FreeBSD.
668
669 * Updated SPNEGO to support RFC4178.
670
671 * Support for Cryptosystem Negotiation Extension (RFC 4537).
672
673 * A new X.509 library (hx509) and related crypto functions.
674
675 * A new ntlm library (heimntlm) and related crypto functions.
676
677 * Updated the built-in crypto library with bignum support using
678   imath, support for RSA and DH and renamed it to libhcrypto.
679
680 * Subsystem in the KDC, digest, that will perform the digest
681   operation in the KDC, currently supports: CHAP, MS-CHAP-V2, SASL
682   DIGEST-MD5 NTLMv1 and NTLMv2.
683
684 * KDC will return the "response too big" error to force TCP retries
685   for large (default 1400 bytes) UDP replies.  This is common for
686   PK-INIT requests.
687
688 * Libkafs defaults to use 2b tokens.
689
690 * Default to use the API cache on Mac OS X.
691
692 * krb5_kuserok() also checks ~/.k5login.d directory for acl files,
693   see manpage for krb5_kuserok for description.
694
695 * Many, many, other updates to code and info manual and manual pages.
696
697 * Bug fixes
698
699Changes in release 0.7.2
700
701* Fix security problem in rshd that enable an attacker to overwrite
702  and change ownership of any file that root could write.
703
704* Fix a DOS in telnetd. The attacker could force the server to crash
705  in a NULL de-reference before the user logged in, resulting in inetd
706  turning telnetd off because it forked too fast.
707
708* Make gss_acquire_cred(GSS_C_ACCEPT) check that the requested name
709  exists in the keytab before returning success. This allows servers
710  to check if its even possible to use GSSAPI.
711
712* Fix receiving end of token delegation for GSS-API. It still wrongly
713  uses subkey for sending for compatibility reasons, this will change
714  in 0.8.
715
716* telnetd, login and rshd are now more verbose in logging failed and
717  successful logins.
718
719* Bug fixes
720
721Changes in release 0.7.1
722
723* Bug fixes
724
725Changes in release 0.7
726
727 * Support for KCM, a process based credential cache
728
729 * Support CCAPI credential cache
730
731 * SPNEGO support
732
733 * AES (and the gssapi conterpart, CFX) support
734
735 * Adding new and improve old documentation
736
737 * Bug fixes
738
739Changes in release 0.6.6
740
741* Fix security problem in rshd that enable an attacker to overwrite
742  and change ownership of any file that root could write.
743
744* Fix a DOS in telnetd. The attacker could force the server to crash
745  in a NULL de-reference before the user logged in, resulting in inetd
746  turning telnetd off because it forked too fast.
747
748Changes in release 0.6.5
749
750 * fix vulnerabilities in telnetd
751
752 * unbreak Kerberos 4 and kaserver
753
754Changes in release 0.6.4
755
756 * fix vulnerabilities in telnet
757
758 * rshd: encryption without a separate error socket should now work
759
760 * telnet now uses appdefaults for the encrypt and forward/forwardable
761   settings
762
763 * bug fixes
764
765Changes in release 0.6.3
766
767 * fix vulnerabilities in ftpd
768
769 * support for linux AFS /proc "syscalls"
770
771 * support for RFC3244 (Windows 2000 Kerberos Change/Set Password) in
772   kpasswdd
773
774 * fix possible KDC denial of service
775
776 * bug fixes
777
778Changes in release 0.6.2
779
780 * Fix possible buffer overrun in v4 kadmin (which now defaults to off)
781
782Changes in release 0.6.1
783
784 * Fixed ARCFOUR suppport
785
786 * Cross realm vulnerability
787
788 * kdc: fix denial of service attack
789
790 * kdc: stop clients from renewing tickets into the future
791
792 * bug fixes
793
794Changes in release 0.6
795
796* The DES3 GSS-API mechanism has been changed to inter-operate with
797  other GSSAPI implementations. See man page for gssapi(3) how to turn
798  on generation of correct MIC messages. Next major release of heimdal
799  will generate correct MIC by default.
800
801* More complete GSS-API support
802
803* Better AFS support: kdc (524) supports 2b; 524 in kdc and AFS
804  support in applications no longer requires Kerberos 4 libs
805
806* Kerberos 4 support in kdc defaults to turned off (includes ka and 524)
807
808* other bug fixes
809
810Changes in release 0.5.2
811
812 * kdc: add option for disabling v4 cross-realm (defaults to off)
813
814 * bug fixes
815
816Changes in release 0.5.1
817
818 * kadmind: fix remote exploit
819
820 * kadmind: add option to disable kerberos 4
821
822 * kdc: make sure kaserver token life is positive
823
824 * telnet: use the session key if there is no subkey
825
826 * fix EPSV parsing in ftp
827
828 * other bug fixes
829
830Changes in release 0.5
831
832 * add --detach option to kdc
833
834 * allow setting forward and forwardable option in telnet from
835   .telnetrc, with override from command line
836
837 * accept addresses with or without ports in krb5_rd_cred
838
839 * make it work with modern openssl
840
841 * use our own string2key function even with openssl (that handles weak
842   keys incorrectly)
843
844 * more system-specific requirements in login
845
846 * do not use getlogin() to determine root in su
847
848 * telnet: abort if telnetd does not support encryption
849
850 * update autoconf to 2.53
851
852 * update config.guess, config.sub
853
854 * other bug fixes
855
856Changes in release 0.4e
857
858 * improve libcrypto and database autoconf tests
859
860 * do not care about salting of server principals when serving v4 requests
861
862 * some improvements to gssapi library
863
864 * test for existing compile_et/libcom_err
865
866 * portability fixes
867
868 * bug fixes
869
870Changes in release 0.4d
871
872 * fix some problems when using libcrypto from openssl
873
874 * handle /dev/ptmx `unix98' ptys on Linux
875
876 * add some forgotten man pages
877
878 * rsh: clean-up and add man page
879
880 * fix -A and -a in builtin-ls in tpd
881
882 * fix building problem on Irix
883
884 * make `ktutil get' more efficient
885
886 * bug fixes
887
888Changes in release 0.4c
889
890 * fix buffer overrun in telnetd
891
892 * repair some of the v4 fallback code in kinit
893
894 * add more shared library dependencies
895
896 * simplify and fix hprop handling of v4 databases
897
898 * fix some building problems (osf's sia and osfc2 login)
899
900 * bug fixes
901
902Changes in release 0.4b
903
904 * update the shared library version numbers correctly
905
906Changes in release 0.4a
907
908 * corrected key used for checksum in mk_safe, unfortunately this
909   makes it backwards incompatible
910
911 * update to autoconf 2.50, libtool 1.4
912
913 * re-write dns/config lookups (krb5_krbhst API)
914
915 * make order of using subkeys consistent
916
917 * add man page links
918
919 * add more man pages
920
921 * remove rfc2052 support, now only rfc2782 is supported
922
923 * always build with kaserver protocol support in the KDC (assuming
924   KRB4 is enabled) and support for reading kaserver databases in
925   hprop
926
927Changes in release 0.3f
928
929 * change default keytab to ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab,
930   the new keytab type that tries both of these in order (SRVTAB is
931   also an alias for krb4:)
932
933 * improve error reporting and error handling (error messages should
934   be more detailed and more useful)
935
936 * improve building with openssl
937
938 * add kadmin -K, rcp -F
939
940 * fix two incorrect weak DES keys
941
942 * fix building of kaserver compat in KDC
943
944 * the API is closer to what MIT krb5 is using
945
946 * more compatible with windows 2000
947
948 * removed some memory leaks
949
950 * bug fixes
951
952Changes in release 0.3e
953
954 * rcp program included
955
956 * fix buffer overrun in ftpd
957
958 * handle omitted sequence numbers as zeroes to handle MIT krb5 that
959   cannot generate zero sequence numbers
960
961 * handle v4 /.k files better
962
963 * configure/portability fixes
964
965 * fixes in parsing of options to kadmin (sub-)commands
966
967 * handle errors in kadmin load better
968
969 * bug fixes
970
971Changes in release 0.3d
972
973 * add krb5-config
974
975 * fix a bug in 3des gss-api mechanism, making it compatible with the
976   specification and the MIT implementation
977
978 * make telnetd only allow a specific list of environment variables to
979   stop it from setting `sensitive' variables
980
981 * try to use an existing libdes
982
983 * lib/krb5, kdc: use correct usage type for ap-req messages.  This
984   should improve compatability with MIT krb5 when using 3DES
985   encryption types
986
987 * kdc: fix memory allocation problem
988
989 * update config.guess and config.sub
990
991 * lib/roken: more stuff implemented
992
993 * bug fixes and portability enhancements
994
995Changes in release 0.3c
996
997 * lib/krb5: memory caches now support the resolve operation
998
999 * appl/login: set PATH to some sane default
1000
1001 * kadmind: handle several realms
1002
1003 * bug fixes (including memory leaks)
1004
1005Changes in release 0.3b
1006
1007 * kdc: prefer default-salted keys on v5 requests
1008
1009 * kdc: lowercase hostnames in v4 mode
1010
1011 * hprop: handle more types of MIT salts
1012
1013 * lib/krb5: fix memory leak
1014
1015 * bug fixes
1016
1017Changes in release 0.3a:
1018
1019 * implement arcfour-hmac-md5 to interoperate with W2K
1020
1021 * modularise the handling of the master key, and allow for other
1022   encryption types. This makes it easier to import a database from
1023   some other source without having to re-encrypt all keys.
1024
1025 * allow for better control over which encryption types are created
1026
1027 * make kinit fallback to v4 if given a v4 KDC
1028
1029 * make klist work better with v4 and v5, and add some more MIT
1030   compatibility options
1031
1032 * make the kdc listen on the krb524 (4444) port for compatibility
1033   with MIT krb5 clients
1034
1035 * implement more DCE/DFS support, enabled with --enable-dce, see
1036   lib/kdfs and appl/dceutils
1037
1038 * make the sequence numbers work correctly
1039
1040 * bug fixes
1041
1042Changes in release 0.2t:
1043
1044 * bug fixes
1045
1046Changes in release 0.2s:
1047
1048 * add OpenLDAP support in hdb
1049
1050 * login will get v4 tickets when it receives forwarded tickets
1051
1052 * xnlock supports both v5 and v4
1053
1054 * repair source routing for telnet
1055
1056 * fix building problems with krb4 (krb_mk_req)
1057
1058 * bug fixes
1059
1060Changes in release 0.2r:
1061
1062 * fix realloc memory corruption bug in kdc
1063
1064 * `add --key' and `cpw --key' in kadmin
1065
1066 * klist supports listing v4 tickets
1067
1068 * update config.guess and config.sub
1069
1070 * make v4 -> v5 principal name conversion more robust
1071
1072 * support for anonymous tickets
1073
1074 * new man-pages
1075
1076 * telnetd: do not negotiate KERBEROS5 authentication if there's no keytab.
1077
1078 * use and set expiration and not password expiration when dumping
1079   to/from ka server databases / krb4 databases
1080
1081 * make the code happier with 64-bit time_t
1082
1083 * follow RFC2782 and by default do not look for non-underscore SRV names
1084
1085Changes in release 0.2q:
1086
1087 * bug fix in tcp-handling in kdc
1088
1089 * bug fix in expand_hostname
1090
1091Changes in release 0.2p:
1092
1093 * bug fix in `kadmin load/merge'
1094
1095 * bug fix in krb5_parse_address
1096
1097Changes in release 0.2o:
1098
1099 * gss_{import,export}_sec_context added to libgssapi
1100
1101 * new option --addresses to kdc (for listening on an explicit set of
1102   addresses)
1103
1104 * bug fixes in the krb4 and kaserver emulation part of the kdc
1105
1106 * other bug fixes
1107
1108Changes in release 0.2n:
1109
1110 * more robust parsing of dump files in kadmin
1111 * changed default timestamp format for log messages to extended ISO
1112   8601 format (Y-M-DTH:M:S)
1113 * changed md4/md5/sha1 APIes to be de-facto `standard'
1114 * always make hostname into lower-case before creating principal
1115 * small bits of more MIT-compatability
1116 * bug fixes
1117
1118Changes in release 0.2m:
1119
1120 * handle glibc's getaddrinfo() that returns several ai_canonname
1121
1122 * new endian test
1123
1124 * man pages fixes
1125
1126Changes in release 0.2l:
1127
1128 * bug fixes
1129
1130Changes in release 0.2k:
1131
1132 * better IPv6 test
1133
1134 * make struct sockaddr_storage in roken work better on alphas
1135
1136 * some missing [hn]to[hn]s fixed.
1137
1138 * allow users to change their own passwords with kadmin (with initial
1139   tickets)
1140
1141 * fix stupid bug in parsing KDC specification
1142
1143 * add `ktutil change' and `ktutil purge'
1144
1145Changes in release 0.2j:
1146
1147 * builds on Irix
1148
1149 * ftpd works in passive mode
1150
1151 * should build on cygwin
1152
1153 * work around broken IPv6-code on OpenBSD 2.6, also add configure
1154   option --disable-ipv6
1155
1156Changes in release 0.2i:
1157
1158 * use getaddrinfo in the missing places.
1159
1160 * fix SRV lookup for admin server
1161
1162 * use get{addr,name}info everywhere.  and implement it in terms of
1163   getipnodeby{name,addr} (which uses gethostbyname{,2} and
1164   gethostbyaddr)
1165
1166Changes in release 0.2h:
1167
1168 * fix typo in kx (now compiles)
1169
1170Changes in release 0.2g:
1171
1172 * lots of bug fixes:
1173   * push works
1174   * repair appl/test programs
1175   * sockaddr_storage works on solaris (alignment issues)
1176   * works better with non-roken getaddrinfo
1177   * rsh works
1178   * some non standard C constructs removed
1179
1180Changes in release 0.2f:
1181
1182 * support SRV records for kpasswd
1183 * look for both _kerberos and krb5-realm when doing host -> realm mapping
1184
1185Changes in release 0.2e:
1186
1187 * changed copyright notices to remove `advertising'-clause.
1188 * get{addr,name}info added to roken and used in the other code
1189   (this makes things work much better with hosts with both v4 and v6
1190    addresses, among other things)
1191 * do pre-auth for both password and key-based get_in_tkt
1192 * support for having several databases
1193 * new command `del_enctype' in kadmin
1194 * strptime (and new strftime) add to roken
1195 * more paranoia about finding libdb
1196 * bug fixes
1197
1198Changes in release 0.2d:
1199
1200 * new configuration option [libdefaults]default_etypes_des
1201 * internal ls in ftpd builds without KRB4
1202 * kx/rsh/push/pop_debug tries v5 and v4 consistenly
1203 * build bug fixes
1204 * other bug fixes
1205
1206Changes in release 0.2c:
1207
1208 * bug fixes (see ChangeLog's for details)
1209
1210Changes in release 0.2b:
1211
1212 * bug fixes
1213 * actually bump shared library versions
1214
1215Changes in release 0.2a:
1216
1217 * a new program verify_krb5_conf for checking your /etc/krb5.conf
1218 * add 3DES keys when changing password
1219 * support null keys in database
1220 * support multiple local realms
1221 * implement a keytab backend for AFS KeyFile's
1222 * implement a keytab backend for v4 srvtabs
1223 * implement `ktutil copy'
1224 * support password quality control in v4 kadmind
1225 * improvements in v4 compat kadmind
1226 * handle the case of having the correct cred in the ccache but with
1227   the wrong encryption type better
1228 * v6-ify the remaining programs.
1229 * internal ls in ftpd
1230 * rename strcpy_truncate/strcat_truncate to strlcpy/strlcat
1231 * add `ank --random-password' and `cpw --random-password' in kadmin
1232 * some programs and documentation for trying to talk to a W2K KDC
1233 * bug fixes
1234
1235Changes in release 0.1m:
1236
1237 * support for getting default from krb5.conf for kinit/kf/rsh/telnet.
1238   From Miroslav Ruda <ruda@ics.muni.cz>
1239 * v6-ify hprop and hpropd
1240 * support numeric addresses in krb5_mk_req
1241 * shadow support in login and su. From Miroslav Ruda <ruda@ics.muni.cz>
1242 * make rsh/rshd IPv6-aware
1243 * make the gssapi sample applications better at reporting errors
1244 * lots of bug fixes
1245 * handle systems with v6-aware libc and non-v6 kernels (like Linux
1246   with glibc 2.1) better
1247 * hide failure of ERPT in ftp
1248 * lots of bug fixes
1249
1250Changes in release 0.1l:
1251
1252 * make ftp and ftpd IPv6-aware
1253 * add inet_pton to roken
1254 * more IPv6-awareness
1255 * make mini_inetd v6 aware
1256
1257Changes in release 0.1k:
1258
1259 * bump shared libraries versions
1260 * add roken version of inet_ntop
1261 * merge more changes to rshd
1262
1263Changes in release 0.1j:
1264
1265 * restore back to the `old' 3DES code.  This was supposed to be done
1266   in 0.1h and 0.1i but I did a CVS screw-up.
1267 * make telnetd handle v6 connections
1268
1269Changes in release 0.1i:
1270
1271 * start using `struct sockaddr_storage' which simplifies the code
1272   (with a fallback definition if it's not defined)
1273 * bug fixes (including in hprop and kf)
1274 * don't use mawk which seems to mishandle roken.awk
1275 * get_addrs should be able to handle v6 addresses on Linux (with the
1276   required patch to the Linux kernel -- ask within)
1277 * rshd builds with shadow passwords
1278
1279Changes in release 0.1h:
1280
1281 * kf: new program for forwarding credentials
1282 * portability fixes
1283 * make forwarding credentials work with MIT code
1284 * better conversion of ka database
1285 * add etc/services.append
1286 * correct `modified by' from kpasswdd
1287 * lots of bug fixes
1288
1289Changes in release 0.1g:
1290
1291 * kgetcred: new program for explicitly obtaining tickets
1292 * configure fixes
1293 * krb5-aware kx
1294 * bug fixes
1295
1296Changes in release 0.1f;
1297
1298 * experimental support for v4 kadmin protokoll in kadmind
1299 * bug fixes
1300
1301Changes in release 0.1e:
1302
1303 * try to handle old DCE and MIT kdcs
1304 * support for older versions of credential cache files and keytabs
1305 * postdated tickets work
1306 * support for password quality checks in kpasswdd
1307 * new flag --enable-kaserver for kdc
1308 * renew fixes
1309 * prototype su program
1310 * updated (some) manpages
1311 * support for KDC resource records
1312 * should build with --without-krb4
1313 * bug fixes
1314
1315Changes in release 0.1d:
1316
1317 * Support building with DB2 (uses 1.85-compat API)
1318 * Support krb5-realm.DOMAIN in DNS
1319 * new `ktutil srvcreate'
1320 * v4/kafs support in klist/kdestroy
1321 * bug fixes
1322
1323Changes in release 0.1c:
1324
1325 * fix ASN.1 encoding of signed integers
1326 * somewhat working `ktutil get'
1327 * some documentation updates
1328 * update to Autoconf 2.13 and Automake 1.4
1329 * the usual bug fixes
1330
1331Changes in release 0.1b:
1332
1333 * some old -> new crypto conversion utils
1334 * bug fixes
1335
1336Changes in release 0.1a:
1337
1338 * new crypto code
1339 * more bug fixes
1340 * make sure we ask for DES keys in gssapi
1341 * support signed ints in ASN1
1342 * IPv6-bug fixes
1343
1344Changes in release 0.0u:
1345
1346 * lots of bug fixes
1347
1348Changes in release 0.0t:
1349
1350 * more robust parsing of krb5.conf
1351 * include net{read,write} in lib/roken
1352 * bug fixes
1353
1354Changes in release 0.0s:
1355
1356 * kludges for parsing options to rsh
1357 * more robust parsing of krb5.conf
1358 * removed some arbitrary limits
1359 * bug fixes
1360
1361Changes in release 0.0r:
1362
1363 * default options for some programs
1364 * bug fixes
1365
1366Changes in release 0.0q:
1367
1368 * support for building shared libraries with libtool
1369 * bug fixes
1370
1371Changes in release 0.0p:
1372
1373 * keytab moved to /etc/krb5.keytab
1374 * avoid false detection of IPv6 on Linux
1375 * Lots of more functionality in the gssapi-library
1376 * hprop can now read ka-server databases
1377 * bug fixes
1378
1379Changes in release 0.0o:
1380
1381 * FTP with GSSAPI support.
1382 * Bug fixes.
1383
1384Changes in release 0.0n:
1385
1386 * Incremental database propagation.
1387 * Somewhat improved kadmin ui; the stuff in admin is now removed.
1388 * Some support for using enctypes instead of keytypes.
1389 * Lots of other improvement and bug fixes, see ChangeLog for details.
1390