Home | Back
GSS NEWS -- History of user-visible changes.                    -*- outline -*-
Copyright (C) 2003, 2004 Simon Josefsson
See the end for copying conditions.

* Changes in 0.0.11 (released 2004-04-18)

** Minor cleanups to the core header file.
Using xom.h is no longer supported (the file doesn't exist on modern
systems).

** Kerberos 5 sequence number handling fixed.
First, gss_init_sec_context set the sequence numbers correctly, before
the incorrect sequence numbers prevented gss_(un)wrap from working
correctly.  Secondly, gss_unwrap now check the sequence numbers
correctly.  This was prompted by the addition of randomized sequence
numbers by default in Shishi 0.0.15.

** The compatibility files in gl/ where synced with Gnulib.

** Various bugfixes and cleanups.

** Polish translation added, by Jakub Bogusz.

* Changes in 0.0.10 (released 2004-01-22)

** A command line tool "gss" added in src/.
The tool can be used to split up an GSS-API error code into the
calling error, the routine error and the supplementary info bits, and
to print text describing the error condition.

** gss_display_status can return multiple description texts (using context).

** The Swedish translation has been updated.

** Various cleanups and improvements.

* Changes in 0.0.9 (released 2004-01-15)

** Implemented gss_export_name and gss_krb5_inquire_cred_by_mech.
The Kerberos 5 backend also support them.

** gss_inquire_cred support default credentials.

** Kerberos 5 gss_canonicalize_name now support all mandatory name types.

** Kerberos 5 gss_accept_sec_context now support sub-session keys in AP-REQ.

** Added new extended function API: gss_userok.
This is the same as invoking gss_export_name on a name, removing the
OID, and then comparing the remaining material using memcmp.

** API documentation in HTML format from GTK-DOC included in doc/reference/.

* Changes in 0.0.8 (released 2004-01-11)

** Moved all backend specific code into sub-directories of lib/.
This means everything related to the Kerberos 5 backend is now located
in lib/krb5/.  The backend is built into its own library
(libgss-shishi.so), to facilitate future possible use of dlopen to
dynamically load backends.

** The gss_duplicate_name function now allocate the output result properly.

** Man pages for all public functions are included.

** Documentation fixes.  For example, all official APIs are now documented.

* Changes in 0.0.7 (released 2003-11-26)

** Fixed typo that broke gss_wrap for 3DES with Kerberos 5.

** Improvements to build environment.
The gss.h header file no longer include gss/krb5.h when the Kerberos 5
mechanism is disabled.

** Autoconf 2.59, Automake 1.8 beta, Libtool CVS used.

* Changes in 0.0.6 (released 2003-09-22)

** Update for Shishi 0.0.7 API.

* Changes in 0.0.5 (released 2003-08-31)

** Kerberos 5: Subkeys are supported. Shishi 0.0.4 required.

** Bug fixes.

* Changes in 0.0.4 (released 2003-08-10)

** GSS is a GNU project.

** Kerberos 5 crypto fixes.
This release accompany Shishi 0.0.1.

* Changes in 0.0.3 (released 2003-07-02)

** Includes compatibility functionality from gnulib in gl/.

** Documentation improvements.
The file README-alpha contains some hints for binary packagers.
Essentially, don't distribute shared libraries, as this package is too
immature to bump the shared object version for every modification
currently.

** Bugfixes and cleanups.

* Changes in 0.0.2 (released 2003-06-28)

** Server mode works (a little).
GNU MailUtils can use GSS for its native GSSAPI authentication in
server mode, which then interoperate with (at least) the GNU SASL
command line client using GSS.

** Memory allocated via xalloc from gnulib.
This takes care of out of memory errors, see the new section in the
manual named "Out of Memory handling".

* Changes in 0.0.1 (released 2003-06-12)

** Error handling.

** Swedish translation.

** Improved manual.

** Bug fixes.

* Changes in 0.0.0 (released 2003-06-02)

** Initial release.
The source code framework is in place, an outline of the documentation
is ready, and there are some simple self tests.  The Kerberos 5
mechanism (RFC 1964) supports mutual authentication and the standard
DES cipher.  The non-standard 3DES cipher is also implemented, but
unfortunately there are no specifications for AES.  GNU SASL can use
this version to connect to GNU Mailutils and Cyrus IMAP servers that
use the GSS implementations from MIT Kerberos or Heimdal.  Server mode
is not supported yet.

----------------------------------------------------------------------
Copying and distribution of this file, with or without modification,
are permitted in any medium without royalty provided the copyright
notice and this notice are preserved.