|
GSS NEWS -- History of user-visible changes. -*- outline -*-
Copyright (C) 2003, 2004 Simon Josefsson See the end for copying conditions. * Changes in 0.0.11 (released 2004-04-18) ** Minor cleanups to the core header file. Using xom.h is no longer supported (the file doesn't exist on modern systems). ** Kerberos 5 sequence number handling fixed. First, gss_init_sec_context set the sequence numbers correctly, before the incorrect sequence numbers prevented gss_(un)wrap from working correctly. Secondly, gss_unwrap now check the sequence numbers correctly. This was prompted by the addition of randomized sequence numbers by default in Shishi 0.0.15. ** The compatibility files in gl/ where synced with Gnulib. ** Various bugfixes and cleanups. ** Polish translation added, by Jakub Bogusz. * Changes in 0.0.10 (released 2004-01-22) ** A command line tool "gss" added in src/. The tool can be used to split up an GSS-API error code into the calling error, the routine error and the supplementary info bits, and to print text describing the error condition. ** gss_display_status can return multiple description texts (using context). ** The Swedish translation has been updated. ** Various cleanups and improvements. * Changes in 0.0.9 (released 2004-01-15) ** Implemented gss_export_name and gss_krb5_inquire_cred_by_mech. The Kerberos 5 backend also support them. ** gss_inquire_cred support default credentials. ** Kerberos 5 gss_canonicalize_name now support all mandatory name types. ** Kerberos 5 gss_accept_sec_context now support sub-session keys in AP-REQ. ** Added new extended function API: gss_userok. This is the same as invoking gss_export_name on a name, removing the OID, and then comparing the remaining material using memcmp. ** API documentation in HTML format from GTK-DOC included in doc/reference/. * Changes in 0.0.8 (released 2004-01-11) ** Moved all backend specific code into sub-directories of lib/. This means everything related to the Kerberos 5 backend is now located in lib/krb5/. The backend is built into its own library (libgss-shishi.so), to facilitate future possible use of dlopen to dynamically load backends. ** The gss_duplicate_name function now allocate the output result properly. ** Man pages for all public functions are included. ** Documentation fixes. For example, all official APIs are now documented. * Changes in 0.0.7 (released 2003-11-26) ** Fixed typo that broke gss_wrap for 3DES with Kerberos 5. ** Improvements to build environment. The gss.h header file no longer include gss/krb5.h when the Kerberos 5 mechanism is disabled. ** Autoconf 2.59, Automake 1.8 beta, Libtool CVS used. * Changes in 0.0.6 (released 2003-09-22) ** Update for Shishi 0.0.7 API. * Changes in 0.0.5 (released 2003-08-31) ** Kerberos 5: Subkeys are supported. Shishi 0.0.4 required. ** Bug fixes. * Changes in 0.0.4 (released 2003-08-10) ** GSS is a GNU project. ** Kerberos 5 crypto fixes. This release accompany Shishi 0.0.1. * Changes in 0.0.3 (released 2003-07-02) ** Includes compatibility functionality from gnulib in gl/. ** Documentation improvements. The file README-alpha contains some hints for binary packagers. Essentially, don't distribute shared libraries, as this package is too immature to bump the shared object version for every modification currently. ** Bugfixes and cleanups. * Changes in 0.0.2 (released 2003-06-28) ** Server mode works (a little). GNU MailUtils can use GSS for its native GSSAPI authentication in server mode, which then interoperate with (at least) the GNU SASL command line client using GSS. ** Memory allocated via xalloc from gnulib. This takes care of out of memory errors, see the new section in the manual named "Out of Memory handling". * Changes in 0.0.1 (released 2003-06-12) ** Error handling. ** Swedish translation. ** Improved manual. ** Bug fixes. * Changes in 0.0.0 (released 2003-06-02) ** Initial release. The source code framework is in place, an outline of the documentation is ready, and there are some simple self tests. The Kerberos 5 mechanism (RFC 1964) supports mutual authentication and the standard DES cipher. The non-standard 3DES cipher is also implemented, but unfortunately there are no specifications for AES. GNU SASL can use this version to connect to GNU Mailutils and Cyrus IMAP servers that use the GSS implementations from MIT Kerberos or Heimdal. Server mode is not supported yet. ---------------------------------------------------------------------- Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. |