1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
|
GSS NEWS -- History of user-visible changes. -*- outline -*-
* Noteworthy changes in release 1.0.4 (2022-08-06) [beta]
** Modernize build infrastructure.
** Relicense library to LGPLv3+|GPLv2+, see COPYING.
* Noteworthy changes in release 1.0.3 (2014-10-09)
** gss: The command line tool can now initialize and accept security contexts.
This is useful for debugging. See the section "Invoking gss" in the
manual for more information.
** i18n: Translations were updated.
** build: Update gnulib files.
** API and ABI modifications.
No changes since last version.
* Noteworthy changes in release 1.0.2 (2011-11-25)
** gss/api.h: Added RFC 5587 const typedefs.
The new types are gss_const_buffer_t, gss_const_channel_bindings_t,
gss_const_ctx_id_t, gss_const_cred_id_t, gss_const_name_t,
gss_const_OID, and gss_const_OID_set.
** gss/api.h, gss/ext.h: Moved RFC 6339 functions from ext.h to api.h.
The functions gss_oid_equal, gss_encapsulate_token, and
gss_decapsulate_token are now standardized. The types have changed
slightly to used RFC 5587 const types instead. This does not affect
the ABI and doesn't modify any semantics: the functions did not modify
the non-const parameters before.
** i18n: Translations were updated.
** build: Update gnulib files. Several QA bug fixes.
** API and ABI modifications.
gss_oid_equal:
gss_encapsulate_token:
gss_decapsulate_token: See above.
* Noteworthy changes in release 1.0.2 (2011-11-25)
** gss: New --list-mechanisms (-l) to list supported mechanisms in library.
** doc: Added section documenting command-line tool "gss".
** doc: Added PDF version of API reference manual.
See doc/reference/gss.pdf.
** i18n: Translations were updated.
** build: The check for GNU Shishi now requires 0.0.42 or later.
Earlier Shishi versions had bugs that caused the self-checks to fail.
** build: Update gnulib files.
** API and ABI modifications.
No changes since last version.
* Noteworthy changes in release 1.0.2 (2011-11-25)
** Rarely used GNU GSS extensions removed.
The removed APIs are gss_copy_oid, gss_duplicate_oid, and
gss_encapsulate_token_prefix.
** Align capsulation functions with Heimdal and specification document.
The functions are gss_encapsulate_token and gss_decapsulate_token.
The semantics and function prototypes changed slightly.
** Added --with-po-suffix configure parameter to modify the gettext domain.
This parameter is useful when you want to have both this version and
the older version installed at the same time.
** API and ABI modifications.
gss_copy_oid: REMOVED.
gss_duplicate_oid: REMOVED.
gss_encapsulate_token_prefix: REMOVED.
gss_encapsulate_token: MODIFIED.
gss_decapsulate_token: MODIFIED.
* Noteworthy changes in release 1.0.2 (2011-11-25)
** Properly increment shared library version for newly added APIs in v0.1.4.
Note that the API/ABI is still fully backwards compatible.
** API and ABI modifications.
No changes since last version.
* Noteworthy changes in release 1.0.2 (2011-11-25)
** Add new interfaces defined in RFC 5801.
The APIs are gss_inquire_mech_for_saslname and
gss_inquire_saslname_for_mech.
** KRB5: Fix bug in channel binding computation.
** Update gnulib files.
** API and ABI modifications.
gss_inquire_mech_for_saslname: ADDED.
gss_inquire_saslname_for_mech: ADDED.
* Noteworthy changes in release 1.0.2 (2011-11-25)
** KRB5: Add support for channel bindings.
** Build fixes and code cleanups.
** i18n: Added Finnish translation, thanks to Jorma Karvonen.
** i18n: Added Italian translation, thanks to Sergio Zanchetta.
** API and ABI modifications.
No changes since last version.
* Noteworthy changes in release 1.0.2 (2011-11-25)
** Build fixes and code cleanups.
** i18n: Added Finnish translation, thanks to Jorma Karvonen.
** API and ABI modifications.
No changes since last version.
* Noteworthy changes in release 1.0.2 (2011-11-25)
** libgss: Fix memory leak in gss_release_oid_set.
** libgss: Fix bug that prevented error messages from being translated.
** libgss krb5: no longer supports service names without hostname.
The function gss_canonicalize_name will return a
GSS_KRB5_S_G_BAD_SERVICE_NAME minor status code if you pass it a
service name without a @hostname part. The reason is that there is no
secure way to find a canonical name of the local host inside the
library. Instead, the application must provide one.
** tests: Fix debug output and memory leaks.
** Install a libgss-*.def file when building under MinGW.
** Build fixes for MinGW.
The krb5 mechanism now builds under MinGW as well.
** API and ABI modifications.
No changes since last version.
* Noteworthy changes in release 1.0.2 (2011-11-25)
** libgss: Shared library version is incremented.
The library is backwards compatible on source code level if you don't
use the gss_krb5* functions or the gss_alloc_fail_function variable.
** libgss: Kerberos V5 function symbols gss_krb5* not exported.
They were never intended to be exported and have never been part of
any header file.
** libgss: Obsolete gss_xalloc_die and gss_alloc_fail_function not exported.
** libgss: Add GSS_KRB5_NT_MACHINE_UID_NAME{,_static}.
Defined in RFC 1964.
** libgss: New header file gss/krb5-ext.h used for GNU GSS specific extensions.
Before gss/krb5.h was used for both offical and GNU GSS prototypes.
** libgss: The version script version is now GSS_0.1.0 instead of GSS_1.0.
The use of GSS_1.0 in the last release was a mistake.
** libgss: Added version integer symbols to header file.
The symbols are GSS_VERSION_MAJOR, GSS_VERSION_MINOR,
GSS_VERSION_PATCH, and GSS_VERSION_NUMBER.
** doc: The GTK-DOC manual is now built properly.
** Fix compilation error with Sun Studio related to missing getopt.
Reported by Dagobert Michelsen <dam@opencsw.org> in
<http://permalink.gmane.org/gmane.comp.gnu.gss.general/142>.
** API and ABI modifications.
GSS_KRB5_NT_MACHINE_UID_NAME: ADDED
GSS_KRB5_NT_MACHINE_UID_NAME_static: ADDED
gss_alloc_fail_function: REMOVED
gss_krb5*: REMOVED
GSS_VERSION_MAJOR: ADDED
GSS_VERSION_MINOR: ADDED
GSS_VERSION_PATCH: ADDED
GSS_VERSION_NUMBER: ADDED
* Noteworthy changes in release 1.0.2 (2011-11-25)
** libgss: The library will now return error codes when out of memory.
The gss_alloc_fail_function variable is no longer declared, but is
still available in the library for ABI compatibility.
** libgss: Use a LD version script on platforms where it is supported.
Currently only GNU LD and the Solaris linker supports it. This helps
Debian package tools to produce better dependencies. Before we used
Libtool -export-symbols-regex that created an anonymous version tag.
We use -export-symbols-regex when the system does not support LD
version scripts, but that only affect symbol visibility.
** API and ABI modifications.
gss_alloc_fail_function: No longer declared in header file.
* Noteworthy changes in release 1.0.2 (2011-11-25)
** gss: Improve --help and --version output.
** doc: Change license on the manual to GFDLv1.3+.
** More compiler warnings enabled, and many warnings fixed.
** API and ABI modifications.
No changes since last version.
* Noteworthy changes in release 1.0.2 (2011-11-25)
** Fix non-portable use of brace expansion in makefiles.
** Update gnulib files.
** Fix some warnings and make distcheck build the software with -Werror.
** Translations files not stored directly in git to avoid merge conflicts.
This allows us to avoid use of --no-location which makes the
translation teams happier.
** API and ABI modifications.
No changes since last version.
* Noteworthy changes in release 1.0.2 (2011-11-25)
** Use gettext 0.17.
** Update gnulib files.
** API and ABI modifications.
No changes since last version.
* Noteworthy changes in release 1.0.2 (2011-11-25)
** GSS is now licensed under the GPL version 3 or later.
** GSS is now developed using Git instead of CVS.
A public git mirror is available from <http://repo.or.cz/w/gss.git>.
** API and ABI modifications.
No changes since last version.
* Noteworthy changes in release 1.0.2 (2011-11-25)
** Fix 'make distclean'.
Now src/gss_cmd.c and src/gss_cmd.h is only removed by 'make
maintainer-clean'. Thanks to Bernd Zeimetz <bernd@bzed.de> and Russ
Allbery <rra@stanford.edu>.
** Gnulib file update.
** API and ABI modifications.
No changes since last version.
* Noteworthy changes in release 1.0.2 (2011-11-25)
** Gnulib file update.
** API and ABI modifications.
No changes since last version.
* Noteworthy changes in release 1.0.2 (2011-11-25)
** Corrected years in copyright notices.
** Fixed a 64-bit bug in asn1.c:gss_decapsulate_token().
The bug resulted in 'make check' failures on AMD64 systems. Reported
by Kurt Roeckx <kurt@roeckx.be>.
** Now autoconf 2.61, automake 1.10, and gettext 0.16 is required.
** Gnulib file update.
** API and ABI modifications.
No changes since last version.
* Noteworthy changes in release 1.0.2 (2011-11-25)
** Kerberos V5 gss_acquire_cred doesn't use the default realm when looking
** for hostkeys.
This was the reason that 'make check' failed earlier.
** Gnulib file update, including a rewrite of `gss_check_version'.
** API and ABI modifications.
No changes since last version.
* Noteworthy changes in release 1.0.2 (2011-11-25)
** Debian packages are available from http://josefsson.org/gss/debian/
** The library is linked with -no-undefined, for mingw32 cross compiles.
** The link test for Shishi was improved.
** Gnulib files were updated.
** API and ABI modifications.
No changes since last version.
* Noteworthy changes in release 1.0.2 (2011-11-25)
** Kinyarwanda translation added, by Steve Murphy.
** The help-gss@gnu.org mailing list is now mentioned in documentation.
** The license template in files were updated with the new FSF address.
** API and ABI modifications.
gss_release_oid: REMOVED. It seem it was the wrong thing to export
this API, although the underlaying question (who is responsible for
managing dynamically allocated OIDs? How?) is still unanswered.
* Noteworthy changes in release 1.0.2 (2011-11-25)
** Documentation improvements.
For example, you can now browse the GSS manual using DevHelp.
** Libtool's -export-symbols-regex is now used to only export official APIs.
Before, applications might accidentally access internal functions.
Note that this is not supported on all platforms, so you must still
make sure you are not using undocumented symbols in GSS.
* Noteworthy changes in release 1.0.2 (2011-11-25)
** gss_import_name and gss_duplicate_name no longer clone the OID.
Instead, only the pointer to the OID is cloned. It seem unclear where
a cloned OID would be deallocated.
** Fixed handling of sequence numbers in gss_accept_sec_context, for servers.
** Fix crash in gss_accept_sec_context for NULL values of ret_flags.
** Fix memory leaks.
** Sync with new Shishi 0.0.18 API.
* Noteworthy changes in release 1.0.2 (2011-11-25)
** Revamp of gnulib compatibility files.
** More translations.
French (by Michel Robitaille) and Romanian (by Laurentiu Buzdugan).
* Noteworthy changes in release 1.0.2 (2011-11-25)
** Added rudimentary self tests of Kerberos 5 context init/accept.
Tests client and server authentication, with and without mutual
authentication, and that various aspects of the API like ret_flags
work.
** Various fixes, discovered while writing the Kerberos 5 self test.
** Cross compile builds should work.
It should work for any sane cross compile target, but the only tested
platform is uClibc/uClinux on Motorola Coldfire.
* Noteworthy changes in release 1.0.2 (2011-11-25)
** Minor cleanups to the core header file.
Using xom.h is no longer supported (the file doesn't exist on modern
systems).
** Kerberos 5 sequence number handling fixed.
First, gss_init_sec_context set the sequence numbers correctly, before
the incorrect sequence numbers prevented gss_(un)wrap from working
correctly. Secondly, gss_unwrap now check the sequence numbers
correctly. This was prompted by the addition of randomized sequence
numbers by default in Shishi 0.0.15.
** The compatibility files in gl/ where synced with Gnulib.
** Various bugfixes and cleanups.
** Polish translation added, by Jakub Bogusz.
* Noteworthy changes in release 1.0.2 (2011-11-25)
** A command line tool "gss" added in src/.
The tool can be used to split up an GSS-API error code into the
calling error, the routine error and the supplementary info bits, and
to print text describing the error condition.
** gss_display_status can return multiple description texts (using context).
** The Swedish translation has been updated.
** Various cleanups and improvements.
* Noteworthy changes in release 1.0.2 (2011-11-25)
** Implemented gss_export_name and gss_krb5_inquire_cred_by_mech.
The Kerberos 5 backend also support them.
** gss_inquire_cred support default credentials.
** Kerberos 5 gss_canonicalize_name now support all mandatory name types.
** Kerberos 5 gss_accept_sec_context now support sub-session keys in AP-REQ.
** Added new extended function API: gss_userok.
This is the same as invoking gss_export_name on a name, removing the
OID, and then comparing the remaining material using memcmp.
** API documentation in HTML format from GTK-DOC included in doc/reference/.
* Noteworthy changes in release 1.0.2 (2011-11-25)
** Moved all backend specific code into sub-directories of lib/.
This means everything related to the Kerberos 5 backend is now located
in lib/krb5/. The backend is built into its own library
(libgss-shishi.so), to facilitate future possible use of dlopen to
dynamically load backends.
** The gss_duplicate_name function now allocate the output result properly.
** Man pages for all public functions are included.
** Documentation fixes. For example, all official APIs are now documented.
* Noteworthy changes in release 1.0.2 (2011-11-25)
** Fixed typo that broke gss_wrap for 3DES with Kerberos 5.
** Improvements to build environment.
The gss.h header file no longer include gss/krb5.h when the Kerberos 5
mechanism is disabled.
** Autoconf 2.59, Automake 1.8 beta, Libtool CVS used.
* Noteworthy changes in release 1.0.2 (2011-11-25)
** Update for Shishi 0.0.7 API.
* Noteworthy changes in release 1.0.2 (2011-11-25)
** Kerberos 5: Subkeys are supported. Shishi 0.0.4 required.
** Bug fixes.
* Noteworthy changes in release 1.0.2 (2011-11-25)
** GSS is a GNU project.
** Kerberos 5 crypto fixes.
This release accompany Shishi 0.0.1.
* Noteworthy changes in release 1.0.2 (2011-11-25)
** Includes compatibility functionality from gnulib in gl/.
** Documentation improvements.
The file README-alpha contains some hints for binary packagers.
Essentially, don't distribute shared libraries, as this package is too
immature to bump the shared object version for every modification
currently.
** Bugfixes and cleanups.
* Noteworthy changes in release 1.0.2 (2011-11-25)
** Server mode works (a little).
GNU MailUtils can use GSS for its native GSSAPI authentication in
server mode, which then interoperate with (at least) the GNU SASL
command line client using GSS.
** Memory allocated via xalloc from gnulib.
This takes care of out of memory errors, see the new section in the
manual named "Out of Memory handling".
* Noteworthy changes in release 1.0.2 (2011-11-25)
** Error handling.
** Swedish translation.
** Improved manual.
** Bug fixes.
* Noteworthy changes in release 1.0.2 (2011-11-25)
** Initial release.
The source code framework is in place, an outline of the documentation
is ready, and there are some simple self tests. The Kerberos 5
mechanism (RFC 1964) supports mutual authentication and the standard
DES cipher. The non-standard 3DES cipher is also implemented, but
unfortunately there are no specifications for AES. GNU SASL can use
this version to connect to GNU Mailutils and Cyrus IMAP servers that
use the GSS implementations from MIT Kerberos or Heimdal. Server mode
is not supported yet.
----------------------------------------------------------------------
Copyright (C) 2003-2022 Simon Josefsson
Copying and distribution of this file, with or without modification,
are permitted in any medium without royalty provided the copyright
notice and this notice are preserved.
|
