+Release Notes - Heimdal - Version Heimdal 1.3
+
+ New features
+
+ - Partital support for MIT kadmind rpc protocol in kadmind
+ - Better support for finding keytab entries when using SPN aliases in the KDC
+ - Support BER in ASN.1 library (needed for CMS)
+ - Support decryption in Keychain private keys
+ - Support for new sqlite based credential cache
+ - Try both to KDC referals the the common DNS reverse lookup in GSS-API
+ - Fix the KCM not not leak resources on failure
+ - Add IPv6 support to iprop
+ - Support localization of error strings in
+ kinit/klist/kdestroy and Kerberos library
+ - Remove Kerberos 4 support in application (still in KDC)
+ - Deprecate DES
+ - Support i18n password in windows domains (using UTF-8)
+ - More complete API emulation of OpenSSL in hcrypto
+ - Support for ECDSA and ECDH when linking with OpenSSL
+
+ API changes
+
+ - Support for settin friendly name on credential caches
+ - Move to using doxygen to generate documentation.
+ - Sprinkling __attribute__((depricated)) for old function to be removed
+ - Support to export LAST-REQUST information in AS-REQ
+ - Support for client deferrals in in AS-REQ
+ - Add seek support for krb5_storage.
+ - Support for split AS-REQ, first step for IA-KERB
+ - Fix many memory leaks and bugs
+ - Improved regression test
+ - Support krb5_cccol
+ - Switch to krb5_set_error_message
+ - Support krb5_crypto_*_iov
+ - Switch to use EVP for most function
+ - Use SOCK_CLOEXEC and O_CLOEXEC (close on exec)
+ - Add support for GSS_C_DELEG_POLICY_FLAG
+ - Add krb5_cc_[gs]et_config to store data in the credential caches
+ - PTY testing application
+
+Bugfixes
+ - Make building on AIX6 possible.
+ - Bugfixes in LDAP KDC code to make it more stable
+ - Make ipropd-slave reconnect when master down gown
+
+
+Release Notes - Heimdal - Version Heimdal 1.2.1
+
+* Bug
+
+ [HEIMDAL-147] - Heimdal 1.2 not compiling on Solaris
+ [HEIMDAL-151] - Make canned tests work again after cert expired
+ [HEIMDAL-152] - iprop test: use full hostname to avoid realm
+ resolving errors
+ [HEIMDAL-153] - ftp: Use the correct length for unmap, msync
+
+Release Notes - Heimdal - Version Heimdal 1.2
+
+* Bug
+
+ [HEIMDAL-10] - Follow-up on bug report for SEGFAULT in
+ gss_display_name/gss_export_name when using SPNEGO
+ [HEIMDAL-15] - Re: [Heimdal-bugs] potential bug in Heimdal 1.1
+ [HEIMDAL-17] - Remove support for depricated [libdefaults]capath
+ [HEIMDAL-52] - hdb overwrite aliases for db databases
+ [HEIMDAL-54] - Two issues which affect credentials delegation
+ [HEIMDAL-58] - sockbuf.c calls setsockopt with bad args
+ [HEIMDAL-62] - Fix printing of sig_atomic_t
+ [HEIMDAL-87] - heimdal 1.1 not building under cygwin in hcrypto
+ [HEIMDAL-105] - rcp: sync rcp with upstream bsd rcp codebase
+ [HEIMDAL-117] - Use libtool to detect symbol versioning (Debian Bug#453241)
+
+* Improvement
+ [HEIMDAL-67] - Fix locking and store credential in atomic writes
+ in the FILE credential cache
+ [HEIMDAL-106] - make compile on cygwin again
+ [HEIMDAL-107] - Replace old random key generation in des module
+ and use it with RAND_ function instead
+ [HEIMDAL-115] - Better documentation and compatibility in hcrypto
+ in regards to OpenSSL
+
+* New Feature
+ [HEIMDAL-3] - pkinit alg agility PRF test vectors
+ [HEIMDAL-14] - Add libwind to Heimdal
+ [HEIMDAL-16] - Use libwind in hx509
+ [HEIMDAL-55] - Add flag to krb5 to not add GSS-API INT|CONF to
+ the negotiation
+ [HEIMDAL-74] - Add support to report extended error message back
+ in AS-REQ to support windows clients
+ [HEIMDAL-116] - test pty based application (using rkpty)
+ [HEIMDAL-120] - Use new OpenLDAP API (older deprecated)
+
+* Task
+ [HEIMDAL-63] - Dont try key usage KRB5_KU_AP_REQ_AUTH for TGS-REQ.
+ This drop compatibility with pre 0.3d KDCs.
+ [HEIMDAL-64] - kcm: first implementation of kcm-move-cache
+ [HEIMDAL-65] - Failed to compile with --disable-pk-init
+ [HEIMDAL-80] - verify that [VU#162289]: gcc silently discards some
+ wraparound checks doesn't apply to Heimdal
+
+Changes in release 1.1
+
+ * Read-only PKCS11 provider built-in to hx509.
+
+ * Documentation for hx509, hcrypto and ntlm libraries improved.
+
+ * Better compatibilty with Windows 2008 Server pre-releases and Vista.
+
+ * Mac OS X 10.5 support for native credential cache.
+
+ * Provide pkg-config file for Heimdal (heimdal-gssapi.pc).
+
+ * Bug fixes.
+
+Changes in release 1.0.2
+
+* Ubuntu packages.
+
+* Bug fixes.
+
+Changes in release 1.0.1
+
+ * Serveral bug fixes to iprop.
+
+ * Make work on platforms without dlopen.
+
+ * Add RFC3526 modp group14 as default.
+
+ * Handle [kdc] database = { } entries without realm = stanzas.
+
+ * Make krb5_get_renewed_creds work.
+
+ * Make kaserver preauth work again.
+
+ * Bug fixes.
+
+Changes in release 1.0
+
+ * Add gss_pseudo_random() for mechglue and krb5.
+
+ * Make session key for the krbtgt be selected by the best encryption
+ type of the client.
+
+ * Better interoperability with other PK-INIT implementations.
+
+ * Inital support for Mac OS X Keychain for hx509.
+
+ * Alias support for inital ticket requests.
+
+ * Add symbol versioning to selected libraries on platforms that uses
+ GNU link editor: gssapi, hcrypto, heimntlm, hx509, krb5, and libkdc.
+
+ * New version of imath included in hcrypto.
+
+ * Fix memory leaks.
+
+ * Bugs fixes.
+
+Changes in release 0.8.1
+
+ * Make ASN.1 library less paranoid to with regard to NUL in string to
+ make it inter-operate with MIT Kerberos again.
+
+ * Make GSS-API library work again when using gss_acquire_cred
+
+ * Add symbol versioning to libgssapi when using GNU ld.
+
+ * Fix memory leaks
+
+ * Bugs fixes
+
Changes in release 0.8
- * KDC will return the "response too big" error to force TCP retries
- for large (default 1400 bytes) UDP replies. This is common for
- PK-INIT request.
+ * PK-INIT support.
+
+ * HDB extensions support, used by PK-INIT.
+
+ * New ASN.1 compiler.
- * GSS-API mechglue from FreebSD
+ * GSS-API mechglue from FreeBSD.
- * Updated SPNEGO supporting RFC4178
+ * Updated SPNEGO to support RFC4178.
- * Support for Cryptosystem Negotiation Extension (RFC 4537)
+ * Support for Cryptosystem Negotiation Extension (RFC 4537).
- * PK-INIT support
+ * A new X.509 library (hx509) and related crypto functions.
- * HDB extensions support, used by PK-INIT
+ * A new ntlm library (heimntlm) and related crypto functions.
- * New ASN.1 compiler
+ * Updated the built-in crypto library with bignum support using
+ imath, support for RSA and DH and renamed it to libhcrypto.
- * Libkafs defaults to use 2b tokens
+ * Subsystem in the KDC, digest, that will perform the digest
+ operation in the KDC, currently supports: CHAP, MS-CHAP-V2, SASL
+ DIGEST-MD5 NTLMv1 and NTLMv2.
- * Default to use the API cache on Mac OS X
+ * KDC will return the "response too big" error to force TCP retries
+ for large (default 1400 bytes) UDP replies. This is common for
+ PK-INIT requests.
+
+ * Libkafs defaults to use 2b tokens.
+
+ * Default to use the API cache on Mac OS X.
* krb5_kuserok() also checks ~/.k5login.d directory for acl files,
see manpage for krb5_kuserok for description.
+ * Many, many, other updates to code and info manual and manual pages.
+
* Bug fixes
Changes in release 0.7.2