copy news from release branch

NEWS

@@ -1,3 +1,100 @@
+Release Notes - Heimdal - Version Heimdal 1.6
+
+ Security
+ - ...
+ - kx509 realm-chopping security bug
+
+ Feature
+
+ - RFC 6113  Generalized Framework for Kerberos Pre-Authentication (FAST)
+ - New GSS APIs:
+   . gss_localname
+ - Allow setting what encryption types a principal should have with
+   [kadmin] default_key_rules, see krb5.conf manpage for more info
+ - Unify libhcrypto with LTC (libtomcrypto)
+ - asn1_compile 64-bit INTEGER functionality
+ - HDB key history support including --keepold kadmin password option
+ - Improved cross-realm key rollover safety
+ - New krb5_kuserok() plug-in interface
+ - Improved MIT compatibility
+   . kadm5 API
+   . Migration from MIT KDB via "mitdb" HDB backend.
+   . Capable of writing the HDB in MIT dump format
+ - Improved Active Directory interoperability
+   . Enctype selection issues for PAC and other authz-data signatures
+   . Cross realm key rollover (kvno 0)
+ - New [kdc] enctype negotiation configuration:
+   . tgt-use-strongest-session-key
+   . svc-use-strongest-session-key
+   . preauth-use-strongest-session-key
+   . use-strongest-server-key
+ - Allow batch-mode kinit with password file
+ - SIGINFO support added to kinit cmd
+ - New kx509 configuration options:
+   . kx509_ca
+   . kca_service
+   . kx509_include_pkinit_san
+   . kx509_template
+ - Improved Heimdal library/plugin version safety
+ - Name canonicalization
+   . DNS resolver searchlist
+ - Pluggable libheimbase interface for DBs
+ - Improve IPv6 Support
+ - LDAP
+   . Bind DN and password
+   . Start TLS
+ - klist --json
+ - DIR credential cache type
+ - Many more
+
+ Bug fixes
+ - Include non-loopback addresses assigned to loopback interfaces
+   when requesting tickets with addresses
+ - KDC 1DES session key selection (for AFS rxkad-k5 compatibility)
+ - Keytab file descriptor and lock leak
+ - Credential cache corruption bugs
+   (NOTE: The FILE ccache is still not entirely safe due to the
+   fundamentally unsafe design of POSIX file locking)
+ - gss_pseudo_random() interop bug
+ - Plugins are now preferentially loaded from the run-time install tree
+ - Reauthentication after password change in init_creds_password
+ - Memory leak in the client kadmin library
+ - TGS client requests renewable/forwardable/proxiable when possible.
+ - Locking issues in DB1 and DB3 HDB backends
+ - Master HDB can remain locked while waiting for network I/O
+ - Renewal/refresh logic when kinit is provided with a command
+ - KDC handling of enterprise principals
+ - Many more
+
+ Acknowledgements
+
+ This release of Heimdal includes contributions from:
+   Andrew Bartlett, Andrew Tridgell, Arran Cudbard-Bell, Arvid Requate,
+   Ben Kaduk, Dana Koch, Daniel Schepler, Eray Aslan, Fredrik Pettai,
+   Gustavo Zacarias, Harald Barth, Howard Chu, Igor Sobrado, Ingo Schwarze,
+   James Le Cuirot, James Lee, Jeffrey Altman, Jeffrey Clark, Jeffrey Hutzelman,
+   Jelmer Vernooij, Ken Dreyer, Kumar Thangavelu, Landon Fuller, Linus Nordberg,
+   Love Hörnquist Åstrand, Luke Howard, Magnus Ahltorp, Marco Molteni,
+   Michael Meffie,  Moritz Lenz, Nico Williams, Nicolas Williams, Patrik Lundin,
+   Philip Boulain, Ragnar Sundblad, Rod Widdowson, Roland C. Dowdeswell,
+   Ross L Richardson, Russ Allbery, Samuel Thibault, Simon Wilkinson,
+   Stef Walter, Stefan Metzmacher, Steffen Jaeckel, Tollef Fog Heen, Tony Acero,
+   Viktor Dukhovni
+
+Release Notes - Heimdal - Version Heimdal 1.5.3
+
+ Bug fixes
+ - Fix leaking file descriptors in KDC
+ - Better socket/timeout handling in libkrb5
+ - General bug fixes
+ - Build fixes
+
+Release Notes - Heimdal - Version Heimdal 1.5.2
+
+ Security fixes
+ - CVE-2011-4862 Buffer overflow in libtelnet/encrypt.c in telnetd - escalation of privilege
+ - Check that key types strictly match - denial of service
+
 Release Notes - Heimdal - Version Heimdal 1.5.1
 
  Bug fixes