Release 1.3.1

A quick follow up release to 1.3.0 to fix a bug that has plagued GSS NTLMSSP for a long time and deserves to be released asap

What's Changed

• Make sending only filled MsvAvFlags field for CHALLENGE message by @FeoOne in #98
• Release version 1.3.1 by @simo5 in #101

New Contributors

• @FeoOne made their first contribution in #98

Full Changelog: v1.3.0...v1.3.1

v1.3.0

A few small but important fixes that improve compatibility and reliability of the library

What's Changed

• Update github actions by @simo5 in #87
• Fix typo in header guard for src/ntlm.h by @KarelChanivecky in #88
• Fix crash in target_name decoding by @simo5 in #91
• Mark defined numbers as unsigned by @simo5 in #92
• BF: libiconv does not support undashed unicode encoding aliases by @KarelChanivecky in #93
• Change the ossl3 context to be allocated once by @simo5 in #99
• Release version 1.3.0 by @simo5 in #100

New Contributors

• @KarelChanivecky made their first contribution in #88

Full Changelog: v1.2.0...v1.3.0

Patched several CVEs reported by GitHub Security Lab

This a security release.
It comes after GitHub Security Lab reported to use a few low/moderate issues discovered via oss-fuzz and reported to us by @philipturnbull

These Advisories cover the issues in details:

• CVE-2023-25563
• CVE-2023-25564
• CVE-2023-25565
• CVE-2023-25566
• CVE-2023-25567

What's Changed

• Implement gss_set_cred_option by @simo5 in #76
• Allow to gss_wrap even if NEGOTIATE_SEAL is not negotiated by @simo5 in #78
• Move HMAC code to OpenSSL EVP API by @simo5 in #82
• Fix crash bug when acceptor credentials are NULL by @simo5 in #84
• Translations update from Fedora Weblate by @weblate in #85

Full Changelog: v1.1.0...v1.2.0

Release 1.1

This release includes various build fixes and better compatibility when a MIC is requested.
Big Thanks to the .NET folks for their testing and help

Omair Majid (1):
Add more OS to CI matrix

Simo Sorce (13):
Fix make distcheck
Add gssspi_mech_invoke method to turn on debugging
Fix setting INTEG/CONF on ISC call.
Handle the case where username is NULL
Store the full SPN within a server gssntlm_name
Use the SPN for Target Info
Fix serialization to export also the server spn
Always include a version field in NTLMSSP packets
Always set NTLMSSP_NEGOTIATE_VERSION
Revert the MSVAVFLAGS_UNVERIFIED_SPN flag default
Add support for loading openssl legacy provider
Fix distcheck
Release version 1.1.0

sashan (4):
make HOST_NAME_MAX an alias of MAXHOSTNAMELEN
let automake to use correct libdir, when building ntlmssptest
check for ucred does not seem to be required
gssntlmssp_la_LDFLAGS also requires libdir to pick up right libraries (64-bit vs 32-bit)

simmon (1):
Translated using Weblate (Korean)

Release 1.0

We believe GSS-NTLMSSSP reached the maturity level needed to be called 1.0, so here it is.
Thanks to all that contributed to this great milestone!

Simo Sorce (29):

• Fix test_gssapi_rfc5587
• Actually run tests with make check
• Add two tests around NTLMSSP_NEGOTIATE_LMKEY
• Refine LM compatibility level logic
• Refactor the gssntlm_required_security function
• Implement reading LM/NT hashes
• Add test for smpasswd-like user files
• Fix CI scripts
• Return confidentiality status.
• Fix segfault in sign/seal functions
• Fix dummy signature generation
• Use UCS16LE instead of UCS-2LE
• Provide a zero lm key if the password is too long
• Completely omit CBs AV pairs when no CB provided
• Remove obsolete TODO comments
• Change license to the more permissive ISC
• Do not require cached users with winbind
• Add ability to pass keyfile via cred store
• Remove unused parts of Makefile.am
• Move attribute names to allocated strings
• Adjust serialization for name attributes
• Fix crash in acquiring credentials
• Fix fallback to external_creds interface
• Introduce parse_user_name() function
• Add test for parse_user_name
• Change how we assemble user names in ASC
• Use thread local storage for winbind context
• Make per thread winbind context optional
• Release version 1.0.0

Volodymyr Khomenko (3):

• Fixed memleak of usr_cred
• Support get_sids request via name attributes
• Fixed memory leaks found by valgrind

Release 0.9.0

Minor new features and fixes.

Amandeep Gautam (1):

• add support for getting session key

David Woodhouse (1):

• Add gss_inquire_attrs_for_mech()

Simo Sorce (13):

• Fix strncpy warnings with recent compilers
• Return actual data for RFC5587 API
• Add new Windows version flags
• Add Key exchange also when wanting integrity only
• Add build CI
• also on pull requests
• Fix CI dependencies
• Minor wording change about release pages
• We moved gss-ntlmssp officially to Github
• Minor formatting
• Add build status
• Drop support for GSS_C_MA_NOT_DFLT_MECH
• Release version 0.9.0

Release 0.8.0

Minor wording change about release pages