User-Visible krb5-strength Changes
-krb5-strength 3.1 (unreleased)
+krb5-strength 3.2 (unreleased)
+
+ Support building without CrackLib support by passing
+ --without-cracklib to configure. This makes the code a bit simpler
+ and lighter if you don't intend to ever use the CrackLib support.
+
+ Use explicit_bzero instead of memset, where available, to overwrite
+ copies of passwords before freeing memory. This reduces the lifetime
+ of passwords in memory.
+
+ Update to rra-c-util 8.2:
+
+ * Implement explicit_bzero with memset if it is not available.
+ * Reformat all C source using clang-format 10.
+ * Work around Test::Strict not skipping .git directories.
+ * Fix warnings with perltidy 20190601 and Perl::Critic 1.134.
+ * Improve check for obsolete strings.
+ * Use a more standard all-permissive license.
+ * Add SPDX-License-Identifier headers to all substantial source files.
+ * Skip more build system files when running the test suite.
+ * Fix warnings with Clang 10, GCC 10, and the Clang static analyzer.
+ * Exclude more valgrind false positives with Kerberos libraries.
+
+ Update to C TAP Harness 4.7:
+
+ * Fix warnings with GCC 10.
+ * Reformat all C source using clang-format 10.
+ * Fixed malloc error checking in bstrndup.
+ * Add support for valgrind testing via test list options.
+ * Report test failures as left and right, not wanted and seen.
+ * Fix is_string comparisons involving NULL pointers and "(null)".
+ * Add SPDX-License-Identifier headers to all substantial source files.
+
+krb5-strength 3.1 (2016-12-25)
A new configuration option, cracklib_maxlen, can be set to skip
CrackLib checks of passwords longer than that length. The CrackLib
SQLite dictionaries work better for checking longer passwords and
passphrases. Patch from Jorj Bauer.
+ The require_classes configuration option can now require a particular
+ number of character classes in the password (whatever those classes
+ are). Patch from Toby Blake.
+
Change the error messages returned for passwords that fail strength
checking to start with a capital letter. This appears to be more
consistent with the error message conventions used inside Heimdal.
skip out-of-order words rather than creating a corrupted dictionary.
Patch from Mark Sirota.
+ Configuration instrutions are now in the heimdal-history and
+ heimdal-strength man pages and a new krb5-strength man page (which
+ documents configuration of the KDC plugin) instead of the README file
+ to make it more accessible after the software has been installed.
+
Update to rra-c-util 6.2:
* Use calloc in preference to malloc wherever appropriate.