X-Git-Url: https://git.eyrie.org/?a=blobdiff_plain;f=NEWS;h=c127ce141485ce2272a53bace3f2dc9b7a58b0f6;hb=refs%2Fheads%2Fdebian%2Funstable;hp=1ce9e504f69fcc9ffb688515aa9c93e4fb4d0b48;hpb=8382b3e08208394c88249dbbb76e6be523663938;p=kerberos%2Fkrb5-strength.git

diff --git a/NEWS b/NEWS
index 1ce9e50..c127ce1 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,32 @@
                     User-Visible krb5-strength Changes
 
-krb5-strength 3.2 (unreleased)
+krb5-strength 3.3 (2023-12-25)
+
+    heimdal-history now requires the Perl modules Const::Fast and
+    JSON::MaybeXS instead of Readonly and JSON.
+
+    Increase hash iterations for heimdal-history by about 10% to maintain
+    the time required for a password hash at about 0.1 seconds on not
+    horribly modern hardware.  This will affect newly-stored history
+    entries but will not invalidate existing password history entries.
+
+    Explicitly erase the copy of the password made in the Heimdal plugin
+    before freeing memory.
+
+    Add a spec file for building RPMs, contributed by Daria Phoebe
+    Brashear.
+
+    Update to rra-c-util 10.5:
+
+    * Assume a working snprintf rather than supplying a replacement.
+    * Fix detection of reallocarray on NetBSD.
+    * Check that Kerberos header files were found during configure.
+    * Use AS_ECHO in all Autoconf macros.
+    * Always use lib32 or lib64 if it exists, even on Debian.
+    * Fix rejection of unknown Clang warning flags.
+    * Disable -Wreserved-identifier for Clang warning builds.
+
+krb5-strength 3.2 (2020-05-17)
 
     Add new -c (--check-only) option to heimdal-history to check whether a
     password would be accepted without updating the history or password
@@ -44,6 +70,7 @@ krb5-strength 3.2 (unreleased)
     * Skip more build system files when running the test suite.
     * Fix warnings with Clang 10, GCC 10, and the Clang static analyzer.
     * Exclude more valgrind false positives with Kerberos libraries.
+    * Improve support for AIX's bundled Kerberos.
 
     Update to C TAP Harness 4.7: