Add an UPDATING entry for the gss_pseudo_random behavior change

Approved by: hrs (mentor, src committer)
author: Benjamin Kaduk <bjk@FreeBSD.org> 2013-12-15 19:18:18 +0000
committer: Benjamin Kaduk <bjk@FreeBSD.org> 2013-12-15 19:18:18 +0000
commit: 2773bfa99a0f4abd8403871e689a7612aabea9de (patch)
tree: 98fdb3915fbf93f614924a1b096b5dd0ca1ddeed /UPDATING
parent: dcd1a208e54ad73562c6b0ccf0cf4ef7d3b61bc2 (diff)
download: src-test-2773bfa99a0f4abd8403871e689a7612aabea9de.tar.gz
src-test-2773bfa99a0f4abd8403871e689a7612aabea9de.zip
1 files changed, 11 insertions, 0 deletions
diff --git a/UPDATING b/UPDATING
index c734d065636a1..040492d64d5bb 100644
--- a/UPDATING
+++ b/UPDATING
@@ -31,6 +31,17 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 11.x IS SLOW:
 	disable the most expensive debugging functionality run
 	"ln -s 'abort:false,junk:false' /etc/malloc.conf".)
 
+20131213:
+	The behavior of gss_pseudo_random() for the krb5 mechanism
+	has changed, for applications requesting a longer random string
+	than produced by the underlying enctype's pseudo-random() function.
+	In particular, the random string produced from a session key of
+	enctype aes256-cts-hmac-sha1-96 or aes256-cts-hmac-sha1-96 will
+	be different at the 17th octet and later, after this change.
+	The counter used in the PRF+ construction is now encoded as a
+	big-endian integer in accordance with RFC 4402.
+	__FreeBSD_version is bumped to 1100004.
+
 20131108:
 	The WITHOUT_ATF build knob has been removed and its functionality
 	has been subsumed into the more generic WITHOUT_TESTS.  If you were
author	Benjamin Kaduk <bjk@FreeBSD.org>	2013-12-15 19:18:18 +0000
committer	Benjamin Kaduk <bjk@FreeBSD.org>	2013-12-15 19:18:18 +0000
commit	2773bfa99a0f4abd8403871e689a7612aabea9de (patch)
tree	98fdb3915fbf93f614924a1b096b5dd0ca1ddeed /UPDATING
parent	dcd1a208e54ad73562c6b0ccf0cf4ef7d3b61bc2 (diff)
download	src-test-2773bfa99a0f4abd8403871e689a7612aabea9de.tar.gz src-test-2773bfa99a0f4abd8403871e689a7612aabea9de.zip