Release 1.6.5: Gemini V returns to Earth

Fix a bad crash bug when the GssapiUseS4U2Proxy option is set but no GssapiCredStore directives are provided at all.

Gemini V was a 1965 crewed spaceflight in NASA's Project Gemini. It was the first time an American crewed space mission held the world record for duration, breaking the Soviet Union's previous record set by Vostok 5 in 1963.

What's Changed

• Fix a crash bug when s4u2proxy is configured by @simo5 in #272

Full Changelog: v1.6.4...v1.6.5

Release 1.6.4: Interstellar space - Voyager 1 again

This release handles a few annoying bugs, notably one with the new OpenSSL 3 release that causes annoying failures.
One notable improvement is the introduction of the {HOSTNAME} special acceptor name, which allows the use of multiple principals/keys (acceptors) in a single deployment.

Voyager 1 is a space probe launched by NASA on September 5, 1977 on a mission to study the outer Solar System, and on August 25th 2012 it was the first human spacecraft to leave the solar system and enter interstellar space. Voyager 1 has been operating for 44 years, 11 months and 19 days as of August 25, 2022 and still communicates with the Deep Space Network to receive routine commands and to transmit data to Earth.

What's Changed in 1.6.4

• tests: Catch errors during tests setup by @stanislavlevin in #225
• tests: Don't override the specific environment by the global one by @stanislavlevin in #227
• Emit error in logs if keytab files can't be opened by @simo5 in #229
• Add warnings if s4u2proxy options are inconsistent by @simo5 in #232
• Move to python3 by default by @frozencemetery in #235
• Fix type/token distinction in parser.y by @frozencemetery in #237
• Special ccache handling for {HOSTNAME} acceptor by @simo5 in #238
• crypto: Handle EVP changes in OpenSSL 3 by @frozencemetery in #256

New Contributors

• @stanislavlevin made their first contribution in #225

Full Changelog: v1.6.3...v1.6.4

Release 1.6.3: Mars 6

This release adds a few options to expose the mechanism used for authentication (when multiple are available) and to control the timeout interval for Basic Auth sessions.

Mars 6 is a space probe launched on august 5, 1973 by the Soviet Union on a Proton-K rocket from Baikonur. The spacecraft mission was to send a lander on the surface to take measurements via a thermometer, a barometer and a mass spectrometer. The lander also had accelerometers and a radio altimeter, while the bus carried a magnetomer, plasma traps, and detectors for cosmic rays and micrometeorites, as well as an instrument to study high energy particles from the sun. The lander was released on March 12, 1974 and unfortunately crashed on the surface after the retrorockets meant to slow down the final descent stage failed. Most of the data sent during descent was also lost because a chip that had degraded in the harsh conditions of space.

1.6.3 contributors:
Robbie Harwood (3):

• [tests] Support Debian's libfaketime
• [tests] Fixup virtualenv handling
• [CI] Migrate to GitHub Actions

Simo Sorce (5):

• Fix flake8 issues to pass build
• Fix distcheck
• Add option to control timeout for Basic Auth
• Add ability to expose the used mechanism
• Release versio 1.6.3

Release 1.6.2: Priroda

This is a maintenance release containing mostly CI and other minor fixes, as well as a fix for gss_localname() related issues when SPNEGO is used to negotiate authentication.

On April 26, 1996, after several issues that affected Priroda's launch, the module successfully automatically docked to Mir at the first attempt, completing the space station. Priroda (Nature) was a scientific payload module for remote earth sensing, using visibile, radar and infrared systems. The module was deorbited and burned in the atmosphere with the rest of Mir 5 years later in March 2001.

Alejandro Perez (3):

• Update mod_auth_gssapi.spec
• Pass GSS_C_NO_OID as the mechanism to gss_localname.
• Some improvements on the spec file

Ken Dreyer (3):

• README: reword GssapiLocalName description
• README: document default boolean config values
• README: add warning for GssapiSSLonly

Robbie Harwood (17):

• [travis] Bring back virtualenv logic
• Update package list for python-requests-gssapi
• Remove $(LEXLIB) from Makefile
• [travis] Increase Debian to sid, since previous commit fixed it
• Make description of GssapiConnectionBound scarier
• Clarify s4u2self/s4u2proxy in docs for GssapiImpersonate
• Allow building without ap_log_rdata()
• Remove dead variable "text"
• Explicitly set umask before calling mkstemp()
• In tests, show the exception on failure
• Fix tests to work with python3
• Modernize Travis for new distros and python3
• Fix integer sizes used with ap_set_flag_slot()
• Appease flake8 (E303) to fix Travis
• [tests] Test suite fixes for virtualenv and clang
• [travis] Don't log on expected installation failure
• Adapt and document sweeper.py for gssproxy

Simo Sorce (7):

• Detect libcrypto function instead of using version
• Add Yacc/Lex artifacts to .gitignore
• Fix mag_auth_basic function call.
• Move check for persistent send
• Fix gss_localname with SPNEGO wrapping
• Add test for gss_localname
• Release version 1.6.2

Will Saxon (1):

• Make ./configure alert on missing tools

Release 1.6.1: Salyut 1 launch

This release contains a fix for name attr truncation (#173, #174) and a whole lot of test suite tweaks.

On April 19, 1971, the Soviet Union launched Салют-1 (Salyut 1) into low Earth orbit. It was the first space station, and was designed to probe the boundaries of space station construction as well as carrying out various scientific experiments. There were several more launches as part of this program, and the final one became the Russian module of the International Space Station where it remains in orbit today.

1.6.1 contributions:

Robbie Harwood (16):

• [travis] Remove debian python-requests-kerberos virtualenv logic
• [travis] Run make distcheck during build
• Return number of failures from test suite
• Switch apache mutex type in tests
• [travis] Turn on the pkinit test
• Don't repeatedly open and close the test log files
• Fix Python unused imports and variables
• Fix Python lines that were too long
• Fix various Python indentation problems
• Update Python syntax for machine readability
• Various Python whitespace cleanups
• Fix Python module import order problems
• Replace strings.Template with str.format() in Python code
• [travis] Add flake8 check
• [travis] Lower versions of Debian and Fedora
• Release 1.6.1

Simo Sorce (3):

• Add list of directives
• Update minimum Apache HTTPD version required
• Fix truncation on comparison in name attr maps

Release 1.6.0: Voyager 1 Reaches 90 AU From Sun

A few bugfixes as well as a few more features are included in this release.
The GssapiRequiredNameAttributes allows admin to perform access control based on attributes attached to the client name (for the krb5 mechanism this can be an Authentication Indicator for example). A new HTTP Server environment variable is now supported to suppress negotiate based on admin controlled conditions.
Various annoying messages have been changed in priority so they can aid debugging but do not fill logs with confusing "error" messages.

Voyager 1 is a space probe launched by NASA on September 5, 1977 on a mission to study the outer Solar System, reaches 90AU from the Sun on November 5, 2003. The probe still communicates with the Deep Space Network to receive routine commands and return data. At a current distance of about 140 AU it is the farthest spacecraft from Earth as well as the farthest man-made object.

1.6.0 contributions:

• Alexander Bokovoy (1):
  report file operation errors as warnings

• Matt Rogers (2):
  Add -fPIC to MAG_CFLAGS
  Add GssapiRequiredNameAttributes option

• Michal Hlavac (1):
  add support for LibreSSL

• Robbie Harwood (7):
  Make requirement on gss_krb5_ccache_name() hard
  Make requirement on gss_acquire_cred_with_password() hard
  Fix build without cred store extensions
  Document gssapi-no-negotiate
  Downgrade missing auth headers ERROR to INFO
  Support virtualenv in test suite
  Add Travis support

• Simo Sorce (6):
  Allow admins to selectively suppress negotiation
  Allow sourcing the acceptor_name from httpd
  Fix strtol error checking
  Handle extra large NSS entries
  Fix make distcheck
  Release 1.6.0

Release 1.5.1: Korabl-Sputnik 4 launch

This release provides minor fixes and usability enhancements.

On March 9th, 1961 Корабль-Спутник 4 (meaning Ship-Satellite 4), also known as Sputnik 9 in the west, was launched. It carried the mannequin Ivan Ivanovich, a dog named Chernushka, some mice and a guinea pig. At the height of the space race it demonstrated readiness to launch humans in space.

1.5.1 contributions:

• Alejandro Perez (3):
  JSON strings need to be escaped (i.e. replace " with ")
  Add cleanup function for mag_conn->name_attributes
  Rework the JSON escaping function.

• Fraser Tweedale (1):
  Add option to set alternative ccname env var

• Simo Sorce (8):
  Fix style issues in recently committed code
  Allow to export errors as environment variables
  Test that error env vars are properly exported.
  Pass just the pool to mag_error
  Add option to select acceptor name
  Add test to check when an acceptor name is bad
  Allow make distcheck to complete successfully
  Release 1.5.1

Release 1.5.0: Last liftoff of Space Shuttle Columbia

This release provides a new feature to store session encryption keys in a file as well as fixes for handling sub-requests within Apache.

On the 16th of January, 2003 the Space Shuttle Columbia lifted off for it last mission: STS-107
The spacecraft disintegrated on reentry due to damage to the thermal shield.

1.5.0 Contributions:

• Dennis Schridde (2):
  Fix path to magtests.py for out-of-tree builds
  Update configure.ac using autoupdate
• Isaac Boukris (2):
  rewrite: implicitly handle internal redirects
  tests: move core dumps to scratchdir
• Marcel Ritter (1):
  Fix memory pool used to hold ccache name
• Michael Osipov (1):
  Write 'Persistent-Auth' header to err_headers_out
• Robbie Harwood (3):
  Add simple script for generating session keys
  Make test suite runnable on Debian-likes
  Run the test suite using make check
• Simo Sorce (6):
  Declare mag_complete outside the ifdef block
  Add option to set custom permissions on ccache
  Add tests for delegation and ccache mode setting
  Add docs for new GssapiDelegCcachePerms option
  Add option to store the session encryption key.
  Release 1.5.0

Release 1.4.1 - Mishka & Chizhik fly on a rocket

This release provides fixes for regressions introduced in 1.4.0 and affecting some setups.

Mishka & Chizhik were two dogs launched into suborbital flight, and safely recovered, by Russia on August 15th, 1951, in preparation for the Sputnik missions.

1.4.1 Contributions:

• Robbie Harwood (3):
  Check at top level for python-requests{,-kerberos}
  Fix behavior of NULL ccname for cookie creation
  Ensure gssapi_session actually contains MagBearerToken
• Simo Sorce (2):
  Add compatibility with OpenSSL 1.1.0
  Release 1.4.1

Release 1.4.0 - Lunar Reconnaissance Orbiter

This release introduces new features, the ability to use a unique ccache file per authentication, and impersonation.
Unique ccache files and related cleanup helpers are useful to better handle some applications that have been ported from mod_auth_kerb, where this was the default behavior and apps were used to delete the ccache file unconditionally once a request was completed.
Impersonation, if the KDC allows it, allows mod_auth_gssapi to obtain kerberos credentials by using protocol transition extensions after another apache module (like mod_ssl/mod_nss) authenticated the user.

The Lunar Reconnaissance Orbiter (LRO) is a NASA robotic spacecraft currently orbiting the Moon in an eccentric polar mapping orbit. It was launched on June 16 2009, its mission duration was planned for one year, but has since been extended numerous times after review by NASA.

This release has seen the contribution of a greater number of people so we'll add contribution recognition to the release notes going forward.
Thank you to all contributors, each Issue, PR, Review, or other contribution makes the code better and more useufl for everyone.

1.4.0 Contributors:

• Dennis Schridde (2):
  Respect DESTDIR when installing Apache module
  Fix APXS error "cannot determine bootstrap symbol name"
• Isaac Boukris (1):
  Tests: use urandom instead of random
• Jan Pazdziora (5):
  Do not use ap_hook_check_user_id on Apache 2.4
  Clarify make test dependencies.
  The distribution does not ship ./configure, generate it.
  Additional python modules are needed.
  Add support for GssapiImpersonate.
• Matt Rogers (1):
  Obey SessionMaxAge for session expiration
• Robbie Harwood (4):
  GSS-Proxy configuration file for mod_auth_gssapi
  Unify copyright convention
  Implement unique ccache names
  Add example script for ccache cleaning to contrib
• Simo Sorce (9):
  Fix function name spelling
  Fix cred cache detection
  Split the book keeping operations into a function
  Postpone adding spnego mech to mech list
  Move context loops to a helper function
  Insure the asn1 definitions are in the tarball
  Move version number to a seprate file
  Add release script
  Release 1.4.0