lp:ubuntu/karmic-proposed/krb5
- Get this branch:
- bzr branch lp:ubuntu/karmic-proposed/krb5
Branch merges
Branch information
Recent revisions
- 22. By Evan Broder
-
* Cherry-pick various fixes from Debian:
- libkrb5-dev depends on libkrb5client6 (LP: #472080)
- Avoid locking out accounts on PREAUTH_FAILED, Closes: #557979 (LP:
#489418)
- 6506: correctly handle keytab vs stash file
- 6508: kadmind ACL parsing could reference uninitialized memory
- 6509: kadmind can reference null pointer on ACL error
- 6511: uninitialized memory passed to krb5_free_error in change
password client path
- 6514: none replay cache memory leak
- 6515: profile library mutex performance improvements
- 6541: memory leak in PAC verify code
- 6542: Check for null characters in pkinit certs
- 6543: login vs user order in ftpd sometimes wrong
- 6551: Memory leak in spnego accept_sec_context error path - 21. By Kees Cook
-
* SECURITY UPDATE: unauthenticated remote attacker can crash or
compromise the KDC via flaws in AES and RC4 decryption (CVE-2009-4212).
- debian/patches/ krb5-crypto- integer applied inline.
- http://web.mit. edu/kerberos/ advisories/ 2009-004- patch_1. 7.txt - 20. By Kees Cook
-
* SECURITY UPDATE: unauthenticated remote attacker can crash kdc.
- src/kdc/do_tgs_ req.c, src/lib/ kadm5/logger. c: upstream fixes
inline (CVE-2009-3295).
- http://web.mit. edu/kerberos/ advisories/ 2009-003- patch.txt - 19. By Sam Hartman
-
* New upstream release
* Revert relaxation of Debian symbol versions introduced in
1.7dfsg~beta1-3
* Fix kproplog's manpage (LP: #374819) - 18. By Sam Hartman
-
* Apply upstream patch from ticket 6488 intended to fix
gss_krb5_export_ lucid_sec_ context and thus NFs; hopefully fixes
#528514
* Apply patch from ticket 6489 to fix UCS2 handling in RC4 string to
key and PAC routines - 17. By Sam Hartman
-
* New Upstream release including FAST support for DES and 3DES.
* Remove non-free content accidentally reintroduced in beta1, Closes: #528555
* Add strict dependency from libgssapi-krb5-2 to libkrb5-3 as discussed
in #528514 - 16. By Sam Hartman
-
When decrypting the TGS response fails with the subkey, try with the
session key to work around Heimdal bug, Closes: #527353 - 15. By Kees Cook
-
* SECURITY UPDATE: denial of service via buffer overflows.
- src/lib/gssapi/ spnego/ spnego_ mech.c, src/lib/ krb5/asn. 1/asn1buf. c:
GSS-API could be crashed remotely (MITKRB5-SA-2009- 001: CVE-2009-0844,
CVE-2009-0845, CVE-2009-0847).
- src/lib/krb5/asn. 1/asn1_ decode. c: ASN.1 decoder freed uninitialized
pointers (MITKRB5-SA-2009- 002: CVE-2009-0846). - 14. By Mathias Gug
-
debian/
patches/ likewise- krb5-gssapi: add likewise-open patch to support
Microsoft kerberos implementation. - 13. By Russ Allbery
-
* Correct the actions of krb5_newrealm in its man page. It doesn't
create a keytab for kadmind since kadmind no longer needs one.
Mention that it does create a stash file and that it starts the KDC
and kadmind daemons. Thanks, David Medberry. (Closes: #504126)
* Translation updates:
- Spanish, thanks Ignacio Mondino. (Closes: #504766)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/lucid/krb5