lp:ubuntu/karmic-proposed/krb5

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

22. By Evan Broder on 2010-01-07

 * Cherry-pick various fixes from Debian:
    - libkrb5-dev depends on libkrb5client6 (LP: #472080)
    - Avoid locking out accounts on PREAUTH_FAILED, Closes: #557979 (LP:
      #489418)
    - 6506: correctly handle keytab vs stash file
    - 6508: kadmind ACL parsing could reference uninitialized memory
    - 6509: kadmind can reference null pointer on ACL error
    - 6511: uninitialized memory passed to krb5_free_error in change
      password client path
    - 6514: none replay cache memory leak
    - 6515: profile library mutex performance improvements
    - 6541: memory leak in PAC verify code
    - 6542: Check for null characters in pkinit certs
    - 6543: login vs user order in ftpd sometimes wrong
    - 6551: Memory leak in spnego accept_sec_context error path

21. By Kees Cook on 2010-01-11

* SECURITY UPDATE: unauthenticated remote attacker can crash or
  compromise the KDC via flaws in AES and RC4 decryption (CVE-2009-4212).
  - debian/patches/krb5-crypto-integer applied inline.
  - http://web.mit.edu/kerberos/advisories/2009-004-patch_1.7.txt

20. By Kees Cook on 2010-01-05

* SECURITY UPDATE: unauthenticated remote attacker can crash kdc.
  - src/kdc/do_tgs_req.c, src/lib/kadm5/logger.c: upstream fixes
    inline (CVE-2009-3295).
  - http://web.mit.edu/kerberos/advisories/2009-003-patch.txt

19. By Sam Hartman on 2009-05-27

* New upstream release
* Revert relaxation of Debian symbol versions introduced in
  1.7dfsg~beta1-3
* Fix kproplog's manpage (LP: #374819)

18. By Sam Hartman on 2009-05-14

* Apply upstream patch from ticket 6488 intended to fix
  gss_krb5_export_lucid_sec_context and thus NFs; hopefully fixes
  #528514
* Apply patch from ticket 6489 to fix UCS2 handling in RC4 string to
  key and PAC routines

17. By Sam Hartman on 2009-05-13

* New Upstream release including FAST support for DES and 3DES.
* Remove non-free content accidentally reintroduced in beta1, Closes: #528555
* Add strict dependency from libgssapi-krb5-2 to libkrb5-3 as discussed
  in #528514

16. By Sam Hartman on 2009-05-07

When decrypting the TGS response fails with the subkey, try with the
session key to work around Heimdal bug, Closes: #527353

15. By Kees Cook on 2009-04-07

* SECURITY UPDATE: denial of service via buffer overflows.
  - src/lib/gssapi/spnego/spnego_mech.c, src/lib/krb5/asn.1/asn1buf.c:
    GSS-API could be crashed remotely (MITKRB5-SA-2009-001: CVE-2009-0844,
    CVE-2009-0845, CVE-2009-0847).
  - src/lib/krb5/asn.1/asn1_decode.c: ASN.1 decoder freed uninitialized
    pointers (MITKRB5-SA-2009-002: CVE-2009-0846).

14. By Mathias Gug on 2009-02-18

debian/patches/likewise-krb5-gssapi: add likewise-open patch to support
Microsoft kerberos implementation.

13. By Russ Allbery on 2008-12-29

* Correct the actions of krb5_newrealm in its man page. It doesn't
  create a keytab for kadmind since kadmind no longer needs one.
  Mention that it does create a stash file and that it starts the KDC
  and kadmind daemons. Thanks, David Medberry. (Closes: #504126)
* Translation updates:
  - Spanish, thanks Ignacio Mondino. (Closes: #504766)