Skip to content

Commit

Permalink
Updates for krb5-1.12.4
Browse files Browse the repository at this point in the history
  • Loading branch information
@tlyu
tlyu committed May 29, 2015
1 parent 956cd70 commit bb4252d
Show file tree
Hide file tree
Showing 28 changed files with 80 additions and 30 deletions.
50 changes: 50 additions & 0 deletions README
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,43 @@ from using single-DES cryptosystems. Among these is a configuration
variable that enables "weak" enctypes, which defaults to "false"
beginning with krb5-1.8.


Major changes in 1.12.4 (2015-05-29)
------------------------------------

This is a bugfix release. The krb5-1.12 release series is in
maintenance, and for new deployments, installers should prefer the
krb5-1.13 release series or later.

* Fix a minor vulnerability in krb5_read_message, which is primarily
used in the BSD-derived kcmd suite of applications. [CVE-2014-5355]

* Fix a bypass of requires_preauth in KDCs that have PKINIT enabled.
[CVE-2015-2694]

* Fix some issues with the LDAP KDC database back end.

* Fix an iteration-related memory leak in the DB2 KDC database back
end.

* Fix issues with some less-used kadm5.acl functionality.

* Improve documentation.

krb5-1.12.4 changes by ticket ID
--------------------------------

8180 Fix krb5_read_message handling [CVE-2014-5355]
8181 Add formats section to documentation
8182 Import names immediately with COMPOSITE_EXPORT
8183 kadmind ACL back-references can affect later lines
8184 kadm5.acl flag restrictions don't use documented syntax
8186 Disable principal renames for LDAP
8193 Fix LDAP ticket policies on big-endian LP64
8194 requires_preauth bypass in PKINIT-enabled KDC [CVE-2015-2694]
8195 Fix minor documentation errors


Major changes in 1.12.3 (2015-02-18)
------------------------------------

Expand Down Expand Up @@ -542,6 +579,7 @@ reports, suggestions, and valuable resources:
Alex Dehnert
Mark Deneen
Günther Deschner
John Devitofranceschi
Roland Dowdeswell
Viktor Dukhovni
Jason Edgecombe
Expand Down Expand Up @@ -582,6 +620,7 @@ reports, suggestions, and valuable resources:
Joel Johnson
Anders Kaseorg
W. Trevor King
Patrik Kis
Mikkel Kruse
Reinhard Kugler
Tomas Kuthan
Expand All @@ -590,8 +629,12 @@ reports, suggestions, and valuable resources:
Jan iankko Lieskovsky
Oliver Loch
Kevin Longfellow
Jon Looney
Nuno Lopes
Ryan Lynch
Roland Mainz
Andrei Maslennikov
Michael Mattioli
Nathaniel McCallum
Greg McClement
Cameron Meadors
Expand All @@ -606,20 +649,25 @@ reports, suggestions, and valuable resources:
Edward Murrell
Nikos Nikoleris
Felipe Ortega
Michael Osipov
Andrej Ota
Dmitri Pal
Javier Palacios
Tom Parker
Ezra Peisach
Zoran Pericic
W. Michael Petullo
Mark Phalan
Brett Randall
Jonathan Reams
Robert Relyea
Martin Rex
Jason Rogers
Nate Rosenblum
Solly Ross
Mike Roszkowski
Guillaume Rousse
Andreas Schneider
Tom Shaw
Jim Shi
Peter Shoults
Expand All @@ -628,6 +676,7 @@ reports, suggestions, and valuable resources:
Michael Ströder
Bjørn Tore Sund
Joe Travaglini
Tim Uglow
Rathor Vipin
Denis Vlasenko
Jorgen Wahlsten
Expand All @@ -646,6 +695,7 @@ reports, suggestions, and valuable resources:
Augustin Wolf
David Woodhouse
Xu Qiang
Neng Xue
Nickolai Zeldovich
Hanz van Zijst
Gertjan Zwartjes
Expand Down
2 changes: 1 addition & 1 deletion src/man/k5identity.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "K5IDENTITY" "5" " " "1.12.3" "MIT Kerberos"
.TH "K5IDENTITY" "5" " " "1.12.4" "MIT Kerberos"
.SH NAME
k5identity \- Kerberos V5 client principal selection rules
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/k5login.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "K5LOGIN" "5" " " "1.12.3" "MIT Kerberos"
.TH "K5LOGIN" "5" " " "1.12.4" "MIT Kerberos"
.SH NAME
k5login \- Kerberos V5 acl file for host access
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/k5srvutil.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "K5SRVUTIL" "1" " " "1.12.3" "MIT Kerberos"
.TH "K5SRVUTIL" "1" " " "1.12.4" "MIT Kerberos"
.SH NAME
k5srvutil \- host key table (keytab) manipulation utility
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/kadm5.acl.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KADM5.ACL" "5" " " "1.12.3" "MIT Kerberos"
.TH "KADM5.ACL" "5" " " "1.12.4" "MIT Kerberos"
.SH NAME
kadm5.acl \- Kerberos ACL file
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/kadmin.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KADMIN" "1" " " "1.12.3" "MIT Kerberos"
.TH "KADMIN" "1" " " "1.12.4" "MIT Kerberos"
.SH NAME
kadmin \- Kerberos V5 database administration program
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/kadmind.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KADMIND" "8" " " "1.12.3" "MIT Kerberos"
.TH "KADMIND" "8" " " "1.12.4" "MIT Kerberos"
.SH NAME
kadmind \- KADM5 administration server
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/kdb5_ldap_util.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KDB5_LDAP_UTIL" "8" " " "1.12.3" "MIT Kerberos"
.TH "KDB5_LDAP_UTIL" "8" " " "1.12.4" "MIT Kerberos"
.SH NAME
kdb5_ldap_util \- Kerberos configuration utility
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/kdb5_util.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KDB5_UTIL" "8" " " "1.12.3" "MIT Kerberos"
.TH "KDB5_UTIL" "8" " " "1.12.4" "MIT Kerberos"
.SH NAME
kdb5_util \- Kerberos database maintenance utility
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/kdc.conf.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KDC.CONF" "5" " " "1.12.3" "MIT Kerberos"
.TH "KDC.CONF" "5" " " "1.12.4" "MIT Kerberos"
.SH NAME
kdc.conf \- Kerberos V5 KDC configuration file
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/kdestroy.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KDESTROY" "1" " " "1.12.3" "MIT Kerberos"
.TH "KDESTROY" "1" " " "1.12.4" "MIT Kerberos"
.SH NAME
kdestroy \- destroy Kerberos tickets
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/kinit.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KINIT" "1" " " "1.12.3" "MIT Kerberos"
.TH "KINIT" "1" " " "1.12.4" "MIT Kerberos"
.SH NAME
kinit \- obtain and cache Kerberos ticket-granting ticket
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/klist.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KLIST" "1" " " "1.12.3" "MIT Kerberos"
.TH "KLIST" "1" " " "1.12.4" "MIT Kerberos"
.SH NAME
klist \- list cached Kerberos tickets
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/kpasswd.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KPASSWD" "1" " " "1.12.3" "MIT Kerberos"
.TH "KPASSWD" "1" " " "1.12.4" "MIT Kerberos"
.SH NAME
kpasswd \- change a user's Kerberos password
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/kprop.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KPROP" "8" " " "1.12.3" "MIT Kerberos"
.TH "KPROP" "8" " " "1.12.4" "MIT Kerberos"
.SH NAME
kprop \- propagate a Kerberos V5 principal database to a slave server
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/kpropd.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KPROPD" "8" " " "1.12.3" "MIT Kerberos"
.TH "KPROPD" "8" " " "1.12.4" "MIT Kerberos"
.SH NAME
kpropd \- Kerberos V5 slave KDC update server
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/kproplog.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KPROPLOG" "8" " " "1.12.3" "MIT Kerberos"
.TH "KPROPLOG" "8" " " "1.12.4" "MIT Kerberos"
.SH NAME
kproplog \- display the contents of the Kerberos principal update log
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/krb5-config.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KRB5-CONFIG" "1" " " "1.12.3" "MIT Kerberos"
.TH "KRB5-CONFIG" "1" " " "1.12.4" "MIT Kerberos"
.SH NAME
krb5-config \- tool for linking against MIT Kerberos libraries
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/krb5.conf.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KRB5.CONF" "5" " " "1.12.3" "MIT Kerberos"
.TH "KRB5.CONF" "5" " " "1.12.4" "MIT Kerberos"
.SH NAME
krb5.conf \- Kerberos configuration file
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/krb5kdc.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KRB5KDC" "8" " " "1.12.3" "MIT Kerberos"
.TH "KRB5KDC" "8" " " "1.12.4" "MIT Kerberos"
.SH NAME
krb5kdc \- Kerberos V5 KDC
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/ksu.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KSU" "1" " " "1.12.3" "MIT Kerberos"
.TH "KSU" "1" " " "1.12.4" "MIT Kerberos"
.SH NAME
ksu \- Kerberized super-user
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/kswitch.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KSWITCH" "1" " " "1.12.3" "MIT Kerberos"
.TH "KSWITCH" "1" " " "1.12.4" "MIT Kerberos"
.SH NAME
kswitch \- switch primary ticket cache
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/ktutil.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KTUTIL" "1" " " "1.12.3" "MIT Kerberos"
.TH "KTUTIL" "1" " " "1.12.4" "MIT Kerberos"
.SH NAME
ktutil \- Kerberos keytab file maintenance utility
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/kvno.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KVNO" "1" " " "1.12.3" "MIT Kerberos"
.TH "KVNO" "1" " " "1.12.4" "MIT Kerberos"
.SH NAME
kvno \- print key version numbers of Kerberos principals
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/sclient.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "SCLIENT" "1" " " "1.12.3" "MIT Kerberos"
.TH "SCLIENT" "1" " " "1.12.4" "MIT Kerberos"
.SH NAME
sclient \- sample Kerberos version 5 client
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/sserver.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "SSERVER" "8" " " "1.12.3" "MIT Kerberos"
.TH "SSERVER" "8" " " "1.12.4" "MIT Kerberos"
.SH NAME
sserver \- sample Kerberos version 5 server
.
Expand Down
6 changes: 3 additions & 3 deletions src/patchlevel.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@
*/
#define KRB5_MAJOR_RELEASE 1
#define KRB5_MINOR_RELEASE 12
#define KRB5_PATCHLEVEL 3
#define KRB5_RELTAIL "postrelease"
#define KRB5_PATCHLEVEL 4
/* #undef KRB5_RELTAIL */
/* #undef KRB5_RELDATE */
#define KRB5_RELTAG "krb5-1.12"
#define KRB5_RELTAG "krb5-1.12.4-final"
4 changes: 2 additions & 2 deletions src/po/mit-krb5.pot
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,9 @@
#, fuzzy
msgid ""
msgstr ""
"Project-Id-Version: mit-krb5 1.12.3-postrelease\n"
"Project-Id-Version: mit-krb5 1.12.4\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2015-05-21 18:03-0400\n"
"POT-Creation-Date: 2015-05-29 15:17-0400\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
Expand Down

0 comments on commit bb4252d

Please sign in to comment.