Skip to content

Commit

Permalink
Update for krb5-1.15.3
Browse files Browse the repository at this point in the history
  • Loading branch information
@greghudson
greghudson committed May 3, 2018
1 parent 947080b commit c0157a5
Show file tree
Hide file tree
Showing 28 changed files with 76 additions and 30 deletions.
46 changes: 46 additions & 0 deletions README
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,48 @@ from using single-DES cryptosystems. Among these is a configuration
variable that enables "weak" enctypes, which defaults to "false"
beginning with krb5-1.8.

Major changes in 1.15.3 (2018-05-03)
------------------------------------

This is a bug fix release.

* Fix flaws in LDAP DN checking, including a null dereference KDC
crash which could be triggered by kadmin clients with administrative
privileges [CVE-2018-5729, CVE-2018-5730].

* Fix a KDC PKINIT memory leak.

* Fix a small KDC memory leak on transited or authdata errors when
processing TGS requests.

* Fix a null dereference when the KDC sends a large TGS reply.

* Fix "kdestroy -A" with the KCM credential cache type.

* Fix the handling of capaths "." values.

* Fix handling of repeated subsection specifications in profile files
(such as when multiple included files specify relations in the same
subsection).

krb5-1.15.3 changes by ticket ID
--------------------------------

7863 profile library mishandles duplicate subsections
8616 Fix default enctype order in docs
8617 PKINIT matching can crash for certs with long issuer and subject
8620 Length check when parsing GSS token encapsulation
8639 Always set appdefault_get() output argument
8643 Fix flaws in LDAP DN checking
8644 Fix memory leak in KDC PKINIT code
8645 Fix KDC encrypting key memory leak on some errors
8646 Fix capaths "." values on client
8658 kdestroy -A fails with KCM ccache type
8666 KDC null dereference when TGS reply is too big for UDP
8669 Fix doubled "kadmind:" in kadmind fail_to_start()
8675 Set error message on KCM get_princ failure


Major changes in 1.15.2 (2017-09-25)
------------------------------------

Expand Down Expand Up @@ -405,6 +447,7 @@ reports, suggestions, and valuable resources:
Russell Allbery
Brian Almeida
Michael B Allen
Pooja Anil
Heinz-Ado Arnolds
Derek Atkins
Mark Bannister
Expand Down Expand Up @@ -458,6 +501,7 @@ reports, suggestions, and valuable resources:
JC Ferguson
Remi Ferrand
Paul Fertser
Fabiano Fidêncio
William Fiveash
Jacques Florent
Ákos Frohner
Expand Down Expand Up @@ -532,6 +576,7 @@ reports, suggestions, and valuable resources:
Zoran Pericic
W. Michael Petullo
Mark Phalan
Sharwan Ram
Brett Randall
Jonathan Reams
Jonathan Reed
Expand Down Expand Up @@ -562,6 +607,7 @@ reports, suggestions, and valuable resources:
John Washington
Stef Walter
Xi Wang
Nehal J Wani
Kevin Wasserman
Margaret Wasserman
Marcus Watts
Expand Down
2 changes: 1 addition & 1 deletion src/man/k5identity.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "K5IDENTITY" "5" " " "1.15.2" "MIT Kerberos"
.TH "K5IDENTITY" "5" " " "1.15.3" "MIT Kerberos"
.SH NAME
k5identity \- Kerberos V5 client principal selection rules
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/k5login.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "K5LOGIN" "5" " " "1.15.2" "MIT Kerberos"
.TH "K5LOGIN" "5" " " "1.15.3" "MIT Kerberos"
.SH NAME
k5login \- Kerberos V5 acl file for host access
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/k5srvutil.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "K5SRVUTIL" "1" " " "1.15.2" "MIT Kerberos"
.TH "K5SRVUTIL" "1" " " "1.15.3" "MIT Kerberos"
.SH NAME
k5srvutil \- host key table (keytab) manipulation utility
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/kadm5.acl.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KADM5.ACL" "5" " " "1.15.2" "MIT Kerberos"
.TH "KADM5.ACL" "5" " " "1.15.3" "MIT Kerberos"
.SH NAME
kadm5.acl \- Kerberos ACL file
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/kadmin.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KADMIN" "1" " " "1.15.2" "MIT Kerberos"
.TH "KADMIN" "1" " " "1.15.3" "MIT Kerberos"
.SH NAME
kadmin \- Kerberos V5 database administration program
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/kadmind.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KADMIND" "8" " " "1.15.2" "MIT Kerberos"
.TH "KADMIND" "8" " " "1.15.3" "MIT Kerberos"
.SH NAME
kadmind \- KADM5 administration server
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/kdb5_ldap_util.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KDB5_LDAP_UTIL" "8" " " "1.15.2" "MIT Kerberos"
.TH "KDB5_LDAP_UTIL" "8" " " "1.15.3" "MIT Kerberos"
.SH NAME
kdb5_ldap_util \- Kerberos configuration utility
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/kdb5_util.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KDB5_UTIL" "8" " " "1.15.2" "MIT Kerberos"
.TH "KDB5_UTIL" "8" " " "1.15.3" "MIT Kerberos"
.SH NAME
kdb5_util \- Kerberos database maintenance utility
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/kdc.conf.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KDC.CONF" "5" " " "1.15.2" "MIT Kerberos"
.TH "KDC.CONF" "5" " " "1.15.3" "MIT Kerberos"
.SH NAME
kdc.conf \- Kerberos V5 KDC configuration file
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/kdestroy.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KDESTROY" "1" " " "1.15.2" "MIT Kerberos"
.TH "KDESTROY" "1" " " "1.15.3" "MIT Kerberos"
.SH NAME
kdestroy \- destroy Kerberos tickets
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/kinit.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KINIT" "1" " " "1.15.2" "MIT Kerberos"
.TH "KINIT" "1" " " "1.15.3" "MIT Kerberos"
.SH NAME
kinit \- obtain and cache Kerberos ticket-granting ticket
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/klist.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KLIST" "1" " " "1.15.2" "MIT Kerberos"
.TH "KLIST" "1" " " "1.15.3" "MIT Kerberos"
.SH NAME
klist \- list cached Kerberos tickets
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/kpasswd.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KPASSWD" "1" " " "1.15.2" "MIT Kerberos"
.TH "KPASSWD" "1" " " "1.15.3" "MIT Kerberos"
.SH NAME
kpasswd \- change a user's Kerberos password
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/kprop.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KPROP" "8" " " "1.15.2" "MIT Kerberos"
.TH "KPROP" "8" " " "1.15.3" "MIT Kerberos"
.SH NAME
kprop \- propagate a Kerberos V5 principal database to a slave server
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/kpropd.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KPROPD" "8" " " "1.15.2" "MIT Kerberos"
.TH "KPROPD" "8" " " "1.15.3" "MIT Kerberos"
.SH NAME
kpropd \- Kerberos V5 slave KDC update server
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/kproplog.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KPROPLOG" "8" " " "1.15.2" "MIT Kerberos"
.TH "KPROPLOG" "8" " " "1.15.3" "MIT Kerberos"
.SH NAME
kproplog \- display the contents of the Kerberos principal update log
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/krb5-config.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KRB5-CONFIG" "1" " " "1.15.2" "MIT Kerberos"
.TH "KRB5-CONFIG" "1" " " "1.15.3" "MIT Kerberos"
.SH NAME
krb5-config \- tool for linking against MIT Kerberos libraries
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/krb5.conf.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KRB5.CONF" "5" " " "1.15.2" "MIT Kerberos"
.TH "KRB5.CONF" "5" " " "1.15.3" "MIT Kerberos"
.SH NAME
krb5.conf \- Kerberos configuration file
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/krb5kdc.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KRB5KDC" "8" " " "1.15.2" "MIT Kerberos"
.TH "KRB5KDC" "8" " " "1.15.3" "MIT Kerberos"
.SH NAME
krb5kdc \- Kerberos V5 KDC
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/ksu.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KSU" "1" " " "1.15.2" "MIT Kerberos"
.TH "KSU" "1" " " "1.15.3" "MIT Kerberos"
.SH NAME
ksu \- Kerberized super-user
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/kswitch.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KSWITCH" "1" " " "1.15.2" "MIT Kerberos"
.TH "KSWITCH" "1" " " "1.15.3" "MIT Kerberos"
.SH NAME
kswitch \- switch primary ticket cache
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/ktutil.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KTUTIL" "1" " " "1.15.2" "MIT Kerberos"
.TH "KTUTIL" "1" " " "1.15.3" "MIT Kerberos"
.SH NAME
ktutil \- Kerberos keytab file maintenance utility
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/kvno.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KVNO" "1" " " "1.15.2" "MIT Kerberos"
.TH "KVNO" "1" " " "1.15.3" "MIT Kerberos"
.SH NAME
kvno \- print key version numbers of Kerberos principals
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/sclient.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "SCLIENT" "1" " " "1.15.2" "MIT Kerberos"
.TH "SCLIENT" "1" " " "1.15.3" "MIT Kerberos"
.SH NAME
sclient \- sample Kerberos version 5 client
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/sserver.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "SSERVER" "8" " " "1.15.2" "MIT Kerberos"
.TH "SSERVER" "8" " " "1.15.3" "MIT Kerberos"
.SH NAME
sserver \- sample Kerberos version 5 server
.
Expand Down
6 changes: 3 additions & 3 deletions src/patchlevel.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@
*/
#define KRB5_MAJOR_RELEASE 1
#define KRB5_MINOR_RELEASE 15
#define KRB5_PATCHLEVEL 2
#define KRB5_RELTAIL "postrelease"
#define KRB5_PATCHLEVEL 3
/* #undef KRB5_RELTAIL */
/* #undef KRB5_RELDATE */
#define KRB5_RELTAG "krb5-1.15"
#define KRB5_RELTAG "krb5-1.15.3-final"
4 changes: 2 additions & 2 deletions src/po/mit-krb5.pot
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,9 @@
#, fuzzy
msgid ""
msgstr ""
"Project-Id-Version: mit-krb5 1.15.2-postrelease\n"
"Project-Id-Version: mit-krb5 1.15.3\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2018-05-03 12:59-0400\n"
"POT-Creation-Date: 2018-05-03 14:23-0400\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
Expand Down

0 comments on commit c0157a5

Please sign in to comment.