Skip to content

Commit

Permalink
Update for krb5-1.15.2
Browse files Browse the repository at this point in the history
  • Loading branch information
@greghudson
greghudson committed Sep 25, 2017
1 parent 948865a commit d3cb9e2
Show file tree
Hide file tree
Showing 28 changed files with 81 additions and 30 deletions.
51 changes: 51 additions & 0 deletions README
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,52 @@ from using single-DES cryptosystems. Among these is a configuration
variable that enables "weak" enctypes, which defaults to "false"
beginning with krb5-1.8.

Major changes in 1.15.2 (2017-09-25)
------------------------------------

This is a bug fix release.

* Fix a KDC denial of service vulnerability caused by unset status
strings [CVE-2017-11368]

* Preserve GSS contexts on init/accept failure [CVE-2017-11462]

* Fix kadm5 setkey operation with LDAP KDB module

* Use a ten-second timeout after successful connection for HTTPS KDC
requests, as we do for TCP requests

* Fix client null dereference when KDC offers encrypted challenge
without FAST

* Ignore dotfiles when processing profile includedir directive

* Improve documentation

krb5-1.15.2 changes by ticket ID
--------------------------------

8557 Allow null outputs to gss_get_name_attribute()
8559 Fix leaks in gss_inquire_cred_by_oid()
8560 Force autoconf rebuild in maintainer rules
8563 Ignore dotfiles in profile includedir
8565 Fix krb5int_open_plugin_dirs() error handling
8567 Bug in mslsa ccahe
8573 Check for FAST in encrypted challenge client
8576 Make RC4 string-to-key more robust
8580 kinit fails for OTP users when using KdcProxy with both IPv4&6 DNS
8581 Allow clock skew in krb5 gss_context_time()
8584 Free GSS checksum data deterministically
8585 Add aes-sha2 enctypes to aes family documentation
8588 Fix kadm5.acl error reporting
8589 setkey kadm5 operation does not work with LDAP KDB
8593 Add aes-sha2 to default enctypes in docs
8594 Clarify "all privileges" in kadm5.acl docs
8598 Preserve GSS context on init/accept failure
8599 Prevent KDC unset status assertion failures
8600 Prevent null dereference with keyboard master key


Major changes in 1.15.1 (2017-03-01)
------------------------------------

Expand Down Expand Up @@ -372,7 +418,9 @@ reports, suggestions, and valuable resources:
Radoslav Bodo
Sumit Bose
Emmanuel Bouillon
Isaac Boukris
Philip Brown
Samuel Cabrero
Michael Calmer
Andrea Campi
Julien Chaffraix
Expand Down Expand Up @@ -441,6 +489,7 @@ reports, suggestions, and valuable resources:
Pavel Jindra
Brian Johannesmeyer
Joel Johnson
Alexander Karaivanov
Anders Kaseorg
W. Trevor King
Patrik Kis
Expand All @@ -453,6 +502,7 @@ reports, suggestions, and valuable resources:
Todd Lipcon
Oliver Loch
Kevin Longfellow
Frank Lonigro
Jon Looney
Nuno Lopes
Ryan Lynch
Expand Down Expand Up @@ -493,6 +543,7 @@ reports, suggestions, and valuable resources:
Solly Ross
Mike Roszkowski
Guillaume Rousse
Joshua Schaeffer
Andreas Schneider
Tom Shaw
Jim Shi
Expand Down
2 changes: 1 addition & 1 deletion src/man/k5identity.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "K5IDENTITY" "5" " " "1.15.1" "MIT Kerberos"
.TH "K5IDENTITY" "5" " " "1.15.2" "MIT Kerberos"
.SH NAME
k5identity \- Kerberos V5 client principal selection rules
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/k5login.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "K5LOGIN" "5" " " "1.15.1" "MIT Kerberos"
.TH "K5LOGIN" "5" " " "1.15.2" "MIT Kerberos"
.SH NAME
k5login \- Kerberos V5 acl file for host access
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/k5srvutil.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "K5SRVUTIL" "1" " " "1.15.1" "MIT Kerberos"
.TH "K5SRVUTIL" "1" " " "1.15.2" "MIT Kerberos"
.SH NAME
k5srvutil \- host key table (keytab) manipulation utility
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/kadm5.acl.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KADM5.ACL" "5" " " "1.15.1" "MIT Kerberos"
.TH "KADM5.ACL" "5" " " "1.15.2" "MIT Kerberos"
.SH NAME
kadm5.acl \- Kerberos ACL file
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/kadmin.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KADMIN" "1" " " "1.15.1" "MIT Kerberos"
.TH "KADMIN" "1" " " "1.15.2" "MIT Kerberos"
.SH NAME
kadmin \- Kerberos V5 database administration program
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/kadmind.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KADMIND" "8" " " "1.15.1" "MIT Kerberos"
.TH "KADMIND" "8" " " "1.15.2" "MIT Kerberos"
.SH NAME
kadmind \- KADM5 administration server
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/kdb5_ldap_util.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KDB5_LDAP_UTIL" "8" " " "1.15.1" "MIT Kerberos"
.TH "KDB5_LDAP_UTIL" "8" " " "1.15.2" "MIT Kerberos"
.SH NAME
kdb5_ldap_util \- Kerberos configuration utility
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/kdb5_util.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KDB5_UTIL" "8" " " "1.15.1" "MIT Kerberos"
.TH "KDB5_UTIL" "8" " " "1.15.2" "MIT Kerberos"
.SH NAME
kdb5_util \- Kerberos database maintenance utility
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/kdc.conf.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KDC.CONF" "5" " " "1.15.1" "MIT Kerberos"
.TH "KDC.CONF" "5" " " "1.15.2" "MIT Kerberos"
.SH NAME
kdc.conf \- Kerberos V5 KDC configuration file
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/kdestroy.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KDESTROY" "1" " " "1.15.1" "MIT Kerberos"
.TH "KDESTROY" "1" " " "1.15.2" "MIT Kerberos"
.SH NAME
kdestroy \- destroy Kerberos tickets
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/kinit.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KINIT" "1" " " "1.15.1" "MIT Kerberos"
.TH "KINIT" "1" " " "1.15.2" "MIT Kerberos"
.SH NAME
kinit \- obtain and cache Kerberos ticket-granting ticket
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/klist.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KLIST" "1" " " "1.15.1" "MIT Kerberos"
.TH "KLIST" "1" " " "1.15.2" "MIT Kerberos"
.SH NAME
klist \- list cached Kerberos tickets
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/kpasswd.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KPASSWD" "1" " " "1.15.1" "MIT Kerberos"
.TH "KPASSWD" "1" " " "1.15.2" "MIT Kerberos"
.SH NAME
kpasswd \- change a user's Kerberos password
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/kprop.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KPROP" "8" " " "1.15.1" "MIT Kerberos"
.TH "KPROP" "8" " " "1.15.2" "MIT Kerberos"
.SH NAME
kprop \- propagate a Kerberos V5 principal database to a slave server
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/kpropd.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KPROPD" "8" " " "1.15.1" "MIT Kerberos"
.TH "KPROPD" "8" " " "1.15.2" "MIT Kerberos"
.SH NAME
kpropd \- Kerberos V5 slave KDC update server
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/kproplog.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KPROPLOG" "8" " " "1.15.1" "MIT Kerberos"
.TH "KPROPLOG" "8" " " "1.15.2" "MIT Kerberos"
.SH NAME
kproplog \- display the contents of the Kerberos principal update log
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/krb5-config.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KRB5-CONFIG" "1" " " "1.15.1" "MIT Kerberos"
.TH "KRB5-CONFIG" "1" " " "1.15.2" "MIT Kerberos"
.SH NAME
krb5-config \- tool for linking against MIT Kerberos libraries
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/krb5.conf.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KRB5.CONF" "5" " " "1.15.1" "MIT Kerberos"
.TH "KRB5.CONF" "5" " " "1.15.2" "MIT Kerberos"
.SH NAME
krb5.conf \- Kerberos configuration file
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/krb5kdc.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KRB5KDC" "8" " " "1.15.1" "MIT Kerberos"
.TH "KRB5KDC" "8" " " "1.15.2" "MIT Kerberos"
.SH NAME
krb5kdc \- Kerberos V5 KDC
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/ksu.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KSU" "1" " " "1.15.1" "MIT Kerberos"
.TH "KSU" "1" " " "1.15.2" "MIT Kerberos"
.SH NAME
ksu \- Kerberized super-user
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/kswitch.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KSWITCH" "1" " " "1.15.1" "MIT Kerberos"
.TH "KSWITCH" "1" " " "1.15.2" "MIT Kerberos"
.SH NAME
kswitch \- switch primary ticket cache
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/ktutil.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KTUTIL" "1" " " "1.15.1" "MIT Kerberos"
.TH "KTUTIL" "1" " " "1.15.2" "MIT Kerberos"
.SH NAME
ktutil \- Kerberos keytab file maintenance utility
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/kvno.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "KVNO" "1" " " "1.15.1" "MIT Kerberos"
.TH "KVNO" "1" " " "1.15.2" "MIT Kerberos"
.SH NAME
kvno \- print key version numbers of Kerberos principals
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/sclient.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "SCLIENT" "1" " " "1.15.1" "MIT Kerberos"
.TH "SCLIENT" "1" " " "1.15.2" "MIT Kerberos"
.SH NAME
sclient \- sample Kerberos version 5 client
.
Expand Down
2 changes: 1 addition & 1 deletion src/man/sserver.man
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
.TH "SSERVER" "8" " " "1.15.1" "MIT Kerberos"
.TH "SSERVER" "8" " " "1.15.2" "MIT Kerberos"
.SH NAME
sserver \- sample Kerberos version 5 server
.
Expand Down
6 changes: 3 additions & 3 deletions src/patchlevel.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@
*/
#define KRB5_MAJOR_RELEASE 1
#define KRB5_MINOR_RELEASE 15
#define KRB5_PATCHLEVEL 1
#define KRB5_RELTAIL "postrelease"
#define KRB5_PATCHLEVEL 2
/* #undef KRB5_RELTAIL */
/* #undef KRB5_RELDATE */
#define KRB5_RELTAG "krb5-1.15"
#define KRB5_RELTAG "krb5-1.15.2-final"
4 changes: 2 additions & 2 deletions src/po/mit-krb5.pot
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,9 @@
#, fuzzy
msgid ""
msgstr ""
"Project-Id-Version: mit-krb5 1.15.1-postrelease\n"
"Project-Id-Version: mit-krb5 1.15.2\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2017-09-25 11:44-0400\n"
"POT-Creation-Date: 2017-09-25 12:24-0400\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
Expand Down

0 comments on commit d3cb9e2

Please sign in to comment.