svn rev #22345: branches/krb5-1-7/ src/

tlyu@MIT.EDU tlyu at MIT.EDU
Tue May 12 19:13:58 EDT 2009 

http://src.mit.edu/fisheye/changelog/krb5/?cs=22345
Commit By: tlyu
Log Message:
README and patchlevel for krb5-1.7-beta2


Changed Files:
U   branches/krb5-1-7/README
U   branches/krb5-1-7/src/patchlevel.h
Modified: branches/krb5-1-7/README
===================================================================
--- branches/krb5-1-7/README	2009-05-11 23:34:56 UTC (rev 22344)
+++ branches/krb5-1-7/README	2009-05-12 23:13:57 UTC (rev 22345)
@@ -66,7 +66,8 @@
 krb5-1.7 release will contain measures to encourage sites to migrate
 away from using single-DES cryptosystems.  Among these is a
 configuration variable that enables "weak" enctypes, but will default
-to "false" in the future.
+to "false" in the future.  Additional migration aids are planned for
+future releases.
 
 Major changes in 1.7
 --------------------
@@ -101,6 +102,7 @@
   NTLM implementation.
 
 * KDC support for principal aliases, if the back end supports them.
+  Currently, only the LDAP back end supports aliases.
 
 * Microsoft set/change password (RFC 3244) protocol in kadmind.
 
@@ -111,11 +113,9 @@
 * Flexible Authentication Secure Tunneling (FAST), a preauthentiation
   framework that can protect the AS exchange from dictionary attack.
 
-* Implement client support for GSS_C_DELEG_POLICY_FLAG, which allows a
-  GSS application to delegate credentials only if permitted by KDC
-  policy.  One minor known bug, which will probably be fixed by final
-  release, occurs when this functionality is used with cross-realm
-  authentication; see RT ticket #6473.
+* Implement client and KDC support for GSS_C_DELEG_POLICY_FLAG, which
+  allows a GSS application to request credential delegation only if
+  permitted by KDC policy.
 
 * Fix CVE-2009-0844, CVE-2009-0845, CVE-2009-0846, CVE-2009-0847 --
   various vulnerabilities in SPNEGO and ASN.1 code.
@@ -123,7 +123,9 @@
 Known bugs by ticket ID
 -----------------------
 
-6473    strip ok-as-delegate if not in cross-realm TGT chain
+6481    kdb ldap integration removed rev/recurse kdb5_util dumps
+6486    t_pac fails on SPARC Solaris
+6487    gss_unwrap_iov fails in stream mode
 
 Changes by ticket ID
 --------------------
@@ -173,12 +175,14 @@
 5575    don't include time.h in CredentialsCache.h if it's not needed
 5578    test commit handler
 5580    provide asprintf functionality for internal use
+5587    PRF for non-AES enctypes
 5589    krb5 trunk no longer builds on Windows - vsnprintf
         implementation required
 5590    gss krb5 mech enhanced error messages
 5593    kadmind crash on Debian AMD64
 5594    Work on compiling CCAPI test suite on Windows
 5595    Problems with kpasswd and an IPv6 enviroment
+5596    patch for providing a way to set the ok-as-delegate flag
 5598    ccs_pipe_t needs copy and release functions
 5599    Added new autogenerated file to generate-files-mac target
 5600    provide more useful error message when running kpropd on command line
@@ -300,7 +304,7 @@
 6120    increase rpc timeout
 6121    dead code in lib/rpc/clnt_udp.c
 6131    Removed argument from kipc_client_lookup_server
-6133    C90 compliance
+6133    don't do C99-style mixing declarations with code
 6138    Switch KfM back to error tables
 6140    CCAPI should use common ipc and stream code
 6142    KerberosAgent dialogs jump around the screen
@@ -351,6 +355,7 @@
 6201    small leak in KDC authdata plugins
 6202    kadmind leaks extended error strings
 6203    DELEG_POLICY_FLAG for GSS
+6210    pa_sam leaks parts of krb5_sam_challenge
 6211    pam_sam leaking outer krb5_data created by encode_krb5_sam_response
 6214    krb5_change_set_password not freeing chpw_rep contents
 6216    Free data in tests so leaks checking is easier
@@ -437,7 +442,8 @@
 6393    Implement TGS authenticator subkey support
 6397    use macros for config parameter strings
 6398    remove obsolete GNU.ORG realm info
-6400    [no subject]
+6400    GSSAPI authdata extraction should merge ticket and
+        authenticator authdata
 6401    send_as_req re-encodes the request
 6402    CVE-2009-0845 SPNEGO can dereference a null pointer
 6403    kdb5_ldap_util create segfaults when
@@ -488,7 +494,18 @@
 6468    k5_utf8s_to_ucs2s could deref NULL pointer...
 6469    fcc_generate_new destroys locked mutex on error
 6470    Send explicit salt for SALTTYPE_NORMAL keys
+6472    typo in ksu error message
+6473    strip ok-as-delegate if not in cross-realm TGT chain
 6474    move kadmin, ktutil, k5srvutil man pages to man1
+6475    Adding keys to malformed keytabs can infinitely extend the file
+6477    make installed headers C++-safe
+6478    Fix handling of RET_SEQUENCE flag in mk_priv/mk_ncred
+6479    Add DEBUG_ERROR_LOCATIONS support
+6480    Do not return PREAUTH_FAILED on unknown preauth
+6482    Allow more than 10 past keys to be stored by a policy
+6483    man1 in title header for man1 manpages
+6484    work around Heimdal not using subkey in TGS-REP
+6485    document ok_as_delegate in admin.texinfo
 
 Copyright and Other Legal Notices
 ---------------------------------

Modified: branches/krb5-1-7/src/patchlevel.h
===================================================================
--- branches/krb5-1-7/src/patchlevel.h	2009-05-11 23:34:56 UTC (rev 22344)
+++ branches/krb5-1-7/src/patchlevel.h	2009-05-12 23:13:57 UTC (rev 22345)
@@ -53,6 +53,6 @@
 #define KRB5_MAJOR_RELEASE 1
 #define KRB5_MINOR_RELEASE 7
 #define KRB5_PATCHLEVEL 0
-#define KRB5_RELTAIL "beta1-postrelease"
+#define KRB5_RELTAIL "beta2"
 /* #undef KRB5_RELDATE */
-#define KRB5_RELTAG "branches/krb5-1-7"
+#define KRB5_RELTAG "tags/krb5-1-7-beta2"

More information about the cvs-krb5 mailing list