svn rev #24895: branches/krb5-1-9/ doc/ src/
tlyu@MIT.EDU
tlyu at MIT.EDU
Fri Apr 22 17:31:43 EDT 2011
http://src.mit.edu/fisheye/changelog/krb5/?cs=24895
Commit By: tlyu
Log Message:
Documentation and patchlevel updates for krb5-1.9.1-beta1.
Changed Files:
U branches/krb5-1-9/NOTICE
U branches/krb5-1-9/README
U branches/krb5-1-9/doc/copyright.texinfo
U branches/krb5-1-9/src/patchlevel.h
Modified: branches/krb5-1-9/NOTICE
===================================================================
--- branches/krb5-1-9/NOTICE 2011-04-22 19:37:32 UTC (rev 24894)
+++ branches/krb5-1-9/NOTICE 2011-04-22 21:31:42 UTC (rev 24895)
@@ -1,4 +1,4 @@
-Copyright (C) 1985-2010 by the Massachusetts Institute of Technology.
+Copyright (C) 1985-2011 by the Massachusetts Institute of Technology.
All rights reserved.
Modified: branches/krb5-1-9/README
===================================================================
--- branches/krb5-1-9/README 2011-04-22 19:37:32 UTC (rev 24894)
+++ branches/krb5-1-9/README 2011-04-22 21:31:42 UTC (rev 24895)
@@ -6,11 +6,20 @@
Copyright and Other Notices
---------------------------
-Copyright (C) 1985-2010 by the Massachusetts Institute of Technology
+Copyright (C) 1985-2011 by the Massachusetts Institute of Technology
and its contributors. All rights reserved.
Please see the file named NOTICE for additional notices.
+MIT Kerberos is a project of the MIT Kerberos Consortium. For more
+information about the Kerberos Consortium, see http://kerberos.org/
+
+For more information about the MIT Kerberos software, see
+ http://web.mit.edu/kerberos/
+
+People interested in participating in the MIT Kerberos development
+effort should visit http://k5wiki.kerberos.org/
+
Building and Installing Kerberos 5
----------------------------------
@@ -42,9 +51,13 @@
compile and install Kerberos V5 on any platform, you may send mail to
krb5-bugs at mit.edu.
+Please keep in mind that unencrypted e-mail is not secure. If you need
+to report a security vulnerability, or send sensitive information,
+please PGP-encrypt it to krbcore-security at mit.edu.
+
You may view bug reports by visiting
-http://krbdev.mit.edu/rt/
+ http://krbdev.mit.edu/rt/
and logging in as "guest" with password "guest".
@@ -57,6 +70,48 @@
variable that enables "weak" enctypes, which defaults to "false"
beginning with krb5-1.8.
+Major changes in 1.9.1
+----------------------
+
+This is primarily a bugfix release.
+
+* Fix vulnerabilities:
+ ** kpropd denial of service [MITKRB5-SA-2011-001 CVE-2010-4022]
+ ** KDC denial of service attacks [MITKRB5-SA-2011-002
+ CVE-2011-0281 CVE-2011-0282 CVE-2011-0283]
+ ** KDC double-free when PKINIT enabled [MITKRB5-SA-2011-003
+ CVE-2011-0284]
+ ** kadmind frees invalid pointer [MITKRB5-SA-2011-004 CVE-2011-0285]
+
+* Interoperability:
+
+ ** Don't reject AP-REQ messages if their PAC doesn't validate;
+ suppress the PAC instead.
+
+ ** Correctly validate HMAC-MD5 checksums that use DES keys
+
+krb5-1.9.1 changes by ticket ID
+-------------------------------
+
+6596 [Michael Spang] Bug#561176: krb5-kdc-ldap: krb5kdc leaks file
+ descriptors
+6675 segfault in gss_export_sec_context
+6800 memory leak in kg_new_connection
+6847 Suppress camellia-gen in 1.9 make check
+6849 Fix edge case in LDAP last_admin_unlock processing
+6852 Make gss_krb5_set_allowable_enctypes work for the acceptor
+6856 Fix seg faulting trace log message for use of fallback realm
+6859 kpropd denial of service [MITKRB5-SA-2011-001 CVE-2010-4022]
+6860 KDC denial of service attacks [MITKRB5-SA-2011-002
+ CVE-2011-0281 CVE-2011-0282 CVE-2011-0283]
+6867 Trace logging file descriptor leak
+6869 hmac-md5 checksum doesn't work with DES keys
+6870 Don't reject AP-REQs based on PACs
+6871 "make distclean" leaves an object file behind.
+6875 kdb5_util mkey operations hit assertion when iprop is enabled
+6881 KDC double-free when PKINIT enabled [MITKRB5-SA-2011-003 CVE-2011-0284]
+6899 kadmind frees invalid pointer [MITKRB5-SA-2011-004 CVE-2011-0285]
+
Major changes in 1.9
--------------------
@@ -309,6 +364,7 @@
Radoslav Bodo
Emmanuel Bouillon
Michael Calmer
+ Julien Chaffraix
Ravi Channavajhala
Srinivas Cheruku
Leonardo Chiquitto
@@ -319,6 +375,7 @@
Simon Cooper
Sylvain Cortes
Nalin Dahyabhai
+ Dennis Davis
Roland Dowdeswell
Jason Edgecombe
Mark Eichin
@@ -352,13 +409,17 @@
Mikkel Kruse
Volker Lendecke
Jan iankko Lieskovsky
+ Kevin Longfellow
Ryan Lynch
+ Cameron Meadors
Franklyn Mendez
Markus Moeller
Paul Moore
+ Keiichi Mori
Zbysek Mraz
Edward Murrell
Nikos Nikoleris
+ Felipe Ortega
Dmitri Pal
Javier Palacios
Ezra Peisach
@@ -372,6 +433,7 @@
Tom Shaw
Peter Shoults
Simo Sorce
+ Michael Spang
Michael Ströder
Bjørn Tore Sund
Rathor Vipin
Modified: branches/krb5-1-9/doc/copyright.texinfo
===================================================================
--- branches/krb5-1-9/doc/copyright.texinfo 2011-04-22 19:37:32 UTC (rev 24894)
+++ branches/krb5-1-9/doc/copyright.texinfo 2011-04-22 21:31:42 UTC (rev 24895)
@@ -2,7 +2,7 @@
@begingroup
@smallfonts @rm
@end iftex
-Copyright @copyright{} 1985-2010 by the Massachusetts Institute of Technology.
+Copyright @copyright{} 1985-2011 by the Massachusetts Institute of Technology.
All rights reserved.
Modified: branches/krb5-1-9/src/patchlevel.h
===================================================================
--- branches/krb5-1-9/src/patchlevel.h 2011-04-22 19:37:32 UTC (rev 24894)
+++ branches/krb5-1-9/src/patchlevel.h 2011-04-22 21:31:42 UTC (rev 24895)
@@ -52,7 +52,7 @@
*/
#define KRB5_MAJOR_RELEASE 1
#define KRB5_MINOR_RELEASE 9
-#define KRB5_PATCHLEVEL 0
-#define KRB5_RELTAIL "postrelease"
+#define KRB5_PATCHLEVEL 1
+#define KRB5_RELTAIL "beta1"
/* #undef KRB5_RELDATE */
-#define KRB5_RELTAG "branches/krb5-1-9"
+#define KRB5_RELTAG "tags/krb5-1-9-1-beta1"
More information about the cvs-krb5
mailing list