svn rev #25411: branches/krb5-1-9/ src/

tlyu@MIT.EDU tlyu at MIT.EDU
Tue Oct 25 11:35:06 EDT 2011 

http://src.mit.edu/fisheye/changelog/krb5/?cs=25411
Commit By: tlyu
Log Message:
README and patchlevel.h for krb5-1.9.2-beta1


Changed Files:
U   branches/krb5-1-9/README
U   branches/krb5-1-9/src/patchlevel.h
Modified: branches/krb5-1-9/README
===================================================================
--- branches/krb5-1-9/README	2011-10-24 15:09:32 UTC (rev 25410)
+++ branches/krb5-1-9/README	2011-10-25 15:35:06 UTC (rev 25411)
@@ -70,6 +70,45 @@
 variable that enables "weak" enctypes, which defaults to "false"
 beginning with krb5-1.8.
 
+Major changes in 1.9.2
+----------------------
+
+This is primarily a bugfix release.
+
+* Improve KDC performance by fully its disabling replay cache.
+
+* Fix MITKRB5-SA-2011-006 KDC denial of service vulnerabilities
+  [CVE-2011-1527 CVE-2011-1528 CVE-2011-1529].
+
+krb5-1.9.1 changes by ticket ID
+-------------------------------
+
+6844    Memory leak in save_error_string_nocopy()
+6884    KDC memory leak in FAST error path
+6885    KDC memory leak of reply padata for FAST replies
+6886    rc4-hmac weak key checks break interoperability
+6888    No explanation of failed passwd entry if REQUIRES_PWCHANGE is set
+6906    modernize doc/Makefile somewhat
+6907    setpw response parsing fails for lengths above 255
+6908    Delete sec context properly in gss_krb5_export_lucid_sec_context
+6912    Use hmac-md5 checksum for PA-FOR-USER padata
+6913    Fix multiple tl-data updates over iprop
+6916    Restore krb5_get_credentials caching for referral requests
+6917    Restore fallback non-referral TGS request to same realm
+6920    Fix old-style GSSRPC authentication
+6932    Fix gss_set_cred_option cred creation with no name
+6939    Legacy checksum APIs usually fail
+6941    Fix accidental KDC use of replay cache
+6943    incorrect reference in spnego_gss_set_cred_option
+6949    TCP connection leak with 1.9.1, with connect_to_server()
+6952    Fix cross-realm traversal TGT requests
+6960    always include krb5_libinit.h in init_ctx.c
+6970    gss_unwrap_iov crashes with stream buffers for 3des, des, rc4
+6972    memory leak in version 1.9.1
+6982    SA-2011-006 KDC denial of service [CVE-2011-1527 CVE-2011-1528
+        CVE-2011-1529]
+6990    fix tar invocation in mkrel
+
 Major changes in 1.9.1
 ----------------------
 
@@ -278,6 +317,7 @@
     Columbia University
     Cornell University
     The Department of Defense of the United States of America (DoD)
+    Fidelity Investments
     Google
     Iowa State University
     MIT
@@ -312,6 +352,7 @@
     Mark Colan
     Don Davis
     Alexandra Ellwood
+    Carlos Garay
     Dan Geer
     Nancy Gilman
     Matt Hancher
@@ -326,6 +367,7 @@
     Kevin Koch
     John Kohl
     HaoQi Li
+    Jonathan Lin
     Peter Litwack
     Scott McGuire
     Steve Miller
@@ -411,6 +453,7 @@
     Jan iankko Lieskovsky
     Kevin Longfellow
     Ryan Lynch
+    Nathaniel McCallum
     Cameron Meadors
     Franklyn Mendez
     Markus Moeller

Modified: branches/krb5-1-9/src/patchlevel.h
===================================================================
--- branches/krb5-1-9/src/patchlevel.h	2011-10-24 15:09:32 UTC (rev 25410)
+++ branches/krb5-1-9/src/patchlevel.h	2011-10-25 15:35:06 UTC (rev 25411)
@@ -52,7 +52,7 @@
  */
 #define KRB5_MAJOR_RELEASE 1
 #define KRB5_MINOR_RELEASE 9
-#define KRB5_PATCHLEVEL 1
-#define KRB5_RELTAIL "postrelease"
+#define KRB5_PATCHLEVEL 2
+#define KRB5_RELTAIL "beta1"
 /* #undef KRB5_RELDATE */
-#define KRB5_RELTAG "branches/krb5-1-9"
+#define KRB5_RELTAG "tags/krb5-1-9-2-beta1"

More information about the cvs-krb5 mailing list