krb5 commit [krb5-1.10]: Update README and patchlevel.h for krb5-1.10.4

Tom Yu tlyu at MIT.EDU
Fri Mar 1 20:02:49 EST 2013


https://github.com/krb5/krb5/commit/625d2314ba391ee787d4783ba2ec0d34473b373e
commit 625d2314ba391ee787d4783ba2ec0d34473b373e
Author: Tom Yu <tlyu at mit.edu>
Date:   Fri Mar 1 19:34:29 2013 -0500

    Update README and patchlevel.h for krb5-1.10.4

 README           |   72 ++++++++++++++++++++++++++++++++++++++++++++++++------
 src/patchlevel.h |    6 ++--
 2 files changed, 67 insertions(+), 11 deletions(-)

diff --git a/README b/README
index 9e2ade3..61a7f0f 100644
--- a/README
+++ b/README
@@ -70,8 +70,64 @@ from using single-DES cryptosystems.  Among these is a configuration
 variable that enables "weak" enctypes, which defaults to "false"
 beginning with krb5-1.8.
 
-Major changes in 1.10.3
------------------------
+Major changes in krb5-1.10.4 (2013-03-01)
+-----------------------------------------
+
+This is a bugfix release.
+
+* Fix null PKINIT pointer dereference vulnerabilities [CVE-2012-1016,
+  CVE-2013-1415]
+
+* Prevent the KDC from returning a host-based service principal
+  referral to the local realm.
+
+krb5-1.10.4 changes by ticket ID
+--------------------------------
+
+7194    Avoid mapping GSSAPI minor code on success
+7233    Use gssalloc in more parts of GSSAPI
+7236    Remove unused struct and switch_to stubs
+7237    CCAPI cleanup and bugfixes
+7254    Do not be over-restrictive in the presence of UAC
+7255    Set fCachesTicket=TRUE when no credentials
+7277    Remove preauth_sam2 from windows build
+7322    CCAPI client rpc fixes
+7339    Improve error translation for CCAPIv3 routines
+7340    Fix KfW thread-local storage allocation issues
+7342    Do not emit debug printfs under NODEBUG
+7349    SapGUI sometimes crashes on new session with MSLSA cache
+7350    Try harder not to use clock_gettime in verto-k5ev
+7353    assertion failure (possible memory corruption) when restarting
+        putty session
+7363    Update windows/README
+7386    Add version info for ccapiserver.exe
+7387    Windows build leaves (OUTPRE)/krb5ccNN.res in
+        ccapi/lib/win/srctmp
+7388    Cache TGS-REPs too
+7438    Update Camellia feature description
+7454    select on set of all bad fds
+7527    PKINIT (draft9) null ptr deref [CVE-2012-1016]
+7528    Fix spurious clock skew caused by gak_fct delay
+7536    Don't return a host referral to the service realm
+7537    Ensure null termination of AFS salts
+7538    Make verify_init_creds work with existing ccache
+7540    Fail during configure if unable to find ar
+7541    Suppress maybe-uninitialized warning in x-deltat.y
+7542    Avoid side effects in assert expressions
+7543    Suppress some gcc uninitialized variable warnings
+7544    Handle PKINIT DH replies with no certs
+7545    Fix various integer issues
+7575    Make kprop/kpropd work with RC4 session key
+7576    Convert success in krb5_chpw_result_code_string
+7577    PKINIT null pointer deref [CVE-2013-1415]
+7578    Check for negative poll timeout in k5_sendto_kdc
+7579    Fix gss_str_to_oid for OIDs with zero-valued arcs
+7580    Fix no_host_referral concatention in KDC
+7581    Fix kdb5_util dump.c uninitialized warnings
+7582    Minor pointer management patches
+
+Major changes in 1.10.3 (2012-08-08)
+------------------------------------
 
 This is a bugfix release.
 
@@ -110,8 +166,8 @@ krb5-1.10.3 changes by ticket ID
 7230    Add missing quote to install-windows
 7231    Regression tests for CVE-2012-1014, CVE-2012-1015
 
-Major changes in 1.10.2
------------------------
+Major changes in 1.10.2 (2012-05-31)
+------------------------------------
 
 This is a bugfix release.
 
@@ -140,8 +196,8 @@ krb5-1.10.2 changes by ticket ID
 7148    Export gss_mech_krb5_wrong from libgssapi_krb5
 7152    Null pointer deref in kadmind [CVE-2012-1013]
 
-Major changes in 1.10.1
------------------------
+Major changes in 1.10.1 (2012-03-08)
+------------------------------------
 
 This is a bugfix release.
 
@@ -168,8 +224,8 @@ krb5-1.10.1 changes by ticket ID
 7096    Fix KDB iteration when callback does write calls
 7098    Fix spurious password expiry warning
 
-Major changes in 1.10
----------------------
+Major changes in 1.10 (2012-01-27)
+----------------------------------
 
 Additional background information on these changes may be found at
 
diff --git a/src/patchlevel.h b/src/patchlevel.h
index d8bbcf9..6d0bc35 100644
--- a/src/patchlevel.h
+++ b/src/patchlevel.h
@@ -51,7 +51,7 @@
  */
 #define KRB5_MAJOR_RELEASE 1
 #define KRB5_MINOR_RELEASE 10
-#define KRB5_PATCHLEVEL 3
-#define KRB5_RELTAIL "postrelease"
+#define KRB5_PATCHLEVEL 4
+/* #undef KRB5_RELTAIL */
 /* #undef KRB5_RELDATE */
-#define KRB5_RELTAG "krb5-1.10"
+#define KRB5_RELTAG "krb5-1.10.4-final"


More information about the cvs-krb5 mailing list