krb5 commit [krb5-1.20]: Update for krb5-1.20.2
ghudson at mit.edu
ghudson at mit.edu
Tue Jul 11 18:57:04 EDT 2023
https://github.com/krb5/krb5/commit/47646c2b98fb17f06e5c46ec1348dd54ad65ef83
commit 47646c2b98fb17f06e5c46ec1348dd54ad65ef83
Author: Greg Hudson <ghudson at mit.edu>
Date: Thu Jul 6 18:56:05 2023 -0400
Update for krb5-1.20.2
README | 24 ++++++++++++++++++++++++
src/man/k5identity.man | 2 +-
src/man/k5login.man | 2 +-
src/man/k5srvutil.man | 2 +-
src/man/kadm5.acl.man | 2 +-
src/man/kadmin.man | 2 +-
src/man/kadmind.man | 2 +-
src/man/kdb5_ldap_util.man | 2 +-
src/man/kdb5_util.man | 2 +-
src/man/kdc.conf.man | 2 +-
src/man/kdestroy.man | 2 +-
src/man/kerberos.man | 2 +-
src/man/kinit.man | 2 +-
src/man/klist.man | 2 +-
src/man/kpasswd.man | 2 +-
src/man/kprop.man | 2 +-
src/man/kpropd.man | 2 +-
src/man/kproplog.man | 2 +-
src/man/krb5-config.man | 2 +-
src/man/krb5.conf.man | 2 +-
src/man/krb5kdc.man | 2 +-
src/man/ksu.man | 2 +-
src/man/kswitch.man | 2 +-
src/man/ktutil.man | 2 +-
src/man/kvno.man | 2 +-
src/man/sclient.man | 2 +-
src/man/sserver.man | 2 +-
src/patchlevel.h | 6 +++---
src/po/mit-krb5.pot | 4 ++--
29 files changed, 55 insertions(+), 31 deletions(-)
diff --git a/README b/README
index a1805975f..fd0a0b14f 100644
--- a/README
+++ b/README
@@ -85,6 +85,29 @@ default and eventually removed.
Beginning with the krb5-1.18 release, single-DES encryption types have
been removed.
+Major changes in 1.20.2 (2023-07-06)
+------------------------------------
+
+This is a bug fix release.
+
+* Fix potential uninitialized pointer free in kadm5 XDR parsing
+ [CVE-2023-36054].
+
+* Fix read overruns in SPNEGO parsing.
+
+* Compatibility fix for autoconf 2.72.
+
+krb5-1.20.2 changes by ticket ID
+--------------------------------
+
+9069 Update error checking for OpenSSL CMS_verify
+9077 Fix aclocal.m4 syntax error for autoconf 2.72
+9083 Fix kpropd crash with unrecognized option
+9085 Fix read overruns in SPNEGO parsing
+9086 Fix possible double-free during KDB creation
+9087 Fix meridian type in getdate.y
+9099 Ensure array count consistency in kadm5 RPC
+
Major changes in 1.20.1 (2022-11-15)
------------------------------------
@@ -470,6 +493,7 @@ reports, suggestions, and valuable resources:
Paul Moore
Keiichi Mori
Michael Morony
+ Robert Morris
Sam Morris
Zbysek Mraz
Edward Murrell
diff --git a/src/man/k5identity.man b/src/man/k5identity.man
index 4d9d76d9f..3058a095f 100644
--- a/src/man/k5identity.man
+++ b/src/man/k5identity.man
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
-.TH "K5IDENTITY" "5" " " "1.20.1" "MIT Kerberos"
+.TH "K5IDENTITY" "5" " " "1.20.2" "MIT Kerberos"
.SH NAME
k5identity \- Kerberos V5 client principal selection rules
.
diff --git a/src/man/k5login.man b/src/man/k5login.man
index aca1d0459..f5877ad45 100644
--- a/src/man/k5login.man
+++ b/src/man/k5login.man
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
-.TH "K5LOGIN" "5" " " "1.20.1" "MIT Kerberos"
+.TH "K5LOGIN" "5" " " "1.20.2" "MIT Kerberos"
.SH NAME
k5login \- Kerberos V5 acl file for host access
.
diff --git a/src/man/k5srvutil.man b/src/man/k5srvutil.man
index 61581746a..4b4e86f00 100644
--- a/src/man/k5srvutil.man
+++ b/src/man/k5srvutil.man
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
-.TH "K5SRVUTIL" "1" " " "1.20.1" "MIT Kerberos"
+.TH "K5SRVUTIL" "1" " " "1.20.2" "MIT Kerberos"
.SH NAME
k5srvutil \- host key table (keytab) manipulation utility
.
diff --git a/src/man/kadm5.acl.man b/src/man/kadm5.acl.man
index 4b5246c6a..e41081c47 100644
--- a/src/man/kadm5.acl.man
+++ b/src/man/kadm5.acl.man
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
-.TH "KADM5.ACL" "5" " " "1.20.1" "MIT Kerberos"
+.TH "KADM5.ACL" "5" " " "1.20.2" "MIT Kerberos"
.SH NAME
kadm5.acl \- Kerberos ACL file
.
diff --git a/src/man/kadmin.man b/src/man/kadmin.man
index 64b9cea39..6a38024e9 100644
--- a/src/man/kadmin.man
+++ b/src/man/kadmin.man
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
-.TH "KADMIN" "1" " " "1.20.1" "MIT Kerberos"
+.TH "KADMIN" "1" " " "1.20.2" "MIT Kerberos"
.SH NAME
kadmin \- Kerberos V5 database administration program
.
diff --git a/src/man/kadmind.man b/src/man/kadmind.man
index 65a8f80de..c73cbf066 100644
--- a/src/man/kadmind.man
+++ b/src/man/kadmind.man
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
-.TH "KADMIND" "8" " " "1.20.1" "MIT Kerberos"
+.TH "KADMIND" "8" " " "1.20.2" "MIT Kerberos"
.SH NAME
kadmind \- KADM5 administration server
.
diff --git a/src/man/kdb5_ldap_util.man b/src/man/kdb5_ldap_util.man
index f1f35b868..1312383b4 100644
--- a/src/man/kdb5_ldap_util.man
+++ b/src/man/kdb5_ldap_util.man
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
-.TH "KDB5_LDAP_UTIL" "8" " " "1.20.1" "MIT Kerberos"
+.TH "KDB5_LDAP_UTIL" "8" " " "1.20.2" "MIT Kerberos"
.SH NAME
kdb5_ldap_util \- Kerberos configuration utility
.
diff --git a/src/man/kdb5_util.man b/src/man/kdb5_util.man
index 6f8fa23ad..c1cb7d1e1 100644
--- a/src/man/kdb5_util.man
+++ b/src/man/kdb5_util.man
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
-.TH "KDB5_UTIL" "8" " " "1.20.1" "MIT Kerberos"
+.TH "KDB5_UTIL" "8" " " "1.20.2" "MIT Kerberos"
.SH NAME
kdb5_util \- Kerberos database maintenance utility
.
diff --git a/src/man/kdc.conf.man b/src/man/kdc.conf.man
index 76884afb8..b04567158 100644
--- a/src/man/kdc.conf.man
+++ b/src/man/kdc.conf.man
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
-.TH "KDC.CONF" "5" " " "1.20.1" "MIT Kerberos"
+.TH "KDC.CONF" "5" " " "1.20.2" "MIT Kerberos"
.SH NAME
kdc.conf \- Kerberos V5 KDC configuration file
.
diff --git a/src/man/kdestroy.man b/src/man/kdestroy.man
index 473e579b7..0415d9aba 100644
--- a/src/man/kdestroy.man
+++ b/src/man/kdestroy.man
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
-.TH "KDESTROY" "1" " " "1.20.1" "MIT Kerberos"
+.TH "KDESTROY" "1" " " "1.20.2" "MIT Kerberos"
.SH NAME
kdestroy \- destroy Kerberos tickets
.
diff --git a/src/man/kerberos.man b/src/man/kerberos.man
index f13fa902b..db84512de 100644
--- a/src/man/kerberos.man
+++ b/src/man/kerberos.man
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
-.TH "KERBEROS" "7" " " "1.20.1" "MIT Kerberos"
+.TH "KERBEROS" "7" " " "1.20.2" "MIT Kerberos"
.SH NAME
kerberos \- Overview of using Kerberos
.
diff --git a/src/man/kinit.man b/src/man/kinit.man
index 7fc43f9f5..c6a3c3ce6 100644
--- a/src/man/kinit.man
+++ b/src/man/kinit.man
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
-.TH "KINIT" "1" " " "1.20.1" "MIT Kerberos"
+.TH "KINIT" "1" " " "1.20.2" "MIT Kerberos"
.SH NAME
kinit \- obtain and cache Kerberos ticket-granting ticket
.
diff --git a/src/man/klist.man b/src/man/klist.man
index 744738d74..b6f04263d 100644
--- a/src/man/klist.man
+++ b/src/man/klist.man
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
-.TH "KLIST" "1" " " "1.20.1" "MIT Kerberos"
+.TH "KLIST" "1" " " "1.20.2" "MIT Kerberos"
.SH NAME
klist \- list cached Kerberos tickets
.
diff --git a/src/man/kpasswd.man b/src/man/kpasswd.man
index 7238d0560..ba7b1a881 100644
--- a/src/man/kpasswd.man
+++ b/src/man/kpasswd.man
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
-.TH "KPASSWD" "1" " " "1.20.1" "MIT Kerberos"
+.TH "KPASSWD" "1" " " "1.20.2" "MIT Kerberos"
.SH NAME
kpasswd \- change a user's Kerberos password
.
diff --git a/src/man/kprop.man b/src/man/kprop.man
index 0ee1f8311..2e0efe869 100644
--- a/src/man/kprop.man
+++ b/src/man/kprop.man
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
-.TH "KPROP" "8" " " "1.20.1" "MIT Kerberos"
+.TH "KPROP" "8" " " "1.20.2" "MIT Kerberos"
.SH NAME
kprop \- propagate a Kerberos V5 principal database to a replica server
.
diff --git a/src/man/kpropd.man b/src/man/kpropd.man
index 9dd6d6ba5..ef05c1567 100644
--- a/src/man/kpropd.man
+++ b/src/man/kpropd.man
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
-.TH "KPROPD" "8" " " "1.20.1" "MIT Kerberos"
+.TH "KPROPD" "8" " " "1.20.2" "MIT Kerberos"
.SH NAME
kpropd \- Kerberos V5 replica KDC update server
.
diff --git a/src/man/kproplog.man b/src/man/kproplog.man
index 8aa85715a..159405706 100644
--- a/src/man/kproplog.man
+++ b/src/man/kproplog.man
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
-.TH "KPROPLOG" "8" " " "1.20.1" "MIT Kerberos"
+.TH "KPROPLOG" "8" " " "1.20.2" "MIT Kerberos"
.SH NAME
kproplog \- display the contents of the Kerberos principal update log
.
diff --git a/src/man/krb5-config.man b/src/man/krb5-config.man
index 7c4380a36..5ef960c3c 100644
--- a/src/man/krb5-config.man
+++ b/src/man/krb5-config.man
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
-.TH "KRB5-CONFIG" "1" " " "1.20.1" "MIT Kerberos"
+.TH "KRB5-CONFIG" "1" " " "1.20.2" "MIT Kerberos"
.SH NAME
krb5-config \- tool for linking against MIT Kerberos libraries
.
diff --git a/src/man/krb5.conf.man b/src/man/krb5.conf.man
index a86c68b62..88362fbf8 100644
--- a/src/man/krb5.conf.man
+++ b/src/man/krb5.conf.man
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
-.TH "KRB5.CONF" "5" " " "1.20.1" "MIT Kerberos"
+.TH "KRB5.CONF" "5" " " "1.20.2" "MIT Kerberos"
.SH NAME
krb5.conf \- Kerberos configuration file
.
diff --git a/src/man/krb5kdc.man b/src/man/krb5kdc.man
index 24d90fea2..aa1c6705d 100644
--- a/src/man/krb5kdc.man
+++ b/src/man/krb5kdc.man
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
-.TH "KRB5KDC" "8" " " "1.20.1" "MIT Kerberos"
+.TH "KRB5KDC" "8" " " "1.20.2" "MIT Kerberos"
.SH NAME
krb5kdc \- Kerberos V5 KDC
.
diff --git a/src/man/ksu.man b/src/man/ksu.man
index 6adaa469f..dc78eebc4 100644
--- a/src/man/ksu.man
+++ b/src/man/ksu.man
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
-.TH "KSU" "1" " " "1.20.1" "MIT Kerberos"
+.TH "KSU" "1" " " "1.20.2" "MIT Kerberos"
.SH NAME
ksu \- Kerberized super-user
.
diff --git a/src/man/kswitch.man b/src/man/kswitch.man
index fdeafb4ad..756e97dcd 100644
--- a/src/man/kswitch.man
+++ b/src/man/kswitch.man
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
-.TH "KSWITCH" "1" " " "1.20.1" "MIT Kerberos"
+.TH "KSWITCH" "1" " " "1.20.2" "MIT Kerberos"
.SH NAME
kswitch \- switch primary ticket cache
.
diff --git a/src/man/ktutil.man b/src/man/ktutil.man
index 2fac94464..1ee5a1f6a 100644
--- a/src/man/ktutil.man
+++ b/src/man/ktutil.man
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
-.TH "KTUTIL" "1" " " "1.20.1" "MIT Kerberos"
+.TH "KTUTIL" "1" " " "1.20.2" "MIT Kerberos"
.SH NAME
ktutil \- Kerberos keytab file maintenance utility
.
diff --git a/src/man/kvno.man b/src/man/kvno.man
index f08a4fe36..a665c1c6e 100644
--- a/src/man/kvno.man
+++ b/src/man/kvno.man
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
-.TH "KVNO" "1" " " "1.20.1" "MIT Kerberos"
+.TH "KVNO" "1" " " "1.20.2" "MIT Kerberos"
.SH NAME
kvno \- print key version numbers of Kerberos principals
.
diff --git a/src/man/sclient.man b/src/man/sclient.man
index effa65282..3838a43c1 100644
--- a/src/man/sclient.man
+++ b/src/man/sclient.man
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
-.TH "SCLIENT" "1" " " "1.20.1" "MIT Kerberos"
+.TH "SCLIENT" "1" " " "1.20.2" "MIT Kerberos"
.SH NAME
sclient \- sample Kerberos version 5 client
.
diff --git a/src/man/sserver.man b/src/man/sserver.man
index 204ee0bb7..21b002285 100644
--- a/src/man/sserver.man
+++ b/src/man/sserver.man
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
-.TH "SSERVER" "8" " " "1.20.1" "MIT Kerberos"
+.TH "SSERVER" "8" " " "1.20.2" "MIT Kerberos"
.SH NAME
sserver \- sample Kerberos version 5 server
.
diff --git a/src/patchlevel.h b/src/patchlevel.h
index 709e312b5..d41f8a014 100644
--- a/src/patchlevel.h
+++ b/src/patchlevel.h
@@ -51,7 +51,7 @@
*/
#define KRB5_MAJOR_RELEASE 1
#define KRB5_MINOR_RELEASE 20
-#define KRB5_PATCHLEVEL 1
-#define KRB5_RELTAIL "postrelease"
+#define KRB5_PATCHLEVEL 2
+/* #undef KRB5_RELTAIL */
/* #undef KRB5_RELDATE */
-#define KRB5_RELTAG "krb5-1.20"
+#define KRB5_RELTAG "krb5-1.20.2-final"
diff --git a/src/po/mit-krb5.pot b/src/po/mit-krb5.pot
index 428913bd8..2e5884090 100644
--- a/src/po/mit-krb5.pot
+++ b/src/po/mit-krb5.pot
@@ -6,9 +6,9 @@
#, fuzzy
msgid ""
msgstr ""
-"Project-Id-Version: mit-krb5 1.20.1-postrelease\n"
+"Project-Id-Version: mit-krb5 1.20.2\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2023-07-06 17:30-0400\n"
+"POT-Creation-Date: 2023-07-06 18:47-0400\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL at ADDRESS>\n"
"Language-Team: LANGUAGE <LL at li.org>\n"
More information about the cvs-krb5
mailing list