From 438a89f62a5c36425b9738058b7c03205391d78e Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Fri, 13 Apr 2007 00:06:26 +0000 Subject: [PATCH] README and patchlevel for 1.6.1-beta1 git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19447 dc483132-0cff-0310-8789-dd5450dbe970 --- README | 118 ++++++++++++++++++++++++++++++++++++++++++++--- src/patchlevel.h | 6 +-- 2 files changed, 114 insertions(+), 10 deletions(-) diff --git a/README b/README index 637f71bcb..7144abd72 100644 --- a/README +++ b/README @@ -1,4 +1,4 @@ - Kerberos Version 5, Release 1.6 + Kerberos Version 5, Release 1.6.1 Release Notes The MIT Kerberos Team @@ -7,20 +7,20 @@ Unpacking the Source Distribution --------------------------------- The source distribution of Kerberos 5 comes in a gzipped tarfile, -krb5-1.6.tar.gz. Instructions on how to extract the entire +krb5-1.6.1.tar.gz. Instructions on how to extract the entire distribution follow. If you have the GNU tar program and gzip installed, you can simply do: - gtar zxpf krb5-1.6.tar.gz + gtar zxpf krb5-1.6.1.tar.gz If you don't have GNU tar, you will need to get the FSF gzip distribution and use gzcat: - gzcat krb5-1.6.tar.gz | tar xpf - + gzcat krb5-1.6.1.tar.gz | tar xpf - -Both of these methods will extract the sources into krb5-1.6/src and -the documentation into krb5-1.6/doc. +Both of these methods will extract the sources into krb5-1.6.1/src and +the documentation into krb5-1.6.1/doc. Building and Installing Kerberos 5 ---------------------------------- @@ -59,6 +59,107 @@ http://krbdev.mit.edu/rt/ and logging in as "guest" with password "guest". +Major changes in krb5-1.6.1 +--------------------------- + +[5508] Fix MITKRB5-SA-2007-001: telnetd allows login as arbitrary user + [CVE-2007-0956, VU#220816] + +[5507] Fix MITKRB5-SA-2007-002: buffer overflow in krb5_klog_syslog + [CVE-2007-0957, VU#704024] + +[5445] Fix MITKRB5-SA-2007-003: double-free in kadmind - the RPC + library could perform a double-free due to a GSS-API library + bug [CVE-2007-1216, VU#419344] + +[5293] fix crash creating db2 database in non-existent directory + +krb5-1.6.1 changes by ticket ID +------------------------------- + +Listed below are the RT tickets of bugs fixed in krb5-1.6.1. Please see + +http://krbdev.mit.edu/rt/NoAuth/krb5-1.6/fixed-1.6.1.html + +for a current listing with links to the complete tickets. + +2724 kdc.conf man page typo in v4_mode section +5233 Change in behaviour in gss_release_buffer() by mechtypes + introduces memory leak +5238 fix leak in gss_krb5int_unseal_token_v3 +5246 Memory leak in tests/gssapi/t_imp_name.c +5257 error on gethostbyname is tested on errno instead of h_errno +5293 crash creating db2 database in non-existent directory +5294 create KDC database directory +5343 updated Windows README +5344 Update to KFW NSIS installer +5349 Proposed implementation of krb5_server_decrypt_ticket_keyblock + and krb5_server_decrypt_ticket_keytab +5353 kfw wix installer - memory overwrite error +5393 krb5-1.6: tcp kpasswd service required if only admin_server is + specified in krb5.conf +5394 krb5-1.6: segfault on password change +5396 Master ticket for NetIdMgr 1.2 commits +5397 NIM string tables +5398 NIM Kerberos v4 configuration dialog +5399 NIM Correct Visual Identity Expiration Status +5400 NIM Kerberos 5 Provider corrections +5403 Add KDC timesyncing support to the CCAPI ccache backend +5408 NIM - Context sensitive system tray menu and more +5409 KFW MSI installer corrections +5410 kt_file.c memory leak on error in krb5_kt_resolve / + krb5_kt_wresolve +5414 NIM Bug Fixes +5418 KFW: 32-bit builds use the pismere krbv4w32.dll library +5419 Microsoft Windows Visual Studio does not define ssize_t +5420 get_init_creds_opt extensibility +5437 hack to permit GetEnvironmentVariable usage without requiring + getenv() conversion +5445 gsstest doesn't like krb5-1.6 GSSAPI library + [also MITKRB5-SA-2007-003] +5446 KfW 3.1: stderr of kinit/klist/kdestroy cannot be re-directed + to file +5447 tail portability bug in k5srvutil +5452 NIM Improved Alert Management +5453 Windows - some apps define ssize_t as a preprocessor symbol +5454 krb5_get_cred_from_kdc fails to null terminate the tgt list +5455 valgrind detects uninitialized (but really unused) bytes in + 'queue' +5457 More existence tests; path update +5458 osf1: get proper library dependencies installed +5461 reverting commit to windows WIX installer (revision 19207) +5469 KFW: Vista Integrated Logon +5476 Zero sockaddrs in fai_add_entry() so we can compare them with + memcmp() +5477 Enable Vista support for MSLSA +5478 NIM: New Default View and miscellaneous fixes +5480 krb5 library uses kdc.conf when it shouldn't +5490 KfW build automation +5491 WIX installer stores WinLogon event handler under wrong + registry value +5492 remove unwanted files from kfw build script +5493 KFW: problems with non-interactive logons +5495 NIM commits for KFW 3.2 Beta 1 +5496 more bug fixes for NIM 1.2 (KFW 3.2) +5503 msi deployment guide updates for KFW 3.2 +5504 Network Identity Manager 1.2 User Manual +5505 More commits for NIM 1.2 Beta 1 +5507 MITKRB5-SA-2007-002: buffer overflow in krb5_klog_syslog +5508 MITKRB5-SA-2007-001: telnetd allows login as arbitrary user +5509 service location plugin returning no addresses handled + incorrectly +5510 krb5int_open_plugin_dirs errors out if directory does not + exist +5514 wix installer - modify file list +5515 KFW NSIS installer - copyright updates and aklog removal +5516 NIM 1.2.0.1 corrections +5518 EAI_NODATA deprecated, not always defined +5522 NIM 3.2 documentation update +5523 KFW 3.2 Beta 2 commits +5524 NIM doxyfile.cfg - update to Doxygen 1.5.2 +5525 NIM 1.2 HtmlHelp User Documentation +5526 NIM - Fix taskbar button visibility on Vista + Major changes in krb5-1.6 ------------------------- @@ -229,7 +330,7 @@ for a current listing with links to the complete tickets. Copyright and Other Legal Notices --------------------------------- -Copyright (C) 1985-2006 by the Massachusetts Institute of Technology. +Copyright (C) 1985-2007 by the Massachusetts Institute of Technology. All rights reserved. @@ -584,6 +685,9 @@ database plug-in. Thanks to Sun Microsystems for donating their implementations of mechglue and SPNEGO. +Thanks to iDefense for notifying us about the vulnerability in +MITKRB5-SA-2007-002. + Thanks to the members of the Kerberos V5 development team at MIT, both past and present: Danilo Almeida, Jeffrey Altman, Justin Anderson, Richard Basch, Jay Berkenbilt, Mitch Berger, Andrew Boardman, Joe diff --git a/src/patchlevel.h b/src/patchlevel.h index 13f503de5..74352b149 100644 --- a/src/patchlevel.h +++ b/src/patchlevel.h @@ -52,7 +52,7 @@ */ #define KRB5_MAJOR_RELEASE 1 #define KRB5_MINOR_RELEASE 6 -#define KRB5_PATCHLEVEL 0 -#define KRB5_RELTAIL "postrelease" +#define KRB5_PATCHLEVEL 1 +#define KRB5_RELTAIL "beta1" /* #undef KRB5_RELDATE */ -#define KRB5_RELTAG "branches/krb5-1-6" +#define KRB5_RELTAG "tags/krb5-1-6-1-beta1 " -- 2.26.2