Skip to content

Commit fbb967a

Browse files
hartmanshartmans
committed
Merge in github/tags/krb5-1-10-1-final to upstream by unpacking krb5-1.10.1.tar.gz.
2 parents 108e4b5 + 9112db1 commit fbb967a

28 files changed

+556
-78
lines changed

README

Lines changed: 35 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -70,6 +70,34 @@ from using single-DES cryptosystems. Among these is a configuration
7070
variable that enables "weak" enctypes, which defaults to "false"
7171
beginning with krb5-1.8.
7272

73+
Major changes in 1.10.1
74+
-----------------------
75+
76+
This is a bugfix release.
77+
78+
* Fix access controls for KDB string attributes [CVE-2012-1012]
79+
80+
* Make the ASN.1 encoding of key version numbers interoperate with
81+
Windows Read-Only Domain Controllers
82+
83+
* Avoid generating spurious password expiry warnings in cases where
84+
the KDC sends an account expiry time without a password expiry time.
85+
86+
krb5-1.10.1 changes by ticket ID
87+
--------------------------------
88+
89+
7074 workaround for Solaris 8 lacking isblank
90+
7081 Don't use stack variable address in as_req state
91+
7082 Various lookaside cache fixes
92+
7084 Don't check mech in krb5_gss_inquire_cred_by_mech
93+
7087 krb5_gss_get_name_attribute fails to set display_value
94+
7088 Fix uninitialized variable warning in trval.c
95+
7089 Initialize gss_get_name_attribute output buffers
96+
7092 kvno ASN.1 encoding interop with Windows RODCs
97+
7093 Access controls for string RPCs [CVE-2012-1012]
98+
7096 Fix KDB iteration when callback does write calls
99+
7098 Fix spurious password expiry warning
100+
73101
Major changes in 1.10
74102
---------------------
75103

@@ -83,8 +111,8 @@ and
83111

84112
Code quality:
85113

86-
* Fix MITKRB5-SA-2011-006 and MITKRB5SA-2011-007 KDC denial of service
87-
vulnerabilities [CVE-2011-1527 CVE-2011-1528 CVE-2011-1529
114+
* Fix MITKRB5-SA-2011-006 and MITKRB5-SA-2011-007 KDC denial of
115+
service vulnerabilities [CVE-2011-1527 CVE-2011-1528 CVE-2011-1529
88116
CVE-2011-1530].
89117

90118
* Update the Fortuna implementation to more accurately implement the
@@ -272,6 +300,8 @@ krb5-1.10 changes by ticket ID
272300
7060 Convert securid module edata method
273301
7065 delete duplicate NOTICE file
274302
7067 documentation license to CC-BY-SA 3.0 Unported
303+
7077 LIBS should not include PKINIT_CRYPTO_IMPL_LIBS
304+
7078 Use INSTALL_DATA to install message catalogues
275305

276306
Acknowledgements
277307
----------------
@@ -361,6 +391,7 @@ Past and present members of the Kerberos Team at MIT:
361391
The following external contributors have provided code, patches, bug
362392
reports, suggestions, and valuable resources:
363393

394+
Ian Abbott
364395
Brandon Allbery
365396
Russell Allbery
366397
Brian Almeida
@@ -370,6 +401,7 @@ reports, suggestions, and valuable resources:
370401
Mark Bannister
371402
David Bantz
372403
Alex Baule
404+
Adam Bernstein
373405
Arlene Berry
374406
Jeff Blaine
375407
Radoslav Bodo
@@ -386,6 +418,7 @@ reports, suggestions, and valuable resources:
386418
Simon Cooper
387419
Sylvain Cortes
388420
Nalin Dahyabhai
421+
Mark Davies
389422
Dennis Davis
390423
Mark Deneen
391424
Roland Dowdeswell

0 commit comments

Comments
 (0)