variable that enables "weak" enctypes, which defaults to "false"
beginning with krb5-1.8.
+Major changes in 1.11.4 (2013-11-04)
+------------------------------------
+
+* Fix a KDC null pointer dereference [CVE-2013-1417] that could affect
+ realms with an uncommon configuration.
+
+* Fix a KDC null pointer dereference [CVE-2013-1418] that could affect
+ KDCs that serve multiple realms.
+
+* Fix a number of bugs related to KDC master key rollover.
+
+krb5-1.11.4 changes by ticket ID
+--------------------------------
+
+7508 Indefinite FD polling
+7650 Issue following client referral from AD
+7664 Build with Visual Studio 2012
+7668 KDC null deref due to referrals [CVE-2013-1417]
+7670 Add test case for CVE-2013-1417
+7671 Install ccselect_plugin.h
+7702 krb5-1.11.3 FTBFS on NetBSD
+7723 Fix GSSAPI krb5 cred ccache import
+7724 Change KRB5KDC_ERR_NO_ACCEPTABLE_KDF to 100
+7726 Use protocol error for PKINIT cert expiry
+7727 Discuss cert expiry, no-key princs in PKINIT docs
+7734 Fix typos in kdb5_util master key command outputs
+7735 Use active master key in update_princ_encryption
+7737 Correctly activate master keys in pre-1.7 KDBs
+7742 Reset key-generation parameters for each enctype
+7746 Fix decoding of mkey kvno in mkey_aux tl-data
+7747 Improve LDAP KDB initialization error messages
+7748 Document master key rollover
+7752 Clarify kpropd standalone mode documentation
+7756 Multi-realm KDC null deref [CVE-2013-1418]
+7758 Fix reference for trace logging
+
Major changes in 1.11.3 (2013-06-03)
------------------------------------
Mark Bannister
David Bantz
Alex Baule
+ David Benjamin
Adam Bernstein
Arlene Berry
Jeff Blaine
Nalin Dahyabhai
Mark Davies
Dennis Davis
+ Alex Dehnert
Mark Deneen
+ Günther Deschner
Roland Dowdeswell
+ Viktor Dukhovni
Jason Edgecombe
Mark Eichin
Shawn M. Emery
Douglas E. Engert
Peter Eriksson
Juha Erkkilä
+ Gilles Espinasse
Ronni Feldt
Bill Fellows
JC Ferguson
Steve Grubb
Philip Guenther
Dominic Hargreaves
+ Robbie Harwood
Jakob Haufe
Matthieu Hautreux
Paul B. Henson
Jan iankko Lieskovsky
Oliver Loch
Kevin Longfellow
+ Nuno Lopes
Ryan Lynch
Nathaniel McCallum
Greg McClement
Mike Roszkowski
Guillaume Rousse
Tom Shaw
+ Jim Shi
Peter Shoults
Simo Sorce
Michael Spang
Simon Wilkinson
Nicolas Williams
Ross Wilper
+ Augustin Wolf
Xu Qiang
Nickolai Zeldovich
Hanz van Zijst
-.TH "K5IDENTITY" "5" " " "1.11.3" "MIT Kerberos"
+.TH "K5IDENTITY" "5" " " "1.11.4" "MIT Kerberos"
.SH NAME
k5identity \- Kerberos V5 client principal selection rules
.
-.TH "K5LOGIN" "5" " " "1.11.3" "MIT Kerberos"
+.TH "K5LOGIN" "5" " " "1.11.4" "MIT Kerberos"
.SH NAME
k5login \- Kerberos V5 acl file for host access
.
-.TH "K5SRVUTIL" "1" " " "1.11.3" "MIT Kerberos"
+.TH "K5SRVUTIL" "1" " " "1.11.4" "MIT Kerberos"
.SH NAME
k5srvutil \- host key table (keytab) manipulation utility
.
-.TH "KADM5.ACL" "5" " " "1.11.3" "MIT Kerberos"
+.TH "KADM5.ACL" "5" " " "1.11.4" "MIT Kerberos"
.SH NAME
kadm5.acl \- Kerberos ACL file
.
-.TH "KADMIN" "1" " " "1.11.3" "MIT Kerberos"
+.TH "KADMIN" "1" " " "1.11.4" "MIT Kerberos"
.SH NAME
kadmin \- Kerberos V5 database administration program
.
-.TH "KADMIND" "8" " " "1.11.3" "MIT Kerberos"
+.TH "KADMIND" "8" " " "1.11.4" "MIT Kerberos"
.SH NAME
kadmind \- KADM5 administration server
.
-.TH "KDB5_LDAP_UTIL" "8" " " "1.11.3" "MIT Kerberos"
+.TH "KDB5_LDAP_UTIL" "8" " " "1.11.4" "MIT Kerberos"
.SH NAME
kdb5_ldap_util \- Kerberos configuration utility
.
-.TH "KDB5_UTIL" "8" " " "1.11.3" "MIT Kerberos"
+.TH "KDB5_UTIL" "8" " " "1.11.4" "MIT Kerberos"
.SH NAME
kdb5_util \- Kerberos database maintenance utility
.
.sp
Update all principal records (or only those matching the
\fIprinc\-pattern\fP glob pattern) to re\-encrypt the key data using the
-active database master key, if they are encrypted using older
-versions, and give a count at the end of the number of principals
+active database master key, if they are encrypted using a different
+version, and give a count at the end of the number of principals
updated. If the \fB\-f\fP option is not given, ask for confirmation
before starting to make changes. The \fB\-v\fP option causes each
principal processed to be listed, with an indication as to whether it
-.TH "KDC.CONF" "5" " " "1.11.3" "MIT Kerberos"
+.TH "KDC.CONF" "5" " " "1.11.4" "MIT Kerberos"
.SH NAME
kdc.conf \- Kerberos V5 KDC configuration file
.
-.TH "KDESTROY" "1" " " "1.11.3" "MIT Kerberos"
+.TH "KDESTROY" "1" " " "1.11.4" "MIT Kerberos"
.SH NAME
kdestroy \- destroy Kerberos tickets
.
-.TH "KINIT" "1" " " "1.11.3" "MIT Kerberos"
+.TH "KINIT" "1" " " "1.11.4" "MIT Kerberos"
.SH NAME
kinit \- obtain and cache Kerberos ticket-granting ticket
.
-.TH "KLIST" "1" " " "1.11.3" "MIT Kerberos"
+.TH "KLIST" "1" " " "1.11.4" "MIT Kerberos"
.SH NAME
klist \- list cached Kerberos tickets
.
-.TH "KPASSWD" "1" " " "1.11.3" "MIT Kerberos"
+.TH "KPASSWD" "1" " " "1.11.4" "MIT Kerberos"
.SH NAME
kpasswd \- change a user's Kerberos password
.
-.TH "KPROP" "8" " " "1.11.3" "MIT Kerberos"
+.TH "KPROP" "8" " " "1.11.4" "MIT Kerberos"
.SH NAME
kprop \- propagate a Kerberos V5 principal database to a slave server
.
-.TH "KPROPD" "8" " " "1.11.3" "MIT Kerberos"
+.TH "KPROPD" "8" " " "1.11.4" "MIT Kerberos"
.SH NAME
kpropd \- Kerberos V5 slave KDC update server
.
.UNINDENT
.UNINDENT
.sp
-kpropd can also run as a standalone daemon. This is required for
-incremental propagation. But this is also useful for debugging
-purposes.
+kpropd can also run as a standalone daemon, backgrounding itself and
+waiting for connections on port 754 (or the port specified with the
+\fB\-P\fP option if given). Standalone mode is required for incremental
+propagation. Starting in release 1.11, kpropd automatically detects
+whether it was run from inetd and runs in standalone mode if it is
+not. Prior to release 1.11, the \fB\-S\fP option is required to run
+kpropd in standalone mode; this option is now accepted for backward
+compatibility but does nothing.
.sp
Incremental propagation may be enabled with the \fBiprop_enable\fP
variable in \fIkdc.conf(5)\fP. If incremental propagation is
Allows the user to specify the pathname to the \fIkdb5_util(8)\fP
program; by default the pathname used is \fB@SBINDIR@\fP\fB/kdb5_util\fP.
.TP
-.B \fB\-S\fP
-[DEPRECATED] Enable standalone mode. Normally kpropd is invoked by
-inetd(8) so it expects a network connection to be passed to it
-from inetd(8). If the \fB\-S\fP option is specified, or if standard
-input is not a socket, kpropd will put itself into the background,
-and wait for connections on port 754 (or the port specified with the
-\fB\-P\fP option if given).
-.TP
.B \fB\-d\fP
-Turn on debug mode. In this mode, if the \fB\-S\fP option is
-selected, kpropd will not detach itself from the current job and
-run in the background. Instead, it will run in the foreground and
-print out debugging messages during the database propagation.
+Turn on debug mode. In this mode, kpropd will not detach
+itself from the current job and run in the background. Instead,
+it will run in the foreground and print out debugging messages
+during the database propagation.
.TP
.B \fB\-P\fP
Allow for an alternate port number for kpropd to listen on. This
-.TH "KPROPLOG" "8" " " "1.11.3" "MIT Kerberos"
+.TH "KPROPLOG" "8" " " "1.11.4" "MIT Kerberos"
.SH NAME
kproplog \- display the contents of the Kerberos principal update log
.
-.TH "KRB5-CONFIG" "1" " " "1.11.3" "MIT Kerberos"
+.TH "KRB5-CONFIG" "1" " " "1.11.4" "MIT Kerberos"
.SH NAME
krb5-config \- tool for linking against MIT Kerberos libraries
.
-.TH "KRB5.CONF" "5" " " "1.11.3" "MIT Kerberos"
+.TH "KRB5.CONF" "5" " " "1.11.4" "MIT Kerberos"
.SH NAME
krb5.conf \- Kerberos configuration file
.
-.TH "KRB5KDC" "8" " " "1.11.3" "MIT Kerberos"
+.TH "KRB5KDC" "8" " " "1.11.4" "MIT Kerberos"
.SH NAME
krb5kdc \- Kerberos V5 KDC
.
-.TH "KSU" "1" " " "1.11.3" "MIT Kerberos"
+.TH "KSU" "1" " " "1.11.4" "MIT Kerberos"
.SH NAME
ksu \- Kerberized super-user
.
-.TH "KSWITCH" "1" " " "1.11.3" "MIT Kerberos"
+.TH "KSWITCH" "1" " " "1.11.4" "MIT Kerberos"
.SH NAME
kswitch \- switch primary ticket cache
.
-.TH "KTUTIL" "1" " " "1.11.3" "MIT Kerberos"
+.TH "KTUTIL" "1" " " "1.11.4" "MIT Kerberos"
.SH NAME
ktutil \- Kerberos keytab file maintenance utility
.
-.TH "KVNO" "1" " " "1.11.3" "MIT Kerberos"
+.TH "KVNO" "1" " " "1.11.4" "MIT Kerberos"
.SH NAME
kvno \- print key version numbers of Kerberos principals
.
-.TH "SCLIENT" "1" " " "1.11.3" "MIT Kerberos"
+.TH "SCLIENT" "1" " " "1.11.4" "MIT Kerberos"
.SH NAME
sclient \- sample Kerberos version 5 client
.
-.TH "SSERVER" "8" " " "1.11.3" "MIT Kerberos"
+.TH "SSERVER" "8" " " "1.11.4" "MIT Kerberos"
.SH NAME
sserver \- sample Kerberos version 5 server
.
*/
#define KRB5_MAJOR_RELEASE 1
#define KRB5_MINOR_RELEASE 11
-#define KRB5_PATCHLEVEL 3
-#define KRB5_RELTAIL "postrelease"
+#define KRB5_PATCHLEVEL 4
+/* #undef KRB5_RELTAIL */
/* #undef KRB5_RELDATE */
-#define KRB5_RELTAG "krb5-1.11"
+#define KRB5_RELTAG "krb5-1.11.4-final"
projects / thirdparty / krb5.git / commitdiff
