From: Tom Yu Date: Wed, 5 Jun 2013 19:40:43 +0000 (-0400) Subject: Updates for krb5-1.10.6 X-Git-Tag: krb5-1.10.6-final X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=884961f67896f7dcbaa4bbbcb495c64d88582bcd;p=thirdparty%2Fkrb5.git Updates for krb5-1.10.6 --- diff --git a/README b/README index 0e03bc9783..07efb5ddb2 100644 --- a/README +++ b/README @@ -70,6 +70,27 @@ from using single-DES cryptosystems. Among these is a configuration variable that enables "weak" enctypes, which defaults to "false" beginning with krb5-1.8. +Major changes in krb5-1.10.6 (2013-06-05) +----------------------------------------- + +This is a bugfix release. The krb5-1.10 release series is in +maintenance, and for new deployments, installers should prefer the +krb5-1.11 release series or later. + +* Fix a UDP ping-pong vulnerability in the kpasswd (password changing) + service. [CVE-2002-2443] + +* Improve interoperability with some Windows native PKINIT clients. + +krb5-1.10.6 changes by ticket ID +-------------------------------- + +7638 Fix kpasswd UDP ping-pong [CVE-2002-2443] +7649 Fix transited handling for GSSAPI acceptors +7658 Ignore missing Q in dh_params +7659 allow dh_min_bits >= 1024 +7660 Set msg_type when decoding FAST requests + Major changes in krb5-1.10.5 (2013-04-17) ----------------------------------------- @@ -606,6 +627,7 @@ reports, suggestions, and valuable resources: Joel Johnson W. Trevor King Mikkel Kruse + Reinhard Kugler Volker Lendecke Jan iankko Lieskovsky Oliver Loch diff --git a/src/patchlevel.h b/src/patchlevel.h index 34d834e249..317a575610 100644 --- a/src/patchlevel.h +++ b/src/patchlevel.h @@ -51,7 +51,7 @@ */ #define KRB5_MAJOR_RELEASE 1 #define KRB5_MINOR_RELEASE 10 -#define KRB5_PATCHLEVEL 5 -#define KRB5_RELTAIL "postrelease" +#define KRB5_PATCHLEVEL 6 +/* #undef KRB5_RELTAIL */ /* #undef KRB5_RELDATE */ -#define KRB5_RELTAG "krb5-1.10" +#define KRB5_RELTAG "krb5-1.10.6-final"