From: Greg Hudson <ghudson@mit.edu>
Date: Thu, 1 Nov 2018 22:36:44 +0000 (-0400)
Subject: Update for krb5-1.15.4
X-Git-Tag: krb5-1.15.4-final
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ce02c35a2780f0c794e67674060ad11037ecdac0;p=thirdparty%2Fkrb5.git

Update for krb5-1.15.4
---

diff --git a/README b/README
index b069651308..61272a97cd 100644
--- a/README
+++ b/README
@@ -73,6 +73,43 @@ from using single-DES cryptosystems.  Among these is a configuration
 variable that enables "weak" enctypes, which defaults to "false"
 beginning with krb5-1.8.
 
+Major changes in 1.15.4 (2018-11-01)
+------------------------------------
+
+This is a bug fix release.
+
+* Fix bugs with concurrent use of MEMORY ccache handles.
+
+* Fix a KDC crash when falling back between multiple OTP tokens
+  configured for a principal entry.
+
+* Fix memory bugs when gss_add_cred() is used to create a new
+  credential, and fix a bug where it ignores the desired_name.
+
+* Fix the behavior of gss_inquire_cred_by_mech() when the credential
+  does not contain an element of the requested mechanism.
+
+* Make cross-realm S4U2Self requests work on the client when no
+  default_realm is configured.
+
+krb5-1.15.4 changes by ticket ID
+--------------------------------
+
+8202    memory ccache cursors are invalidated by initialize
+8677    Escape curly braces in def-check.pl regexes
+8684    Fix option parsing on Windows
+8704    Resource leak in read_secret_file()
+8708    Incorrect error handling in OTP plugin
+8727    Check strdup return in kadm5_get_config_params()
+8729    Memory leak in gss_add_cred() creation case
+8734    gss_add_cred() aliases memory when creating extended cred
+8736    Check mech cred in gss_inquire_cred_by_mech()
+8737    gss_add_cred() ignores desired_name if creating a new credential
+8741    S4U2Self client code fails with no default realm
+8743    Fix incorrect TRACE usages to use {str}
+8759    Resource leak in kadm5_randkey_principal_3()
+
+
 Major changes in 1.15.3 (2018-05-03)
 ------------------------------------
 
@@ -545,12 +582,14 @@ reports, suggestions, and valuable resources:
     Jan iankko Lieskovsky
     Todd Lipcon
     Oliver Loch
+    Chris Long
     Kevin Longfellow
     Frank Lonigro
     Jon Looney
     Nuno Lopes
     Ryan Lynch
     Roland Mainz
+    Sorin Manolache
     Andrei Maslennikov
     Michael Mattioli
     Nathaniel McCallum
@@ -622,6 +661,7 @@ reports, suggestions, and valuable resources:
     Neng Xue
     Zhaomo Yang
     Nickolai Zeldovich
+    Bean Zhang
     Hanz van Zijst
     Gertjan Zwartjes
 
diff --git a/src/man/k5identity.man b/src/man/k5identity.man
index 4a351c13cf..bba3c14cbf 100644
--- a/src/man/k5identity.man
+++ b/src/man/k5identity.man
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "K5IDENTITY" "5" " " "1.15.3" "MIT Kerberos"
+.TH "K5IDENTITY" "5" " " "1.15.4" "MIT Kerberos"
 .SH NAME
 k5identity \- Kerberos V5 client principal selection rules
 .
diff --git a/src/man/k5login.man b/src/man/k5login.man
index ab1e79a371..b750d7fd01 100644
--- a/src/man/k5login.man
+++ b/src/man/k5login.man
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "K5LOGIN" "5" " " "1.15.3" "MIT Kerberos"
+.TH "K5LOGIN" "5" " " "1.15.4" "MIT Kerberos"
 .SH NAME
 k5login \- Kerberos V5 acl file for host access
 .
diff --git a/src/man/k5srvutil.man b/src/man/k5srvutil.man
index 21c86fa58a..366c5af129 100644
--- a/src/man/k5srvutil.man
+++ b/src/man/k5srvutil.man
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "K5SRVUTIL" "1" " " "1.15.3" "MIT Kerberos"
+.TH "K5SRVUTIL" "1" " " "1.15.4" "MIT Kerberos"
 .SH NAME
 k5srvutil \- host key table (keytab) manipulation utility
 .
diff --git a/src/man/kadm5.acl.man b/src/man/kadm5.acl.man
index f285013154..cd02b2688a 100644
--- a/src/man/kadm5.acl.man
+++ b/src/man/kadm5.acl.man
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "KADM5.ACL" "5" " " "1.15.3" "MIT Kerberos"
+.TH "KADM5.ACL" "5" " " "1.15.4" "MIT Kerberos"
 .SH NAME
 kadm5.acl \- Kerberos ACL file
 .
diff --git a/src/man/kadmin.man b/src/man/kadmin.man
index 41cac1537f..0396b4cc57 100644
--- a/src/man/kadmin.man
+++ b/src/man/kadmin.man
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "KADMIN" "1" " " "1.15.3" "MIT Kerberos"
+.TH "KADMIN" "1" " " "1.15.4" "MIT Kerberos"
 .SH NAME
 kadmin \- Kerberos V5 database administration program
 .
diff --git a/src/man/kadmind.man b/src/man/kadmind.man
index 85af67271a..4a5ad29fdf 100644
--- a/src/man/kadmind.man
+++ b/src/man/kadmind.man
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "KADMIND" "8" " " "1.15.3" "MIT Kerberos"
+.TH "KADMIND" "8" " " "1.15.4" "MIT Kerberos"
 .SH NAME
 kadmind \- KADM5 administration server
 .
diff --git a/src/man/kdb5_ldap_util.man b/src/man/kdb5_ldap_util.man
index 65dd7990d7..5cd5cc18c3 100644
--- a/src/man/kdb5_ldap_util.man
+++ b/src/man/kdb5_ldap_util.man
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "KDB5_LDAP_UTIL" "8" " " "1.15.3" "MIT Kerberos"
+.TH "KDB5_LDAP_UTIL" "8" " " "1.15.4" "MIT Kerberos"
 .SH NAME
 kdb5_ldap_util \- Kerberos configuration utility
 .
diff --git a/src/man/kdb5_util.man b/src/man/kdb5_util.man
index 7d14e8562b..370276f720 100644
--- a/src/man/kdb5_util.man
+++ b/src/man/kdb5_util.man
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "KDB5_UTIL" "8" " " "1.15.3" "MIT Kerberos"
+.TH "KDB5_UTIL" "8" " " "1.15.4" "MIT Kerberos"
 .SH NAME
 kdb5_util \- Kerberos database maintenance utility
 .
diff --git a/src/man/kdc.conf.man b/src/man/kdc.conf.man
index 3420527237..cc784a17f1 100644
--- a/src/man/kdc.conf.man
+++ b/src/man/kdc.conf.man
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "KDC.CONF" "5" " " "1.15.3" "MIT Kerberos"
+.TH "KDC.CONF" "5" " " "1.15.4" "MIT Kerberos"
 .SH NAME
 kdc.conf \- Kerberos V5 KDC configuration file
 .
diff --git a/src/man/kdestroy.man b/src/man/kdestroy.man
index 0ee8e94d38..99970f4f15 100644
--- a/src/man/kdestroy.man
+++ b/src/man/kdestroy.man
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "KDESTROY" "1" " " "1.15.3" "MIT Kerberos"
+.TH "KDESTROY" "1" " " "1.15.4" "MIT Kerberos"
 .SH NAME
 kdestroy \- destroy Kerberos tickets
 .
diff --git a/src/man/kinit.man b/src/man/kinit.man
index 8fcc9eb155..faff112f52 100644
--- a/src/man/kinit.man
+++ b/src/man/kinit.man
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "KINIT" "1" " " "1.15.3" "MIT Kerberos"
+.TH "KINIT" "1" " " "1.15.4" "MIT Kerberos"
 .SH NAME
 kinit \- obtain and cache Kerberos ticket-granting ticket
 .
diff --git a/src/man/klist.man b/src/man/klist.man
index edde6ce637..34bfa1bb23 100644
--- a/src/man/klist.man
+++ b/src/man/klist.man
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "KLIST" "1" " " "1.15.3" "MIT Kerberos"
+.TH "KLIST" "1" " " "1.15.4" "MIT Kerberos"
 .SH NAME
 klist \- list cached Kerberos tickets
 .
diff --git a/src/man/kpasswd.man b/src/man/kpasswd.man
index a0895fc6f9..04bb72a74d 100644
--- a/src/man/kpasswd.man
+++ b/src/man/kpasswd.man
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "KPASSWD" "1" " " "1.15.3" "MIT Kerberos"
+.TH "KPASSWD" "1" " " "1.15.4" "MIT Kerberos"
 .SH NAME
 kpasswd \- change a user's Kerberos password
 .
diff --git a/src/man/kprop.man b/src/man/kprop.man
index 9e161f46e5..18ae91ff95 100644
--- a/src/man/kprop.man
+++ b/src/man/kprop.man
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "KPROP" "8" " " "1.15.3" "MIT Kerberos"
+.TH "KPROP" "8" " " "1.15.4" "MIT Kerberos"
 .SH NAME
 kprop \- propagate a Kerberos V5 principal database to a slave server
 .
diff --git a/src/man/kpropd.man b/src/man/kpropd.man
index 36aa9f7397..c6a2ee9e29 100644
--- a/src/man/kpropd.man
+++ b/src/man/kpropd.man
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "KPROPD" "8" " " "1.15.3" "MIT Kerberos"
+.TH "KPROPD" "8" " " "1.15.4" "MIT Kerberos"
 .SH NAME
 kpropd \- Kerberos V5 slave KDC update server
 .
diff --git a/src/man/kproplog.man b/src/man/kproplog.man
index e0b200b9a6..7966c2ae09 100644
--- a/src/man/kproplog.man
+++ b/src/man/kproplog.man
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "KPROPLOG" "8" " " "1.15.3" "MIT Kerberos"
+.TH "KPROPLOG" "8" " " "1.15.4" "MIT Kerberos"
 .SH NAME
 kproplog \- display the contents of the Kerberos principal update log
 .
diff --git a/src/man/krb5-config.man b/src/man/krb5-config.man
index 370cbd112f..d74014e629 100644
--- a/src/man/krb5-config.man
+++ b/src/man/krb5-config.man
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "KRB5-CONFIG" "1" " " "1.15.3" "MIT Kerberos"
+.TH "KRB5-CONFIG" "1" " " "1.15.4" "MIT Kerberos"
 .SH NAME
 krb5-config \- tool for linking against MIT Kerberos libraries
 .
diff --git a/src/man/krb5.conf.man b/src/man/krb5.conf.man
index e7f1b46e46..ecfe8698cd 100644
--- a/src/man/krb5.conf.man
+++ b/src/man/krb5.conf.man
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "KRB5.CONF" "5" " " "1.15.3" "MIT Kerberos"
+.TH "KRB5.CONF" "5" " " "1.15.4" "MIT Kerberos"
 .SH NAME
 krb5.conf \- Kerberos configuration file
 .
diff --git a/src/man/krb5kdc.man b/src/man/krb5kdc.man
index 1f694912a7..db149daa94 100644
--- a/src/man/krb5kdc.man
+++ b/src/man/krb5kdc.man
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "KRB5KDC" "8" " " "1.15.3" "MIT Kerberos"
+.TH "KRB5KDC" "8" " " "1.15.4" "MIT Kerberos"
 .SH NAME
 krb5kdc \- Kerberos V5 KDC
 .
diff --git a/src/man/ksu.man b/src/man/ksu.man
index 05549f4d65..80e4a8f474 100644
--- a/src/man/ksu.man
+++ b/src/man/ksu.man
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "KSU" "1" " " "1.15.3" "MIT Kerberos"
+.TH "KSU" "1" " " "1.15.4" "MIT Kerberos"
 .SH NAME
 ksu \- Kerberized super-user
 .
diff --git a/src/man/kswitch.man b/src/man/kswitch.man
index 75fe17d8a7..ac487bbbf6 100644
--- a/src/man/kswitch.man
+++ b/src/man/kswitch.man
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "KSWITCH" "1" " " "1.15.3" "MIT Kerberos"
+.TH "KSWITCH" "1" " " "1.15.4" "MIT Kerberos"
 .SH NAME
 kswitch \- switch primary ticket cache
 .
diff --git a/src/man/ktutil.man b/src/man/ktutil.man
index d0a040b4ca..4c525556e9 100644
--- a/src/man/ktutil.man
+++ b/src/man/ktutil.man
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "KTUTIL" "1" " " "1.15.3" "MIT Kerberos"
+.TH "KTUTIL" "1" " " "1.15.4" "MIT Kerberos"
 .SH NAME
 ktutil \- Kerberos keytab file maintenance utility
 .
diff --git a/src/man/kvno.man b/src/man/kvno.man
index 57be7daffd..4ff7d609e1 100644
--- a/src/man/kvno.man
+++ b/src/man/kvno.man
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "KVNO" "1" " " "1.15.3" "MIT Kerberos"
+.TH "KVNO" "1" " " "1.15.4" "MIT Kerberos"
 .SH NAME
 kvno \- print key version numbers of Kerberos principals
 .
diff --git a/src/man/sclient.man b/src/man/sclient.man
index 2f4fb6e8af..3db7dd12ae 100644
--- a/src/man/sclient.man
+++ b/src/man/sclient.man
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "SCLIENT" "1" " " "1.15.3" "MIT Kerberos"
+.TH "SCLIENT" "1" " " "1.15.4" "MIT Kerberos"
 .SH NAME
 sclient \- sample Kerberos version 5 client
 .
diff --git a/src/man/sserver.man b/src/man/sserver.man
index f6f45623c7..e35b4cd975 100644
--- a/src/man/sserver.man
+++ b/src/man/sserver.man
@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "SSERVER" "8" " " "1.15.3" "MIT Kerberos"
+.TH "SSERVER" "8" " " "1.15.4" "MIT Kerberos"
 .SH NAME
 sserver \- sample Kerberos version 5 server
 .
diff --git a/src/patchlevel.h b/src/patchlevel.h
index 46a2c1cbfd..983171014a 100644
--- a/src/patchlevel.h
+++ b/src/patchlevel.h
@@ -51,7 +51,7 @@
  */
 #define KRB5_MAJOR_RELEASE 1
 #define KRB5_MINOR_RELEASE 15
-#define KRB5_PATCHLEVEL 3
-#define KRB5_RELTAIL "postrelease"
+#define KRB5_PATCHLEVEL 4
+/* #undef KRB5_RELTAIL */
 /* #undef KRB5_RELDATE */
-#define KRB5_RELTAG "krb5-1.15"
+#define KRB5_RELTAG "krb5-1.15.4-final"
diff --git a/src/po/mit-krb5.pot b/src/po/mit-krb5.pot
index f7283a54c8..7ef594bbf4 100644
--- a/src/po/mit-krb5.pot
+++ b/src/po/mit-krb5.pot
@@ -6,9 +6,9 @@
 #, fuzzy
 msgid ""
 msgstr ""
-"Project-Id-Version: mit-krb5 1.15.3-postrelease\n"
+"Project-Id-Version: mit-krb5 1.15.4\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2018-11-01 18:23-0400\n"
+"POT-Creation-Date: 2018-11-01 18:36-0400\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"