Accepted: krb5 1.6.dfsg.3-2 (source)
Ubuntu Installer
archive at ubuntu.com
Fri Jun 13 10:11:41 BST 2008
Accepted:
OK: krb5_1.6.dfsg.3.orig.tar.gz
OK: krb5_1.6.dfsg.3-2.diff.gz
OK: krb5_1.6.dfsg.3-2.dsc
-> Component: main Section: net
Origin: Debian/unstable
Format: 1.7
Date: Fri, 13 Jun 2008 09:44:49 +0100
Source: krb5
Binary: libkadm55, libkrb53, krb5-user, krb5-clients, krb5-rsh-server, krb5-ftpd, krb5-telnetd, krb5-kdc, krb5-kdc-ldap, krb5-admin-server, libkrb5-dev, libkrb5-dbg, krb5-pkinit, krb5-doc
Architecture: source
Version: 1.6.dfsg.3-2
Distribution: intrepid
Urgency: critical
Maintainer: Sam Hartman <hartmans at debian.org>
Changed-By: Mathias Gug <mathiaz at ubuntu.com>
Closes: 443326 443331 451146 453113 460589 465294 474741 477294 477301 477307 479239 479384 479404 479457 480452
Changes:
krb5 (1.6.dfsg.3-2) unstable; urgency=low
.
* kdc.conf was previously in krb5-doc, not uninstalled. Properly
handle moving it to the krb5-kdc package. (Closes: #480452)
* Include libkdb-ldap1 in krb5-kdc-pkinit, install it into a private
directory (/usr/lib/krb5) rather than directly in /usr/lib, and use an
RPATH in kdb5_ldap_util and the plugin to find the library. Drop the
libkdb-ldap1 library package. This library isn't intended to be used
by any software outside of the KDC plugin and utility. Thanks,
Bastian Blank. (Closes: #479384)
* Load defaults for debconf configuration of krb5-admin-server and
krb5-kdc from the /etc/default files if they exist. Thanks, Bastian
Blank. (Closes: #479404)
* Preserve DAEMON_ARGS settings in /etc/default/krb5-admin-server and
/etc/default/krb5-kdc even if debconf configuration is enabled.
* Don't require that a stash file be created in /etc/init.d/krb5-kdc.
Stash files are optional. (Closes: #479457)
* Error out instead of silently existing if debconf's confmodule cannot
be loaded. Given that we depend on debconf, if this fails, something
serious went wrong and we shouldn't ignore it.
* Use /bin/which instead of command -v to check for update-inetd.
* Unconditionally remove kpropd's inetd.conf entry in the postrm of
krb5-kdc rather than special-casing remove and deconfigure.
* Add 256-bit AES and RC4 keys to the default kdc.conf, the first
because it's the strongest enctype currently supported and the second
for Windows compatibility. Improve the README.KDC enctype
documentation.
* Install kerberos.ldif and kerberos.schema in krb5-kdc-ldap as
documentation. Thanks, Bastian Blank. (Closes: #479239)
.
krb5 (1.6.dfsg.3-1) unstable; urgency=low
.
* Final upstream 1.6.3 release.
* Package the LDAP plugin for the KDC, which allows one to use an LDAP
server to store the KDC database. Install the krb5-kdc-ldap package
for the plugin. (Closes: #453113)
* If krb5-config/default_realm isn't set, use EXAMPLE.COM as the realm
so that the kdc.conf will at least be syntactically valid (but will
still require editing). (Closes: #474741)
* krb5-kdc explicitly depends on krb5-config since it relies on debconf
variables set by that package.
* Always stop krb524d on /etc/init.d/krb5-kdc stop even if the
configuration has been changed to no longer run it. Thanks, Bastian
Blank. (Closes: #477294)
* Install the kdc.conf man page. (Closes: #477307)
* krb5-kdc no longer depends on update-inetd and inet-superserver and
instead just suggests openbsd-inetd | inet-superserver and
conditionally adds the commented-out kpropd example if update-inetd is
available. krb5-admin-server doesn't need inet-superserver at all.
Thanks, Bastian Blank. (Closes: #477301)
* Change the doc-base sections to System/Security.
* Correctly mangle the version in the watch file.
* Remove conflicts with packages already not present in oldstable.
* Remove versioned build-dependencies satisfied by oldstable.
* Remove versioned Replaces for versions older than oldstable.
.
krb5 (1.6.dfsg.3~beta1-4) unstable; urgency=emergency
.
* MITKRB5-SA-2008-001: When Kerberos v4 support is enabled in the KDC,
malformed messages may result in NULL pointer use, double-frees, or
exposure of information. (CVE-2008-0062, CVE-2008-0063)
* MITKRB5-SA-2008-002: If the file descriptor limit is larger than
FD_SETSIZE and kadmind has more open connections than FD_SETSIZE, an
array overrun and memory corruption may result. (CVE-2008-0947)
.
krb5 (1.6.dfsg.3~beta1-3) unstable; urgency=low
.
* Apply cross-build patch from Neil Williams. (Closes: #465294)
* Document in comments that configuration management via debconf should
be disabled before making manual changes to /etc/default/krb5-kdc and
/etc/default/krb5-admin-server. (Closes: #443326)
* Support DAEMON_ARGS in /etc/default/krb5-admin-server for kadmind.
Thanks, Dwayne Litzenberger. (Closes: #443331)
* Don't stop the servers in runlevel S. This isn't a real runlevel and
cannot be switched to, so the links are extraneous.
* Use binary:Version instead of Source-Version in debian/control.
* Depend on openbsd-inetd | inet-superserver instead of on update-inetd,
since inetd implementations may provide their own update-inetd.
* Improve quoting and formatting in the postinsts for krb5-kdc and
krb5-admin-server. Error on failure to load debconf, since we do
depend on it. Support reconfigure.
* Fix file locations in the krb524 doc-base control file.
* Add the info documentation to all doc-base control files.
* Fix a variety of man page errors uncovered by man --warnings.
* Wrap Depends and Conflicts fields in debian/control.
* dpkg-dev now compresses duplicate relations, so no need for lintian
overrides.
* Add an override for the empty plugin directory in libkrb53.
* Update standards version to 3.7.3 (no changes required).
* Translation updates:
- Finnish, thanks Esko Arajärvi. (Closes: #451146)
- Dutch, thanks Vincent Zweije. (Closes: #460589)
Files:
10df52acc39a6c1903c79a52743fdb07 11815782 net standard krb5_1.6.dfsg.3.orig.tar.gz
2c02f11df8218d9c59d3b80c32df1b44 1339 net standard krb5_1.6.dfsg.3-2.dsc
2ab16ef0826603bd673a232e78a76fe7 1727892 net standard krb5_1.6.dfsg.3-2.diff.gz
More information about the Intrepid-changes
mailing list