[Bug 373406] [NEW] Sync krb5 1.7dfsg~beta1-3 (main) from Debian unstable (main).
Mathias Gug
mathiaz at ubuntu.com
Thu May 7 21:00:31 BST 2009
Public bug reported:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
affects ubuntu/krb5
status confirmed
importance wishlist
subscribe ubuntu-archive
Please sync krb5 1.7dfsg~beta1-3 (main) from Debian unstable (main).
Explanation of the Ubuntu delta and why it can be dropped:
There were two changes in Ubuntu:
1. Two security fixes that were included in 1.6.dfsg.4~beta1-13.
2. A patch adding some functionality required by likewise-open.
1.7 provides the same features but with a different API.
The likewise-open developers plan to use the 1.7 API instead of their
modification to the 1.6 release.
Changelog since current karmic version 1.6.dfsg.4~beta1-5ubuntu2:
krb5 (1.7dfsg~beta1-3) unstable; urgency=low
* Relax symbol versions of symbols that exist in krb5 1.6.dfsg.2 to
1.6.dfsg.2. No software currently in Debian uses the new
functionality, and this will ease the transition because it allows
krb5 to move independently of packages that are being rebuilt. This
change will be reverted before the end of May, 2009.
-- Sam Hartman <hartmans at debian.org> Tue, 05 May 2009 09:01:17 -0400
krb5 (1.7dfsg~beta1-2) unstable; urgency=low
* Upload to unstable with permission of release team; note that this
upload will make anything that depends on libkrb53 uninstallable in
unstable. The release team will make binary only NMUs to rebuild any
such packages and they will depend on the new libraries. Packages
built since 1.6.dfsg.4~beta1-9 entered unstable should not be affected.
* Upstream change: return PREAUTH_REQUIRED not PREAUTH_FAILED on unknown
preauth type in the KDC.
* Remove a bunch of patches applied ustream from debian/patches
-- Sam Hartman <hartmans at debian.org> Mon, 04 May 2009 16:19:09 -0400
krb5 (1.7dfsg~beta1-1) experimental; urgency=low
* New upstream release
- kadmin and related commands moved to /usr/bin, Closes: #477296
- Kadmin headers are Public: Closes: #191616
- KDC supports loopback address, Closes: #478425
-- Sam Hartman <hartmans at debian.org> Wed, 22 Apr 2009 09:53:15 -0400
krb5 (1.7dfsg~alpha1-1) experimental; urgency=low
* New upstream version
-- Sam Hartman <hartmans at debian.org> Sun, 05 Apr 2009 20:46:14 -0400
krb5 (1.6.dfsg.4~beta1-13) unstable; urgency=high
* MITKRB5-SA-2009-001: Fix read-beyond-end-of-buffer DOS in SPNEGO, an
SPNEGO null pointer dereference, and incorrect length validation in
an ASN.1 decoder. (CVE-2009-0844, CVE-2009-0845, CVE-2009-0847)
* MITKRB5-SA-2009-002: ASN.1 general time decoder can free uninitialized
pointer. (CVE-2009-0846)
* Add dependency on libkrb53 from libkrb5-dev. This should make it
significantly more difficult for buildds to get out of sync. I don't
think we can do better within the constraints of this transition,
Closes: #522469
-- Sam Hartman <hartmans at debian.org> Tue, 07 Apr 2009 14:58:31 -0400
krb5 (1.6.dfsg.4~beta1-12) unstable; urgency=low
* Translation updates:
- Romanian, thanks Eddy Petrișor. (Closes: #519660)
- Finnish, thanks Esko Arajärvi. (Closes: #519741)
- Russian, thanks Sergey Alyoshin. (Closes: #519744)
- Spanish, thanks Francisco Javier Cuadrado. (Closes: #519808)
-- Russ Allbery <rra at debian.org> Fri, 27 Mar 2009 11:24:28 -0700
krb5 (1.6.dfsg.4~beta1-11) unstable; urgency=low
* Upload from the partial-krb4 branch not the master branch so we don't
break unstable.
- Restore libkrb53 and libkadm55
* Resync the aes test files from upstream to fix a line ending problem
and significantly shrink the debian diff
-- Sam Hartman <hartmans at debian.org> Fri, 13 Mar 2009 10:19:42 -0400
krb5 (1.6.dfsg.4~beta1-10) unstable; urgency=low
* Add Homepage control field.
* Add ${misc:Depends} to dependencies for all packages.
* Expand the packages that satisfy the libkrb5-dbg dependency.
* Include a few more details about the differences between the various
library packages in their long descriptions and fix some whitespace
inconsistencies. Thanks, Gerfried Fuchs. (Closes: #519403)
* Remove empty usr/include/kerberosIV directory in libkrb5-dev.
* Use set -e instead of #!/bin/sh -e for all maintainer scripts.
* Use which without a path to check for update-inetd.
* Improve the leading comment in /etc/default/krb5-kdc.
* Remove unnecessary section override for krb5-pkinit.
* Update to debhelper compatibility level V7.
- Use dh_lintian to install Lintian overrides.
- Use dh_prep instead of dh_clean -k.
* Update standards version to 3.8.1 (no changes required).
* Fix superfluous space in the krb5-kdc debconf templates and unfuzzy
translations. Thanks, Helge Kreutzmann. (Closes: #518403)
* Translation updates:
- French, thanks Christian Perrier. (Closes: #518221)
- Japanese, thanks TANAKA Atushi. (Closes: #518345)
- Swedish, thanks Martin Bagge. (Closes: #518347)
- German, thanks Helge Kreutzmann. (Closes: #518402)
- Czech, thanks Miroslav Kure. (Closes: #518993)
- Portuguese, thanks Miguel Figueiredo. (Closes: #519000)
- Italian, thanks Luca Monducci. (Closes: #519178)
- Galician, thanks Marce Villarino. (Closes: #519481)
-- Russ Allbery <rra at debian.org> Thu, 12 Mar 2009 18:00:31 -0700
krb5 (1.6.dfsg.4~beta1-9) unstable; urgency=medium
* Fix typo in downgrade instructions in NEWS file.
* Fix override for libkadm55
* Upload to unstable.
-- Sam Hartman <hartmans at debian.org> Sun, 01 Mar 2009 15:33:58 -0500
krb5 (1.6.dfsg.4~beta1-8) experimental; urgency=low
* Re-introduce libkrb53 and libkadm55 based on discussion on
debian-devel; in this version, libkrb53 contains only libkrb4. Both
libkrb53 and libkadm55 depend on the split library packages. These
dependencies are unversioned; that means that before any symbols are
added the shlibs files need to be repointed away from libkrb53 and
libkadm55. Any version of the split library packages can satisfy the
symbols needed by the libraries previously shipped in libkrb53.
* Perform two builds; one without krb4 and one with krb4 for the only
warnings; they will go away when the shlibs files are repointed.
* Remove krb4 support from debconf and init scripts.
* Remove the krb4 migration guide from doc-base
* Fix up replaces in control file so that libraries that used to be in
libkadm55 claim to replace libkadm55
* Only use parallel builds on the krb5 build; it breaks krb4 enabled
builds.
* Used versioned replaces; this seems to make it harder to get a system
into a broken state if you remove the new packages, Closes: #517483
-- Sam Hartman <hartmans at debian.org> Sat, 28 Feb 2009 00:42:51 -0500
krb5 (1.6.dfsg.4~beta1-7) experimental; urgency=low
* Do not build krb4 support; this is being removed upstream with 1.7 and
it is strongly desirable to examine the debian implications.
* As a result, the libraries which were previously all in libkrb53 need
to change package names as we are dropping some libraries. So, split
out the libraries into lib<libraryname>-<soname> per policy. The old
format was consistent with policy when it was written 8 years ago, and
has lasted well. As a result, a significant number of new library
packages are introduced.
* Use dpkg-gensymbols support for .symbols files for better version tracking
* Update to policy 3.8.0
- Support parallel=
-- Sam Hartman <hartmans at debian.org> Fri, 20 Feb 2009 16:57:43 -0500
krb5 (1.6.dfsg.4~beta1-6) unstable; urgency=low
* In the krb5-install info pages, document the need to create an empty
database on new slaves before the first database propagation to work
around a bug in kdb5_util. This is a workaround for Bug#512670, which
won't be fixed in time for the lenny release.
-- Russ Allbery <rra at debian.org> Sun, 01 Feb 2009 10:07:37 -0800
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
iEYEARECAAYFAkoDPcsACgkQM0thG+z3pVhguQCeOvPrcjwXn+35NxMhl0ITapQ0
PS4An2UT81ijz66V3D3Yp807W8rG/2OL
=Wu09
-----END PGP SIGNATURE-----
** Affects: krb5 (Ubuntu)
Importance: Wishlist
Status: Confirmed
--
Sync krb5 1.7dfsg~beta1-3 (main) from Debian unstable (main).
https://bugs.launchpad.net/bugs/373406
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to krb5 in ubuntu.
More information about the Ubuntu-server-bugs
mailing list