[Bug 489418] Re: Strange behavior of libkrb5 since karmic ...

Evan Broder broder at mit.edu
Mon Nov 30 20:32:48 GMT 2009 

This shouldn't be a problem. We're still in sync phase for Ubuntu
Lucid, so the new krb5 package will get automatically pulled in when
it hits Debian testing.

On Mon, Nov 30, 2009 at 3:25 PM, Sam Hartman <hartmans at debian.org> wrote:
> I released 1.7+dfsg-3 to Debian unstable.  That includes a fix to this
> bug.  I'd recommend that Ubuntu sync that version into a karmic update
> once it hits squeeze in order to address this issue.  The code changes
> between what's in karmic now and 1.7+dfsg-3 are all reasonably
> important bug fixes including a number of user visible memory leak
> fixes, fixes to the lockout problem and fixes to some rare crashes.
> There were no code changes between 1.7 beta3 and 1.7; I have hand
> picked patches that resolve important problems people were having for
> any code changes since the version in karmic.
>
> I understand you try to be conservative about what you accept in an
> update, although I think it will probably be easier to evaluate the
> debian diff than to subset the changes I've made.  I've tried to show
> what all is involved below so you can estimate whether my proposal is
> a viable option.  Specific patches are all in the debian krb5 git repo
> if you do want to subset.
>
>
> The diffs to the code are reasonably small and
> address specific bug fixes:
>
> 2       3       src/appl/gssftp/ftpd/ftpd.c
> 7       0       src/lib/gssapi/spnego/spnego_mech.c
> 17      13      src/lib/kadm5/srv/server_acl.c
> 16      25      src/lib/kdb/kdb_default.c
> 1       1       src/lib/krb5/krb/chpw.c
> 1       2       src/lib/krb5/krb/get_in_tkt.c
> 1       1       src/lib/krb5/krb/kerrs.c
> 3       1       src/lib/krb5/krb/pac.c
> 2       0       src/lib/krb5/krb/t_pac.c
> 8       2       src/lib/krb5/rcache/rc_none.c
> 3       3       src/patchlevel.h
> 7       0       src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
> 14      14      src/util/profile/prof_file.c
> 3       0       src/util/profile/prof_int.h
> 2       7       src/util/profile/prof_tree.c
>
> Here are the fixes that involve code changes:
>  * Several fixes applied after the 1.7 release:
>      - 6506: correctly handle keytab vs stash file
>    - 6508: kadmind ACL parsing could reference uninitialized memory
>    - 6509: kadmind can reference null pointer on ACL error
>    - 6511: uninitialized memory passed to krb5_free_error in change
>    password client path
>    - 6514: none replay cache memory leak
>    - 6515: profile library mutex performance improvements
>    - 6541: memory leak in PAC verify code
>    - 6542: Check for null characters in pkinit certs
>    - 6543: login vs user order in ftpd sometimes wrong
>    - 6551: Memory leak in spnego accept_sec_context error path
>  *  Avoid locking out accounts on PREAUTH_FAILED, Closes: #557979, (LP:
>    #489418)
>
> If you do not choose to accept the full Debian version, I strongly
> recommend you take at least the fix to the lockout bug, 6543 (can
> cause people to be unable to log into ftpd), 6542 (security concern
> about accepting bogus certificates for authentication), and all the
> memory leaks.
>
> In addition to the code changes, this version includes:
>
>
> * autoconf was rerun as part of transition from 1.7beta3 to 1.7
> 9       9       src/appl/libpty/configure
> 9       9       src/appl/telnet/configure
> 10      10      src/configure
> 9       9       src/appl/bsd/configure
> 9       9       src/appl/gssftp/configure
>
> The following documentation updates were pulled in moving from
> 1.7.dfsg~beta3 to 1.7.  You probably don't strictly need these, but it
> should be fairly easy to see they are harmless.
> 77      25      README
> 22      3       doc/CHANGES
> 1021    939     doc/admin-guide.ps
> 83      2       doc/copyright.texinfo
> 873     792     doc/install-guide.ps
> 65      2       doc/krb5-admin.html
> 165     105     doc/krb5-admin.info
> 65      2       doc/krb5-install.html
> 152     92      doc/krb5-install.info
> 65      2       doc/krb5-user.html
> 98      38      doc/krb5-user.info
> 882     801     doc/user-guide.ps
>
> In addition, the following packaging changes were made:
>
> 42      0       debian/changelog
> 2       2       debian/control # fix LP #472080
> 3       4       debian/prepsource # my  script not called by build process
> 1       1       debian/rules # work around change in dh_makeshlibs
> 1       1       debian/watch #new URI for upstream sources
>
> --
> Strange behavior of libkrb5 since karmic ...
> https://bugs.launchpad.net/bugs/489418
> You received this bug notification because you are subscribed to krb5 in
> ubuntu.
>

-- 
Strange behavior of libkrb5 since karmic ...
https://bugs.launchpad.net/bugs/489418
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to krb5 in ubuntu.

More information about the Ubuntu-server-bugs mailing list