This shouldn't be a problem. We're still in sync phase for Ubuntu
Lucid, so the new krb5 package will get automatically pulled in when
it hits Debian testing.
On Mon, Nov 30, 2009 at 3:25 PM, Sam Hartman <email address hidden> wrote:
> I released 1.7+dfsg-3 to Debian unstable. That includes a fix to this
> bug. I'd recommend that Ubuntu sync that version into a karmic update
> once it hits squeeze in order to address this issue. The code changes
> between what's in karmic now and 1.7+dfsg-3 are all reasonably
> important bug fixes including a number of user visible memory leak
> fixes, fixes to the lockout problem and fixes to some rare crashes.
> There were no code changes between 1.7 beta3 and 1.7; I have hand
> picked patches that resolve important problems people were having for
> any code changes since the version in karmic.
>
> I understand you try to be conservative about what you accept in an
> update, although I think it will probably be easier to evaluate the
> debian diff than to subset the changes I've made. I've tried to show
> what all is involved below so you can estimate whether my proposal is
> a viable option. Specific patches are all in the debian krb5 git repo
> if you do want to subset.
>
>
> The diffs to the code are reasonably small and
> address specific bug fixes:
>
> 2 3 src/appl/gssftp/ftpd/ftpd.c
> 7 0 src/lib/gssapi/spnego/spnego_mech.c
> 17 13 src/lib/kadm5/srv/server_acl.c
> 16 25 src/lib/kdb/kdb_default.c
> 1 1 src/lib/krb5/krb/chpw.c
> 1 2 src/lib/krb5/krb/get_in_tkt.c
> 1 1 src/lib/krb5/krb/kerrs.c
> 3 1 src/lib/krb5/krb/pac.c
> 2 0 src/lib/krb5/krb/t_pac.c
> 8 2 src/lib/krb5/rcache/rc_none.c
> 3 3 src/patchlevel.h
> 7 0 src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
> 14 14 src/util/profile/prof_file.c
> 3 0 src/util/profile/prof_int.h
> 2 7 src/util/profile/prof_tree.c
>
> Here are the fixes that involve code changes:
> * Several fixes applied after the 1.7 release:
> - 6506: correctly handle keytab vs stash file
> - 6508: kadmind ACL parsing could reference uninitialized memory
> - 6509: kadmind can reference null pointer on ACL error
> - 6511: uninitialized memory passed to krb5_free_error in change
> password client path
> - 6514: none replay cache memory leak
> - 6515: profile library mutex performance improvements
> - 6541: memory leak in PAC verify code
> - 6542: Check for null characters in pkinit certs
> - 6543: login vs user order in ftpd sometimes wrong
> - 6551: Memory leak in spnego accept_sec_context error path
> * Avoid locking out accounts on PREAUTH_FAILED, Closes: #557979, (LP:
> #489418)
>
> If you do not choose to accept the full Debian version, I strongly
> recommend you take at least the fix to the lockout bug, 6543 (can
> cause people to be unable to log into ftpd), 6542 (security concern
> about accepting bogus certificates for authentication), and all the
> memory leaks.
>
> In addition to the code changes, this version includes:
>
>
> * autoconf was rerun as part of transition from 1.7beta3 to 1.7
> 9 9 src/appl/libpty/configure
> 9 9 src/appl/telnet/configure
> 10 10 src/configure
> 9 9 src/appl/bsd/configure
> 9 9 src/appl/gssftp/configure
>
> The following documentation updates were pulled in moving from
> 1.7.dfsg~beta3 to 1.7. You probably don't strictly need these, but it
> should be fairly easy to see they are harmless.
> 77 25 README
> 22 3 doc/CHANGES
> 1021 939 doc/admin-guide.ps
> 83 2 doc/copyright.texinfo
> 873 792 doc/install-guide.ps
> 65 2 doc/krb5-admin.html
> 165 105 doc/krb5-admin.info
> 65 2 doc/krb5-install.html
> 152 92 doc/krb5-install.info
> 65 2 doc/krb5-user.html
> 98 38 doc/krb5-user.info
> 882 801 doc/user-guide.ps
>
> In addition, the following packaging changes were made:
>
> 42 0 debian/changelog
> 2 2 debian/control # fix LP #472080
> 3 4 debian/prepsource # my script not called by build process
> 1 1 debian/rules # work around change in dh_makeshlibs
> 1 1 debian/watch #new URI for upstream sources
>
> --
> Strange behavior of libkrb5 since karmic ...
> https://bugs.launchpad.net/bugs/489418
> You received this bug notification because you are subscribed to krb5 in
> ubuntu.
>
This shouldn't be a problem. We're still in sync phase for Ubuntu
Lucid, so the new krb5 package will get automatically pulled in when
it hits Debian testing.
On Mon, Nov 30, 2009 at 3:25 PM, Sam Hartman <email address hidden> wrote: gssftp/ ftpd/ftpd. c gssapi/ spnego/ spnego_ mech.c kadm5/srv/ server_ acl.c kdb/kdb_ default. c krb5/krb/ chpw.c krb5/krb/ get_in_ tkt.c krb5/krb/ kerrs.c krb5/krb/ pac.c krb5/krb/ t_pac.c krb5/rcache/ rc_none. c preauth/ pkinit/ pkinit_ crypto_ openssl. c profile/ prof_file. c profile/ prof_int. h profile/ prof_tree. c libpty/ configure telnet/ configure bsd/configure gssftp/ configure texinfo guide.ps install. html install. info /bugs.launchpad .net/bugs/ 489418
> I released 1.7+dfsg-3 to Debian unstable. That includes a fix to this
> bug. I'd recommend that Ubuntu sync that version into a karmic update
> once it hits squeeze in order to address this issue. The code changes
> between what's in karmic now and 1.7+dfsg-3 are all reasonably
> important bug fixes including a number of user visible memory leak
> fixes, fixes to the lockout problem and fixes to some rare crashes.
> There were no code changes between 1.7 beta3 and 1.7; I have hand
> picked patches that resolve important problems people were having for
> any code changes since the version in karmic.
>
> I understand you try to be conservative about what you accept in an
> update, although I think it will probably be easier to evaluate the
> debian diff than to subset the changes I've made. I've tried to show
> what all is involved below so you can estimate whether my proposal is
> a viable option. Specific patches are all in the debian krb5 git repo
> if you do want to subset.
>
>
> The diffs to the code are reasonably small and
> address specific bug fixes:
>
> 2 3 src/appl/
> 7 0 src/lib/
> 17 13 src/lib/
> 16 25 src/lib/
> 1 1 src/lib/
> 1 2 src/lib/
> 1 1 src/lib/
> 3 1 src/lib/
> 2 0 src/lib/
> 8 2 src/lib/
> 3 3 src/patchlevel.h
> 7 0 src/plugins/
> 14 14 src/util/
> 3 0 src/util/
> 2 7 src/util/
>
> Here are the fixes that involve code changes:
> * Several fixes applied after the 1.7 release:
> - 6506: correctly handle keytab vs stash file
> - 6508: kadmind ACL parsing could reference uninitialized memory
> - 6509: kadmind can reference null pointer on ACL error
> - 6511: uninitialized memory passed to krb5_free_error in change
> password client path
> - 6514: none replay cache memory leak
> - 6515: profile library mutex performance improvements
> - 6541: memory leak in PAC verify code
> - 6542: Check for null characters in pkinit certs
> - 6543: login vs user order in ftpd sometimes wrong
> - 6551: Memory leak in spnego accept_sec_context error path
> * Avoid locking out accounts on PREAUTH_FAILED, Closes: #557979, (LP:
> #489418)
>
> If you do not choose to accept the full Debian version, I strongly
> recommend you take at least the fix to the lockout bug, 6543 (can
> cause people to be unable to log into ftpd), 6542 (security concern
> about accepting bogus certificates for authentication), and all the
> memory leaks.
>
> In addition to the code changes, this version includes:
>
>
> * autoconf was rerun as part of transition from 1.7beta3 to 1.7
> 9 9 src/appl/
> 9 9 src/appl/
> 10 10 src/configure
> 9 9 src/appl/
> 9 9 src/appl/
>
> The following documentation updates were pulled in moving from
> 1.7.dfsg~beta3 to 1.7. You probably don't strictly need these, but it
> should be fairly easy to see they are harmless.
> 77 25 README
> 22 3 doc/CHANGES
> 1021 939 doc/admin-guide.ps
> 83 2 doc/copyright.
> 873 792 doc/install-
> 65 2 doc/krb5-admin.html
> 165 105 doc/krb5-admin.info
> 65 2 doc/krb5-
> 152 92 doc/krb5-
> 65 2 doc/krb5-user.html
> 98 38 doc/krb5-user.info
> 882 801 doc/user-guide.ps
>
> In addition, the following packaging changes were made:
>
> 42 0 debian/changelog
> 2 2 debian/control # fix LP #472080
> 3 4 debian/prepsource # my script not called by build process
> 1 1 debian/rules # work around change in dh_makeshlibs
> 1 1 debian/watch #new URI for upstream sources
>
> --
> Strange behavior of libkrb5 since karmic ...
> https:/
> You received this bug notification because you are subscribed to krb5 in
> ubuntu.
>