krb5 (1.20.1-2+deb12u1) bookworm; urgency=high
* Fixes CVE-2023-36054: a remote authenticated attacker can cause
kadmind to free an uninitialized pointer. Upstream believes remote
code execusion is unlikely, Closes: #1043431
-- Sam Hartman <hartmans@debian.org> Mon, 14 Aug 2023 14:06:53 -0600
krb5 (1.20.1-2) unstable; urgency=medium
* Tighten dependencies on libkrb5support0. This means that the entire
upgrade from bullseye to bookworm needs to be lockstep, but it appears
that's what is required, Closes: #1036055
-- Sam Hartman <hartmans@debian.org> Mon, 15 May 2023 17:44:41 -0600
krb5 (1.20.1-1) unstable; urgency=high
[ Bastian Germann ]
* Sync debian/copyright with NOTICE from upstream
[ Debian Janitor ]
* Trim trailing whitespace.
* Strip unusual field spacing from debian/control.
* Use secure URI in Homepage field.
* Merge upstream signing key files.
* Update renamed lintian tag names in lintian overrides.
* Update standards version to 4.6.1, no changes needed.
* Remove field Section on binary package krb5-gss-samples that
duplicates source.
* Fix field name cases in debian/control (VCS-Browser => Vcs-Browser,
VCS-Git => Vcs-Git).
[ Sam Hartman ]
* New upstream release
- Integer overflows in PAC parsing; potentially critical for 32-bit
KDCs or when cross-realm acts maliciously; DOS in other conditions;
CVE-2022-42898, Closes: #1024267
* Tighten version dependencies around crypto library, Closes: 1020424
* krb5-user reccomends rather than Depends on krb5-config. This avoids
a hard dependency on bind9-host, but also supports cases where
krb5-config is externally managed, Closes: #1005821
-- Sam Hartman <hartmans@debian.org> Thu, 17 Nov 2022 10:34:28 -0700
krb5 (1.20-1) unstable; urgency=medium
* New Upstream Version
* Do not specify master key type to avoid weak crypto, Closes: #1009927
-- Sam Hartman <hartmans@debian.org> Fri, 22 Jul 2022 16:32:38 -0600
krb5 (1.20~beta1-1) experimental; urgency=medium
* New Upstream version
-- Sam Hartman <hartmans@debian.org> Thu, 07 Apr 2022 11:57:27 -0600
krb5 (1.19.2-2) unstable; urgency=medium
* Standards version 4.6.0; no change
* kpropd: run after network.target, Closes: #948820
* krb5-kdc: Remove /var from PidFile, Closes: #982009
-- Sam Hartman <hartmans@debian.org> Mon, 21 Feb 2022 13:05:20 -0700
krb5 (1.19.2-1) experimental; urgency=medium
* New Upstream version
* Include patch to work with OpenSSL 3.0, Closes: #995152
* Depend on tex-gyre, Closes: #997407
-- Sam Hartman <hartmans@debian.org> Wed, 27 Oct 2021 14:04:42 -0600
krb5 (1.18.3-7) unstable; urgency=medium
* Fix KDC null dereference crash on FAST request with no server field,
CVE-2021-37750, Closes: #992607
* Fix memory leak in krb5_gss_inquire_cred, Closes: #991140
* Add javascript libraries for docs, thanks Andreas Beckmann, Closes: #988743
* Drop build-dependency on libncurses5-dev which hasn't been needed
since krb5-appl was removed, Closes: #981161
-- Sam Hartman <hartmans@debian.org> Fri, 27 Aug 2021 08:13:47 -0600
krb5 (1.18.3-6) unstable; urgency=high
* Pull in upstream patch to fix CVE-2021-36222 (KDC NULL dereference),
Closes: #991365
-- Benjamin Kaduk <kaduk@mit.edu> Wed, 21 Jul 2021 11:07:07 -0700
krb5 (1.18.3-5) unstable; urgency=medium
* Update breaks on libk5crypto3 toward other internal libraries because
of removed internal symbols, Closes: #985739
-- Sam Hartman <hartmans@debian.org> Sun, 28 Mar 2021 13:43:01 -0400
krb5 (1.18.3-4) unstable; urgency=medium
* Sigh, either use <= with the old version in the
libapache-mod-auth-kerb constraint or << with the new version. <=
with the new version is no good. (used <= with the old version)
-- Sam Hartman <hartmans@debian.org> Mon, 23 Nov 2020 11:53:02 -0500
krb5 (1.18.3-3) unstable; urgency=medium
* Update breaks for libapache2-mod-auth-kerb now that we think we have a fix.
* Mark libkrad-dev as multi-arch: same
-- Sam Hartman <hartmans@debian.org> Mon, 23 Nov 2020 10:07:02 -0500
krb5 (1.18.3-2) unstable; urgency=medium
* Break libapache2-mod-auth-kerb; see #975344 . Obviously this is not a stable situation, but I want to at least let users know that by installing this krb5 libapache2-mod-auth-kerb will not work until we fix it.
-- Sam Hartman <hartmans@debian.org> Fri, 20 Nov 2020 14:46:00 -0500
krb5 (1.18.3-1) unstable; urgency=medium
* New upstream version
- Fix error when DES disabled, Closes: #932298
* Fix typo in lintian overrides.
* Update hurd compat patch, thanks Pino Toscano, Closes: #933770
-- Sam Hartman <hartmans@debian.org> Thu, 19 Nov 2020 11:08:16 -0500
krb5 (1.18.2-1) experimental; urgency=medium
* New Upstream version
* Include several pre-release patches from 1.18.3:
- Unregister thread key in SPNEGO finalization
- Set pw_expiration during LDAP load
- Avoid using LMDB environments across forks
- Allow gss_unwrap_iov() of unpadded RC4 tokens
- Fix input length checking in SPNEGO DER decoding
- Set lockdown attribute when creating LDAP KDB
- Add recursion limit for ASN.1 indefinite lengths (CVE-2020-28196,
Closes: #973880)
* Release new upstream to experimental
-- Sam Hartman <hartmans@debian.org> Mon, 09 Nov 2020 16:28:52 -0500
krb5 (1.17-10) unstable; urgency=medium
* Also set localstatedir to be consistent with old builds, Closes: #962522
* Include journalctl dump from krb5kdc tests so we can figure out why ppc tests are breaking.
-- Sam Hartman <hartmans@debian.org> Mon, 09 Nov 2020 16:28:25 -0500
krb5 (1.17-9) unstable; urgency=low
* Fix build-indep, Closes: #962470
-- Sam Hartman <hartmans@debian.org> Mon, 08 Jun 2020 10:02:57 -0400
krb5 (1.17-8) unstable; urgency=low
* krb5-doc is multi-arch Foreign, Closes: #959984
* Convert to using dh sequencer, Closes: #930690
* Low urgency to give us a chance to shake out the DH changes
-- Sam Hartman <hartmans@debian.org> Thu, 28 May 2020 10:31:24 -0400
krb5 (1.17-7) unstable; urgency=medium
* Use python3 for building docs; pull patch from upstream, Closes: #939483
-- Sam Hartman <hartmans@debian.org> Mon, 23 Mar 2020 10:46:41 -0400
krb5 (1.17-6) unstable; urgency=medium
* Stop depending on texlive-generic-extra, which is no longer built,
Closes: #933286
-- Sam Hartman <hartmans@debian.org> Thu, 01 Aug 2019 14:15:13 -0400
krb5 (1.17-5) unstable; urgency=high
* Upstream patch to filter invalid enctypes when nfs calls to indicate
which enctypes it supports, Closes: #932000
* Do not error out if a keytab includes a single-des enctype, Closes:
#932132
-- Sam Hartman <hartmans@debian.org> Wed, 17 Jul 2019 09:20:27 -0400
krb5 (1.17-4) unstable; urgency=low
* Remove single DES support entirely; it has been deprecated for a
number of years and is going away in 1.18. We want to find out now
any debian problems.
* Migrate from git-dpm to git-debrebase; it truly is better. Thanks Ian.
* Add a krb5-user.news for single DES going away
* Remove the old news file across all packages
-- Sam Hartman <hartmans@debian.org> Mon, 08 Jul 2019 22:04:39 -0400
# Older entries have been removed from this changelog.
# To read the complete changelog use `apt changelog libgssrpc4`.
Generated by dwww version 1.15 on Sat May 18 06:54:36 CEST 2024.