This shouldn't be a problem. We're still in sync phase for Ubuntu Lucid, so the new krb5 package will get automatically pulled in when it hits Debian testing.
On Mon, Nov 30, 2009 at 3:25 PM, Sam Hartman <hartm...@debian.org> wrote: > I released 1.7+dfsg-3 to Debian unstable. That includes a fix to this > bug. I'd recommend that Ubuntu sync that version into a karmic update > once it hits squeeze in order to address this issue. The code changes > between what's in karmic now and 1.7+dfsg-3 are all reasonably > important bug fixes including a number of user visible memory leak > fixes, fixes to the lockout problem and fixes to some rare crashes. > There were no code changes between 1.7 beta3 and 1.7; I have hand > picked patches that resolve important problems people were having for > any code changes since the version in karmic. > > I understand you try to be conservative about what you accept in an > update, although I think it will probably be easier to evaluate the > debian diff than to subset the changes I've made. I've tried to show > what all is involved below so you can estimate whether my proposal is > a viable option. Specific patches are all in the debian krb5 git repo > if you do want to subset. > > > The diffs to the code are reasonably small and > address specific bug fixes: > > 2 3 src/appl/gssftp/ftpd/ftpd.c > 7 0 src/lib/gssapi/spnego/spnego_mech.c > 17 13 src/lib/kadm5/srv/server_acl.c > 16 25 src/lib/kdb/kdb_default.c > 1 1 src/lib/krb5/krb/chpw.c > 1 2 src/lib/krb5/krb/get_in_tkt.c > 1 1 src/lib/krb5/krb/kerrs.c > 3 1 src/lib/krb5/krb/pac.c > 2 0 src/lib/krb5/krb/t_pac.c > 8 2 src/lib/krb5/rcache/rc_none.c > 3 3 src/patchlevel.h > 7 0 src/plugins/preauth/pkinit/pkinit_crypto_openssl.c > 14 14 src/util/profile/prof_file.c > 3 0 src/util/profile/prof_int.h > 2 7 src/util/profile/prof_tree.c > > Here are the fixes that involve code changes: > * Several fixes applied after the 1.7 release: > - 6506: correctly handle keytab vs stash file > - 6508: kadmind ACL parsing could reference uninitialized memory > - 6509: kadmind can reference null pointer on ACL error > - 6511: uninitialized memory passed to krb5_free_error in change > password client path > - 6514: none replay cache memory leak > - 6515: profile library mutex performance improvements > - 6541: memory leak in PAC verify code > - 6542: Check for null characters in pkinit certs > - 6543: login vs user order in ftpd sometimes wrong > - 6551: Memory leak in spnego accept_sec_context error path > * Avoid locking out accounts on PREAUTH_FAILED, Closes: #557979, (LP: > #489418) > > If you do not choose to accept the full Debian version, I strongly > recommend you take at least the fix to the lockout bug, 6543 (can > cause people to be unable to log into ftpd), 6542 (security concern > about accepting bogus certificates for authentication), and all the > memory leaks. > > In addition to the code changes, this version includes: > > > * autoconf was rerun as part of transition from 1.7beta3 to 1.7 > 9 9 src/appl/libpty/configure > 9 9 src/appl/telnet/configure > 10 10 src/configure > 9 9 src/appl/bsd/configure > 9 9 src/appl/gssftp/configure > > The following documentation updates were pulled in moving from > 1.7.dfsg~beta3 to 1.7. You probably don't strictly need these, but it > should be fairly easy to see they are harmless. > 77 25 README > 22 3 doc/CHANGES > 1021 939 doc/admin-guide.ps > 83 2 doc/copyright.texinfo > 873 792 doc/install-guide.ps > 65 2 doc/krb5-admin.html > 165 105 doc/krb5-admin.info > 65 2 doc/krb5-install.html > 152 92 doc/krb5-install.info > 65 2 doc/krb5-user.html > 98 38 doc/krb5-user.info > 882 801 doc/user-guide.ps > > In addition, the following packaging changes were made: > > 42 0 debian/changelog > 2 2 debian/control # fix LP #472080 > 3 4 debian/prepsource # my script not called by build process > 1 1 debian/rules # work around change in dh_makeshlibs > 1 1 debian/watch #new URI for upstream sources > > -- > Strange behavior of libkrb5 since karmic ... > https://bugs.launchpad.net/bugs/489418 > You received this bug notification because you are subscribed to krb5 in > ubuntu. > -- Strange behavior of libkrb5 since karmic ... https://bugs.launchpad.net/bugs/489418 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
