enterprise-support team mailing list archive

Thread
Date
[Bug 2040386] [NEW] Merge krb5 from Debian unstable for noble

To: enterprise-support@xxxxxxxxxxxxxxxxxxx
From: Bryce Harrington <2040386@xxxxxxxxxxxxxxxxxx>
Date: Wed, 25 Oct 2023 04:24:32 -0000
Reply-to: Bug 2040386 <2040386@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx
Public bug reported:

Upstream: tbd
Debian:   1.20.1-5    
Ubuntu:   1.20.1-3ubuntu1


Debian does new releases regularly, so it's likely there will be newer
versions available before FF that we can pick up if this merge is done
later in the cycle.

If it turns out this needs a sync rather than a merge, please change the
tag 'needs-merge' to 'needs-sync', and (optionally) update the title as
desired.


### New Debian Changes ###

krb5 (1.20.1-5) unstable; urgency=medium

  [ Helmut Grohne ]
  * Annotate test dependencies <!nocheck>. (Closes: #1054461)

  [ Sam Hartman ]
  * Fix keyutils to be linux-any

 -- Helmut Grohne <helmut@xxxxxxxxxx>  Tue, 24 Oct 2023 07:17:27 +0200

krb5 (1.20.1-4) unstable; urgency=low

  [ Steve Langasek ]
  * libkrb5support0: require strict binary dependency to deal with glibc 2.38, Closes: #1043184

  [Jelmer Vernooij]
  * krb5-user: Use alternatives for kinit, klist, kswitch, ksu, kpasswd,
    kdestroy, kadmin and ktutil. This allows installation
    together with heimdal-clients. Closes: #213316, #751203

  [ Sam Hartman ]
  * Enable build-time tests, Thanks Andreas Hasenack, Closes: #1017763
  * Work around doxygen change that breaks doc build, Thanks Greg
    Hudson, Closes: #1051523

 -- Sam Hartman <hartmans@xxxxxxxxxx>  Mon, 11 Sep 2023 11:06:57 -0600

krb5 (1.20.1-3) unstable; urgency=high

  * Fixes CVE-2023-36054: a  remote authenticated attacker can cause
    kadmind to free an uninitialized pointer.  Upstream believes remote
    code execusion is unlikely, Closes: #1043431 

 -- Sam Hartman <hartmans@xxxxxxxxxx>  Mon, 14 Aug 2023 14:06:53 -0600

krb5 (1.20.1-2) unstable; urgency=medium

  * Tighten dependencies on libkrb5support0.  This means that the entire
    upgrade from bullseye to bookworm needs to be lockstep, but it appears
    that's what is required, Closes: #1036055
  

 -- Sam Hartman <hartmans@xxxxxxxxxx>  Mon, 15 May 2023 17:44:41 -0600

krb5 (1.20.1-1) unstable; urgency=high

  [ Bastian Germann ]
  * Sync debian/copyright with NOTICE from upstream

  [ Debian Janitor ]
  * Trim trailing whitespace.
  * Strip unusual field spacing from debian/control.
  * Use secure URI in Homepage field.
  * Merge upstream signing key files.
  * Update renamed lintian tag names in lintian overrides.
  * Update standards version to 4.6.1, no changes needed.
  * Remove field Section on binary package krb5-gss-samples that
    duplicates source.
  * Fix field name cases in debian/control (VCS-Browser => Vcs-Browser,
    VCS-Git => Vcs-Git).

  [ Sam Hartman ]
  * New upstream release
    - Integer overflows in PAC parsing; potentially critical for 32-bit
    KDCs or when cross-realm acts maliciously; DOS in other conditions;
    CVE-2022-42898, Closes: #1024267
  * Tighten version dependencies around crypto library, Closes: 1020424
  * krb5-user reccomends rather than Depends on krb5-config.  This avoids
    a hard dependency on bind9-host, but also supports cases where
    krb5-config is externally managed, Closes: #1005821

 -- Sam Hartman <hartmans@xxxxxxxxxx>  Thu, 17 Nov 2022 10:34:28 -0700

krb5 (1.20-1) unstable; urgency=medium

  * New Upstream Version
  * Do not specify master key type to avoid weak crypto, Closes: #1009927

 -- Sam Hartman <hartmans@xxxxxxxxxx>  Fri, 22 Jul 2022 16:32:38 -0600

krb5 (1.20~beta1-1) experimental; urgency=medium

  * New Upstream version

 -- Sam Hartman <hartmans@xxxxxxxxxx>  Thu, 07 Apr 2022 11:57:27 -0600

krb5 (1.19.2-2) unstable; urgency=medium

  * Standards version 4.6.0; no change
  * kpropd: run after network.target, Closes: #948820
  * krb5-kdc: Remove /var from PidFile, Closes: #982009

 -- Sam Hartman <hartmans@xxxxxxxxxx>  Mon, 21 Feb 2022 13:05:20 -0700

krb5 (1.19.2-1) experimental; urgency=medium

  * New Upstream version
  * Include patch to work with OpenSSL 3.0, Closes: #995152
  * Depend on tex-gyre, Closes: #997407


### Old Ubuntu Delta ###

krb5 (1.20.1-3ubuntu1) mantic; urgency=medium

  * Make krb5int_strl(cat|copy) optional symbols, since they are not needed
    when built against glibc 2.38.  Closes: #1043184.
  * Declare Breaks: against older packages using these symbols.
  * Make dependencies on libkrb5support0 strict to avoid future symbol skew.

 -- Steve Langasek <steve.langasek@xxxxxxxxxx>  Thu, 24 Aug 2023
18:07:33 +0000

** Affects: krb5 (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: needs-merge upgrade-software-version

** Changed in: krb5 (Ubuntu)
    Milestone: None => ubuntu-24.01

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to krb5 in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/2040386

Title:
  Merge krb5 from Debian unstable for noble

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/2040386/+subscriptions
Follow ups

[Bug 2040386] Re: Merge krb5 from Debian unstable for noble
From: Andreas Hasenack, 2024-01-03