Sync krb5 1.7dfsg~beta1-4 (main) from Debian unstable (main).

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 affects ubuntu/krb5
 status confirmed
 importance wishlist
 subscribe ubuntu-archive

Please sync krb5 1.7dfsg~beta1-3 (main) from Debian unstable (main).

Explanation of the Ubuntu delta and why it can be dropped:

There were two changes in Ubuntu:
 1. Two security fixes that were included in 1.6.dfsg.4~beta1-13.
 2. A patch adding some functionality required by likewise-open.
    1.7 provides the same features but with a different API.
    The likewise-open developers plan to use the 1.7 API instead of their
    modification to the 1.6 release.

Changelog since current karmic version 1.6.dfsg.4~beta1-5ubuntu2:

krb5 (1.7dfsg~beta1-3) unstable; urgency=low

  * Relax symbol versions of symbols that exist in krb5 1.6.dfsg.2 to
    1.6.dfsg.2. No software currently in Debian uses the new
    functionality, and this will ease the transition because it allows
    krb5 to move independently of packages that are being rebuilt. This
    change will be reverted before the end of May, 2009.

 -- Sam Hartman <email address hidden> Tue, 05 May 2009 09:01:17 -0400

krb5 (1.7dfsg~beta1-2) unstable; urgency=low

  * Upload to unstable with permission of release team; note that this
    upload will make anything that depends on libkrb53 uninstallable in
    unstable. The release team will make binary only NMUs to rebuild any
    such packages and they will depend on the new libraries. Packages
    built since 1.6.dfsg.4~beta1-9 entered unstable should not be affected.
  * Upstream change: return PREAUTH_REQUIRED not PREAUTH_FAILED on unknown
    preauth type in the KDC.
  * Remove a bunch of patches applied ustream from debian/patches

 -- Sam Hartman <email address hidden> Mon, 04 May 2009 16:19:09 -0400

krb5 (1.7dfsg~beta1-1) experimental; urgency=low

  * New upstream release
    - kadmin and related commands moved to /usr/bin, Closes: #477296
    - Kadmin headers are Public: Closes: #191616
    - KDC supports loopback address, Closes: #478425

 -- Sam Hartman <email address hidden> Wed, 22 Apr 2009 09:53:15 -0400

krb5 (1.7dfsg~alpha1-1) experimental; urgency=low

  * New upstream version

 -- Sam Hartman <email address hidden> Sun, 05 Apr 2009 20:46:14 -0400

krb5 (1.6.dfsg.4~beta1-13) unstable; urgency=high

  * MITKRB5-SA-2009-001: Fix read-beyond-end-of-buffer DOS in SPNEGO, an
    SPNEGO null pointer dereference, and incorrect length validation in
    an ASN.1 decoder. (CVE-2009-0844, CVE-2009-0845, CVE-2009-0847)
  * MITKRB5-SA-2009-002: ASN.1 general time decoder can free uninitialized
    pointer. (CVE-2009-0846)
  * Add dependency on libkrb53 from libkrb5-dev. This should make it
    significantly more difficult for buildds to get out of sync. I don't
    think we can do better within the constraints of this transition,
    Closes: #522469

 -- Sam Hartman <email address hidden> Tue, 07 Apr 2009 14:58:31 -0400

krb5 (1.6.dfsg.4~beta1-12) unstable; urgency=low

  * Translation updates:
    - Romanian, thanks Eddy Petrișor. (Closes: #519660)
    - Finnish, thanks Esko Arajärvi. (Closes: #519741)
    - Russian, thanks Sergey Alyoshin. (Closes: #519744)
    - Spanish, thanks Francisco Javier Cuadrado. (Closes: #519808)

 -- Russ Allbery <email address hidden> Fri, 27 Mar 2009 11:24:28 -0700

krb5 (1.6.dfsg.4~beta1-11) unstable; urgency=low

  * Upload from the partial-krb4 branch not the master branch so we don't
    break unstable.
      - Restore libkrb53 and libkadm55
  * Resync the aes test files from upstream to fix a line ending problem
    and significantly shrink the debian diff

 -- Sam Hartman <email address hidden> Fri, 13 Mar 2009 10:19:42 -0400

krb5 (1.6.dfsg.4~beta1-10) unstable; urgency=low

  * Add Homepage control field.
  * Add ${misc:Depends} to dependencies for all packages.
  * Expand the packages that satisfy the libkrb5-dbg dependency.
  * Include a few more details about the differences between the various
    library packages in their long descriptions and fix some whitespace
    inconsistencies. Thanks, Gerfried Fuchs. (Closes: #519403)
  * Remove empty usr/include/kerberosIV directory in libkrb5-dev.
  * Use set -e instead of #!/bin/sh -e for all maintainer scripts.
  * Use which without a path to check for update-inetd.
  * Improve the leading comment in /etc/default/krb5-kdc.
  * Remove unnecessary section override for krb5-pkinit.
  * Update to debhelper compatibility level V7.
    - Use dh_lintian to install Lintian overrides.
    - Use dh_prep instead of dh_clean -k.
  * Update standards version to 3.8.1 (no changes required).
  * Fix superfluous space in the krb5-kdc debconf templates and unfuzzy
    translations. Thanks, Helge Kreutzmann. (Closes: #518403)
  * Translation updates:
    - French, thanks Christian Perrier. (Closes: #518221)
    - Japanese, thanks TANAKA Atushi. (Closes: #518345)
    - Swedish, thanks Martin Bagge. (Closes: #518347)
    - German, thanks Helge Kreutzmann. (Closes: #518402)
    - Czech, thanks Miroslav Kure. (Closes: #518993)
    - Portuguese, thanks Miguel Figueiredo. (Closes: #519000)
    - Italian, thanks Luca Monducci. (Closes: #519178)
    - Galician, thanks Marce Villarino. (Closes: #519481)

 -- Russ Allbery <email address hidden> Thu, 12 Mar 2009 18:00:31 -0700
krb5 (1.6.dfsg.4~beta1-9) unstable; urgency=medium

  * Fix typo in downgrade instructions in NEWS file.
  * Fix override for libkadm55
  * Upload to unstable.

 -- Sam Hartman <email address hidden> Sun, 01 Mar 2009 15:33:58 -0500

krb5 (1.6.dfsg.4~beta1-8) experimental; urgency=low

  * Re-introduce libkrb53 and libkadm55 based on discussion on
    debian-devel; in this version, libkrb53 contains only libkrb4. Both
    libkrb53 and libkadm55 depend on the split library packages. These
    dependencies are unversioned; that means that before any symbols are
    added the shlibs files need to be repointed away from libkrb53 and
    libkadm55. Any version of the split library packages can satisfy the
    symbols needed by the libraries previously shipped in libkrb53.
  * Perform two builds; one without krb4 and one with krb4 for the only
    warnings; they will go away when the shlibs files are repointed.
  * Remove krb4 support from debconf and init scripts.
  * Remove the krb4 migration guide from doc-base
  * Fix up replaces in control file so that libraries that used to be in
    libkadm55 claim to replace libkadm55
  * Only use parallel builds on the krb5 build; it breaks krb4 enabled
    builds.
  * Used versioned replaces; this seems to make it harder to get a system
    into a broken state if you remove the new packages, Closes: #517483

 -- Sam Hartman <email address hidden> Sat, 28 Feb 2009 00:42:51 -0500

krb5 (1.6.dfsg.4~beta1-7) experimental; urgency=low

  * Do not build krb4 support; this is being removed upstream with 1.7 and
    it is strongly desirable to examine the debian implications.
  * As a result, the libraries which were previously all in libkrb53 need
    to change package names as we are dropping some libraries. So, split
    out the libraries into lib<libraryname>-<soname> per policy. The old
    format was consistent with policy when it was written 8 years ago, and
    has lasted well. As a result, a significant number of new library
    packages are introduced.
  * Use dpkg-gensymbols support for .symbols files for better version tracking
  * Update to policy 3.8.0
      - Support parallel=

 -- Sam Hartman <email address hidden> Fri, 20 Feb 2009 16:57:43 -0500

krb5 (1.6.dfsg.4~beta1-6) unstable; urgency=low

  * In the krb5-install info pages, document the need to create an empty
    database on new slaves before the first database propagation to work
    around a bug in kdb5_util. This is a workaround for Bug#512670, which
    won't be fixed in time for the lenny release.

 -- Russ Allbery <email address hidden> Sun, 01 Feb 2009 10:07:37 -0800

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkoDPcsACgkQM0thG+z3pVhguQCeOvPrcjwXn+35NxMhl0ITapQ0
PS4An2UT81ijz66V3D3Yp807W8rG/2OL
=Wu09
-----END PGP SIGNATURE-----