stable

krb5-1.21.2-2.fc39

FEDORA-2023-1ddc27073f created by jrische 11 months ago for Fedora 39

This is a backport of the krb5#1306 upstream pull request. It includes fixes for numerous memory leaks. Most of them were affecting command line tools, but a few of them were affecting the following libraries and daemons:

  • kpropd (check for authorized principal)
  • GSSAPI (credentials export and validation)
  • kadmin server (master key initialization)
  • ccache (KCM entry access and configuration fetching)
  • keytab (entry access)
  • LDAP KDB plugin (realm deletion)

None of these leaks introduces a security risk.

This update also modifies the License tag in the specfile to use SPDX license identifiers. Nonetheless, this tag cannot be concisered fully accurate at this point. Some of MIT krb5's licenses seem to not be references by the SPDX standard.

Reboot Required
After installing this update it is required that you reboot your system to ensure the changes supplied by this update are applied properly.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2023-1ddc27073f

This update has been submitted for testing by jrische.

11 months ago

This update's test gating status has been changed to 'waiting'.

11 months ago

jrische edited this update.

11 months ago

This update's test gating status has been changed to 'failed'.

11 months ago

This update's test gating status has been changed to 'waiting'.

11 months ago

This update's test gating status has been changed to 'passed'.

11 months ago

This update has been pushed to testing.

11 months ago

This update's test gating status has been changed to 'failed'.

11 months ago

This update's test gating status has been changed to 'passed'.

11 months ago
User Icon jrische commented & provided feedback 11 months ago

There are three different failures in automated tests:

  • addedfiles: Potential file conflicts in case x86_64 and i686 versions of krb5-tests are installed at the same time. I opened a bugzilla for this case.
  • license: "HPND-export-US-modify" and "RSA-MD" licenses seem to not be known by the analysis tool yet, but they are part of the SPDX standard.
  • annocheck: The tool claims LTO is not enabled at compilation. However, the -flto=auto flag is already set by $RPM_OPT_FLAGS. This is most likely a false negative.

None of these failures should be considered a blocker.

jrische edited this update.

11 months ago
karma
User Icon kparal commented & provided feedback 11 months ago
karma

my kerberos ticket is renewed correctly when triggered by gnome-online-accounts

This update can be pushed to stable now if the maintainer wishes

11 months ago
User Icon nb provided feedback 11 months ago
karma

This update has been submitted for stable by bodhi.

There is an ongoing freeze; this will be pushed to stable after the freeze is over.

11 months ago
User Icon bojan commented & provided feedback 10 months ago
karma

Works.

This update has been pushed to stable.

10 months ago

Please login to add feedback.

Metadata
Type
bugfix
Severity
medium
Karma
4
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
14 days
Dates
submitted
11 months ago
in testing
11 months ago
in stable
10 months ago
modified
11 months ago
approved
10 months ago
BZ#2223274 Fix 60 memory leaks [rawhide]
0
0

Automated Test Results