diff --git a/README b/README index b71c8e01dc3..d1de8357e38 100644 --- a/README +++ b/README @@ -97,6 +97,18 @@ removed. Beginning with the krb5-1.18 release, all support for single-DES encryption types has been removed. +Major changes in 1.22.1 (2025-08-20) +------------------------------------ + +This is a bug fix release. + +* Fix a vulnerability in GSS MIC verification [CVE-2025-57736]. + +krb5-1.22.1 changes by ticket ID +-------------------------------- + +9181 verify_mic_v3 broken in 1.22 + Major changes in 1.22 (2025-08-05) ---------------------------------- @@ -383,6 +395,7 @@ reports, suggestions, and valuable resources: Roland Dowdeswell Ken Dreyer Dorian Ducournau + Francis Dupont Viktor Dukhovni Jason Edgecombe Mark Eichin diff --git a/doc/html/_sources/appdev/refs/api/krb5_set_password_using_ccache.rst.txt b/doc/html/_sources/appdev/refs/api/krb5_set_password_using_ccache.rst.txt index 24bf4be7edd..115afaab69d 100644 --- a/doc/html/_sources/appdev/refs/api/krb5_set_password_using_ccache.rst.txt +++ b/doc/html/_sources/appdev/refs/api/krb5_set_password_using_ccache.rst.txt @@ -67,7 +67,7 @@ The error code and strings are returned in *result_code* , *result_code_string* .. note:: - If *change_password_for* is set to NULL, the change is performed on the default principal in *ccache* . If *change_password_for* is non null, the change is performed on the specified principal. + If *change_password_for* is set to NULL, the change is performed on the default principal in *ccache* . If *change_password_for* is nonnull, the change is performed on the specified principal. diff --git a/doc/html/_static/documentation_options.js b/doc/html/_static/documentation_options.js index e3aed4f2053..ac523660143 100644 --- a/doc/html/_static/documentation_options.js +++ b/doc/html/_static/documentation_options.js @@ -1,5 +1,5 @@ const DOCUMENTATION_OPTIONS = { - VERSION: '1.22-final', + VERSION: '1.22.1', LANGUAGE: 'en', COLLAPSE_INDEX: false, BUILDER: 'html', diff --git a/doc/html/about.html b/doc/html/about.html index 9dd0961ef8d..e7864cc3ac7 100644 --- a/doc/html/about.html +++ b/doc/html/about.html @@ -9,7 +9,7 @@ - + @@ -131,7 +131,7 @@ to maintain.
kinit
- Release: 1.22-final
+ Release: 1.22.1
© Copyright 1985-2025, MIT.
diff --git a/doc/html/admin/index.html b/doc/html/admin/index.html
index 3b6687a5671..1e6e0997964 100644
--- a/doc/html/admin/index.html
+++ b/doc/html/admin/index.html
@@ -9,7 +9,7 @@
-
+
@@ -160,7 +160,7 @@
- Release: 1.22-final
+ Release: 1.22.1
© Copyright 1985-2025, MIT.
diff --git a/doc/html/admin/install.html b/doc/html/admin/install.html
index 4fb8c157552..cf6d1aef7f7 100644
--- a/doc/html/admin/install.html
+++ b/doc/html/admin/install.html
@@ -9,7 +9,7 @@
-
+
@@ -171,7 +171,7 @@
- Release: 1.22-final
+ Release: 1.22.1
© Copyright 1985-2025, MIT.
diff --git a/doc/html/admin/install_appl_srv.html b/doc/html/admin/install_appl_srv.html
index 4ee80b824cf..11f7b82a2c1 100644
--- a/doc/html/admin/install_appl_srv.html
+++ b/doc/html/admin/install_appl_srv.html
@@ -9,7 +9,7 @@
-
+
@@ -199,7 +199,7 @@ readable only by root.
- Release: 1.22-final
+ Release: 1.22.1
© Copyright 1985-2025, MIT.
diff --git a/doc/html/admin/install_clients.html b/doc/html/admin/install_clients.html
index 57dec1f64e6..52850acb1fa 100644
--- a/doc/html/admin/install_clients.html
+++ b/doc/html/admin/install_clients.html
@@ -9,7 +9,7 @@
-
+
@@ -181,7 +181,7 @@ krb5.conf.
- Release: 1.22-final
+ Release: 1.22.1
© Copyright 1985-2025, MIT.
diff --git a/doc/html/admin/install_kdc.html b/doc/html/admin/install_kdc.html
index 24e75372871..1f1e3b2a715 100644
--- a/doc/html/admin/install_kdc.html
+++ b/doc/html/admin/install_kdc.html
@@ -9,7 +9,7 @@
-
+
@@ -627,7 +627,7 @@ set up incremental propagation to replica KDCs. See
- Release: 1.22-final
+ Release: 1.22.1
© Copyright 1985-2025, MIT.
diff --git a/doc/html/admin/lockout.html b/doc/html/admin/lockout.html
index 3bedd7fb93d..38c420b0aca 100644
--- a/doc/html/admin/lockout.html
+++ b/doc/html/admin/lockout.html
@@ -9,7 +9,7 @@
-
+
@@ -267,7 +267,7 @@ read access, account lockout will not function.
- Release: 1.22-final
+ Release: 1.22.1
© Copyright 1985-2025, MIT.
diff --git a/doc/html/admin/otp.html b/doc/html/admin/otp.html
index 0014ca1aaa2..81f2902b37d 100644
--- a/doc/html/admin/otp.html
+++ b/doc/html/admin/otp.html
@@ -9,7 +9,7 @@
-
+
@@ -215,7 +215,7 @@ equivalent to one DEFAULT token (
- Release: 1.22-final
+ Release: 1.22.1
© Copyright 1985-2025, MIT.
diff --git a/doc/html/admin/pkinit.html b/doc/html/admin/pkinit.html
index 2a30ed7c391..d1bb59ba967 100644
--- a/doc/html/admin/pkinit.html
+++ b/doc/html/admin/pkinit.html
@@ -9,7 +9,7 @@
-
+
@@ -456,7 +456,7 @@ and verify that authentication is unsuccessful.
- Release: 1.22-final
+ Release: 1.22.1
© Copyright 1985-2025, MIT.
diff --git a/doc/html/admin/princ_dns.html b/doc/html/admin/princ_dns.html
index fe10f1cefc6..6b4e6e6181b 100644
--- a/doc/html/admin/princ_dns.html
+++ b/doc/html/admin/princ_dns.html
@@ -9,7 +9,7 @@
-
+
@@ -242,7 +242,7 @@ add SASL_NOCANON
- Release: 1.22-final
+ Release: 1.22.1
© Copyright 1985-2025, MIT.
diff --git a/doc/html/admin/realm_config.html b/doc/html/admin/realm_config.html
index a1fe446b2d6..0e01c9bd564 100644
--- a/doc/html/admin/realm_config.html
+++ b/doc/html/admin/realm_config.html
@@ -9,7 +9,7 @@
-
+
@@ -376,7 +376,7 @@ the database to additional replicas.
- Release: 1.22-final
+ Release: 1.22.1
© Copyright 1985-2025, MIT.
diff --git a/doc/html/admin/spake.html b/doc/html/admin/spake.html
index de215dfbc57..fded4104170 100644
--- a/doc/html/admin/spake.html
+++ b/doc/html/admin/spake.html
@@ -9,7 +9,7 @@
-
+
@@ -173,7 +173,7 @@ used.
- Release: 1.22-final
+ Release: 1.22.1
© Copyright 1985-2025, MIT.
diff --git a/doc/html/admin/troubleshoot.html b/doc/html/admin/troubleshoot.html
index 812508f5b31..373107025b1 100644
--- a/doc/html/admin/troubleshoot.html
+++ b/doc/html/admin/troubleshoot.html
@@ -9,7 +9,7 @@
-
+
@@ -240,7 +240,7 @@ location on the replica.
- Release: 1.22-final
+ Release: 1.22.1
© Copyright 1985-2025, MIT.
diff --git a/doc/html/admin/various_envs.html b/doc/html/admin/various_envs.html
index ce0e0a7a727..bb605d2616b 100644
--- a/doc/html/admin/various_envs.html
+++ b/doc/html/admin/various_envs.html
@@ -9,7 +9,7 @@
-
+
@@ -153,7 +153,7 @@
- Release: 1.22-final
+ Release: 1.22.1
© Copyright 1985-2025, MIT.
diff --git a/doc/html/appdev/gssapi.html b/doc/html/appdev/gssapi.html
index 39de34df486..12e58f03e18 100644
--- a/doc/html/appdev/gssapi.html
+++ b/doc/html/appdev/gssapi.html
@@ -9,7 +9,7 @@
-
+
@@ -803,7 +803,7 @@ gss_get_mic_iov_length and gss_get_mic_iov:
- Release: 1.22-final
+ Release: 1.22.1
© Copyright 1985-2025, MIT.
diff --git a/doc/html/appdev/h5l_mit_apidiff.html b/doc/html/appdev/h5l_mit_apidiff.html
index 8cc3f9900ef..5ca1c9bb7e6 100644
--- a/doc/html/appdev/h5l_mit_apidiff.html
+++ b/doc/html/appdev/h5l_mit_apidiff.html
@@ -9,7 +9,7 @@
-
+
@@ -147,7 +147,7 @@ if it wasn’t explicitly set in the context
- Release: 1.22-final
+ Release: 1.22.1
© Copyright 1985-2025, MIT.
diff --git a/doc/html/appdev/index.html b/doc/html/appdev/index.html
index 3dd916c32c2..cc9635e9acf 100644
--- a/doc/html/appdev/index.html
+++ b/doc/html/appdev/index.html
@@ -9,7 +9,7 @@
-
+
@@ -124,7 +124,7 @@
- Release: 1.22-final
+ Release: 1.22.1
© Copyright 1985-2025, MIT.
diff --git a/doc/html/appdev/init_creds.html b/doc/html/appdev/init_creds.html
index 0975127d08e..b5c1d10e1fe 100644
--- a/doc/html/appdev/init_creds.html
+++ b/doc/html/appdev/init_creds.html
@@ -9,7 +9,7 @@
-
+
@@ -407,7 +407,7 @@ that the users would access reside on networked servers.
- Release: 1.22-final
+ Release: 1.22.1
© Copyright 1985-2025, MIT.
diff --git a/doc/html/appdev/princ_handle.html b/doc/html/appdev/princ_handle.html
index 73c4d4d9888..99df6469c65 100644
--- a/doc/html/appdev/princ_handle.html
+++ b/doc/html/appdev/princ_handle.html
@@ -9,7 +9,7 @@
-
+
@@ -136,7 +136,7 @@
- Release: 1.22-final
+ Release: 1.22.1
© Copyright 1985-2025, MIT.
diff --git a/doc/html/appdev/refs/api/index.html b/doc/html/appdev/refs/api/index.html
index 609c9d34282..e9906814171 100644
--- a/doc/html/appdev/refs/api/index.html
+++ b/doc/html/appdev/refs/api/index.html
@@ -9,7 +9,7 @@
-
+
@@ -529,7 +529,7 @@
- Release: 1.22-final
+ Release: 1.22.1
© Copyright 1985-2025, MIT.
diff --git a/doc/html/appdev/refs/api/krb5_425_conv_principal.html b/doc/html/appdev/refs/api/krb5_425_conv_principal.html
index eb3d84195bc..84c2d422162 100644
--- a/doc/html/appdev/refs/api/krb5_425_conv_principal.html
+++ b/doc/html/appdev/refs/api/krb5_425_conv_principal.html
@@ -9,7 +9,7 @@
-
+
@@ -136,7 +136,7 @@
- Release: 1.22-final
+ Release: 1.22.1
© Copyright 1985-2025, MIT.
diff --git a/doc/html/appdev/refs/api/krb5_524_conv_principal.html b/doc/html/appdev/refs/api/krb5_524_conv_principal.html
index 0837a9ae202..e2fc677cb92 100644
--- a/doc/html/appdev/refs/api/krb5_524_conv_principal.html
+++ b/doc/html/appdev/refs/api/krb5_524_conv_principal.html
@@ -9,7 +9,7 @@
-
+
@@ -142,7 +142,7 @@
- Release: 1.22-final
+ Release: 1.22.1
© Copyright 1985-2025, MIT.
diff --git a/doc/html/appdev/refs/api/krb5_524_convert_creds.html b/doc/html/appdev/refs/api/krb5_524_convert_creds.html
index cc931406957..9f2c4118584 100644
--- a/doc/html/appdev/refs/api/krb5_524_convert_creds.html
+++ b/doc/html/appdev/refs/api/krb5_524_convert_creds.html
@@ -9,7 +9,7 @@
-
+
@@ -136,7 +136,7 @@
- Release: 1.22-final
+ Release: 1.22.1
© Copyright 1985-2025, MIT.
diff --git a/doc/html/appdev/refs/api/krb5_address_compare.html b/doc/html/appdev/refs/api/krb5_address_compare.html
index 9f634d73c4d..e00fc6d9732 100644
--- a/doc/html/appdev/refs/api/krb5_address_compare.html
+++ b/doc/html/appdev/refs/api/krb5_address_compare.html
@@ -9,7 +9,7 @@
-
+
@@ -132,7 +132,7 @@
- Release: 1.22-final
+ Release: 1.22.1
© Copyright 1985-2025, MIT.
diff --git a/doc/html/appdev/refs/api/krb5_address_order.html b/doc/html/appdev/refs/api/krb5_address_order.html
index c6d5509bad6..acdde1a6478 100644
--- a/doc/html/appdev/refs/api/krb5_address_order.html
+++ b/doc/html/appdev/refs/api/krb5_address_order.html
@@ -9,7 +9,7 @@
-
+
@@ -134,7 +134,7 @@
- Release: 1.22-final
+ Release: 1.22.1
© Copyright 1985-2025, MIT.
diff --git a/doc/html/appdev/refs/api/krb5_address_search.html b/doc/html/appdev/refs/api/krb5_address_search.html
index 03dd02ab8f9..489de7928bd 100644
--- a/doc/html/appdev/refs/api/krb5_address_search.html
+++ b/doc/html/appdev/refs/api/krb5_address_search.html
@@ -9,7 +9,7 @@
-
+
@@ -136,7 +136,7 @@
- Release: 1.22-final
+ Release: 1.22.1
© Copyright 1985-2025, MIT.
diff --git a/doc/html/appdev/refs/api/krb5_allow_weak_crypto.html b/doc/html/appdev/refs/api/krb5_allow_weak_crypto.html
index 9062eba2bdc..9f0cdf4a16f 100644
--- a/doc/html/appdev/refs/api/krb5_allow_weak_crypto.html
+++ b/doc/html/appdev/refs/api/krb5_allow_weak_crypto.html
@@ -9,7 +9,7 @@
-
+
@@ -132,7 +132,7 @@
- Release: 1.22-final
+ Release: 1.22.1
© Copyright 1985-2025, MIT.
diff --git a/doc/html/appdev/refs/api/krb5_aname_to_localname.html b/doc/html/appdev/refs/api/krb5_aname_to_localname.html
index 13760aa1514..517c65c1f93 100644
--- a/doc/html/appdev/refs/api/krb5_aname_to_localname.html
+++ b/doc/html/appdev/refs/api/krb5_aname_to_localname.html
@@ -9,7 +9,7 @@
-
+
@@ -141,7 +141,7 @@
- Release: 1.22-final
+ Release: 1.22.1
© Copyright 1985-2025, MIT.
diff --git a/doc/html/appdev/refs/api/krb5_anonymous_principal.html b/doc/html/appdev/refs/api/krb5_anonymous_principal.html
index 03f2742becd..74d0005bd74 100644
--- a/doc/html/appdev/refs/api/krb5_anonymous_principal.html
+++ b/doc/html/appdev/refs/api/krb5_anonymous_principal.html
@@ -9,7 +9,7 @@
-
+
@@ -128,7 +128,7 @@
- Release: 1.22-final
+ Release: 1.22.1
© Copyright 1985-2025, MIT.
diff --git a/doc/html/appdev/refs/api/krb5_anonymous_realm.html b/doc/html/appdev/refs/api/krb5_anonymous_realm.html
index adf0aa07f74..545bb6d97ba 100644
--- a/doc/html/appdev/refs/api/krb5_anonymous_realm.html
+++ b/doc/html/appdev/refs/api/krb5_anonymous_realm.html
@@ -9,7 +9,7 @@
-
+
@@ -128,7 +128,7 @@
- Release: 1.22-final
+ Release: 1.22.1
© Copyright 1985-2025, MIT.
diff --git a/doc/html/appdev/refs/api/krb5_appdefault_boolean.html b/doc/html/appdev/refs/api/krb5_appdefault_boolean.html
index 33b9d3dd6c3..0c938dc1f13 100644
--- a/doc/html/appdev/refs/api/krb5_appdefault_boolean.html
+++ b/doc/html/appdev/refs/api/krb5_appdefault_boolean.html
@@ -9,7 +9,7 @@
-
+
@@ -133,7 +133,7 @@
- Release: 1.22-final
+ Release: 1.22.1
© Copyright 1985-2025, MIT.
diff --git a/doc/html/appdev/refs/api/krb5_appdefault_string.html b/doc/html/appdev/refs/api/krb5_appdefault_string.html
index af42fa35f20..381359c8469 100644
--- a/doc/html/appdev/refs/api/krb5_appdefault_string.html
+++ b/doc/html/appdev/refs/api/krb5_appdefault_string.html
@@ -9,7 +9,7 @@
-
+
@@ -133,7 +133,7 @@
- Release: 1.22-final
+ Release: 1.22.1
© Copyright 1985-2025, MIT.
diff --git a/doc/html/appdev/refs/api/krb5_auth_con_free.html b/doc/html/appdev/refs/api/krb5_auth_con_free.html
index 6382e76f24f..3340f9ae02c 100644
--- a/doc/html/appdev/refs/api/krb5_auth_con_free.html
+++ b/doc/html/appdev/refs/api/krb5_auth_con_free.html
@@ -9,7 +9,7 @@
-
+
@@ -132,7 +132,7 @@
- Release: 1.22-final
+ Release: 1.22.1
© Copyright 1985-2025, MIT.
diff --git a/doc/html/appdev/refs/api/krb5_auth_con_genaddrs.html b/doc/html/appdev/refs/api/krb5_auth_con_genaddrs.html
index 713ac7e25b0..a20a69f10cf 100644
--- a/doc/html/appdev/refs/api/krb5_auth_con_genaddrs.html
+++ b/doc/html/appdev/refs/api/krb5_auth_con_genaddrs.html
@@ -9,7 +9,7 @@
-
+
@@ -142,7 +142,7 @@
- Release: 1.22-final
+ Release: 1.22.1
© Copyright 1985-2025, MIT.
diff --git a/doc/html/appdev/refs/api/krb5_auth_con_get_checksum_func.html b/doc/html/appdev/refs/api/krb5_auth_con_get_checksum_func.html
index 5e02248f85e..26626bb385f 100644
--- a/doc/html/appdev/refs/api/krb5_auth_con_get_checksum_func.html
+++ b/doc/html/appdev/refs/api/krb5_auth_con_get_checksum_func.html
@@ -9,7 +9,7 @@
-
+
@@ -133,7 +133,7 @@