- update to 1.121.1 (CVE-2023-36054):
* Fix potential uninitialized pointer free in kadm5 XDR parsing
[CVE-2023-36054].
* Added a credential cache type providing compatibility with
the macOS 11 native credential cache.
* libkadm5 will use the provided krb5_context object to read
configuration values, instead of creating its own.
* Added an interface to retrieve the ticket session key
from a GSS context.
* The KDC will no longer issue tickets with RC4 or triple-DES
session keys unless explicitly configured with the new
allow_rc4 or allow_des3 variables respectively.
* The KDC will assume that all services can handle aes256-sha1
session keys unless the service principal has a
session_enctypes string attribute.
* Support for PAC full KDC checksums has been added to
mitigate an S4U2Proxy privilege escalation attack.
* The PKINIT client will advertise a more modern set
of supported CMS algorithms.
* Removed unused code in libkrb5, libkrb5support,
and the PKINIT module.
* Modernized the KDC code for processing TGS requests,
the code for encrypting and decrypting key data,
the PAC handling code, and the GSS library packet
parsing and composition code.
* Improved the test framework's detection of memory
errors in daemon processes when used with asan.
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=274
This commit is contained in:
Git OBS Bridge
parent
9b19498eb9
commit
36feefeaf6
BIN
krb5-1.20.1.tar.gz
(Stored with Git LFS)
BIN
krb5-1.20.1.tar.gz
(Stored with Git LFS)
Binary file not shown.
@ -1,16 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCgAdFiEExEk8tzn0qJ+YUsvCDLoIV1+Dct8FAmNvED8ACgkQDLoIV1+D
|
||||
ct9uKw/8C5GS8mdh335lB+bkfjYYCZLD+oQToDAAbdCddrIcuLftvnTfXJ8cMtMc
|
||||
UT2hsp8u7ZupjJRevdhaH7fFwomc0V8iSES5J2cQHTNd9aK93j/W6NaMoqWLrQWg
|
||||
jx99oqLn7orvp8N5RufEQcNMNWhFIX4XSfrA3vPfHbbffA2vkjJzOGno4UHi8zUn
|
||||
6nye7jbrBpiQIeFIJSS3VPsvGrKdRgb9BqGTUsqPIuFvr3Qvo42lKr5X8CWYSXjK
|
||||
0aKlOpfbWdkteEe2o84/wyMpuGvmYkmOgaMB5xQ3jfEuvPNAWX2CWHNDamiqwBT/
|
||||
YxwhZimNa1B9r3P1yDHvpUu8cJaRzw2UDRi2f3Kztrmn2jlqzmoZ31WBALJA7lmL
|
||||
SrVFdXi7AcWwppMp1kbe9SvurCXID8/Q4n+qAdzSvqrXbeWerVUkdYFvtxQ1bMJR
|
||||
jnqN11iZFYaoCaaR2lFEhjoMdR80jUa2m6vdF7a7xhH1UvuPHDnzLT9X/TiPvx0R
|
||||
Itrp5MMIrUQHcZUL9hM5hrg3nxEsGsSCnjB0zWDmgXdLGwd4CvcOF4HPQR3BBlEH
|
||||
CLtAa27bBXMJTYVvmmKt06hw+U3ALDfUlFrV6ZNLr9ug69l29n7JoChAbZ97Hx1m
|
||||
twPwJpKd8AiUz+j3KCfgGU21qMbHNP3jEn3q9tkq0qcs/z7RCmU=
|
||||
=1WIq
|
||||
-----END PGP SIGNATURE-----
|
||||
3
krb5-1.21.1.tar.gz
Normal file
3
krb5-1.21.1.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:7881c3aaaa1b329bd27dbc6bf2bf1c85c5d0b6c7358aff2b35d513ec2d50fa1f
|
||||
size 8623049
|
||||
16
krb5-1.21.1.tar.gz.asc
Normal file
16
krb5-1.21.1.tar.gz.asc
Normal file
@ -0,0 +1,16 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCgAdFiEExEk8tzn0qJ+YUsvCDLoIV1+Dct8FAmSsc/kACgkQDLoIV1+D
|
||||
ct+wPxAArlkJs5WpFIm2JDJXGF82BNw/FEhg+OkWcPHeLMWJF8qO0AxVp8Yq4g1g
|
||||
qFpTABwY8V2tfr84XQJ6rw7Qq93NjRjFHr1z1tDmCceLisXof6Tu7/RKjHwNmJt8
|
||||
M3srmsXPlmx/7cXuaYIljJfftun3D/iuEaydWluGb1DZicaU/OsofGhKE8/YEZrN
|
||||
H0XdIC45raG4O9t6CGjQRcAIv5Z4afCtXH4aaEmLg6E2+aTUyx+czu7nBASCaTyv
|
||||
s4df8fhbVpdBi6iA6BQJC296Rc1gyDnuxnjyCH8Rj2gTuiI4Oa2dxRPGT3mjksz3
|
||||
OheYcXK9XGCtUbG22zrxqUuHDA3jF6KKmsVSXnbygB6XSS/c0bqmeDRTQGPksWH6
|
||||
RJbmlKG9PQ0BavlXRa7Nupaa7f0jblFiduScYujRsyWxi/8YkckedugYyuww59gV
|
||||
piUwGGRDWldy+JIAYtvzirsfe6Oum0/SKY5wYXyKv0flM95pbfBEw+TzRxmlCQ5J
|
||||
+i8L9Frr4gTmT576GHB6WzBlOEPf6mRc8jg0DyyUOoDHXyj4MCyJGEJxvcyVV1WX
|
||||
tJlu0uH1f8pMZx4IQ279PsNFimO/NsdSTefqiVGXA7FWK1EPLc+l9ZBcrLi9KEmJ
|
||||
7TfVq9cAg6+m2tql+gjAQrfXHUU1mNdPLFMnShYlqHjTle4cQKE=
|
||||
=AIvQ
|
||||
-----END PGP SIGNATURE-----
|
||||
@ -24,13 +24,13 @@
|
||||
%define _fillupdir %{_localstatedir}/adm/fillup-templates
|
||||
%endif
|
||||
Name: krb5-mini
|
||||
Version: 1.20.1
|
||||
Version: 1.21.1
|
||||
Release: 0
|
||||
Summary: MIT Kerberos5 implementation and libraries with minimal dependencies
|
||||
License: MIT
|
||||
URL: https://kerberos.org/dist/
|
||||
Source0: https://kerberos.org/dist/krb5/1.20/krb5-%{version}.tar.gz
|
||||
Source1: https://kerberos.org/dist/krb5/1.20/krb5-%{version}.tar.gz.asc
|
||||
Source0: https://kerberos.org/dist/krb5/1.21/krb5-%{version}.tar.gz
|
||||
Source1: https://kerberos.org/dist/krb5/1.21/krb5-%{version}.tar.gz.asc
|
||||
Source2: krb5.keyring
|
||||
Source3: vendor-files.tar.bz2
|
||||
Source4: baselibs.conf
|
||||
|
||||
31
krb5.changes
31
krb5.changes
@ -1,3 +1,34 @@
|
||||
-------------------------------------------------------------------
|
||||
Sat Jul 15 18:19:32 UTC 2023 - Dirk Müller <dmueller@suse.com>
|
||||
|
||||
- update to 1.121.1 (CVE-2023-36054):
|
||||
* Fix potential uninitialized pointer free in kadm5 XDR parsing
|
||||
[CVE-2023-36054].
|
||||
* Added a credential cache type providing compatibility with
|
||||
the macOS 11 native credential cache.
|
||||
* libkadm5 will use the provided krb5_context object to read
|
||||
configuration values, instead of creating its own.
|
||||
* Added an interface to retrieve the ticket session key
|
||||
from a GSS context.
|
||||
* The KDC will no longer issue tickets with RC4 or triple-DES
|
||||
session keys unless explicitly configured with the new
|
||||
allow_rc4 or allow_des3 variables respectively.
|
||||
* The KDC will assume that all services can handle aes256-sha1
|
||||
session keys unless the service principal has a
|
||||
session_enctypes string attribute.
|
||||
* Support for PAC full KDC checksums has been added to
|
||||
mitigate an S4U2Proxy privilege escalation attack.
|
||||
* The PKINIT client will advertise a more modern set
|
||||
of supported CMS algorithms.
|
||||
* Removed unused code in libkrb5, libkrb5support,
|
||||
and the PKINIT module.
|
||||
* Modernized the KDC code for processing TGS requests,
|
||||
the code for encrypting and decrypting key data,
|
||||
the PAC handling code, and the GSS library packet
|
||||
parsing and composition code.
|
||||
* Improved the test framework's detection of memory
|
||||
errors in daemon processes when used with asan.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu May 4 13:42:23 UTC 2023 - Frederic Crozat <fcrozat@suse.com>
|
||||
|
||||
|
||||
@ -21,13 +21,13 @@
|
||||
%define _fillupdir %{_localstatedir}/adm/fillup-templates
|
||||
%endif
|
||||
Name: krb5
|
||||
Version: 1.20.1
|
||||
Version: 1.21.1
|
||||
Release: 0
|
||||
Summary: MIT Kerberos5 implementation
|
||||
License: MIT
|
||||
URL: https://kerberos.org/dist/
|
||||
Source0: https://kerberos.org/dist/krb5/1.20/krb5-%{version}.tar.gz
|
||||
Source1: https://kerberos.org/dist/krb5/1.20/krb5-%{version}.tar.gz.asc
|
||||
Source0: https://kerberos.org/dist/krb5/1.21/krb5-%{version}.tar.gz
|
||||
Source1: https://kerberos.org/dist/krb5/1.21/krb5-%{version}.tar.gz.asc
|
||||
Source2: krb5.keyring
|
||||
Source3: vendor-files.tar.bz2
|
||||
Source4: baselibs.conf
|
||||
|
||||
Loading…
Reference in New Issue
Block a user