- update to 1.121.1 (CVE-2023-36054):
* Fix potential uninitialized pointer free in kadm5 XDR parsing
[CVE-2023-36054].
* Added a credential cache type providing compatibility with
the macOS 11 native credential cache.
* libkadm5 will use the provided krb5_context object to read
configuration values, instead of creating its own.
* Added an interface to retrieve the ticket session key
from a GSS context.
* The KDC will no longer issue tickets with RC4 or triple-DES
session keys unless explicitly configured with the new
allow_rc4 or allow_des3 variables respectively.
* The KDC will assume that all services can handle aes256-sha1
session keys unless the service principal has a
session_enctypes string attribute.
* Support for PAC full KDC checksums has been added to
mitigate an S4U2Proxy privilege escalation attack.
* The PKINIT client will advertise a more modern set
of supported CMS algorithms.
* Removed unused code in libkrb5, libkrb5support,
and the PKINIT module.
* Modernized the KDC code for processing TGS requests,
the code for encrypting and decrypting key data,
the PAC handling code, and the GSS library packet
parsing and composition code.
* Improved the test framework's detection of memory
errors in daemon processes when used with asan.
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=274
This commit is contained in:
Git OBS Bridge
parent
9b19498eb9
commit
36feefeaf6
BIN
krb5-1.20.1.tar.gz
(Stored with Git LFS)
BIN
krb5-1.20.1.tar.gz
(Stored with Git LFS)
Binary file not shown.
@ -1,16 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
|
|
||||||
iQIzBAABCgAdFiEExEk8tzn0qJ+YUsvCDLoIV1+Dct8FAmNvED8ACgkQDLoIV1+D
|
|
||||||
ct9uKw/8C5GS8mdh335lB+bkfjYYCZLD+oQToDAAbdCddrIcuLftvnTfXJ8cMtMc
|
|
||||||
UT2hsp8u7ZupjJRevdhaH7fFwomc0V8iSES5J2cQHTNd9aK93j/W6NaMoqWLrQWg
|
|
||||||
jx99oqLn7orvp8N5RufEQcNMNWhFIX4XSfrA3vPfHbbffA2vkjJzOGno4UHi8zUn
|
|
||||||
6nye7jbrBpiQIeFIJSS3VPsvGrKdRgb9BqGTUsqPIuFvr3Qvo42lKr5X8CWYSXjK
|
|
||||||
0aKlOpfbWdkteEe2o84/wyMpuGvmYkmOgaMB5xQ3jfEuvPNAWX2CWHNDamiqwBT/
|
|
||||||
YxwhZimNa1B9r3P1yDHvpUu8cJaRzw2UDRi2f3Kztrmn2jlqzmoZ31WBALJA7lmL
|
|
||||||
SrVFdXi7AcWwppMp1kbe9SvurCXID8/Q4n+qAdzSvqrXbeWerVUkdYFvtxQ1bMJR
|
|
||||||
jnqN11iZFYaoCaaR2lFEhjoMdR80jUa2m6vdF7a7xhH1UvuPHDnzLT9X/TiPvx0R
|
|
||||||
Itrp5MMIrUQHcZUL9hM5hrg3nxEsGsSCnjB0zWDmgXdLGwd4CvcOF4HPQR3BBlEH
|
|
||||||
CLtAa27bBXMJTYVvmmKt06hw+U3ALDfUlFrV6ZNLr9ug69l29n7JoChAbZ97Hx1m
|
|
||||||
twPwJpKd8AiUz+j3KCfgGU21qMbHNP3jEn3q9tkq0qcs/z7RCmU=
|
|
||||||
=1WIq
|
|
||||||
-----END PGP SIGNATURE-----
|
|
||||||
3
krb5-1.21.1.tar.gz
Normal file
3
krb5-1.21.1.tar.gz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:7881c3aaaa1b329bd27dbc6bf2bf1c85c5d0b6c7358aff2b35d513ec2d50fa1f
|
||||||
|
size 8623049
|
||||||
16
krb5-1.21.1.tar.gz.asc
Normal file
16
krb5-1.21.1.tar.gz.asc
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQIzBAABCgAdFiEExEk8tzn0qJ+YUsvCDLoIV1+Dct8FAmSsc/kACgkQDLoIV1+D
|
||||||
|
ct+wPxAArlkJs5WpFIm2JDJXGF82BNw/FEhg+OkWcPHeLMWJF8qO0AxVp8Yq4g1g
|
||||||
|
qFpTABwY8V2tfr84XQJ6rw7Qq93NjRjFHr1z1tDmCceLisXof6Tu7/RKjHwNmJt8
|
||||||
|
M3srmsXPlmx/7cXuaYIljJfftun3D/iuEaydWluGb1DZicaU/OsofGhKE8/YEZrN
|
||||||
|
H0XdIC45raG4O9t6CGjQRcAIv5Z4afCtXH4aaEmLg6E2+aTUyx+czu7nBASCaTyv
|
||||||
|
s4df8fhbVpdBi6iA6BQJC296Rc1gyDnuxnjyCH8Rj2gTuiI4Oa2dxRPGT3mjksz3
|
||||||
|
OheYcXK9XGCtUbG22zrxqUuHDA3jF6KKmsVSXnbygB6XSS/c0bqmeDRTQGPksWH6
|
||||||
|
RJbmlKG9PQ0BavlXRa7Nupaa7f0jblFiduScYujRsyWxi/8YkckedugYyuww59gV
|
||||||
|
piUwGGRDWldy+JIAYtvzirsfe6Oum0/SKY5wYXyKv0flM95pbfBEw+TzRxmlCQ5J
|
||||||
|
+i8L9Frr4gTmT576GHB6WzBlOEPf6mRc8jg0DyyUOoDHXyj4MCyJGEJxvcyVV1WX
|
||||||
|
tJlu0uH1f8pMZx4IQ279PsNFimO/NsdSTefqiVGXA7FWK1EPLc+l9ZBcrLi9KEmJ
|
||||||
|
7TfVq9cAg6+m2tql+gjAQrfXHUU1mNdPLFMnShYlqHjTle4cQKE=
|
||||||
|
=AIvQ
|
||||||
|
-----END PGP SIGNATURE-----
|
||||||
@ -24,13 +24,13 @@
|
|||||||
%define _fillupdir %{_localstatedir}/adm/fillup-templates
|
%define _fillupdir %{_localstatedir}/adm/fillup-templates
|
||||||
%endif
|
%endif
|
||||||
Name: krb5-mini
|
Name: krb5-mini
|
||||||
Version: 1.20.1
|
Version: 1.21.1
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: MIT Kerberos5 implementation and libraries with minimal dependencies
|
Summary: MIT Kerberos5 implementation and libraries with minimal dependencies
|
||||||
License: MIT
|
License: MIT
|
||||||
URL: https://kerberos.org/dist/
|
URL: https://kerberos.org/dist/
|
||||||
Source0: https://kerberos.org/dist/krb5/1.20/krb5-%{version}.tar.gz
|
Source0: https://kerberos.org/dist/krb5/1.21/krb5-%{version}.tar.gz
|
||||||
Source1: https://kerberos.org/dist/krb5/1.20/krb5-%{version}.tar.gz.asc
|
Source1: https://kerberos.org/dist/krb5/1.21/krb5-%{version}.tar.gz.asc
|
||||||
Source2: krb5.keyring
|
Source2: krb5.keyring
|
||||||
Source3: vendor-files.tar.bz2
|
Source3: vendor-files.tar.bz2
|
||||||
Source4: baselibs.conf
|
Source4: baselibs.conf
|
||||||
|
|||||||
31
krb5.changes
31
krb5.changes
@ -1,3 +1,34 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Sat Jul 15 18:19:32 UTC 2023 - Dirk Müller <dmueller@suse.com>
|
||||||
|
|
||||||
|
- update to 1.121.1 (CVE-2023-36054):
|
||||||
|
* Fix potential uninitialized pointer free in kadm5 XDR parsing
|
||||||
|
[CVE-2023-36054].
|
||||||
|
* Added a credential cache type providing compatibility with
|
||||||
|
the macOS 11 native credential cache.
|
||||||
|
* libkadm5 will use the provided krb5_context object to read
|
||||||
|
configuration values, instead of creating its own.
|
||||||
|
* Added an interface to retrieve the ticket session key
|
||||||
|
from a GSS context.
|
||||||
|
* The KDC will no longer issue tickets with RC4 or triple-DES
|
||||||
|
session keys unless explicitly configured with the new
|
||||||
|
allow_rc4 or allow_des3 variables respectively.
|
||||||
|
* The KDC will assume that all services can handle aes256-sha1
|
||||||
|
session keys unless the service principal has a
|
||||||
|
session_enctypes string attribute.
|
||||||
|
* Support for PAC full KDC checksums has been added to
|
||||||
|
mitigate an S4U2Proxy privilege escalation attack.
|
||||||
|
* The PKINIT client will advertise a more modern set
|
||||||
|
of supported CMS algorithms.
|
||||||
|
* Removed unused code in libkrb5, libkrb5support,
|
||||||
|
and the PKINIT module.
|
||||||
|
* Modernized the KDC code for processing TGS requests,
|
||||||
|
the code for encrypting and decrypting key data,
|
||||||
|
the PAC handling code, and the GSS library packet
|
||||||
|
parsing and composition code.
|
||||||
|
* Improved the test framework's detection of memory
|
||||||
|
errors in daemon processes when used with asan.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu May 4 13:42:23 UTC 2023 - Frederic Crozat <fcrozat@suse.com>
|
Thu May 4 13:42:23 UTC 2023 - Frederic Crozat <fcrozat@suse.com>
|
||||||
|
|
||||||
|
|||||||
@ -21,13 +21,13 @@
|
|||||||
%define _fillupdir %{_localstatedir}/adm/fillup-templates
|
%define _fillupdir %{_localstatedir}/adm/fillup-templates
|
||||||
%endif
|
%endif
|
||||||
Name: krb5
|
Name: krb5
|
||||||
Version: 1.20.1
|
Version: 1.21.1
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: MIT Kerberos5 implementation
|
Summary: MIT Kerberos5 implementation
|
||||||
License: MIT
|
License: MIT
|
||||||
URL: https://kerberos.org/dist/
|
URL: https://kerberos.org/dist/
|
||||||
Source0: https://kerberos.org/dist/krb5/1.20/krb5-%{version}.tar.gz
|
Source0: https://kerberos.org/dist/krb5/1.21/krb5-%{version}.tar.gz
|
||||||
Source1: https://kerberos.org/dist/krb5/1.20/krb5-%{version}.tar.gz.asc
|
Source1: https://kerberos.org/dist/krb5/1.21/krb5-%{version}.tar.gz.asc
|
||||||
Source2: krb5.keyring
|
Source2: krb5.keyring
|
||||||
Source3: vendor-files.tar.bz2
|
Source3: vendor-files.tar.bz2
|
||||||
Source4: baselibs.conf
|
Source4: baselibs.conf
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user