Accepting request 603974 from home:stroeder:branches:network

Security fixes in release 1.15.3

OBS-URL: https://build.opensuse.org/request/show/603974
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=206

krb5-1.15.2.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:1639e392edf25e3b6cfec2ae68f97eb53e07c2dbe74bfeede0108465d5d1c87e
-size 9380755

krb5-1.15.2.tar.gz.asc

@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iQIVAwUAWckx/Ay6CFdfg3LfAQJRSxAArp+ozTwvfosjtqbJ+jZzfSD3xebTyukh
-fhjXn+LJ5u8M2KDrWW8rS2ko31nI4vi+ETR6EGLedb0LvSADh4OQIMCsAAm8mPSk
-XVZwZ/xsHiHX8eX9gMjjn9ZViBK8VGOtkJ9vLhCuuzMOk8ZF++LBLjtbBiDpqF1Y
-v7QMBO/Jt3oqHwd0ZcZguhMXnSxm7Q0+MQcFAOF8tUbQvLsdNR/R9hReA4sF0a3k
-bVFyPe0FlmroL3lgEw72VYIA4r7f/VOu3wXJD1XRm05C3Xg2O4YXyD3ejZInoOdf
-+X6qJ58vtSL5tuI40vqZZ9LikGOL937Xk4Etx0XhaP15GmUoolDq4x0n+uzq8X8w
-EE8xkNymmU4wWpxe3+e8vfQhmfSshVuOOVTYbrTgymow0WMUHsMkC1SCevblQ33m
-1EKWadzsWJZAxYcuIkV5hxEXWN9FBTArc/OYrh3BPOS/EZkgAGt9viX3UQYX/8qh
-dCalFN1WEzud3hFsKxlcy089K/fnMpZ41rCBAMlyhWW4gdYpDwIrVfZvtLdedEhL
-GROXd6bZD8HS7nVSu16jY+datD2PHsq2diqgBMAEIpcLArxTUyD0JrIdxERtjesE
-LwttH5KhPdUGsOL51aaZYdoVKwcxG5TLAR3WVFKZbxNy1euiSnQ3iU4MME/AxNmS
-gAXLEZR2JPU=
-=nYjU
------END PGP SIGNATURE-----

krb5-1.15.3.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:92bb5b613e42c62e3b693cd68ba1ea185eb26d5dcc2d168fce17706c150bebab
+size 9386670

krb5-1.15.3.tar.gz.asc

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQIVAwUAWutaxAy6CFdfg3LfAQJB8g/+NiCVQakhrLJt8AKwoSYM+MkDReKJNGur
+4XY8uI0zDfvWH+fK+6KyNvjV0C4tbzEU7dC4pydLaR+5ptW3vOpNTaWoYiJMpSZQ
+HnpCtlaeBFTVPX3EpqZxwnFyt/FJSAcxQMImSwgUWq2sn1ZG0TQ0cW4USclpkaHP
+wn4tbAzITy9qxp71KOlc+H+Xghfgp46GOHA6qWfNF0uhaxmYOrGh/WtHnWiN66Cs
+LIZHCzxPX8iKuJKKG+awyl1XBb+eSdTzkFCAOH3mWYyt6FHbDnSpGd9lILeomtjs
+fZ7l9YEy9lMxQuj1QV29nkI37+SiX2rNGGheNXwiriqgQxGrLxyQBfDwJEQJFIM4
+HWVLhFTtE7nko0UGLat2XpfHHRUVNsDFqOHw8yPcfYfsE0h4YKz6O7PO3t8GLrYs
+LOSXPSIqgAciKmChhAxOGvJOk89LAQJpe664Agp5dD41lYEzGp/UUDWLMArqEB4x
+hLKi5gXfKrrA+OBP007j15dJGwBhaE61xeBkmVI8Ds6kDAgmpNlTsNukOHvvlUOq
+C6+OJUUSLI9f0fnPSOz0W7JAQsdp2D+5dYrTU8JgzIKU5r8vO1pzKkM9oNSSUUIA
+Y9AMaZh8uBDlhzvGtWRgDnAn3y0g8Qjf5DcWHqNeWQrMOg7ekn0XutmepnGGvXHN
+56JVACsg3Zw=
+=SYgQ
+-----END PGP SIGNATURE-----

krb5-mini.changes

@@ -1,3 +1,20 @@
+-------------------------------------------------------------------
+Fri May  4 09:48:36 UTC 2018 - michael@stroeder.com
+
+- Upgrade to 1.15.3
+  * Fix flaws in LDAP DN checking, including a null dereference KDC
+    crash which could be triggered by kadmin clients with administrative
+    privileges [CVE-2018-5729, CVE-2018-5730].
+  * Fix a KDC PKINIT memory leak.
+  * Fix a small KDC memory leak on transited or authdata errors when
+    processing TGS requests.
+  * Fix a null dereference when the KDC sends a large TGS reply.
+  * Fix "kdestroy -A" with the KCM credential cache type.
+  * Fix the handling of capaths "." values.
+  * Fix handling of repeated subsection specifications in profile files
+    (such as when multiple included files specify relations in the same
+    subsection).
+
 -------------------------------------------------------------------
 Wed Apr 25 21:56:35 UTC 2018 - luizluca@gmail.com
 

krb5-mini.spec

@@ -21,7 +21,7 @@
   %define _fillupdir /var/adm/fillup-templates
 %endif
 
-%define srcRoot krb5-1.15.2
+%define srcRoot krb5-1.15.3
 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/
 %define krb5docdir  %{_defaultdocdir}/krb5
 
@@ -34,7 +34,7 @@ BuildRequires:  keyutils-devel
 BuildRequires:  libcom_err-devel
 BuildRequires:  libselinux-devel
 BuildRequires:  ncurses-devel
-Version:        1.15.2
+Version:        1.15.3
 Release:        0
 Summary:        MIT Kerberos5 implementation and libraries with minimal dependencies
 License:        MIT

krb5.changes

@@ -1,3 +1,20 @@
+-------------------------------------------------------------------
+Fri May  4 09:48:36 UTC 2018 - michael@stroeder.com
+
+- Upgrade to 1.15.3
+  * Fix flaws in LDAP DN checking, including a null dereference KDC
+    crash which could be triggered by kadmin clients with administrative
+    privileges [CVE-2018-5729, CVE-2018-5730].
+  * Fix a KDC PKINIT memory leak.
+  * Fix a small KDC memory leak on transited or authdata errors when
+    processing TGS requests.
+  * Fix a null dereference when the KDC sends a large TGS reply.
+  * Fix "kdestroy -A" with the KCM credential cache type.
+  * Fix the handling of capaths "." values.
+  * Fix handling of repeated subsection specifications in profile files
+    (such as when multiple included files specify relations in the same
+    subsection).
+
 -------------------------------------------------------------------
 Wed Apr 25 21:54:39 UTC 2018 - luizluca@gmail.com
 

krb5.spec

@@ -30,7 +30,7 @@ BuildRequires:  keyutils-devel
 BuildRequires:  libcom_err-devel
 BuildRequires:  libselinux-devel
 BuildRequires:  ncurses-devel
-Version:        1.15.2
+Version:        1.15.3
 Release:        0
 Summary:        MIT Kerberos5 implementation
 License:        MIT