da0f7e993b
Accepting request 1334448 from network
...
OBS-URL: https://build.opensuse.org/request/show/1334448
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=180
2026-02-24 14:37:51 +00:00
9fd065daf9
- Update to 1.22.2
...
* Fix a SPNEGO packet parsing bug which could cause GSS mechanism
negotiation failure.
- Fix building with glibc 2.43; (bsc#1257257); Add patch
0010-Fix-strchr-conformance-to-C23.patch
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=301
2026-02-23 10:04:14 +00:00
dc361a18fe
Accepting request 1330408 from network
...
Automatic submission by obs-autosubmit
OBS-URL: https://build.opensuse.org/request/show/1330408
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=179
2026-02-04 20:01:00 +00:00
087b5fa41f
Accepting request 1328893 from home:npower:branches:network
...
- Immutable mode support, create /var/log/krb5 dir via
systemd.tmpfiles; (PED-14767).
- Add krb5-log.tmpfiles
- Immutable mode support, create /var/log/krb5 dir via
systemd.tmpfiles; (PED-14767).
- Add krb5-log.tmpfiles
- Fix memory leak; (bsc#1252989); Update patch
0009-UsrEtc-support.patch
- Immutable mode support, create /var/log/krb5 dir via
systemd.tmpfiles; (PED-14767).
- Add krb5-log.tmpfiles
OBS-URL: https://build.opensuse.org/request/show/1328893
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=299
2026-02-02 12:13:27 +00:00
dc9e724c19
Accepting request 1321564 from network
...
OBS-URL: https://build.opensuse.org/request/show/1321564
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=178
2025-12-09 11:45:47 +00:00
50516cad9d
Accepting request 1320128 from home:scabrero:branches:network
...
- Update to 1.22.1
- Fix memory leak; (bsc#1252989)
OBS-URL: https://build.opensuse.org/request/show/1320128
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=297
2025-12-08 11:46:47 +00:00
0d56425bc9
Accepting request 1293371 from network
...
OBS-URL: https://build.opensuse.org/request/show/1293371
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=177
2025-07-17 15:17:37 +00:00
0bd0c5c224
Accepting request 1289991 from home:schubi2
...
- Moved /etc/krb5.conf to /usr/etc/krb5.conf
This patch (0011_usr_etc.patch) is upstream:
https://github.com/krb5/krb5/pull/1437/
- Moved /etc/krb5.conf to /usr/etc/krb5.conf
This patch (0011_usr_etc.patch) is upstream:
https://github.com/krb5/krb5/pull/1437/
OBS-URL: https://build.opensuse.org/request/show/1289991
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=295
2025-07-15 09:55:08 +00:00
f14e3cc06f
Accepting request 1271359 from network
...
OBS-URL: https://build.opensuse.org/request/show/1271359
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=176
2025-04-23 13:18:10 +00:00
b0da844498
Accepting request 1271200 from home:hsk17:branches:openSUSE:Factory:Staging:Gcc7
...
add -std=gnu11 to CFLAGS to fix gcc15 compile time error, and to still allow build on Leap 15.6
OBS-URL: https://build.opensuse.org/request/show/1271200
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=293
2025-04-22 09:10:07 +00:00
58028352ab
Accepting request 1243471 from network
...
OBS-URL: https://build.opensuse.org/request/show/1243471
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=175
2025-02-06 21:02:16 +00:00
295f0aa2b2
Accepting request 1241313 from home:scabrero:branches:network
...
- Prevent overflow when calculating ulog block size. An authenticated
attacker can cause kadmind to write beyond the end of the mapped
region for the iprop log file, likely causing a process crash;
(CVE-2025-24528); (bsc#1236619).
- Add patch 0010-CVE-2025-24528.patch
OBS-URL: https://build.opensuse.org/request/show/1241313
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=291
2025-02-05 16:20:16 +00:00
b0388a20f4
Accepting request 1185764 from network
...
- Update to 1.21.3
* Fix vulnerabilities in GSS message token handling:
* CVE-2024-37370, bsc#1227186
* CVE-2024-37371, bsc#1227187
* Fix a potential bad pointer free in krb5_cccol_have_contents()
* Fix a memory leak in the macOS ccache type
- Update patch 0009-Fix-three-memory-leaks.patch
- Fix memory leaks, add patch 0009-Fix-three-memory-leaks.patch
* CVE-2024-26458, bsc#1220770
* CVE-2024-26461, bsc#1220771
* CVE-2024-26462, bsc#1220772
- Update to 1.21.3
* Fix vulnerabilities in GSS message token handling:
* CVE-2024-37370, bsc#1227186
* CVE-2024-37371, bsc#1227187
* Fix a potential bad pointer free in krb5_cccol_have_contents()
* Fix a memory leak in the macOS ccache type
- Update patch 0009-Fix-three-memory-leaks.patch
OBS-URL: https://build.opensuse.org/request/show/1185764
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=174
2024-07-08 17:06:50 +00:00
f27c7892d6
Accepting request 1184896 from home:scabrero:branches:network
...
- Update to 1.21.3
* Fix vulnerabilities in GSS message token handling:
* CVE-2024-37370, bsc#1227186
* CVE-2024-37371, bsc#1227187
* Fix a potential bad pointer free in krb5_cccol_have_contents()
* Fix a memory leak in the macOS ccache type
- Update patch 0009-Fix-three-memory-leaks.patch
OBS-URL: https://build.opensuse.org/request/show/1184896
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=289
2024-07-04 07:20:48 +00:00
6e2b17ae67
Accepting request 1175448 from network
...
OBS-URL: https://build.opensuse.org/request/show/1175448
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=173
2024-05-21 16:34:17 +00:00
f05c3795bf
Accepting request 1174873 from home:scabrero:branches:network
...
[CVE-2023-36054]; (bsc#1214054).
OBS-URL: https://build.opensuse.org/request/show/1174873
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=287
2024-05-21 07:32:21 +00:00
0959d1f2d2
Accepting request 1173900 from network
...
OBS-URL: https://build.opensuse.org/request/show/1173900
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=172
2024-05-15 19:25:47 +00:00
c18272040b
Accepting request 1173687 from home:gladiac:branches:network
...
- Enable the LMDB backend for KDB
OBS-URL: https://build.opensuse.org/request/show/1173687
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=285
2024-05-14 07:54:34 +00:00
b60245a7d2
Accepting request 1171363 from network
...
OBS-URL: https://build.opensuse.org/request/show/1171363
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=171
2024-05-02 21:46:50 +00:00
0efe12eee6
Accepting request 1171347 from home:kukuk:cleanup
...
- Remove requires for not used cron
OBS-URL: https://build.opensuse.org/request/show/1171347
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=283
2024-05-02 13:10:43 +00:00
34eb3603a2
Accepting request 1169845 from home:scabrero:branches:network
...
- Fix memory leaks, add patch 0009-Fix-three-memory-leaks.patch
* CVE-2024-26458, bsc#1220770
* CVE-2024-26461, bsc#1220771
* CVE-2024-26462, bsc#1220772
OBS-URL: https://build.opensuse.org/request/show/1169845
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=282
2024-05-01 05:54:37 +00:00
3b56b9009e
Accepting request 1156860 from network
...
OBS-URL: https://build.opensuse.org/request/show/1156860
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=170
2024-04-04 20:24:00 +00:00
fa4ab7b339
Accepting request 1153219 from home:pmonrealgonzalez:branches:network
...
- Add crypto-policies support [bsc#1211301]
* Update krb5.conf in vendor-files.tar.bz2
- Add crypto-policies support [bsc#1211301]
* Update krb5.conf in vendor-files.tar.bz2
OBS-URL: https://build.opensuse.org/request/show/1153219
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=280
2024-03-11 07:49:33 +00:00
312e61556c
Accepting request 1134351 from network
...
- update to 1.21.2 (bsc#1218211, CVE-2023-39975):
* Fix double-free in KDC TGS processing [CVE-2023-39975].
- update to 1.21.1 (CVE-2023-36054):
with Windows KDCs.
OBS-URL: https://build.opensuse.org/request/show/1134351
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=169
2023-12-21 22:37:52 +00:00
4426104a84
- update to 1.21.2 (bsc#1218211, CVE-2023-39975):
...
* Fix double-free in KDC TGS processing [CVE-2023-39975].
- update to 1.21.1 (CVE-2023-36054):
with Windows KDCs.
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=278
2023-12-20 23:21:24 +00:00
6bf75e5dbb
Accepting request 1114991 from network
...
OBS-URL: https://build.opensuse.org/request/show/1114991
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=168
2023-10-05 18:02:35 +00:00
c77b1e477d
Accepting request 1114983 from home:dimstar:Factory
...
- Add explicit this-is-only-for-build-envs requires to krb5-mini
and krb5-mini-devel: the mini flavors are currently excluded
using special hacks from the FTP Tree. In order to eliminate this
hack, we need to ensure the packages are not viable for real
installations. We achieve this with a dep that is never provided,
but ignored by OBS.
OBS-URL: https://build.opensuse.org/request/show/1114983
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=276
2023-10-03 12:17:40 +00:00
3495417f04
Accepting request 1098841 from network
...
- update to 1.121.1 (CVE-2023-36054):
* Fix potential uninitialized pointer free in kadm5 XDR parsing
[CVE-2023-36054].
* Added a credential cache type providing compatibility with
the macOS 11 native credential cache.
* libkadm5 will use the provided krb5_context object to read
configuration values, instead of creating its own.
* Added an interface to retrieve the ticket session key
from a GSS context.
* The KDC will no longer issue tickets with RC4 or triple-DES
session keys unless explicitly configured with the new
allow_rc4 or allow_des3 variables respectively.
* The KDC will assume that all services can handle aes256-sha1
session keys unless the service principal has a
session_enctypes string attribute.
* Support for PAC full KDC checksums has been added to
mitigate an S4U2Proxy privilege escalation attack.
* The PKINIT client will advertise a more modern set
of supported CMS algorithms.
* Removed unused code in libkrb5, libkrb5support,
and the PKINIT module.
* Modernized the KDC code for processing TGS requests,
the code for encrypting and decrypting key data,
the PAC handling code, and the GSS library packet
parsing and composition code.
* Improved the test framework's detection of memory
errors in daemon processes when used with asan.
OBS-URL: https://build.opensuse.org/request/show/1098841
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=167
2023-07-17 17:22:54 +00:00
ddc533e05b
- update to 1.121.1 (CVE-2023-36054):
...
* Fix potential uninitialized pointer free in kadm5 XDR parsing
[CVE-2023-36054].
* Added a credential cache type providing compatibility with
the macOS 11 native credential cache.
* libkadm5 will use the provided krb5_context object to read
configuration values, instead of creating its own.
* Added an interface to retrieve the ticket session key
from a GSS context.
* The KDC will no longer issue tickets with RC4 or triple-DES
session keys unless explicitly configured with the new
allow_rc4 or allow_des3 variables respectively.
* The KDC will assume that all services can handle aes256-sha1
session keys unless the service principal has a
session_enctypes string attribute.
* Support for PAC full KDC checksums has been added to
mitigate an S4U2Proxy privilege escalation attack.
* The PKINIT client will advertise a more modern set
of supported CMS algorithms.
* Removed unused code in libkrb5, libkrb5support,
and the PKINIT module.
* Modernized the KDC code for processing TGS requests,
the code for encrypting and decrypting key data,
the PAC handling code, and the GSS library packet
parsing and composition code.
* Improved the test framework's detection of memory
errors in daemon processes when used with asan.
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=274
2023-07-15 18:25:31 +00:00
72c75b5915
Accepting request 1084720 from network
...
OBS-URL: https://build.opensuse.org/request/show/1084720
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=166
2023-05-05 13:57:07 +00:00
153e613fe7
Accepting request 1084716 from home:fcrozat:branches:network
...
- Add _multibuild to define additional spec files as additional
flavors.
Eliminates the need for source package links in OBS.
- Add _multibuild to define additional spec files as additional
flavors.
Eliminates the need for source package links in OBS.
OBS-URL: https://build.opensuse.org/request/show/1084716
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=272
2023-05-04 13:49:47 +00:00
568cf45a3a
Accepting request 1074019 from network
...
OBS-URL: https://build.opensuse.org/request/show/1074019
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=165
2023-04-01 19:13:15 +00:00
defe642025
Accepting request 1073940 from home:dimstar:Factory
...
- Build mini flavor without keyutils support: breaks cycle between
krb5-mini and keyutils.
OBS-URL: https://build.opensuse.org/request/show/1073940
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=270
2023-03-23 17:15:10 +00:00
0cdb430f95
Accepting request 1069660 from network
...
OBS-URL: https://build.opensuse.org/request/show/1069660
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=164
2023-03-07 15:48:24 +00:00
b20663f691
Accepting request 1069134 from home:scabrero:bsc1208887
...
- Update 0007-SELinux-integration.patch for SELinux 3.5;
(bsc#1208887);
OBS-URL: https://build.opensuse.org/request/show/1069134
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=268
2023-03-06 14:30:02 +00:00
36c3697305
Accepting request 1069137 from network
...
Automatic submission by obs-autosubmit
OBS-URL: https://build.opensuse.org/request/show/1069137
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=163
2023-03-05 19:07:51 +00:00
92bd526339
Accepting request 1045519 from home:schubi2:pam_usr_etc
...
- Migration of PAM settings to /usr/lib/pam.d
OBS-URL: https://build.opensuse.org/request/show/1045519
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=266
2023-03-03 10:03:46 +00:00
182567aa89
Accepting request 1042851 from network
...
OBS-URL: https://build.opensuse.org/request/show/1042851
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=162
2022-12-16 16:50:43 +00:00
4effb4d3d3
Accepting request 1042600 from home:scabrero:branches:network
...
- Drop 0009-Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch,
already fixed in release 1.20.0
OBS-URL: https://build.opensuse.org/request/show/1042600
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=264
2022-12-14 09:47:16 +00:00
a12e1a505e
Accepting request 1036481 from network
...
OBS-URL: https://build.opensuse.org/request/show/1036481
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=161
2022-11-18 14:42:33 +00:00
3f2ff6bed8
Accepting request 1036182 from home:scabrero:branches:network
...
- Update to 1.20.1; (bsc#1205126); (CVE-2022-42898);
* Fix integer overflows in PAC parsing [CVE-2022-42898].
* Fix null deref in KDC when decoding invalid NDR.
* Fix memory leak in OTP kdcpreauth module.
* Fix PKCS11 module path search.
- Update to 1.20.1; (bsc#1205126); (CVE-2022-42898);
* Fix integer overflows in PAC parsing [CVE-2022-42898].
* Fix null deref in KDC when decoding invalid NDR.
* Fix memory leak in OTP kdcpreauth module.
* Fix PKCS11 module path search.
OBS-URL: https://build.opensuse.org/request/show/1036182
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=262
2022-11-17 16:22:59 +00:00
940fc6d15b
Accepting request 981266 from network
...
Automatic submission by obs-autosubmit
OBS-URL: https://build.opensuse.org/request/show/981266
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=160
2022-06-18 20:05:50 +00:00
0bc5c214f5
Accepting request 980314 from home:scabrero:branches:network
...
Align krb5-mini changelog and remove a couple of trailing white spaces
OBS-URL: https://build.opensuse.org/request/show/980314
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=260
2022-06-02 08:10:43 +00:00
913d6d7781
Accepting request 979732 from home:dirkmueller:Factory
...
- update to 1.20.0:
* Added a "disable_pac" realm relation to suppress adding PAC authdata
to tickets, for realms which do not need to support S4U requests.
* Most credential cache types will use atomic replacement when a cache
is reinitialized using kinit or refreshed from the client keytab.
* kprop can now propagate databases with a dump size larger than 4GB,
if both the client and server are upgraded.
* kprop can now work over NATs that change the destination IP address,
if the client is upgraded.
* Updated the KDB interface. The sign_authdata() method is replaced
with the issue_pac() method, allowing KDB modules to add logon info
and other buffers to the PAC issued by the KDC.
* Host-based initiator names are better supported in the GSS krb5
mechanism.
* Replaced AD-SIGNEDPATH authdata with minimal PACs.
* To avoid spurious replay errors, password change requests will not
be attempted over UDP until the attempt over TCP fails.
* PKINIT will sign its CMS messages with SHA-256 instead of SHA-1.
* Updated all code using OpenSSL to be compatible with OpenSSL 3.
* Reorganized the libk5crypto build system to allow the OpenSSL
back-end to pull in material from the builtin back-end depending on
the OpenSSL version.
* Simplified the PRNG logic to always use the platform PRNG.
* Converted the remaining Tcl tests to Python.
OBS-URL: https://build.opensuse.org/request/show/979732
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=259
2022-05-31 11:34:39 +00:00
b52582017d
Accepting request 970776 from network
...
OBS-URL: https://build.opensuse.org/request/show/970776
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=159
2022-04-23 17:44:51 +00:00
ebc5784a7d
Accepting request 967999 from home:dirkmueller:Factory
...
- update to 1.19.3 (bsc#1189929, CVE-2021-37750):
* Fix a denial of service attack against the KDC [CVE-2021-37750].
* Fix KDC null deref on TGS inner body null server
* Fix conformance issue in GSSAPI tests
OBS-URL: https://build.opensuse.org/request/show/967999
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=257
2022-04-19 12:10:56 +00:00
835704dab9
Accepting request 949613 from network
...
OBS-URL: https://build.opensuse.org/request/show/949613
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=158
2022-02-07 22:36:47 +00:00
9a1164f3ef
Accepting request 949610 from home:scabrero:branches:network
...
- Added hardening to systemd services; (bsc#1181400);
OBS-URL: https://build.opensuse.org/request/show/949610
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=256
2022-01-28 09:04:21 +00:00
cfdc077d12
Accepting request 949537 from home:dmulder:Bug1109830
...
- Resolve "Credential cache directory /run/user/0/krb5cc does not
exist while opening default credentials cache" by using a kernel
keyring instead of a dir cache; (bsc#1109830);
I'm not sure if manually modifying the krb5.conf from vendor-files is correct. Are these stored somewhere in a repository?
OBS-URL: https://build.opensuse.org/request/show/949537
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=255
2022-01-28 08:48:41 +00:00
b50150f4e5
Accepting request 922420 from network
...
OBS-URL: https://build.opensuse.org/request/show/922420
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=157
2021-09-30 21:43:26 +00:00
