copying over some changelog texts from SLE package:
- bug#918595 owned by varkoly@suse.com: VUL-0: CVE-2014-5355
krb5: denial of service in krb5_read_message
- bug#912002 owned by varkoly@suse.com: VUL-0
CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423:
krb5: Vulnerabilities in kadmind, libgssrpc, gss_process_context_token
- bug#910458 owned by varkoly@suse.com: VUL-1
CVE-2014-5354: krb5: NULL pointer dereference when using keyless entries
- bug#928978 owned by varkoly@suse.com: VUL-0
CVE-2015-2694: krb5: issues in OTP and PKINIT kdcpreauth modules leading
to requires_preauth bypass
- bug#910457 owned by varkoly@suse.com: VUL-1
CVE-2014-5353: krb5: NULL pointer dereference when using a ticket policy
name as a password policy name
- bug#991088 owned by hguo@suse.com: VUL-1
CVE-2016-3120: krb5: S4U2Self KDC crash when anon is restricted
- bug#992853 owned by hguo@suse.com: krb5: bogus prerequires
- [fate#320326](https://fate.suse.com/320326)
- bug#982313 owned by pgajdos@suse.com: Doxygen unable to resolve reference
from \cite
- There is no change made about the package itself, this is only
copying over some changelog texts from SLE package:
- bug#918595 owned by varkoly@suse.com: VUL-0: CVE-2014-5355
krb5: denial of service in krb5_read_message
- bug#912002 owned by varkoly@suse.com: VUL-0
CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423:
krb5: Vulnerabilities in kadmind, libgssrpc, gss_process_context_token
- bug#910458 owned by varkoly@suse.com: VUL-1
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=191
This is a new source code upload with the krb5.keyring updated
The keyring missed Greg Hudson his gpg signature:
C4493CB739F4A89F9852CBC20CBA08575F8372DF
The command to create the keyring is:
gpg2 --export --export-options export-minimal \
2C732B1C0DBEF678AB3AF606A32F17FD0055C305 \
C4493CB739F4A89F9852CBC20CBA08575F8372DF > krb5.keyring
OBS-URL: https://build.opensuse.org/request/show/478007
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=185
- Remove source file ccapi/common/win/OldCC/autolock.hxx
that is not needed and does not carry an acceptable license.
(bsc#968111)
------------------------------------------------------------------
- Remove source file ccapi/common/win/OldCC/autolock.hxx
that is not needed and does not carry an acceptable license.
(bsc#968111)
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=168
- Fix CVE-2015-8629: krb5: xdr_nullstring() doesn't check for terminating null character
with patch 0104-Verify-decoded-kadmin-C-strings-CVE-2015-8629.patch
(bsc#963968)
- Fix CVE-2015-8631: krb5: Memory leak caused by supplying a null principal name in request
with patch 0105-Fix-leaks-in-kadmin-server-stubs-CVE-2015-8631.patch
(bsc#963975)
- Fix CVE-2015-8630: krb5: krb5 doesn't check for null policy when KADM5_POLICY is set in the mask
with patch 0106-Check-for-null-kadm5-policy-name-CVE-2015-8630.patch
(bsc#963964)
OBS-URL: https://build.opensuse.org/request/show/357309
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=158
* Add support for doing unlocked database dumps for the DB2 KDC back end,
* krb5-1.7-doublelog.patch
- Work around replay cache creation race; (bnc#898439).
krb5-1.13-work-around-replay-cache-creation-race.patch
- bnc#897874 CVE-2014-5351: krb5: current keys returned when randomizing the keys for a service principal
- added patches:
* bnc#897874-CVE-2014-5351.diff
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=141
krb5-1.12-CVE-2014-4341-CVE-2014-4342.patch
- start krb5kdc after slapd (bnc#886102)
- obsolete krb5-plugin-preauth-pkinit-nss (bnc#881674)
similar functionality is provided by krb5-plugin-preauth-pkinit
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=121
* Make KDC log service principal names more consistently during
some error conditions, instead of "<unknown server>"
* Fix several bugs related to building AES-NI support on less
common configurations
* Fix several bugs related to keyring credential caches
- upstream obsoletes:
krb5-1.12-copy_context.patch
krb5-1.12-enable-NX.patch
krb5-1.12-pic-aes-ni.patch
krb5-master-no-malloc0.patch
krb5-master-ignore-empty-unnecessary-final-token.patch
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=117
- update to version 1.12
* Add GSSAPI extensions for constructing MIC tokens using IOV lists
* Add a FAST OTP preauthentication module for the KDC which uses
RADIUS to validate OTP token values.
* The AES-based encryption types will use AES-NI instructions
when possible for improved performance.
- revert dependency on libcom_err-mini-devel since it's not yet
available
- update and rebase patches
OBS-URL: https://build.opensuse.org/request/show/213903
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=114
