9fd065daf9
- Update to 1.22.2 * Fix a SPNEGO packet parsing bug which could cause GSS mechanism negotiation failure. - Fix building with glibc 2.43; (bsc#1257257); Add patch 0010-Fix-strchr-conformance-to-C23.patch
Samuel Cabrero2026-02-23 10:04:14 +00:00
dc361a18fe
Accepting request 1330408 from network
Ana Guerrero2026-02-04 20:01:00 +00:00
087b5fa41f
Accepting request 1328893 from home:npower:branches:network
Samuel Cabrero2026-02-02 12:13:27 +00:00
8b32daee32
Remove unused old file 0010-CVE-2025-24528.patch
slfo-main
Noel Power
2026-01-26 15:26:03 +00:00
059debc8f0
Remove old unused file (from previous version)
Noel Power
2026-01-26 14:44:47 +00:00
796c8f1350
Update version to 1.22.1 (submitting also to network/krb5)
Noel Power
2026-01-22 14:46:06 +00:00
dc9e724c19
Accepting request 1321564 from network
Ana Guerrero2025-12-09 11:45:47 +00:00
50516cad9d
Accepting request 1320128 from home:scabrero:branches:network
Dirk Mueller2025-12-08 11:46:47 +00:00
0d56425bc9
Accepting request 1293371 from network
Ana Guerrero2025-07-17 15:17:37 +00:00
0bd0c5c224
Accepting request 1289991 from home:schubi2
Peter Varkoly2025-07-15 09:55:08 +00:00
f14e3cc06f
Accepting request 1271359 from network
Ana Guerrero2025-04-23 13:18:10 +00:00
b0da844498
Accepting request 1271200 from home:hsk17:branches:openSUSE:Factory:Staging:Gcc7
Marcus Meissner2025-04-22 09:10:07 +00:00
58028352ab
Accepting request 1243471 from network
Ana Guerrero2025-02-06 21:02:16 +00:00
0ad6437d0b
- Prevent overflow when calculating ulog block size. An authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash; (CVE-2025-24528); (bsc#1236619). - Add patch 0010-CVE-2025-24528.patch
Dirk Mueller2025-02-05 16:20:16 +00:00
295f0aa2b2
Accepting request 1241313 from home:scabrero:branches:network
Dirk Mueller2025-02-05 16:20:16 +00:00
3ee57d14de
Accepting request 1185764 from network
Ana Guerrero2024-07-08 17:06:50 +00:00
b0388a20f4
Accepting request 1185764 from network
Ana Guerrero2024-07-08 17:06:50 +00:00
193f91051e
- Update to 1.21.3 * Fix vulnerabilities in GSS message token handling: * CVE-2024-37370, bsc#1227186 * CVE-2024-37371, bsc#1227187 * Fix a potential bad pointer free in krb5_cccol_have_contents() * Fix a memory leak in the macOS ccache type - Update patch 0009-Fix-three-memory-leaks.patch
Dirk Mueller2024-07-04 07:20:48 +00:00
f27c7892d6
Accepting request 1184896 from home:scabrero:branches:network
Dirk Mueller2024-07-04 07:20:48 +00:00
09c6d1fd49
Accepting request 1175448 from network
Ana Guerrero2024-05-21 16:34:17 +00:00
6e2b17ae67
Accepting request 1175448 from network
Ana Guerrero2024-05-21 16:34:17 +00:00
5d6e2bca14
Accepting request 1174873 from home:scabrero:branches:network
Samuel Cabrero2024-05-21 07:32:21 +00:00
f05c3795bf
Accepting request 1174873 from home:scabrero:branches:network
Samuel Cabrero2024-05-21 07:32:21 +00:00
b85624a3ad
Accepting request 1173900 from network
Ana Guerrero2024-05-15 19:25:47 +00:00
0959d1f2d2
Accepting request 1173900 from network
Ana Guerrero2024-05-15 19:25:47 +00:00
0f79103832
Accepting request 1173687 from home:gladiac:branches:network
Samuel Cabrero2024-05-14 07:54:34 +00:00
c18272040b
Accepting request 1173687 from home:gladiac:branches:network
Samuel Cabrero2024-05-14 07:54:34 +00:00
ec33d02bf2
Accepting request 1171363 from network
Ana Guerrero2024-05-02 21:46:50 +00:00
b60245a7d2
Accepting request 1171363 from network
Ana Guerrero2024-05-02 21:46:50 +00:00
6402def7df
Accepting request 1171347 from home:kukuk:cleanup
Samuel Cabrero2024-05-02 13:10:43 +00:00
0efe12eee6
Accepting request 1171347 from home:kukuk:cleanup
Samuel Cabrero2024-05-02 13:10:43 +00:00
fd2ab2030e
Accepting request 1169845 from home:scabrero:branches:network
Dirk Mueller2024-05-01 05:54:37 +00:00
34eb3603a2
Accepting request 1169845 from home:scabrero:branches:network
Dirk Mueller2024-05-01 05:54:37 +00:00
06437f46c4
Accepting request 1156860 from network
Ana Guerrero2024-04-04 20:24:00 +00:00
3b56b9009e
Accepting request 1156860 from network
Ana Guerrero2024-04-04 20:24:00 +00:00
39ade0e594
Accepting request 1153219 from home:pmonrealgonzalez:branches:network
Samuel Cabrero2024-03-11 07:49:33 +00:00
fa4ab7b339
Accepting request 1153219 from home:pmonrealgonzalez:branches:network
Samuel Cabrero2024-03-11 07:49:33 +00:00
0303b6cb4c
Accepting request 1134351 from network
Ana Guerrero2023-12-21 22:37:52 +00:00
312e61556c
Accepting request 1134351 from network
Ana Guerrero2023-12-21 22:37:52 +00:00
12dcc60b0b
- update to 1.21.2 (bsc#1218211, CVE-2023-39975): * Fix double-free in KDC TGS processing [CVE-2023-39975]. - update to 1.21.1 (CVE-2023-36054): with Windows KDCs.
Dirk Mueller2023-12-20 23:21:24 +00:00
4426104a84
- update to 1.21.2 (bsc#1218211, CVE-2023-39975): * Fix double-free in KDC TGS processing [CVE-2023-39975]. - update to 1.21.1 (CVE-2023-36054): with Windows KDCs.
Dirk Mueller2023-12-20 23:21:24 +00:00
0f8352fed9
Accepting request 1114991 from network
Ana Guerrero2023-10-05 18:02:35 +00:00
6bf75e5dbb
Accepting request 1114991 from network
Ana Guerrero2023-10-05 18:02:35 +00:00
157057f8f8
Accepting request 1114983 from home:dimstar:Factory
Samuel Cabrero2023-10-03 12:17:40 +00:00
c77b1e477d
Accepting request 1114983 from home:dimstar:Factory
Samuel Cabrero2023-10-03 12:17:40 +00:00
01a27b5e5c
Accepting request 1098841 from network
Ana Guerrero2023-07-17 17:22:54 +00:00
3495417f04
Accepting request 1098841 from network
Ana Guerrero2023-07-17 17:22:54 +00:00
36feefeaf6
- update to 1.121.1 (CVE-2023-36054): * Fix potential uninitialized pointer free in kadm5 XDR parsing [CVE-2023-36054]. * Added a credential cache type providing compatibility with the macOS 11 native credential cache. * libkadm5 will use the provided krb5_context object to read configuration values, instead of creating its own. * Added an interface to retrieve the ticket session key from a GSS context. * The KDC will no longer issue tickets with RC4 or triple-DES session keys unless explicitly configured with the new allow_rc4 or allow_des3 variables respectively. * The KDC will assume that all services can handle aes256-sha1 session keys unless the service principal has a session_enctypes string attribute. * Support for PAC full KDC checksums has been added to mitigate an S4U2Proxy privilege escalation attack. * The PKINIT client will advertise a more modern set of supported CMS algorithms. * Removed unused code in libkrb5, libkrb5support, and the PKINIT module. * Modernized the KDC code for processing TGS requests, the code for encrypting and decrypting key data, the PAC handling code, and the GSS library packet parsing and composition code. * Improved the test framework's detection of memory errors in daemon processes when used with asan.
Dirk Mueller2023-07-15 18:25:31 +00:00
ddc533e05b
- update to 1.121.1 (CVE-2023-36054): * Fix potential uninitialized pointer free in kadm5 XDR parsing [CVE-2023-36054]. * Added a credential cache type providing compatibility with the macOS 11 native credential cache. * libkadm5 will use the provided krb5_context object to read configuration values, instead of creating its own. * Added an interface to retrieve the ticket session key from a GSS context. * The KDC will no longer issue tickets with RC4 or triple-DES session keys unless explicitly configured with the new allow_rc4 or allow_des3 variables respectively. * The KDC will assume that all services can handle aes256-sha1 session keys unless the service principal has a session_enctypes string attribute. * Support for PAC full KDC checksums has been added to mitigate an S4U2Proxy privilege escalation attack. * The PKINIT client will advertise a more modern set of supported CMS algorithms. * Removed unused code in libkrb5, libkrb5support, and the PKINIT module. * Modernized the KDC code for processing TGS requests, the code for encrypting and decrypting key data, the PAC handling code, and the GSS library packet parsing and composition code. * Improved the test framework's detection of memory errors in daemon processes when used with asan.
Dirk Mueller2023-07-15 18:25:31 +00:00
Ana Guerrero
Samuel Cabrero
Noel Power
Dirk Mueller
Peter Varkoly
Marcus Meissner
Dominique Leuenberger
Richard Brown