2017-12-07 16:44:48 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Dec 07 15:17:23 UTC 2017 - joerg.lorenzen@ki.tng.de
|
|
|
|
|
|
|
|
|
|
- Added Avoid_NULL_structure_pointer_member_dereference.patch,
|
|
|
|
|
fixes (bsc#1071675).
|
|
|
|
|
|
2017-08-03 22:53:12 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Aug 03 20:25:45 UTC 2017 - joerg.lorenzen@ki.tng.de
|
|
|
|
|
|
|
|
|
|
- Update to version 7.4.0
|
|
|
|
|
- Security
|
|
|
|
|
- Fix CVE-2017-11103: Orpheus' Lyre KDC-REP service name
|
|
|
|
|
validation.
|
|
|
|
|
This is a critical vulnerability.
|
|
|
|
|
In _krb5_extract_ticket() the KDC-REP service name must be
|
|
|
|
|
obtained from encrypted version stored in 'enc_part' instead
|
|
|
|
|
of the unencrypted version stored in 'ticket'.
|
|
|
|
|
Use of the unecrypted version provides an opportunity for
|
|
|
|
|
successful server impersonation and other attacks.
|
|
|
|
|
Identified by Jeffrey Altman, Viktor Duchovni and
|
|
|
|
|
Nico Williams.
|
|
|
|
|
See https://www.orpheus-lyre.info/ for more details.
|
|
|
|
|
- Fixed heimdal-patched.diff.
|
|
|
|
|
|
2017-06-15 23:06:08 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jun 15 20:52:17 UTC 2017 - joerg.lorenzen@ki.tng.de
|
|
|
|
|
|
|
|
|
|
- Update to version 7.3.0
|
|
|
|
|
- Security
|
|
|
|
|
+ Fix transit path validation. Commit f469fc6 (2010-10-02)
|
|
|
|
|
inadvertently caused the previous hop realm to not be added
|
|
|
|
|
to the transit path of issued tickets. This may, in some
|
|
|
|
|
cases, enable bypass of capath policy in Heimdal versions 1.5
|
|
|
|
|
through 7.2.
|
|
|
|
|
Note, this may break sites that rely on the bug. With the bug
|
|
|
|
|
some incomplete [capaths] worked, that should not have.
|
|
|
|
|
These may now break authentication in some cross-realm
|
|
|
|
|
configurations. (CVE-2017-6594)
|
|
|
|
|
- Version 7.2.0
|
|
|
|
|
- Bug fixes
|
|
|
|
|
+ Portability improvements.
|
|
|
|
|
+ More strict parsing of encoded URI components in HTTP KDC.
|
|
|
|
|
+ Fixed memory leak in malloc error recovery in NTLM GSSAPI
|
|
|
|
|
mechanism.
|
|
|
|
|
+ Avoid overly specific CPU info in krb5-config in aid of
|
|
|
|
|
reproducible builds.
|
|
|
|
|
+ Don't do AFS string-to-key tests when feature is disabled.
|
|
|
|
|
+ Skip mdb_stat test when the command is not available.
|
|
|
|
|
+ Windows: update SHA2 timestamp server.
|
|
|
|
|
+ hdb: add missing export
|
|
|
|
|
hdb_generate_key_set_password_with_ks_tuple.
|
|
|
|
|
+ Fix signature of hdb_generate_key_set_password().
|
|
|
|
|
+ Windows: enable KX509 support in the KDC.
|
|
|
|
|
+ kdc: fix kx509 service principal match.
|
|
|
|
|
+ iprop: handle case where master sends nothing new.
|
|
|
|
|
+ ipropd-slave: fix incorrect error codes.
|
|
|
|
|
+ Allow choice of sqlite for HDB pref.
|
|
|
|
|
+ check-iprop: don't fail to kill daemons.
|
|
|
|
|
+ roken: pidfile -> rk_pidfile.
|
|
|
|
|
+ kdc: _kdc_do_kx509 fix use after free error.
|
|
|
|
|
+ Do not detect x32 as 64-bit platform.
|
|
|
|
|
+ No sys/ttydefaults.h on CYGWIN.
|
|
|
|
|
+ Fix check-iprop races.
|
|
|
|
|
+ roken_detach_prep() close pipe.
|
|
|
|
|
- Fixed heimdal-patched.diff.
|
|
|
|
|
|
2017-02-02 09:34:18 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Feb 2 01:44:35 UTC 2017 - jengelh@inai.de
|
|
|
|
|
|
|
|
|
|
- Summary and RPM group update. Do a direct call to ldconfig
|
|
|
|
|
where possible.
|
|
|
|
|
|
2017-01-08 00:58:55 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat Jan 07 22:57:23 UTC 2017 - joerg.lorenzen@ki.tng.de
|
|
|
|
|
|
|
|
|
|
- Update to version 7.1.0
|
|
|
|
|
- Removed heimdal-version-script-client.map.patch, fixed upstream.
|
|
|
|
|
- Fixed heimdal-patched.diff.
|
|
|
|
|
- Unfortunately there is no updated changelog file in tarball,
|
|
|
|
|
changes can be seen in source code version control systems
|
|
|
|
|
history log.
|
|
|
|
|
|
2015-09-05 13:04:36 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat Sep 05 07:57:33 UTC 2015 - joerg.lorenzen@ki.tng.de
|
|
|
|
|
|
|
|
|
|
- Added a patched instead of the original tarball because only
|
|
|
|
|
shared libraries will be build and source files of these (not to
|
|
|
|
|
be build) programs have problematic licenses.
|
|
|
|
|
- Added script heimdal-patch-source.sh to sources.
|
|
|
|
|
- Added patch heimdal-patched.diff that fixes configure.ac and
|
|
|
|
|
several Makefile.am files to successfully build patched source.
|
|
|
|
|
- Removed unneeded dependencies in spec file for build.
|
|
|
|
|
|
2015-09-02 10:52:27 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Sep 02 08:04:33 UTC 2015 - joerg.lorenzen@ki.tng.de
|
|
|
|
|
|
|
|
|
|
- Added Conflicts tags to spec file because devel package conflicts
|
|
|
|
|
with krb5-devel and krb5-mini-devel.
|
|
|
|
|
|
2015-09-01 23:47:16 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Sep 01 21:03:13 UTC 2015 - joerg.lorenzen@ki.tng.de
|
|
|
|
|
|
|
|
|
|
- Some changes in spec file to enable build for SLES.
|
|
|
|
|
|
2015-09-01 13:03:52 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun Aug 30 11:20:03 UTC 2015 - joerg.lorenzen@ki.tng.de
|
|
|
|
|
|
|
|
|
|
- Initial package, version 1.6rc2
|
|
|
|
|
- Added patch heimdal-version-script-client.map.patch to add file
|
|
|
|
|
version-script-client.map (File is present in git for tag 1.6rc2
|
|
|
|
|
but missing in tarball).
|
