SHA256
1
0
forked from pool/krb5

Accepting request 980314 from home:scabrero:branches:network

Align krb5-mini changelog and remove a couple of trailing white spaces

OBS-URL: https://build.opensuse.org/request/show/980314
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=260
This commit is contained in:
Dirk Mueller 2022-06-02 08:10:43 +00:00 committed by Git OBS Bridge
parent 7383de009b
commit 40f0f666d9
2 changed files with 37 additions and 1 deletions

View File

@ -1,3 +1,39 @@
-------------------------------------------------------------------
Sun May 29 19:14:02 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 1.20.0:
* Added a "disable_pac" realm relation to suppress adding PAC authdata
to tickets, for realms which do not need to support S4U requests.
* Most credential cache types will use atomic replacement when a cache
is reinitialized using kinit or refreshed from the client keytab.
* kprop can now propagate databases with a dump size larger than 4GB,
if both the client and server are upgraded.
* kprop can now work over NATs that change the destination IP address,
if the client is upgraded.
* Updated the KDB interface. The sign_authdata() method is replaced
with the issue_pac() method, allowing KDB modules to add logon info
and other buffers to the PAC issued by the KDC.
* Host-based initiator names are better supported in the GSS krb5
mechanism.
* Replaced AD-SIGNEDPATH authdata with minimal PACs.
* To avoid spurious replay errors, password change requests will not
be attempted over UDP until the attempt over TCP fails.
* PKINIT will sign its CMS messages with SHA-256 instead of SHA-1.
* Updated all code using OpenSSL to be compatible with OpenSSL 3.
* Reorganized the libk5crypto build system to allow the OpenSSL
back-end to pull in material from the builtin back-end depending on
the OpenSSL version.
* Simplified the PRNG logic to always use the platform PRNG.
* Converted the remaining Tcl tests to Python.
-------------------------------------------------------------------
Sat Apr 9 11:31:42 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 1.19.3 (bsc#1189929, CVE-2021-37750):
* Fix a denial of service attack against the KDC [CVE-2021-37750].
* Fix KDC null deref on TGS inner body null server
* Fix conformance issue in GSSAPI tests
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Jan 27 22:21:52 UTC 2022 - David Mulder <dmulder@suse.com> Thu Jan 27 22:21:52 UTC 2022 - David Mulder <dmulder@suse.com>

View File

@ -24,7 +24,7 @@ Sun May 29 19:14:02 UTC 2022 - Dirk Müller <dmueller@suse.com>
back-end to pull in material from the builtin back-end depending on back-end to pull in material from the builtin back-end depending on
the OpenSSL version. the OpenSSL version.
* Simplified the PRNG logic to always use the platform PRNG. * Simplified the PRNG logic to always use the platform PRNG.
* Converted the remaining Tcl tests to Python. * Converted the remaining Tcl tests to Python.
------------------------------------------------------------------- -------------------------------------------------------------------
Sat Apr 9 11:31:42 UTC 2022 - Dirk Müller <dmueller@suse.com> Sat Apr 9 11:31:42 UTC 2022 - Dirk Müller <dmueller@suse.com>