Accepting request 980314 from home:scabrero:branches:network
Align krb5-mini changelog and remove a couple of trailing white spaces OBS-URL: https://build.opensuse.org/request/show/980314 OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=260
This commit is contained in:
parent
7383de009b
commit
40f0f666d9
@ -1,3 +1,39 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Sun May 29 19:14:02 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
||||||
|
|
||||||
|
- update to 1.20.0:
|
||||||
|
* Added a "disable_pac" realm relation to suppress adding PAC authdata
|
||||||
|
to tickets, for realms which do not need to support S4U requests.
|
||||||
|
* Most credential cache types will use atomic replacement when a cache
|
||||||
|
is reinitialized using kinit or refreshed from the client keytab.
|
||||||
|
* kprop can now propagate databases with a dump size larger than 4GB,
|
||||||
|
if both the client and server are upgraded.
|
||||||
|
* kprop can now work over NATs that change the destination IP address,
|
||||||
|
if the client is upgraded.
|
||||||
|
* Updated the KDB interface. The sign_authdata() method is replaced
|
||||||
|
with the issue_pac() method, allowing KDB modules to add logon info
|
||||||
|
and other buffers to the PAC issued by the KDC.
|
||||||
|
* Host-based initiator names are better supported in the GSS krb5
|
||||||
|
mechanism.
|
||||||
|
* Replaced AD-SIGNEDPATH authdata with minimal PACs.
|
||||||
|
* To avoid spurious replay errors, password change requests will not
|
||||||
|
be attempted over UDP until the attempt over TCP fails.
|
||||||
|
* PKINIT will sign its CMS messages with SHA-256 instead of SHA-1.
|
||||||
|
* Updated all code using OpenSSL to be compatible with OpenSSL 3.
|
||||||
|
* Reorganized the libk5crypto build system to allow the OpenSSL
|
||||||
|
back-end to pull in material from the builtin back-end depending on
|
||||||
|
the OpenSSL version.
|
||||||
|
* Simplified the PRNG logic to always use the platform PRNG.
|
||||||
|
* Converted the remaining Tcl tests to Python.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Sat Apr 9 11:31:42 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
||||||
|
|
||||||
|
- update to 1.19.3 (bsc#1189929, CVE-2021-37750):
|
||||||
|
* Fix a denial of service attack against the KDC [CVE-2021-37750].
|
||||||
|
* Fix KDC null deref on TGS inner body null server
|
||||||
|
* Fix conformance issue in GSSAPI tests
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Jan 27 22:21:52 UTC 2022 - David Mulder <dmulder@suse.com>
|
Thu Jan 27 22:21:52 UTC 2022 - David Mulder <dmulder@suse.com>
|
||||||
|
|
||||||
|
@ -24,7 +24,7 @@ Sun May 29 19:14:02 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
|||||||
back-end to pull in material from the builtin back-end depending on
|
back-end to pull in material from the builtin back-end depending on
|
||||||
the OpenSSL version.
|
the OpenSSL version.
|
||||||
* Simplified the PRNG logic to always use the platform PRNG.
|
* Simplified the PRNG logic to always use the platform PRNG.
|
||||||
* Converted the remaining Tcl tests to Python.
|
* Converted the remaining Tcl tests to Python.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Sat Apr 9 11:31:42 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
Sat Apr 9 11:31:42 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
||||||
|
Loading…
Reference in New Issue
Block a user