Accepting request 980314 from home:scabrero:branches:network

Align krb5-mini changelog and remove a couple of trailing white spaces OBS-URL: https://build.opensuse.org/request/show/980314 OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=260
2022-06-02 08:10:43 +00:00 · 2022-06-02 08:10:43 +00:00 · 40f0f666d9
commit 40f0f666d9
parent 7383de009b
2 changed files with 37 additions and 1 deletions
--- a/krb5-mini.changes
+++ b/krb5-mini.changes
@ -1,3 +1,39 @@
+-------------------------------------------------------------------
+Sun May 29 19:14:02 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- update to 1.20.0:
+  * Added a "disable_pac" realm relation to suppress adding PAC authdata
+    to tickets, for realms which do not need to support S4U requests.
+  * Most credential cache types will use atomic replacement when a cache
+    is reinitialized using kinit or refreshed from the client keytab.
+  * kprop can now propagate databases with a dump size larger than 4GB,
+    if both the client and server are upgraded.
+  * kprop can now work over NATs that change the destination IP address,
+    if the client is upgraded.
+  * Updated the KDB interface.  The sign_authdata() method is replaced
+    with the issue_pac() method, allowing KDB modules to add logon info
+    and other buffers to the PAC issued by the KDC.
+  * Host-based initiator names are better supported in the GSS krb5
+    mechanism.
+  * Replaced AD-SIGNEDPATH authdata with minimal PACs.
+  * To avoid spurious replay errors, password change requests will not
+    be attempted over UDP until the attempt over TCP fails.
+  * PKINIT will sign its CMS messages with SHA-256 instead of SHA-1.
+  * Updated all code using OpenSSL to be compatible with OpenSSL 3.
+  * Reorganized the libk5crypto build system to allow the OpenSSL
+    back-end to pull in material from the builtin back-end depending on
+    the OpenSSL version.
+  * Simplified the PRNG logic to always use the platform PRNG.
+  * Converted the remaining Tcl tests to Python.
+
+-------------------------------------------------------------------
+Sat Apr  9 11:31:42 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- update to 1.19.3 (bsc#1189929, CVE-2021-37750):
+  * Fix a denial of service attack against the KDC [CVE-2021-37750].
+  * Fix KDC null deref on TGS inner body null server
+  * Fix conformance issue in GSSAPI tests
+
 -------------------------------------------------------------------
 Thu Jan 27 22:21:52 UTC 2022 - David Mulder <dmulder@suse.com>