Accepting request 306592 from home:stroeder:branches:network

update to 1.13.2 OBS-URL: https://build.opensuse.org/request/show/306592 OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=139
2015-05-13 19:25:01 +00:00 · 2015-05-13 19:25:01 +00:00 · 71a09ab035
commit 71a09ab035
parent 24de3e2bab
5 changed files with 75 additions and 5 deletions
--- a/krb5-1.13.1.tar.gz
+++ b/krb5-1.13.1.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:3516e89a884de2a2c7a38374f286c0e7244e4763b18ee04b986d3dbd1638460d
-size 12087522
--- a/krb5-1.13.2.tar.gz
+++ b/krb5-1.13.2.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0221413cd170aaf144668c00805004fc2809823dbdbd1d9f27f95e23b79a259e
+size 12104946
--- a/krb5-mini.changes
+++ b/krb5-mini.changes
@ -1,3 +1,38 @@
+-------------------------------------------------------------------
+Tue May 12 07:48:18 UTC 2015 - michael@stroeder.com
+
+- update to krb5 1.13.2
+
+- DES transition
+==============
+
+The Data Encryption Standard (DES) is widely recognized as weak.  The
+krb5-1.7 release contains measures to encourage sites to migrate away
+- From using single-DES cryptosystems.  Among these is a configuration
+variable that enables "weak" enctypes, which defaults to "false"
+beginning with krb5-1.8.
+
+
+Major changes in 1.13.2 (2015-05-08)
+====================================
+
+This is a bug fix release.
+
+* Fix a minor vulnerability in krb5_read_message, which is primarily
+  used in the BSD-derived kcmd suite of applications.  [CVE-2014-5355]
+
+* Fix a bypass of requires_preauth in KDCs that have PKINIT enabled.
+  [CVE-2015-2694]
+
+* Fix some issues with the LDAP KDC database back end.
+
+* Fix an iteration-related memory leak in the DB2 KDC database back
+  end.
+
+* Fix issues with some less-used kadm5.acl functionality.
+
+* Improve documentation.
+
 -------------------------------------------------------------------
 Wed Feb 18 11:48:46 UTC 2015 - michael@stroeder.com

--- a/krb5.changes
+++ b/krb5.changes
@ -1,3 +1,38 @@
+-------------------------------------------------------------------
+Tue May 12 07:48:18 UTC 2015 - michael@stroeder.com
+
+- update to krb5 1.13.2
+
+- DES transition
+==============
+
+The Data Encryption Standard (DES) is widely recognized as weak.  The
+krb5-1.7 release contains measures to encourage sites to migrate away
+- From using single-DES cryptosystems.  Among these is a configuration
+variable that enables "weak" enctypes, which defaults to "false"
+beginning with krb5-1.8.
+
+
+Major changes in 1.13.2 (2015-05-08)
+====================================
+
+This is a bug fix release.
+
+* Fix a minor vulnerability in krb5_read_message, which is primarily
+  used in the BSD-derived kcmd suite of applications.  [CVE-2014-5355]
+
+* Fix a bypass of requires_preauth in KDCs that have PKINIT enabled.
+  [CVE-2015-2694]
+
+* Fix some issues with the LDAP KDC database back end.
+
+* Fix an iteration-related memory leak in the DB2 KDC database back
+  end.
+
+* Fix issues with some less-used kadm5.acl functionality.
+
+* Improve documentation.
+
 -------------------------------------------------------------------
 Thu Apr 23 14:13:03 UTC 2015 - hguo@suse.com

--- a/krb5.spec
+++ b/krb5.spec
@ -17,7 +17,7 @@


 %define build_mini 0
-%define srcRoot krb5-1.13.1
+%define srcRoot krb5-1.13.2
 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/
 %define krb5docdir  %{_defaultdocdir}/krb5

@ -30,7 +30,7 @@ BuildRequires:  keyutils-devel
 BuildRequires:  libcom_err-devel
 BuildRequires:  libselinux-devel
 BuildRequires:  ncurses-devel
-Version:        1.13.1
+Version:        1.13.2
 Release:        0
 Summary:        MIT Kerberos5 Implementation--Libraries
 License:        MIT