diff --git a/krb5-1.13.1.tar.gz b/krb5-1.13.1.tar.gz deleted file mode 100644 index 3b41f12..0000000 --- a/krb5-1.13.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:3516e89a884de2a2c7a38374f286c0e7244e4763b18ee04b986d3dbd1638460d -size 12087522 diff --git a/krb5-1.13.2.tar.gz b/krb5-1.13.2.tar.gz new file mode 100644 index 0000000..ceaf953 --- /dev/null +++ b/krb5-1.13.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0221413cd170aaf144668c00805004fc2809823dbdbd1d9f27f95e23b79a259e +size 12104946 diff --git a/krb5-mini.changes b/krb5-mini.changes index c7dc0ea..586d321 100644 --- a/krb5-mini.changes +++ b/krb5-mini.changes @@ -1,3 +1,38 @@ +------------------------------------------------------------------- +Tue May 12 07:48:18 UTC 2015 - michael@stroeder.com + +- update to krb5 1.13.2 + +- DES transition +============== + +The Data Encryption Standard (DES) is widely recognized as weak. The +krb5-1.7 release contains measures to encourage sites to migrate away +- From using single-DES cryptosystems. Among these is a configuration +variable that enables "weak" enctypes, which defaults to "false" +beginning with krb5-1.8. + + +Major changes in 1.13.2 (2015-05-08) +==================================== + +This is a bug fix release. + +* Fix a minor vulnerability in krb5_read_message, which is primarily + used in the BSD-derived kcmd suite of applications. [CVE-2014-5355] + +* Fix a bypass of requires_preauth in KDCs that have PKINIT enabled. + [CVE-2015-2694] + +* Fix some issues with the LDAP KDC database back end. + +* Fix an iteration-related memory leak in the DB2 KDC database back + end. + +* Fix issues with some less-used kadm5.acl functionality. + +* Improve documentation. + ------------------------------------------------------------------- Wed Feb 18 11:48:46 UTC 2015 - michael@stroeder.com diff --git a/krb5.changes b/krb5.changes index 19a67b6..ad77a25 100644 --- a/krb5.changes +++ b/krb5.changes @@ -1,3 +1,38 @@ +------------------------------------------------------------------- +Tue May 12 07:48:18 UTC 2015 - michael@stroeder.com + +- update to krb5 1.13.2 + +- DES transition +============== + +The Data Encryption Standard (DES) is widely recognized as weak. The +krb5-1.7 release contains measures to encourage sites to migrate away +- From using single-DES cryptosystems. Among these is a configuration +variable that enables "weak" enctypes, which defaults to "false" +beginning with krb5-1.8. + + +Major changes in 1.13.2 (2015-05-08) +==================================== + +This is a bug fix release. + +* Fix a minor vulnerability in krb5_read_message, which is primarily + used in the BSD-derived kcmd suite of applications. [CVE-2014-5355] + +* Fix a bypass of requires_preauth in KDCs that have PKINIT enabled. + [CVE-2015-2694] + +* Fix some issues with the LDAP KDC database back end. + +* Fix an iteration-related memory leak in the DB2 KDC database back + end. + +* Fix issues with some less-used kadm5.acl functionality. + +* Improve documentation. + ------------------------------------------------------------------- Thu Apr 23 14:13:03 UTC 2015 - hguo@suse.com diff --git a/krb5.spec b/krb5.spec index 2b728d8..dc2156c 100644 --- a/krb5.spec +++ b/krb5.spec @@ -17,7 +17,7 @@ %define build_mini 0 -%define srcRoot krb5-1.13.1 +%define srcRoot krb5-1.13.2 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ %define krb5docdir %{_defaultdocdir}/krb5 @@ -30,7 +30,7 @@ BuildRequires: keyutils-devel BuildRequires: libcom_err-devel BuildRequires: libselinux-devel BuildRequires: ncurses-devel -Version: 1.13.1 +Version: 1.13.2 Release: 0 Summary: MIT Kerberos5 Implementation--Libraries License: MIT