From 7383de009bec0faac728b193ca00b3a6127c8ee082e1210abca19e7a8d761852 Mon Sep 17 00:00:00 2001 From: Samuel Cabrero Date: Tue, 31 May 2022 11:34:39 +0000 Subject: [PATCH] Accepting request 979732 from home:dirkmueller:Factory - update to 1.20.0: * Added a "disable_pac" realm relation to suppress adding PAC authdata to tickets, for realms which do not need to support S4U requests. * Most credential cache types will use atomic replacement when a cache is reinitialized using kinit or refreshed from the client keytab. * kprop can now propagate databases with a dump size larger than 4GB, if both the client and server are upgraded. * kprop can now work over NATs that change the destination IP address, if the client is upgraded. * Updated the KDB interface. The sign_authdata() method is replaced with the issue_pac() method, allowing KDB modules to add logon info and other buffers to the PAC issued by the KDC. * Host-based initiator names are better supported in the GSS krb5 mechanism. * Replaced AD-SIGNEDPATH authdata with minimal PACs. * To avoid spurious replay errors, password change requests will not be attempted over UDP until the attempt over TCP fails. * PKINIT will sign its CMS messages with SHA-256 instead of SHA-1. * Updated all code using OpenSSL to be compatible with OpenSSL 3. * Reorganized the libk5crypto build system to allow the OpenSSL back-end to pull in material from the builtin back-end depending on the OpenSSL version. * Simplified the PRNG logic to always use the platform PRNG. * Converted the remaining Tcl tests to Python. OBS-URL: https://build.opensuse.org/request/show/979732 OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=259 --- krb5-1.19.3.tar.gz | 3 --- krb5-1.19.3.tar.gz.asc | 16 ---------------- krb5-1.20.tar.gz | 3 +++ krb5-1.20.tar.gz.asc | 16 ++++++++++++++++ krb5-mini.spec | 6 +++--- krb5.changes | 28 ++++++++++++++++++++++++++++ krb5.spec | 6 +++--- 7 files changed, 53 insertions(+), 25 deletions(-) delete mode 100644 krb5-1.19.3.tar.gz delete mode 100644 krb5-1.19.3.tar.gz.asc create mode 100644 krb5-1.20.tar.gz create mode 100644 krb5-1.20.tar.gz.asc diff --git a/krb5-1.19.3.tar.gz b/krb5-1.19.3.tar.gz deleted file mode 100644 index fc23db2..0000000 --- a/krb5-1.19.3.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:56d04863cfddc9d9eb7af17556e043e3537d41c6e545610778676cf551b9dcd0 -size 8741343 diff --git a/krb5-1.19.3.tar.gz.asc b/krb5-1.19.3.tar.gz.asc deleted file mode 100644 index b40bfcb..0000000 --- a/krb5-1.19.3.tar.gz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEExEk8tzn0qJ+YUsvCDLoIV1+Dct8FAmIrr24ACgkQDLoIV1+D -ct+h+A//W9AfniKl4SAZ5OWmn+B/1ge7U7KWxVdn8yJtUTfKzBujPe6LLCMpsn/F -+ddq2Powml+lEQHhAJBgGogPJ6Fs+/Y7jmhskz/d2dU1lTWEAoTGxz6fGZnx4kei -yciPWYnQrvPLdgh2I3rQyt5VDe6pEo5xvFhzEDpQPkXXQGAXVVokcSz5tvoRI8xF -V/oKIXJ7iSpc/prcrirdC+vKe04E3PmX1Cjd5dAH97gzYGJMsouB3/8/PxzLBb3y -be4XeLLJA9FwjBeEx68nBal2o3p1Xkq24v3XMI62xqBZDrWtwJ5NkR1GZje2X00H -SAd1xI6ye+f+6mxje/hen7cqfN53/7l2j3fayoT+35F6OzmiXSf9TKO6P1HElA0t -qXOm5oMi9GK1mVRwek15pxCcLEFWrUGNGnILFrep4exxIAOPjgyVN1DolK6c3V3t -yCsRGwhZaN6rNuaHEibVpL4JG+3fEy8Ovb02pqqPP6LXc9/1b+EIAufWTpJtbQSy -3JvSmzFYHVJjaS+n0vsbMJtDsf+uuYy77liIh0LblId1xpU5pdLd7jy8qZ6jEt/J -8PX3C5oc4iKq8Z7epd8T3itD3ECPG5g+A7GU8kApAfgpY/GP1rvg1RSaalWRQP+x -dKY7eMHSHHhBjuC7EdzNIJWo8v311KWogcHkVfzmbx+6HT/iAgM= -=D86e ------END PGP SIGNATURE----- diff --git a/krb5-1.20.tar.gz b/krb5-1.20.tar.gz new file mode 100644 index 0000000..ba94426 --- /dev/null +++ b/krb5-1.20.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7e022bdd3c851830173f9faaa006a230a0e0fdad4c953e85bff4bf0da036e12f +size 8660756 diff --git a/krb5-1.20.tar.gz.asc b/krb5-1.20.tar.gz.asc new file mode 100644 index 0000000..3c411f0 --- /dev/null +++ b/krb5-1.20.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEExEk8tzn0qJ+YUsvCDLoIV1+Dct8FAmKO3iYACgkQDLoIV1+D +ct/OCxAAvGE7Qi/GMlft3t56wK4FwIwENHJ7cnDJw1tkah94zO3hytphYqvCMSu/ +9OnLOynuI/XEU518avHdk5eqWI0oe2XRLbAfXuXH0Uccyun2kP/H5Smvw2JVxiOO +O5DhhMXvjB/ifpfK3u12RFSBHEZsxV79eeVAgQV3LPyokceHH3uOeAlMPYAgzmnp +0drDTYIErmlxhUxGUWvVvckz5wOR8TXt4nKJ2+zixBeOYQu1WZ+WJLlc4nVG4e/I +3otns5aYPPbPMSDq3BZeaUCYqjxMJ0LgqFRZMJGAAeE9HR3tmxhfUMpAQnQgc/MZ +6Nf3rrCj5AETZ2CtiTcKoICEa6MDG4CYhGMIW9R+5eQke1Oq+V9NVu3RdaD0R4rq +snMYk69zF/QhiSOK3ulRm+t8RHAquDimpFlpMinl0DbK5h+A/kgfC7fyfxEHe1dj +H2vCj946LNS2OgqJ5WbV867Fk7+unP0AZ1cy3+hedODRjqNfcu1MuLhxs/e0eLy5 +MmBDSZtJc27IVEs1IUntBy14WuJt3csjGb0jzMnWrbDcjvWAGC5yV4b5HfvZvOt8 +E2HCVWMycTuNFZHgtITqvmb2tYOc9bSOYUCRp7clCn9vvFtAKKzZiGzUsnyshLqq +N6a1sTudU9otnIR52+K5v1rLlChS2UlIek0Nj6ejlTcTk9Go6aw= +=z5Ek +-----END PGP SIGNATURE----- diff --git a/krb5-mini.spec b/krb5-mini.spec index 409c8c8..f5b922c 100644 --- a/krb5-mini.spec +++ b/krb5-mini.spec @@ -24,13 +24,13 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: krb5-mini -Version: 1.19.3 +Version: 1.20 Release: 0 Summary: MIT Kerberos5 implementation and libraries with minimal dependencies License: MIT URL: https://kerberos.org/dist/ -Source0: https://kerberos.org/dist/krb5/1.19/krb5-%{version}.tar.gz -Source1: https://kerberos.org/dist/krb5/1.19/krb5-%{version}.tar.gz.asc +Source0: https://kerberos.org/dist/krb5/1.20/krb5-%{version}.tar.gz +Source1: https://kerberos.org/dist/krb5/1.20/krb5-%{version}.tar.gz.asc Source2: krb5.keyring Source3: vendor-files.tar.bz2 Source4: baselibs.conf diff --git a/krb5.changes b/krb5.changes index 6e56f61..c53303e 100644 --- a/krb5.changes +++ b/krb5.changes @@ -1,3 +1,31 @@ +------------------------------------------------------------------- +Sun May 29 19:14:02 UTC 2022 - Dirk Müller + +- update to 1.20.0: + * Added a "disable_pac" realm relation to suppress adding PAC authdata + to tickets, for realms which do not need to support S4U requests. + * Most credential cache types will use atomic replacement when a cache + is reinitialized using kinit or refreshed from the client keytab. + * kprop can now propagate databases with a dump size larger than 4GB, + if both the client and server are upgraded. + * kprop can now work over NATs that change the destination IP address, + if the client is upgraded. + * Updated the KDB interface. The sign_authdata() method is replaced + with the issue_pac() method, allowing KDB modules to add logon info + and other buffers to the PAC issued by the KDC. + * Host-based initiator names are better supported in the GSS krb5 + mechanism. + * Replaced AD-SIGNEDPATH authdata with minimal PACs. + * To avoid spurious replay errors, password change requests will not + be attempted over UDP until the attempt over TCP fails. + * PKINIT will sign its CMS messages with SHA-256 instead of SHA-1. + * Updated all code using OpenSSL to be compatible with OpenSSL 3. + * Reorganized the libk5crypto build system to allow the OpenSSL + back-end to pull in material from the builtin back-end depending on + the OpenSSL version. + * Simplified the PRNG logic to always use the platform PRNG. + * Converted the remaining Tcl tests to Python. + ------------------------------------------------------------------- Sat Apr 9 11:31:42 UTC 2022 - Dirk Müller diff --git a/krb5.spec b/krb5.spec index ad2c75d..4035ca4 100644 --- a/krb5.spec +++ b/krb5.spec @@ -21,13 +21,13 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: krb5 -Version: 1.19.3 +Version: 1.20 Release: 0 Summary: MIT Kerberos5 implementation License: MIT URL: https://kerberos.org/dist/ -Source0: https://kerberos.org/dist/krb5/1.19/krb5-%{version}.tar.gz -Source1: https://kerberos.org/dist/krb5/1.19/krb5-%{version}.tar.gz.asc +Source0: https://kerberos.org/dist/krb5/1.20/krb5-%{version}.tar.gz +Source1: https://kerberos.org/dist/krb5/1.20/krb5-%{version}.tar.gz.asc Source2: krb5.keyring Source3: vendor-files.tar.bz2 Source4: baselibs.conf