- add post 1.8 fixes

* Add IPv6 support to changepw.c * fix two problems in kadm5_get_principal mask handling * Ignore improperly encoded signedpath AD elements * handle NT_SRV_INST in service principal referrals * dereference options while checking KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT * Fix the kpasswd fallback from the ccache principal name * Document the ticket_lifetime libdefaults setting * Change KRB5_AUTHDATA_SIGNTICKET from 142 to 512 OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=13
2010-03-23 11:40:55 +00:00
parent 2e036bfdfd
commit f9e6d882fd
26 changed files with 572 additions and 977 deletions
--- a/krb5.changes
+++ b/krb5.changes
@@ -1,11 +1,43 @@
 -------------------------------------------------------------------
-Thu Jan  7 11:45:14 CET 2010 - mc@suse.de
+Tue Mar 23 12:33:26 CET 2010 - mc@suse.de

+- add post 1.8 fixes
+  * Add IPv6 support to changepw.c
+  * fix two problems in kadm5_get_principal mask handling 
+  * Ignore improperly encoded signedpath AD elements
+  * handle NT_SRV_INST in service principal referrals
+  * dereference options while checking 
+    KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT
+  * Fix the kpasswd fallback from the ccache principal name
+  * Document the ticket_lifetime libdefaults setting
+  * Change KRB5_AUTHDATA_SIGNTICKET from 142 to 512
+
+-------------------------------------------------------------------
+Thu Mar  4 10:42:29 CET 2010 - mc@suse.de
+
+- update to version 1.8
+  * Increase code quality 
+  * Move toward improved KDB interface
+  * Investigate and remedy repeatedly-reported performance 
+    bottlenecks.
+  * Reduce DNS dependence by implementing an interface that allows
+    client library to track whether a KDC supports service 
+    principal referrals.
+  * Disable DES by default 
+  * Account lockout for repeated login failures
+  * Bridge layer to allow Heimdal HDB modules to act as KDB 
+    backend modules
+  * FAST enhancements
+  * Microsoft Services for User (S4U) compatibility
+  * Anonymous PKINIT
+- fix KDC denial of service
+  CVE-2010-0283, MITKRB5-SA-2010-001 (bnc#571781)
 - fix KDC denial of service in cross-realm referral processing
  CVE-2009-3295, MITKRB5-SA-2009-003 (bnc#561347)
 - fix integer underflow in AES and RC4 decryption
-  CVE-2009-4212, MITKRB5-SA-2009-004 (bnc#561351) 
-
+  CVE-2009-4212, MITKRB5-SA-2009-004 (bnc#561351)
+- moved krb5 applications (telnet, ftp, rlogin, ...) to krb5-appl
+ 
 -------------------------------------------------------------------
 Mon Dec 14 16:32:01 CET 2009 - jengelh@medozas.de