Ana Guerrero
3ee57d14de
Accepting request 1185764 from network
...
- Update to 1.21.3
* Fix vulnerabilities in GSS message token handling:
* CVE-2024-37370, bsc#1227186
* CVE-2024-37371, bsc#1227187
* Fix a potential bad pointer free in krb5_cccol_have_contents()
* Fix a memory leak in the macOS ccache type
- Update patch 0009-Fix-three-memory-leaks.patch
- Fix memory leaks, add patch 0009-Fix-three-memory-leaks.patch
* CVE-2024-26458, bsc#1220770
* CVE-2024-26461, bsc#1220771
* CVE-2024-26462, bsc#1220772
- Update to 1.21.3
* Fix vulnerabilities in GSS message token handling:
* CVE-2024-37370, bsc#1227186
* CVE-2024-37371, bsc#1227187
* Fix a potential bad pointer free in krb5_cccol_have_contents()
* Fix a memory leak in the macOS ccache type
- Update patch 0009-Fix-three-memory-leaks.patch
OBS-URL: https://build.opensuse.org/request/show/1185764
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=174
2024-07-08 17:06:50 +00:00
193f91051e
- Update to 1.21.3
...
* Fix vulnerabilities in GSS message token handling:
* CVE-2024-37370, bsc#1227186
* CVE-2024-37371, bsc#1227187
* Fix a potential bad pointer free in krb5_cccol_have_contents()
* Fix a memory leak in the macOS ccache type
- Update patch 0009-Fix-three-memory-leaks.patch
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=289
2024-07-04 07:20:48 +00:00
Ana Guerrero
09c6d1fd49
Accepting request 1175448 from network
...
OBS-URL: https://build.opensuse.org/request/show/1175448
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=173
2024-05-21 16:34:17 +00:00
5d6e2bca14
Accepting request 1174873 from home:scabrero:branches:network
...
[CVE-2023-36054]; (bsc#1214054).
OBS-URL: https://build.opensuse.org/request/show/1174873
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=287
2024-05-21 07:32:21 +00:00
Ana Guerrero
b85624a3ad
Accepting request 1173900 from network
...
OBS-URL: https://build.opensuse.org/request/show/1173900
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=172
2024-05-15 19:25:47 +00:00
0f79103832
Accepting request 1173687 from home:gladiac:branches:network
...
- Enable the LMDB backend for KDB
OBS-URL: https://build.opensuse.org/request/show/1173687
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=285
2024-05-14 07:54:34 +00:00
Ana Guerrero
ec33d02bf2
Accepting request 1171363 from network
...
OBS-URL: https://build.opensuse.org/request/show/1171363
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=171
2024-05-02 21:46:50 +00:00
6402def7df
Accepting request 1171347 from home:kukuk:cleanup
...
- Remove requires for not used cron
OBS-URL: https://build.opensuse.org/request/show/1171347
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=283
2024-05-02 13:10:43 +00:00
fd2ab2030e
Accepting request 1169845 from home:scabrero:branches:network
...
- Fix memory leaks, add patch 0009-Fix-three-memory-leaks.patch
* CVE-2024-26458, bsc#1220770
* CVE-2024-26461, bsc#1220771
* CVE-2024-26462, bsc#1220772
OBS-URL: https://build.opensuse.org/request/show/1169845
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=282
2024-05-01 05:54:37 +00:00
Ana Guerrero
06437f46c4
Accepting request 1156860 from network
...
OBS-URL: https://build.opensuse.org/request/show/1156860
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=170
2024-04-04 20:24:00 +00:00
39ade0e594
Accepting request 1153219 from home:pmonrealgonzalez:branches:network
...
- Add crypto-policies support [bsc#1211301]
* Update krb5.conf in vendor-files.tar.bz2
- Add crypto-policies support [bsc#1211301]
* Update krb5.conf in vendor-files.tar.bz2
OBS-URL: https://build.opensuse.org/request/show/1153219
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=280
2024-03-11 07:49:33 +00:00
Ana Guerrero
0303b6cb4c
Accepting request 1134351 from network
...
- update to 1.21.2 (bsc#1218211, CVE-2023-39975):
* Fix double-free in KDC TGS processing [CVE-2023-39975].
- update to 1.21.1 (CVE-2023-36054):
with Windows KDCs.
OBS-URL: https://build.opensuse.org/request/show/1134351
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=169
2023-12-21 22:37:52 +00:00
12dcc60b0b
- update to 1.21.2 (bsc#1218211, CVE-2023-39975):
...
* Fix double-free in KDC TGS processing [CVE-2023-39975].
- update to 1.21.1 (CVE-2023-36054):
with Windows KDCs.
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=278
2023-12-20 23:21:24 +00:00
Ana Guerrero
0f8352fed9
Accepting request 1114991 from network
...
OBS-URL: https://build.opensuse.org/request/show/1114991
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=168
2023-10-05 18:02:35 +00:00
157057f8f8
Accepting request 1114983 from home:dimstar:Factory
...
- Add explicit this-is-only-for-build-envs requires to krb5-mini
and krb5-mini-devel: the mini flavors are currently excluded
using special hacks from the FTP Tree. In order to eliminate this
hack, we need to ensure the packages are not viable for real
installations. We achieve this with a dep that is never provided,
but ignored by OBS.
OBS-URL: https://build.opensuse.org/request/show/1114983
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=276
2023-10-03 12:17:40 +00:00
Ana Guerrero
01a27b5e5c
Accepting request 1098841 from network
...
- update to 1.121.1 (CVE-2023-36054):
* Fix potential uninitialized pointer free in kadm5 XDR parsing
[CVE-2023-36054].
* Added a credential cache type providing compatibility with
the macOS 11 native credential cache.
* libkadm5 will use the provided krb5_context object to read
configuration values, instead of creating its own.
* Added an interface to retrieve the ticket session key
from a GSS context.
* The KDC will no longer issue tickets with RC4 or triple-DES
session keys unless explicitly configured with the new
allow_rc4 or allow_des3 variables respectively.
* The KDC will assume that all services can handle aes256-sha1
session keys unless the service principal has a
session_enctypes string attribute.
* Support for PAC full KDC checksums has been added to
mitigate an S4U2Proxy privilege escalation attack.
* The PKINIT client will advertise a more modern set
of supported CMS algorithms.
* Removed unused code in libkrb5, libkrb5support,
and the PKINIT module.
* Modernized the KDC code for processing TGS requests,
the code for encrypting and decrypting key data,
the PAC handling code, and the GSS library packet
parsing and composition code.
* Improved the test framework's detection of memory
errors in daemon processes when used with asan.
OBS-URL: https://build.opensuse.org/request/show/1098841
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=167
2023-07-17 17:22:54 +00:00
36feefeaf6
- update to 1.121.1 (CVE-2023-36054):
...
* Fix potential uninitialized pointer free in kadm5 XDR parsing
[CVE-2023-36054].
* Added a credential cache type providing compatibility with
the macOS 11 native credential cache.
* libkadm5 will use the provided krb5_context object to read
configuration values, instead of creating its own.
* Added an interface to retrieve the ticket session key
from a GSS context.
* The KDC will no longer issue tickets with RC4 or triple-DES
session keys unless explicitly configured with the new
allow_rc4 or allow_des3 variables respectively.
* The KDC will assume that all services can handle aes256-sha1
session keys unless the service principal has a
session_enctypes string attribute.
* Support for PAC full KDC checksums has been added to
mitigate an S4U2Proxy privilege escalation attack.
* The PKINIT client will advertise a more modern set
of supported CMS algorithms.
* Removed unused code in libkrb5, libkrb5support,
and the PKINIT module.
* Modernized the KDC code for processing TGS requests,
the code for encrypting and decrypting key data,
the PAC handling code, and the GSS library packet
parsing and composition code.
* Improved the test framework's detection of memory
errors in daemon processes when used with asan.
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=274
2023-07-15 18:25:31 +00:00
Dominique Leuenberger
4a71926b1b
Accepting request 1084720 from network
...
OBS-URL: https://build.opensuse.org/request/show/1084720
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=166
2023-05-05 13:57:07 +00:00
9b19498eb9
Accepting request 1084716 from home:fcrozat:branches:network
...
- Add _multibuild to define additional spec files as additional
flavors.
Eliminates the need for source package links in OBS.
- Add _multibuild to define additional spec files as additional
flavors.
Eliminates the need for source package links in OBS.
OBS-URL: https://build.opensuse.org/request/show/1084716
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=272
2023-05-04 13:49:47 +00:00
Dominique Leuenberger
e1286c714b
Accepting request 1074019 from network
...
OBS-URL: https://build.opensuse.org/request/show/1074019
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=165
2023-04-01 19:13:15 +00:00
bed174ccde
Accepting request 1073940 from home:dimstar:Factory
...
- Build mini flavor without keyutils support: breaks cycle between
krb5-mini and keyutils.
OBS-URL: https://build.opensuse.org/request/show/1073940
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=270
2023-03-23 17:15:10 +00:00
Dominique Leuenberger
cde206b112
Accepting request 1069660 from network
...
OBS-URL: https://build.opensuse.org/request/show/1069660
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=164
2023-03-07 15:48:24 +00:00
2d89800a45
Accepting request 1069134 from home:scabrero:bsc1208887
...
- Update 0007-SELinux-integration.patch for SELinux 3.5;
(bsc#1208887);
OBS-URL: https://build.opensuse.org/request/show/1069134
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=268
2023-03-06 14:30:02 +00:00
Dominique Leuenberger
12c583dafc
Accepting request 1069137 from network
...
Automatic submission by obs-autosubmit
OBS-URL: https://build.opensuse.org/request/show/1069137
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=163
2023-03-05 19:07:51 +00:00
ae967cda93
Accepting request 1045519 from home:schubi2:pam_usr_etc
...
- Migration of PAM settings to /usr/lib/pam.d
OBS-URL: https://build.opensuse.org/request/show/1045519
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=266
2023-03-03 10:03:46 +00:00
Dominique Leuenberger
040abea7ab
Accepting request 1042851 from network
...
OBS-URL: https://build.opensuse.org/request/show/1042851
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=162
2022-12-16 16:50:43 +00:00
83fc4d39c0
Accepting request 1042600 from home:scabrero:branches:network
...
- Drop 0009-Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch,
already fixed in release 1.20.0
OBS-URL: https://build.opensuse.org/request/show/1042600
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=264
2022-12-14 09:47:16 +00:00
Dominique Leuenberger
b5b0a704c9
Accepting request 1036481 from network
...
OBS-URL: https://build.opensuse.org/request/show/1036481
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=161
2022-11-18 14:42:33 +00:00
6580e8c91a
Accepting request 1036182 from home:scabrero:branches:network
...
- Update to 1.20.1; (bsc#1205126); (CVE-2022-42898);
* Fix integer overflows in PAC parsing [CVE-2022-42898].
* Fix null deref in KDC when decoding invalid NDR.
* Fix memory leak in OTP kdcpreauth module.
* Fix PKCS11 module path search.
- Update to 1.20.1; (bsc#1205126); (CVE-2022-42898);
* Fix integer overflows in PAC parsing [CVE-2022-42898].
* Fix null deref in KDC when decoding invalid NDR.
* Fix memory leak in OTP kdcpreauth module.
* Fix PKCS11 module path search.
OBS-URL: https://build.opensuse.org/request/show/1036182
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=262
2022-11-17 16:22:59 +00:00
Dominique Leuenberger
a6457936b4
Accepting request 981266 from network
...
Automatic submission by obs-autosubmit
OBS-URL: https://build.opensuse.org/request/show/981266
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=160
2022-06-18 20:05:50 +00:00
40f0f666d9
Accepting request 980314 from home:scabrero:branches:network
...
Align krb5-mini changelog and remove a couple of trailing white spaces
OBS-URL: https://build.opensuse.org/request/show/980314
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=260
2022-06-02 08:10:43 +00:00
7383de009b
Accepting request 979732 from home:dirkmueller:Factory
...
- update to 1.20.0:
* Added a "disable_pac" realm relation to suppress adding PAC authdata
to tickets, for realms which do not need to support S4U requests.
* Most credential cache types will use atomic replacement when a cache
is reinitialized using kinit or refreshed from the client keytab.
* kprop can now propagate databases with a dump size larger than 4GB,
if both the client and server are upgraded.
* kprop can now work over NATs that change the destination IP address,
if the client is upgraded.
* Updated the KDB interface. The sign_authdata() method is replaced
with the issue_pac() method, allowing KDB modules to add logon info
and other buffers to the PAC issued by the KDC.
* Host-based initiator names are better supported in the GSS krb5
mechanism.
* Replaced AD-SIGNEDPATH authdata with minimal PACs.
* To avoid spurious replay errors, password change requests will not
be attempted over UDP until the attempt over TCP fails.
* PKINIT will sign its CMS messages with SHA-256 instead of SHA-1.
* Updated all code using OpenSSL to be compatible with OpenSSL 3.
* Reorganized the libk5crypto build system to allow the OpenSSL
back-end to pull in material from the builtin back-end depending on
the OpenSSL version.
* Simplified the PRNG logic to always use the platform PRNG.
* Converted the remaining Tcl tests to Python.
OBS-URL: https://build.opensuse.org/request/show/979732
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=259
2022-05-31 11:34:39 +00:00
Dominique Leuenberger
5bc3270864
Accepting request 970776 from network
...
OBS-URL: https://build.opensuse.org/request/show/970776
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=159
2022-04-23 17:44:51 +00:00
ff3493d16b
Accepting request 967999 from home:dirkmueller:Factory
...
- update to 1.19.3 (bsc#1189929, CVE-2021-37750):
* Fix a denial of service attack against the KDC [CVE-2021-37750].
* Fix KDC null deref on TGS inner body null server
* Fix conformance issue in GSSAPI tests
OBS-URL: https://build.opensuse.org/request/show/967999
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=257
2022-04-19 12:10:56 +00:00
Dominique Leuenberger
75d2ffca36
Accepting request 949613 from network
...
OBS-URL: https://build.opensuse.org/request/show/949613
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=158
2022-02-07 22:36:47 +00:00
e6222c3074
Accepting request 949610 from home:scabrero:branches:network
...
- Added hardening to systemd services; (bsc#1181400);
OBS-URL: https://build.opensuse.org/request/show/949610
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=256
2022-01-28 09:04:21 +00:00
1bc05687c3
Accepting request 949537 from home:dmulder:Bug1109830
...
- Resolve "Credential cache directory /run/user/0/krb5cc does not
exist while opening default credentials cache" by using a kernel
keyring instead of a dir cache; (bsc#1109830);
I'm not sure if manually modifying the krb5.conf from vendor-files is correct. Are these stored somewhere in a repository?
OBS-URL: https://build.opensuse.org/request/show/949537
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=255
2022-01-28 08:48:41 +00:00
Dominique Leuenberger
76bd4abcdd
Accepting request 922420 from network
...
OBS-URL: https://build.opensuse.org/request/show/922420
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=157
2021-09-30 21:43:26 +00:00
10dc124f2d
Accepting request 921724 from home:scabrero:branches:network
...
Add CVE references from SLE to prepare submission for SLE 15 SP4/Leap 15.4
OBS-URL: https://build.opensuse.org/request/show/921724
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=254
2021-09-30 16:39:57 +00:00
Dominique Leuenberger
0c7c29efce
Accepting request 917690 from network
...
OBS-URL: https://build.opensuse.org/request/show/917690
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=156
2021-09-12 18:09:33 +00:00
cba0a3d8f7
Accepting request 915042 from home:scabrero:branches:network
...
- Fix KDC null pointer dereference via a FAST inner body that
lacks a server field; (CVE-2021-37750); (bsc#1189929);
- Added patches:
* 0009-Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch
OBS-URL: https://build.opensuse.org/request/show/915042
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=253
2021-09-09 09:25:27 +00:00
Richard Brown
b8e090719d
Accepting request 910805 from network
...
OBS-URL: https://build.opensuse.org/request/show/910805
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=155
2021-08-18 06:55:06 +00:00
d342aedfcc
Accepting request 909709 from home:scabrero:branches:network
...
- Update to 1.19.2
* Fix a denial of service attack against the KDC encrypted challenge
code; (CVE-2021-36222);
* Fix a memory leak when gss_inquire_cred() is called without a
credential handle.
OBS-URL: https://build.opensuse.org/request/show/909709
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=252
2021-08-09 08:50:11 +00:00
Dominique Leuenberger
9d921b770f
Accepting request 894925 from network
...
OBS-URL: https://build.opensuse.org/request/show/894925
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=154
2021-06-01 08:33:49 +00:00
b7fb4fe943
Accepting request 889948 from home:rzl
...
- Build with full Cyrus SASL support
* Negotiating SASL credentials with an EXTERNAL bind mechanism requires
interaction. Kerberos provides its own interaction function that skips
all interaction, thus preventing the mechanism from working.
OBS-URL: https://build.opensuse.org/request/show/889948
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=250
2021-05-22 11:00:53 +00:00
Dominique Leuenberger
6472973cd4
Accepting request 888170 from network
...
OBS-URL: https://build.opensuse.org/request/show/888170
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=153
2021-04-28 23:36:29 +00:00
01edb4e3d8
Accepting request 887827 from home:scabrero:branches:network
...
- Use /run instead of /var/run for daemon PID files; (bsc#1185163);
OBS-URL: https://build.opensuse.org/request/show/887827
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=248
2021-04-24 09:17:08 +00:00
Dominique Leuenberger
fba18b14b9
Accepting request 884639 from network
...
OBS-URL: https://build.opensuse.org/request/show/884639
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=152
2021-04-15 14:56:34 +00:00
Peter Varkoly
ce0ee03f86
Accepting request 883658 from home:dirkmueller:Factory
...
- do not own %sbindir, it comes from filesystem package
OBS-URL: https://build.opensuse.org/request/show/883658
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=246
2021-04-12 12:07:29 +00:00
Richard Brown
6b0dfc7fec
Accepting request 873782 from network
...
OBS-URL: https://build.opensuse.org/request/show/873782
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=151
2021-03-02 13:41:25 +00:00