* Add support for doing unlocked database dumps for the DB2 KDC back end,
* krb5-1.7-doublelog.patch
- Work around replay cache creation race; (bnc#898439).
krb5-1.13-work-around-replay-cache-creation-race.patch
- bnc#897874 CVE-2014-5351: krb5: current keys returned when randomizing the keys for a service principal
- added patches:
* bnc#897874-CVE-2014-5351.diff
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=141
krb5-1.12-CVE-2014-4341-CVE-2014-4342.patch
- start krb5kdc after slapd (bnc#886102)
- obsolete krb5-plugin-preauth-pkinit-nss (bnc#881674)
similar functionality is provided by krb5-plugin-preauth-pkinit
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=121
- update to version 1.12.1
* Make KDC log service principal names more consistently during
some error conditions, instead of "<unknown server>"
* Fix several bugs related to building AES-NI support on less
common configurations
* Fix several bugs related to keyring credential caches
- upstream obsoletes:
krb5-1.12-copy_context.patch
krb5-1.12-enable-NX.patch
krb5-1.12-pic-aes-ni.patch
krb5-master-no-malloc0.patch
krb5-master-ignore-empty-unnecessary-final-token.patch
krb5-master-gss_oid_leak.patch
krb5-master-keytab_close.patch
krb5-master-spnego_error_messages.patch
- Fix Get time offsets for all keyring ccaches
krb5-master-keyring-kdcsync.patch (RT#7820)
OBS-URL: https://build.opensuse.org/request/show/215374
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=98
* Make KDC log service principal names more consistently during
some error conditions, instead of "<unknown server>"
* Fix several bugs related to building AES-NI support on less
common configurations
* Fix several bugs related to keyring credential caches
- upstream obsoletes:
krb5-1.12-copy_context.patch
krb5-1.12-enable-NX.patch
krb5-1.12-pic-aes-ni.patch
krb5-master-no-malloc0.patch
krb5-master-ignore-empty-unnecessary-final-token.patch
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=117
- update to version 1.12
* Add GSSAPI extensions for constructing MIC tokens using IOV lists
* Add a FAST OTP preauthentication module for the KDC which uses
RADIUS to validate OTP token values.
* The AES-based encryption types will use AES-NI instructions
when possible for improved performance.
- revert dependency on libcom_err-mini-devel since it's not yet
available
- update and rebase patches
OBS-URL: https://build.opensuse.org/request/show/213903
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=114
Reduce build dependencies for krb5-mini
This requires a change to e2fsprogs which will include
the creation of e2fsprogs-mini, so it shouldn't be accepted
before that other change is accepted
- Reduce build dependencies for krb5-mini by removing
doxygen and changing libcom_err-devel to
libcom_err-mini-devel
- Small fix to pre_checkin.sh so krb5-mini.spec is correct.
- Reduce build dependencies for krb5-mini by removing
doxygen and changing libcom_err-devel to
libcom_err-mini-devel
- Small fix to pre_checkin.sh so krb5-mini.spec is correct.
OBS-URL: https://build.opensuse.org/request/show/210105
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=112
- install and enable systemd service files also in -mini package
- remove fstack-protector-all from CFLAGS, just use the
lighter/fast version already present in %optflags
- Use LFS_CFLAGS to build in 32 bit archs.
- install and enable systemd service files also in -mini package
- remove fstack-protector-all from CFLAGS, just use the
lighter/fast version already present in %optflags
- Use LFS_CFLAGS to build in 32 bit archs.
OBS-URL: https://build.opensuse.org/request/show/180770
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=94
- update to version 1.11.3
- Fix a UDP ping-pong vulnerability in the kpasswd
(password changing) service. [CVE-2002-2443]
- Improve interoperability with some Windows native PKINIT clients.
- install translation files
- remove outdated configure options
- update to version 1.11.3
- Fix a UDP ping-pong vulnerability in the kpasswd
(password changing) service. [CVE-2002-2443]
- Improve interoperability with some Windows native PKINIT clients.
- install translation files
- remove outdated configure options
OBS-URL: https://build.opensuse.org/request/show/178349
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=93
- let krb5-mini conflict with all main packages
- add conflicts between krb5-mini and krb5-server
- update to version 1.11.2
* Incremental propagation could erroneously act as if a slave's
database were current after the slave received a full dump
that failed to load.
* gss_import_sec_context incorrectly set internal state that
identifies whether an imported context is from an interposer
mechanism or from the underlying mechanism.
- upstream fix obsolete krb5-lookup_etypes-leak.patch
- let krb5-mini conflict with all main packages
- add conflicts between krb5-mini and krb5-server
- update to version 1.11.2
* Incremental propagation could erroneously act as if a slave's
database were current after the slave received a full dump
that failed to load.
* gss_import_sec_context incorrectly set internal state that
identifies whether an imported context is from an interposer
mechanism or from the underlying mechanism.
- upstream fix obsolete krb5-lookup_etypes-leak.patch
OBS-URL: https://build.opensuse.org/request/show/174393
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=91
* Incremental propagation could erroneously act as if a slave's
database were current after the slave received a full dump
that failed to load.
* gss_import_sec_context incorrectly set internal state that
identifies whether an imported context is from an interposer
mechanism or from the underlying mechanism.
- upstream fix obsolete krb5-lookup_etypes-leak.patch
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=97
- add conflicts between krb5-mini-devel and krb5-devel
- add conflicts between krb5-mini and krb5 and krb5-client
- enable selinux and set openssl as crypto implementation
- fix path to executables in service files
(bnc#810926)
- update to version 1.11.1
* Improve ASN.1 support code, making it table-driven for
decoding as well as encoding
* Refactor parts of KDC
* Documentation consolidation
* build docs in the main package
* bugfixing
- changes of patches:
* bug-806715-CVE-2013-1415-fix-PKINIT-null-pointer-deref.dif:
upstream
* bug-807556-CVE-2012-1016-fix-PKINIT-null-pointer-deref2.dif:
upstream
* krb5-1.10-gcc47.patch: upstream
* krb5-1.10-selinux-label.patch replaced by
krb5-1.11-selinux-label.patch
* krb5-1.10-spin-loop.patch: upstream
* krb5-1.3.5-perlfix.dif: the tool was removed from upstream
* krb5-1.8-pam.patch replaced by
krb5-1.11-pam.patch
- add conflicts between krb5-mini-devel and krb5-devel
OBS-URL: https://build.opensuse.org/request/show/162619
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=90