This is a new source code upload with the krb5.keyring updated
The keyring missed Greg Hudson his gpg signature:
C4493CB739F4A89F9852CBC20CBA08575F8372DF
The command to create the keyring is:
gpg2 --export --export-options export-minimal \
2C732B1C0DBEF678AB3AF606A32F17FD0055C305 \
C4493CB739F4A89F9852CBC20CBA08575F8372DF > krb5.keyring
OBS-URL: https://build.opensuse.org/request/show/478007
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=185
- Upgrade from 1.14.2 to 1.14.3:
* Improve some error messages
* Improve documentation
* Allow a principal with nonexistent policy to bypass the minimum
password lifetime check, consistent with other aspects of
nonexistent policies
* Fix a rare KDC denial of service vulnerability when anonymous client
principals are restricted to obtaining TGTs only [CVE-2016-3120]
- Upgrade from 1.14.2 to 1.14.3:
* Improve some error messages
* Improve documentation
* Allow a principal with nonexistent policy to bypass the minimum
password lifetime check, consistent with other aspects of
nonexistent policies
* Fix a rare KDC denial of service vulnerability when anonymous client
principals are restricted to obtaining TGTs only [CVE-2016-3120]
OBS-URL: https://build.opensuse.org/request/show/412764
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=121
------------------------------------------------------------------
- Remove source file ccapi/common/win/OldCC/autolock.hxx
that is not needed and does not carry an acceptable license.
(bsc#968111)
- Remove comments breaking post scripts.
- Do no use systemd_requires macros in main package, it adds
unneeded dependencies which pulls systemd into minimal chroot.
- Only call %insserv_prereq when building for pre-systemd
distributions.
- Optimise some %post/%postun when only /sbin/ldconfig is called.
------------------------------------------------------------------
- Remove source file ccapi/common/win/OldCC/autolock.hxx
that is not needed and does not carry an acceptable license.
(bsc#968111)
OBS-URL: https://build.opensuse.org/request/show/406062
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=120
- Remove source file ccapi/common/win/OldCC/autolock.hxx
that is not needed and does not carry an acceptable license.
(bsc#968111)
------------------------------------------------------------------
- Remove source file ccapi/common/win/OldCC/autolock.hxx
that is not needed and does not carry an acceptable license.
(bsc#968111)
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=168
- Fix CVE-2015-8629: krb5: xdr_nullstring() doesn't check for terminating null character
with patch 0104-Verify-decoded-kadmin-C-strings-CVE-2015-8629.patch
(bsc#963968)
- Fix CVE-2015-8631: krb5: Memory leak caused by supplying a null principal name in request
with patch 0105-Fix-leaks-in-kadmin-server-stubs-CVE-2015-8631.patch
(bsc#963975)
- Fix CVE-2015-8630: krb5: krb5 doesn't check for null policy when KADM5_POLICY is set in the mask
with patch 0106-Check-for-null-kadm5-policy-name-CVE-2015-8630.patch
(bsc#963964)
OBS-URL: https://build.opensuse.org/request/show/357309
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=158
- Add two patches from Fedora, fixing two crashes:
* krb5-fix_interposer.patch
* krb5-mechglue_inqure_attrs.patch
- Update to 1.14
- dropped krb5-kvno-230379.patch
- added krbdev.mit.edu-8301.patch fixing wrong function call
Major changes in 1.14 (2015-11-20)
==================================
Administrator experience:
* Add a new kdb5_util tabdump command to provide reporting-friendly
tabular dump formats (tab-separated or CSV) for the KDC database.
Unlike the normal dump format, each output table has a fixed number
of fields. Some tables include human-readable forms of data that
are opaque in ordinary dump files. This format is also suitable for
importing into relational databases for complex queries.
* Add support to kadmin and kadmin.local for specifying a single
command line following any global options, where the command
arguments are split by the shell--for example, "kadmin getprinc
principalname". Commands issued this way do not prompt for
confirmation or display warning messages, and exit with non-zero
status if the operation fails.
* Accept the same principal flag names in kadmin as we do for the
default_principal_flags kdc.conf variable, and vice versa. Also
accept flag specifiers in the form that kadmin prints, as well as
hexadecimal numbers.
* Remove the triple-DES and RC4 encryption types from the default
value of supported_enctypes, which determines the default key and
salt types for new password-derived keys. By default, keys will
only created only for AES128 and AES256. This mitigates some types
OBS-URL: https://build.opensuse.org/request/show/353069
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=114
