------------------------------------------------------------------- Fri Jul 25 12:17:44 CEST 2008 - mc@suse.de - add patches from SVN post 1.6.3 * krb5_string_to_keysalts: Fix an infinite loop * fix some mutex issues * better recovery from corrupt rcache files * some more small fixes ------------------------------------------------------------------- Wed Jun 18 15:33:18 CEST 2008 - mc@suse.de - reduce rpmlint warnings ------------------------------------------------------------------- Tue Dec 4 16:36:43 CET 2007 - mc@suse.de - improve GSSAPI error messages ------------------------------------------------------------------- Tue Oct 23 10:29:14 CEST 2007 - mc@suse.de - update to krb5 version 1.6.3 * fix CVE-2007-3999, CVE-2007-4743 svc_auth_gss.c buffer overflow * fix CVE-2007-4000 modify_policy vulnerability * Add PKINIT support - remove patches which are upstream now - enhance init scripts and xinetd profiles ------------------------------------------------------------------- Fri Sep 14 12:10:01 CEST 2007 - mc@suse.de - update krb5-1.6.2-post.dif * If a KDC returns KDC_ERR_SVC_UNAVAILABLE, it appears that that the client library will not failover to the next KDC. [#310540] ------------------------------------------------------------------- Tue Sep 11 15:11:34 CEST 2007 - mc@suse.de - update krb5-1.6.2-post.dif * new -S sname option for kvno * read_entropy_from_device on partial read will not fill buffer * Bail out if encoded "ticket" doesn't decode correctly. * patch for referrals loop ------------------------------------------------------------------- Thu Sep 6 10:43:50 CEST 2007 - mc@suse.de - fix a problem with the originally published patch for MITKRB5-SA-2007-006 - CVE-2007-3999 [#302377] ------------------------------------------------------------------- Wed Sep 5 12:18:38 CEST 2007 - mc@suse.de - fix execute arbitrary code (MITKRB5-SA-2007-006 - CVE-2007-3999,2007-4000) [#302377] ------------------------------------------------------------------- Tue Aug 7 11:59:05 CEST 2007 - mc@suse.de - add krb5-1.6.2-post.dif * during the referrals loop, check to see if the session key enctype of a returned credential for the final service is among the enctypes explicitly selected by the application, and retry with old_use_conf_ktypes if it is not. * If mkstemp() is available, the new ccache file gets created but the subsequent open(O_CREAT|O_EXCL) call fails because the file was already created by mkstemp(). Apply patch from Apple to keep the file descriptor open. ------------------------------------------------------------------- Thu Jul 12 17:02:19 CEST 2007 - mc@suse.de - update to version 1.6.2 - remove krb5-1.6.1-post.dif all fixes are included in this release ------------------------------------------------------------------- Mon Jul 2 11:39:54 CEST 2007 - mc@suse.de - update krb5-1.6.1-post.dif * fix leak in krb5_walk_realm_tree * rd_req_decoded needs to deal with referral realms * fix buffer overflow in kadmind (MITKRB5-SA-2007-005 - CVE-2007-2798) [#278689] * fix kadmind code execution bug (MITKRB5-SA-2007-004 - CVE-2007-2442 - CVE-2007-2443) [#271191] ------------------------------------------------------------------- Wed May 9 15:31:08 CEST 2007 - mc@suse.de - fix uninitialized salt length - add extra check for keytab file ------------------------------------------------------------------- Thu May 3 12:13:35 CEST 2007 - mc@suse.de - adding krb5-1.6.1-post.dif * fix segfault in krb5_get_init_creds_password * remove debug output in ftp client * profile stores empty string values without double quotes ------------------------------------------------------------------- Mon Apr 23 11:17:04 CEST 2007 - mc@suse.de - update to final 1.6.1 version ------------------------------------------------------------------- Mon Apr 16 14:39:58 CEST 2007 - mc@suse.de - update to version 1.6.1 Beta1 - remove obsolete patches (krb5-1.6-post.dif, krb5-1.6-patchlevel.dif) - rework compile_pie patch ------------------------------------------------------------------- Wed Apr 11 10:59:20 CEST 2007 - mc@suse.de - update krb5-1.6-post.dif * fix kadmind stack overflow in krb5_klog_syslog (MITKRB5-SA-2007-002 - CVE-2007-0957) [#253548] * fix double free attack in the RPC library (MITKRB5-SA-2007-003 - CVE-2007-1216) [#252487] * fix krb5 telnetd login injection (MIT-SA-2007-001 - CVE-2007-0956) #247765 ------------------------------------------------------------------- Thu Mar 29 12:42:51 CEST 2007 - mc@suse.de - add ncurses-devel and bison to BuildRequires - rework some patches ------------------------------------------------------------------- Mon Feb 19 14:00:34 CET 2007 - mc@suse.de - update krb5-1.6-post.dif ------------------------------------------------------------------- Fri Feb 9 13:31:54 CET 2007 - mc@suse.de - update krb5-1.6-post.dif ------------------------------------------------------------------- Mon Jan 29 17:47:22 CET 2007 - ro@suse.de - no main package, no debuginfo ------------------------------------------------------------------- Mon Jan 29 11:30:35 CET 2007 - mc@suse.de - krb5-1.6-fix-passwd-tcp.dif and krb5-1.6-fix-sendto_kdc-memset.dif are now upstream. Remove patches. - fix leak in krb5_kt_resolve and krb5_kt_wresolve ------------------------------------------------------------------- Tue Jan 23 17:21:53 CET 2007 - mc@suse.de - fix "local variable used before set" in ftp.c [#237684] - use less BuildRequires ------------------------------------------------------------------- Mon Jan 22 12:21:41 CET 2007 - mc@suse.de - initial release (version 1.6) * Major changes in 1.6 include * Partial client implementation to handle server name referrals. * Pre-authentication plug-in framework, donated by Red Hat. * LDAP KDB plug-in, donated by Novell.