krb5/krb5-plugins.changes

-------------------------------------------------------------------
Fri Jul 25 12:17:44 CEST 2008 - mc@suse.de

- add patches from SVN post 1.6.3
  * krb5_string_to_keysalts: Fix an infinite loop
  * fix some mutex issues
  * better recovery from corrupt rcache files
  * some more small fixes 

-------------------------------------------------------------------
Wed Jun 18 15:33:18 CEST 2008 - mc@suse.de

- reduce rpmlint warnings

-------------------------------------------------------------------
Tue Dec  4 16:36:43 CET 2007 - mc@suse.de

- improve GSSAPI error messages

-------------------------------------------------------------------
Tue Oct 23 10:29:14 CEST 2007 - mc@suse.de

- update to krb5 version 1.6.3
  * fix CVE-2007-3999, CVE-2007-4743 svc_auth_gss.c buffer overflow
  * fix CVE-2007-4000 modify_policy vulnerability
  * Add PKINIT support
- remove patches which are upstream now
- enhance init scripts and xinetd profiles

-------------------------------------------------------------------
Fri Sep 14 12:10:01 CEST 2007 - mc@suse.de

- update krb5-1.6.2-post.dif
  * If a KDC returns KDC_ERR_SVC_UNAVAILABLE, it appears that
    that the client library will not failover to the next KDC. 
    [#310540]

-------------------------------------------------------------------
Tue Sep 11 15:11:34 CEST 2007 - mc@suse.de

- update krb5-1.6.2-post.dif
  * new -S sname option for kvno
  * read_entropy_from_device on partial read will not fill buffer
  * Bail out if encoded "ticket" doesn't decode correctly.
  * patch for referrals loop

-------------------------------------------------------------------
Thu Sep  6 10:43:50 CEST 2007 - mc@suse.de

- fix a problem with the originally published patch
  for MITKRB5-SA-2007-006 - CVE-2007-3999
  [#302377]

-------------------------------------------------------------------
Wed Sep  5 12:18:38 CEST 2007 - mc@suse.de

- fix execute arbitrary code
  (MITKRB5-SA-2007-006 - CVE-2007-3999,2007-4000)
  [#302377]

-------------------------------------------------------------------
Tue Aug  7 11:59:05 CEST 2007 - mc@suse.de

- add krb5-1.6.2-post.dif
  * during the referrals loop, check to see if the
    session key enctype of a returned credential for the final
    service is among the enctypes explicitly selected by the
    application, and retry with old_use_conf_ktypes if it is not.
  * If mkstemp() is available, the new ccache file gets created but
    the subsequent open(O_CREAT|O_EXCL) call fails because the file
    was already created by mkstemp(). Apply patch from Apple to keep
    the file descriptor open.

-------------------------------------------------------------------
Thu Jul 12 17:02:19 CEST 2007 - mc@suse.de

- update to version 1.6.2
- remove krb5-1.6.1-post.dif all fixes are included in this release

-------------------------------------------------------------------
Mon Jul  2 11:39:54 CEST 2007 - mc@suse.de

- update krb5-1.6.1-post.dif
  * fix leak in krb5_walk_realm_tree
  * rd_req_decoded needs to deal with referral realms
  * fix buffer overflow in kadmind
    (MITKRB5-SA-2007-005 - CVE-2007-2798)
    [#278689]
  * fix kadmind code execution bug
    (MITKRB5-SA-2007-004 - CVE-2007-2442 - CVE-2007-2443)
    [#271191]

-------------------------------------------------------------------
Wed May  9 15:31:08 CEST 2007 - mc@suse.de

- fix uninitialized salt length
- add extra check for keytab file

-------------------------------------------------------------------
Thu May  3 12:13:35 CEST 2007 - mc@suse.de

- adding krb5-1.6.1-post.dif
  * fix segfault in krb5_get_init_creds_password
  * remove debug output in ftp client
  * profile stores empty string values without double quotes

-------------------------------------------------------------------
Mon Apr 23 11:17:04 CEST 2007 - mc@suse.de

- update to final 1.6.1 version 

-------------------------------------------------------------------
Mon Apr 16 14:39:58 CEST 2007 - mc@suse.de

- update to version 1.6.1 Beta1
- remove obsolete patches
  (krb5-1.6-post.dif, krb5-1.6-patchlevel.dif)
- rework compile_pie patch

-------------------------------------------------------------------
Wed Apr 11 10:59:20 CEST 2007 - mc@suse.de

- update krb5-1.6-post.dif
   * fix kadmind stack overflow in krb5_klog_syslog
     (MITKRB5-SA-2007-002 - CVE-2007-0957)
     [#253548]
   * fix double free attack in the RPC library
     (MITKRB5-SA-2007-003 - CVE-2007-1216)
     [#252487]
   * fix krb5 telnetd login injection
     (MIT-SA-2007-001 - CVE-2007-0956)
     #247765

-------------------------------------------------------------------
Thu Mar 29 12:42:51 CEST 2007 - mc@suse.de

- add ncurses-devel and bison to BuildRequires
- rework some patches

-------------------------------------------------------------------
Mon Feb 19 14:00:34 CET 2007 - mc@suse.de

- update krb5-1.6-post.dif 

-------------------------------------------------------------------
Fri Feb  9 13:31:54 CET 2007 - mc@suse.de

- update krb5-1.6-post.dif 

-------------------------------------------------------------------
Mon Jan 29 17:47:22 CET 2007 - ro@suse.de

- no main package, no debuginfo

-------------------------------------------------------------------
Mon Jan 29 11:30:35 CET 2007 - mc@suse.de

- krb5-1.6-fix-passwd-tcp.dif and krb5-1.6-fix-sendto_kdc-memset.dif
  are now upstream. Remove patches.
- fix leak in krb5_kt_resolve and krb5_kt_wresolve

-------------------------------------------------------------------
Tue Jan 23 17:21:53 CET 2007 - mc@suse.de

- fix "local variable used before set" in ftp.c
  [#237684]
- use less BuildRequires 

-------------------------------------------------------------------
Mon Jan 22 12:21:41 CET 2007 - mc@suse.de

- initial release (version 1.6)
  * Major changes in 1.6 include
    * Partial client implementation to handle server name referrals.
    * Pre-authentication plug-in framework, donated by Red Hat.
    * LDAP KDB plug-in, donated by Novell.