ebe2f14d13
* Improve ASN.1 support code, making it table-driven for decoding as well as encoding * Refactor parts of KDC * Documentation consolidation * build docs in the main package * bugfixing - revert the -p usage in %postun to fix SLE build - update to version 1.11 * Improve ASN.1 support code, making it table-driven for decoding as well as encoding * Refactor parts of KDC * Documentation consolidation * build docs in the main package * bugfixing OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=81
1013 lines
34 KiB
Plaintext
1013 lines
34 KiB
Plaintext
-------------------------------------------------------------------
|
|
Sun Jan 13 15:01:50 UTC 2013 - mc@suse.com
|
|
|
|
- update to version 1.11
|
|
* Improve ASN.1 support code, making it table-driven for
|
|
decoding as well as encoding
|
|
* Refactor parts of KDC
|
|
* Documentation consolidation
|
|
* build docs in the main package
|
|
* bugfixing
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Oct 16 19:35:47 UTC 2012 - coolo@suse.com
|
|
|
|
- revert the -p usage in %postun to fix SLE build
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Oct 16 12:05:00 UTC 2012 - coolo@suse.com
|
|
|
|
- buildrequire systemd by pkgconfig provide to get systemd-mini
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Oct 13 16:50:59 UTC 2012 - coolo@suse.com
|
|
|
|
- do not require systemd in krb5-mini
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Oct 5 15:50:38 CEST 2012 - mc@suse.de
|
|
|
|
- add systemd service files for kadmind, krb5kdc and kpropd
|
|
- add sysconfig templates for kadmind and krb5kdc
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jun 13 08:40:56 UTC 2012 - coolo@suse.com
|
|
|
|
- fix %files section for krb5-mini
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jun 7 11:39:18 UTC 2012 - mc@suse.de
|
|
|
|
- fix gcc47 issues
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jun 6 16:25:41 CEST 2012 - mc@suse.de
|
|
|
|
- update to version 1.10.2
|
|
obsolte patches:
|
|
* krb5-1.7-nodeplibs.patch
|
|
* krb5-1.9.1-ai_addrconfig.patch
|
|
* krb5-1.9.1-ai_addrconfig2.patch
|
|
* krb5-1.9.1-sendto_poll.patch
|
|
* krb5-1.9-canonicalize-fallback.patch
|
|
* krb5-1.9-paren.patch
|
|
* krb5-klist_s.patch
|
|
* krb5-pkinit-cms2.patch
|
|
* krb5-trunk-chpw-err.patch
|
|
* krb5-trunk-gss_delete_sec.patch
|
|
* krb5-trunk-kadmin-oldproto.patch
|
|
* krb5-1.9-MITKRB5-SA-2011-006.dif
|
|
* krb5-1.9-gss_display_status-iakerb.patch
|
|
* krb5-1.9.1-sendto_poll2.patch
|
|
* krb5-1.9.1-sendto_poll3.patch
|
|
* krb5-1.9-MITKRB5-SA-2011-007.dif
|
|
- Fix an interop issue with Windows Server 2008 R2 Read-Only Domain
|
|
Controllers.
|
|
- Update a workaround for a glibc bug that would cause DNS PTR queries
|
|
to occur even when rdns = false.
|
|
- Fix a kadmind denial of service issue (null pointer dereference),
|
|
which could only be triggered by an administrator with the "create"
|
|
privilege. [CVE-2012-1013]
|
|
- Fix access controls for KDB string attributes [CVE-2012-1012]
|
|
- Make the ASN.1 encoding of key version numbers interoperate with
|
|
Windows Read-Only Domain Controllers
|
|
- Avoid generating spurious password expiry warnings in cases where
|
|
the KDC sends an account expiry time without a password expiry time
|
|
- Make PKINIT work with FAST in the client library.
|
|
- Add the DIR credential cache type, which can hold a collection of
|
|
credential caches.
|
|
- Enhance kinit, klist, and kdestroy to support credential cache
|
|
collections if the cache type supports it.
|
|
- Add the kswitch command, which changes the selected default cache
|
|
within a collection.
|
|
- Add heuristic support for choosing client credentials based on
|
|
the service realm.
|
|
- Add support for $HOME/.k5identity, which allows credential
|
|
choice based on configured rules.
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Feb 26 22:23:15 UTC 2012 - stefan.bruens@rwth-aachen.de
|
|
|
|
- add autoconf macro to devel subpackage
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jan 31 15:33:05 CET 2012 - meissner@suse.de
|
|
|
|
- fix license in krb5-mini
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Dec 20 20:57:26 UTC 2011 - coolo@suse.com
|
|
|
|
- add autoconf as buildrequire to avoid implicit dependency
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Dec 20 11:01:39 UTC 2011 - coolo@suse.com
|
|
|
|
- remove call to suse_update_config, very old work around
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Nov 21 11:24:12 CET 2011 - mc@suse.de
|
|
|
|
- fix KDC null pointer dereference in TGS handling
|
|
(MITKRB5-SA-2011-007, bnc#730393)
|
|
CVE-2011-1530
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Nov 21 11:11:54 CET 2011 - mc@suse.de
|
|
|
|
- fix KDC HA feature introduced with implementing KDC poll
|
|
(RT#6951, bnc#731648)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Nov 18 08:35:52 UTC 2011 - rhafer@suse.de
|
|
|
|
- fix minor error messages for the IAKERB GSSAPI mechanism
|
|
(see: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7020)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Oct 17 16:11:03 CEST 2011 - mc@suse.de
|
|
|
|
- fix kdc remote denial of service
|
|
(MITKRB5-SA-2011-006, bnc#719393)
|
|
CVE-2011-1527, CVE-2011-1528, CVE-2011-1529
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 23 13:52:03 CEST 2011 - mc@suse.de
|
|
|
|
- use --without-pam to build krb5-mini
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Aug 21 09:37:01 UTC 2011 - mc@novell.com
|
|
|
|
- add patches from Fedora and upstream
|
|
- fix init scripts (bnc#689006)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 19 15:48:35 UTC 2011 - mc@novell.com
|
|
|
|
- update to version 1.9.1
|
|
* obsolete patches:
|
|
MITKRB5-SA-2010-007-1.8.dif
|
|
krb5-1.8-MITKRB5-SA-2010-006.dif
|
|
krb5-1.8-MITKRB5-SA-2011-001.dif
|
|
krb5-1.8-MITKRB5-SA-2011-002.dif
|
|
krb5-1.8-MITKRB5-SA-2011-003.dif
|
|
krb5-1.8-MITKRB5-SA-2011-004.dif
|
|
krb5-1.4.3-enospc.dif
|
|
* replace krb5-1.6.1-compile_pie.dif
|
|
-------------------------------------------------------------------
|
|
Thu Apr 14 11:33:18 CEST 2011 - mc@suse.de
|
|
|
|
- fix kadmind invalid pointer free()
|
|
(MITKRB5-SA-2011-004, bnc#687469)
|
|
CVE-2011-0285
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 1 12:43:22 CET 2011 - mc@suse.de
|
|
|
|
- Fix vulnerability to a double-free condition in KDC daemon
|
|
(MITKRB5-SA-2011-003, bnc#671717)
|
|
CVE-2011-0284
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 19 14:42:27 CET 2011 - mc@suse.de
|
|
|
|
- Fix kpropd denial of service
|
|
(MITKRB5-SA-2011-001, bnc#662665)
|
|
CVE-2010-4022
|
|
- Fix KDC denial of service attacks with LDAP back end
|
|
(MITKRB5-SA-2011-002, bnc#663619)
|
|
CVE-2011-0281, CVE-2011-0282
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Dec 1 11:44:15 CET 2010 - mc@suse.de
|
|
|
|
- Fix multiple checksum handling vulnerabilities
|
|
(MITKRB5-SA-2010-007, bnc#650650)
|
|
CVE-2010-1324
|
|
* krb5 GSS-API applications may accept unkeyed checksums
|
|
* krb5 application services may accept unkeyed PAC checksums
|
|
* krb5 KDC may accept low-entropy KrbFastArmoredReq checksums
|
|
CVE-2010-1323
|
|
* krb5 clients may accept unkeyed SAM-2 challenge checksums
|
|
* krb5 may accept KRB-SAFE checksums with low-entropy derived keys
|
|
CVE-2010-4020
|
|
* krb5 may accept authdata checksums with low-entropy derived keys
|
|
CVE-2010-4021
|
|
* krb5 KDC may issue unrequested tickets due to KrbFastReq forgery
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 28 12:53:13 CEST 2010 - mc@suse.de
|
|
|
|
- fix csh profile (bnc#649856)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Oct 22 11:15:43 CEST 2010 - mc@suse.de
|
|
|
|
- update to krb5-1.8.3
|
|
* remove patches which are now upstrem
|
|
- krb5-1.7-MITKRB5-SA-2010-004.dif
|
|
- krb5-1.8.1-gssapi-error-table.dif
|
|
- krb5-MITKRB5-SA-2010-005.dif
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Oct 22 10:49:11 CEST 2010 - mc@suse.de
|
|
|
|
- change environment variable PATH directly for csh
|
|
(bnc#642080)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 27 11:42:43 CEST 2010 - mc@suse.de
|
|
|
|
- fix a dereference of an uninitialized pointer while processing
|
|
authorization data.
|
|
CVE-2010-1322, MITKRB5-SA-2010-006 (bnc#640990)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jun 21 21:31:53 UTC 2010 - lchiquitto@novell.com
|
|
|
|
- add correct error table when initializing gss-krb5 (bnc#606584,
|
|
bnc#608295)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed May 19 14:27:19 CEST 2010 - mc@suse.de
|
|
|
|
- fix GSS-API library null pointer dereference
|
|
CVE-2010-1321, MITKRB5-SA-2010-005 (bnc#596826)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Apr 14 11:36:32 CEST 2010 - mc@suse.de
|
|
|
|
- fix a double free vulnerability in the KDC
|
|
CVE-2010-1320, MITKRB5-SA-2010-004 (bnc#596002)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Apr 9 12:43:44 CEST 2010 - mc@suse.de
|
|
|
|
- update to version 1.8.1
|
|
* include krb5-1.8-POST.dif
|
|
* include MITKRB5-SA-2010-002
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Apr 6 14:14:56 CEST 2010 - mc@suse.de
|
|
|
|
- update krb5-1.8-POST.dif
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 23 14:32:41 CET 2010 - mc@suse.de
|
|
|
|
- fix a bug where an unauthenticated remote attacker could cause
|
|
a GSS-API application including the Kerberos administration
|
|
daemon (kadmind) to crash.
|
|
CVE-2010-0628, MITKRB5-SA-2010-002 (bnc#582557)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 23 12:33:26 CET 2010 - mc@suse.de
|
|
|
|
- add post 1.8 fixes
|
|
* Add IPv6 support to changepw.c
|
|
* fix two problems in kadm5_get_principal mask handling
|
|
* Ignore improperly encoded signedpath AD elements
|
|
* handle NT_SRV_INST in service principal referrals
|
|
* dereference options while checking
|
|
KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT
|
|
* Fix the kpasswd fallback from the ccache principal name
|
|
* Document the ticket_lifetime libdefaults setting
|
|
* Change KRB5_AUTHDATA_SIGNTICKET from 142 to 512
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 4 10:42:29 CET 2010 - mc@suse.de
|
|
|
|
- update to version 1.8
|
|
* Increase code quality
|
|
* Move toward improved KDB interface
|
|
* Investigate and remedy repeatedly-reported performance
|
|
bottlenecks.
|
|
* Reduce DNS dependence by implementing an interface that allows
|
|
client library to track whether a KDC supports service
|
|
principal referrals.
|
|
* Disable DES by default
|
|
* Account lockout for repeated login failures
|
|
* Bridge layer to allow Heimdal HDB modules to act as KDB
|
|
backend modules
|
|
* FAST enhancements
|
|
* Microsoft Services for User (S4U) compatibility
|
|
* Anonymous PKINIT
|
|
- fix KDC denial of service
|
|
CVE-2010-0283, MITKRB5-SA-2010-001 (bnc#571781)
|
|
- fix KDC denial of service in cross-realm referral processing
|
|
CVE-2009-3295, MITKRB5-SA-2009-003 (bnc#561347)
|
|
- fix integer underflow in AES and RC4 decryption
|
|
CVE-2009-4212, MITKRB5-SA-2009-004 (bnc#561351)
|
|
- moved krb5 applications (telnet, ftp, rlogin, ...) to krb5-appl
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Dec 14 16:32:01 CET 2009 - jengelh@medozas.de
|
|
|
|
- add baselibs.conf as a source
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Nov 13 16:51:37 CET 2009 - mc@suse.de
|
|
|
|
- enhance '$PATH' only if the directories are available
|
|
and not empty (bnc#544949)
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Jul 12 21:36:17 CEST 2009 - coolo@novell.com
|
|
|
|
- readd lost baselibs.conf
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jun 3 10:23:42 CEST 2009 - mc@suse.de
|
|
|
|
- update to final 1.7 release
|
|
|
|
-------------------------------------------------------------------
|
|
Wed May 13 11:30:42 CEST 2009 - mc@suse.de
|
|
|
|
- update to version 1.7 Beta2
|
|
* Incremental propagation support for the KDC database.
|
|
* Flexible Authentication Secure Tunneling (FAST), a preauthentiation
|
|
framework that can protect the AS exchange from dictionary attack.
|
|
* Implement client and KDC support for GSS_C_DELEG_POLICY_FLAG, which
|
|
allows a GSS application to request credential delegation only if
|
|
permitted by KDC policy.
|
|
* Fix CVE-2009-0844, CVE-2009-0845, CVE-2009-0846, CVE-2009-0847 --
|
|
various vulnerabilities in SPNEGO and ASN.1 code.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Feb 16 13:04:26 CET 2009 - mc@suse.de
|
|
|
|
- update to pre 1.7 version
|
|
* Remove support for version 4 of the Kerberos protocol (krb4).
|
|
* New libdefaults configuration variable "allow_weak_crypto".
|
|
* Client library now follows client principal referrals, for
|
|
compatibility with Windows.
|
|
* KDC can issue realm referrals for service principals based on domain
|
|
names.
|
|
* Encryption algorithm negotiation (RFC 4537).
|
|
* In the replay cache, use a hash over the complete ciphertext to
|
|
avoid false-positive replay indications.
|
|
* Microsoft GSS_WrapEX, implemented using the gss_iov API, which is
|
|
similar to the equivalent SSPI functionality.
|
|
* DCE RPC, including three-leg GSS context setup and unencapsulated
|
|
GSS tokens.
|
|
* NTLM recognition support in GSS-API, to facilitate dropping in an
|
|
NTLM implementation.
|
|
* KDC support for principal aliases, if the back end supports them.
|
|
* Microsoft set/change password (RFC 3244) protocol in kadmind.
|
|
* Master key rollover support.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 14 09:21:36 CET 2009 - olh@suse.de
|
|
|
|
- obsolete also old heimdal-lib-XXbit and heimdal-devel-XXbit
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Dec 11 14:12:57 CET 2008 - mc@suse.de
|
|
|
|
- do not query IPv6 addresses if no IPv6 address exists on this host
|
|
[bnc#449143]
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Dec 10 12:34:56 CET 2008 - olh@suse.de
|
|
|
|
- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade
|
|
(bnc#437293)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 30 12:34:56 CET 2008 - olh@suse.de
|
|
|
|
- obsolete old -XXbit packages (bnc#437293)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Sep 26 18:13:19 CEST 2008 - mc@suse.de
|
|
|
|
- in case we use ldap as database backend, ldap should be
|
|
started before krb5kdc
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jul 28 10:43:29 CEST 2008 - mc@suse.de
|
|
|
|
- add new fixes to post 1.6.3 patch
|
|
* fix mem leak in krb5_gss_accept_sec_context()
|
|
* keep minor_status
|
|
* kadm5_decrypt_key: A ktype of -1 is documented as meaning
|
|
"to be ignored"
|
|
* Reject socket fds > FD_SETSIZE
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jul 25 12:13:24 CEST 2008 - mc@suse.de
|
|
|
|
- add patches from SVN post 1.6.3
|
|
* krb5_string_to_keysalts: Fix an infinite loop
|
|
* fix some mutex issues
|
|
* better recovery from corrupt rcache files
|
|
* some more small fixes
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jun 18 15:30:18 CEST 2008 - mc@suse.de
|
|
|
|
- add case-insensitive.dif (FATE#300771)
|
|
- minor fixes for ktutil man page
|
|
- reduce rpmlint warnings
|
|
|
|
-------------------------------------------------------------------
|
|
Wed May 14 17:44:59 CEST 2008 - mc@suse.de
|
|
|
|
- Fall back to TCP on kdc-unresolvable/unreachable errors.
|
|
- restore valid sequence number before generating requests
|
|
(fix changing passwords in mixed ipv4/ipv6 enviroments)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de
|
|
|
|
- added baselibs.conf file to build xxbit packages
|
|
for multilib support
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Apr 9 12:04:48 CEST 2008 - mc@suse.de
|
|
|
|
- modify krb5-config to not output rpath and cflags in --libs
|
|
(bnc#378270)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Mar 14 11:27:55 CET 2008 - mc@suse.de
|
|
|
|
- fix two security bugs:
|
|
* MITKRB5-SA-2008-001(CVE-2008-0062, CVE-2008-0063)
|
|
fix double free [bnc#361373]
|
|
* MITKRB5-SA-2008-002(CVE-2008-0947, CVE-2008-0948)
|
|
Memory corruption while too many open file descriptors
|
|
[bnc#363151]
|
|
- change default config file. Comment out the examples.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Dec 14 10:48:52 CET 2007 - mc@suse.de
|
|
|
|
- fix several security bugs:
|
|
* CVE-2007-5894 apparent uninit length
|
|
* CVE-2007-5902 integer overflow
|
|
* CVE-2007-5971 free of non-heap pointer and double-free
|
|
* CVE-2007-5972 double fclose()
|
|
[#346745, #346748, #346746, #346749, #346747]
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Dec 4 16:36:07 CET 2007 - mc@suse.de
|
|
|
|
- improve GSSAPI error messages
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 6 13:53:17 CET 2007 - mc@suse.de
|
|
|
|
- add coreutils to PreReq
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Oct 23 10:24:25 CEST 2007 - mc@suse.de
|
|
|
|
- update to krb5 version 1.6.3
|
|
* fix CVE-2007-3999, CVE-2007-4743 svc_auth_gss.c buffer overflow
|
|
* fix CVE-2007-4000 modify_policy vulnerability
|
|
* Add PKINIT support
|
|
- remove patches which are upstream now
|
|
- enhance init scripts and xinetd profiles
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Sep 14 12:08:55 CEST 2007 - mc@suse.de
|
|
|
|
- update krb5-1.6.2-post.dif
|
|
* If a KDC returns KDC_ERR_SVC_UNAVAILABLE, it appears that
|
|
that the client library will not failover to the next KDC.
|
|
[#310540]
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 11 15:09:14 CEST 2007 - mc@suse.de
|
|
|
|
- update krb5-1.6.2-post.dif
|
|
* new -S sname option for kvno
|
|
* read_entropy_from_device on partial read will not fill buffer
|
|
* Bail out if encoded "ticket" doesn't decode correctly.
|
|
* patch for referrals loop
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 6 10:43:39 CEST 2007 - mc@suse.de
|
|
|
|
- fix a problem with the originally published patch
|
|
for MITKRB5-SA-2007-006 - CVE-2007-3999
|
|
[#302377]
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Sep 5 12:18:21 CEST 2007 - mc@suse.de
|
|
|
|
- fix execute arbitrary code
|
|
(MITKRB5-SA-2007-006 - CVE-2007-3999,2007-4000)
|
|
[#302377]
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 7 11:56:41 CEST 2007 - mc@suse.de
|
|
|
|
- add krb5-1.6.2-post.dif
|
|
* during the referrals loop, check to see if the
|
|
session key enctype of a returned credential for the final
|
|
service is among the enctypes explicitly selected by the
|
|
application, and retry with old_use_conf_ktypes if it is not.
|
|
* If mkstemp() is available, the new ccache file gets created but
|
|
the subsequent open(O_CREAT|O_EXCL) call fails because the file
|
|
was already created by mkstemp(). Apply patch from Apple to keep
|
|
the file descriptor open.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jul 12 17:01:28 CEST 2007 - mc@suse.de
|
|
|
|
- update to version 1.6.2
|
|
- remove krb5-1.6.1-post.dif all fixes are included in this release
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jul 5 18:10:28 CEST 2007 - mc@suse.de
|
|
|
|
- change requires to libcom_err-devel
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jul 2 11:26:47 CEST 2007 - mc@suse.de
|
|
|
|
- update krb5-1.6.1-post.dif
|
|
* fix leak in krb5_walk_realm_tree
|
|
* rd_req_decoded needs to deal with referral realms
|
|
* fix buffer overflow in kadmind
|
|
(MITKRB5-SA-2007-005 - CVE-2007-2798)
|
|
[#278689]
|
|
* fix kadmind code execution bug
|
|
(MITKRB5-SA-2007-004 - CVE-2007-2442 - CVE-2007-2443)
|
|
[#271191]
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jun 14 17:44:12 CEST 2007 - mc@suse.de
|
|
|
|
- fix unstripped-binary-or-object rpmlint warning
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jun 11 18:04:23 CEST 2007 - sschober@suse.de
|
|
|
|
- fixing rpmlint warnings and errors:
|
|
* merged logrotate scripts kadmin and krb5kdc into a single file
|
|
krb5-server.
|
|
* moved heimdal2mit-DumpConvert.pl and simple_convert_krb5conf.pl
|
|
from /usr/share/doc/packages/krb5 to /usr/lib/mit/helper.
|
|
adapted krb5.spec and README.ConvertHeimdalMIT accordingly.
|
|
* added surpression filter for
|
|
"devel-file-in-non-devel-package /usr/lib/libgssapi_krb5.so"
|
|
(see [#147912]).
|
|
* set default runlevel of init scripts in chkconfig line to 3 and
|
|
5
|
|
|
|
-------------------------------------------------------------------
|
|
Wed May 9 15:30:53 CEST 2007 - mc@suse.de
|
|
|
|
- fix uninitialized salt length
|
|
- add extra check for keytab file
|
|
|
|
-------------------------------------------------------------------
|
|
Thu May 3 12:11:29 CEST 2007 - mc@suse.de
|
|
|
|
- adding krb5-1.6.1-post.dif
|
|
* fix segfault in krb5_get_init_creds_password
|
|
* remove debug output in ftp client
|
|
* profile stores empty string values without double quotes
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Apr 23 11:15:10 CEST 2007 - mc@suse.de
|
|
|
|
- update to final 1.6.1 version
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Apr 18 14:48:03 CEST 2007 - mc@suse.de
|
|
|
|
- add plugin directories to main package
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Apr 16 14:38:08 CEST 2007 - mc@suse.de
|
|
|
|
- update to version 1.6.1 Beta1
|
|
- remove obsolete patches
|
|
(krb5-1.6-post.dif, krb5-1.6-patchlevel.dif)
|
|
- rework compile_pie patch
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Apr 11 10:58:09 CEST 2007 - mc@suse.de
|
|
|
|
- update krb5-1.6-post.dif
|
|
* fix kadmind stack overflow in krb5_klog_syslog
|
|
(MITKRB5-SA-2007-002 - CVE-2007-0957)
|
|
[#253548]
|
|
* fix double free attack in the RPC library
|
|
(MITKRB5-SA-2007-003 - CVE-2007-1216)
|
|
[#252487]
|
|
* fix krb5 telnetd login injection
|
|
(MIT-SA-2007-001 - CVE-2007-0956)
|
|
#247765
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 29 12:41:57 CEST 2007 - mc@suse.de
|
|
|
|
- add ncurses-devel and bison to BuildRequires
|
|
- rework some patches
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 5 11:01:20 CET 2007 - mc@suse.de
|
|
|
|
- move SuSEFirewall service definitions to
|
|
/etc/sysconfig/SuSEfirewall2.d/services
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 22 11:13:48 CET 2007 - mc@suse.de
|
|
|
|
- add firewall definition to krb5-server, FATE #300687
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Feb 19 13:59:43 CET 2007 - mc@suse.de
|
|
|
|
- update krb5-1.6-post.dif
|
|
- move some applications into the right package
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 9 13:31:22 CET 2007 - mc@suse.de
|
|
|
|
- update krb5-1.6-post.dif
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 29 11:27:23 CET 2007 - mc@suse.de
|
|
|
|
- krb5-1.6-fix-passwd-tcp.dif and krb5-1.6-fix-sendto_kdc-memset.dif
|
|
are now upstream. Remove patches.
|
|
- fix leak in krb5_kt_resolve and krb5_kt_wresolve
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jan 23 17:21:12 CET 2007 - mc@suse.de
|
|
|
|
- fix "local variable used before set" in ftp.c
|
|
[#237684]
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 22 16:39:27 CET 2007 - mc@suse.de
|
|
|
|
- krb5-devel should require keyutils-devel
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 22 12:19:49 CET 2007 - mc@suse.de
|
|
|
|
- update to version 1.6
|
|
* Major changes in 1.6 include
|
|
* Partial client implementation to handle server name referrals.
|
|
* Pre-authentication plug-in framework, donated by Red Hat.
|
|
* LDAP KDB plug-in, donated by Novell.
|
|
- remove obsolete patches
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 10 11:16:30 CET 2007 - mc@suse.de
|
|
|
|
- fix for
|
|
kadmind (via RPC library) calls uninitialized function pointer
|
|
(CVE-2006-6143)(Bug #225990)
|
|
krb5-1.5-MITKRB5-SA-2006-002-fix-code-exec.dif
|
|
- fix for
|
|
kadmind (via GSS-API mechglue) frees uninitialized pointers
|
|
(CVE-2006-6144)(Bug #225992)
|
|
krb5-1.5-MITKRB5-SA-2006-003-fix-free-of-uninitialized-pointer.dif
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jan 2 14:53:33 CET 2007 - mc@suse.de
|
|
|
|
- Fix Requires in krb5-devel
|
|
[Bug #231008]
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Nov 6 11:49:39 CET 2006 - mc@suse.de
|
|
|
|
- fix "local variable used before set" [#217692]
|
|
- fix strncat warning
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Oct 27 17:34:30 CEST 2006 - mc@suse.de
|
|
|
|
- add a default kadm5.dict file
|
|
- require $network on daemon start
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Sep 13 10:39:41 CEST 2006 - mc@suse.de
|
|
|
|
- fix function call with too few arguments [#203837]
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 24 12:52:25 CEST 2006 - mc@suse.de
|
|
|
|
- update to version 1.5.1
|
|
- remove obsolete patches which are now included upstream
|
|
* krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif
|
|
* trunk-fix-uninitialized-vars.dif
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 11 14:29:27 CEST 2006 - mc@suse.de
|
|
|
|
- krb5 setuid return check fixes
|
|
krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif
|
|
[#182351]
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Aug 7 15:54:26 CEST 2006 - mc@suse.de
|
|
|
|
- remove update-messages
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jul 24 15:45:14 CEST 2006 - mc@suse.de
|
|
|
|
- add check for krb5_prop in services to kpropd init script.
|
|
[#192446]
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jul 3 14:59:35 CEST 2006 - mc@suse.de
|
|
|
|
- update to version 1.5
|
|
* KDB abstraction layer, donated by Novell.
|
|
* plug-in architecture, allowing for extension modules to be
|
|
loaded at run-time.
|
|
* multi-mechanism GSS-API implementation ("mechglue"),
|
|
donated by Sun Microsystems
|
|
* Simple and Protected GSS-API negotiation mechanism ("SPNEGO")
|
|
implementation, donated by Sun Microsystems
|
|
- remove obsolete patches and add some new
|
|
|
|
-------------------------------------------------------------------
|
|
Fri May 26 14:50:00 CEST 2006 - ro@suse.de
|
|
|
|
- libcom is not in e2fsck-devel but in its own package now, change
|
|
Requires accordingly.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 27 14:10:02 CEST 2006 - mc@suse.de
|
|
|
|
- add all daemons to %stop_on_removal and %restart_on_update
|
|
- add reload to kpropd init script
|
|
- add force-reload to all init scripts
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 13 18:20:36 CET 2006 - mc@suse.de
|
|
|
|
- add libgssapi_krb5.so link to main package [#147912]
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 3 18:17:01 CET 2006 - mc@suse.de
|
|
|
|
- fix logging section for kadmind in convert script
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 25 21:30:24 CET 2006 - mls@suse.de
|
|
|
|
- converted neededforbuild to BuildRequires
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jan 13 14:44:24 CET 2006 - mc@suse.de
|
|
|
|
- change the logging defaults
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 11 12:59:08 CET 2006 - mc@suse.de
|
|
|
|
- add tools and README for heimdal => MIT update
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 9 14:41:07 CET 2006 - mc@suse.de
|
|
|
|
- fix build problems, define _GNU_SOURCE
|
|
(krb5-1.4.3-set_gnu_source.dif )
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jan 3 16:00:13 CET 2006 - mc@suse.de
|
|
|
|
- added "make %{?jobs:-j%jobs}"
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Nov 18 12:12:01 CET 2005 - mc@suse.de
|
|
|
|
- update to version 1.4.3
|
|
* some memmory leaks fixed
|
|
* fix for "AS_REP padata has wrong enctype"
|
|
* fix for "AS_REP padata missing PA-ETYPE-INFO"
|
|
* ... and more
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Nov 2 21:23:32 CET 2005 - dmueller@suse.de
|
|
|
|
- don't build as root
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Oct 11 17:39:23 CEST 2005 - mc@suse.de
|
|
|
|
- update to version 1.4.2
|
|
- remove some obsolet patches
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Aug 8 16:07:51 CEST 2005 - mc@suse.de
|
|
|
|
- build with --disable-static
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 4 16:47:43 CEST 2005 - ro@suse.de
|
|
|
|
- remove devel-static subpackage
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jun 30 10:12:30 CEST 2005 - mc@suse.de
|
|
|
|
- better patch for princ_comp problem
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jun 27 13:34:50 CEST 2005 - mc@suse.de
|
|
|
|
- update to version 1.4.1
|
|
- remove obsolet patches
|
|
- krb5-1.4-gcc4.dif
|
|
- krb5-1.4-reduce-namespace-polution.dif
|
|
- krb5-1.4-VUL-0-telnet.dif
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jun 23 10:12:54 CEST 2005 - mc@suse.de
|
|
|
|
- fixed krb5 KDC heap corruption by random free
|
|
[#80574, CAN-2005-1174, MITKRB5-SA-2005-002]
|
|
- fixed krb5 double free()
|
|
[#86768, CAN-2005-1689, MITKRB5-SA-2005-003]
|
|
- fix krb5 NULL pointer reference while comparing principals
|
|
[#91600]
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jun 17 17:18:19 CEST 2005 - mc@suse.de
|
|
|
|
- fix uninitialized variables
|
|
- compile with -fPIE/ link with -pie
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Apr 20 15:36:16 CEST 2005 - mc@suse.de
|
|
|
|
- fixed wrong xinetd files [#77149]
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Apr 8 04:55:55 CEST 2005 - mt@suse.de
|
|
|
|
- removed krb5-1.4-fix-error_tables.dif patch obsoleted
|
|
by libcom_err locking patches
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Apr 7 13:49:37 CEST 2005 - mc@suse.de
|
|
|
|
- fixed missing descriptions in init files
|
|
[#76164, #76165, #76166, #76169]
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Mar 30 18:11:38 CEST 2005 - mc@suse.de
|
|
|
|
- enhance $PATH via /etc/profile.d/ [#74018]
|
|
- remove the "links to important programs"
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Mar 18 11:09:43 CET 2005 - mc@suse.de
|
|
|
|
- fixed not running converter script [#72854]
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 17 14:15:17 CET 2005 - mc@suse.de
|
|
|
|
- Fix CAN-2005-0469: Multiple Telnet Client slc_add_reply() Buffer
|
|
Overflow
|
|
- Fix CAN-2005-0468: Multiple Telnet Client env_opt_add() Buffer
|
|
Overflow
|
|
[#73618]
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Mar 16 13:10:18 CET 2005 - mc@suse.de
|
|
|
|
- fixed wrong PreReqs [#73020]
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 15 19:54:58 CET 2005 - mc@suse.de
|
|
|
|
- add a simple krb5.conf converter [#72854]
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 14 17:08:59 CET 2005 - mc@suse.de
|
|
|
|
- fixed: rckrb5kdc restart gives wrong status with non-running service
|
|
[#72446]
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 10 10:48:07 CET 2005 - mc@suse.de
|
|
|
|
- add requires: e2fsprogs-devel to krb5-devel package [#71732]
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 25 17:35:37 CET 2005 - mc@suse.de
|
|
|
|
- fix double free [#66534]
|
|
krb5-1.4-fix-error_tables.dif
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 11 14:01:32 CET 2005 - mc@suse.de
|
|
|
|
- change mode for shared libraries to 755
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 4 16:48:16 CET 2005 - mc@suse.de
|
|
|
|
- remove spx.c from tarball because of legal risk
|
|
- add README.Source which tell the user about this
|
|
action.
|
|
- add a check for spx.c in the spec-file
|
|
- use rich-text for update-messages [#50250]
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 1 12:13:45 CET 2005 - mc@suse.de
|
|
|
|
- add krb5-1.4-reduce-namespace-polution.dif
|
|
reduce namespace polution in gssapi.h [#50356]
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jan 28 13:25:42 CET 2005 - mc@suse.de
|
|
|
|
- update to version 1.4
|
|
- Add implementation of the RPCSEC_GSS authentication flavor to the
|
|
RPC library.
|
|
- Thread safety for krb5 libraries.
|
|
- Merged Athena telnetd changes for creating a new option for
|
|
requiring encryption.
|
|
- The kadmind4 backwards-compatibility admin server and the v5passwdd
|
|
backwards-compatibility password-changing server have been removed.
|
|
- Yarrow code now uses AES.
|
|
- Merged Athena changes to allow ftpd to require encrypted passwords.
|
|
- Incorporate gss_krb5_set_allowable_enctypes() and
|
|
gss_krb5_export_lucid_sec_context(), which are needed for NFSv4.
|
|
- remove obsolet patches
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 17 11:34:52 CET 2005 - mc@suse.de
|
|
|
|
- add proofreaded update-messages
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jan 14 14:38:25 CET 2005 - mc@suse.de
|
|
|
|
- remove Conflicts: and add Provides:
|
|
- add some insserv stuff
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jan 13 11:54:01 CET 2005 - mc@suse.de
|
|
|
|
- move vendor files to vendor-files.tar.bz2
|
|
- add obsoletes: heimdal
|
|
- add %pre and %post sections to detect update
|
|
from heimdal and backup invalid configuration files
|
|
- add update-messages for heimdal update
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 10 12:18:02 CET 2005 - mc@suse.de
|
|
|
|
- update to version 1.3.6
|
|
- fix for: heap buffer overflow in libkadm5srv
|
|
[CAN-2004-1189 / MITKRB5-SA-2004-004]
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Dec 14 15:30:23 CET 2004 - mc@suse.de
|
|
|
|
- build doc subpackage in an own specfile
|
|
- removed unnecessary neededforbuild requirements
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Nov 24 13:37:53 CET 2004 - coolo@suse.de
|
|
|
|
- fix build with gcc 4
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Nov 15 17:25:56 CET 2004 - mc@suse.de
|
|
|
|
- added Conflicts with heimdal*
|
|
- rename some manpages to avoid conflicts
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 4 18:03:11 CET 2004 - mc@suse.de
|
|
|
|
- new init scripts
|
|
- fix logrotate scripts
|
|
- add some 64Bit fixes
|
|
- add default krb5.conf, kdc.conf and kadm5.acl
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Nov 3 18:52:07 CET 2004 - mc@suse.de
|
|
|
|
- add e2fsprogs to NFB
|
|
- use system-et and system-ss
|
|
- fix includes of com_err.h
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 28 17:58:41 CEST 2004 - mc@suse.de
|
|
|
|
- Initital checkin
|
|
|