------------------------------------------------------------------- Mon Sep 16 16:13:55 UTC 2024 - jcejka@suse.com - Fix for SG#68843, bsc#1230486: * 0131-CVE-2024-37370-fix-vulnerabilities-in-GSS-message-token-handling.patch: Fix CVE-2024-37370: krb5: confidential GSS krb5 wrap tokens with invalid plaintext Extra Count fields are errouneously accepted during unwrap ------------------------------------------------------------------- Thu Mar 21 13:10:34 UTC 2024 - dbenini@suse.com - Fix for SG#67847, bsc#1221579: * CVE-2024-26458: Apply Fix-unlikely-memory-leak.patch: [PATCH] Fix unlikely memory leak. * CVE-2023-36054: Apply 0127-Ensure-array-count-consistency-in-kadm5-RPC.patch: [PATCH] Ensure array count consistency in kadm5 RPC * CVE-2024-26461, CVE-2024-26462: Not affected ------------------------------------------------------------------- Tue Mar 19 16:06:24 UTC 2024 - dbenini@suse.com - LEVEL 3 SUPPORT STARTS HERE - All changes above this marker are made by SUSE L3 Team. =================================================================== ------------------------------------------------------------------- Tue Mar 19 08:29:47 UTC 2019 - Samuel Cabrero - Fix regression in gssapi spnego, accept MS KRB5 wrong OID from MS clients after pruning deprecated mechs; (bsc#1129085); 0114-SPNEGO-Accept-wrong-mechanism-OID-from-MS-clients.patch ------------------------------------------------------------------- Tue Dec 11 17:52:30 UTC 2018 - Samuel Cabrero - Fix GSS failures in legacy applications; (bsc#1081725); (bsc#1114897); 0111-Do-not-indicate-deprecated-GSS-mechanisms.patch 0112-If-gss_inquire_cred-is-called-with-a-null-credential.patch 0113-Fix-gss_inquire_cred-names-initialization.patch - Fix a context leak in gss_accept_sec_context introduced by 0109-Preserve-GSS-context-on-init-accept-failure.patch (bsc#1056995) ------------------------------------------------------------------- Wed Mar 7 14:22:32 UTC 2018 - hguo@suse.com - Fix CVE-2018-5730 and CVE-2018-5729 with 0110-Fix-flaws-in-LDAP-DN-checking.patch (bsc#1083926 bsc#1083927) ------------------------------------------------------------------- Mon Sep 4 12:26:41 UTC 2017 - hguo@suse.com - Introduce patch 0109-Preserve-GSS-context-on-init-accept-failure.patch to fix CVE-2017-11462 of bsc#1056995. ------------------------------------------------------------------- Thu Oct 13 12:52:46 UTC 2016 - hguo@suse.com - Avoid indefinite polling in KDC communication with patch 0108-return-early-on-negative-timeout-in-poll.patch (bsc#970696) ------------------------------------------------------------------- Fri Jul 22 12:05:15 UTC 2016 - hguo@suse.com - Fix four memory leaks for bsc#954470: * Two leaks that were introduced by patch 0001-Clean-up-k5_locate_server-error-handling.patch * Two new leaks discovered around gssint_convert_name_to_union_name 0107-fix-leaks-gssint_convert_name_to_union_name.patch ------------------------------------------------------------------- Wed Mar 23 12:45:30 UTC 2016 - hguo@suse.com - Introduce patch 0106-Fix-LDAP-null-deref-on-empty-arg-CVE-2016-3119.patch to fix CVE-2016-3119 (bsc#971942) ------------------------------------------------------------------- Thu Jan 28 14:38:30 UTC 2016 - hguo@suse.com - Fix CVE-2015-8629: krb5: xdr_nullstring() doesn't check for terminating null character with patch 0103-Verify-decoded-kadmin-C-strings-CVE-2015-8629.patch (bsc#963968) - Fix CVE-2015-8631: krb5: Memory leak caused by supplying a null principal name in request with patch 0105-Fix-leaks-in-kadmin-server-stubs-CVE-2015-8631.patch and its dependency 0104-Clean-up-many-error-condition-leaks-of-the-server-ha.patch (bsc#963975) ------------------------------------------------------------------- Mon Nov 16 09:58:18 UTC 2015 - hguo@suse.com - Again redo patch 0100-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch to patch three more functions that were missed. bsc#954270 Many thanks to Kerberos developer Greg Hudson for pointing this out. ------------------------------------------------------------------- Fri Nov 13 12:52:07 UTC 2015 - hguo@suse.com - Apply patch 0102-Fix-a-memory-leak-in-module_locate_server.patch to plug a memory leak in the handling of error messages. bsc#954470 ------------------------------------------------------------------- Tue Nov 10 09:19:26 UTC 2015 - hguo@suse.com - Apply patch 0101-Fix-SPNEGO-context-import.patch to fix a missing function implementation that was introduced by the commit that resolves CVE-2015-2695. - Redo patch 0100-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch to fix a segfault. bsc#954270 ------------------------------------------------------------------- Wed Oct 28 12:10:45 UTC 2015 - hguo@suse.com - Apply patch 0100-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch to fix SPNEGO context aliasing bugs [CVE-2015-2695] bsc#952188 ------------------------------------------------------------------- Thu Jul 2 12:48:02 UTC 2015 - varkoly@suse.com - bnc#910457 - (CVE-2014-5353) VUL-1: CVE-2014-5353: krb5: NULL pointer dereference when using a ticket policy name as a password policy name - added patches: * krb5-1.12.2-CVE-2014-5353.patch * krb5-1.12.2-CVE-2014-5354.patch ------------------------------------------------------------------- Tue Jun 9 13:39:08 UTC 2015 - varkoly@suse.com - bnc#918595 VUL-0: CVE-2014-5355: krb5: denial of service in krb5_read_message - added patches: * 0001-Fix-krb5_read_message-handling-CVE-2014-5355.patch ------------------------------------------------------------------- Thu Feb 5 14:42:27 UTC 2015 - varkoly@suse.com - bnc#872912 winbind process hangs indefinitely without DC - bnc#906557 hanging winbind processes - added patches: * 0001-Clean-up-k5_locate_server-error-handling.patch * bug-898262-fix-loop-in-service_fds.diff ------------------------------------------------------------------- Tue Feb 3 13:30:48 UTC 2015 - varkoly@suse.com - bnc#912002 VUL-0: CVE-2014-5352 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423: krb5: Vulnerabilities in kadmind, libgssrpc, gss_process_context_token - added patches: * bnc#912002.diff ------------------------------------------------------------------- Wed Oct 1 16:38:40 UTC 2014 - varkoly@suse.com - bnc#890623 klist -s trips over referral entries - added patches: * bnc#890623-klist-segfault.diff ------------------------------------------------------------------- Sun Sep 28 12:51:48 UTC 2014 - varkoly@suse.com - bnc#897874 CVE-2014-5351: krb5: current keys returned when randomizing the keys for a service principal - added patches: * bnc#897874-CVE-2014-5351.diff ------------------------------------------------------------------- Fri Aug 8 15:49:44 UTC 2014 - ckornacker@suse.com - buffer overrun in kadmind with LDAP backend CVE-2014-4345 (bnc#891082) bug-891082-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.dif ------------------------------------------------------------------- Mon Jul 28 11:40:53 UTC 2014 - ckornacker@suse.com - fix denial of service flaws when handling RFC 1964 tokens CVE-2014-4341 (bnc#886016) bug-886016-CVE-2014-4341-denial-of-service-flaws-when-handling-RFC-1964-tokens.dif ------------------------------------------------------------------- Mon Jul 28 09:03:11 UTC 2014 - ckornacker@suse.com - Fix null deref in SPNEGO acceptor CVE-2014-4344 (bnc#888697) bug-888697-CVE-2014-4344-fix-null-deref-in-SPNEGO-acceptor.dif ------------------------------------------------------------------- Thu Nov 07 14:54:15 CET 2013 - ckornacker@suse.de - fix Multi-realm KDC null deref CVE-2013-1418 (bnc#849240) ------------------------------------------------------------------- Fri Jun 21 11:29:45 CEST 2013 - mc@suse.de - fix kpasswd UDP ping-pong CVE-2002-2443 (bnc#825985) ------------------------------------------------------------------- Mon Mar 4 10:54:31 CET 2013 - mc@suse.de - fix PKINIT null pointer deref CVE-2013-1415 (bnc#806715) ------------------------------------------------------------------- Fri Dec 7 10:15:38 CET 2012 - mc@suse.de - backport "use poll() instead of select()" if available (bnc#787272) ------------------------------------------------------------------- Wed Dec 28 18:23:48 CET 2011 - meissner@suse.de - Fixed a remote code execution in ktelnetd (CVE-2011-4862 / bnc#738632) ------------------------------------------------------------------- Tue Jun 14 12:52:56 CEST 2011 - mc@suse.de - fix krb5 ftpd unauthorized file access (bnc#698471, MITKRB5-SA-2011-005, CVE-2011-1526) ------------------------------------------------------------------- Wed Jan 19 11:21:42 CET 2011 - mc@suse.de - Fix KDC denial of service attacks with LDAP back end (MITKRB5-SA-2011-002, bnc#663619) CVE-2011-0281, CVE-2011-0282 - fix openldap replication failure when kerberos credentials expire (bnc#612890) ------------------------------------------------------------------- Sun Nov 7 14:57:25 CET 2010 - mc@suse.de - Fix multiple checksum handling vulnerabilities (MITKRB5-SA-2010-007, bnc#650650) CVE-2010-1323 * krb5 clients may accept unkeyed SAM-2 challenge checksums * krb5 may accept KRB-SAFE checksums with low-entropy derived keys ------------------------------------------------------------------- Fri Apr 23 12:13:58 CEST 2010 - mc@suse.de - fix GSS-API library null pointer dereference CVE-2010-1321, MITKRB5-SA-2010-005 (bnc#596826) ------------------------------------------------------------------- Thu Mar 25 11:06:20 CET 2010 - mc@suse.de - fix kadmind denial of service (bnc#591049) CVE-2010-0629 ------------------------------------------------------------------- Tue Dec 8 11:55:07 CET 2009 - mc@suse.de - fix integer underflow in AES and RC4 decryption CVE-2009-4212, MITKRB5-SA-2009-004 (bnc#561351) ------------------------------------------------------------------- Fri Apr 3 15:18:22 CEST 2009 - mc@suse.de - integrate new patches for CVE-2009-0844 and CVE-2009-0845 (bnc#486722) ------------------------------------------------------------------- Thu Mar 19 10:31:07 CET 2009 - mc@suse.de - more Kerberos denial of service issue fixed (bnc#486722) CVE-2009-0844, CVE-2009-0847 (integrate krb5-1.6-fix-DoS-CVE-2009-0845.dif into krb5-1.6-MITKRB5-SA-2009-001.dif) - fix krb5 code exec (bnc#486723) CVE-2009-0846 ------------------------------------------------------------------- Tue Mar 17 10:50:13 CET 2009 - mc@suse.de - fix Kerberos denial of service issue (bnc#485894) CVE-2009-0845 ------------------------------------------------------------------- Wed Jan 14 09:21:36 CET 2009 - olh@suse.de - obsolete also old heimdal-lib-XXbit and heimdal-devel-XXbit ------------------------------------------------------------------- Thu Dec 11 14:12:57 CET 2008 - mc@suse.de - do not query IPv6 addresses if no IPv6 address exists on this host [bnc#449143] ------------------------------------------------------------------- Wed Dec 10 12:34:56 CET 2008 - olh@suse.de - use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade (bnc#437293) ------------------------------------------------------------------- Thu Oct 30 12:34:56 CET 2008 - olh@suse.de - obsolete old -XXbit packages (bnc#437293) ------------------------------------------------------------------- Fri Sep 26 18:13:19 CEST 2008 - mc@suse.de - in case we use ldap as database backend, ldap should be started before krb5kdc ------------------------------------------------------------------- Mon Jul 28 10:43:29 CEST 2008 - mc@suse.de - add new fixes to post 1.6.3 patch * fix mem leak in krb5_gss_accept_sec_context() * keep minor_status * kadm5_decrypt_key: A ktype of -1 is documented as meaning "to be ignored" * Reject socket fds > FD_SETSIZE ------------------------------------------------------------------- Fri Jul 25 12:13:24 CEST 2008 - mc@suse.de - add patches from SVN post 1.6.3 * krb5_string_to_keysalts: Fix an infinite loop * fix some mutex issues * better recovery from corrupt rcache files * some more small fixes ------------------------------------------------------------------- Wed Jun 18 15:30:18 CEST 2008 - mc@suse.de - add case-insensitive.dif (FATE#300771) - minor fixes for ktutil man page - reduce rpmlint warnings ------------------------------------------------------------------- Wed May 14 17:44:59 CEST 2008 - mc@suse.de - Fall back to TCP on kdc-unresolvable/unreachable errors. - restore valid sequence number before generating requests (fix changing passwords in mixed ipv4/ipv6 enviroments) ------------------------------------------------------------------- Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de - added baselibs.conf file to build xxbit packages for multilib support ------------------------------------------------------------------- Wed Apr 9 12:04:48 CEST 2008 - mc@suse.de - modify krb5-config to not output rpath and cflags in --libs (bnc#378270) ------------------------------------------------------------------- Fri Mar 14 11:27:55 CET 2008 - mc@suse.de - fix two security bugs: * MITKRB5-SA-2008-001(CVE-2008-0062, CVE-2008-0063) fix double free [bnc#361373] * MITKRB5-SA-2008-002(CVE-2008-0947, CVE-2008-0948) Memory corruption while too many open file descriptors [bnc#363151] - change default config file. Comment out the examples. ------------------------------------------------------------------- Fri Dec 14 10:48:52 CET 2007 - mc@suse.de - fix several security bugs: * CVE-2007-5894 apparent uninit length * CVE-2007-5902 integer overflow * CVE-2007-5971 free of non-heap pointer and double-free * CVE-2007-5972 double fclose() [#346745, #346748, #346746, #346749, #346747] ------------------------------------------------------------------- Tue Dec 4 16:36:07 CET 2007 - mc@suse.de - improve GSSAPI error messages ------------------------------------------------------------------- Tue Nov 6 13:53:17 CET 2007 - mc@suse.de - add coreutils to PreReq ------------------------------------------------------------------- Tue Oct 23 10:24:25 CEST 2007 - mc@suse.de - update to krb5 version 1.6.3 * fix CVE-2007-3999, CVE-2007-4743 svc_auth_gss.c buffer overflow * fix CVE-2007-4000 modify_policy vulnerability * Add PKINIT support - remove patches which are upstream now - enhance init scripts and xinetd profiles ------------------------------------------------------------------- Fri Sep 14 12:08:55 CEST 2007 - mc@suse.de - update krb5-1.6.2-post.dif * If a KDC returns KDC_ERR_SVC_UNAVAILABLE, it appears that that the client library will not failover to the next KDC. [#310540] ------------------------------------------------------------------- Tue Sep 11 15:09:14 CEST 2007 - mc@suse.de - update krb5-1.6.2-post.dif * new -S sname option for kvno * read_entropy_from_device on partial read will not fill buffer * Bail out if encoded "ticket" doesn't decode correctly. * patch for referrals loop ------------------------------------------------------------------- Thu Sep 6 10:43:39 CEST 2007 - mc@suse.de - fix a problem with the originally published patch for MITKRB5-SA-2007-006 - CVE-2007-3999 [#302377] ------------------------------------------------------------------- Wed Sep 5 12:18:21 CEST 2007 - mc@suse.de - fix execute arbitrary code (MITKRB5-SA-2007-006 - CVE-2007-3999,2007-4000) [#302377] ------------------------------------------------------------------- Tue Aug 7 11:56:41 CEST 2007 - mc@suse.de - add krb5-1.6.2-post.dif * during the referrals loop, check to see if the session key enctype of a returned credential for the final service is among the enctypes explicitly selected by the application, and retry with old_use_conf_ktypes if it is not. * If mkstemp() is available, the new ccache file gets created but the subsequent open(O_CREAT|O_EXCL) call fails because the file was already created by mkstemp(). Apply patch from Apple to keep the file descriptor open. ------------------------------------------------------------------- Thu Jul 12 17:01:28 CEST 2007 - mc@suse.de - update to version 1.6.2 - remove krb5-1.6.1-post.dif all fixes are included in this release ------------------------------------------------------------------- Thu Jul 5 18:10:28 CEST 2007 - mc@suse.de - change requires to libcom_err-devel ------------------------------------------------------------------- Mon Jul 2 11:26:47 CEST 2007 - mc@suse.de - update krb5-1.6.1-post.dif * fix leak in krb5_walk_realm_tree * rd_req_decoded needs to deal with referral realms * fix buffer overflow in kadmind (MITKRB5-SA-2007-005 - CVE-2007-2798) [#278689] * fix kadmind code execution bug (MITKRB5-SA-2007-004 - CVE-2007-2442 - CVE-2007-2443) [#271191] ------------------------------------------------------------------- Thu Jun 14 17:44:12 CEST 2007 - mc@suse.de - fix unstripped-binary-or-object rpmlint warning ------------------------------------------------------------------- Mon Jun 11 18:04:23 CEST 2007 - sschober@suse.de - fixing rpmlint warnings and errors: * merged logrotate scripts kadmin and krb5kdc into a single file krb5-server. * moved heimdal2mit-DumpConvert.pl and simple_convert_krb5conf.pl from /usr/share/doc/packages/krb5 to /usr/lib/mit/helper. adapted krb5.spec and README.ConvertHeimdalMIT accordingly. * added surpression filter for "devel-file-in-non-devel-package /usr/lib/libgssapi_krb5.so" (see [#147912]). * set default runlevel of init scripts in chkconfig line to 3 and 5 ------------------------------------------------------------------- Wed May 9 15:30:53 CEST 2007 - mc@suse.de - fix uninitialized salt length - add extra check for keytab file ------------------------------------------------------------------- Thu May 3 12:11:29 CEST 2007 - mc@suse.de - adding krb5-1.6.1-post.dif * fix segfault in krb5_get_init_creds_password * remove debug output in ftp client * profile stores empty string values without double quotes ------------------------------------------------------------------- Mon Apr 23 11:15:10 CEST 2007 - mc@suse.de - update to final 1.6.1 version ------------------------------------------------------------------- Wed Apr 18 14:48:03 CEST 2007 - mc@suse.de - add plugin directories to main package ------------------------------------------------------------------- Mon Apr 16 14:38:08 CEST 2007 - mc@suse.de - update to version 1.6.1 Beta1 - remove obsolete patches (krb5-1.6-post.dif, krb5-1.6-patchlevel.dif) - rework compile_pie patch ------------------------------------------------------------------- Wed Apr 11 10:58:09 CEST 2007 - mc@suse.de - update krb5-1.6-post.dif * fix kadmind stack overflow in krb5_klog_syslog (MITKRB5-SA-2007-002 - CVE-2007-0957) [#253548] * fix double free attack in the RPC library (MITKRB5-SA-2007-003 - CVE-2007-1216) [#252487] * fix krb5 telnetd login injection (MIT-SA-2007-001 - CVE-2007-0956) #247765 ------------------------------------------------------------------- Thu Mar 29 12:41:57 CEST 2007 - mc@suse.de - add ncurses-devel and bison to BuildRequires - rework some patches ------------------------------------------------------------------- Mon Mar 5 11:01:20 CET 2007 - mc@suse.de - move SuSEFirewall service definitions to /etc/sysconfig/SuSEfirewall2.d/services ------------------------------------------------------------------- Thu Feb 22 11:13:48 CET 2007 - mc@suse.de - add firewall definition to krb5-server, FATE #300687 ------------------------------------------------------------------- Mon Feb 19 13:59:43 CET 2007 - mc@suse.de - update krb5-1.6-post.dif - move some applications into the right package ------------------------------------------------------------------- Fri Feb 9 13:31:22 CET 2007 - mc@suse.de - update krb5-1.6-post.dif ------------------------------------------------------------------- Mon Jan 29 11:27:23 CET 2007 - mc@suse.de - krb5-1.6-fix-passwd-tcp.dif and krb5-1.6-fix-sendto_kdc-memset.dif are now upstream. Remove patches. - fix leak in krb5_kt_resolve and krb5_kt_wresolve ------------------------------------------------------------------- Tue Jan 23 17:21:12 CET 2007 - mc@suse.de - fix "local variable used before set" in ftp.c [#237684] ------------------------------------------------------------------- Mon Jan 22 16:39:27 CET 2007 - mc@suse.de - krb5-devel should require keyutils-devel ------------------------------------------------------------------- Mon Jan 22 12:19:49 CET 2007 - mc@suse.de - update to version 1.6 * Major changes in 1.6 include * Partial client implementation to handle server name referrals. * Pre-authentication plug-in framework, donated by Red Hat. * LDAP KDB plug-in, donated by Novell. - remove obsolete patches ------------------------------------------------------------------- Wed Jan 10 11:16:30 CET 2007 - mc@suse.de - fix for kadmind (via RPC library) calls uninitialized function pointer (CVE-2006-6143)(Bug #225990) krb5-1.5-MITKRB5-SA-2006-002-fix-code-exec.dif - fix for kadmind (via GSS-API mechglue) frees uninitialized pointers (CVE-2006-6144)(Bug #225992) krb5-1.5-MITKRB5-SA-2006-003-fix-free-of-uninitialized-pointer.dif ------------------------------------------------------------------- Tue Jan 2 14:53:33 CET 2007 - mc@suse.de - Fix Requires in krb5-devel [Bug #231008] ------------------------------------------------------------------- Mon Nov 6 11:49:39 CET 2006 - mc@suse.de - fix "local variable used before set" [#217692] - fix strncat warning ------------------------------------------------------------------- Fri Oct 27 17:34:30 CEST 2006 - mc@suse.de - add a default kadm5.dict file - require $network on daemon start ------------------------------------------------------------------- Wed Sep 13 10:39:41 CEST 2006 - mc@suse.de - fix function call with too few arguments [#203837] ------------------------------------------------------------------- Thu Aug 24 12:52:25 CEST 2006 - mc@suse.de - update to version 1.5.1 - remove obsolete patches which are now included upstream * krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif * trunk-fix-uninitialized-vars.dif ------------------------------------------------------------------- Fri Aug 11 14:29:27 CEST 2006 - mc@suse.de - krb5 setuid return check fixes krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif [#182351] ------------------------------------------------------------------- Mon Aug 7 15:54:26 CEST 2006 - mc@suse.de - remove update-messages ------------------------------------------------------------------- Mon Jul 24 15:45:14 CEST 2006 - mc@suse.de - add check for krb5_prop in services to kpropd init script. [#192446] ------------------------------------------------------------------- Mon Jul 3 14:59:35 CEST 2006 - mc@suse.de - update to version 1.5 * KDB abstraction layer, donated by Novell. * plug-in architecture, allowing for extension modules to be loaded at run-time. * multi-mechanism GSS-API implementation ("mechglue"), donated by Sun Microsystems * Simple and Protected GSS-API negotiation mechanism ("SPNEGO") implementation, donated by Sun Microsystems - remove obsolete patches and add some new ------------------------------------------------------------------- Fri May 26 14:50:00 CEST 2006 - ro@suse.de - libcom is not in e2fsck-devel but in its own package now, change Requires accordingly. ------------------------------------------------------------------- Mon Mar 27 14:10:02 CEST 2006 - mc@suse.de - add all daemons to %stop_on_removal and %restart_on_update - add reload to kpropd init script - add force-reload to all init scripts ------------------------------------------------------------------- Mon Mar 13 18:20:36 CET 2006 - mc@suse.de - add libgssapi_krb5.so link to main package [#147912] ------------------------------------------------------------------- Fri Feb 3 18:17:01 CET 2006 - mc@suse.de - fix logging section for kadmind in convert script ------------------------------------------------------------------- Wed Jan 25 21:30:24 CET 2006 - mls@suse.de - converted neededforbuild to BuildRequires ------------------------------------------------------------------- Fri Jan 13 14:44:24 CET 2006 - mc@suse.de - change the logging defaults ------------------------------------------------------------------- Wed Jan 11 12:59:08 CET 2006 - mc@suse.de - add tools and README for heimdal => MIT update ------------------------------------------------------------------- Mon Jan 9 14:41:07 CET 2006 - mc@suse.de - fix build problems, define _GNU_SOURCE (krb5-1.4.3-set_gnu_source.dif ) ------------------------------------------------------------------- Tue Jan 3 16:00:13 CET 2006 - mc@suse.de - added "make %{?jobs:-j%jobs}" ------------------------------------------------------------------- Fri Nov 18 12:12:01 CET 2005 - mc@suse.de - update to version 1.4.3 * some memmory leaks fixed * fix for "AS_REP padata has wrong enctype" * fix for "AS_REP padata missing PA-ETYPE-INFO" * ... and more ------------------------------------------------------------------- Wed Nov 2 21:23:32 CET 2005 - dmueller@suse.de - don't build as root ------------------------------------------------------------------- Tue Oct 11 17:39:23 CEST 2005 - mc@suse.de - update to version 1.4.2 - remove some obsolet patches ------------------------------------------------------------------- Mon Aug 8 16:07:51 CEST 2005 - mc@suse.de - build with --disable-static ------------------------------------------------------------------- Thu Aug 4 16:47:43 CEST 2005 - ro@suse.de - remove devel-static subpackage ------------------------------------------------------------------- Thu Jun 30 10:12:30 CEST 2005 - mc@suse.de - better patch for princ_comp problem ------------------------------------------------------------------- Mon Jun 27 13:34:50 CEST 2005 - mc@suse.de - update to version 1.4.1 - remove obsolet patches - krb5-1.4-gcc4.dif - krb5-1.4-reduce-namespace-polution.dif - krb5-1.4-VUL-0-telnet.dif ------------------------------------------------------------------- Thu Jun 23 10:12:54 CEST 2005 - mc@suse.de - fixed krb5 KDC heap corruption by random free [#80574, CAN-2005-1174, MITKRB5-SA-2005-002] - fixed krb5 double free() [#86768, CAN-2005-1689, MITKRB5-SA-2005-003] - fix krb5 NULL pointer reference while comparing principals [#91600] ------------------------------------------------------------------- Fri Jun 17 17:18:19 CEST 2005 - mc@suse.de - fix uninitialized variables - compile with -fPIE/ link with -pie ------------------------------------------------------------------- Wed Apr 20 15:36:16 CEST 2005 - mc@suse.de - fixed wrong xinetd files [#77149] ------------------------------------------------------------------- Fri Apr 8 04:55:55 CEST 2005 - mt@suse.de - removed krb5-1.4-fix-error_tables.dif patch obsoleted by libcom_err locking patches ------------------------------------------------------------------- Thu Apr 7 13:49:37 CEST 2005 - mc@suse.de - fixed missing descriptions in init files [#76164, #76165, #76166, #76169] ------------------------------------------------------------------- Wed Mar 30 18:11:38 CEST 2005 - mc@suse.de - enhance $PATH via /etc/profile.d/ [#74018] - remove the "links to important programs" ------------------------------------------------------------------- Fri Mar 18 11:09:43 CET 2005 - mc@suse.de - fixed not running converter script [#72854] ------------------------------------------------------------------- Thu Mar 17 14:15:17 CET 2005 - mc@suse.de - Fix CAN-2005-0469: Multiple Telnet Client slc_add_reply() Buffer Overflow - Fix CAN-2005-0468: Multiple Telnet Client env_opt_add() Buffer Overflow [#73618] ------------------------------------------------------------------- Wed Mar 16 13:10:18 CET 2005 - mc@suse.de - fixed wrong PreReqs [#73020] ------------------------------------------------------------------- Tue Mar 15 19:54:58 CET 2005 - mc@suse.de - add a simple krb5.conf converter [#72854] ------------------------------------------------------------------- Mon Mar 14 17:08:59 CET 2005 - mc@suse.de - fixed: rckrb5kdc restart gives wrong status with non-running service [#72446] ------------------------------------------------------------------- Thu Mar 10 10:48:07 CET 2005 - mc@suse.de - add requires: e2fsprogs-devel to krb5-devel package [#71732] ------------------------------------------------------------------- Fri Feb 25 17:35:37 CET 2005 - mc@suse.de - fix double free [#66534] krb5-1.4-fix-error_tables.dif ------------------------------------------------------------------- Fri Feb 11 14:01:32 CET 2005 - mc@suse.de - change mode for shared libraries to 755 ------------------------------------------------------------------- Fri Feb 4 16:48:16 CET 2005 - mc@suse.de - remove spx.c from tarball because of legal risk - add README.Source which tell the user about this action. - add a check for spx.c in the spec-file - use rich-text for update-messages [#50250] ------------------------------------------------------------------- Tue Feb 1 12:13:45 CET 2005 - mc@suse.de - add krb5-1.4-reduce-namespace-polution.dif reduce namespace polution in gssapi.h [#50356] ------------------------------------------------------------------- Fri Jan 28 13:25:42 CET 2005 - mc@suse.de - update to version 1.4 - Add implementation of the RPCSEC_GSS authentication flavor to the RPC library. - Thread safety for krb5 libraries. - Merged Athena telnetd changes for creating a new option for requiring encryption. - The kadmind4 backwards-compatibility admin server and the v5passwdd backwards-compatibility password-changing server have been removed. - Yarrow code now uses AES. - Merged Athena changes to allow ftpd to require encrypted passwords. - Incorporate gss_krb5_set_allowable_enctypes() and gss_krb5_export_lucid_sec_context(), which are needed for NFSv4. - remove obsolet patches ------------------------------------------------------------------- Mon Jan 17 11:34:52 CET 2005 - mc@suse.de - add proofreaded update-messages ------------------------------------------------------------------- Fri Jan 14 14:38:25 CET 2005 - mc@suse.de - remove Conflicts: and add Provides: - add some insserv stuff ------------------------------------------------------------------- Thu Jan 13 11:54:01 CET 2005 - mc@suse.de - move vendor files to vendor-files.tar.bz2 - add obsoletes: heimdal - add %pre and %post sections to detect update from heimdal and backup invalid configuration files - add update-messages for heimdal update ------------------------------------------------------------------- Mon Jan 10 12:18:02 CET 2005 - mc@suse.de - update to version 1.3.6 - fix for: heap buffer overflow in libkadm5srv [CAN-2004-1189 / MITKRB5-SA-2004-004] ------------------------------------------------------------------- Tue Dec 14 15:30:23 CET 2004 - mc@suse.de - build doc subpackage in an own specfile - removed unnecessary neededforbuild requirements ------------------------------------------------------------------- Wed Nov 24 13:37:53 CET 2004 - coolo@suse.de - fix build with gcc 4 ------------------------------------------------------------------- Mon Nov 15 17:25:56 CET 2004 - mc@suse.de - added Conflicts with heimdal* - rename some manpages to avoid conflicts ------------------------------------------------------------------- Thu Nov 4 18:03:11 CET 2004 - mc@suse.de - new init scripts - fix logrotate scripts - add some 64Bit fixes - add default krb5.conf, kdc.conf and kadm5.acl ------------------------------------------------------------------- Wed Nov 3 18:52:07 CET 2004 - mc@suse.de - add e2fsprogs to NFB - use system-et and system-ss - fix includes of com_err.h ------------------------------------------------------------------- Thu Oct 28 17:58:41 CEST 2004 - mc@suse.de - Initital checkin