Revisions of krb5
buildservice-autocommit
accepted
request 1175448
from
Samuel Cabrero (scabrero)
(revision 288)
baserev update by copy to link target
[CVE-2023-36054]; (bsc#1214054).
buildservice-autocommit
accepted
request 1173900
from
Samuel Cabrero (scabrero)
(revision 286)
baserev update by copy to link target
- Enable the LMDB backend for KDB
buildservice-autocommit
accepted
request 1171363
from
Samuel Cabrero (scabrero)
(revision 284)
baserev update by copy to link target
- Remove requires for not used cron
- Fix memory leaks, add patch 0009-Fix-three-memory-leaks.patch * CVE-2024-26458, bsc#1220770 * CVE-2024-26461, bsc#1220771 * CVE-2024-26462, bsc#1220772
buildservice-autocommit
accepted
request 1156860
from
Samuel Cabrero (scabrero)
(revision 281)
baserev update by copy to link target
- Add crypto-policies support [bsc#1211301] * Update krb5.conf in vendor-files.tar.bz2 - Add crypto-policies support [bsc#1211301] * Update krb5.conf in vendor-files.tar.bz2
buildservice-autocommit
accepted
request 1134351
from
Dirk Mueller (dirkmueller)
(revision 279)
baserev update by copy to link target
- update to 1.21.2 (bsc#1218211, CVE-2023-39975): * Fix double-free in KDC TGS processing [CVE-2023-39975]. - update to 1.21.1 (CVE-2023-36054): with Windows KDCs.
buildservice-autocommit
accepted
request 1114991
from
Samuel Cabrero (scabrero)
(revision 277)
baserev update by copy to link target
- Add explicit this-is-only-for-build-envs requires to krb5-mini and krb5-mini-devel: the mini flavors are currently excluded using special hacks from the FTP Tree. In order to eliminate this hack, we need to ensure the packages are not viable for real installations. We achieve this with a dep that is never provided, but ignored by OBS.
buildservice-autocommit
accepted
request 1098841
from
Dirk Mueller (dirkmueller)
(revision 275)
baserev update by copy to link target
- update to 1.121.1 (CVE-2023-36054): * Fix potential uninitialized pointer free in kadm5 XDR parsing [CVE-2023-36054]. * Added a credential cache type providing compatibility with the macOS 11 native credential cache. * libkadm5 will use the provided krb5_context object to read configuration values, instead of creating its own. * Added an interface to retrieve the ticket session key from a GSS context. * The KDC will no longer issue tickets with RC4 or triple-DES session keys unless explicitly configured with the new allow_rc4 or allow_des3 variables respectively. * The KDC will assume that all services can handle aes256-sha1 session keys unless the service principal has a session_enctypes string attribute. * Support for PAC full KDC checksums has been added to mitigate an S4U2Proxy privilege escalation attack. * The PKINIT client will advertise a more modern set of supported CMS algorithms. * Removed unused code in libkrb5, libkrb5support, and the PKINIT module. * Modernized the KDC code for processing TGS requests, the code for encrypting and decrypting key data, the PAC handling code, and the GSS library packet parsing and composition code. * Improved the test framework's detection of memory errors in daemon processes when used with asan.
buildservice-autocommit
accepted
request 1084720
from
Dirk Mueller (dirkmueller)
(revision 273)
baserev update by copy to link target
- Add _multibuild to define additional spec files as additional flavors. Eliminates the need for source package links in OBS. - Add _multibuild to define additional spec files as additional flavors. Eliminates the need for source package links in OBS.
buildservice-autocommit
accepted
request 1074019
from
Samuel Cabrero (scabrero)
(revision 271)
baserev update by copy to link target
- Build mini flavor without keyutils support: breaks cycle between krb5-mini and keyutils.
buildservice-autocommit
accepted
request 1069660
from
Dirk Mueller (dirkmueller)
(revision 269)
baserev update by copy to link target
Displaying revisions 1 - 20 of 288