Revisions of krb5
Dominique Leuenberger (dimstar_suse)
accepted
request 544747
from
Michael Ströder (stroeder)
(revision 133)
Dominique Leuenberger (dimstar_suse)
accepted
request 539257
from
Howard Guo (guohouzuo)
(revision 132)
- Remove build dependency doxygen, python-Cheetah, python-Sphinx, python-libxml2, python-lxml, most of which are python 2 programs. Consequently remove -doc subpackage. Users are encouraged to use online documentation. (bsc#1066461)
Dominique Leuenberger (dimstar_suse)
accepted
request 530615
from
Michael Ströder (stroeder)
(revision 131)
1
Dominique Leuenberger (dimstar_suse)
accepted
request 528906
from
Michael Ströder (stroeder)
(revision 130)
1
Dominique Leuenberger (dimstar_suse)
accepted
request 517510
from
Howard Guo (guohouzuo)
(revision 129)
- Set "rdns" and "dns_canonicalize_hostname" to false in krb5.conf in order to improve client security in handling service principle names. (bsc#1054028) - Set "rdns" and "dns_canonicalize_hostname" to false in krb5.conf in order to improve client security in handling service principle names. (bsc#1054028) - Prevent kadmind.service startup failure caused by absence of LDAP service. (bsc#903543)
Dominique Leuenberger (dimstar_suse)
accepted
request 501409
from
Howard Guo (guohouzuo)
(revision 128)
Dominique Leuenberger (dimstar_suse)
accepted
request 486278
from
Marcus Meissner (msmeissn)
(revision 127)
1
Dominique Leuenberger (dimstar_suse)
accepted
request 452976
from
Michael Ströder (stroeder)
(revision 125)
1
Dominique Leuenberger (dimstar_suse)
accepted
request 451651
from
Michael Ströder (stroeder)
(revision 124)
1
Dominique Leuenberger (dimstar_suse)
accepted
request 443977
from
Michael Ströder (stroeder)
(revision 123)
1
Dominique Leuenberger (dimstar_suse)
accepted
request 441866
from
Howard Guo (guohouzuo)
(revision 122)
1
Dominique Leuenberger (dimstar_suse)
accepted
request 412764
from
Ismail Dönmez (namtrac)
(revision 121)
- Upgrade from 1.14.2 to 1.14.3: * Improve some error messages * Improve documentation * Allow a principal with nonexistent policy to bypass the minimum password lifetime check, consistent with other aspects of nonexistent policies * Fix a rare KDC denial of service vulnerability when anonymous client principals are restricted to obtaining TGTs only [CVE-2016-3120] - Upgrade from 1.14.2 to 1.14.3: * Improve some error messages * Improve documentation * Allow a principal with nonexistent policy to bypass the minimum password lifetime check, consistent with other aspects of nonexistent policies * Fix a rare KDC denial of service vulnerability when anonymous client principals are restricted to obtaining TGTs only [CVE-2016-3120]
Dominique Leuenberger (dimstar_suse)
accepted
request 406062
from
Ismail Dönmez (namtrac)
(revision 120)
------------------------------------------------------------------ - Remove source file ccapi/common/win/OldCC/autolock.hxx that is not needed and does not carry an acceptable license. (bsc#968111) - Remove comments breaking post scripts. - Do no use systemd_requires macros in main package, it adds unneeded dependencies which pulls systemd into minimal chroot. - Only call %insserv_prereq when building for pre-systemd distributions. - Optimise some %post/%postun when only /sbin/ldconfig is called. ------------------------------------------------------------------ - Remove source file ccapi/common/win/OldCC/autolock.hxx that is not needed and does not carry an acceptable license. (bsc#968111)
Dominique Leuenberger (dimstar_suse)
accepted
request 392051
from
Ismail Dönmez (namtrac)
(revision 119)
1
Dominique Leuenberger (dimstar_suse)
accepted
request 382782
from
Howard Guo (guohouzuo)
(revision 118)
Dominique Leuenberger (dimstar_suse)
accepted
request 378714
from
Howard Guo (guohouzuo)
(revision 117)
- Introduce patch 0107-Fix-LDAP-null-deref-on-empty-arg-CVE-2016-3119.patch to fix CVE-2016-3119 (bsc#971942)
Dominique Leuenberger (dimstar_suse)
accepted
request 360110
from
Marcus Meissner (msmeissn)
(revision 116)
1
Dominique Leuenberger (dimstar_suse)
accepted
request 357310
from
Ismail Dönmez (namtrac)
(revision 115)
1
Dominique Leuenberger (dimstar_suse)
accepted
request 353069
from
Ismail Dönmez (namtrac)
(revision 114)
- Add two patches from Fedora, fixing two crashes: * krb5-fix_interposer.patch * krb5-mechglue_inqure_attrs.patch - Update to 1.14 - dropped krb5-kvno-230379.patch - added krbdev.mit.edu-8301.patch fixing wrong function call Major changes in 1.14 (2015-11-20) ================================== Administrator experience: * Add a new kdb5_util tabdump command to provide reporting-friendly tabular dump formats (tab-separated or CSV) for the KDC database. Unlike the normal dump format, each output table has a fixed number of fields. Some tables include human-readable forms of data that are opaque in ordinary dump files. This format is also suitable for importing into relational databases for complex queries. * Add support to kadmin and kadmin.local for specifying a single command line following any global options, where the command arguments are split by the shell--for example, "kadmin getprinc principalname". Commands issued this way do not prompt for confirmation or display warning messages, and exit with non-zero status if the operation fails. * Accept the same principal flag names in kadmin as we do for the default_principal_flags kdc.conf variable, and vice versa. Also accept flag specifiers in the form that kadmin prints, as well as hexadecimal numbers. * Remove the triple-DES and RC4 encryption types from the default value of supported_enctypes, which determines the default key and salt types for new password-derived keys. By default, keys will only created only for AES128 and AES256. This mitigates some types
Displaying revisions 41 - 60 of 173