openSUSE Build Service

Dominique Leuenberger (dimstar_suse) accepted request 530615 from

Michael Ströder (stroeder) over 6 years ago (revision 131)

Dominique Leuenberger (dimstar_suse) accepted request 528906 from

Michael Ströder (stroeder) over 6 years ago (revision 130)

Dominique Leuenberger (dimstar_suse) accepted request 517510 from

Howard Guo (guohouzuo) over 6 years ago (revision 129)

- Set "rdns" and "dns_canonicalize_hostname" to false in krb5.conf
  in order to improve client security in handling service principle
  names. (bsc#1054028)

- Set "rdns" and "dns_canonicalize_hostname" to false in krb5.conf
  in order to improve client security in handling service principle
  names. (bsc#1054028)

- Prevent kadmind.service startup failure caused by absence of
  LDAP service. (bsc#903543)

Dominique Leuenberger (dimstar_suse) accepted request 501409 from

Howard Guo (guohouzuo) almost 7 years ago (revision 128)

Dominique Leuenberger (dimstar_suse) accepted request 486278 from

Marcus Meissner (msmeissn) about 7 years ago (revision 127)

Yuchen Lin (maxlin_factory) accepted request 478948 from

Howard Guo (guohouzuo) about 7 years ago (revision 126)

Dominique Leuenberger (dimstar_suse) accepted request 452976 from

Michael Ströder (stroeder) over 7 years ago (revision 125)

Dominique Leuenberger (dimstar_suse) accepted request 451651 from

Michael Ströder (stroeder) over 7 years ago (revision 124)

Dominique Leuenberger (dimstar_suse) accepted request 443977 from

Michael Ströder (stroeder) over 7 years ago (revision 123)

Dominique Leuenberger (dimstar_suse) accepted request 441866 from

Howard Guo (guohouzuo) over 7 years ago (revision 122)

Dominique Leuenberger (dimstar_suse) accepted request 412764 from

Ismail Dönmez (namtrac) almost 8 years ago (revision 121)

- Upgrade from 1.14.2 to 1.14.3:
  * Improve some error messages
  * Improve documentation
  * Allow a principal with nonexistent policy to bypass the minimum
    password lifetime check, consistent with other aspects of
    nonexistent policies
  * Fix a rare KDC denial of service vulnerability when anonymous client
    principals are restricted to obtaining TGTs only [CVE-2016-3120]
  
- Upgrade from 1.14.2 to 1.14.3:
  * Improve some error messages
  * Improve documentation
  * Allow a principal with nonexistent policy to bypass the minimum
    password lifetime check, consistent with other aspects of
    nonexistent policies
  * Fix a rare KDC denial of service vulnerability when anonymous client
    principals are restricted to obtaining TGTs only [CVE-2016-3120]

Dominique Leuenberger (dimstar_suse) accepted request 406062 from

Ismail Dönmez (namtrac) almost 8 years ago (revision 120)

------------------------------------------------------------------
- Remove source file ccapi/common/win/OldCC/autolock.hxx
  that is not needed and does not carry an acceptable license.
  (bsc#968111)
- Remove comments breaking post scripts. 

- Do no use systemd_requires macros in main package, it adds
  unneeded dependencies which pulls systemd into minimal chroot.
- Only call %insserv_prereq when building for pre-systemd
  distributions.
- Optimise some %post/%postun when only /sbin/ldconfig is called.
------------------------------------------------------------------
- Remove source file ccapi/common/win/OldCC/autolock.hxx
  that is not needed and does not carry an acceptable license.
  (bsc#968111)

Dominique Leuenberger (dimstar_suse) accepted request 392051 from

Ismail Dönmez (namtrac) about 8 years ago (revision 119)

Dominique Leuenberger (dimstar_suse) accepted request 382782 from

Howard Guo (guohouzuo) about 8 years ago (revision 118)

Dominique Leuenberger (dimstar_suse) accepted request 378714 from

Howard Guo (guohouzuo) about 8 years ago (revision 117)

- Introduce patch
  0107-Fix-LDAP-null-deref-on-empty-arg-CVE-2016-3119.patch
  to fix CVE-2016-3119 (bsc#971942)

Dominique Leuenberger (dimstar_suse) accepted request 360110 from

Marcus Meissner (msmeissn) about 8 years ago (revision 116)

Dominique Leuenberger (dimstar_suse) accepted request 357310 from

Ismail Dönmez (namtrac) about 8 years ago (revision 115)

Dominique Leuenberger (dimstar_suse) accepted request 353069 from

Ismail Dönmez (namtrac) over 8 years ago (revision 114)

- Add two patches from Fedora, fixing two crashes:
  * krb5-fix_interposer.patch
  * krb5-mechglue_inqure_attrs.patch

- Update to 1.14
- dropped krb5-kvno-230379.patch
- added krbdev.mit.edu-8301.patch fixing wrong function call
Major changes in 1.14 (2015-11-20)
==================================
Administrator experience:
* Add a new kdb5_util tabdump command to provide reporting-friendly
  tabular dump formats (tab-separated or CSV) for the KDC database.
  Unlike the normal dump format, each output table has a fixed number
  of fields.  Some tables include human-readable forms of data that
  are opaque in ordinary dump files.  This format is also suitable for
  importing into relational databases for complex queries.
* Add support to kadmin and kadmin.local for specifying a single
  command line following any global options, where the command
  arguments are split by the shell--for example, "kadmin getprinc
  principalname".  Commands issued this way do not prompt for
  confirmation or display warning messages, and exit with non-zero
  status if the operation fails.
* Accept the same principal flag names in kadmin as we do for the
  default_principal_flags kdc.conf variable, and vice versa.  Also
  accept flag specifiers in the form that kadmin prints, as well as
  hexadecimal numbers.
* Remove the triple-DES and RC4 encryption types from the default
  value of supported_enctypes, which determines the default key and
  salt types for new password-derived keys.  By default, keys will
  only created only for AES128 and AES256.  This mitigates some types

Stephan Kulow (coolo) accepted request 347776 from

Ismail Dönmez (namtrac) over 8 years ago (revision 113)

Dominique Leuenberger (dimstar_suse) accepted request 343500 from

Ismail Dönmez (namtrac) over 8 years ago (revision 112)

Places

Revisions of krb5

Places