SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for krb5-plugin-kdb-ldap-1.6.3-133.2.i586.rpm :
Fri Jul 25 14:00:00 2008 mcAATTsuse.de
- add patches from SVN post 1.6.3

* krb5_string_to_keysalts: Fix an infinite loop

* fix some mutex issues

* better recovery from corrupt rcache files

* some more small fixes

Wed Jun 18 14:00:00 2008 mcAATTsuse.de
- reduce rpmlint warnings

Tue Dec 4 13:00:00 2007 mcAATTsuse.de
- improve GSSAPI error messages

Tue Oct 23 14:00:00 2007 mcAATTsuse.de
- update to krb5 version 1.6.3

* fix CVE-2007-3999, CVE-2007-4743 svc_auth_gss.c buffer overflow

* fix CVE-2007-4000 modify_policy vulnerability

* Add PKINIT support
- remove patches which are upstream now
- enhance init scripts and xinetd profiles

Fri Sep 14 14:00:00 2007 mcAATTsuse.de
- update krb5-1.6.2-post.dif

* If a KDC returns KDC_ERR_SVC_UNAVAILABLE, it appears that
that the client library will not failover to the next KDC.
[#310540]

Tue Sep 11 14:00:00 2007 mcAATTsuse.de
- update krb5-1.6.2-post.dif

* new -S sname option for kvno

* read_entropy_from_device on partial read will not fill buffer

* Bail out if encoded \"ticket\" doesn\'t decode correctly.

* patch for referrals loop

Thu Sep 6 14:00:00 2007 mcAATTsuse.de
- fix a problem with the originally published patch
for MITKRB5-SA-2007-006 - CVE-2007-3999
[#302377]

Wed Sep 5 14:00:00 2007 mcAATTsuse.de
- fix execute arbitrary code
(MITKRB5-SA-2007-006 - CVE-2007-3999,2007-4000)
[#302377]

Tue Aug 7 14:00:00 2007 mcAATTsuse.de
- add krb5-1.6.2-post.dif

* during the referrals loop, check to see if the
session key enctype of a returned credential for the final
service is among the enctypes explicitly selected by the
application, and retry with old_use_conf_ktypes if it is not.

* If mkstemp() is available, the new ccache file gets created but
the subsequent open(O_CREAT|O_EXCL) call fails because the file
was already created by mkstemp(). Apply patch from Apple to keep
the file descriptor open.

Thu Jul 12 14:00:00 2007 mcAATTsuse.de
- update to version 1.6.2
- remove krb5-1.6.1-post.dif all fixes are included in this release

Mon Jul 2 14:00:00 2007 mcAATTsuse.de
- update krb5-1.6.1-post.dif

* fix leak in krb5_walk_realm_tree

* rd_req_decoded needs to deal with referral realms

* fix buffer overflow in kadmind
(MITKRB5-SA-2007-005 - CVE-2007-2798)
[#278689]

* fix kadmind code execution bug
(MITKRB5-SA-2007-004 - CVE-2007-2442 - CVE-2007-2443)
[#271191]

Wed May 9 14:00:00 2007 mcAATTsuse.de
- fix uninitialized salt length
- add extra check for keytab file

Thu May 3 14:00:00 2007 mcAATTsuse.de
- adding krb5-1.6.1-post.dif

* fix segfault in krb5_get_init_creds_password

* remove debug output in ftp client

* profile stores empty string values without double quotes

Mon Apr 23 14:00:00 2007 mcAATTsuse.de
- update to final 1.6.1 version

Mon Apr 16 14:00:00 2007 mcAATTsuse.de
- update to version 1.6.1 Beta1
- remove obsolete patches
(krb5-1.6-post.dif, krb5-1.6-patchlevel.dif)
- rework compile_pie patch

Wed Apr 11 14:00:00 2007 mcAATTsuse.de
- update krb5-1.6-post.dif

* fix kadmind stack overflow in krb5_klog_syslog
(MITKRB5-SA-2007-002 - CVE-2007-0957)
[#253548]

* fix double free attack in the RPC library
(MITKRB5-SA-2007-003 - CVE-2007-1216)
[#252487]

* fix krb5 telnetd login injection
(MIT-SA-2007-001 - CVE-2007-0956)
[#247765]

Thu Mar 29 14:00:00 2007 mcAATTsuse.de
- add ncurses-devel and bison to BuildRequires
- rework some patches

Mon Feb 19 13:00:00 2007 mcAATTsuse.de
- update krb5-1.6-post.dif

Fri Feb 9 13:00:00 2007 mcAATTsuse.de
- update krb5-1.6-post.dif

Mon Jan 29 13:00:00 2007 roAATTsuse.de
- no main package, no debuginfo

Mon Jan 29 13:00:00 2007 mcAATTsuse.de
- krb5-1.6-fix-passwd-tcp.dif and krb5-1.6-fix-sendto_kdc-memset.dif
are now upstream. Remove patches.
- fix leak in krb5_kt_resolve and krb5_kt_wresolve

Tue Jan 23 13:00:00 2007 mcAATTsuse.de
- fix \"local variable used before set\" in ftp.c
[#237684]
- use less BuildRequires

Mon Jan 22 13:00:00 2007 mcAATTsuse.de
- initial release (version 1.6)

* Major changes in 1.6 include

* Partial client implementation to handle server name referrals.

* Pre-authentication plug-in framework, donated by Red Hat.

* LDAP KDB plug-in, donated by Novell.


  
ICM