SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for krb5-debuginfo-1.9.1-24.3.test.1.x86_64.rpm :

* Mon Nov 21 2011 mcAATTsuse.de- fix KDC null pointer dereference in TGS handling (MITKRB5-SA-2011-007, bnc#730393) CVE-2011-1530
* Mon Nov 21 2011 mcAATTsuse.de- fix KDC HA feature introduced with implementing KDC poll (RT#6951, bnc#731648)
* Fri Nov 18 2011 rhaferAATTsuse.de- fix minor error messages for the IAKERB GSSAPI mechanism (see: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7020)
* Mon Oct 17 2011 mcAATTsuse.de- fix kdc remote denial of service (MITKRB5-SA-2011-006, bnc#719393) CVE-2011-1527, CVE-2011-1528, CVE-2011-1529
* Tue Aug 23 2011 mcAATTsuse.de- use --without-pam to build krb5-mini
* Sun Aug 21 2011 mcAATTnovell.com- add patches from Fedora and upstream- fix init scripts (bnc#689006)
* Fri Aug 19 2011 mcAATTnovell.com- update to version 1.9.1
* obsolete patches: MITKRB5-SA-2010-007-1.8.dif krb5-1.8-MITKRB5-SA-2010-006.dif krb5-1.8-MITKRB5-SA-2011-001.dif krb5-1.8-MITKRB5-SA-2011-002.dif krb5-1.8-MITKRB5-SA-2011-003.dif krb5-1.8-MITKRB5-SA-2011-004.dif krb5-1.4.3-enospc.dif
* replace krb5-1.6.1-compile_pie.dif
* Thu Apr 14 2011 mcAATTsuse.de- fix kadmind invalid pointer free() (MITKRB5-SA-2011-004, bnc#687469) CVE-2011-0285
* Tue Mar 01 2011 mcAATTsuse.de- Fix vulnerability to a double-free condition in KDC daemon (MITKRB5-SA-2011-003, bnc#671717) CVE-2011-0284
* Wed Jan 19 2011 mcAATTsuse.de- Fix kpropd denial of service (MITKRB5-SA-2011-001, bnc#662665) CVE-2010-4022- Fix KDC denial of service attacks with LDAP back end (MITKRB5-SA-2011-002, bnc#663619) CVE-2011-0281, CVE-2011-0282
* Wed Dec 01 2010 mcAATTsuse.de- Fix multiple checksum handling vulnerabilities (MITKRB5-SA-2010-007, bnc#650650) CVE-2010-1324
* krb5 GSS-API applications may accept unkeyed checksums
* krb5 application services may accept unkeyed PAC checksums
* krb5 KDC may accept low-entropy KrbFastArmoredReq checksums CVE-2010-1323
* krb5 clients may accept unkeyed SAM-2 challenge checksums
* krb5 may accept KRB-SAFE checksums with low-entropy derived keys CVE-2010-4020
* krb5 may accept authdata checksums with low-entropy derived keys CVE-2010-4021
* krb5 KDC may issue unrequested tickets due to KrbFastReq forgery
* Thu Oct 28 2010 mcAATTsuse.de- fix csh profile (bnc#649856)
* Fri Oct 22 2010 mcAATTsuse.de- update to krb5-1.8.3
* remove patches which are now upstrem - krb5-1.7-MITKRB5-SA-2010-004.dif - krb5-1.8.1-gssapi-error-table.dif - krb5-MITKRB5-SA-2010-005.dif
* Fri Oct 22 2010 mcAATTsuse.de- change environment variable PATH directly for csh (bnc#642080)
* Mon Sep 27 2010 mcAATTsuse.de- fix a dereference of an uninitialized pointer while processing authorization data. CVE-2010-1322, MITKRB5-SA-2010-006 (bnc#640990)
* Mon Jun 21 2010 lchiquittoAATTnovell.com- add correct error table when initializing gss-krb5 (bnc#606584, bnc#608295)
* Wed May 19 2010 mcAATTsuse.de- fix GSS-API library null pointer dereference CVE-2010-1321, MITKRB5-SA-2010-005 (bnc#596826)
* Wed Apr 14 2010 mcAATTsuse.de- fix a double free vulnerability in the KDC CVE-2010-1320, MITKRB5-SA-2010-004 (bnc#596002)
* Fri Apr 09 2010 mcAATTsuse.de- update to version 1.8.1
* include krb5-1.8-POST.dif
* include MITKRB5-SA-2010-002
* Tue Apr 06 2010 mcAATTsuse.de- update krb5-1.8-POST.dif
* Tue Mar 23 2010 mcAATTsuse.de- fix a bug where an unauthenticated remote attacker could cause a GSS-API application including the Kerberos administration daemon (kadmind) to crash. CVE-2010-0628, MITKRB5-SA-2010-002 (bnc#582557)
* Tue Mar 23 2010 mcAATTsuse.de- add post 1.8 fixes
* Add IPv6 support to changepw.c
* fix two problems in kadm5_get_principal mask handling
* Ignore improperly encoded signedpath AD elements
* handle NT_SRV_INST in service principal referrals
* dereference options while checking KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT
* Fix the kpasswd fallback from the ccache principal name
* Document the ticket_lifetime libdefaults setting
* Change KRB5_AUTHDATA_SIGNTICKET from 142 to 512
* Thu Mar 04 2010 mcAATTsuse.de- update to version 1.8
* Increase code quality
* Move toward improved KDB interface
* Investigate and remedy repeatedly-reported performance bottlenecks.
* Reduce DNS dependence by implementing an interface that allows client library to track whether a KDC supports service principal referrals.
* Disable DES by default
* Account lockout for repeated login failures
* Bridge layer to allow Heimdal HDB modules to act as KDB backend modules
* FAST enhancements
* Microsoft Services for User (S4U) compatibility
* Anonymous PKINIT- fix KDC denial of service CVE-2010-0283, MITKRB5-SA-2010-001 (bnc#571781)- fix KDC denial of service in cross-realm referral processing CVE-2009-3295, MITKRB5-SA-2009-003 (bnc#561347)- fix integer underflow in AES and RC4 decryption CVE-2009-4212, MITKRB5-SA-2009-004 (bnc#561351)- moved krb5 applications (telnet, ftp, rlogin, ...) to krb5-appl
* Mon Dec 14 2009 jengelhAATTmedozas.de- add baselibs.conf as a source
* Fri Nov 13 2009 mcAATTsuse.de- enhance \'$PATH\' only if the directories are available and not empty (bnc#544949)
* Sun Jul 12 2009 cooloAATTnovell.com- readd lost baselibs.conf
* Wed Jun 03 2009 mcAATTsuse.de- update to final 1.7 release
* Wed May 13 2009 mcAATTsuse.de- update to version 1.7 Beta2
* Incremental propagation support for the KDC database.
* Flexible Authentication Secure Tunneling (FAST), a preauthentiation framework that can protect the AS exchange from dictionary attack.
* Implement client and KDC support for GSS_C_DELEG_POLICY_FLAG, which allows a GSS application to request credential delegation only if permitted by KDC policy.
* Fix CVE-2009-0844, CVE-2009-0845, CVE-2009-0846, CVE-2009-0847 -- various vulnerabilities in SPNEGO and ASN.1 code.
* Mon Feb 16 2009 mcAATTsuse.de- update to pre 1.7 version
* Remove support for version 4 of the Kerberos protocol (krb4).
* New libdefaults configuration variable \"allow_weak_crypto\".
* Client library now follows client principal referrals, for compatibility with Windows.
* KDC can issue realm referrals for service principals based on domain names.
* Encryption algorithm negotiation (RFC 4537).
* In the replay cache, use a hash over the complete ciphertext to avoid false-positive replay indications.
* Microsoft GSS_WrapEX, implemented using the gss_iov API, which is similar to the equivalent SSPI functionality.
* DCE RPC, including three-leg GSS context setup and unencapsulated GSS tokens.
* NTLM recognition support in GSS-API, to facilitate dropping in an NTLM implementation.
* KDC support for principal aliases, if the back end supports them.
* Microsoft set/change password (RFC 3244) protocol in kadmind.
* Master key rollover support.
* Wed Jan 14 2009 olhAATTsuse.de- obsolete also old heimdal-lib-XXbit and heimdal-devel-XXbit
* Thu Dec 11 2008 mcAATTsuse.de- do not query IPv6 addresses if no IPv6 address exists on this host [bnc#449143]
* Wed Dec 10 2008 olhAATTsuse.de- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade (bnc#437293)
* Thu Oct 30 2008 olhAATTsuse.de- obsolete old -XXbit packages (bnc#437293)
* Fri Sep 26 2008 mcAATTsuse.de- in case we use ldap as database backend, ldap should be started before krb5kdc
* Mon Jul 28 2008 mcAATTsuse.de- add new fixes to post 1.6.3 patch
* fix mem leak in krb5_gss_accept_sec_context()
* keep minor_status
* kadm5_decrypt_key: A ktype of -1 is documented as meaning \"to be ignored\"
* Reject socket fds > FD_SETSIZE
* Fri Jul 25 2008 mcAATTsuse.de- add patches from SVN post 1.6.3
* krb5_string_to_keysalts: Fix an infinite loop
* fix some mutex issues
* better recovery from corrupt rcache files
* some more small fixes
* Wed Jun 18 2008 mcAATTsuse.de- add case-insensitive.dif (FATE#300771)- minor fixes for ktutil man page- reduce rpmlint warnings
* Wed May 14 2008 mcAATTsuse.de- Fall back to TCP on kdc-unresolvable/unreachable errors.- restore valid sequence number before generating requests (fix changing passwords in mixed ipv4/ipv6 enviroments)
* Thu Apr 10 2008 roAATTsuse.de- added baselibs.conf file to build xxbit packages for multilib support
* Wed Apr 09 2008 mcAATTsuse.de- modify krb5-config to not output rpath and cflags in --libs (bnc#378270)
* Fri Mar 14 2008 mcAATTsuse.de- fix two security bugs:
* MITKRB5-SA-2008-001(CVE-2008-0062, CVE-2008-0063) fix double free [bnc#361373]
* MITKRB5-SA-2008-002(CVE-2008-0947, CVE-2008-0948) Memory corruption while too many open file descriptors [bnc#363151]- change default config file. Comment out the examples.
* Fri Dec 14 2007 mcAATTsuse.de- fix several security bugs:
* CVE-2007-5894 apparent uninit length
* CVE-2007-5902 integer overflow
* CVE-2007-5971 free of non-heap pointer and double-free
* CVE-2007-5972 double fclose() [#346745, #346748, #346746, #346749, #346747]
* Tue Dec 04 2007 mcAATTsuse.de- improve GSSAPI error messages
* Tue Nov 06 2007 mcAATTsuse.de- add coreutils to PreReq
* Tue Oct 23 2007 mcAATTsuse.de- update to krb5 version 1.6.3
* fix CVE-2007-3999, CVE-2007-4743 svc_auth_gss.c buffer overflow
* fix CVE-2007-4000 modify_policy vulnerability
* Add PKINIT support- remove patches which are upstream now- enhance init scripts and xinetd profiles
* Fri Sep 14 2007 mcAATTsuse.de- update krb5-1.6.2-post.dif
* If a KDC returns KDC_ERR_SVC_UNAVAILABLE, it appears that that the client library will not failover to the next KDC. [#310540]
* Tue Sep 11 2007 mcAATTsuse.de- update krb5-1.6.2-post.dif
* new -S sname option for kvno
* read_entropy_from_device on partial read will not fill buffer
* Bail out if encoded \"ticket\" doesn\'t decode correctly.
* patch for referrals loop
* Thu Sep 06 2007 mcAATTsuse.de- fix a problem with the originally published patch for MITKRB5-SA-2007-006 - CVE-2007-3999 [#302377]
* Wed Sep 05 2007 mcAATTsuse.de- fix execute arbitrary code (MITKRB5-SA-2007-006 - CVE-2007-3999,2007-4000) [#302377]
* Tue Aug 07 2007 mcAATTsuse.de- add krb5-1.6.2-post.dif
* during the referrals loop, check to see if the session key enctype of a returned credential for the final service is among the enctypes explicitly selected by the application, and retry with old_use_conf_ktypes if it is not.
* If mkstemp() is available, the new ccache file gets created but the subsequent open(O_CREAT|O_EXCL) call fails because the file was already created by mkstemp(). Apply patch from Apple to keep the file descriptor open.
* Thu Jul 12 2007 mcAATTsuse.de- update to version 1.6.2- remove krb5-1.6.1-post.dif all fixes are included in this release
* Thu Jul 05 2007 mcAATTsuse.de- change requires to libcom_err-devel
* Mon Jul 02 2007 mcAATTsuse.de- update krb5-1.6.1-post.dif
* fix leak in krb5_walk_realm_tree
* rd_req_decoded needs to deal with referral realms
* fix buffer overflow in kadmind (MITKRB5-SA-2007-005 - CVE-2007-2798) [#278689]
* fix kadmind code execution bug (MITKRB5-SA-2007-004 - CVE-2007-2442 - CVE-2007-2443) [#271191]
* Thu Jun 14 2007 mcAATTsuse.de- fix unstripped-binary-or-object rpmlint warning
* Mon Jun 11 2007 sschoberAATTsuse.de- fixing rpmlint warnings and errors:
* merged logrotate scripts kadmin and krb5kdc into a single file krb5-server.
* moved heimdal2mit-DumpConvert.pl and simple_convert_krb5conf.pl from /usr/share/doc/packages/krb5 to /usr/lib/mit/helper. adapted krb5.spec and README.ConvertHeimdalMIT accordingly.
* added surpression filter for \"devel-file-in-non-devel-package /usr/lib/libgssapi_krb5.so\" (see [#147912]).
* set default runlevel of init scripts in chkconfig line to 3 and 5
* Wed May 09 2007 mcAATTsuse.de- fix uninitialized salt length- add extra check for keytab file
* Thu May 03 2007 mcAATTsuse.de- adding krb5-1.6.1-post.dif
* fix segfault in krb5_get_init_creds_password
* remove debug output in ftp client
* profile stores empty string values without double quotes
* Mon Apr 23 2007 mcAATTsuse.de- update to final 1.6.1 version
* Wed Apr 18 2007 mcAATTsuse.de- add plugin directories to main package
* Mon Apr 16 2007 mcAATTsuse.de- update to version 1.6.1 Beta1- remove obsolete patches (krb5-1.6-post.dif, krb5-1.6-patchlevel.dif)- rework compile_pie patch
* Wed Apr 11 2007 mcAATTsuse.de- update krb5-1.6-post.dif
* fix kadmind stack overflow in krb5_klog_syslog (MITKRB5-SA-2007-002 - CVE-2007-0957) [#253548]
* fix double free attack in the RPC library (MITKRB5-SA-2007-003 - CVE-2007-1216) [#252487]
* fix krb5 telnetd login injection (MIT-SA-2007-001 - CVE-2007-0956) [#247765]
* Thu Mar 29 2007 mcAATTsuse.de- add ncurses-devel and bison to BuildRequires- rework some patches
* Mon Mar 05 2007 mcAATTsuse.de- move SuSEFirewall service definitions to /etc/sysconfig/SuSEfirewall2.d/services
* Thu Feb 22 2007 mcAATTsuse.de- add firewall definition to krb5-server, FATE #300687
* Mon Feb 19 2007 mcAATTsuse.de- update krb5-1.6-post.dif- move some applications into the right package
* Fri Feb 09 2007 mcAATTsuse.de- update krb5-1.6-post.dif
* Mon Jan 29 2007 mcAATTsuse.de- krb5-1.6-fix-passwd-tcp.dif and krb5-1.6-fix-sendto_kdc-memset.dif are now upstream. Remove patches.- fix leak in krb5_kt_resolve and krb5_kt_wresolve
* Tue Jan 23 2007 mcAATTsuse.de- fix \"local variable used before set\" in ftp.c [#237684]
* Mon Jan 22 2007 mcAATTsuse.de- krb5-devel should require keyutils-devel
* Mon Jan 22 2007 mcAATTsuse.de- update to version 1.6
* Major changes in 1.6 include
* Partial client implementation to handle server name referrals.
* Pre-authentication plug-in framework, donated by Red Hat.
* LDAP KDB plug-in, donated by Novell.- remove obsolete patches
* Wed Jan 10 2007 mcAATTsuse.de- fix for kadmind (via RPC library) calls uninitialized function pointer (CVE-2006-6143)(Bug #225990) krb5-1.5-MITKRB5-SA-2006-002-fix-code-exec.dif- fix for kadmind (via GSS-API mechglue) frees uninitialized pointers (CVE-2006-6144)(Bug #225992) krb5-1.5-MITKRB5-SA-2006-003-fix-free-of-uninitialized-pointer.dif
* Tue Jan 02 2007 mcAATTsuse.de- Fix Requires in krb5-devel [Bug #231008]
* Mon Nov 06 2006 mcAATTsuse.de- fix \"local variable used before set\" [#217692]- fix strncat warning
* Fri Oct 27 2006 mcAATTsuse.de- add a default kadm5.dict file- require $network on daemon start
* Wed Sep 13 2006 mcAATTsuse.de- fix function call with too few arguments [#203837]
* Thu Aug 24 2006 mcAATTsuse.de- update to version 1.5.1- remove obsolete patches which are now included upstream
* krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif
* trunk-fix-uninitialized-vars.dif
* Fri Aug 11 2006 mcAATTsuse.de- krb5 setuid return check fixes krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif [#182351]
* Mon Aug 07 2006 mcAATTsuse.de- remove update-messages
* Mon Jul 24 2006 mcAATTsuse.de- add check for krb5_prop in services to kpropd init script. [#192446]
* Mon Jul 03 2006 mcAATTsuse.de- update to version 1.5
* KDB abstraction layer, donated by Novell.
* plug-in architecture, allowing for extension modules to be loaded at run-time.
* multi-mechanism GSS-API implementation (\"mechglue\"), donated by Sun Microsystems
* Simple and Protected GSS-API negotiation mechanism (\"SPNEGO\") implementation, donated by Sun Microsystems- remove obsolete patches and add some new
* Fri May 26 2006 roAATTsuse.de- libcom is not in e2fsck-devel but in its own package now, change Requires accordingly.
* Mon Mar 27 2006 mcAATTsuse.de- add all daemons to %stop_on_removal and %restart_on_update- add reload to kpropd init script- add force-reload to all init scripts
* Mon Mar 13 2006 mcAATTsuse.de- add libgssapi_krb5.so link to main package [#147912]
* Fri Feb 03 2006 mcAATTsuse.de- fix logging section for kadmind in convert script
* Wed Jan 25 2006 mlsAATTsuse.de- converted neededforbuild to BuildRequires
* Fri Jan 13 2006 mcAATTsuse.de- change the logging defaults
* Wed Jan 11 2006 mcAATTsuse.de- add tools and README for heimdal => MIT update
* Mon Jan 09 2006 mcAATTsuse.de- fix build problems, define _GNU_SOURCE (krb5-1.4.3-set_gnu_source.dif )
* Tue Jan 03 2006 mcAATTsuse.de- added \"make %{?jobs:-j%jobs}\"
* Fri Nov 18 2005 mcAATTsuse.de- update to version 1.4.3
* some memmory leaks fixed
* fix for \"AS_REP padata has wrong enctype\"
* fix for \"AS_REP padata missing PA-ETYPE-INFO\"
* ... and more
* Wed Nov 02 2005 dmuellerAATTsuse.de- don\'t build as root
* Tue Oct 11 2005 mcAATTsuse.de- update to version 1.4.2- remove some obsolet patches
* Mon Aug 08 2005 mcAATTsuse.de- build with --disable-static
* Thu Aug 04 2005 roAATTsuse.de- remove devel-static subpackage
* Thu Jun 30 2005 mcAATTsuse.de- better patch for princ_comp problem
* Mon Jun 27 2005 mcAATTsuse.de- update to version 1.4.1- remove obsolet patches - krb5-1.4-gcc4.dif - krb5-1.4-reduce-namespace-polution.dif - krb5-1.4-VUL-0-telnet.dif
* Thu Jun 23 2005 mcAATTsuse.de- fixed krb5 KDC heap corruption by random free [#80574, CAN-2005-1174, MITKRB5-SA-2005-002]- fixed krb5 double free() [#86768, CAN-2005-1689, MITKRB5-SA-2005-003]- fix krb5 NULL pointer reference while comparing principals [#91600]
* Fri Jun 17 2005 mcAATTsuse.de- fix uninitialized variables- compile with -fPIE/ link with -pie
* Wed Apr 20 2005 mcAATTsuse.de- fixed wrong xinetd files [#77149]
* Fri Apr 08 2005 mtAATTsuse.de- removed krb5-1.4-fix-error_tables.dif patch obsoleted by libcom_err locking patches
* Thu Apr 07 2005 mcAATTsuse.de- fixed missing descriptions in init files [#76164, #76165, #76166, #76169]
* Wed Mar 30 2005 mcAATTsuse.de- enhance $PATH via /etc/profile.d/ [#74018]- remove the \"links to important programs\"
* Fri Mar 18 2005 mcAATTsuse.de- fixed not running converter script [#72854]
* Thu Mar 17 2005 mcAATTsuse.de- Fix CAN-2005-0469: Multiple Telnet Client slc_add_reply() Buffer Overflow- Fix CAN-2005-0468: Multiple Telnet Client env_opt_add() Buffer Overflow [#73618]
* Wed Mar 16 2005 mcAATTsuse.de- fixed wrong PreReqs [#73020]
* Tue Mar 15 2005 mcAATTsuse.de- add a simple krb5.conf converter [#72854]
* Mon Mar 14 2005 mcAATTsuse.de- fixed: rckrb5kdc restart gives wrong status with non-running service [#72446]
* Thu Mar 10 2005 mcAATTsuse.de- add requires: e2fsprogs-devel to krb5-devel package [#71732]
* Fri Feb 25 2005 mcAATTsuse.de- fix double free [#66534] krb5-1.4-fix-error_tables.dif
* Fri Feb 11 2005 mcAATTsuse.de- change mode for shared libraries to 755
* Fri Feb 04 2005 mcAATTsuse.de- remove spx.c from tarball because of legal risk- add README.Source which tell the user about this action.- add a check for spx.c in the spec-file- use rich-text for update-messages [#50250]
* Tue Feb 01 2005 mcAATTsuse.de- add krb5-1.4-reduce-namespace-polution.dif reduce namespace polution in gssapi.h [#50356]
* Fri Jan 28 2005 mcAATTsuse.de- update to version 1.4- Add implementation of the RPCSEC_GSS authentication flavor to the RPC library.- Thread safety for krb5 libraries.- Merged Athena telnetd changes for creating a new option for requiring encryption.- The kadmind4 backwards-compatibility admin server and the v5passwdd backwards-compatibility password-changing server have been removed.- Yarrow code now uses AES.- Merged Athena changes to allow ftpd to require encrypted passwords.- Incorporate gss_krb5_set_allowable_enctypes() and gss_krb5_export_lucid_sec_context(), which are needed for NFSv4.- remove obsolet patches
* Mon Jan 17 2005 mcAATTsuse.de- add proofreaded update-messages
* Fri Jan 14 2005 mcAATTsuse.de- remove Conflicts: and add Provides:- add some insserv stuff
* Thu Jan 13 2005 mcAATTsuse.de- move vendor files to vendor-files.tar.bz2- add obsoletes: heimdal- add %pre and %post sections to detect update from heimdal and backup invalid configuration files- add update-messages for heimdal update
* Mon Jan 10 2005 mcAATTsuse.de- update to version 1.3.6- fix for: heap buffer overflow in libkadm5srv [CAN-2004-1189 / MITKRB5-SA-2004-004]
* Tue Dec 14 2004 mcAATTsuse.de- build doc subpackage in an own specfile- removed unnecessary neededforbuild requirements
* Wed Nov 24 2004 cooloAATTsuse.de- fix build with gcc 4
* Mon Nov 15 2004 mcAATTsuse.de- added Conflicts with heimdal
*- rename some manpages to avoid conflicts
* Thu Nov 04 2004 mcAATTsuse.de- new init scripts- fix logrotate scripts- add some 64Bit fixes- add default krb5.conf, kdc.conf and kadm5.acl
* Wed Nov 03 2004 mcAATTsuse.de- add e2fsprogs to NFB- use system-et and system-ss- fix includes of com_err.h
* Thu Oct 28 2004 mcAATTsuse.de- Initital checkin
  
ICM