SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for krb5-pkinit-1.17-45.fc31.i686.rpm :

* Wed Sep 25 2019 Robbie Harwood - 1.17-45- Fix KDC crash when logging PKINIT enctypes (CVE-2019-14844)
* Thu Sep 12 2019 Robbie Harwood - 1.17-44- Static analyzer appeasement
* Tue Aug 27 2019 Robbie Harwood - 1.17-43- Simplify krb5_dbe_def_search_enctype()
* Thu Aug 22 2019 Robbie Harwood - 1.17-42- Update FIPS patches to remove SPAKE
* Thu Aug 15 2019 Robbie Harwood - 1.17-41- Fix KCM client time offset propagation
* Fri Aug 09 2019 Robbie Harwood - 1.17-40- Initialize life/rlife in kdcpolicy interface
* Tue Aug 06 2019 Robbie Harwood - 1.17-39- Fix memory leaks in soft-pkcs11 code
* Tue Jul 30 2019 Robbie Harwood - 1.17-38- Add soft-pkcs11 and use it for testing
* Thu Jul 25 2019 Fedora Release Engineering - 1.17-37- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Thu Jul 18 2019 Robbie Harwood - 1.17-36- Filter enctypes in gss_set_allowable_enctypes()
* Mon Jul 15 2019 Robbie Harwood - 1.17-35- Don\'t error on invalid enctypes in keytab- Resolves: #1724380
* Tue Jul 02 2019 Robbie Harwood - 1.17-34- Remove now-unused checksum functions
* Wed Jun 26 2019 Robbie Harwood - 1.17-33- Fix typo in 3des commit
* Wed Jun 26 2019 Robbie Harwood - 1.17-32- Remove PKINIT draft9 support (compat with EOL, pre-2008 Windows)
* Mon Jun 10 2019 Robbie Harwood - 1.17-31- Remove strerror() calls from k5_get_error()
* Fri Jun 07 2019 Robbie Harwood - 1.17-30- Remove 3des from kdc.conf example
* Mon Jun 03 2019 Robbie Harwood - 1.17-29- Remove 3DES support
* Mon Jun 03 2019 Robbie Harwood - 1.17-28- Remove 3des support
* Thu May 30 2019 Robbie Harwood - 1.17-27- Remove krb5int_c_combine_keys() and no-flags SAM-2 preauth
* Tue May 28 2019 Robbie Harwood - 1.17-26- Remove support for single-DES and CRC
* Wed May 22 2019 Robbie Harwood - 1.17-25- Add missing newlines to deprecation warnings- Switch to upstream\'s ksu path patch
* Tue May 21 2019 Robbie Harwood - 1.17-24- Update default krb5kdc mkey manual-entry enctype- Also update account lockout patch to upstream version
* Mon May 20 2019 Robbie Harwood - 1.17-23- Test & docs fixes in preparation for DES removal
* Wed May 15 2019 Robbie Harwood - 1.17-22- Drop krb5_realm_compare() etc. NULL check patches
* Wed May 15 2019 Robbie Harwood - 1.17-21- Re-provide krb5-kdb-version in -devel as well (IPA wants it)
* Tue May 14 2019 Robbie Harwood - 1.17-20- (Patch consolidation; hopefully no changes)
* Tue May 14 2019 Robbie Harwood - 1.17-19- Remove checksum type profile variables
* Fri May 10 2019 Robbie Harwood - 1.17-18- Pull in 2019-05-02 static analysis updates
* Fri May 03 2019 Robbie Harwood - 1.17-17- Move krb5-kdb-version provide into krb5-server for freeipa
* Wed May 01 2019 Robbie Harwood - 1.17-16- Use secure_getenv() where appropriate
* Wed Apr 24 2019 Robbie Harwood - 1.17-15- Fix us up real nice with rpmlint
* Wed Apr 24 2019 Robbie Harwood - 1.17-14- Add dns_canonicalize_hostname=fallback support
* Wed Apr 24 2019 Robbie Harwood - 1.17-13- Check more errors in OpenSSL crypto backend
* Mon Apr 22 2019 Robbie Harwood - 1.17-12- Fix potential close(-1) in cc_file.c
* Wed Apr 17 2019 Robbie Harwood - 1.17-11- Remove ovsec_adm_export and confvalidator
* Wed Apr 17 2019 Robbie Harwood - 1.17-10- Fix config realm change logic in FILE remove_cred
* Thu Apr 11 2019 Robbie Harwood - 1.17-9- Remove Kerberos v4 support vestiges (including ktany support)
* Thu Apr 11 2019 Robbie Harwood - 1.17-8- Implement krb5_cc_remove_cred for remaining types- Resolves: #1693836
* Mon Apr 01 2019 Robbie Harwood - 1.17-7- FIPS-aware SPAKE group negotiation
* Mon Feb 25 2019 Robbie Harwood - 1.17-6- Fix memory leak in \'none\' replay cache type- Silence a coverity warning while we\'re here.
* Fri Feb 01 2019 Robbie Harwood - 1.17-5- Update FIPS blocking for RC4
* Fri Feb 01 2019 Fedora Release Engineering - 1.17-4- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Thu Jan 17 2019 Robbie Harwood - 1.17-3- enctype logging and explicit_bzero()
* Tue Jan 08 2019 Robbie Harwood - 1.17-2- New upstream version (1.17)
* Fri Jan 04 2019 Robbie Harwood - 1.17-1.beta2.6- Use openssl\'s PRNG in FIPS mode
* Fri Jan 04 2019 Robbie Harwood - 1.17-1.beta2.5- Address some optimized-out memset() calls
* Thu Dec 20 2018 Robbie Harwood - 1.17-1.beta2.4- Remove incorrect KDC assertion
* Thu Dec 20 2018 Robbie Harwood - 1.17-1.beta2.3- Fix syntax on pkinit_anchors field in default krb5.conf
* Mon Dec 17 2018 Robbie Harwood - 1.17-1.beta2.2- Restore pdfs source file- Resolves: #1659716
* Thu Dec 06 2018 Robbie Harwood - 1.17-1.beta2.1- New upstream release (1.17-beta2)- Drop pdfs source file
* Thu Nov 29 2018 Robbie Harwood - 1.17-1.beta1.3- Add tests for KCM ccache type
* Mon Nov 12 2018 Robbie Harwood - 1.17-1.beta1.2- Gain FIPS awareness
* Thu Nov 08 2018 Robbie Harwood - 1.17-1.beta1.1- Fix spurious errors from kcmio_unix_socket_write- Resolves: #1645912
* Thu Nov 01 2018 Robbie Harwood - 1.17-0.beta1.1- New upstream beta release
* Wed Oct 24 2018 Robbie Harwood - 1.16.1-25- Update man pages to reference kerberos(7)- Resolves: #1143767
* Wed Oct 17 2018 Robbie Harwood - 1.16.1-24- Use port-sockets.h macros in cc_kcm, sendto_kdc- Resolves: #1631998
* Wed Oct 17 2018 Robbie Harwood - 1.16.1-23- Correct kpasswd_server description in krb5.conf(5)- Resolves: #1640272
* Mon Oct 15 2018 Robbie Harwood - 1.16.1-22- Prefer TCP to UDP for password changes- Resolves: #1637611
* Tue Oct 09 2018 Adam Williamson - 1.16.1-21- Revert the patch from -20 for now as it seems to make FreeIPA worse
* Tue Oct 02 2018 Robbie Harwood - 1.16.1-20- Fix bugs with concurrent use of MEMORY ccaches
* Wed Aug 01 2018 Robbie Harwood - 1.16.1-19- In FIPS mode, add plaintext fallback for RC4 usages and taint
* Thu Jul 26 2018 Robbie Harwood - 1.16.1-18- Fix k5test prompts for Python 3
* Thu Jul 19 2018 Robbie Harwood - 1.16.1-17- Remove outdated note in krb5kdc man page
* Thu Jul 19 2018 Robbie Harwood - 1.16.1-16- Make krb5kdc -p affect TCP ports
* Thu Jul 19 2018 Robbie Harwood - 1.16.1-15- Eliminate preprocessor-disabled dead code
* Wed Jul 18 2018 Robbie Harwood - 1.16.1-14- Fix some broken tests for Python 3
* Mon Jul 16 2018 Robbie Harwood - 1.16.1-13- Zap copy of secret in RC4 string-to-key
* Thu Jul 12 2018 Robbie Harwood - 1.16.1-12- Convert Python tests to Python 3
* Wed Jul 11 2018 Robbie Harwood - 1.16.1-11- Add build dependency on gcc
* Tue Jul 10 2018 Robbie Harwood - 1.16.1-10- Use SHA-256 instead of MD5 for audit ticket IDs
* Fri Jul 06 2018 Robbie Harwood - 1.16.1-9- Add BuildRequires on python2 so we can run tests at build-time
* Fri Jul 06 2018 Robbie Harwood - 1.16.1-8- Explicitly look for python2 in configure.in
* Thu Jun 14 2018 Robbie Harwood - 1.16.1-7- Add flag to disable encrypted timestamp on client
* Thu Jun 14 2018 Robbie Harwood - 1.16.1-6- Switch to python3-sphinx for docs- Resolves: #1590928
* Thu Jun 14 2018 Robbie Harwood - 1.16.1-5- Make docs build python3-compatible- Resolves: #1590928
* Thu Jun 07 2018 Robbie Harwood - 1.16.1-4- Update includedir processing to match upstream
* Fri Jun 01 2018 Robbie Harwood - 1.16.1-3- Log when non-root ksu authorization fails- Resolves: #1575771
* Fri May 04 2018 Robbie Harwood - 1.16.1-2- Remove \"-nodes\" option from make-certs scripts
* Fri May 04 2018 Robbie Harwood - 1.16.1-1- New upstream release - 1.16.1
* Thu May 03 2018 Robbie Harwood - 1.16-27- Fix configuration of default ccache name to match file indentation
* Mon Apr 30 2018 Robbie Harwood - 1.16-26- Set error message on KCM get_princ failure
* Mon Apr 30 2018 Robbie Harwood - 1.16-25- Set error message on KCM get_princ failure
* Tue Apr 24 2018 Robbie Harwood - 1.16-24- Fix KDC null dereference on large TGS replies
* Mon Apr 23 2018 Robbie Harwood - 1.16-23- Explicitly use openssl rather than builtin crypto- Resolves: #1570910
* Tue Apr 17 2018 Robbie Harwood - 1.16-22- Merge duplicate subsections in profile library
* Mon Apr 09 2018 Robbie Harwood - 1.16-21- Restrict pre-authentication fallback cases
* Tue Apr 03 2018 Robbie Harwood - 1.16-20- Be more careful asking for AS key in SPAKE client
* Mon Apr 02 2018 Robbie Harwood - 1.16-19- Zap data when freeing krb5_spake_factor
* Thu Mar 29 2018 Robbie Harwood - 1.16-18- Continue after KRB5_CC_END in KCM cache iteration
* Tue Mar 27 2018 Robbie Harwood - 1.16-17- Fix SPAKE memory leak
* Tue Mar 27 2018 Robbie Harwood - 1.16-16- Fix gitignore problem with previous patchset
* Tue Mar 27 2018 Robbie Harwood - 1.16-15- Add SPAKE support- Improve protections on internal sensitive buffers- Improve internal hex encoding/decoding
* Tue Mar 20 2018 Robbie Harwood - 1.16-14- Fix problem with ccache_name logic in previous build
* Tue Mar 20 2018 Robbie Harwood - 1.16-13- Add pkinit_anchors default value to krb5.conf- Reindent krb5.conf to not be terrible
* Tue Mar 20 2018 Robbie Harwood - 1.16-12- Log preauth names in trace output- Misc bugfixes from upstream
* Mon Mar 19 2018 Robbie Harwood - 1.16-11- Add PKINIT KDC support for freshness token
* Wed Mar 14 2018 Robbie Harwood - 1.16-10- Exit with status 0 from kadmind
* Tue Mar 13 2018 Robbie Harwood - 1.16-9- Fix hex conversion of PKINIT certid strings
* Wed Mar 07 2018 Robbie Harwood - 1.16-8- Fix capaths \".\" values on client- Resolves: 1551099
* Tue Feb 13 2018 Robbie Harwood - 1.16-7- Fix flaws in LDAP DN checking- CVE-2018-5729, CVE-2018-5730
* Mon Feb 12 2018 Robbie Harwood - 1.16-6- Fix a leak in the previous commit- Restore dist macro that was accidentally removed- Resolves: #1540939
* Wed Feb 07 2018 Fedora Release Engineering - 1.16-5- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Sat Feb 03 2018 Igor Gnatenko - 1.16-4- Switch to %ldconfig_scriptlets
* Mon Jan 29 2018 Robbie Harwood - 1.16-3- Process included directories in alphabetical order
* Tue Dec 12 2017 Robbie Harwood - 1.16-2- Fix network service dependencies- Resolves: #1525230
* Wed Dec 06 2017 Robbie Harwood - 1.16-1- New upstream release (1.16)- No changes from beta2
* Mon Nov 27 2017 Robbie Harwood - 1.16-0.beta2.1- New upstream prerelease (1.16-beta2)
* Tue Oct 24 2017 Robbie Harwood - 1.16-0.beta1.4- Fix CVE-2017-15088 (Buffer overflow in get_matching_data())
* Mon Oct 23 2017 Robbie Harwood - 1.16-0.beta1.3- Drop dependency on python2-pyrad (dead upstream, broken with new python)
* Mon Oct 09 2017 Robbie Harwood - 1.16-0.beta1.2- Actually bump kdbversion like I was supposed to
* Thu Oct 05 2017 Robbie Harwood - 1.16-0.beta1.1- New upstream prerelease (1.16-beta1)
* Thu Sep 28 2017 Robbie Harwood - 1.15.2-2- Add German translation
  
ICM