SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for krb5-devel-1.18.2-29.fc32.i686.rpm :

* Thu Nov 05 2020 Robbie Harwood - 1.18.2-29- Add recursion limit for ASN.1 indefinite lengths (CVE-2020-28196)
* Fri Oct 23 2020 Robbie Harwood - 1.18.2-28- Fix minor static analysis defects
* Wed Oct 21 2020 Robbie Harwood - 1.18.2-27- Fix build of previous
* Wed Oct 21 2020 Robbie Harwood - 1.18.2-26- Cross-realm s4u fixes for samba (#1836630)
* Thu Oct 15 2020 Robbie Harwood - 1.18.2-25- Unify kvno option documentation
* Fri Oct 02 2020 Robbie Harwood - 1.18.2-24- Add md5 override to krad
* Thu Sep 10 2020 Robbie Harwood - 1.18.2-23- Use `systemctl reload` to HUP the KDC during logrotate- Resolves: #1877692
* Wed Sep 09 2020 Robbie Harwood - 1.18.2-22- Fix input length checking in SPNEGO DER decoding
* Fri Aug 28 2020 Robbie Harwood - 1.18.2-21- Mark crypto-polices snippet as missingok- Resolves: #1868379
* Thu Aug 13 2020 Robbie Harwood - 1.18.2-20- Temporarily dns_canonicalize_hostname=fallback changes- Hopefully unbreak IPA while we debug further
* Fri Aug 07 2020 Robbie Harwood - 1.18.2-19- Expand dns_canonicalize_hostname=fallback support
* Tue Aug 04 2020 Robbie Harwood - 1.18.2-18- Fix leak in KERB_AP_OPTIONS_CBT server support
* Mon Aug 03 2020 Robbie Harwood - 1.18.2-17- Revert qualify_shortname removal
* Mon Aug 03 2020 Robbie Harwood - 1.18.2-16- Disable tests on s390x- Resolves: #1863952
* Sat Aug 01 2020 Fedora Release Engineering - 1.18.2-15- Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Fri Jul 31 2020 Robbie Harwood - 1.18.2-14- Revert qualify_shortname changes
* Tue Jul 28 2020 Fedora Release Engineering - 1.18.2-13- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jul 22 2020 Robbie Harwood - 1.18.2-12- Ignore bad enctypes in krb5_string_to_keysalts()- Allow gss_unwrap_iov() of unpadded RC4 tokens
* Wed Jul 15 2020 Robbie Harwood - 1.18.2-11- Ignore bad enctypes in krb5_string_to_keysalts()
* Wed Jul 08 2020 Robbie Harwood - 1.18.2-10- Set qualify_shortname empty in default configuration- Resolves: #1852041
* Mon Jun 15 2020 Robbie Harwood - 1.18.2-9- Use two queues for concurrent t_otp.py daemons
* Mon Jun 15 2020 Robbie Harwood - 1.18.2-8- Match Heimdal behavior for channel bindings
* Mon Jun 08 2020 Robbie Harwood - 1.18.2-7- Fix test suite by removing wrapper workarounds
* Mon Jun 08 2020 Robbie Harwood - 1.18.2-6- Omit PA_FOR_USER if we can\'t compute its checksum
* Sat May 30 2020 Robbie Harwood - 1.18.2-5- Replace gssrpc tests with a Python script
* Sat May 30 2020 Robbie Harwood - 1.18.2-4- Default dns_canonicalize_hostname to \"fallback\"
* Tue May 26 2020 Robbie Harwood - 1.18.2-3- dns_canonicalize_hostname = fallback
* Tue May 26 2020 Robbie Harwood - 1.18.2-2- Pass channel bindings through SPNEGO
* Fri May 22 2020 Robbie Harwood - 1.18.2-1- New upstream release (1.18.2)
* Fri May 22 2020 Robbie Harwood - 1.18.1-6- Fix SPNEGO acceptor mech filtering
* Mon May 18 2020 Robbie Harwood - 1.18.1-5- Fix typo (\"in in\") in the ksu man page
* Fri May 08 2020 Robbie Harwood - 1.18.1-4- Omit KDC indicator check for S4U2Self requests
* Tue Apr 28 2020 Robbie Harwood - 1.18.1-3- Pass gss_localname() through SPNEGO
* Tue Apr 14 2020 Robbie Harwood - 1.18-1.1- Drop yasm requirement since we don\'t use builtin crypto
* Tue Apr 14 2020 Robbie Harwood - 1.18.1-1- New upstream version (1.18.1)
* Tue Apr 07 2020 Robbie Harwood - 1.18-12- Make ksu honor KRB5CCNAME again
* Thu Apr 02 2020 Robbie Harwood - 1.18-11- Do expiration warnings for all init_creds APIs
* Wed Apr 01 2020 Robbie Harwood - 1.18-10- Correctly import \"serviceAATT\" GSS host-based name
* Thu Mar 26 2020 Robbie Harwood - 1.18-9- Eliminate redundant PKINIT responder invocation
* Thu Mar 26 2020 Robbie Harwood - 1.18-8- Add finalization safety check to com_err
* Fri Mar 20 2020 Robbie Harwood - 1.18-7- Add maximum openssl version in preparation for openssl 3
* Tue Mar 17 2020 Robbie Harwood - 1.18-6- Document client keytab usage
* Tue Mar 03 2020 Robbie Harwood - 1.18-5- Refresh manually acquired creds from client keytab
* Fri Feb 28 2020 Robbie Harwood - 1.18-4- Allow deletion of require_auth with LDAP KDB
* Thu Feb 27 2020 Robbie Harwood - 1.18-3- Allow certauth modules to set hw-authent flag
* Fri Feb 21 2020 Robbie Harwood - 1.18-2- Fix AS-REQ checking of KDB-modified indicators
* Wed Feb 12 2020 Robbie Harwood - 1.18-1- New upstream version (1.18)
* Fri Feb 07 2020 Robbie Harwood - 1.18-0.beta2.3- Don\'t assume OpenSSL failures are memory errors
* Thu Feb 06 2020 Robbie Harwood - 1.18-0.beta2.2- Put KDB authdata first
* Fri Jan 31 2020 Robbie Harwood - 1.18-0.beta2.1- New upstream beta release - 1.18-beta2- Adjust naming convention for downstream patches
* Fri Jan 10 2020 Robbie Harwood - 1.18-0.beta1.1- New upstream beta release - 1.18-beta1
* Wed Jan 08 2020 Robbie Harwood - 1.17.1-5- Fix LDAP policy enforcement of pw_expiration- Fix handling of invalid CAMMAC service verifier
* Mon Jan 06 2020 Robbie Harwood - 1.17.1-4- Fix xdr_bytes() strict-aliasing violations
* Fri Jan 03 2020 Robbie Harwood - 1.17.1-3- Don\'t warn in kadmin when no policy is specified- Do not always canonicalize enterprise principals
* Fri Dec 13 2019 Robbie Harwood - 1.17.1-2- Enable the LMDB backend for the KDB
* Thu Dec 12 2019 Robbie Harwood - 1.17.1-1- New upstream version - 1.17.1- Stop building and packaging PDFs
* Fri Dec 06 2019 Robbie Harwood - 1.17-54- Qualify short hostnames when not using DNS
* Wed Nov 27 2019 Robbie Harwood - 1.17-53- Various gssalloc fixes
* Thu Nov 21 2019 Robbie Harwood - 1.17-52- Turns out openssl has an epoch
* Wed Nov 20 2019 Robbie Harwood - 1.17-51- Fix runtime openssl version to actually propogate
* Wed Nov 20 2019 Robbie Harwood - 1.17-50- Add runtime openssl version requirement too
* Wed Nov 20 2019 Robbie Harwood - 1.17-49- Fix kadmin addprinc -randkey -kvno
* Tue Nov 19 2019 Robbie Harwood - 1.17-48- Use OpenSSL\'s backported KDFs- Restore MD4 in FIPS mode (for samba)
* Fri Nov 08 2019 Robbie Harwood - 1.17-47- Add default_principal_flags to example kdc.conf
* Wed Oct 02 2019 Robbie Harwood - 1.17-46- Log unknown enctypes as unsupported in KDC
* Wed Sep 25 2019 Robbie Harwood - 1.17-45- Fix KDC crash when logging PKINIT enctypes (CVE-2019-14844)
* Thu Sep 12 2019 Robbie Harwood - 1.17-44- Static analyzer appeasement
* Tue Aug 27 2019 Robbie Harwood - 1.17-43- Simplify krb5_dbe_def_search_enctype()
* Thu Aug 22 2019 Robbie Harwood - 1.17-42- Update FIPS patches to remove SPAKE
* Thu Aug 15 2019 Robbie Harwood - 1.17-41- Fix KCM client time offset propagation
* Fri Aug 09 2019 Robbie Harwood - 1.17-40- Initialize life/rlife in kdcpolicy interface
* Tue Aug 06 2019 Robbie Harwood - 1.17-39- Fix memory leaks in soft-pkcs11 code
* Tue Jul 30 2019 Robbie Harwood - 1.17-38- Add soft-pkcs11 and use it for testing
* Thu Jul 25 2019 Fedora Release Engineering - 1.17-37- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Thu Jul 18 2019 Robbie Harwood - 1.17-36- Filter enctypes in gss_set_allowable_enctypes()
* Mon Jul 15 2019 Robbie Harwood - 1.17-35- Don\'t error on invalid enctypes in keytab- Resolves: #1724380
* Tue Jul 02 2019 Robbie Harwood - 1.17-34- Remove now-unused checksum functions
* Wed Jun 26 2019 Robbie Harwood - 1.17-33- Fix typo in 3des commit
* Wed Jun 26 2019 Robbie Harwood - 1.17-32- Remove PKINIT draft9 support (compat with EOL, pre-2008 Windows)
* Mon Jun 10 2019 Robbie Harwood - 1.17-31- Remove strerror() calls from k5_get_error()
* Fri Jun 07 2019 Robbie Harwood - 1.17-30- Remove 3des from kdc.conf example
* Mon Jun 03 2019 Robbie Harwood - 1.17-29- Remove 3DES support
* Mon Jun 03 2019 Robbie Harwood - 1.17-28- Remove 3des support
* Thu May 30 2019 Robbie Harwood - 1.17-27- Remove krb5int_c_combine_keys() and no-flags SAM-2 preauth
* Tue May 28 2019 Robbie Harwood - 1.17-26- Remove support for single-DES and CRC
* Wed May 22 2019 Robbie Harwood - 1.17-25- Add missing newlines to deprecation warnings- Switch to upstream\'s ksu path patch
* Tue May 21 2019 Robbie Harwood - 1.17-24- Update default krb5kdc mkey manual-entry enctype- Also update account lockout patch to upstream version
* Mon May 20 2019 Robbie Harwood - 1.17-23- Test & docs fixes in preparation for DES removal
* Wed May 15 2019 Robbie Harwood - 1.17-22- Drop krb5_realm_compare() etc. NULL check patches
* Wed May 15 2019 Robbie Harwood - 1.17-21- Re-provide krb5-kdb-version in -devel as well (IPA wants it)
* Tue May 14 2019 Robbie Harwood - 1.17-20- (Patch consolidation; hopefully no changes)
* Tue May 14 2019 Robbie Harwood - 1.17-19- Remove checksum type profile variables
* Fri May 10 2019 Robbie Harwood - 1.17-18- Pull in 2019-05-02 static analysis updates
* Fri May 03 2019 Robbie Harwood - 1.17-17- Move krb5-kdb-version provide into krb5-server for freeipa
* Wed May 01 2019 Robbie Harwood - 1.17-16- Use secure_getenv() where appropriate
* Wed Apr 24 2019 Robbie Harwood - 1.17-15- Fix us up real nice with rpmlint
* Wed Apr 24 2019 Robbie Harwood - 1.17-14- Add dns_canonicalize_hostname=fallback support
* Wed Apr 24 2019 Robbie Harwood - 1.17-13- Check more errors in OpenSSL crypto backend
* Mon Apr 22 2019 Robbie Harwood - 1.17-12- Fix potential close(-1) in cc_file.c
* Wed Apr 17 2019 Robbie Harwood - 1.17-11- Remove ovsec_adm_export and confvalidator
* Wed Apr 17 2019 Robbie Harwood - 1.17-10- Fix config realm change logic in FILE remove_cred
* Thu Apr 11 2019 Robbie Harwood - 1.17-9- Remove Kerberos v4 support vestiges (including ktany support)
* Thu Apr 11 2019 Robbie Harwood - 1.17-8- Implement krb5_cc_remove_cred for remaining types- Resolves: #1693836
* Mon Apr 01 2019 Robbie Harwood - 1.17-7- FIPS-aware SPAKE group negotiation
* Mon Feb 25 2019 Robbie Harwood - 1.17-6- Fix memory leak in \'none\' replay cache type- Silence a coverity warning while we\'re here.
* Fri Feb 01 2019 Robbie Harwood - 1.17-5- Update FIPS blocking for RC4
* Fri Feb 01 2019 Fedora Release Engineering - 1.17-4- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Thu Jan 17 2019 Robbie Harwood - 1.17-3- enctype logging and explicit_bzero()
* Tue Jan 08 2019 Robbie Harwood - 1.17-2- New upstream version (1.17)
* Fri Jan 04 2019 Robbie Harwood - 1.17-1.beta2.6- Use openssl\'s PRNG in FIPS mode
* Fri Jan 04 2019 Robbie Harwood - 1.17-1.beta2.5- Address some optimized-out memset() calls
* Thu Dec 20 2018 Robbie Harwood - 1.17-1.beta2.4- Remove incorrect KDC assertion
* Thu Dec 20 2018 Robbie Harwood - 1.17-1.beta2.3- Fix syntax on pkinit_anchors field in default krb5.conf
* Mon Dec 17 2018 Robbie Harwood - 1.17-1.beta2.2- Restore pdfs source file- Resolves: #1659716
* Thu Dec 06 2018 Robbie Harwood - 1.17-1.beta2.1- New upstream release (1.17-beta2)- Drop pdfs source file
* Thu Nov 29 2018 Robbie Harwood - 1.17-1.beta1.3- Add tests for KCM ccache type
* Mon Nov 12 2018 Robbie Harwood - 1.17-1.beta1.2- Gain FIPS awareness
* Thu Nov 08 2018 Robbie Harwood - 1.17-1.beta1.1- Fix spurious errors from kcmio_unix_socket_write- Resolves: #1645912
 
ICM