Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2022-06-18 22:05:50 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new.1548 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "krb5" Sat Jun 18 22:05:50 2022 rev:160 rq:981266 version:1.20 Changes: -------- --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2022-02-07 23:36:48.370964298 +0100 +++ /work/SRC/openSUSE:Factory/.krb5.new.1548/krb5-mini.changes 2022-06-18 22:05:56.287634652 +0200 @@ -1,0 +2,36 @@ +Sun May 29 19:14:02 UTC 2022 - Dirk M??ller <[email protected]> + +- update to 1.20.0: + * Added a "disable_pac" realm relation to suppress adding PAC authdata + to tickets, for realms which do not need to support S4U requests. + * Most credential cache types will use atomic replacement when a cache + is reinitialized using kinit or refreshed from the client keytab. + * kprop can now propagate databases with a dump size larger than 4GB, + if both the client and server are upgraded. + * kprop can now work over NATs that change the destination IP address, + if the client is upgraded. + * Updated the KDB interface. The sign_authdata() method is replaced + with the issue_pac() method, allowing KDB modules to add logon info + and other buffers to the PAC issued by the KDC. + * Host-based initiator names are better supported in the GSS krb5 + mechanism. + * Replaced AD-SIGNEDPATH authdata with minimal PACs. + * To avoid spurious replay errors, password change requests will not + be attempted over UDP until the attempt over TCP fails. + * PKINIT will sign its CMS messages with SHA-256 instead of SHA-1. + * Updated all code using OpenSSL to be compatible with OpenSSL 3. + * Reorganized the libk5crypto build system to allow the OpenSSL + back-end to pull in material from the builtin back-end depending on + the OpenSSL version. + * Simplified the PRNG logic to always use the platform PRNG. + * Converted the remaining Tcl tests to Python. + +------------------------------------------------------------------- +Sat Apr 9 11:31:42 UTC 2022 - Dirk M??ller <[email protected]> + +- update to 1.19.3 (bsc#1189929, CVE-2021-37750): + * Fix a denial of service attack against the KDC [CVE-2021-37750]. + * Fix KDC null deref on TGS inner body null server + * Fix conformance issue in GSSAPI tests + +------------------------------------------------------------------- --- /work/SRC/openSUSE:Factory/krb5/krb5.changes 2022-04-23 19:44:54.414907753 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new.1548/krb5.changes 2022-06-18 22:05:56.303634674 +0200 @@ -1,0 +2,28 @@ +Sun May 29 19:14:02 UTC 2022 - Dirk M??ller <[email protected]> + +- update to 1.20.0: + * Added a "disable_pac" realm relation to suppress adding PAC authdata + to tickets, for realms which do not need to support S4U requests. + * Most credential cache types will use atomic replacement when a cache + is reinitialized using kinit or refreshed from the client keytab. + * kprop can now propagate databases with a dump size larger than 4GB, + if both the client and server are upgraded. + * kprop can now work over NATs that change the destination IP address, + if the client is upgraded. + * Updated the KDB interface. The sign_authdata() method is replaced + with the issue_pac() method, allowing KDB modules to add logon info + and other buffers to the PAC issued by the KDC. + * Host-based initiator names are better supported in the GSS krb5 + mechanism. + * Replaced AD-SIGNEDPATH authdata with minimal PACs. + * To avoid spurious replay errors, password change requests will not + be attempted over UDP until the attempt over TCP fails. + * PKINIT will sign its CMS messages with SHA-256 instead of SHA-1. + * Updated all code using OpenSSL to be compatible with OpenSSL 3. + * Reorganized the libk5crypto build system to allow the OpenSSL + back-end to pull in material from the builtin back-end depending on + the OpenSSL version. + * Simplified the PRNG logic to always use the platform PRNG. + * Converted the remaining Tcl tests to Python. + +------------------------------------------------------------------- Old: ---- krb5-1.19.3.tar.gz krb5-1.19.3.tar.gz.asc New: ---- krb5-1.20.tar.gz krb5-1.20.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ krb5-mini.spec ++++++ --- /var/tmp/diff_new_pack.95FFrR/_old 2022-06-18 22:05:57.259636032 +0200 +++ /var/tmp/diff_new_pack.95FFrR/_new 2022-06-18 22:05:57.267636043 +0200 @@ -24,13 +24,13 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: krb5-mini -Version: 1.19.3 +Version: 1.20 Release: 0 Summary: MIT Kerberos5 implementation and libraries with minimal dependencies License: MIT URL: https://kerberos.org/dist/ -Source0: https://kerberos.org/dist/krb5/1.19/krb5-%{version}.tar.gz -Source1: https://kerberos.org/dist/krb5/1.19/krb5-%{version}.tar.gz.asc +Source0: https://kerberos.org/dist/krb5/1.20/krb5-%{version}.tar.gz +Source1: https://kerberos.org/dist/krb5/1.20/krb5-%{version}.tar.gz.asc Source2: krb5.keyring Source3: vendor-files.tar.bz2 Source4: baselibs.conf ++++++ krb5.spec ++++++ --- /var/tmp/diff_new_pack.95FFrR/_old 2022-06-18 22:05:57.291636078 +0200 +++ /var/tmp/diff_new_pack.95FFrR/_new 2022-06-18 22:05:57.295636083 +0200 @@ -21,13 +21,13 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: krb5 -Version: 1.19.3 +Version: 1.20 Release: 0 Summary: MIT Kerberos5 implementation License: MIT URL: https://kerberos.org/dist/ -Source0: https://kerberos.org/dist/krb5/1.19/krb5-%{version}.tar.gz -Source1: https://kerberos.org/dist/krb5/1.19/krb5-%{version}.tar.gz.asc +Source0: https://kerberos.org/dist/krb5/1.20/krb5-%{version}.tar.gz +Source1: https://kerberos.org/dist/krb5/1.20/krb5-%{version}.tar.gz.asc Source2: krb5.keyring Source3: vendor-files.tar.bz2 Source4: baselibs.conf ++++++ krb5-1.19.3.tar.gz -> krb5-1.20.tar.gz ++++++ /work/SRC/openSUSE:Factory/krb5/krb5-1.19.3.tar.gz /work/SRC/openSUSE:Factory/.krb5.new.1548/krb5-1.20.tar.gz differ: char 5, line 1
