-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2013-19886 2013-10-25 00:28:09 --------------------------------------------------------------------------------
Name : krb5 Product : Fedora 19 Version : 1.11.3 Release : 10.fc19 URL : http://web.mit.edu/kerberos/www/ Summary : The Kerberos network authentication system Description : Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of sending passwords over the network in unencrypted form. -------------------------------------------------------------------------------- Update Information: This update collects a number of backported bug fixes: * Packaging: create and own the /etc/gss directory. * GSSAPI: backported fix for importing of previously-exported credentials. * PKINIT: use the application-provided callback to ask for the password for encrypted private keys. * KDC: allow a kdb plugin to be authoritative when checking the list of transited paths. -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 24 2013 Nalin Dahyabhai <[email protected]> - 1.11.3-10 - add some minimal description to the top of the wrapper scripts we use when starting krb5kdc and kadmind to describe why they exist (tooling) - create and own /etc/gss (#1019937) - pull up fix for importing previously-exported credential caches in the gssapi library (RT# 7706, #1019420) - backport the callback to use the libkrb5 prompter when we can't load PEM files for PKINIT (RT#7590, includes part of #965721/#1016690) - extract the rest of the fix #965721/#1016690 from the changes for RT#7680 - pull up fix for not calling a kdb plugin's check-transited-path method before calling the library's default version, which only knows how to read what's in the configuration file (RT#7709, #1013664) - configure --without-krb5-config so that we don't pull in the old default ccache name when we want to stop setting a default ccache name at configure- time * Fri Aug 23 2013 Nalin Dahyabhai <[email protected]> 1.11.3-9 - take another stab at accounting for UnversionedDocdirs for the -libs subpackage (spotted by ssorce) - switch to just the snapshot of nss_wrapper we were using, since we no longer need to carry anything that isn't in the cwrap.org repository (ssorce) * Thu Aug 15 2013 Nalin Dahyabhai <[email protected]> 1.11.3-8 - drop a patch we weren't not applying (build tooling) - wrap kadmind and kpropd in scripts which check for the presence/absence of files which dictate particular exit codes before exec'ing the actual binaries, instead of trying to use ConditionPathExists in the unit files to accomplish that, so that we exit with failure properly when what we expect isn't actually in effect on the system (#800343) * Mon Jul 29 2013 Nalin Dahyabhai <[email protected]> 1.11.3-7 - attempt to account for UnversionedDocdirs for the -libs subpackage * Fri Jul 26 2013 Nalin Dahyabhai <[email protected]> 1.11.3-6 - tweak configuration files used during tests to try to reduce the number of conflicts encountered when builds for multiple arches land on the same builder * Mon Jul 22 2013 Nalin Dahyabhai <[email protected]> 1.11.3-5 - pull up changes to allow GSSAPI modules to provide more functions (RT#7682, #986564/#986565) * Fri Jul 19 2013 Nalin Dahyabhai <[email protected]> 1.11.3-4 - use (a bundled, for now, copy of) nss_wrapper to let us run some of the self-tests at build-time in more places than we could previously (#978756) - cover inconsistencies in whether or not there's a local caching nameserver that's willing to answer when the build environment doesn't have a resolver configuration, so that nss_wrapper's faking of the local hostname can be complete * Mon Jul 1 2013 Nalin Dahyabhai <[email protected]> 1.11.3-3 - specify dependencies on the same arch of krb5-libs by using the %{?_isa} suffix, to avoid dragging 32-bit libraries onto 64-bit systems (#980155) * Thu Jun 13 2013 Nalin Dahyabhai <[email protected]> 1.11.3-2 - special-case /run/user/0, attempting to create it when resolving a directory cache below it fails due to ENOENT and we find that it doesn't already exist, either, before attempting to create the directory cache (maybe helping, maybe just making things more confusing for #961235) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1019937 - krb5-libs should own /etc/gss directory https://bugzilla.redhat.com/show_bug.cgi?id=1019937 [ 2 ] Bug #1019420 - Backport fix for broken import_cred function https://bugzilla.redhat.com/show_bug.cgi?id=1019420 [ 3 ] Bug #1013664 - Add fix for MIT ticket #7709 https://bugzilla.redhat.com/show_bug.cgi?id=1013664 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update krb5' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-announce
