buildservice-autocommit accepted request 1185764 from Samuel Cabrero (scabrero) 5 months ago (revision 290)

baserev update by copy to link target

• Files Changed
• Browse Source

Dirk Mueller (dirkmueller) accepted request 1184896 from Samuel Cabrero (scabrero) 5 months ago (revision 289)

- Update to 1.21.3
  * Fix vulnerabilities in GSS message token handling:
    * CVE-2024-37370, bsc#1227186
    * CVE-2024-37371, bsc#1227187
  * Fix a potential bad pointer free in krb5_cccol_have_contents()
  * Fix a memory leak in the macOS ccache type
- Update patch 0009-Fix-three-memory-leaks.patch

• Files Changed
• Browse Source

buildservice-autocommit accepted request 1175448 from Samuel Cabrero (scabrero) 7 months ago (revision 288)

baserev update by copy to link target

• Files Changed
• Browse Source

Samuel Cabrero (scabrero) accepted request 1174873 from Samuel Cabrero (scabrero) 7 months ago (revision 287)

    [CVE-2023-36054]; (bsc#1214054).

• Files Changed
• Browse Source

buildservice-autocommit accepted request 1173900 from Samuel Cabrero (scabrero) 7 months ago (revision 286)

baserev update by copy to link target

• Files Changed
• Browse Source

Samuel Cabrero (scabrero) accepted request 1173687 from Andreas Schneider (gladiac) 7 months ago (revision 285)

- Enable the LMDB backend for KDB

• Files Changed
• Browse Source

buildservice-autocommit accepted request 1171363 from Samuel Cabrero (scabrero) 7 months ago (revision 284)

baserev update by copy to link target

• Files Changed
• Browse Source

Samuel Cabrero (scabrero) accepted request 1171347 from Thorsten Kukuk (kukuk) 7 months ago (revision 283)

- Remove requires for not used cron

• Files Changed
• Browse Source

Dirk Mueller (dirkmueller) accepted request 1169845 from Samuel Cabrero (scabrero) 7 months ago (revision 282)

- Fix memory leaks, add patch 0009-Fix-three-memory-leaks.patch
  * CVE-2024-26458, bsc#1220770
  * CVE-2024-26461, bsc#1220771
  * CVE-2024-26462, bsc#1220772

• Files Changed
• Browse Source

buildservice-autocommit accepted request 1156860 from Samuel Cabrero (scabrero) 8 months ago (revision 281)

baserev update by copy to link target

• Files Changed
• Browse Source

Samuel Cabrero (scabrero) accepted request 1153219 from Pedro Monreal Gonzalez (pmonrealgonzalez) 9 months ago (revision 280)

- Add crypto-policies support [bsc#1211301]
  * Update krb5.conf in vendor-files.tar.bz2

- Add crypto-policies support [bsc#1211301]
  * Update krb5.conf in vendor-files.tar.bz2

• Files Changed
• Browse Source

buildservice-autocommit accepted request 1134351 from Dirk Mueller (dirkmueller) 12 months ago (revision 279)

baserev update by copy to link target

• Files Changed
• Browse Source

Dirk Mueller (dirkmueller) committed 12 months ago (revision 278)

- update to 1.21.2 (bsc#1218211, CVE-2023-39975):
  * Fix double-free in KDC TGS processing [CVE-2023-39975].
- update to 1.21.1 (CVE-2023-36054):
    with Windows KDCs.

• Files Changed
• Browse Source

buildservice-autocommit accepted request 1114991 from Samuel Cabrero (scabrero) about 1 year ago (revision 277)

baserev update by copy to link target

• Files Changed
• Browse Source

Samuel Cabrero (scabrero) accepted request 1114983 from Dominique Leuenberger (dimstar) about 1 year ago (revision 276)

- Add explicit this-is-only-for-build-envs requires to krb5-mini
  and krb5-mini-devel: the mini flavors are currently excluded
  using special hacks from the FTP Tree. In order to eliminate this
  hack, we need to ensure the packages are not viable for real
  installations. We achieve this with a dep that is never provided,
  but ignored by OBS.

• Files Changed
• Browse Source

buildservice-autocommit accepted request 1098841 from Dirk Mueller (dirkmueller) over 1 year ago (revision 275)

baserev update by copy to link target

• Files Changed
• Browse Source

Dirk Mueller (dirkmueller) committed over 1 year ago (revision 274)

- update to 1.121.1 (CVE-2023-36054):
  * Fix potential uninitialized pointer free in kadm5 XDR parsing
    [CVE-2023-36054].
  * Added a credential cache type providing compatibility with
    the macOS 11 native credential cache.
  * libkadm5 will use the provided krb5_context object to read
    configuration values, instead of creating its own.
  * Added an interface to retrieve the ticket session key
    from a GSS context.
  * The KDC will no longer issue tickets with RC4 or triple-DES
    session keys unless explicitly configured with the new
    allow_rc4 or allow_des3 variables respectively.
  * The KDC will assume that all services can handle aes256-sha1
    session keys unless the service principal has a
    session_enctypes string attribute.
  * Support for PAC full KDC checksums has been added to
    mitigate an S4U2Proxy privilege escalation attack.
  * The PKINIT client will advertise a more modern set
    of supported CMS algorithms.
  * Removed unused code in libkrb5, libkrb5support,
    and the PKINIT module.
  * Modernized the KDC code for processing TGS requests,
    the code for encrypting and decrypting key data,
    the PAC handling code, and the GSS library packet
    parsing and composition code.
  * Improved the test framework's detection of memory
    errors in daemon processes when used with asan.

• Files Changed
• Browse Source

buildservice-autocommit accepted request 1084720 from Dirk Mueller (dirkmueller) over 1 year ago (revision 273)

baserev update by copy to link target

• Files Changed
• Browse Source

Dirk Mueller (dirkmueller) accepted request 1084716 from Frederic Crozat (fcrozat) over 1 year ago (revision 272)

- Add _multibuild to define additional spec files as additional
  flavors.
  Eliminates the need for source package links in OBS.

- Add _multibuild to define additional spec files as additional
  flavors.
  Eliminates the need for source package links in OBS.

• Files Changed
• Browse Source

buildservice-autocommit accepted request 1074019 from Samuel Cabrero (scabrero) over 1 year ago (revision 271)

baserev update by copy to link target

• Files Changed
• Browse Source