MIT Kerberos5 Implementation--Libraries

Edit Package krb5

Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of clear text passwords.

Refresh
Refresh
Source Files
Filename Size Changed
0001-ksu-pam-integration.patch 0000022537 22 KB
0002-krb5-1.9-manpaths.patch 0000000976 976 Bytes
0003-Adjust-build-configuration.patch 0000003503 3.42 KB
0004-krb5-1.6.3-gssapi_improve_errormessages.patch 0000001058 1.03 KB
0005-krb5-1.6.3-ktutil-manpage.patch 0000001043 1.02 KB
0006-krb5-1.12-api.patch 0000001455 1.42 KB
0007-SELinux-integration.patch 0000032806 32 KB
0008-krb5-1.9-debuginfo.patch 0000001537 1.5 KB
_multibuild 0000000059 59 Bytes
baselibs.conf 0000000094 94 Bytes
krb5-1.21.1.tar.gz 0008623049 8.22 MB
krb5-1.21.1.tar.gz.asc 0000000833 833 Bytes
krb5-mini.changes 0000085879 83.9 KB
krb5-mini.spec 0000012221 11.9 KB
krb5-rpmlintrc 0000000434 434 Bytes
krb5.changes 0000090861 88.7 KB
krb5.keyring 0000003900 3.81 KB
krb5.spec 0000017536 17.1 KB
krb5.tmpfiles 0000000452 452 Bytes
ksu-pam.d 0000000329 329 Bytes
vendor-files.tar.bz2 0000182614 178 KB
Revision 167 (latest revision is 174)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1098841 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 167)
- update to 1.121.1 (CVE-2023-36054):
  * Fix potential uninitialized pointer free in kadm5 XDR parsing
    [CVE-2023-36054].
  * Added a credential cache type providing compatibility with
    the macOS 11 native credential cache.
  * libkadm5 will use the provided krb5_context object to read
    configuration values, instead of creating its own.
  * Added an interface to retrieve the ticket session key
    from a GSS context.
  * The KDC will no longer issue tickets with RC4 or triple-DES
    session keys unless explicitly configured with the new
    allow_rc4 or allow_des3 variables respectively.
  * The KDC will assume that all services can handle aes256-sha1
    session keys unless the service principal has a
    session_enctypes string attribute.
  * Support for PAC full KDC checksums has been added to
    mitigate an S4U2Proxy privilege escalation attack.
  * The PKINIT client will advertise a more modern set
    of supported CMS algorithms.
  * Removed unused code in libkrb5, libkrb5support,
    and the PKINIT module.
  * Modernized the KDC code for processing TGS requests,
    the code for encrypting and decrypting key data,
    the PAC handling code, and the GSS library packet
    parsing and composition code.
  * Improved the test framework's detection of memory
    errors in daemon processes when used with asan.
Comments 2

Samu Voutilainen's avatar

Hi,

You may want to update krb5-server.logrotate file inside vendor-files.tar.bz2 to reload using systemd instead of /etc/init.d/ scripts. At least on my setup I have no legacy init.d scripts available.

For what it’s worth, this also applies to Leap 15.1 and probably 15.2.


Samuel Cabrero's avatar

Hi,

it is pending for approval https://build.opensuse.org/request/show/812027

The updates for Leap will follow soon.

Thanks

openSUSE Build Service is sponsored by