krb5-1.21.3-4.1 RPM for riscv64

From OpenSuSE Ports Tumbleweed for riscv64

Kerberos V5 is a trusted-third-party network authentication system,
which can improve network security by eliminating the insecure
practice of clear text passwords.

Provides

• krb5
• config(krb5)
• krb5(riscv-64)
• libgssapi_krb5.so.2()(64bit)
• libgssapi_krb5.so.2(HIDDEN)(64bit)
• libgssapi_krb5.so.2(gssapi_krb5_2_MIT)(64bit)
• libgssrpc.so.4()(64bit)
• libgssrpc.so.4(HIDDEN)(64bit)
• libgssrpc.so.4(gssrpc_4_MIT)(64bit)
• libk5crypto.so.3()(64bit)
• libk5crypto.so.3(HIDDEN)(64bit)
• libk5crypto.so.3(k5crypto_3_MIT)(64bit)
• libkadm5clnt_mit.so.12()(64bit)
• libkadm5clnt_mit.so.12(HIDDEN)(64bit)
• libkadm5clnt_mit.so.12(kadm5clnt_mit_12_MIT)(64bit)
• libkadm5srv_mit.so.12()(64bit)
• libkadm5srv_mit.so.12(HIDDEN)(64bit)
• libkadm5srv_mit.so.12(kadm5srv_mit_12_MIT)(64bit)
• libkdb5.so.10()(64bit)
• libkdb5.so.10(HIDDEN)(64bit)
• libkdb5.so.10(kdb5_10_MIT)(64bit)
• libkrad.so.0()(64bit)
• libkrad.so.0(HIDDEN)(64bit)
• libkrad.so.0(krad_0_MIT)(64bit)
• libkrb5.so.3()(64bit)
• libkrb5.so.3(HIDDEN)(64bit)
• libkrb5.so.3(krb5_3_MIT)(64bit)
• libkrb5support.so.0()(64bit)
• libkrb5support.so.0(HIDDEN)(64bit)
• libkrb5support.so.0(krb5support_0_MIT)(64bit)

Requires

• /bin/sh
• /bin/sh
• /sbin/ldconfig
• /sbin/ldconfig
• config(krb5) = 1.21.3-4.1
• crypto-policies
• ld-linux-riscv64-lp64d.so.1()(64bit)
• ld-linux-riscv64-lp64d.so.1(GLIBC_2.27)(64bit)
• libc.so.6()(64bit)
• libc.so.6(GLIBC_2.27)(64bit)
• libc.so.6(GLIBC_2.33)(64bit)
• libc.so.6(GLIBC_2.34)(64bit)
• libc.so.6(GLIBC_2.38)(64bit)
• libcom_err.so.2()(64bit)
• libcrypto.so.3()(64bit)
• libcrypto.so.3(OPENSSL_3.0.0)(64bit)
• libgssapi_krb5.so.2()(64bit)
• libgssapi_krb5.so.2(gssapi_krb5_2_MIT)(64bit)
• libgssrpc.so.4()(64bit)
• libgssrpc.so.4(gssrpc_4_MIT)(64bit)
• libk5crypto.so.3()(64bit)
• libk5crypto.so.3(k5crypto_3_MIT)(64bit)
• libkdb5.so.10()(64bit)
• libkdb5.so.10(kdb5_10_MIT)(64bit)
• libkeyutils.so.1()(64bit)
• libkeyutils.so.1(KEYUTILS_0.3)(64bit)
• libkeyutils.so.1(KEYUTILS_1.0)(64bit)
• libkeyutils.so.1(KEYUTILS_1.5)(64bit)
• libkrb5.so.3()(64bit)
• libkrb5.so.3(krb5_3_MIT)(64bit)
• libkrb5support.so.0()(64bit)
• libkrb5support.so.0(krb5support_0_MIT)(64bit)
• libresolv.so.2()(64bit)
• libresolv.so.2(GLIBC_2.27)(64bit)
• libselinux.so.1()(64bit)
• libselinux.so.1(LIBSELINUX_1.0)(64bit)
• libssl.so.3()(64bit)
• libssl.so.3(OPENSSL_3.0.0)(64bit)
• libverto.so.1()(64bit)
• rpmlib(CompressedFileNames) <= 3.0.4-1
• rpmlib(FileDigests) <= 4.6.0-1
• rpmlib(PayloadFilesHavePrefix) <= 4.0-1
• rpmlib(PayloadIsZstd) <= 5.4.18-1

License

MIT

Changelog

* Wed Jul 02 2025 Stefan Schubert <schubi@suse.com>
  - Moved /etc/krb5.conf to /usr/etc/krb5.conf
    This patch (0011_usr_etc.patch) is upstream:
    https://github.com/krb5/krb5/pull/1437/
* Mon Apr 21 2025 Friedrich Haubensak <hsk17@mail.de>
  - add -std=gnu11 to CFLAGS to fix gcc15 compile time error, and to
    still allow build on Leap 15.6
* Thu Jan 30 2025 Samuel Cabrero <scabrero@suse.de>
  - Prevent overflow when calculating ulog block size. An authenticated
    attacker can cause kadmind to write beyond the end of the mapped
    region for the iprop log file, likely causing a process crash;
    (CVE-2025-24528); (bsc#1236619).
  - Add patch 0010-CVE-2025-24528.patch
* Mon Jul 01 2024 Samuel Cabrero <scabrero@suse.de>
  - Update to 1.21.3
    * Fix vulnerabilities in GSS message token handling:
    * CVE-2024-37370, bsc#1227186
    * CVE-2024-37371, bsc#1227187
    * Fix a potential bad pointer free in krb5_cccol_have_contents()
    * Fix a memory leak in the macOS ccache type
  - Update patch 0009-Fix-three-memory-leaks.patch
* Mon May 13 2024 Andreas Schneider <asn@cryptomilk.org>
  - Enable the LMDB backend for KDB
* Thu May 02 2024 Thorsten Kukuk <kukuk@suse.com>
  - Remove requires for not used cron
* Fri Mar 22 2024 Samuel Cabrero <scabrero@suse.de>
  - Fix memory leaks, add patch 0009-Fix-three-memory-leaks.patch
    * CVE-2024-26458, bsc#1220770
    * CVE-2024-26461, bsc#1220771
    * CVE-2024-26462, bsc#1220772
* Thu Feb 29 2024 Pedro Monreal <pmonreal@suse.com>
  - Add crypto-policies support [bsc#1211301]
    * Update krb5.conf in vendor-files.tar.bz2
* Wed Dec 20 2023 Dirk Müller <dmueller@suse.com>
  - update to 1.21.2 (bsc#1218211, CVE-2023-39975):
    * Fix double-free in KDC TGS processing [CVE-2023-39975].
* Sat Jul 15 2023 Dirk Müller <dmueller@suse.com>
  - update to 1.21.1 (CVE-2023-36054):
    * Fix potential uninitialized pointer free in kadm5 XDR parsing
      [CVE-2023-36054]; (bsc#1214054).
    * Added a credential cache type providing compatibility with
      the macOS 11 native credential cache.
    * libkadm5 will use the provided krb5_context object to read
      configuration values, instead of creating its own.
    * Added an interface to retrieve the ticket session key
      from a GSS context.
    * The KDC will no longer issue tickets with RC4 or triple-DES
      session keys unless explicitly configured with the new
      allow_rc4 or allow_des3 variables respectively.
    * The KDC will assume that all services can handle aes256-sha1
      session keys unless the service principal has a
      session_enctypes string attribute.
    * Support for PAC full KDC checksums has been added to
      mitigate an S4U2Proxy privilege escalation attack.
    * The PKINIT client will advertise a more modern set
      of supported CMS algorithms.
    * Removed unused code in libkrb5, libkrb5support,
      and the PKINIT module.
    * Modernized the KDC code for processing TGS requests,
      the code for encrypting and decrypting key data,
      the PAC handling code, and the GSS library packet
      parsing and composition code.
    * Improved the test framework's detection of memory
      errors in daemon processes when used with asan.
* Thu May 04 2023 Frederic Crozat <fcrozat@suse.com>
  - Add _multibuild to define additional spec files as additional
    flavors.
    Eliminates the need for source package links in OBS.
* Fri Mar 03 2023 Samuel Cabrero <scabrero@suse.de>
  - Update 0007-SELinux-integration.patch for SELinux 3.5;
    (bsc#1208887);
* Tue Dec 27 2022 Stefan Schubert <schubi@suse.com>
  - Migration of PAM settings to /usr/lib/pam.d
* Tue Dec 13 2022 Samuel Cabrero <scabrero@suse.de>
  - Drop 0009-Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch,
    already fixed in release 1.20.0
* Wed Nov 16 2022 Samuel Cabrero <scabrero@suse.de>
  - Update to 1.20.1; (bsc#1205126); (CVE-2022-42898);
    * Fix integer overflows in PAC parsing [CVE-2022-42898].
    * Fix null deref in KDC when decoding invalid NDR.
    * Fix memory leak in OTP kdcpreauth module.
    * Fix PKCS11 module path search.
* Sun May 29 2022 Dirk Müller <dmueller@suse.com>
  - update to 1.20.0:
    * Added a "disable_pac" realm relation to suppress adding PAC authdata
      to tickets, for realms which do not need to support S4U requests.
    * Most credential cache types will use atomic replacement when a cache
      is reinitialized using kinit or refreshed from the client keytab.
    * kprop can now propagate databases with a dump size larger than 4GB,
      if both the client and server are upgraded.
    * kprop can now work over NATs that change the destination IP address,
      if the client is upgraded.
    * Updated the KDB interface.  The sign_authdata() method is replaced
      with the issue_pac() method, allowing KDB modules to add logon info
      and other buffers to the PAC issued by the KDC.
    * Host-based initiator names are better supported in the GSS krb5
      mechanism.
    * Replaced AD-SIGNEDPATH authdata with minimal PACs.
    * To avoid spurious replay errors, password change requests will not
      be attempted over UDP until the attempt over TCP fails.
    * PKINIT will sign its CMS messages with SHA-256 instead of SHA-1.
    * Updated all code using OpenSSL to be compatible with OpenSSL 3.
    * Reorganized the libk5crypto build system to allow the OpenSSL
      back-end to pull in material from the builtin back-end depending on
      the OpenSSL version.
    * Simplified the PRNG logic to always use the platform PRNG.
    * Converted the remaining Tcl tests to Python.
* Sat Apr 09 2022 Dirk Müller <dmueller@suse.com>
  - update to 1.19.3 (bsc#1189929, CVE-2021-37750):
    * Fix a denial of service attack against the KDC [CVE-2021-37750].
    * Fix KDC null deref on TGS inner body null server
    * Fix conformance issue in GSSAPI tests
* Thu Jan 27 2022 David Mulder <dmulder@suse.com>
  - Resolve "Credential cache directory /run/user/0/krb5cc does not
    exist while opening default credentials cache" by using a kernel
    keyring instead of a dir cache; (bsc#1109830);

Files

/etc/krb5.conf.d
/etc/krb5.conf.d/crypto-policies
/usr/etc/krb5.conf
/usr/lib64/krb5
/usr/lib64/krb5/plugins
/usr/lib64/krb5/plugins/kdb
/usr/lib64/krb5/plugins/libkrb5
/usr/lib64/krb5/plugins/preauth
/usr/lib64/krb5/plugins/tls
/usr/lib64/krb5/plugins/tls/k5tls.so
/usr/lib64/libgssapi_krb5.so
/usr/lib64/libgssapi_krb5.so.2
/usr/lib64/libgssapi_krb5.so.2.2
/usr/lib64/libgssrpc.so.4
/usr/lib64/libgssrpc.so.4.2
/usr/lib64/libk5crypto.so.3
/usr/lib64/libk5crypto.so.3.1
/usr/lib64/libkadm5clnt_mit.so.12
/usr/lib64/libkadm5clnt_mit.so.12.0
/usr/lib64/libkadm5srv_mit.so.12
/usr/lib64/libkadm5srv_mit.so.12.0
/usr/lib64/libkdb5.so.10
/usr/lib64/libkdb5.so.10.0
/usr/lib64/libkrad.so.0
/usr/lib64/libkrad.so.0.0
/usr/lib64/libkrb5.so.3
/usr/lib64/libkrb5.so.3.3
/usr/lib64/libkrb5support.so.0
/usr/lib64/libkrb5support.so.0.1
/usr/share/doc/packages/krb5
/usr/share/doc/packages/krb5/README
/usr/share/locale/de/LC_MESSAGES/mit-krb5.mo
/usr/share/locale/en_US/LC_MESSAGES/mit-krb5.mo
/usr/share/locale/ka/LC_MESSAGES/mit-krb5.mo
/var/log/krb5

Generated by rpm2html 1.8.1

Fabrice Bellet, Wed Oct 8 23:32:53 2025