krb5-client-1.22.2-2.2 RPM for x86_64

From OpenSuSE Tumbleweed for x86_64

Kerberos V5 is a trusted-third-party network authentication system,
which can improve network security by eliminating the insecure
practice of cleartext passwords. This package includes some required
client programs, like kinit, kadmin, ...

Provides

• krb5-client
• krb5-client(x86-64)

Requires

• /bin/sh
• /bin/sh
• /bin/sh
• libc.so.6()(64bit)
• libc.so.6(GLIBC_2.14)(64bit)
• libc.so.6(GLIBC_2.15)(64bit)
• libc.so.6(GLIBC_2.2.5)(64bit)
• libc.so.6(GLIBC_2.25)(64bit)
• libc.so.6(GLIBC_2.3)(64bit)
• libc.so.6(GLIBC_2.3.4)(64bit)
• libc.so.6(GLIBC_2.33)(64bit)
• libc.so.6(GLIBC_2.34)(64bit)
• libc.so.6(GLIBC_2.38)(64bit)
• libc.so.6(GLIBC_2.4)(64bit)
• libc.so.6(GLIBC_2.8)(64bit)
• libcom_err.so.2()(64bit)
• libgssapi_krb5.so.2()(64bit)
• libgssapi_krb5.so.2(gssapi_krb5_2_MIT)(64bit)
• libk5crypto.so.3()(64bit)
• libk5crypto.so.3(k5crypto_3_MIT)(64bit)
• libkadm5clnt_mit.so.12()(64bit)
• libkadm5clnt_mit.so.12(kadm5clnt_mit_12_MIT)(64bit)
• libkadm5srv_mit.so.12()(64bit)
• libkadm5srv_mit.so.12(kadm5srv_mit_12_MIT)(64bit)
• libkdb5.so.10()(64bit)
• libkdb5.so.10(kdb5_10_MIT)(64bit)
• libkrb5.so.3()(64bit)
• libkrb5.so.3(krb5_3_MIT)(64bit)
• libkrb5support.so.0()(64bit)
• libkrb5support.so.0(krb5support_0_MIT)(64bit)
• libpam.so.0()(64bit)
• libpam.so.0(LIBPAM_1.0)(64bit)
• libss.so.2()(64bit)
• rpmlib(CompressedFileNames) <= 3.0.4-1
• rpmlib(FileDigests) <= 4.6.0-1
• rpmlib(PayloadFilesHavePrefix) <= 4.0-1
• rpmlib(PayloadIsZstd) <= 5.4.18-1

License

MIT

Changelog

* Sat Mar 21 2026 Christoph G <foss@grueninger.de>
  - Add compatibility with autoconf 2.73 by adding patch
    0011-autoconf-2.73-compatibility.patch from upstream pull
    request https://github.com/krb5/krb5/pull/1485
* Mon Feb 02 2026 Samuel Cabrero <scabrero@suse.de>
  - Update to 1.22.2
    * Fix a SPNEGO packet parsing bug which could cause GSS mechanism
      negotiation failure.
  - Fix building with glibc 2.43; (bsc#1257257); Add patch
    0010-Fix-strchr-conformance-to-C23.patch
* Thu Jan 08 2026 Noel Power <nopower@suse.com>
  - Immutable mode support, create /var/log/krb5 dir via
    systemd.tmpfiles; (PED-14767).
  - Add krb5-log.tmpfiles
* Mon Nov 24 2025 Samuel Cabrero <scabrero@suse.de>
  - Fix memory leak; (bsc#1252989); Update patch
    0009-UsrEtc-support.patch
* Fri Aug 29 2025 Samuel Cabrero <scabrero@suse.de>
  - Update to 1.22.1
    * Fix a vulnerability in GSS MIC verification [CVE-2025-57736]
  - Changes in 1.22.0
    User experience
    * The libdefaults configuration variable "request_timeout" can be
      set to limit the total timeout for KDC requests. When making a
      KDC request, the client will now wait indefinitely (or until the
      request timeout has elapsed) on a KDC which accepts a TCP
      connection, without contacting any additional KDCs. Clients will
      make fewer DNS queries in some configurations.
    * The realm configuration variable "sitename" can be set to cause
      the client to query site-specific DNS records when making KDC
      requests.
    Administrator experience
    * Principal aliases are supported in the DB2 and LMDB KDB modules
      and in the kadmin protocol. (The LDAP KDB module has supported
      aliases since release 1.7.)
    * UNIX domain sockets are supported for the Kerberos and kpasswd
      protocols.
    * systemd socket activation is supported for krb5kdc and kadmind.
    Developer experience
    * KDB modules can be be implemented in terms of other modules using
      the new krb5_db_load_module() function.
    * The profile library supports the modification of empty profiles
      and the copying of modified profiles, making it possible to
      construct an in-memory profile and pass it to
      krb5_init_context_profile().
    * GSS-API applications can pass the GSS_C_CHANNEL_BOUND flag to
      gss_init_sec_context() to request strict enforcement of channel
      bindings by the acceptor.
    Protocol evolution
    * The PKINIT preauth module supports elliptic curve client
      certificates, ECDH key exchange, and the Microsoft paChecksum2 field.
    * The IAKERB implementation has been changed to comply with the
      most recent draft standard and to support realm discovery.
    * Message-Authenticator is supported in the RADIUS implementation
      used by the OTP kdcpreauth module.
    Code quality
    * Removed old-style function declarations, to accomodate compilers
      which have removed support for them.
    * Added OSS-Fuzz to the project's continuous integration infrastructure.
    * Rewrote the GSS per-message token parsing code for improved safety.
  - Updated patches:
    * 0001-ksu-pam-integration.patch
    * 0002-krb5-1.9-manpaths.patch
    * 0003-Adjust-build-configuration.patch
    * 0004-krb5-1.6.3-gssapi_improve_errormessages.patch
    * 0005-krb5-1.6.3-ktutil-manpage.patch
    * 0006-krb5-1.12-api.patch
    * 0007-SELinux-integration.patch
    * 0008-krb5-1.9-debuginfo.patch
  - Renamed patches:
    * 0011_usr_etc.patch -> 0009-UsrEtc-support.patch
  - Deleted patches:
    * 0009-Fix-three-memory-leaks.patch
    * 0010-CVE-2025-24528.patch
* Wed Jul 02 2025 Stefan Schubert <schubi@suse.com>
  - Moved /etc/krb5.conf to /usr/etc/krb5.conf
    This patch (0011_usr_etc.patch) is upstream:
    https://github.com/krb5/krb5/pull/1437/
* Mon Apr 21 2025 Friedrich Haubensak <hsk17@mail.de>
  - add -std=gnu11 to CFLAGS to fix gcc15 compile time error, and to
    still allow build on Leap 15.6
* Thu Jan 30 2025 Samuel Cabrero <scabrero@suse.de>
  - Prevent overflow when calculating ulog block size. An authenticated
    attacker can cause kadmind to write beyond the end of the mapped
    region for the iprop log file, likely causing a process crash;
    (CVE-2025-24528); (bsc#1236619).
  - Add patch 0010-CVE-2025-24528.patch
* Mon Jul 01 2024 Samuel Cabrero <scabrero@suse.de>
  - Update to 1.21.3
    * Fix vulnerabilities in GSS message token handling:
    * CVE-2024-37370, bsc#1227186
    * CVE-2024-37371, bsc#1227187
    * Fix a potential bad pointer free in krb5_cccol_have_contents()
    * Fix a memory leak in the macOS ccache type
  - Update patch 0009-Fix-three-memory-leaks.patch
* Mon May 13 2024 Andreas Schneider <asn@cryptomilk.org>
  - Enable the LMDB backend for KDB
* Thu May 02 2024 Thorsten Kukuk <kukuk@suse.com>
  - Remove requires for not used cron
* Fri Mar 22 2024 Samuel Cabrero <scabrero@suse.de>
  - Fix memory leaks, add patch 0009-Fix-three-memory-leaks.patch
    * CVE-2024-26458, bsc#1220770
    * CVE-2024-26461, bsc#1220771
    * CVE-2024-26462, bsc#1220772
* Thu Feb 29 2024 Pedro Monreal <pmonreal@suse.com>
  - Add crypto-policies support [bsc#1211301]
    * Update krb5.conf in vendor-files.tar.bz2
* Wed Dec 20 2023 Dirk Müller <dmueller@suse.com>
  - update to 1.21.2 (bsc#1218211, CVE-2023-39975):
    * Fix double-free in KDC TGS processing [CVE-2023-39975].
* Sat Jul 15 2023 Dirk Müller <dmueller@suse.com>
  - update to 1.21.1 (CVE-2023-36054):
    * Fix potential uninitialized pointer free in kadm5 XDR parsing
      [CVE-2023-36054]; (bsc#1214054).
    * Added a credential cache type providing compatibility with
      the macOS 11 native credential cache.
    * libkadm5 will use the provided krb5_context object to read
      configuration values, instead of creating its own.
    * Added an interface to retrieve the ticket session key
      from a GSS context.
    * The KDC will no longer issue tickets with RC4 or triple-DES
      session keys unless explicitly configured with the new
      allow_rc4 or allow_des3 variables respectively.
    * The KDC will assume that all services can handle aes256-sha1
      session keys unless the service principal has a
      session_enctypes string attribute.
    * Support for PAC full KDC checksums has been added to
      mitigate an S4U2Proxy privilege escalation attack.
    * The PKINIT client will advertise a more modern set
      of supported CMS algorithms.
    * Removed unused code in libkrb5, libkrb5support,
      and the PKINIT module.
    * Modernized the KDC code for processing TGS requests,
      the code for encrypting and decrypting key data,
      the PAC handling code, and the GSS library packet
      parsing and composition code.
    * Improved the test framework's detection of memory
      errors in daemon processes when used with asan.
* Thu May 04 2023 Frederic Crozat <fcrozat@suse.com>
  - Add _multibuild to define additional spec files as additional
    flavors.
    Eliminates the need for source package links in OBS.
* Fri Mar 03 2023 Samuel Cabrero <scabrero@suse.de>
  - Update 0007-SELinux-integration.patch for SELinux 3.5;
    (bsc#1208887);

Files

/usr/bin/gss-client
/usr/bin/k5srvutil
/usr/bin/kadmin
/usr/bin/kdestroy
/usr/bin/kinit
/usr/bin/klist
/usr/bin/kpasswd
/usr/bin/ksu
/usr/bin/kswitch
/usr/bin/ktutil
/usr/bin/kvno
/usr/bin/sclient
/usr/bin/sim_client
/usr/bin/uuclient
/usr/lib/pam.d/ksu
/usr/share/man/man1/k5srvutil.1.gz
/usr/share/man/man1/kadmin.1.gz
/usr/share/man/man1/kdestroy.1.gz
/usr/share/man/man1/kinit.1.gz
/usr/share/man/man1/klist.1.gz
/usr/share/man/man1/kpasswd.1.gz
/usr/share/man/man1/ksu.1.gz
/usr/share/man/man1/kswitch.1.gz
/usr/share/man/man1/ktutil.1.gz
/usr/share/man/man1/kvno.1.gz
/usr/share/man/man1/sclient.1.gz
/usr/share/man/man5/.k5identity.5.gz
/usr/share/man/man5/.k5login.5.gz
/usr/share/man/man5/k5identity.5.gz
/usr/share/man/man5/k5login.5.gz
/usr/share/man/man5/krb5.conf.5.gz
/usr/share/man/man7/kerberos.7.gz

Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Apr 21 22:32:08 2026