| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: krb5-devel | Distribution: openSUSE Tumbleweed |
| Version: 1.21.3 | Vendor: openSUSE |
| Release: 4.1 | Build date: Wed Jul 2 16:05:30 2025 |
| Group: Unspecified | Build host: reproducible |
| Size: 723717 | Source RPM: krb5-1.21.3-4.1.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: https://kerberos.org/dist/ | |
| Summary: Development files for MIT Kerberos5 | |
Kerberos V5 is a trusted-third-party network authentication system, which can improve network security by eliminating the insecure practice of cleartext passwords. This package includes Libraries and Include Files for Development
MIT
* Wed Jul 02 2025 Stefan Schubert <schubi@suse.com>
- Moved /etc/krb5.conf to /usr/etc/krb5.conf
This patch (0011_usr_etc.patch) is upstream:
https://github.com/krb5/krb5/pull/1437/
* Mon Apr 21 2025 Friedrich Haubensak <hsk17@mail.de>
- add -std=gnu11 to CFLAGS to fix gcc15 compile time error, and to
still allow build on Leap 15.6
* Thu Jan 30 2025 Samuel Cabrero <scabrero@suse.de>
- Prevent overflow when calculating ulog block size. An authenticated
attacker can cause kadmind to write beyond the end of the mapped
region for the iprop log file, likely causing a process crash;
(CVE-2025-24528); (bsc#1236619).
- Add patch 0010-CVE-2025-24528.patch
* Mon Jul 01 2024 Samuel Cabrero <scabrero@suse.de>
- Update to 1.21.3
* Fix vulnerabilities in GSS message token handling:
* CVE-2024-37370, bsc#1227186
* CVE-2024-37371, bsc#1227187
* Fix a potential bad pointer free in krb5_cccol_have_contents()
* Fix a memory leak in the macOS ccache type
- Update patch 0009-Fix-three-memory-leaks.patch
* Mon May 13 2024 Andreas Schneider <asn@cryptomilk.org>
- Enable the LMDB backend for KDB
* Thu May 02 2024 Thorsten Kukuk <kukuk@suse.com>
- Remove requires for not used cron
* Fri Mar 22 2024 Samuel Cabrero <scabrero@suse.de>
- Fix memory leaks, add patch 0009-Fix-three-memory-leaks.patch
* CVE-2024-26458, bsc#1220770
* CVE-2024-26461, bsc#1220771
* CVE-2024-26462, bsc#1220772
* Thu Feb 29 2024 Pedro Monreal <pmonreal@suse.com>
- Add crypto-policies support [bsc#1211301]
* Update krb5.conf in vendor-files.tar.bz2
* Wed Dec 20 2023 Dirk Müller <dmueller@suse.com>
- update to 1.21.2 (bsc#1218211, CVE-2023-39975):
* Fix double-free in KDC TGS processing [CVE-2023-39975].
* Sat Jul 15 2023 Dirk Müller <dmueller@suse.com>
- update to 1.21.1 (CVE-2023-36054):
* Fix potential uninitialized pointer free in kadm5 XDR parsing
[CVE-2023-36054]; (bsc#1214054).
* Added a credential cache type providing compatibility with
the macOS 11 native credential cache.
* libkadm5 will use the provided krb5_context object to read
configuration values, instead of creating its own.
* Added an interface to retrieve the ticket session key
from a GSS context.
* The KDC will no longer issue tickets with RC4 or triple-DES
session keys unless explicitly configured with the new
allow_rc4 or allow_des3 variables respectively.
* The KDC will assume that all services can handle aes256-sha1
session keys unless the service principal has a
session_enctypes string attribute.
* Support for PAC full KDC checksums has been added to
mitigate an S4U2Proxy privilege escalation attack.
* The PKINIT client will advertise a more modern set
of supported CMS algorithms.
* Removed unused code in libkrb5, libkrb5support,
and the PKINIT module.
* Modernized the KDC code for processing TGS requests,
the code for encrypting and decrypting key data,
the PAC handling code, and the GSS library packet
parsing and composition code.
* Improved the test framework's detection of memory
errors in daemon processes when used with asan.
* Thu May 04 2023 Frederic Crozat <fcrozat@suse.com>
- Add _multibuild to define additional spec files as additional
flavors.
Eliminates the need for source package links in OBS.
* Fri Mar 03 2023 Samuel Cabrero <scabrero@suse.de>
- Update 0007-SELinux-integration.patch for SELinux 3.5;
(bsc#1208887);
* Tue Dec 27 2022 Stefan Schubert <schubi@suse.com>
- Migration of PAM settings to /usr/lib/pam.d
* Tue Dec 13 2022 Samuel Cabrero <scabrero@suse.de>
- Drop 0009-Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch,
already fixed in release 1.20.0
* Wed Nov 16 2022 Samuel Cabrero <scabrero@suse.de>
- Update to 1.20.1; (bsc#1205126); (CVE-2022-42898);
* Fix integer overflows in PAC parsing [CVE-2022-42898].
* Fix null deref in KDC when decoding invalid NDR.
* Fix memory leak in OTP kdcpreauth module.
* Fix PKCS11 module path search.
* Sun May 29 2022 Dirk Müller <dmueller@suse.com>
- update to 1.20.0:
* Added a "disable_pac" realm relation to suppress adding PAC authdata
to tickets, for realms which do not need to support S4U requests.
* Most credential cache types will use atomic replacement when a cache
is reinitialized using kinit or refreshed from the client keytab.
* kprop can now propagate databases with a dump size larger than 4GB,
if both the client and server are upgraded.
* kprop can now work over NATs that change the destination IP address,
if the client is upgraded.
* Updated the KDB interface. The sign_authdata() method is replaced
with the issue_pac() method, allowing KDB modules to add logon info
and other buffers to the PAC issued by the KDC.
* Host-based initiator names are better supported in the GSS krb5
mechanism.
* Replaced AD-SIGNEDPATH authdata with minimal PACs.
* To avoid spurious replay errors, password change requests will not
be attempted over UDP until the attempt over TCP fails.
* PKINIT will sign its CMS messages with SHA-256 instead of SHA-1.
* Updated all code using OpenSSL to be compatible with OpenSSL 3.
* Reorganized the libk5crypto build system to allow the OpenSSL
back-end to pull in material from the builtin back-end depending on
the OpenSSL version.
* Simplified the PRNG logic to always use the platform PRNG.
* Converted the remaining Tcl tests to Python.
* Sat Apr 09 2022 Dirk Müller <dmueller@suse.com>
- update to 1.19.3 (bsc#1189929, CVE-2021-37750):
* Fix a denial of service attack against the KDC [CVE-2021-37750].
* Fix KDC null deref on TGS inner body null server
* Fix conformance issue in GSSAPI tests
* Thu Jan 27 2022 David Mulder <dmulder@suse.com>
- Resolve "Credential cache directory /run/user/0/krb5cc does not
exist while opening default credentials cache" by using a kernel
keyring instead of a dir cache; (bsc#1109830);
/usr/bin/krb5-config /usr/include/gssapi /usr/include/gssapi.h /usr/include/gssapi/gssapi.h /usr/include/gssapi/gssapi_alloc.h /usr/include/gssapi/gssapi_ext.h /usr/include/gssapi/gssapi_generic.h /usr/include/gssapi/gssapi_krb5.h /usr/include/gssapi/mechglue.h /usr/include/gssrpc /usr/include/gssrpc/auth.h /usr/include/gssrpc/auth_gss.h /usr/include/gssrpc/auth_gssapi.h /usr/include/gssrpc/auth_unix.h /usr/include/gssrpc/clnt.h /usr/include/gssrpc/netdb.h /usr/include/gssrpc/pmap_clnt.h /usr/include/gssrpc/pmap_prot.h /usr/include/gssrpc/pmap_rmt.h /usr/include/gssrpc/rename.h /usr/include/gssrpc/rpc.h /usr/include/gssrpc/rpc_msg.h /usr/include/gssrpc/svc.h /usr/include/gssrpc/svc_auth.h /usr/include/gssrpc/types.h /usr/include/gssrpc/xdr.h /usr/include/kadm5 /usr/include/kadm5/admin.h /usr/include/kadm5/chpass_util_strings.h /usr/include/kadm5/kadm_err.h /usr/include/kdb.h /usr/include/krad.h /usr/include/krb5 /usr/include/krb5.h /usr/include/krb5/ccselect_plugin.h /usr/include/krb5/certauth_plugin.h /usr/include/krb5/clpreauth_plugin.h /usr/include/krb5/hostrealm_plugin.h /usr/include/krb5/kadm5_auth_plugin.h /usr/include/krb5/kadm5_hook_plugin.h /usr/include/krb5/kdcpolicy_plugin.h /usr/include/krb5/kdcpreauth_plugin.h /usr/include/krb5/krb5.h /usr/include/krb5/localauth_plugin.h /usr/include/krb5/locate_plugin.h /usr/include/krb5/plugin.h /usr/include/krb5/preauth_plugin.h /usr/include/krb5/pwqual_plugin.h /usr/include/profile.h /usr/lib64/libgssrpc.so /usr/lib64/libk5crypto.so /usr/lib64/libkadm5clnt.so /usr/lib64/libkadm5clnt_mit.so /usr/lib64/libkadm5srv.so /usr/lib64/libkadm5srv_mit.so /usr/lib64/libkdb5.so /usr/lib64/libkrad.so /usr/lib64/libkrb5.so /usr/lib64/libkrb5support.so /usr/lib64/pkgconfig/gssrpc.pc /usr/lib64/pkgconfig/kadm-client.pc /usr/lib64/pkgconfig/kadm-server.pc /usr/lib64/pkgconfig/kdb.pc /usr/lib64/pkgconfig/krb5-gssapi.pc /usr/lib64/pkgconfig/krb5.pc /usr/lib64/pkgconfig/mit-krb5-gssapi.pc /usr/lib64/pkgconfig/mit-krb5.pc /usr/sbin/krb5-send-pr /usr/share/aclocal /usr/share/aclocal/ac_check_krb5.m4 /usr/share/man/man1/krb5-config.1.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Wed Oct 22 22:37:11 2025