Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2015-05-29 11:44:23 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "krb5" Changes: -------- --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2015-02-22 17:23:32.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-mini.changes 2015-05-29 11:44:24.000000000 +0200 @@ -1,0 +2,59 @@ +Thu May 28 08:01:00 UTC 2015 - dimstar@opensuse.org + +- Drop libverto and libverto-libev Requires from the -server + package: those package names don't exist and the shared libs + are pulled in automatically. + +------------------------------------------------------------------- +Wed May 27 10:59:13 UTC 2015 - dimstar@opensuse.org + +- Unconditionally buildrequire libverto-devel: krb5-mini also + depends on it. + +------------------------------------------------------------------- +Fri May 22 09:27:11 UTC 2015 - meissner@suse.com + +- pre_checkin.sh aligned changes between krb5/krb5-mini +- added krb5.keyring + +------------------------------------------------------------------- +Tue May 12 07:48:18 UTC 2015 - michael@stroeder.com + +- update to krb5 1.13.2 + +- DES transition +============== + +The Data Encryption Standard (DES) is widely recognized as weak. The +krb5-1.7 release contains measures to encourage sites to migrate away +- From using single-DES cryptosystems. Among these is a configuration +variable that enables "weak" enctypes, which defaults to "false" +beginning with krb5-1.8. + + +Major changes in 1.13.2 (2015-05-08) +==================================== + +This is a bug fix release. + +* Fix a minor vulnerability in krb5_read_message, which is primarily + used in the BSD-derived kcmd suite of applications. [CVE-2014-5355] + +* Fix a bypass of requires_preauth in KDCs that have PKINIT enabled. + [CVE-2015-2694] + +* Fix some issues with the LDAP KDC database back end. + +* Fix an iteration-related memory leak in the DB2 KDC database back + end. + +* Fix issues with some less-used kadm5.acl functionality. + +* Improve documentation. + +------------------------------------------------------------------- +Thu Apr 23 14:13:03 UTC 2015 - hguo@suse.com + +- Use externally built libverto + +------------------------------------------------------------------- @@ -16,0 +76 @@ + @@ -18 +78 @@ -Tue Jan 6 07:20:54 UTC 2015 - mlin@suse.com +Tue Jan 6 07:12:29 UTC 2015 - mlin@suse.com @@ -52,0 +113,12 @@ +------------------------------------------------------------------- +Thu Sep 25 12:48:32 UTC 2014 - ddiss@suse.com + +- Work around replay cache creation race; (bnc#898439). + krb5-1.13-work-around-replay-cache-creation-race.patch + +------------------------------------------------------------------- +Tue Sep 23 13:25:33 UTC 2014 - varkoly@suse.com + +- bnc#897874 CVE-2014-5351: krb5: current keys returned when randomizing the keys for a service principal +- added patches: + * bnc#897874-CVE-2014-5351.diff --- /work/SRC/openSUSE:Factory/krb5/krb5.changes 2015-02-22 17:23:32.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5.changes 2015-05-29 11:44:24.000000000 +0200 @@ -1,0 +2,59 @@ +Thu May 28 08:01:00 UTC 2015 - dimstar@opensuse.org + +- Drop libverto and libverto-libev Requires from the -server + package: those package names don't exist and the shared libs + are pulled in automatically. + +------------------------------------------------------------------- +Wed May 27 10:59:13 UTC 2015 - dimstar@opensuse.org + +- Unconditionally buildrequire libverto-devel: krb5-mini also + depends on it. + +------------------------------------------------------------------- +Fri May 22 09:27:11 UTC 2015 - meissner@suse.com + +- pre_checkin.sh aligned changes between krb5/krb5-mini +- added krb5.keyring + +------------------------------------------------------------------- +Tue May 12 07:48:18 UTC 2015 - michael@stroeder.com + +- update to krb5 1.13.2 + +- DES transition +============== + +The Data Encryption Standard (DES) is widely recognized as weak. The +krb5-1.7 release contains measures to encourage sites to migrate away +- From using single-DES cryptosystems. Among these is a configuration +variable that enables "weak" enctypes, which defaults to "false" +beginning with krb5-1.8. + + +Major changes in 1.13.2 (2015-05-08) +==================================== + +This is a bug fix release. + +* Fix a minor vulnerability in krb5_read_message, which is primarily + used in the BSD-derived kcmd suite of applications. [CVE-2014-5355] + +* Fix a bypass of requires_preauth in KDCs that have PKINIT enabled. + [CVE-2015-2694] + +* Fix some issues with the LDAP KDC database back end. + +* Fix an iteration-related memory leak in the DB2 KDC database back + end. + +* Fix issues with some less-used kadm5.acl functionality. + +* Improve documentation. + +------------------------------------------------------------------- +Thu Apr 23 14:13:03 UTC 2015 - hguo@suse.com + +- Use externally built libverto + +------------------------------------------------------------------- Old: ---- krb5-1.13.1.tar.gz New: ---- krb5-1.13.2.tar.gz krb5-1.13.2.tar.gz.asc krb5.keyring ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ krb5-mini.spec ++++++ --- /var/tmp/diff_new_pack.txOWLJ/_old 2015-05-29 11:44:26.000000000 +0200 +++ /var/tmp/diff_new_pack.txOWLJ/_new 2015-05-29 11:44:26.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package krb5-mini # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ %define build_mini 1 -%define srcRoot krb5-1.13.1 +%define srcRoot krb5-1.13.2 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ %define krb5docdir %{_defaultdocdir}/krb5 @@ -30,12 +30,13 @@ BuildRequires: libcom_err-devel BuildRequires: libselinux-devel BuildRequires: ncurses-devel -Version: 1.13.1 +Version: 1.13.2 Release: 0 Summary: MIT Kerberos5 Implementation--Libraries License: MIT Group: Productivity/Networking/Security Obsoletes: krb5-plugin-preauth-pkinit-nss +BuildRequires: libverto-devel %if ! 0%{?build_mini} BuildRequires: doxygen BuildRequires: libopenssl-devel @@ -64,7 +65,10 @@ Conflicts: krb5-plugin-preauth-pkinit Conflicts: krb5-plugin-preauth-otp %endif +# both tar.gz and .tar.gz.asc extracted from the http://web.mit.edu/kerberos/dist/krb5/1.13/krb5-1.13.2-signed.tar Source: krb5-%{version}.tar.gz +Source42: krb5-%version.tar.gz.asc +Source43: krb5.keyring Source1: vendor-files.tar.bz2 Source2: baselibs.conf Source5: krb5-rpmlintrc @@ -163,6 +167,7 @@ PreReq: %{name} = %{version} Requires: keyutils-devel Requires: libcom_err-devel +Requires: libverto-devel # bug437293 %ifarch ppc64 Obsoletes: krb5-devel-64bit @@ -231,7 +236,8 @@ %endif --with-selinux \ --with-system-et \ - --with-system-ss + --with-system-ss \ + --with-system-verto %{__make} %{?_smp_mflags} %if ! 0%{?build_mini} cd doc @@ -451,7 +457,6 @@ %{_libdir}/libkdb5.so %{_libdir}/libkrb5.so %{_libdir}/libkrb5support.so -%{_libdir}/libverto.so %{_libdir}/libkrad.so %{_libdir}/pkgconfig/gssrpc.pc %{_libdir}/pkgconfig/kadm-client.pc @@ -511,7 +516,6 @@ %{_libdir}/libkdb5.so.* %{_libdir}/libkrb5.so.* %{_libdir}/libkrb5support.so.* -%{_libdir}/libverto.so.* %{_libdir}/libkrad.so.* %{_libdir}/krb5/plugins/kdb/* %{_libdir}/krb5/plugins/tls/* @@ -585,7 +589,6 @@ %{_libdir}/libkdb5.so.* %{_libdir}/libkrb5.so.* %{_libdir}/libkrb5support.so.* -%{_libdir}/libverto.so.* %{_libdir}/libkrad.so.* %files server ++++++ krb5.spec ++++++ --- /var/tmp/diff_new_pack.txOWLJ/_old 2015-05-29 11:44:26.000000000 +0200 +++ /var/tmp/diff_new_pack.txOWLJ/_new 2015-05-29 11:44:26.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package krb5 # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ %define build_mini 0 -%define srcRoot krb5-1.13.1 +%define srcRoot krb5-1.13.2 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ %define krb5docdir %{_defaultdocdir}/krb5 @@ -30,12 +30,13 @@ BuildRequires: libcom_err-devel BuildRequires: libselinux-devel BuildRequires: ncurses-devel -Version: 1.13.1 +Version: 1.13.2 Release: 0 Summary: MIT Kerberos5 Implementation--Libraries License: MIT Group: Productivity/Networking/Security Obsoletes: krb5-plugin-preauth-pkinit-nss +BuildRequires: libverto-devel %if ! 0%{?build_mini} BuildRequires: doxygen BuildRequires: libopenssl-devel @@ -64,7 +65,10 @@ Conflicts: krb5-plugin-preauth-pkinit Conflicts: krb5-plugin-preauth-otp %endif +# both tar.gz and .tar.gz.asc extracted from the http://web.mit.edu/kerberos/dist/krb5/1.13/krb5-1.13.2-signed.tar Source: krb5-%{version}.tar.gz +Source42: krb5-%version.tar.gz.asc +Source43: krb5.keyring Source1: vendor-files.tar.bz2 Source2: baselibs.conf Source5: krb5-rpmlintrc @@ -163,6 +167,7 @@ PreReq: %{name} = %{version} Requires: keyutils-devel Requires: libcom_err-devel +Requires: libverto-devel # bug437293 %ifarch ppc64 Obsoletes: krb5-devel-64bit @@ -231,7 +236,8 @@ %endif --with-selinux \ --with-system-et \ - --with-system-ss + --with-system-ss \ + --with-system-verto %{__make} %{?_smp_mflags} %if ! 0%{?build_mini} cd doc @@ -451,7 +457,6 @@ %{_libdir}/libkdb5.so %{_libdir}/libkrb5.so %{_libdir}/libkrb5support.so -%{_libdir}/libverto.so %{_libdir}/libkrad.so %{_libdir}/pkgconfig/gssrpc.pc %{_libdir}/pkgconfig/kadm-client.pc @@ -511,7 +516,6 @@ %{_libdir}/libkdb5.so.* %{_libdir}/libkrb5.so.* %{_libdir}/libkrb5support.so.* -%{_libdir}/libverto.so.* %{_libdir}/libkrad.so.* %{_libdir}/krb5/plugins/kdb/* %{_libdir}/krb5/plugins/tls/* @@ -585,7 +589,6 @@ %{_libdir}/libkdb5.so.* %{_libdir}/libkrb5.so.* %{_libdir}/libkrb5support.so.* -%{_libdir}/libverto.so.* %{_libdir}/libkrad.so.* %files server ++++++ krb5-1.13.1.tar.gz -> krb5-1.13.2.tar.gz ++++++ /work/SRC/openSUSE:Factory/krb5/krb5-1.13.1.tar.gz /work/SRC/openSUSE:Factory/.krb5.new/krb5-1.13.2.tar.gz differ: char 5, line 1