Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package krb5 for openSUSE:Factory checked in
at 2021-03-02 14:41:25
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/krb5 (Old)
and /work/SRC/openSUSE:Factory/.krb5.new.2378 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "krb5"
Tue Mar 2 14:41:25 2021 rev:151 rq:873782 version:1.19.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2020-12-16
10:58:43.931466437 +0100
+++ /work/SRC/openSUSE:Factory/.krb5.new.2378/krb5-mini.changes 2021-03-02
15:18:13.493661750 +0100
@@ -1,0 +2,47 @@
+Fri Feb 19 12:10:25 UTC 2021 - Samuel Cabrero <scabr...@suse.de>
+
+- Update to 1.19.1
+ * Fix a linking issue with Samba.
+ * Better support multiple pkinit_identities values by checking whether
+ certificates can be loaded for each value.
+
+-------------------------------------------------------------------
+Fri Feb 5 10:36:51 UTC 2021 - Samuel Cabrero <scabr...@suse.de>
+
+- Update to 1.19
+ Administrator experience
+ * When a client keytab is present, the GSSAPI krb5 mech will refresh
+ credentials even if the current credentials were acquired manually.
+ * It is now harder to accidentally delete the K/M entry from a KDB.
+ Developer experience
+ * gss_acquire_cred_from() now supports the "password" and "verify"
+ options, allowing credentials to be acquired via password and
+ verified using a keytab key.
+ * When an application accepts a GSS security context, the new
+ GSS_C_CHANNEL_BOUND_FLAG will be set if the initiator and acceptor
+ both provided matching channel bindings.
+ * Added the GSS_KRB5_NT_X509_CERT name type, allowing S4U2Self requests
+ to identify the desired client principal by certificate.
+ * PKINIT certauth modules can now cause the hw-authent flag to be set
+ in issued tickets.
+ * The krb5_init_creds_step() API will now issue the same password
+ expiration warnings as krb5_get_init_creds_password().
+ Protocol evolution
+ * Added client and KDC support for Microsoft's Resource-Based Constrained
+ Delegation, which allows cross-realm S4U2Proxy requests. A third-party
+ database module is required for KDC support.
+ * kadmin/admin is now the preferred server principal name for kadmin
+ connections, and the host-based form is no longer created by default.
+ The client will still try the host-based form as a fallback.
+ * Added client and server support for Microsoft's KERB_AP_OPTIONS_CBT
+ extension, which causes channel bindings to be required for the
+ initiator if the acceptor provided them. The client will send this
+ option if the client_aware_gss_bindings profile option is set.
+ User experience
+ * kinit will now issue a warning if the des3-cbc-sha1 encryption type is
+ used in the reply. This encryption type will be deprecated and removed
+ in future releases.
+ * Added kvno flags --out-cache, --no-store, and --cached-only
+ (inspired by Heimdal's kgetcred).
+
+-------------------------------------------------------------------
krb5.changes: same change
Old:
----
krb5-1.18.3.tar.gz
krb5-1.18.3.tar.gz.asc
New:
----
krb5-1.19.1.tar.gz
krb5-1.19.1.tar.gz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ krb5-mini.spec ++++++
--- /var/tmp/diff_new_pack.q9RTXQ/_old 2021-03-02 15:18:14.333662298 +0100
+++ /var/tmp/diff_new_pack.q9RTXQ/_new 2021-03-02 15:18:14.337662300 +0100
@@ -1,7 +1,7 @@
#
# spec file for package krb5-mini
#
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -24,13 +24,13 @@
%define _fillupdir %{_localstatedir}/adm/fillup-templates
%endif
Name: krb5-mini
-Version: 1.18.3
+Version: 1.19.1
Release: 0
Summary: MIT Kerberos5 implementation and libraries with minimal
dependencies
License: MIT
-URL: https://web.mit.edu/kerberos/www/
-Source0:
https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}.tar.gz
-Source1:
https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}.tar.gz.asc
+URL: https://kerberos.org/dist/
+Source0: https://kerberos.org/dist/krb5/1.19/krb5-%{version}.tar.gz
+Source1: https://kerberos.org/dist/krb5/1.19/krb5-%{version}.tar.gz.asc
Source2: krb5.keyring
Source3: vendor-files.tar.bz2
Source4: baselibs.conf
++++++ krb5.spec ++++++
--- /var/tmp/diff_new_pack.q9RTXQ/_old 2021-03-02 15:18:14.353662311 +0100
+++ /var/tmp/diff_new_pack.q9RTXQ/_new 2021-03-02 15:18:14.357662314 +0100
@@ -1,7 +1,7 @@
#
# spec file for package krb5
#
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -21,13 +21,13 @@
%define _fillupdir %{_localstatedir}/adm/fillup-templates
%endif
Name: krb5
-Version: 1.18.3
+Version: 1.19.1
Release: 0
Summary: MIT Kerberos5 implementation
License: MIT
-URL: https://web.mit.edu/kerberos/www/
-Source0:
https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}.tar.gz
-Source1:
https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}.tar.gz.asc
+URL: https://kerberos.org/dist/
+Source0: https://kerberos.org/dist/krb5/1.19/krb5-%{version}.tar.gz
+Source1: https://kerberos.org/dist/krb5/1.19/krb5-%{version}.tar.gz.asc
Source2: krb5.keyring
Source3: vendor-files.tar.bz2
Source4: baselibs.conf
++++++ 0001-ksu-pam-integration.patch ++++++
--- /var/tmp/diff_new_pack.q9RTXQ/_old 2021-03-02 15:18:14.369662321 +0100
+++ /var/tmp/diff_new_pack.q9RTXQ/_new 2021-03-02 15:18:14.373662325 +0100
@@ -1,4 +1,4 @@
-From ff26447c1edc29bf69672f1a55f8bb1c3f20f582 Mon Sep 17 00:00:00 2001
+From cb49731c07ee57f64bd5a93a182446bc834b9057 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharw...@redhat.com>
Date: Tue, 23 Aug 2016 16:29:58 -0400
Subject: [PATCH 1/8] ksu pam integration
@@ -30,10 +30,10 @@
create mode 100644 src/clients/ksu/pam.h
diff --git a/src/aclocal.m4 b/src/aclocal.m4
-index 2394f7e33..53f8b6fb7 100644
+index 024d6370c..43eed3b87 100644
--- a/src/aclocal.m4
+++ b/src/aclocal.m4
-@@ -1675,3 +1675,71 @@ if test "$with_ldap" = yes; then
+@@ -1677,3 +1677,71 @@ if test "$with_ldap" = yes; then
OPENLDAP_PLUGIN=yes
fi
])dnl
@@ -144,11 +144,11 @@
clean:
$(RM) ksu
diff --git a/src/clients/ksu/main.c b/src/clients/ksu/main.c
-index 4f03dd8ed..21a4d02bb 100644
+index af1286172..931f05404 100644
--- a/src/clients/ksu/main.c
+++ b/src/clients/ksu/main.c
@@ -26,6 +26,7 @@
- * KSU was writen by: Ari Medvinsky, a...@isi.edu
+ * KSU was written by: Ari Medvinsky, a...@isi.edu
*/
+#include "autoconf.h"
@@ -174,7 +174,7 @@
/***********/
#define KS_TEMPORARY_CACHE "MEMORY:_ksu"
-@@ -535,6 +541,23 @@ main (argc, argv)
+@@ -536,6 +542,23 @@ main (argc, argv)
prog_name,target_user,client_name,
source_user,ontty());
@@ -198,7 +198,7 @@
/* Run authorization as target.*/
if (krb5_seteuid(target_uid)) {
com_err(prog_name, errno, _("while switching to target for "
-@@ -595,6 +618,24 @@ main (argc, argv)
+@@ -596,6 +619,24 @@ main (argc, argv)
exit(1);
}
@@ -223,7 +223,7 @@
}
if( some_rest_copy){
-@@ -652,6 +693,30 @@ main (argc, argv)
+@@ -653,6 +694,30 @@ main (argc, argv)
exit(1);
}
@@ -254,7 +254,7 @@
/* set permissions */
if (setgid(target_pwd->pw_gid) < 0) {
perror("ksu: setgid");
-@@ -749,7 +814,7 @@ main (argc, argv)
+@@ -750,7 +815,7 @@ main (argc, argv)
fprintf(stderr, "program to be execed %s\n",params[0]);
}
@@ -263,7 +263,7 @@
execv(params[0], params);
com_err(prog_name, errno, _("while trying to execv %s"), params[0]);
sweep_up(ksu_context, cc_target);
-@@ -779,16 +844,35 @@ main (argc, argv)
+@@ -780,16 +845,35 @@ main (argc, argv)
if (ret_pid == -1) {
com_err(prog_name, errno, _("while calling waitpid"));
}
@@ -759,10 +759,10 @@
+void appl_pam_cleanup(void);
+#endif
diff --git a/src/configure.ac b/src/configure.ac
-index 234f4281c..d1f576124 100644
+index 4eb080784..693f76a81 100644
--- a/src/configure.ac
+++ b/src/configure.ac
-@@ -1390,6 +1390,8 @@ AC_SUBST([VERTO_VERSION])
+@@ -1389,6 +1389,8 @@ AC_SUBST([VERTO_VERSION])
AC_PATH_PROG(GROFF, groff)
@@ -772,5 +772,5 @@
if test "${localedir+set}" != set; then
localedir='$(datadir)/locale'
--
-2.25.0
+2.30.0
++++++ krb5-1.18.3.tar.gz -> krb5-1.19.1.tar.gz ++++++
/work/SRC/openSUSE:Factory/krb5/krb5-1.18.3.tar.gz
/work/SRC/openSUSE:Factory/.krb5.new.2378/krb5-1.19.1.tar.gz differ: char 5,
line 1
