Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2023-07-17 19:22:54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new.3193 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "krb5" Mon Jul 17 19:22:54 2023 rev:167 rq:1098841 version:1.21.1 Changes: -------- --- /work/SRC/openSUSE:Factory/krb5/krb5.changes 2023-05-05 15:57:12.688059815 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new.3193/krb5.changes 2023-07-17 19:23:05.477669606 +0200 @@ -1,0 +2,31 @@ +Sat Jul 15 18:19:32 UTC 2023 - Dirk Müller <dmuel...@suse.com> + +- update to 1.121.1 (CVE-2023-36054): + * Fix potential uninitialized pointer free in kadm5 XDR parsing + [CVE-2023-36054]. + * Added a credential cache type providing compatibility with + the macOS 11 native credential cache. + * libkadm5 will use the provided krb5_context object to read + configuration values, instead of creating its own. + * Added an interface to retrieve the ticket session key + from a GSS context. + * The KDC will no longer issue tickets with RC4 or triple-DES + session keys unless explicitly configured with the new + allow_rc4 or allow_des3 variables respectively. + * The KDC will assume that all services can handle aes256-sha1 + session keys unless the service principal has a + session_enctypes string attribute. + * Support for PAC full KDC checksums has been added to + mitigate an S4U2Proxy privilege escalation attack. + * The PKINIT client will advertise a more modern set + of supported CMS algorithms. + * Removed unused code in libkrb5, libkrb5support, + and the PKINIT module. + * Modernized the KDC code for processing TGS requests, + the code for encrypting and decrypting key data, + the PAC handling code, and the GSS library packet + parsing and composition code. + * Improved the test framework's detection of memory + errors in daemon processes when used with asan. + +------------------------------------------------------------------- Old: ---- krb5-1.20.1.tar.gz krb5-1.20.1.tar.gz.asc New: ---- krb5-1.21.1.tar.gz krb5-1.21.1.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ krb5-mini.spec ++++++ --- /var/tmp/diff_new_pack.bjAp8h/_old 2023-07-17 19:23:06.601676116 +0200 +++ /var/tmp/diff_new_pack.bjAp8h/_new 2023-07-17 19:23:06.605676140 +0200 @@ -24,13 +24,13 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: krb5-mini -Version: 1.20.1 +Version: 1.21.1 Release: 0 Summary: MIT Kerberos5 implementation and libraries with minimal dependencies License: MIT URL: https://kerberos.org/dist/ -Source0: https://kerberos.org/dist/krb5/1.20/krb5-%{version}.tar.gz -Source1: https://kerberos.org/dist/krb5/1.20/krb5-%{version}.tar.gz.asc +Source0: https://kerberos.org/dist/krb5/1.21/krb5-%{version}.tar.gz +Source1: https://kerberos.org/dist/krb5/1.21/krb5-%{version}.tar.gz.asc Source2: krb5.keyring Source3: vendor-files.tar.bz2 Source4: baselibs.conf ++++++ krb5.spec ++++++ --- /var/tmp/diff_new_pack.bjAp8h/_old 2023-07-17 19:23:06.625676256 +0200 +++ /var/tmp/diff_new_pack.bjAp8h/_new 2023-07-17 19:23:06.629676278 +0200 @@ -21,13 +21,13 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: krb5 -Version: 1.20.1 +Version: 1.21.1 Release: 0 Summary: MIT Kerberos5 implementation License: MIT URL: https://kerberos.org/dist/ -Source0: https://kerberos.org/dist/krb5/1.20/krb5-%{version}.tar.gz -Source1: https://kerberos.org/dist/krb5/1.20/krb5-%{version}.tar.gz.asc +Source0: https://kerberos.org/dist/krb5/1.21/krb5-%{version}.tar.gz +Source1: https://kerberos.org/dist/krb5/1.21/krb5-%{version}.tar.gz.asc Source2: krb5.keyring Source3: vendor-files.tar.bz2 Source4: baselibs.conf ++++++ krb5-1.20.1.tar.gz -> krb5-1.21.1.tar.gz ++++++ /work/SRC/openSUSE:Factory/krb5/krb5-1.20.1.tar.gz /work/SRC/openSUSE:Factory/.krb5.new.3193/krb5-1.21.1.tar.gz differ: char 5, line 1