Fedora 20 Update: krb5-1.11.3-39.fc20

Fri Feb 7 03:13:06 UTC 2014

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-1395
2014-01-23 09:49:48
--------------------------------------------------------------------------------

Name        : krb5
Product     : Fedora 20
Version     : 1.11.3
Release     : 39.fc20
URL         : http://web.mit.edu/kerberos/www/
Summary     : The Kerberos network authentication system
Description :
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of sending passwords over the network in unencrypted form.

--------------------------------------------------------------------------------
Update Information:

This update backports a change from upstream which allows an application which uses GSSAPI to affect the location of the replay cache that it uses, and a change to improve support for the "kdc_timesync" option when using KEYRING type credential caches.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 21 2014 Nalin Dahyabhai <nalin at redhat.com> - 1.11.3-39
- pull in upstream patch to fix the GSSAPI library's checks for expired
  client creds in gss_init_sec_context() so that they work with keyring
  caches (RT#7820, #1030607)
* Tue Jan 21 2014 Nalin Dahyabhai <nalin at redhat.com>
- pull in and backport multiple changes to allow replay caches to be added to
  a GSS credential store as "rcache"-type credentials (RT#7818/#7819/#7836,
* Thu Dec 19 2013 Nalin Dahyabhai <nalin at redhat.com> - 1.11.3-38
- pull in fix from master to make reporting of errors encountered by the SPNEGO
  mechanism work better (RT#7045, part of #1043962)
* Thu Dec 19 2013 Nalin Dahyabhai <nalin at redhat.com>
- update a test wrapper to properly handle things that the new libkrad does,
  and add python-pyrad as a build requirement so that we can run its tests
* Wed Dec 18 2013 Nalin Dahyabhai <nalin at redhat.com> - 1.11.3-37
- backport fixes to krb5_copy_context (RT#7807, #1044735/#1044739)
* Wed Dec 18 2013 Nalin Dahyabhai <nalin at redhat.com> - 1.11.3-36
- backport fix to avoid double-freeing in the client when we're configured
  to use a clpreauth module that isn't actually a clpreauth module (#1035203)
* Wed Dec 18 2013 Nalin Dahyabhai <nalin at redhat.com> - 1.11.3-35
- pull in fix from master to return a NULL pointer rather than allocating
  zero bytes of memory if we read a zero-length input token (RT#7794, part of
  - pull in fix from master to ignore an empty token from an acceptor if
  we've already finished authenticating (RT#7797, part of #1043962)
- pull in fix from master to avoid a memory leak when a mechanism's
  init_sec_context function fails (RT#7803, part of #1043962)
- pull in fix from master to avoid a memory leak in a couple of error
  cases which could occur while obtaining acceptor credentials (RT#7805, part
  of #1043962)
* Tue Dec 17 2013 Nalin Dahyabhai <nalin at redhat.com> - 1.11.3-34
- backport additional changes to libkrad to make it function more like
  the version in upstream 1.12, and a few things in the OTP plugin as well
  (most visibly, that the secret that's shared with the RADIUS server is read
  from a file rather than used directly) (#1040056)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1056078 - Please backport patches to implement rcache tweaking via cred_store API
        https://bugzilla.redhat.com/show_bug.cgi?id=1056078
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update krb5' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------