Fedora 20 Update: krb5-1.11.3-39.fc20
updates at fedoraproject.org
updates at fedoraproject.org
Fri Feb 7 03:13:06 UTC 2014
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-1395
2014-01-23 09:49:48
--------------------------------------------------------------------------------
Name : krb5
Product : Fedora 20
Version : 1.11.3
Release : 39.fc20
URL : http://web.mit.edu/kerberos/www/
Summary : The Kerberos network authentication system
Description :
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of sending passwords over the network in unencrypted form.
--------------------------------------------------------------------------------
Update Information:
This update backports a change from upstream which allows an application which uses GSSAPI to affect the location of the replay cache that it uses, and a change to improve support for the "kdc_timesync" option when using KEYRING type credential caches.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 21 2014 Nalin Dahyabhai <nalin at redhat.com> - 1.11.3-39
- pull in upstream patch to fix the GSSAPI library's checks for expired
client creds in gss_init_sec_context() so that they work with keyring
caches (RT#7820, #1030607)
* Tue Jan 21 2014 Nalin Dahyabhai <nalin at redhat.com>
- pull in and backport multiple changes to allow replay caches to be added to
a GSS credential store as "rcache"-type credentials (RT#7818/#7819/#7836,
* Thu Dec 19 2013 Nalin Dahyabhai <nalin at redhat.com> - 1.11.3-38
- pull in fix from master to make reporting of errors encountered by the SPNEGO
mechanism work better (RT#7045, part of #1043962)
* Thu Dec 19 2013 Nalin Dahyabhai <nalin at redhat.com>
- update a test wrapper to properly handle things that the new libkrad does,
and add python-pyrad as a build requirement so that we can run its tests
* Wed Dec 18 2013 Nalin Dahyabhai <nalin at redhat.com> - 1.11.3-37
- backport fixes to krb5_copy_context (RT#7807, #1044735/#1044739)
* Wed Dec 18 2013 Nalin Dahyabhai <nalin at redhat.com> - 1.11.3-36
- backport fix to avoid double-freeing in the client when we're configured
to use a clpreauth module that isn't actually a clpreauth module (#1035203)
* Wed Dec 18 2013 Nalin Dahyabhai <nalin at redhat.com> - 1.11.3-35
- pull in fix from master to return a NULL pointer rather than allocating
zero bytes of memory if we read a zero-length input token (RT#7794, part of
- pull in fix from master to ignore an empty token from an acceptor if
we've already finished authenticating (RT#7797, part of #1043962)
- pull in fix from master to avoid a memory leak when a mechanism's
init_sec_context function fails (RT#7803, part of #1043962)
- pull in fix from master to avoid a memory leak in a couple of error
cases which could occur while obtaining acceptor credentials (RT#7805, part
of #1043962)
* Tue Dec 17 2013 Nalin Dahyabhai <nalin at redhat.com> - 1.11.3-34
- backport additional changes to libkrad to make it function more like
the version in upstream 1.12, and a few things in the OTP plugin as well
(most visibly, that the secret that's shared with the RADIUS server is read
from a file rather than used directly) (#1040056)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1056078 - Please backport patches to implement rcache tweaking via cred_store API
https://bugzilla.redhat.com/show_bug.cgi?id=1056078
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update krb5' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list