krb5-plugin-kdb-ldap-1.12.5-25.1<>,C\E/=„ˡq"93' ?]ԉpË:+ef?`6ә;(|D\WSL9Co~j<"2+# c^9ʤc&A$>Oe1GDQg?淂Lt{Σ"_s_tE'Y'Rr*v6ޝpx۵U_"UJ̷;0^FI`W0ģ -cJՄx}v&,lG ^ѥ'hO d'>=b?bd # V48@DW`d }`            0 q  ` ( 8 Z9 pZ:Z>[F@[UF[]G[p H[ I[ X[Y\\\( ]\\ ^\ b]c^Vd^e^f^l^u_ v_8wa xa yb 3zbCkrb5-plugin-kdb-ldap1.12.525.1MIT Kerberos5 Implementation--LDAP Database PluginKerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of clear text passwords. This package contains the LDAP database plugin.\Elamb69kopenSUSE Leap 42.3openSUSEMIThttp://bugs.opensuse.orgProductivity/Networking/Securityhttp://web.mit.edu/kerberos/www/linuxx86_64/sbin/ldconfig ######################################################## # files sections ########################################################(oxl` AAAAA큤\7\7\3\3\8\8\4\4\8\6\6\6\63c914f06063f7e49a745431be7f01aac02f7afe94cbd1989534ae0ecfcf24ad103f3f549979a8ec4746712729a2904cb799c19363f1a72c11e6ae237445c26bd2850adf0444ffea0143293720a0b69c6a7af7b7bb2d0c6f2f557daa66399c3c6libkdb_ldap.so.1.0libkdb_ldap.so.1.0rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootkrb5-1.12.5-25.1.src.rpmkldap.so.0()(64bit)kldap.so.0(HIDDEN)(64bit)kldap.so.0(kldap_0_MIT)(64bit)krb5-plugin-kdb-ldapkrb5-plugin-kdb-ldap(x86-64)libkdb_ldap.so.1()(64bit)libkdb_ldap.so.1(HIDDEN)(64bit)libkdb_ldap.so.1(kdb_ldap_1_MIT)(64bit)@@@@@@@@@@@@@@@@@@@@@@@@@   /bin/sh/sbin/ldconfigkrb5-serverlibc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libc.so.6(GLIBC_2.8)(64bit)libcom_err.so.2()(64bit)libgssrpc.so.4()(64bit)libgssrpc.so.4(gssrpc_4_MIT)(64bit)libk5crypto.so.3()(64bit)libk5crypto.so.3(k5crypto_3_MIT)(64bit)libkadm5srv_mit.so.9()(64bit)libkadm5srv_mit.so.9(kadm5srv_mit_9_MIT)(64bit)libkdb5.so.7()(64bit)libkdb5.so.7(kdb5_7_MIT)(64bit)libkdb_ldap.so.1()(64bit)libkdb_ldap.so.1(kdb_ldap_1_MIT)(64bit)libkrb5.so.3()(64bit)libkrb5.so.3(krb5_3_MIT)(64bit)libkrb5support.so.0()(64bit)libkrb5support.so.0(krb5support_0_MIT)(64bit)libldap-2.4.so.2()(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.2.5)(64bit)rpmlib(CompressedFileNames)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsLzma)1.12.53.0.4-14.0-14.4.6-14.11.2\@\4[Z@ZH@Y@YYY@Y@Y.@WWE@WwW^@V@VwVVA@V0U@U.@U.@TT$T!`SS;@S@S@SK@Ra@R@R@R Q4Q@@Qn@Q@QQU@Q}@Q]k@QZ@QR@QLGQC @Q7/Q4QsP@P}L@P}L@PyWPnO؀OЗOF@OJO'NxNxN=@N=@NHNNS@NP@NNP@MMlM6@L8LeL|L|L@LT@KKŮ@KK"@K@K@KK&(JJ@JY@J&eJ @Samuel Cabrero Samuel Cabrero ckowalczyk@suse.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comfoss@grueninger.dehguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comhguo@suse.comvarkoly@suse.comvarkoly@suse.comvarkoly@suse.comvarkoly@suse.comddiss@suse.comvarkoly@suse.comckornacker@suse.comckornacker@suse.comckornacker@suse.comckornacker@suse.comckornacker@suse.comckornacker@suse.comckornacker@suse.comnfbrown@suse.comckornacker@suse.commc@suse.comcrrodriguez@opensuse.orgmc@suse.commc@suse.commc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.delchiquitto@suse.comcoolo@suse.comcoolo@suse.comcoolo@suse.commc@suse.decoolo@suse.commc@suse.demc@suse.destefan.bruens@rwth-aachen.demeissner@suse.decoolo@suse.comcoolo@suse.commc@suse.demc@suse.derhafer@suse.demc@suse.demc@suse.demc@novell.commc@novell.commc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.delchiquitto@novell.commc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.demc@suse.dejengelh@medozas.demc@suse.decoolo@novell.commc@suse.demc@suse.de- Add support for the GSS_KRB5_CRED_NO_CI_FLAGS_X cred option to suppress sending the confidentiality and integrity flags in GSS initiator tokens unless they are requested by the caller. These flags control the negotiated SASL security layer for the Microsoft GSS-SPNEGO SASL mechanism. (bsc#1087481). - Added patches: 0116-Implement-GSS_KRB5_CRED_NO_CI_FLAGS_X-cred-option.patch 0117-Add-tests-for-GSS_KRB5_CRED_NO_CI_FLAGS_X.patch 0118-Implement-GSS_KRB5_CRED_NO_CI_FLAGS_X-for-SPNEGO.patch- Remove incorrect KDC assertion; (CVE-2018-20217); (bsc#1120489); - Added patches: * 0115-Remove-incorrect-KDC-assertion.patch- Fix for resolving krb5 GSS creds if time_rec is requested 0114-resolve-krb5-GSS-creds-if-time_rec-is-requested.patch (bsc#1088921)- Fix CVE-2018-5730 and CVE-2018-5729 with 0113-Fix-flaws-in-LDAP-DN-checking.patch (bsc#1083926 bsc#1083927)- Fix a GSS failure in legacy applications (bsc#1081725) with patch 0112-Do-not-indicate-deprecated-GSS-mechanisms.patch This upstream fix supposedly fixes the issue resolved by the previously released workaround done by 0111-gssapi-assume-that-mechanism-from-acceptor-credentia.patch (bsc#1057662 bsc#1046415)- Introduce patch 0111-gssapi-assume-that-mechanism-from-acceptor-credentia.patch to all legacy GSS client applications to workaround compatibility issue by setting environment variable GSSAPI_ASSUME_MECH_MATCH to a non-empty value. (bsc#1057662)- Introduce patch 0110-Fix-PKINIT-cert-matching-data-construction.patch to fix CVE-2017-15088 of bsc#1065274.- Introduce patch 0109-Preserve-GSS-context-on-init-accept-failure.patch to fix CVE-2017-11462 of bsc#1056995.- Set "rdns" and "dns_canonicalize_hostname" to false in krb5.conf in order to improve client security in handling service principle names. (bsc#1054028)- Prevent kadmind.service startup failure caused by absence of LDAP service. (bsc#903543)- Remove main package's dependency on systemd. (bsc#1032680)- Remove unneeded prerequisites from spec file. (bsc#992853)- Fix CVE-2016-3120 (bsc#991088) with patch: 0108-Fix-S4U2Self-KDC-crash-when-anon-is-restricted.patch- Fix build with doxygen 1.8.8 - adding krb5-1.12-doxygen.patch from rev128 of network/krb5 (bsc#982313#c2)- Remove source file ccapi/common/win/OldCC/autolock.hxx that is not needed and does not carry an acceptable license. (bsc#968111)- Introduce patch 0107-Fix-LDAP-null-deref-on-empty-arg-CVE-2016-3119.patch to fix CVE-2016-3119 (bsc#971942)- Upgrade from version 1.12.1 to 1.12.5. The new maintenance release brings accumulated defect fixes. - The following patches are now present in the source bundle, thus removed from build individual patch files: * 0001-Fix-krb5_read_message-handling-CVE-2014-5355.patch * 0001-Prevent-requires_preauth-bypass-CVE-2015-2694.patch * 0100-Fix-build_principal-memory-bug-CVE-2015-2697.patch * 0101-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch * 0102-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch * 0103-Fix-IAKERB-context-export-import-CVE-2015-2698.patch * bnc#912002.diff * krb5-1.12-CVE-2014-4341-CVE-2014-4342.patch * krb5-1.12-CVE-2014-4343-Fix-double-free-in-SPNEGO.patch * krb5-1.12-CVE-2014-4344-Fix-null-deref-in-SPNEGO-acceptor.patch * krb5-1.12-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.patch * krb5-1.12.2-CVE-2014-5353.patch * krb5-1.12.2-CVE-2014-5354.patch * krb5-master-keyring-kdcsync.patch - Line numbers in the following patches are slightly adjusted to fit into this new source version: * krb5-1.6.3-ktutil-manpage.dif * krb5-1.7-doublelog.patch - Remove krb5-mini pieces from spec file. Thus removing pre_checkin.sh - Remove expired macros and other minor clean-ups in spec file. - Use system libverto to substitute built-in libverto. Implement fate#320326- Fix CVE-2015-8629: krb5: xdr_nullstring() doesn't check for terminating null character (bsc#963968) with patch 0104-Verify-decoded-kadmin-C-strings-CVE-2015-8629.patch - Fix CVE-2015-8631: krb5: Memory leak caused by supplying a null principal name in request (bsc#963975) with patch 0105-Fix-leaks-in-kadmin-server-stubs-CVE-2015-8631.patch - Fix CVE-2015-8630: krb5: krb5 doesn't check for null policy when KADM5_POLICY is set in the mask (bsc#963964) with patch 0106-Check-for-null-kadm5-policy-name-CVE-2015-8630.patch- Apply patch 0103-Fix-IAKERB-context-export-import-CVE-2015-2698.patch to fix a memory corruption regression introduced by resolution of CVE-2015-2698. bsc#954204- Make kadmin.local man page available without having to install krb5-client. bsc#948011 - Apply patch 0100-Fix-build_principal-memory-bug-CVE-2015-2697.patch to fix build_principal memory bug [CVE-2015-2697] bsc#952190 - Apply patch 0101-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch to fix IAKERB context aliasing bugs [CVE-2015-2696] bsc#952189 - Apply patch 0102-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch to fix SPNEGO context aliasing bugs [CVE-2015-2695] bsc#952188 - Fix patch content of bnc#912002.diff that was missing a diff header.- bnc#928978 - (CVE-2015-2694) VUL-0: CVE-2015-2694: krb5: issues in OTP and PKINIT kdcpreauth modules leading to requires_preauth bypass patches: 0001-Prevent-requires_preauth-bypass-CVE-2015-2694.patch- bnc#918595 VUL-0: CVE-2014-5355: krb5: denial of service in krb5_read_message patches: 0001-Fix-krb5_read_message-handling-CVE-2014-5355.patch- bnc#910457: CVE-2014-5353: NULL pointer dereference when using a ticket policy name as password name - bnc#910458: CVE-2014-5354: NULL pointer dereference when using keyless entries patches: krb5-1.12.2-CVE-2014-5353.patch krb5-1.12.2-CVE-2014-5354.patch- bnc#912002 VUL-0: CVE-2014-5352 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423: krb5: Vulnerabilities in kadmind, libgssrpc, gss_process_context_token - added patches: * bnc#912002.diff- Work around replay cache creation race; (bnc#898439). krb5-1.13-work-around-replay-cache-creation-race.patch- bnc#897874 CVE-2014-5351: krb5: current keys returned when randomizing the keys for a service principal - added patches: * bnc#897874-CVE-2014-5351.diff- buffer overrun in kadmind with LDAP backend CVE-2014-4345 (bnc#891082) krb5-1.12-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.patch- Fix double-free in SPNEGO [CVE-2014-4343] (bnc#888697) krb5-1.12-CVE-2014-4343-Fix-double-free-in-SPNEGO.patch Fix null deref in SPNEGO acceptor [CVE-2014-4344] krb5-1.12-CVE-2014-4344-Fix-null-deref-in-SPNEGO-acceptor.patch- denial of service flaws when handling RFC 1964 tokens (bnc#886016) krb5-1.12-CVE-2014-4341-CVE-2014-4342.patch - start krb5kdc after slapd (bnc#886102)- obsolete krb5-plugin-preauth-pkinit-nss (bnc#881674) similar functionality is provided by krb5-plugin-preauth-pkinit- don't deliver SysV init files to systemd distributions- update to version 1.12.1 * Make KDC log service principal names more consistently during some error conditions, instead of "" * Fix several bugs related to building AES-NI support on less common configurations * Fix several bugs related to keyring credential caches - upstream obsoletes: krb5-1.12-copy_context.patch krb5-1.12-enable-NX.patch krb5-1.12-pic-aes-ni.patch krb5-master-no-malloc0.patch krb5-master-ignore-empty-unnecessary-final-token.patch krb5-master-gss_oid_leak.patch krb5-master-keytab_close.patch krb5-master-spnego_error_messages.patch - Fix Get time offsets for all keyring ccaches krb5-master-keyring-kdcsync.patch (RT#7820)- update to version 1.12 * Add GSSAPI extensions for constructing MIC tokens using IOV lists * Add a FAST OTP preauthentication module for the KDC which uses RADIUS to validate OTP token values. * The AES-based encryption types will use AES-NI instructions when possible for improved performance. - revert dependency on libcom_err-mini-devel since it's not yet available - update and rebase patches * krb5-1.10-buildconf.patch -> krb5-1.12-buildconf.patch * krb5-1.11-pam.patch -> krb5-1.12-pam.patch * krb5-1.11-selinux-label.patch -> krb5-1.12-selinux-label.patch * krb5-1.8-api.patch -> krb5-1.12-api.patch * krb5-1.9-ksu-path.patch -> krb5-1.12-ksu-path.patch * krb5-1.9-debuginfo.patch * krb5-1.9-kprop-mktemp.patch * krb5-kvno-230379.patch - added upstream patches - Fix krb5_copy_context * krb5-1.12-copy_context.patch - Mark AESNI files as not needing executable stacks * krb5-1.12-enable-NX.patch * krb5-1.12-pic-aes-ni.patch - Fix memory leak in SPNEGO initiator * krb5-master-gss_oid_leak.patch - Fix SPNEGO one-hop interop against old IIS * krb5-master-ignore-empty-unnecessary-final-token.patch - Fix GSS krb5 acceptor acquire_cred error handling * krb5-master-keytab_close.patch - Avoid malloc(0) in SPNEGO get_input_token * krb5-master-no-malloc0.patch - Test SPNEGO error message in t_s4u.py * krb5-master-spnego_error_messages.patch- Reduce build dependencies for krb5-mini by removing doxygen and changing libcom_err-devel to libcom_err-mini-devel - Small fix to pre_checkin.sh so krb5-mini.spec is correct.- update to version 1.11.4 - Fix a KDC null pointer dereference [CVE-2013-1417] that could affect realms with an uncommon configuration. - Fix a KDC null pointer dereference [CVE-2013-1418] that could affect KDCs that serve multiple realms. - Fix a number of bugs related to KDC master key rollover.- install and enable systemd service files also in -mini package- remove fstack-protector-all from CFLAGS, just use the lighter/fast version already present in %optflags - Use LFS_CFLAGS to build in 32 bit archs.- update to version 1.11.3 - Fix a UDP ping-pong vulnerability in the kpasswd (password changing) service. [CVE-2002-2443] - Improve interoperability with some Windows native PKINIT clients. - install translation files - remove outdated configure options- cleanup systemd files (remove syslog.target)- let krb5-mini conflict with all main packages- add conflicts between krb5-mini and krb5-server- update to version 1.11.2 * Incremental propagation could erroneously act as if a slave's database were current after the slave received a full dump that failed to load. * gss_import_sec_context incorrectly set internal state that identifies whether an imported context is from an interposer mechanism or from the underlying mechanism. - upstream fix obsolete krb5-lookup_etypes-leak.patch- add conflicts between krb5-mini-devel and krb5-devel- add conflicts between krb5-mini and krb5 and krb5-client- enable selinux and set openssl as crypto implementation- fix path to executables in service files (bnc#810926)- update to version 1.11.1 * Improve ASN.1 support code, making it table-driven for decoding as well as encoding * Refactor parts of KDC * Documentation consolidation * build docs in the main package * bugfixing - changes of patches: * bug-806715-CVE-2013-1415-fix-PKINIT-null-pointer-deref.dif: upstream * bug-807556-CVE-2012-1016-fix-PKINIT-null-pointer-deref2.dif: upstream * krb5-1.10-gcc47.patch: upstream * krb5-1.10-selinux-label.patch replaced by krb5-1.11-selinux-label.patch * krb5-1.10-spin-loop.patch: upstream * krb5-1.3.5-perlfix.dif: the tool was removed from upstream * krb5-1.8-pam.patch replaced by krb5-1.11-pam.patch- fix PKINIT null pointer deref in pkinit_check_kdc_pkid() CVE-2012-1016 (bnc#807556) bug-807556-CVE-2012-1016-fix-PKINIT-null-pointer-deref2.dif- fix PKINIT null pointer deref CVE-2013-1415 (bnc#806715) bug-806715-CVE-2013-1415-fix-PKINIT-null-pointer-deref.dif- package missing file (bnc#794784)- krb5-1.10-spin-loop.patch: fix spin-loop bug in k5_sendto_kdc (bnc#793336)- revert the -p usage in %postun to fix SLE build- buildrequire systemd by pkgconfig provide to get systemd-mini- do not require systemd in krb5-mini- add systemd service files for kadmind, krb5kdc and kpropd - add sysconfig templates for kadmind and krb5kdc- fix %files section for krb5-mini- fix gcc47 issues- update to version 1.10.2 obsolte patches: * krb5-1.7-nodeplibs.patch * krb5-1.9.1-ai_addrconfig.patch * krb5-1.9.1-ai_addrconfig2.patch * krb5-1.9.1-sendto_poll.patch * krb5-1.9-canonicalize-fallback.patch * krb5-1.9-paren.patch * krb5-klist_s.patch * krb5-pkinit-cms2.patch * krb5-trunk-chpw-err.patch * krb5-trunk-gss_delete_sec.patch * krb5-trunk-kadmin-oldproto.patch * krb5-1.9-MITKRB5-SA-2011-006.dif * krb5-1.9-gss_display_status-iakerb.patch * krb5-1.9.1-sendto_poll2.patch * krb5-1.9.1-sendto_poll3.patch * krb5-1.9-MITKRB5-SA-2011-007.dif - Fix an interop issue with Windows Server 2008 R2 Read-Only Domain Controllers. - Update a workaround for a glibc bug that would cause DNS PTR queries to occur even when rdns = false. - Fix a kadmind denial of service issue (null pointer dereference), which could only be triggered by an administrator with the "create" privilege. [CVE-2012-1013] - Fix access controls for KDB string attributes [CVE-2012-1012] - Make the ASN.1 encoding of key version numbers interoperate with Windows Read-Only Domain Controllers - Avoid generating spurious password expiry warnings in cases where the KDC sends an account expiry time without a password expiry time - Make PKINIT work with FAST in the client library. - Add the DIR credential cache type, which can hold a collection of credential caches. - Enhance kinit, klist, and kdestroy to support credential cache collections if the cache type supports it. - Add the kswitch command, which changes the selected default cache within a collection. - Add heuristic support for choosing client credentials based on the service realm. - Add support for $HOME/.k5identity, which allows credential choice based on configured rules.- add autoconf macro to devel subpackage- fix license in krb5-mini- add autoconf as buildrequire to avoid implicit dependency- remove call to suse_update_config, very old work around- fix KDC null pointer dereference in TGS handling (MITKRB5-SA-2011-007, bnc#730393) CVE-2011-1530- fix KDC HA feature introduced with implementing KDC poll (RT#6951, bnc#731648)- fix minor error messages for the IAKERB GSSAPI mechanism (see: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7020)- fix kdc remote denial of service (MITKRB5-SA-2011-006, bnc#719393) CVE-2011-1527, CVE-2011-1528, CVE-2011-1529- use --without-pam to build krb5-mini- add patches from Fedora and upstream - fix init scripts (bnc#689006)- update to version 1.9.1 * obsolete patches: MITKRB5-SA-2010-007-1.8.dif krb5-1.8-MITKRB5-SA-2010-006.dif krb5-1.8-MITKRB5-SA-2011-001.dif krb5-1.8-MITKRB5-SA-2011-002.dif krb5-1.8-MITKRB5-SA-2011-003.dif krb5-1.8-MITKRB5-SA-2011-004.dif krb5-1.4.3-enospc.dif * replace krb5-1.6.1-compile_pie.dif- fix kadmind invalid pointer free() (MITKRB5-SA-2011-004, bnc#687469) CVE-2011-0285- Fix vulnerability to a double-free condition in KDC daemon (MITKRB5-SA-2011-003, bnc#671717) CVE-2011-0284- Fix kpropd denial of service (MITKRB5-SA-2011-001, bnc#662665) CVE-2010-4022 - Fix KDC denial of service attacks with LDAP back end (MITKRB5-SA-2011-002, bnc#663619) CVE-2011-0281, CVE-2011-0282- Fix multiple checksum handling vulnerabilities (MITKRB5-SA-2010-007, bnc#650650) CVE-2010-1324 * krb5 GSS-API applications may accept unkeyed checksums * krb5 application services may accept unkeyed PAC checksums * krb5 KDC may accept low-entropy KrbFastArmoredReq checksums CVE-2010-1323 * krb5 clients may accept unkeyed SAM-2 challenge checksums * krb5 may accept KRB-SAFE checksums with low-entropy derived keys CVE-2010-4020 * krb5 may accept authdata checksums with low-entropy derived keys CVE-2010-4021 * krb5 KDC may issue unrequested tickets due to KrbFastReq forgery- fix csh profile (bnc#649856)- update to krb5-1.8.3 * remove patches which are now upstrem - krb5-1.7-MITKRB5-SA-2010-004.dif - krb5-1.8.1-gssapi-error-table.dif - krb5-MITKRB5-SA-2010-005.dif- change environment variable PATH directly for csh (bnc#642080)- fix a dereference of an uninitialized pointer while processing authorization data. CVE-2010-1322, MITKRB5-SA-2010-006 (bnc#640990)- add correct error table when initializing gss-krb5 (bnc#606584, bnc#608295)- fix GSS-API library null pointer dereference CVE-2010-1321, MITKRB5-SA-2010-005 (bnc#596826)- fix a double free vulnerability in the KDC CVE-2010-1320, MITKRB5-SA-2010-004 (bnc#596002)- update to version 1.8.1 * include krb5-1.8-POST.dif * include MITKRB5-SA-2010-002- update krb5-1.8-POST.dif- fix a bug where an unauthenticated remote attacker could cause a GSS-API application including the Kerberos administration daemon (kadmind) to crash. CVE-2010-0628, MITKRB5-SA-2010-002 (bnc#582557)- add post 1.8 fixes * Add IPv6 support to changepw.c * fix two problems in kadm5_get_principal mask handling * Ignore improperly encoded signedpath AD elements * handle NT_SRV_INST in service principal referrals * dereference options while checking KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT * Fix the kpasswd fallback from the ccache principal name * Document the ticket_lifetime libdefaults setting * Change KRB5_AUTHDATA_SIGNTICKET from 142 to 512- update to version 1.8 * Increase code quality * Move toward improved KDB interface * Investigate and remedy repeatedly-reported performance bottlenecks. * Reduce DNS dependence by implementing an interface that allows client library to track whether a KDC supports service principal referrals. * Disable DES by default * Account lockout for repeated login failures * Bridge layer to allow Heimdal HDB modules to act as KDB backend modules * FAST enhancements * Microsoft Services for User (S4U) compatibility * Anonymous PKINIT - fix KDC denial of service CVE-2010-0283, MITKRB5-SA-2010-001 (bnc#571781) - fix KDC denial of service in cross-realm referral processing CVE-2009-3295, MITKRB5-SA-2009-003 (bnc#561347) - fix integer underflow in AES and RC4 decryption CVE-2009-4212, MITKRB5-SA-2009-004 (bnc#561351) - moved krb5 applications (telnet, ftp, rlogin, ...) to krb5-appl- add baselibs.conf as a source- enhance '$PATH' only if the directories are available and not empty (bnc#544949)- readd lost baselibs.conf- update to final 1.7 release- update to version 1.7 Beta2 * Incremental propagation support for the KDC database. * Flexible Authentication Secure Tunneling (FAST), a preauthentiation framework that can protect the AS exchange from dictionary attack. * Implement client and KDC support for GSS_C_DELEG_POLICY_FLAG, which allows a GSS application to request credential delegation only if permitted by KDC policy. * Fix CVE-2009-0844, CVE-2009-0845, CVE-2009-0846, CVE-2009-0847 -- various vulnerabilities in SPNEGO and ASN.1 code./sbin/ldconfig/bin/shlamb69 1553779013 1.12.5-25.11.12.5-25.1sbinkdb5_ldap_utilkrb5pluginskdbkldap.solibkdb_ldap.solibkdb_ldap.so.1libkdb_ldap.so.1.0krb5kerberos.ldifkerberos.schemakdb5_ldap_util.8.gz/usr/lib/mit//usr/lib/mit/sbin//usr/lib64//usr/lib64/krb5//usr/lib64/krb5/plugins//usr/lib64/krb5/plugins/kdb//usr/share/doc/packages//usr/share/doc/packages/krb5//usr/share/man/man8/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:9926/openSUSE_Leap_42.3_Update/571efd8762c279690e1aff125557475b-krb5.openSUSE_Leap_42.3_Updatedrpmlzma5x86_64-suse-linuxdirectoryELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.0.0, BuildID[sha1]=4267f7b9892f4782a6c16ee5409bfaa01fc4af55, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=7c8de783aa4a4749bb65b816e4f16a5d4bfef292, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=5482adfacf90b1c33f0f3c8cfe684c93f9a20633, strippedASCII text, with very long linestroff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)RRRRRRRRRR RRRRRRRR R RRRPPPRRRRPPPRRR RRRRR RRRRRR RR RRRJCG0D?0]"k%y؄O^͵ жb2eRCLUR3 :`ղԅi43iAcM PleѮ,KhT0P[4P&~+h"8- xÂǔah)bz2p$RFmfK¸6pO|f~G9$ <{5W]l)J'MNJ篕S;9uFUќȁWfc9;qնs0N<榸xFQL43J56ІJ~^LY Q @5 1A]7S{<˰&qYy@Jgjl X$dzYfMZdNT]p[RD6!O _yY ? 9jBb<#6Htvȍsd.nl P Y``Hhu1)w_d¤~HpGMy6bM/@t*~G .4kcM/foD^QcfDxbk}lB/%01y eiw&Z㔳AZG0߈FUF*+k~2&dm ?w75HІ)iENٓa7 ^a-`>Ng:IʮY <N[ { q51&Q&[0Pb-wqF7Q*|4i;g}D[8;eGPYݱi̕աq0I͎`dr7]j_ڡwɔAKm[ā(ӟĻҙӋT{O|]F?=/*YW` 3dco4i@QY5N04H036+doN^K 9-ö*\mF= V~$՘P+GJSkåU'qj-W+WN%2}bxUf+hu'<ӃO+@t<*d( :"!UۤyMBdYI㪬 JV񲌛 dײ+X屈R ҵh>/Q1)!kGj.K˰u tÉ+u2IS9cM$/~2ߙ7JU6(Slal;zWNi\s-]P4 s?;ɜRޜi/WI$4"I 8( oK.9RՑprxix =ִj0z=ӈ%*#q+>!AL+-f3#kCebLwʬhdfبźe WzoޤgvSlbUns28Zh:{/ T\Ȋ%cₐթG*!$q5!)j\Xkϩ=QNG,QA8>á,$IuȕW%G9W3U=H+I׌QPy*.dS?& @0lPge^11$EA-7{Ўl?yhK.Oӱ ٺ~o4BW;0+6BVopY+ <9tIW9/8T,e_^CNhZ~-&K@bpDKkTz E>u[ 7Ot?o(H6깻5apQ"{)CE^ nvvL.3}ʘV2lшĥ1c݇DL<2hmCi?5YË'8^L7xcbKb"˱` ,:&]9~Vܭ jWud[_Ԧ+^FCyqvYZGƮGL#30Gh2' x٠7&Q<8"1uhN'! mDC‹mBj\#>ױ{0MaMvxeS\uLj+v @Ylo|>x*B/|X }::Z\_] eCk4 Tj~H\$ki$Rv鳦3F@'dsEI-Kcߠ/#P=xʈ%`sP g"֡y2e >ʹ@ht\7ᰓQhXҵet+AƷ>|W_C1gv8N)%K4 wI H ! (ʌVlœڑ“COl7 xJ֩x6rE%$C>v aE1z5 OߖY SE.,kNCߕ~Ĵm{TOoc7yek벵93Џ2 u0Um*S_*l)Pp딳}V69`F\w1|":TDY$E'еџ62bN|HH<4-j"azfgH˪Q@w9t`JtQxn|ەwVpNۂ%ׁ͐1? Yn!U+&6|/ȲmЦIqG|G0Thy* Y1 ]QO!m2$ VJT ZܖkB"}n{_us%l-倠U_ A8mqd<yB>Y%Ӓfq-^!?צu3f9Bsա&G|#@(J1gT+Qݦw~Om' 2wϐ. ԣ+BK(AI ͹#iqصDj5^fh匤;_;~bǦ7m$e}"ce.t '+ki?[u{?.%Ƈv:ܥx%P Hͣ2)Z_}9$wC6Q;u됽CxQUDhK>OЀS;߾K`w \w篵Ko`y'@]Je 0lczZZd,wm<傊-´ e@fwgȐ,6H]=7M[b<6{6zH(&+=SټF(uJCd@Dd83^NFؽ P >1~" {AÅ xL¼L;ᢚt υgĘCT߬&~T%MhbqK+"3ɊJC+L"_({-2sxi0w&®XύHT#p qƣ q/ Fe|~2a:dd AgV93ERz $a- ƍ^BVmeS(S%ގ9'q.'})Ɋ@ԯ)7yRKɡlc>Һ}M[ҝE<ڀ#khtl6gQ2 @o#3'2DǗ TGW?crjBs 96=+gp*!.z<AmHm i !lW"P(e@2;^9"]SvIlGU`po=Mt(Ԭ*Yu"fȥ ٶ7`ENcQhgwG4Oo}B,TNvdwug6H{ ;?wL<4lyb{M9ޠe}dco$ɜӈ _ٯN:6m\w3*eՁNtA֙;E`7W7b'gVq I>JLJ7~zG$MD;fmr93@wIMR0*W0;B*x%:r ȖUI0NPGGI*E5~.] 9O9ѯFaFGՁ'v<*.t?uVAE eԗp@ҩtLN78lQjdl`<ߥs?5O67Qz^(Sq[|1a5^ UVoL"_4./)1 v0#2y\LU8 Ӳ̉rvʪYk{hCGse?f[]"M]Afϡ7KX>bn6&gߐqR纵QjDG %n#d[yr]i@<$KuNe/)ܶ C{pp?(1Qآco=GZc„-H8ό<)F8̬5T~I!__HŖrtTfwf@׹E =42荜 +Ht> .bՖm DR8çLϑT%mA2Zʧʵ+z3s:Tk'eďSefa*<0K:La]|D8hczNĺr(Ɂ"d>ӻG/C/S2E/e_""[U]$_fH/pI@dpL$:U7f6x@RNyo?hz^ڼn݊Gi#x rPSy,^26ė-'^)<:+woY=|Y#tY4vfl*5W8*Q*D䭊V5\Y5bGKXm1Ÿ^n2A' ү3-m:ndxj~,ړ%O}^Txpt䭡(IwѤ:ږ1"Agp?n$aGA+*\fiI ȑ*+Xv|x>tCo)#Pr#3܈xɺSZi+/\6X@?H\"cT`_aG4 0p[TSw?9ȕ5(33ߗۿkAȃy/x e2}HIX88d|r\bOHRӹAʛ& p2z 7!y۩~@zKfzUwF\ FIzVy7@썗(.c͚bƓ.f{ 㭜(7||DX+hv1ҹf,4e?s8ʾDI^!f}(V9Z-沷ݚfp}OUgN PRԪ?՜RKX@ _oN:5}5H%f.7>@k]*9Xm]:!yχi^rzT- ƼAqr5Zrֱ3oeJԈb-ehkP SJN۩Se,~(6n0ܠo( >nCme0&*X'G{12R@*P D?X!'#6b&IxnW.]XJheZ&ɒ`e*wgժdp8PA;(0$n>Tiz.y8@yxo[O'.[  ¼H3h%f-dBx\6Vyg ܻPT+_W̮[4< <߼P,5,@nVC5r;TGdTYG ,kpq$qug?T̳zP4`NHoa&:hӃcvc۴ox%=e&ed#iMv:JR+YA6{mǔ9.z@ﱏ<#ek['s~  ]@/ yհ0a7f/ns&sK[?[ǍXGWGǡ(X0smS=[լC4/WfDqM_Hpy?%4ٕjms<^lkV'p\!Gs >7vjJ<ЀuB0im,MDh5/b4K:o׍V|.8UD1XIZw'Zm%>az4"n}iOOДH=Ƌf%g~KWz' Q QJs4wPL5VܷW\I)&L?y_{%5*2CGΗĿN&`?Jh[S{^Ͽ<0^#KT>Mw̜*+ GCU 췛 TH՗1["|ӀqFCnR$>_. %x:ټ̚0] lN! )UQcIzIy{k^+91YblY+>ɃlBVH|IJ6q /".tlHdH&%@Ͷy>l35y#rS[IS:m-[=@ ׌4Fp7QO?~v F:d ߻Zz+%9RgĄ5jWU̸5,A"M$~(Jb& 0xfFb[Lͫ2m7X9 uYG"IuvZE\}^2B"q|Sךh"'e$oa[4edCh)aًue ZѠ=|*><ZY \a@pw1AʾƔwd|:cͺ8[>cWyFx\6?x1h#DefE N'kmƋnݿI+^>F T62#NT}n+n$m8Qhwj ֖BS^gHmƚN]d(> RsKijP@b`S|,(%e{-YJ??]fkzr7̄J2A: T?$L^j<;5рKR4&ݫp(J` 7=+ɇ-4YclMpSQM%R%d$'n]7*~1.FkfM 2 |Ľ>o jpCj TmD1aRb).q>FxSW avgmL*ij3>,٨(AC}jSړnE G+orKHW5XPshPdxEpV#㐿[V09yfnrsR_% &>½xyL|@+ zcEӛVK?a5401HHZ;=#0-1o{?d3@/e.+1\5vaA[\d `nz 2IˤV2,L0Y([:j WN>NDn|k8XcәHcSEqۤ(ŸZ[\zJ52ЊEyD 'KayƱoFk{4ܴexƜJqy0xym(Ugߵ_uiɭ\aA+)cv2 E :ۼ_5=͌1sfl}X`ʚ>]\Ghቔ7kc|INHy؈r%C;^>Y[Ȼ4f"ʳ` I6@+ =ٵJᡆ5_Tx 䪍5`BԜQ9ӭ\GP~|U*&n(!{;¬1ά02}Em.顖^QZNEy*\ɫ&jykg=<ϭ@%m?_k̆_{@R1 7Lk^^hz6Rq`Riξ[:lWQs:wy$F_ud&N wE^Q)V= QX\4Ym5z?I)|!X>P=cyưrZF@,рkt0SgM#noz>关t W1Kx`P]@,en܃ * >*u; ]^.㰠j,i邓SHn2܈vb,/a#aj73]j5-e'!89(RP4 @zkB~_3KdoX šyH֫7GX<=9CGF\N}TJ"S}\j p!!e~z-l~~#lyzd88M+MVmg1M>UBYq8ڡ7gzZ7zZVx)~^Osi +ci4JR +WP4 jc\!Zԇ'5S;WY m{ŷnG  ﹦sA`a5pOUOA*^Kxm0mG}y&C17MU~ EM_499!`1_Lŵ9,cKm}F5HqIpWq >Cu\$E~9t;t0J,E^7+Cb૗D8- ~{TZ5 K-{fe#F+85w!H*`4wSWHl Lw!9TCŮ<ߜym)n[zA9 PxeKF^/PbNC(Eꇛ:> =|0C*[ǖ(E_-H#jߌi΍Pɣu[wsB(cȨ?T;FS#]A.]f4-^ rYpq֎& Ex ;{?2Gs"r oRњintګ"ё]pC'њwF =S'~ ~7 @#FrydR%:أHLxhֲMQ'7ͪJ p#~bLIʷ`27APMnBsBJ֞p8Pq[\K(k$;At t+'PĬtJqFv,#ADf_Œewe}伡 H.FI(Tz;B+~KϣLiPW!9%IP1_2S${bɓ.NpĚe$,B^Kc+.G%5S8_lE (. J#k.%Yͻ=xz:e1 =Of)D9St@?2f}Ȱ8^G)o5] ]oP?iHl*'hؚ4ΠAӴAV~}(AVw+NHF3qt5~VW^znb!LK^{}ф胓,S'^SB;A"=5*/_[GH$Jؘ)jZ^VLroUOe pqY! CYnR9uDz?\ f "+H{saEl.@OW5&hSw 9&07/]qV]Z!Ft..\yVY,;0 6S997+ȩd.s#6{F}TI>S[S!rkp0$w׶6wBQѰb*s,-gfqc 1X?PYQwܖk6K 9b%Pe<Ur薣{jpE% !5M;^PJ_z<]0,Po}WW.D??ԅxBܰB!~V!å39@<n%X0RIMrdƅ{:W6m!pqh/^\ !]&?I"1fKNWq$#L_ c0e˲h;`Raܠqv@rDLP y*5d11\|v^Ѿ0Q,U\OF8*0L ?wm]CI1J Eebj NCk~V@2 9*0ВzTKUG"IHc 2ĪAEEjHCohܚgŅYd@Wy đ٬U^'1-@Egm}*"V~dV!Mdbc*RkWC_(҇:k#x~5$'|2^Q9݌,v,,(1dMVLT#{q`T gDQCQwDHODƺ2A 'vhq"|Y'^ 3fWY Dvi}}y@W|E F&YToľjʖBoA pCHoG qIRc{ԧH{rKPkר+UP+z {o;gKR4G *+E-KUdiCSڻ}.7"5JXL`"a jQ4Ҿ7Tq"B%ԣ-fp!Xմ}Ta'x活>$(RSv["FP4j TP }Jvlt29,%R9zP 3@ydn 6OWjNhza,tig{3zhK^R]ugECA66m~tb ܉̓2gh]>@g2ω,B[eԅ%㇘6:v k c0 |j 1>OЂLD\<1 j)rZ7+âلC[4:Ug2[v]HS!a;ʋޗuK3o٪$bb Al*5ՍMZ|cEm;H~ X3A*v3*HYlyYQ}#s^bt2}`#o]ay_+k ^%Q4Nd7+u9"x9=鄽Q@m7uZ 2;xWkl8p`w໸PQz6f+YHӑ!%c/# w;9 ESQPUTQ`,uVTo09_ Qx39`&١5 ˷fmt)@QߪN!II;zu?%-&3/S\^`404(#ݱM+2&#.[fiaP }."Å26Lڰ+mf>I$?"҈ܶ /@ q\mNسE>;8Pk _{pq6g{э|y_X "A7&?z!GVY;A"X5-NrBQQbDݶpC:Y8!RCgx&FUMh;\A𝴜?ʼn4ala_4>*Lfx_">A=K!"ٶڍJօk6lꮂ1a042Z`3V04@H