non port: security/krb5-116/distinfo |
Number of commits found: 5 |
Thursday, 12 Dec 2019
|
20:55 cy
Update 1.16.3 --> 1.16.4
|
Tuesday, 8 Jan 2019
|
01:41 cy
Update 1.16.2 --> 1.16.3
Major changes in 1.16.3 (2019-01-07)
====================================
This is a bug fix release.
* Fix a regression in the MEMORY credential cache type which could
cause client programs to crash.
* MEMORY credential caches will not be listed in the global
collection, with the exception of the default credential cache if it
is of type MEMORY.
* Remove an incorrect assertion in the KDC which could be used to
cause a crash [CVE-2018-20217].
MFH: 2019Q1
|
Friday, 2 Nov 2018
|
15:51 cy
krb5-116: update 1.16.1 --> 1.16.2
|
Friday, 4 May 2018
|
06:18 cy
Update 1.16 --> 1.16.1
Major changes in 1.16.1 (2018-05-03)
====================================
This is a bug fix release.
* Fix flaws in LDAP DN checking, including a null dereference KDC
crash which could be triggered by kadmin clients with administrative
privileges [CVE-2018-5729, CVE-2018-5730].
* Fix a KDC PKINIT memory leak.
* Fix a small KDC memory leak on transited or authdata errors when
processing TGS requests.
* Fix a regression in pkinit_cert_match matching of client
certificates containing Microsoft UPN SANs.
* Fix a null dereference when the KDC sends a large TGS reply.
* Fix "kdestroy -A" with the KCM credential cache type.
* Allow validation of Microsoft PACs containing enterprise names.
* Fix the handling of capaths "." values.
* Fix handling of repeated subsection specifications in profile files
(such as when multiple included files specify relations in the same
subsection).
|
Wednesday, 6 Dec 2017
|
04:18 cy
Welcome the new security/krb5-116 port. This port follows MIT's
KRB5 1.16 releases.
Major changes in 1.16 (2017-12-05)
==================================
Administrator experience:
* The KDC can match PKINIT client certificates against the
"pkinit_cert_match" string attribute on the client principal entry,
using the same syntax as the existing "pkinit_cert_match" profile
option.
* The ktutil addent command supports the "-k 0" option to ignore the
key version, and the "-s" option to use a non-default salt string. (Only the first 15 lines of the commit message are shown above )
|
Number of commits found: 5 |