í«îÛ    krb5-apps-servers-1.7-6.12.1                                                        Ž­è         <   >     ,     è            ê          ì          C]‰ M‚4ð¸‹/Ô=½Â„] K©R¢iTÌ¬¥·òvS†ùº¾{BþÓµ“Ú©Sq^cX!ì÷PvÝRti…xÒÀ×NKé˜®éI„lŒ+© Ô¢Hñš‡h€e$ãó<`OÔj'd îbÍçfd)õ _ÖHnz²säÐËP3z˜…SŽif/bÎ$ˆèP§Â-  ;Ëüc‘±$RÓ
Æº2Ýé/ºm… +p3¸Ñc»×B >À€*Çc¤žvëÄ,Q¡ª· †Å©Êkó†Å`@Iså&žJñH?‚¥c™:\Í«Œ!p7R+EU¡4T´>ºLÂDƒ,xVÉÈìçâ?¯
ægGq™ (~/&aÕA=‰]   >   ÿÿÿÀ       Ž­è       5  9ý   ?     9í      d            è           é           ê           ì   	        í   	   A     î     à     ï     ä     ñ     ì     ò     ð     ó     þ     ö          ÷           ø   	  9     ü     Z     ý     {     þ               ˆ          Ü     	          
     0          „          ù                    d          Í          6          P          ¤          Ð          8          
y     (     
¦     8     
¬   ?  9     ¨   ?  :     l   ?  F     6€     G     6”     H     6è     I     7<     X     7T     Y     7\     \     7t     ]     7È     ^     8ˆ     b     8×     c     9_     d     9Á     e     9Æ     f     9Ë     l     9Í     z     9Ý   C krb5-apps-servers 1.7 6.12.1 MIT Kerberos5 server applications Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords. This package includes some kerberos
compatible server applications like ftpd, klogind, telnetd, ...


Authors:
--------
    The MIT Kerberos Team
    Sam Hartman <hartmans@mit.edu>
    Ken Raeburn <raeburn@mit.edu>
    Tom Yu <tlyu@mit.edu>   M€Óbuild17  ³ÿopenSUSE 11.2 openSUSE MIT License (or similar) http://bugs.opensuse.org Productivity/Networking/Security http://web.mit.edu/kerberos/www/ linux i586     G  5  3  B       =€  FÈ  ¹  ª  y|  &Œ  &” ¨  &ˆ  Ç  
¡  r  a  H  [¤¤¤¤AíAíííííííííí¤¤¤¤¤¤                                          M€ÒåM€ÒåM€ÒåM€ÒåM€ÒæM€ÒîM€ÒìM€ÒìM€ÒíM€ÒîM€ÒîM€ÒîM€ÒîM€ÒîM€ÒîM€ÒäM€ÒäM€ÒäM€ÒåM€ÒäM€Òã85d3f067cfbcca3ef4f179a7e23b446d b34e526a04de0f36b67af13bb11d90b9 8033ff0b666a37808051a397c659a1b0 31c78c20a6880325c01b068bf0ba4e92   7772048f48ee9d4034a0b5ece0f131b3 a6198a7902a2ef1311e8fe486a578882 a8cc122476bccbfb2ac149bd3d89f4e9 9887ec8e8ce6725013e0d4851beb6b27 665ede4ffff88239257439f42defde97 876b27ddc7307d46ff09c0ef58b9e4bd 8b37186ebf0f58c904be7bf262fbd18f 1f6021b9792fab31bc574faaa79a0d12 8e94472d47e20e0e2f77245c3b7aeb8d 23977b792b04f5e9b8a4f6609020cfde 1c441994f289f84386c48e0d046f042e 9b5bc5ab36c6eab0f3f8364602af1439 47ad8b7dd68db4850f68768e13e8d172 568ffe5f573d4dd94c99957c6e0cfa6b 6b7ef2e2f11e2e3f55fd0a930a23a14f                                                                                                  root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root krb5-1.7-6.12.1.src.rpm   ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿkrb5-apps-servers krb5-apps-servers(x86-32)   
  
  @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   
rpmlib(PayloadFilesHavePrefix) rpmlib(CompressedFileNames) libc.so.6 libc.so.6(GLIBC_2.0) libc.so.6(GLIBC_2.1) libc.so.6(GLIBC_2.1.3) libc.so.6(GLIBC_2.2) libc.so.6(GLIBC_2.3) libc.so.6(GLIBC_2.3.4) libc.so.6(GLIBC_2.4) libc.so.6(GLIBC_2.8) libcom_err.so.2 libcrypt.so.1 libcrypt.so.1(GLIBC_2.0) libgssapi_krb5.so.2 libgssapi_krb5.so.2(gssapi_krb5_2_MIT) libk5crypto.so.3 libk5crypto.so.3(k5crypto_3_MIT) libkrb5.so.3 libkrb5.so.3(krb5_3_MIT) libkrb5support.so.0 libkrb5support.so.0(krb5support_0_MIT) libncurses.so.5 libutil.so.1 libutil.so.1(GLIBC_2.0) rpmlib(PayloadIsLzma) 4.0-1 3.0.4-1                        4.4.6-1 4.7.1 MlßÀM6Ò@LÖ”ÀKÑ‹ÀKÅ®@K‹¬@KXAÀK?ÀJYÐ@J&eÀJ
¶@I™U@ImÓÀIA ÀI?¯@I	¡ÀHÜÎÀH´ÀH‰À@HXøÀH*Ô@Gþ@Gü¯ÀGÚhÀGbp@GUA@G0W@Gâ@FêwÀFæƒ@FßëÀFÞš@F¸^ÀF–ÀFŒÝ@FˆèÀFq-ÀFm9@FA·ÀF9ÎÀF,ŸÀF&@F#e@FÍÀFª@Eì@EÝ…ÀEÙ‘@EÌb@E½áÀEµøÀE´§@E´§@E¤Õ@EšI@EO#ÀEAôÀEòÀDí”ÀDÜq@D×+@DÄ¶@D©Àmc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de coolo@novell.com mc@suse.de mc@suse.de mc@suse.de olh@suse.de mc@suse.de olh@suse.de olh@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de ro@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de sschober@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de - Fix vulnerability to a double-free condition in KDC daemon
  (MITKRB5-SA-2011-003, bnc#671717)
  CVE-2011-0284 - Fix kpropd denial of service
  (MITKRB5-SA-2011-001, bnc#662665)
  CVE-2010-4022
- Fix KDC denial of service attacks with LDAP back end
  (MITKRB5-SA-2011-002, bnc#663619)
  CVE-2011-0281, CVE-2011-0282 - Fix multiple checksum handling vulnerabilities
  (MITKRB5-SA-2010-007, bnc#650650)
  CVE-2010-1324
  * krb5 GSS-API applications may accept unkeyed checksums
  * krb5 application services may accept unkeyed PAC checksums
  * krb5 KDC may accept low-entropy KrbFastArmoredReq checksums
  CVE-2010-1323
  * krb5 clients may accept unkeyed SAM-2 challenge checksums
  * krb5 may accept KRB-SAFE checksums with low-entropy derived keys
  CVE-2010-4021
  * krb5 KDC may issue unrequested tickets due to KrbFastReq forgery
- add correct error table when initializing gss-krb5 (bnc#606584,
  bnc#608295) - fix GSS-API library null pointer dereference
  CVE-2010-1321, MITKRB5-SA-2010-005 (bnc#596826) -  fix a double free vulnerability in the KDC
  CVE-2010-1320, MITKRB5-SA-2010-004 (bnc#596002) - fix a bug where an unauthenticated remote attacker could cause
  a GSS-API application including the Kerberos administration
  daemon (kadmind) to crash.
  CVE-2010-0628, MITKRB5-SA-2010-002 (bnc#582557) - fix KDC denial of service
  CVE-2010-0283, MITKRB5-SA-2010-001 (bnc#571781) - fix KDC denial of service in cross-realm referral processing
  CVE-2009-3295, MITKRB5-SA-2009-003 (bnc#561347)
- fix integer underflow in AES and RC4 decryption
  CVE-2009-4212, MITKRB5-SA-2009-004 (bnc#561351) - readd lost baselibs.conf - update to final 1.7 release - update to version 1.7 Beta2
  * Incremental propagation support for the KDC database.
  * Flexible Authentication Secure Tunneling (FAST), a preauthentiation
    framework that can protect the AS exchange from dictionary attack.
  * Implement client and KDC support for GSS_C_DELEG_POLICY_FLAG, which
    allows a GSS application to request credential delegation only if
    permitted by KDC policy.
  * Fix CVE-2009-0844, CVE-2009-0845, CVE-2009-0846, CVE-2009-0847 --
    various vulnerabilities in SPNEGO and ASN.1 code. - update to pre 1.7 version
  * Remove support for version 4 of the Kerberos protocol (krb4).
  * New libdefaults configuration variable "allow_weak_crypto".
  * Client library now follows client principal referrals, for
    compatibility with Windows.
  * KDC can issue realm referrals for service principals based on domain
    names.
  * Encryption algorithm negotiation (RFC 4537).
  * In the replay cache, use a hash over the complete ciphertext to
    avoid false-positive replay indications.
  * Microsoft GSS_WrapEX, implemented using the gss_iov API, which is
    similar to the equivalent SSPI functionality.
  * DCE RPC, including three-leg GSS context setup and unencapsulated
    GSS tokens.
  * NTLM recognition support in GSS-API, to facilitate dropping in an
    NTLM implementation.
  * KDC support for principal aliases, if the back end supports them.
  * Microsoft set/change password (RFC 3244) protocol in kadmind.
  * Master key rollover support. - obsolete also old heimdal-lib-XXbit and heimdal-devel-XXbit - do not query IPv6 addresses if no IPv6 address exists on this host
  [bnc#449143] - use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade
  (bnc#437293) - obsolete old -XXbit packages (bnc#437293) - in case we use ldap as database backend, ldap should be
  started before krb5kdc - add new fixes to post 1.6.3 patch
  * fix mem leak in krb5_gss_accept_sec_context()
  * keep minor_status
  * kadm5_decrypt_key: A ktype of -1 is documented as meaning
    "to be ignored"
  * Reject socket fds > FD_SETSIZE - add patches from SVN post 1.6.3
  * krb5_string_to_keysalts: Fix an infinite loop
  * fix some mutex issues
  * better recovery from corrupt rcache files
  * some more small fixes - add case-insensitive.dif (FATE#300771)
- minor fixes for ktutil man page
- reduce rpmlint warnings - Fall back to TCP on kdc-unresolvable/unreachable errors.
- restore valid sequence number before generating requests
  (fix changing passwords in mixed ipv4/ipv6 enviroments) - added baselibs.conf file to build xxbit packages
  for multilib support - modify krb5-config to not output rpath and cflags in --libs
  (bnc#378270) - fix two security bugs:
  * MITKRB5-SA-2008-001(CVE-2008-0062, CVE-2008-0063)
    fix double free [bnc#361373]
  * MITKRB5-SA-2008-002(CVE-2008-0947, CVE-2008-0948)
    Memory corruption while too many open file descriptors
    [bnc#363151]
- change default config file. Comment out the examples. - fix several security bugs:
  * CVE-2007-5894 apparent uninit length
  * CVE-2007-5902 integer overflow
  * CVE-2007-5971 free of non-heap pointer and double-free
  * CVE-2007-5972 double fclose()
  [#346745, #346748, #346746, #346749, #346747] - improve GSSAPI error messages - add coreutils to PreReq - update to krb5 version 1.6.3
  * fix CVE-2007-3999, CVE-2007-4743 svc_auth_gss.c buffer overflow
  * fix CVE-2007-4000 modify_policy vulnerability
  * Add PKINIT support
- remove patches which are upstream now
- enhance init scripts and xinetd profiles - update krb5-1.6.2-post.dif
  * If a KDC returns KDC_ERR_SVC_UNAVAILABLE, it appears that
    that the client library will not failover to the next KDC.
    [#310540] - update krb5-1.6.2-post.dif
  * new -S sname option for kvno
  * read_entropy_from_device on partial read will not fill buffer
  * Bail out if encoded "ticket" doesn't decode correctly.
  * patch for referrals loop - fix a problem with the originally published patch
  for MITKRB5-SA-2007-006 - CVE-2007-3999
  [#302377] - fix execute arbitrary code
  (MITKRB5-SA-2007-006 - CVE-2007-3999,2007-4000)
  [#302377] - add krb5-1.6.2-post.dif
  * during the referrals loop, check to see if the
    session key enctype of a returned credential for the final
    service is among the enctypes explicitly selected by the
    application, and retry with old_use_conf_ktypes if it is not.
  * If mkstemp() is available, the new ccache file gets created but
    the subsequent open(O_CREAT|O_EXCL) call fails because the file
    was already created by mkstemp(). Apply patch from Apple to keep
    the file descriptor open. - update to version 1.6.2
- remove krb5-1.6.1-post.dif all fixes are included in this release - change requires to libcom_err-devel - update krb5-1.6.1-post.dif
  * fix leak in krb5_walk_realm_tree
  * rd_req_decoded needs to deal with referral realms
  * fix buffer overflow in kadmind
    (MITKRB5-SA-2007-005 - CVE-2007-2798)
    [#278689]
  * fix kadmind code execution bug
    (MITKRB5-SA-2007-004 - CVE-2007-2442 - CVE-2007-2443)
    [#271191] - fix unstripped-binary-or-object rpmlint warning - fixing rpmlint warnings and errors:
  * merged logrotate scripts kadmin and krb5kdc into a single file
    krb5-server.
  * moved heimdal2mit-DumpConvert.pl and simple_convert_krb5conf.pl
    from /usr/share/doc/packages/krb5 to /usr/lib/mit/helper.
    adapted krb5.spec and README.ConvertHeimdalMIT accordingly.
  * added surpression filter for
    "devel-file-in-non-devel-package /usr/lib/libgssapi_krb5.so"
    (see [#147912]).
  * set default runlevel of init scripts in chkconfig line to 3 and
    5 - fix uninitialized salt length
- add extra check for keytab file - adding krb5-1.6.1-post.dif
  * fix segfault in krb5_get_init_creds_password
  * remove debug output in ftp client
  * profile stores empty string values without double quotes - update to final 1.6.1 version - add plugin directories to main package - update to version 1.6.1 Beta1
- remove obsolete patches
  (krb5-1.6-post.dif, krb5-1.6-patchlevel.dif)
- rework compile_pie patch - update krb5-1.6-post.dif
  * fix kadmind stack overflow in krb5_klog_syslog
    (MITKRB5-SA-2007-002 - CVE-2007-0957)
    [#253548]
  * fix double free attack in the RPC library
    (MITKRB5-SA-2007-003 - CVE-2007-1216)
    [#252487]
  * fix krb5 telnetd login injection
    (MIT-SA-2007-001 - CVE-2007-0956)
    [#247765] - add ncurses-devel and bison to BuildRequires
- rework some patches - move SuSEFirewall service definitions to
  /etc/sysconfig/SuSEfirewall2.d/services - add firewall definition to krb5-server, FATE #300687 - update krb5-1.6-post.dif
- move some applications into the right package - update krb5-1.6-post.dif - krb5-1.6-fix-passwd-tcp.dif and krb5-1.6-fix-sendto_kdc-memset.dif
  are now upstream. Remove patches.
- fix leak in krb5_kt_resolve and krb5_kt_wresolve - fix "local variable used before set" in ftp.c
  [#237684] - krb5-devel should require keyutils-devel - update to version 1.6
  * Major changes in 1.6 include
  * Partial client implementation to handle server name referrals.
  * Pre-authentication plug-in framework, donated by Red Hat.
  * LDAP KDB plug-in, donated by Novell.
- remove obsolete patches - fix for
    kadmind (via RPC library) calls uninitialized function pointer
    (CVE-2006-6143)(Bug #225990)
    krb5-1.5-MITKRB5-SA-2006-002-fix-code-exec.dif
- fix for
    kadmind (via GSS-API mechglue) frees uninitialized pointers
    (CVE-2006-6144)(Bug #225992)
    krb5-1.5-MITKRB5-SA-2006-003-fix-free-of-uninitialized-pointer.dif - Fix Requires in krb5-devel
  [Bug #231008] - fix "local variable used before set" [#217692]
- fix strncat warning - add a default kadm5.dict file
- require $network on daemon start - fix function call with too few arguments [#203837] - update to version 1.5.1
- remove obsolete patches which are now included upstream
  * krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif
  * trunk-fix-uninitialized-vars.dif - krb5 setuid return check fixes
  krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif
  [#182351] - remove update-messages - add check for krb5_prop in services to kpropd init script.
  [#192446] - update to version 1.5
  * KDB abstraction layer, donated by Novell.
  * plug-in architecture, allowing for extension modules to be
    loaded at run-time.
  * multi-mechanism GSS-API implementation ("mechglue"),
    donated by Sun Microsystems
  * Simple and Protected GSS-API negotiation mechanism ("SPNEGO")
    implementation, donated by Sun Microsystems
- remove obsolete patches and add some new build17 1300288275                                             <ô <ó <ö <õ  ¯  °     Ý  Õ 
   ÿ  ü   ë  Ö  ç   í                               1.7-6.12.1 1.7-6.12.1                                                                      eklogin klogin kshell ktelnet mit sbin ftpd gss-server klogind kshd login.krb5 sim_server sserver telnetd uuserver kftpd.8.gz klogind.8.gz kshd.8.gz ktelnetd.8.gz login.krb5.8.gz sserver.8.gz /etc/xinetd.d/ /usr/lib/ /usr/lib/mit/ /usr/lib/mit/sbin/ /usr/share/man/man8/ -fomit-frame-pointer -fmessage-length=0 -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -g obs://build.opensuse.org/openSUSE:11.2:Update:Test/standard/ed03ab7eafe5fc2e93ea5303146735e2-krb5 cpio lzma 2 i586-suse-linux d¸%¦¥×ÄŠè´úÖX   ?   ÿÿü°   ]   ÿÿÿÿÿÿÿÿ "ÌkÀ%rÞv^¯’Éxôòú_ò²¶^Ÿ½-:nµI¦QB®d‡¬¸œ´mOtÑågùÈ®´(?J[°Ûåü…ÛÜb£Kj|­ásÕí^Ù
éGÄxØ7ÃÞô- ú*Æ—tÞ
ûNa¼?*ÈÇåãñœ
A
‰Gr_W=Æa²:t\[Hô8òø®õÜ®•V$ºÈTõß
EhÆ6k†WyáWäw,ÁÄ9ÄSQÝàCÑ}×@þæ$¨(x†oQz¶†²(-¡Ÿ	&b±xsûSR6UáØçé¥[‚áÇÜðÉU^Íþs7Àj\f7óÂÜ‘¼u-FŒêëÌêEpÍ%¨ÊÏµçÞ?´ªƒÔ\+wv¯V!"M¸”ï–ÞzFv„’ÏÆhLšr!NeÝf‰
ì—ãêÊ™ÀïÄ;j©LÝ÷ÚŒŽ i“[¤›U—¼W	¥Xß±¼ßÀ‰tÛB†µ”²tÆ•Œ/Õ#B#Ç´¬â>;Êæ2ºî7w4Ì¢ÿö.ÍF‘MUäDJ8êîU|ˆD€¤s–"azPïxw©6×Ž,RYfåÂ	Gª\iK¿I×g¯Rr(ÖòÛöi´8óåHïÏ]rD½»-Rž"ò)acž@@xþƒ…<ÖJÁßœkÎõX”fc*Š{Ù¨]ÀÉ²kO‚\üˆà €;}R’x7_Ì
 È±VðŠXþÕY*’Ê~k¤qÔ ÅÈ@ˆIaVX ©á'ŠÂ’”»ë˜×V1C6,‰
·„;”<[¦~—‰,¹£Ò•¶cy;ªñ{]Ö¤¡/Ä=3µŸ¨­ÿôß_èN<m=î’™d )dÄ¿öàÊ	sÜvÆ*ËQ°$–šäÿôä9ïrF&Ê…}øõ g[›—LøÊéCtf‘hÙõabx<xH£¸õ‰	•s–cbVÕ¶;ñÆNkK¯=çðˆ‰øõŠ%ÚVx™[ÑtK‘ö;¶îöf°·ÈéOÖ{(\Î Ú³ŒùÈCh~ßP<“÷¿˜t?uÌ9ÛD“}¾?Ð}£¶§“Ý·uŠ¯ßF„µŽåýhÀPºŸÓ“lÔ½yÐRàbYSRýSwñ‚µ\Ñ‡“Àì3Øª!u¿!YFnu,?YêßK!™ki}xyàãÜQ!-^Ÿ^«¥ß¿½ˆg³J
 y|þÉåö@ÎÐÔÑÒj„ñæs´îÆ!óh."¼;di!CÜy'ØXÕŒ¡ðCx.×‘_áû¹oœTfWîäî¼˜Á<CË–”áœj˜…¬oqöO/Þ!¶xÞÝ‡Ë A}Ú a‰LL´&Fåª2ÓÉº=<’ï3ÜnµQêãùªš—YðÉk`††ÿþèa2Eºí°œ#_Ô”˜¹Ä»4“ë1%7S{Ä_¦"ž­~‚©ü54r!Ã•8¸qaè‹>ˆù[Iu#c]ë`ÌWñIÅ±…ÿI?ˆ‘úPaý³æÃŠWŒ# õâ­›õË+^TÕW¶l
ƒW1päþø{Z<˜¨^U«Ø˜öA•ÿáâ#Tßñö¾ùx?ÐP{MBµ!§Y+æq2×KŸ+øxª~’+òGëP·³;[yï~¸ëqH¼Û:5÷EB”¨¤ÉA˜	=Ô M¨Â“–ÎÃ_
È©+aäqEGÈì^…bbo×G6N\ÎðåF$i4ñl‹OC~ƒ^<Ž;Â[š,_ÖxTÙYì%˜äêªxåŠ¤‚ë£i§7f÷äDÆ?u–&#ŒMÛcÎä€ÍšÝÌ/Müš•o=<îóEå–ä¡ûM%2†zè=½±aðˆ¦VîÌ™v ½i‰ÍPŸáLHvæì½¨M­Æ½Ðbì®mÚ6r[˜aÀWžâíÿÄ”€