í«îÛ    krb5-client-1.7-6.3.1                                                               Ž­è         <   >     ,     è            ê          ì          <@‰ K{â‰¸‹/Ô=½Â„£Ç Îß!€g1€EHIòöÝûç  CÍR	‰pFÖ³é<+j	Ý!PôÂè¥R˜2Ó½Ìújñ§šN«½­ã?ê¢<M·—ØWÜÐ‡½lëÊ¬´$ôhóáC÷ÿá¼C¹º6²pïÁã"™Þ‡ujãŠå~øý|¢D¨Ã¢u/³ò5*èß&óÔ‚g‡^·¦(á"S’D_¹o<™ysþËÚcûa<Íèï?Ìzaf’‘&t[kN+%£€4„—§œ]
Þ÷…&ëf×ïŠïR›ÁÅ0è®\tMR#ž<¼;¿çwÙLRÒÐi-4W2õ€L*Ø»ýa>ÂbrG]ž7¤û€r¬è>ã0–   >   ÿÿÿÀ       Ž­è       5  4¨   ?     4˜      d            è           é           ê           ì   	        í   	   G     î     Ð     ï     Ô     ñ     Ü     ò     à     ó     î     ö     ÷     ÷          ø   	  )     ü     J     ý     k     þ     q          x          Ø     	          
     8          ˜                    P          °          (                     ¸                    8          Œ          
T     (     
|     8     
„   9  9     h   9  :     ê   9  F     0Ú     G     0ð     H     1P     I     1°     X     1È     Y     1Ð     \     1ä     ]     2D     ^     3$     b     3‚     c     4
     d     4l     e     4q     f     4v     l     4x     z     4ˆ   C krb5-client 1.7 6.3.1 MIT Kerberos5 implementation - client programs Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords. This package includes some required
client programs, like kinit, kadmin, ...


Authors:
--------
    The MIT Kerberos Team
    Sam Hartman <hartmans@mit.edu>
    Ken Raeburn <raeburn@mit.edu>
    Tom Yu <tlyu@mit.edu>    K{Í}build31  ‘openSUSE 11.2 openSUSE MIT License (or similar) http://bugs.opensuse.org Productivity/Networking/Security http://web.mit.edu/kerberos/www/ linux i586                 z  Ø0  &@  Fô  F°  &p  Fä  &Œ     l  ê  I  ©  	  p  ê  ì      Ê¡ÿ¡ÿAíAíííííííííAí¤¤¤¤¤¤¤¤¤¤¤                                                K{ÍlK{ÍlK{ÍdK{ÍhK{ÍbK{ÍfK{ÍgK{ÍgK{ÍgK{ÍgK{ÍgK{ÍgK{ÍjK{ÍbK{ÍbK{ÍbK{ÍcK{ÍbK{ÍbK{ÍbK{ÍbK{ÍbK{ÍcK{Íc    f64db2dcf7ba6c6dd172e6b02394d52d 866946b17e07e7a45caa586a90d4bb27 1d77af0702482e006471a90ceb667714 b3a0ed5a6122b3c4f02fa115e1c2343a 402ee861049b6054aa6a7858a1011eeb c90a914532ffd9cdb74a99b1aaf24d64 3b15baac8146c8a2997419d07dee0440 0e29838112209018b46a4ec52b0398e4  d59a47b0a2a1f4bc7144a84da6faf25a 62aeca97d8d785bbae7c4c4f62eb6903 900e505c6b173e919a9522e0132011ec 11a077eaa7cacc660475833f34de0cdf 9c5a4a6bd73bfb9521ac3e57fab09cee 5a243200e7752938bbadc5343ce171a4 d907ca06ef8b8f67a01cbcbf0828d9ae bf10dc569a8feb924882c4a3e8be3a49 5841eab22b11a8cde3fc230850c4abe9 827d754832f8cd48cff54e48bd1843b5 4a3d406f1ce0d2cbe56d6d6067d761d9 ../lib/mit/bin/kinit ../lib/mit/bin/klist                                                                                                            root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root root krb5-1.7-6.3.1.src.rpm  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿkrb5-client krb5-client(x86-32)   
  
  @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   @   
rpmlib(PayloadFilesHavePrefix) rpmlib(CompressedFileNames) /bin/sh libc.so.6 libc.so.6(GLIBC_2.0) libc.so.6(GLIBC_2.1.3) libc.so.6(GLIBC_2.3) libc.so.6(GLIBC_2.3.4) libc.so.6(GLIBC_2.4) libc.so.6(GLIBC_2.8) libcom_err.so.2 libk5crypto.so.3 libk5crypto.so.3(k5crypto_3_MIT) libkadm5clnt.so.6 libkadm5clnt.so.6(kadm5clnt_6_MIT) libkrb5.so.3 libkrb5.so.3(krb5_3_MIT) libkrb5support.so.0 libkrb5support.so.0(krb5support_0_MIT) libss.so.2 rpmlib(PayloadIsLzma) 4.0-1 3.0.4-1                   4.4.6-1 4.7.1   KXAÀK?ÀJYÐ@J&eÀJ
¶@I™U@ImÓÀIA ÀI?¯@I	¡ÀHÜÎÀH´ÀH‰À@HXøÀH*Ô@Gþ@Gü¯ÀGÚhÀGbp@GUA@G0W@Gâ@FêwÀFæƒ@FßëÀFÞš@F¸^ÀF–ÀFŒÝ@FˆèÀFq-ÀFm9@FA·ÀF9ÎÀF,ŸÀF&@F#e@FÍÀFª@Eì@EÝ…ÀEÙ‘@EÌb@E½áÀEµøÀE´§@E´§@E¤Õ@EšI@EO#ÀEAôÀEòÀDí”ÀDÜq@D×+@DÄ¶@D©Àmc@suse.de mc@suse.de coolo@novell.com mc@suse.de mc@suse.de mc@suse.de olh@suse.de mc@suse.de olh@suse.de olh@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de ro@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de sschober@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de mc@suse.de - fix KDC denial of service
  CVE-2010-0283, MITKRB5-SA-2010-001 (bnc#571781) - fix KDC denial of service in cross-realm referral processing
  CVE-2009-3295, MITKRB5-SA-2009-003 (bnc#561347)
- fix integer underflow in AES and RC4 decryption
  CVE-2009-4212, MITKRB5-SA-2009-004 (bnc#561351) - readd lost baselibs.conf - update to final 1.7 release - update to version 1.7 Beta2
  * Incremental propagation support for the KDC database.
  * Flexible Authentication Secure Tunneling (FAST), a preauthentiation
    framework that can protect the AS exchange from dictionary attack.
  * Implement client and KDC support for GSS_C_DELEG_POLICY_FLAG, which
    allows a GSS application to request credential delegation only if
    permitted by KDC policy.
  * Fix CVE-2009-0844, CVE-2009-0845, CVE-2009-0846, CVE-2009-0847 --
    various vulnerabilities in SPNEGO and ASN.1 code. - update to pre 1.7 version
  * Remove support for version 4 of the Kerberos protocol (krb4).
  * New libdefaults configuration variable "allow_weak_crypto".
  * Client library now follows client principal referrals, for
    compatibility with Windows.
  * KDC can issue realm referrals for service principals based on domain
    names.
  * Encryption algorithm negotiation (RFC 4537).
  * In the replay cache, use a hash over the complete ciphertext to
    avoid false-positive replay indications.
  * Microsoft GSS_WrapEX, implemented using the gss_iov API, which is
    similar to the equivalent SSPI functionality.
  * DCE RPC, including three-leg GSS context setup and unencapsulated
    GSS tokens.
  * NTLM recognition support in GSS-API, to facilitate dropping in an
    NTLM implementation.
  * KDC support for principal aliases, if the back end supports them.
  * Microsoft set/change password (RFC 3244) protocol in kadmind.
  * Master key rollover support. - obsolete also old heimdal-lib-XXbit and heimdal-devel-XXbit - do not query IPv6 addresses if no IPv6 address exists on this host
  [bnc#449143] - use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade
  (bnc#437293) - obsolete old -XXbit packages (bnc#437293) - in case we use ldap as database backend, ldap should be
  started before krb5kdc - add new fixes to post 1.6.3 patch
  * fix mem leak in krb5_gss_accept_sec_context()
  * keep minor_status
  * kadm5_decrypt_key: A ktype of -1 is documented as meaning
    "to be ignored"
  * Reject socket fds > FD_SETSIZE - add patches from SVN post 1.6.3
  * krb5_string_to_keysalts: Fix an infinite loop
  * fix some mutex issues
  * better recovery from corrupt rcache files
  * some more small fixes - add case-insensitive.dif (FATE#300771)
- minor fixes for ktutil man page
- reduce rpmlint warnings - Fall back to TCP on kdc-unresolvable/unreachable errors.
- restore valid sequence number before generating requests
  (fix changing passwords in mixed ipv4/ipv6 enviroments) - added baselibs.conf file to build xxbit packages
  for multilib support - modify krb5-config to not output rpath and cflags in --libs
  (bnc#378270) - fix two security bugs:
  * MITKRB5-SA-2008-001(CVE-2008-0062, CVE-2008-0063)
    fix double free [bnc#361373]
  * MITKRB5-SA-2008-002(CVE-2008-0947, CVE-2008-0948)
    Memory corruption while too many open file descriptors
    [bnc#363151]
- change default config file. Comment out the examples. - fix several security bugs:
  * CVE-2007-5894 apparent uninit length
  * CVE-2007-5902 integer overflow
  * CVE-2007-5971 free of non-heap pointer and double-free
  * CVE-2007-5972 double fclose()
  [#346745, #346748, #346746, #346749, #346747] - improve GSSAPI error messages - add coreutils to PreReq - update to krb5 version 1.6.3
  * fix CVE-2007-3999, CVE-2007-4743 svc_auth_gss.c buffer overflow
  * fix CVE-2007-4000 modify_policy vulnerability
  * Add PKINIT support
- remove patches which are upstream now
- enhance init scripts and xinetd profiles - update krb5-1.6.2-post.dif
  * If a KDC returns KDC_ERR_SVC_UNAVAILABLE, it appears that
    that the client library will not failover to the next KDC.
    [#310540] - update krb5-1.6.2-post.dif
  * new -S sname option for kvno
  * read_entropy_from_device on partial read will not fill buffer
  * Bail out if encoded "ticket" doesn't decode correctly.
  * patch for referrals loop - fix a problem with the originally published patch
  for MITKRB5-SA-2007-006 - CVE-2007-3999
  [#302377] - fix execute arbitrary code
  (MITKRB5-SA-2007-006 - CVE-2007-3999,2007-4000)
  [#302377] - add krb5-1.6.2-post.dif
  * during the referrals loop, check to see if the
    session key enctype of a returned credential for the final
    service is among the enctypes explicitly selected by the
    application, and retry with old_use_conf_ktypes if it is not.
  * If mkstemp() is available, the new ccache file gets created but
    the subsequent open(O_CREAT|O_EXCL) call fails because the file
    was already created by mkstemp(). Apply patch from Apple to keep
    the file descriptor open. - update to version 1.6.2
- remove krb5-1.6.1-post.dif all fixes are included in this release - change requires to libcom_err-devel - update krb5-1.6.1-post.dif
  * fix leak in krb5_walk_realm_tree
  * rd_req_decoded needs to deal with referral realms
  * fix buffer overflow in kadmind
    (MITKRB5-SA-2007-005 - CVE-2007-2798)
    [#278689]
  * fix kadmind code execution bug
    (MITKRB5-SA-2007-004 - CVE-2007-2442 - CVE-2007-2443)
    [#271191] - fix unstripped-binary-or-object rpmlint warning - fixing rpmlint warnings and errors:
  * merged logrotate scripts kadmin and krb5kdc into a single file
    krb5-server.
  * moved heimdal2mit-DumpConvert.pl and simple_convert_krb5conf.pl
    from /usr/share/doc/packages/krb5 to /usr/lib/mit/helper.
    adapted krb5.spec and README.ConvertHeimdalMIT accordingly.
  * added surpression filter for
    "devel-file-in-non-devel-package /usr/lib/libgssapi_krb5.so"
    (see [#147912]).
  * set default runlevel of init scripts in chkconfig line to 3 and
    5 - fix uninitialized salt length
- add extra check for keytab file - adding krb5-1.6.1-post.dif
  * fix segfault in krb5_get_init_creds_password
  * remove debug output in ftp client
  * profile stores empty string values without double quotes - update to final 1.6.1 version - add plugin directories to main package - update to version 1.6.1 Beta1
- remove obsolete patches
  (krb5-1.6-post.dif, krb5-1.6-patchlevel.dif)
- rework compile_pie patch - update krb5-1.6-post.dif
  * fix kadmind stack overflow in krb5_klog_syslog
    (MITKRB5-SA-2007-002 - CVE-2007-0957)
    [#253548]
  * fix double free attack in the RPC library
    (MITKRB5-SA-2007-003 - CVE-2007-1216)
    [#252487]
  * fix krb5 telnetd login injection
    (MIT-SA-2007-001 - CVE-2007-0956)
    [#247765] - add ncurses-devel and bison to BuildRequires
- rework some patches - move SuSEFirewall service definitions to
  /etc/sysconfig/SuSEfirewall2.d/services - add firewall definition to krb5-server, FATE #300687 - update krb5-1.6-post.dif
- move some applications into the right package - update krb5-1.6-post.dif - krb5-1.6-fix-passwd-tcp.dif and krb5-1.6-fix-sendto_kdc-memset.dif
  are now upstream. Remove patches.
- fix leak in krb5_kt_resolve and krb5_kt_wresolve - fix "local variable used before set" in ftp.c
  [#237684] - krb5-devel should require keyutils-devel - update to version 1.6
  * Major changes in 1.6 include
  * Partial client implementation to handle server name referrals.
  * Pre-authentication plug-in framework, donated by Red Hat.
  * LDAP KDB plug-in, donated by Novell.
- remove obsolete patches - fix for
    kadmind (via RPC library) calls uninitialized function pointer
    (CVE-2006-6143)(Bug #225990)
    krb5-1.5-MITKRB5-SA-2006-002-fix-code-exec.dif
- fix for
    kadmind (via GSS-API mechglue) frees uninitialized pointers
    (CVE-2006-6144)(Bug #225992)
    krb5-1.5-MITKRB5-SA-2006-003-fix-free-of-uninitialized-pointer.dif - Fix Requires in krb5-devel
  [Bug #231008] - fix "local variable used before set" [#217692]
- fix strncat warning - add a default kadm5.dict file
- require $network on daemon start - fix function call with too few arguments [#203837] - update to version 1.5.1
- remove obsolete patches which are now included upstream
  * krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif
  * trunk-fix-uninitialized-vars.dif - krb5 setuid return check fixes
  krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif
  [#182351] - remove update-messages - add check for krb5_prop in services to kpropd init script.
  [#192446] - update to version 1.5
  * KDB abstraction layer, donated by Novell.
  * plug-in architecture, allowing for extension modules to be
    loaded at run-time.
  * multi-mechanism GSS-API implementation ("mechglue"),
    donated by Sun Microsystems
  * Simple and Protected GSS-API negotiation mechanism ("SPNEGO")
    implementation, donated by Sun Microsystems
- remove obsolete patches and add some new build31 1266404733                                                     „ó … „X „Z „® …^ …b …f …j …n …v …z „Y „Ç „µ „° „Ô „î „Í „â „à „Ë „ò „ø                              1.7-6.3.1 1.7-6.3.1                                                                           kinit klist mit bin k5srvutil kadmin kdestroy kinit klist kpasswd ktutil kvno sbin k5srvutil.1.gz kadmin.1.gz kdestroy.1.gz kerberos.1.gz kinit.1.gz klist.1.gz kpasswd.1.gz ktutil.1.gz kvno.1.gz .k5login.5.gz krb5.conf.5.gz /usr/bin/ /usr/lib/ /usr/lib/mit/ /usr/lib/mit/bin/ /usr/share/man/man1/ /usr/share/man/man5/ -fomit-frame-pointer -fmessage-length=0 -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -g obs://build.opensuse.org/openSUSE:11.2:Update:Test/standard/fac982b44b2bcf39a3d35f12b4bb2a14-krb5 cpio lzma 2 i586-suse-linux [=ªzoFÕ#{ËÆ¾H¨   ?   ÿÿü°   ]   ÿÿÿÿÿÿÿÿ "ÌkÀ%Y~Yv^¯’/‰ùêŽ½¨JÖ7Ê:Ð8æí>çmrÀ gõR†ž\‹ÊÛ\¾ÀW«QCd/Eä7Š³àr¹tÈU*§'	[¬ÿMCV›ä+(ötâÉýHR©öÃi&e\)èN°9¬'¤’%Ç_šVÂÑKŸmn%<M(¡“.Ãðó¤×Z&ŸÊC-!gÈ¥@zuo-ÀãÂ$Y®&5wïõdK¨yÜNNÎÏÏ×471Ä´ýR/Ó‰b<Ú’ˆƒŽºrûÓ.ªÆžÂb&¤Moô2	0ãÇÕM¾!©3~^¹ÎÚ›_i:£¥
èt»ò”®˜ô!Ô¼–¼´t‹l ë‘ÄØõžò¹‘"¨ GDæcEø÷_7&)@®9øì6<,žÒã·C4´§¸0ùN¿¶ž-÷|O6ùÏOPPôª|!4ç†_©U“9¡ß-ma¿k!›³	€ÄIë«‰)Š ¼o,žš5´7;h[ôÇ Dæq·9ˆqúÈ?àŒ,Ú‰ÄF}¾Š¯*†`† DäÔ)è‡yw%L™=tñÎ(IöóÊÜfL’éÌ	{<F æƒO  …âä¢¤c?Xåþ'9i³œÚ‘û~,/ò%W*•¤¾@–’BÛíOÚ#¼ür#'8äëÒcÙ ÛÅ\¤68»¥“½’ ö'ßAQÚÐFÇêÿW í4bq£Ægkð
5pE*ä†¹àÃt€Üá@”3*4iÊz<›”}¾­á¯¡U°þ>³ï?š¥Ù‰’ùÝdq¨x &oÒÊ‡ˆþÎ×÷½LH9(ŒõOno®¹h­FéÏR®|Ž\ŽZòíqöŸæ‚m„½Ù¶kp÷)IóoÄÏF x÷»9„²/ñkQ›+§!¹sËRµkú1®ºš®3ù8ã'í
(gêÒ@ÈÙÊÿ»
>tã”U1ªXƒwöÛ	“cÇ«¾xZ:)1œY)9Û.éÑ«Ìz‘»)|}k}Tl÷*ã¥,Þe5f
‚ÉEêmwŒ‚V:#º
y+Ê9SÐE…°±@Þñ!eV*¿C±_1ë¹–Ší-ãòìß’F[±mS„}ütÎ†¤™ýû*‡§ãÈK¥GŸäé%ôdÕMÁ‰)-}ksgÊºRÎë+^ØÜƒvU—çV½ ÓŠ×Êx™>¶Yjâp¹öÂØÄ¸™btwBïL®Hñ2•³=lÞ•fú@ñwèÐ™ðyDT™Ø¼oSÀâÐC¨¡W51¹J»5’ÖÙ*Ì*Êxð¨^ÉþŠbð:üUðþÒ%€eÒä¿{Þâ“¯E…Ñ:H&2öÿWïj 