Packages changed: AppStream (0.12.7 -> 0.12.10) krb5 (1.17.1 -> 1.18) perl-HTTP-Message (6.18 -> 6.22) === Details === ==== AppStream ==== Version update (0.12.7 -> 0.12.10) Subpackages: libAppStreamQt2 libappstream4 - Update to 0.12.10. Check the NEWS file for the complete changelog. - Drop patches. Issues fixed upstream: * 0001-Restore-compatibility-with-GLib-2.58.patch * 0001-Fix-possible-NULL-dereference.patch * 0002-Don-t-ignore-xmlNodeDump-return-code.patch * 0003-Fix-infinite-recursion-if-component-has-itself-liste.patch * find-lmdb.patch ==== krb5 ==== Version update (1.17.1 -> 1.18) - Remove cruft to support distributions older than SLE 12 - Use macros where applicable - Switch to pkgconfig style dependencies - Upgrade to 1.18 Administrator experience: * Remove support for single-DES encryption types. * Change the replay cache format to be more efficient and robust. Replay cache filenames using the new format end with ".rcache2" by default. * setuid programs will automatically ignore environment variables that normally affect krb5 API functions, even if the caller does not use krb5_init_secure_context(). * Add an "enforce_ok_as_delegate" krb5.conf relation to disable credential forwarding during GSSAPI authentication unless the KDC sets the ok-as-delegate bit in the service ticket. * Use the permitted_enctypes krb5.conf setting as the default value for default_tkt_enctypes and default_tgs_enctypes. Developer experience: * Implement krb5_cc_remove_cred() for all credential cache types. * Add the krb5_pac_get_client_info() API to get the client account name from a PAC. Protocol evolution: * Add KDC support for S4U2Self requests where the user is identified by X.509 certificate. (Requires support for certificate lookup from a third-party KDB module.) * Remove support for an old ("draft 9") variant of PKINIT. * Add support for Microsoft NegoEx. (Requires one or more third-party GSS modules implementing NegoEx mechanisms.) User experience: * Add support for "dns_canonicalize_hostname=fallback", causing host-based principal names to be tried first without DNS canonicalization, and again with DNS canonicalization if the un-canonicalized server is not found. * Expand single-component hostnames in host-based principal names when DNS canonicalization is not used, adding the system's first DNS search path as a suffix. Add a "qualify_shortname" krb5.conf relation to override this suffix or disable expansion. * Honor the transited-policy-checked ticket flag on application servers, eliminating the requirement to configure capaths on servers in some scenarios. Code quality: * The libkrb5 serialization code (used to export and import krb5 GSS security contexts) has been simplified and made type-safe. * The libkrb5 code for creating KRB-PRIV, KRB-SAFE, and KRB-CRED messages has been revised to conform to current coding practices. * The test suite has been modified to work with macOS System Integrity Protection enabled. * The test suite incorporates soft-pkcs11 so that PKINIT PKCS11 support can always be tested. - Updated patches: * 0002-krb5-1.9-manpaths.patch * 0004-krb5-1.6.3-gssapi_improve_errormessages.patch * 0005-krb5-1.6.3-ktutil-manpage.patch * 0006-krb5-1.12-api.patch - Renamed patches: * 0001-krb5-1.12-pam.patch => 0001-ksu-pam-integration.patch * 0003-krb5-1.12-buildconf.patch => 0003-Adjust-build-configuration.patch * 0008-krb5-1.12-selinux-label.patch => 0007-SELinux-integration.patch * 0009-krb5-1.9-debuginfo.patch => 0008-krb5-1.9-debuginfo.patch - Deleted patches: * 0007-krb5-1.12-ksu-path.patch ==== perl-HTTP-Message ==== Version update (6.18 -> 6.22) - updated to 6.22 see /usr/share/doc/packages/perl-HTTP-Message/Changes 6.22 2020-02-24 18:58:07Z - Full release. No changes since TRIAL release 6.21 6.21 2020-02-19 14:35:09Z (TRIAL RELEASE) - Bump Encode to latest version (3.01) (GH#129) (Olaf Alders) - Revert #115 (GH#131) (Olaf Alders) - Revert (GH#125) "try hard to make a usable file name" (GH#130) (Olaf Alders) - Fix JSON request encoding examples in POD (GH#126) (Michael Schout) 6.20 2019-02-05 01:46:39Z (TRIAL RELEASE) - Fix encoded file names when LC_ALL=C (GH#125) (Lars D?????? ???) 6.19 2019-01-16 15:17:35Z (TRIAL RELEASE) - Add support for RFC 8187 encoded filenames (GH#115) (Zaki Mughal) - Fix memoized _uri_canonical #121 (GH#123) (Dorian Taylor) - Don't overwrite $@ in decodable (gh #80) (GH#118) (mschae94) - Add support for RFC 8187 encoded filenames (GH#115) (Zaki Mughal)