rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity
1,112 Commits 9 Branches 46 Tags 7.8 MiB
015255764a
Commit Graph

898 Commits

Author SHA1 Message Date
Robbie Harwood
f287f939a9 New upstream version (1.18) 2020-02-12 22:29:13 +00:00
Robbie Harwood
dd3e136188 Don't assume OpenSSL failures are memory errors 2020-02-07 10:59:57 -05:00
Robbie Harwood
edfb00e001 Put KDB authdata first 2020-02-06 10:17:38 -05:00
Robbie Harwood
8fb4697062 New upstream beta release - 1.18-beta2 
Adjust naming convention for downstream patches
 2020-01-31 20:31:53 +00:00
Fedora Release Engineering
b3d5b8f719 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2020-01-29 07:50:49 +00:00
Robbie Harwood
7f642b1512 New upstream beta release - 1.18-beta1 2020-01-13 18:19:19 -05:00
Robbie Harwood
84aac1fa6d Fix LDAP policy enforcement of pw_expiration 
Fix handling of invalid CAMMAC service verifier
 2020-01-08 14:07:00 -05:00
Robbie Harwood
2496b50d00 Fix xdr_bytes() strict-aliasing violations 2020-01-06 16:36:41 -05:00
Robbie Harwood
fd463aed6a Don't warn in kadmin when no policy is specified 
Do not always canonicalize enterprise principals
 2020-01-03 11:36:21 -05:00
Robbie Harwood
d6ef09022c Enable the LMDB backend for the KDB 2019-12-13 19:11:07 +00:00
Robbie Harwood
9d642021d7 New upstream version - 1.17.1 
Stop building and packaging PDFs
 2019-12-12 18:42:51 +00:00
Robbie Harwood
4aee4bdd71 Qualify short hostnames when not using DNS 2019-12-06 13:44:42 -05:00
Robbie Harwood
02c0c74c74 Various gssalloc fixes 2019-11-27 12:36:19 -05:00
Robbie Harwood
76d9979dc3 Turns out openssl has an epoch 2019-11-21 22:06:25 +00:00
Robbie Harwood
4c128ec39a Fix runtime openssl version to actually propogate 2019-11-20 23:03:40 +00:00
Robbie Harwood
b9ea889e2a Add runtime openssl version requirement too 2019-11-20 21:13:58 +00:00
Robbie Harwood
4b8056ef08 Fix kadmin addprinc -randkey -kvno 2019-11-20 14:16:04 -05:00
Robbie Harwood
1404656ded Use OpenSSL's backported KDFs 
Restore MD4 in FIPS mode (for samba)
 2019-11-19 14:45:23 -05:00
Robbie Harwood
cbf35c8b1f Add default_principal_flags to example kdc.conf 2019-11-08 20:45:40 +00:00
Robbie Harwood
9ce53b906d Log unknown enctypes as unsupported in KDC 2019-10-02 11:19:07 -04:00
Robbie Harwood
1a6673d2ee Fix KDC crash when logging PKINIT enctypes (CVE-2019-14844) 2019-09-25 13:15:11 -04:00
Robbie Harwood
bff738a25d Static analyzer appeasement 2019-09-12 10:15:52 -04:00
Robbie Harwood
6ea5e5fa9a Simplify krb5_dbe_def_search_enctype() 2019-08-27 11:24:25 -04:00
Robbie Harwood
2dabf02464 Update FIPS patches to remove SPAKE 2019-08-22 15:54:34 -04:00
Robbie Harwood
4906d9dae9 Support building in COPR now that %{copr_username} is gone 2019-08-16 12:24:27 -04:00
Robbie Harwood
cdaea01dc8 Fix KCM client time offset propagation 2019-08-15 16:32:06 -04:00
Robbie Harwood
6fb26c9d3d Initialize life/rlife in kdcpolicy interface 2019-08-09 16:05:18 -04:00
Robbie Harwood
e73c24bb36 Fix memory leaks in soft-pkcs11 code 2019-08-06 09:46:36 -04:00
Robbie Harwood
f4c04f8cde Add soft-pkcs11 and use it for testing 2019-07-30 08:56:06 -04:00
Fedora Release Engineering
52c0e4ab88 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2019-07-25 12:06:52 +00:00
Robbie Harwood
7c5b49f828 Filter enctypes in gss_set_allowable_enctypes() 2019-07-18 12:49:23 -04:00
Robbie Harwood
4c8ed38666 Don't error on invalid enctypes in keytab 
Resolves: #1724380
 2019-07-15 13:07:54 -04:00
Robbie Harwood
a0277fd396 Remove now-unused checksum functions 2019-07-02 11:42:28 -04:00
Robbie Harwood
490a817464 Fix typo in 3des commit 2019-06-26 18:23:02 -04:00
Robbie Harwood
7bee5f19e1 Remove PKINIT draft9 support (compat with EOL, pre-2008 Windows) 2019-06-26 18:07:12 -04:00
Robbie Harwood
2843572c2f Remove strerror() calls from k5_get_error() 2019-06-10 12:41:26 -04:00
Robbie Harwood
6d60b0827f Remove 3des from kdc.conf example 2019-06-07 08:52:53 -04:00
Robbie Harwood
1cae0b7e96 Remove 3DES support 2019-06-03 17:33:31 -04:00
Robbie Harwood
19e2656c15 Remove 3des support 2019-06-03 17:25:49 -04:00
Robbie Harwood
48af99c1f7 Remove krb5int_c_combine_keys() and no-flags SAM-2 preauth 2019-05-30 13:32:37 -04:00
Robbie Harwood
3f80a77313 Remove support for single-DES and CRC 2019-05-28 15:22:45 -04:00
Robbie Harwood
f50ceacadf Add missing newlines to deprecation warnings 
Switch to upstream's ksu path patch
 2019-05-22 10:59:16 -04:00
Robbie Harwood
79613952e3 Update default krb5kdc mkey manual-entry enctype 
Also update account lockout patch to upstream version
 2019-05-21 12:59:56 -04:00
Robbie Harwood
39ba823db6 Test & docs fixes in preparation for DES removal 2019-05-20 16:49:04 -04:00
Robbie Harwood
f91545040c Drop krb5_realm_compare() etc. NULL check patches 2019-05-15 17:01:26 -04:00
Robbie Harwood
bebe7bd29f Re-provide krb5-kdb-version in -devel as well (IPA wants it) 2019-05-15 15:16:18 +00:00
Robbie Harwood
aa55266a84 (Patch consolidation; hopefully no changes) 2019-05-14 12:34:12 -04:00
Robbie Harwood
4b3d9079ae Remove checksum type profile variables 2019-05-14 11:07:43 -04:00
Robbie Harwood
0b0d802a54 Pull in 2019-05-02 static analysis updates 2019-05-10 13:50:56 -04:00
Robbie Harwood
d1b5e24f4c Drop --with-pkinit-crypto-impl 2019-05-06 14:38:08 -04:00
Robbie Harwood
85664dde3d Move krb5-kdb-version provide into krb5-server for freeipa 2019-05-03 18:36:31 +00:00
Robbie Harwood
4c5654d0fb Use secure_getenv() where appropriate 2019-05-01 12:47:31 -04:00
Robbie Harwood
cdfd42332f Get that squeaky rpmlint clean 2019-04-24 15:51:18 -04:00
Robbie Harwood
0555bc87c8 Add dns_canonicalize_hostname=fallback support 2019-04-24 11:45:11 -04:00
Robbie Harwood
9d9730eb07 Check more errors in OpenSSL crypto backend 2019-04-24 11:39:04 -04:00
Robbie Harwood
aa800df204 Fix potential close(-1) in cc_file.c 2019-04-22 13:09:23 -04:00
Robbie Harwood
707673a505 Remove ovsec_adm_export and confvalidator 2019-04-17 16:17:17 -04:00
Robbie Harwood
5ebfb70254 Fix config realm change logic in FILE remove_cred 2019-04-17 16:16:38 -04:00
Robbie Harwood
05efb47898 Remove Kerberos v4 support vestiges (including ktany support) 2019-04-11 16:44:09 -04:00
Robbie Harwood
7f7eba0cef Implement krb5_cc_remove_cred for remaining types 
Resolves: #1693836
 2019-04-11 13:18:46 -04:00
Robbie Harwood
caa2dd1a26 FIPS-aware SPAKE group negotiation 2019-04-01 13:13:49 -04:00
Robbie Harwood
bf081fdccd Fix memory leak in 'none' replay cache type 
Silence a coverity warning while we're here.
 2019-02-25 15:24:36 -05:00
Robbie Harwood
ae3b432439 Update FIPS blocking for RC4 2019-02-01 16:11:20 -05:00
Fedora Release Engineering
f417500667 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2019-02-01 06:00:21 +00:00
Igor Gnatenko
acad58ce13 Remove obsolete Group tag 
References: https://fedoraproject.org/wiki/Changes/Remove_Group_Tag
 2019-01-28 20:24:10 +01:00
Robbie Harwood
1458a863a4 enctype logging and explicit_bzero() 2019-01-17 13:44:00 -05:00
Robbie Harwood
658f28f754 New upstream version (1.17) 2019-01-08 19:15:01 +00:00
Robbie Harwood
7e29fac83e Use openssl's PRNG in FIPS mode 2019-01-04 17:01:07 -05:00
Robbie Harwood
645562ea2f Address some optimized-out memset() calls 2019-01-04 10:52:20 -05:00
Robbie Harwood
7338b669da Remove incorrect KDC assertion 2018-12-20 18:00:42 -05:00
Robbie Harwood
6c692d18f2 Fix syntax on pkinit_anchors field in default krb5.conf 2018-12-20 21:46:31 +00:00
Robbie Harwood
8968aa45c7 Restore pdfs source file 
Resolves: #1659716
 2018-12-17 20:39:53 +00:00
Robbie Harwood
56c48beaec Forgot to bump prerelease... 2018-12-06 18:35:50 +00:00
Robbie Harwood
59f64bf750 New upstream release (1.17-beta2) 
Drop pdfs source file
 2018-12-06 18:31:06 +00:00
Robbie Harwood
fef40744ec Add tests for KCM ccache type 2018-11-29 14:58:18 -05:00
Robbie Harwood
83e3cdfc7d Gain FIPS awareness 2018-11-12 20:39:38 +00:00
Robbie Harwood
d401b30b5f Fix spurious errors from kcmio_unix_socket_write 
Resolves: #1645912
 2018-11-08 11:22:27 -05:00
Robbie Harwood
f745542b78 New upstream beta release (1.17-beta1) 2018-11-01 20:07:33 +00:00
Robbie Harwood
5f59f89111 Package kerberos(7) 2018-10-24 15:36:36 -04:00
Robbie Harwood
3ce8c381c3 Update man pages to reference kerberos(7) 
Resolves: #1143767
 2018-10-24 15:07:14 -04:00
Robbie Harwood
d760ebeab2 Use port-sockets.h macros in cc_kcm, sendto_kdc 
Resolves: #1631998
 2018-10-17 15:27:45 -04:00
Robbie Harwood
c0ac611ad3 Correct kpasswd_server description in krb5.conf(5) 
Resolves: #1640272
 2018-10-17 13:49:20 -04:00
Robbie Harwood
0eeac3abaf Prefer TCP to UDP for password changes 
Resolves: #1637611
 2018-10-15 13:26:07 -04:00
Adam Williamson
4a2dfb104c Revert the patch from -20 as it seems to make FreeIPA worse 2018-10-09 13:57:21 -07:00
Robbie Harwood
af8b6635d6 Fix bugs with concurrent use of MEMORY ccaches 2018-10-02 13:36:43 -04:00
Robbie Harwood
ef8eae7c7b In FIPS mode, add plaintext fallback for RC4 usages and taint 2018-08-01 15:11:35 -04:00
Robbie Harwood
d21edd514c Fix k5test prompts for Python 3 2018-07-26 14:23:13 -04:00
Robbie Harwood
29b7ff3bb1 Remove outdated note in krb5kdc man page 2018-07-19 16:43:33 -04:00
Robbie Harwood
e506fad693 Make krb5kdc -p affect TCP ports 2018-07-19 16:43:21 -04:00
Robbie Harwood
e3ab2c3591 Eliminate preprocessor-disabled dead code 2018-07-19 16:43:06 -04:00
Robbie Harwood
b5615f9f2c Fix some broken tests for Python 3 2018-07-18 17:25:00 -04:00
Robbie Harwood
c0f34c36f8 Zap copy of secret in RC4 string-to-key 2018-07-16 10:38:52 -04:00
Robbie Harwood
6bb371b555 Convert Python tests to Python 3 2018-07-12 13:08:20 -04:00
Robbie Harwood
18245c6b0f Actually add the dependency this time 2018-07-11 12:56:14 -04:00
Robbie Harwood
50f81aad57 Add build dependency on gcc 2018-07-11 16:49:26 +00:00
Robbie Harwood
40a05d0347 Use SHA-256 instead of MD5 for audit ticket IDs 2018-07-10 17:34:02 -04:00
Jason Tibbitts
816afcf8e2 Remove needless use of %defattr 2018-07-10 01:32:54 -05:00
Robbie Harwood
2fc18e9142 Add BuildRequires on python2 so we can run tests at build-time 2018-07-06 15:27:23 +00:00
Robbie Harwood
97d3fa66d0 Explicitly look for python2 in configure.in 2018-07-06 10:59:48 -04:00
Robbie Harwood
ff388043f1 Add flag to disable encrypted timestamp on client 2018-06-14 17:45:09 -04:00