rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity
958 Commits 9 Branches 52 Tags 8.1 MiB
367b100b3b
Commit Graph

747 Commits

Author SHA1 Message Date
Robbie Harwood
0f2af40d1e Re-enable test suite on ppc64le (no other changes) 2017-08-02 14:42:30 +00:00
Fedora Release Engineering
e2a7f10a2f - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild 2017-07-26 17:59:47 +00:00
Robbie Harwood
45c6f63563 Fix CVE-2017-11368 (remote triggerable assertion failure) 2017-07-20 15:31:44 +00:00
Robbie Harwood
bb9cd0748a Explicitly require python2 packages 2017-07-19 20:08:14 +00:00
Robbie Harwood
dd3f3e78a4 Add support to query the SSF of a context 2017-07-19 18:24:50 +00:00
Petr Písař
887df81921 perl dependency renamed to perl-interpreter <https://fedoraproject.org/wiki/Changes/perl_Package_to_Install_Core_Modules> 2017-07-12 14:04:40 +02:00
Robbie Harwood
ff9e66e349 Fix leaks in gss_inquire_cred_by_oid() 2017-07-06 17:06:13 +00:00
Robbie Harwood
b3eef12e9a Fix arch name (ppc64le, not ppc64el) 
Related-to: #1464381
 2017-06-26 19:49:21 +00:00
Robbie Harwood
a51673420f Skip test suite on ppc64el 
Related-to: #1464381
 2017-06-26 19:45:34 +00:00
Robbie Harwood
db0f9d981a Include more test suite changes from upstream 
Resolves: #1464381
 2017-06-23 20:45:16 +00:00
Robbie Harwood
58aed41605 Fix custom build with -DDEBUG 2017-06-07 15:18:05 +00:00
Robbie Harwood
d322a08712 Use standard trigger logic for krb5 snippet 2017-05-24 19:04:22 +00:00
Robbie Harwood
3cae6ae5c3 Add kprop service env config file 2017-04-28 20:14:01 +00:00
Robbie Harwood
21848ec3e1 Update backports of certauth and corresponding test 2017-04-19 17:49:45 +00:00
Robbie Harwood
291b968871 Include fixes for previous commit 
Resolves: #1433083
 2017-04-13 20:00:14 +00:00
Robbie Harwood
3d952fc6c0 Automatically add includedir where not present 
Also try removing sleep statement to see if it is still needed

Resolves: #1433083
 2017-04-13 19:57:23 +00:00
Robbie Harwood
82cabae196 Fix use of enterprise principals with forwarding 2017-04-07 16:13:00 +00:00
Robbie Harwood
0dc40d929f Backport certauth plugin and related pkinit changes 2017-03-22 18:09:06 +00:00
Robbie Harwood
fd8a9e22c4 Remove duplication between subpackages 
Resolves: #1250228
 2017-03-07 19:41:05 +00:00
Robbie Harwood
2a20da0e2a New upstream release - 1.15.1 2017-03-04 00:34:47 +00:00
Robbie Harwood
9ce824b289 Patch build by disabling failing test; will fix properly soon 2017-03-01 22:58:53 +00:00
Robbie Harwood
ae83ec3024 Hammer refresh around transient rawhide issue 2017-02-17 23:45:56 +00:00
Robbie Harwood
beaf0637a0 Backport fix for GSSAPI fallback realm 2017-02-17 22:47:38 +00:00
Robbie Harwood
0d08e37340 Move krb5-kdb-version provides from -libs to -devel 2017-02-07 18:25:18 +00:00
Robbie Harwood
621f3cf2e6 Add free hook to KDB; increments KDB version 
Add KDB version flag.

All patches are touched because git made the hash lengths in patches longer.
 2017-01-20 18:07:42 -05:00
Robbie Harwood
be80cb9861 New upstream release 2016-12-05 20:52:58 +00:00
Robbie Harwood
f68ddd3a8e Comment how betas work 2016-11-17 09:00:11 -05:00
Robbie Harwood
c3f7090334 New upstream release 2016-11-16 21:22:01 +00:00
Robbie Harwood
442bc9dfe4 Ensure we can build with the new CFLAGS 
Also remove the git versioning in patches.
 2016-11-10 20:32:41 +00:00
Robbie Harwood
821dac42ed Upstream release 1.15-beta1 
Also update selinux with RHEL hygene.

Resolves: #1314096
 2016-10-20 23:34:55 +00:00
Tomas Mraz
895d0bdfea rebuild with OpenSSL 1.1.0, added backported upstream patch 2016-10-11 14:04:59 +02:00
Robbie Harwood
76843c3ef0 Properly close krad sockets 
Resolves: #1380836
 2016-09-30 17:38:09 +00:00
Robbie Harwood
5a1a649bda Fix backward check in kprop.service 2016-09-30 16:40:22 +00:00
Robbie Harwood
bbb54d328c Switch to using autosetup macro 
Patches come from git, so it is easiest to just make a git repo
 2016-09-30 16:40:14 +00:00
Robbie Harwood
32ef372877 Backport getrandom() support and remove patch numbering 2016-09-22 19:39:24 +00:00
Robbie Harwood
14f028579d New upstream release and integrate with external git 2016-09-19 23:49:31 +00:00
Robbie Harwood
4f5955da72 Add krb5_db_register_keytab 
Resolves: #1376812
 2016-09-19 16:18:42 +00:00
Robbie Harwood
3e13029eb0 Use responder for non-preauth AS requests 
Resolves: #1370622
 2016-08-29 17:58:02 +00:00
Robbie Harwood
10d34c1413 Guess Samba client mutual flag using ap_option 
Resolves: #1370980
 2016-08-29 17:44:23 +00:00
Robbie Harwood
1dd613afe8 Fix KDC return code and set prompt types for OTP client preauth 
Resolves: #1370072
 2016-08-25 14:05:05 +00:00
Robbie Harwood
136cc25087 Turn OFD locks back on with glibc workaround 
Resolves: #1274922
 2016-08-15 17:33:33 +00:00
Robbie Harwood
766ee8e989 Fix use of KKDCPP with SNI 
Resolves: #1365027
 2016-08-10 17:21:41 +00:00
Robbie Harwood
da7614606c Make krb5-devel depend on libkadm5 
Resolves: #1364487
 2016-08-05 17:02:52 +00:00
Robbie Harwood
480d266a1d Up-port a bunch of stuff from the el-7.3 cycle 
Resolves: #1255450
ResolveS: #1314989
 2016-08-03 21:15:16 +00:00
Robbie Harwood
482c8e1687 New upstream version 1.14.3 2016-08-01 20:44:35 +00:00
Robbie Harwood
528404bbf5 Fix CVE-2016-3120 
Resolves: #1361051
 2016-07-28 21:56:33 +00:00
Robbie Harwood
e165eeccda Fix incorrect recv() size calculation in libkrad 2016-06-23 16:07:51 +00:00
Robbie Harwood
802e825d17 Separate out the kadm5 libs 2016-06-16 16:34:18 +00:00
Robbie Harwood
db300d8761 Fix setting of AS key in OTP preauth failure 2016-05-27 21:19:24 +00:00
Robbie Harwood
0429334fa0 Use the correct patches this time. 
Resolves: #1321135
 2016-04-05 20:14:05 +00:00
Robbie Harwood
2f3f20f718 Add send/receive sendto_kdc hooks and corresponding tests 
Resolves: #1321135
 2016-04-04 18:38:02 +00:00
Robbie Harwood
f0b5fc56f2 Fix CVE-2016-3119 (NULL deref in LDAP module) 2016-03-18 21:02:15 +00:00
Robbie Harwood
7b4e88e425 Backport OID mech fix 
Resolves: #1317609
 2016-03-17 17:17:30 +00:00
Robbie Harwood
f1cb770b53 New rawhide, new upstream version 
- Drop CVE patches
- Rename fix_interposer.patch to acquire_cred_interposer.patch
- Update acquire_cred_interposer.patch to apply to new source
 2016-02-29 23:45:38 +00:00
Robbie Harwood
8bddc884ac Fix log file permissions patch with our selinux 
Resolves: #1309421
 2016-02-22 22:06:57 +00:00
Robbie Harwood
96d71f74f7 Backport my interposer fixes from upstream 
Supersedes krb5-mechglue_inqure_attrs.patch
 2016-02-19 20:11:26 +00:00
Robbie Harwood
5d016a51a3 Clean up bad merge 2016-02-16 17:08:51 +00:00
Robbie Harwood
9707484326 Adjust dependency on crypto-polices to be just the file we want 
Patch courtesy of lslebodn.

Resolves: #1308984
 2016-02-16 17:07:34 +00:00
Dennis Gilmore
04850893e4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild 2016-02-04 02:24:34 +00:00
Robbie Harwood
f525729cee Replace _kadmin/_kprop with systemd macros 
Remove traces of upstart from fedora package per policy

Resolves: #1290185
 2016-01-28 19:44:10 +00:00
Robbie Harwood
c52f5baf4b Fix CVE-2015-8629, CVE-2015-8630, CVE-2015-8631 2016-01-27 23:17:07 +00:00
Robbie Harwood
93772ec156 Make krb5kdc.log not world-readable by default 
Resolves: #1276484
 2016-01-21 19:05:45 +00:00
Robbie Harwood
892fe9b7b5 Allow verification of attributes on krb5.conf 2016-01-21 18:05:08 +00:00
Robbie Harwood
ce63dad07e Use "new" systemd macros for service handling. (Thanks vpavlin!) 
Resolves: #850399
 2016-01-20 22:11:00 +00:00
Robbie Harwood
21a49ad7c7 Simplify spec file by removing some dead code paths 
This includes removal of the following macros:
- WITH_NSS (always false)
- WITH_SYSTEMD (always true)
- WITH_LDAP (always true)
- WITH_OPENSSL (always true)
 2016-01-20 21:15:02 +00:00
Robbie Harwood
b653d26d53 Backport fix for chrome crash in spnego_gss_inquire_context 
Resolves: #1295893
 2016-01-08 18:38:57 +00:00
Robbie Harwood
07d6f2cd01 Backport patch to fix mechglue for gss_inqure_attrs_for_mech() 2015-12-17 02:12:51 +00:00
Robbie Harwood (frozencemetery)
1560d2b3cc Backport interposer fix from master 
Drop workaround pwsize initialization patch (gcc has been fixed)

Resolves: rhbz#1284985
 2015-12-03 22:02:09 +00:00
Robbie Harwood (frozencemetery)
bf282deaf1 Fix FTBFS by no longer working around bug in nss_wrapper 2015-11-24 16:39:15 +00:00
Robbie Harwood (frozencemetery)
89ae1a3c67 Upstream release. No actual change from beta, just version bump 
Also clean up unused parts of spec file.
 2015-11-23 22:56:02 +00:00
Robbie Harwood (frozencemetery)
806928902d Release 1.14-beta2 2015-11-16 18:11:20 +00:00
Robbie Harwood (frozencemetery)
b81fddfea1 Patch CVE-2015-2698 2015-11-04 20:26:21 +00:00
Robbie Harwood (frozencemetery)
def8c582bb Patch CVE-2015-2697, CVE-2015-2696, CVE-2015-2695 2015-10-27 17:31:54 +00:00
Robbie Harwood (frozencemetery)
255e769785 Ensure pwsize is initialized in chpass_util.c 2015-10-22 18:30:26 +00:00
Robbie Harwood (frozencemetery)
5eb94ecfab Fix typo of crypto-policies file in previous version 2015-10-22 15:14:45 +00:00
Robbie Harwood (frozencemetery)
9baef8fa8f Start using crypto-policies 2015-10-19 23:01:44 +00:00
Robbie Harwood (frozencemetery)
582b087130 TEMPORARILY disable usage of OFD locks as a workaround for x86 2015-10-19 17:38:34 +00:00
Robbie Harwood (frozencemetery)
98128c4038 New upstream beta version 2015-10-15 20:51:57 +00:00
Robbie Harwood (frozencemetery)
4529758a74 Work around KDC client prinicipal in referrals issue 
Resolves: rhbz#1259844
 2015-10-08 19:24:20 +00:00
Robbie Harwood (frozencemetery)
a89bdde4da Revert "New upstream version: krb5-1.14-alpha1" 
This reverts commit 1138991893.
 2015-10-01 18:33:34 +00:00
Robbie Harwood
5ccfdd171d Bring back krb5.conf.d and allow building with bad krb5.conf 2015-09-29 14:47:06 -04:00
Robbie Harwood (frozencemetery)
1138991893 New upstream version: krb5-1.14-alpha1 
Drop patches that have since been applied.  Create new patches as
needed.
 2015-09-24 17:57:53 +00:00
Robbie Harwood (frozencemetery)
a328acab1b Drop dependency on pax&ksh and remove support for fedora < 20 2015-09-23 18:42:40 +00:00
Robbie Harwood (frozencemetery)
a9af3c8817 Nix /usr/share/krb5.conf.d to reduce complexity 2015-09-23 15:11:53 +00:00
Robbie Harwood (frozencemetery)
65ce267be1 Depend on crypto-policies which provides /etc/krb5.conf.d 
Resolves: rhbz#1225792
 2015-09-23 14:02:37 +00:00
Robbie Harwood (frozencemetery)
5ec8cb89e0 Miscalaneous spec fixes. 
Remove dependency on systemd-sysv which is no longer needed for fedora
> 20.  Other fixes as needed to resolve a fail-to-build issue.
 2015-09-11 17:02:31 +00:00
Robbie Harwood (frozencemetery)
2e058adfc5 Bump minor release 2015-09-10 19:55:53 +00:00
Robbie Harwood (frozencemetery)
6cb6b69409 Support config snippets in /etc/krb5.conf.d/ and /usr/share/krb5.conf.d/ 
Resolves: rhbz#1225792, rhbz#1146370, rhbz#1145808
 2015-09-10 19:45:12 +00:00
Roland Mainz
580aefb618 * Thu Jun 25 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-6 
- Use system nss_wrapper and socket_wrapper for testing.
  Patch by Andreas Schneider <asn@redhat.com>
 2015-06-26 02:47:13 +02:00
Roland Mainz
d4aa04d87c * Thu Jun 25 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-5 
- Remove Zanata test glue and related workarounds
  - Bug #1234292 ("IPA server cannot be run in container due to incorrect /usr/sbin/_kadmind")
  - Bug #1234326 ("krb5-server introduces new rpm dependency on ksh")
 2015-06-25 14:23:31 +02:00
Roland Mainz
168ec0c9e7 * Thu Jun 18 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-4 
- Fix dependicy on binfmt.service
 2015-06-19 18:22:15 +02:00
Dennis Gilmore
57f951a0e2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild 2015-06-17 13:38:13 +00:00
Roland Mainz
7029c6670c * Tue Jun 2 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-2 
- Add patch to fix Redhat Bug #1227542 ("[SELinux] AVC denials may appear
  when kadmind starts"). The issue was caused by an unneeded |htons()|
  which triggered SELinux AVC denials due to the "random" port usage.
 2015-06-03 02:57:20 +02:00
Roland Mainz
8c2cea93bb * Thu May 21 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-1 
- Add fix for RedHat Bug #1164304 ("Upstream unit tests loads
  the installed shared libraries instead the ones from the build")
 2015-05-22 16:28:26 +02:00
Roland Mainz
3ae7a21305 * Thu May 14 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-0 
- Update to krb5-1.13.2
  - drop patch for krb5-1.13.2-CVE_2015_2694_requires_preauth_bypass_in_PKINIT_enabled_KDC, fixed in krb5-1.13.2
  - drop patch for krb5-1.12.1-CVE_2014_5355_fix_krb5_read_message_handling, fixed in krb5-1.13.2
- Add script processing for upcoming Zanata l10n support
- Minor spec cleanup
 2015-05-15 01:02:21 +02:00
Roland Mainz
1171aa60d0 * Mon May 4 2015 Roland Mainz <rmainz@redhat.com> - 1.13.1-4 
- fix for CVE-2015-2694 (#1216133) "requires_preauth bypass
  in PKINIT-enabled KDC".
  In MIT krb5 1.12 and later, when the KDC is configured with
  PKINIT support, an unauthenticated remote attacker can
  bypass the requires_preauth flag on a client principal and
  obtain a ciphertext encrypted in the principal's long-term
  key.  This ciphertext could be used to conduct an off-line
  dictionary attack against the user's password.
resolves: #1216134
 2015-05-06 01:15:00 +02:00
Roland Mainz
14a63ce373 * Wed Mar 25 2015 Roland Mainz <rmainz@redhat.com> - 1.13.1-3 
- Add temporay workaround for RH bug #1204646 ("krb5-config
  returns wrong -specs path") which modifies krb5-config post
  build so that development of krb5 dependicies gets unstuck.
  This MUST be removed before rawhide becomes F23 ...
 2015-03-25 16:06:10 +01:00
Roland Mainz
1984e0ee1d * Thu Mar 19 2015 Roland Mainz <rmainz@redhat.com> - 1.13.1-2 
- fix for CVE-2014-5355 (#1193939) "krb5: unauthenticated
  denial of service in recvauth_common() and others"
 2015-03-20 13:24:47 +01:00
Roland Mainz
54e60b1162 * Thu Mar 19 2015 Roland Mainz <rmainz@redhat.com> - 1.13.1-2 
- fix for CVE-2014-5355 (#1193939) "krb5: unauthenticated
  denial of service in recvauth_common() and others"
 2015-03-20 13:23:20 +01:00
Roland Mainz
03981c354e * Fri Feb 13 2015 Roland Mainz <rmainz@redhat.com> - 1.13.1-1 
- Update to krb5-1.13.1
  - drop patch for CVE_2014_5353_fix_LDAP_misused_policy_name_crash, fixed in krb5-1.13.1
  - drop patch for kinit -C loops (MIT/krb5 bug #243), fixed in krb5-1.13.1
  - drop patch for CVEs { 2014-9421, 2014-9422, 2014-9423, 2014-5352 }, fixed in krb5-1.13.1
- Minor spec cleanup
 2015-02-13 17:35:10 +01:00