rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity
1,190 Commits 9 Branches 46 Tags 7.8 MiB
4a4fd39d5e
Commit Graph

968 Commits

Author SHA1 Message Date
Robbie Harwood
7c5b49f828 Filter enctypes in gss_set_allowable_enctypes() 2019-07-18 12:49:23 -04:00
Robbie Harwood
4c8ed38666 Don't error on invalid enctypes in keytab 
Resolves: #1724380
 2019-07-15 13:07:54 -04:00
Robbie Harwood
a0277fd396 Remove now-unused checksum functions 2019-07-02 11:42:28 -04:00
Robbie Harwood
490a817464 Fix typo in 3des commit 2019-06-26 18:23:02 -04:00
Robbie Harwood
7bee5f19e1 Remove PKINIT draft9 support (compat with EOL, pre-2008 Windows) 2019-06-26 18:07:12 -04:00
Robbie Harwood
2843572c2f Remove strerror() calls from k5_get_error() 2019-06-10 12:41:26 -04:00
Robbie Harwood
6d60b0827f Remove 3des from kdc.conf example 2019-06-07 08:52:53 -04:00
Robbie Harwood
1cae0b7e96 Remove 3DES support 2019-06-03 17:33:31 -04:00
Robbie Harwood
19e2656c15 Remove 3des support 2019-06-03 17:25:49 -04:00
Robbie Harwood
48af99c1f7 Remove krb5int_c_combine_keys() and no-flags SAM-2 preauth 2019-05-30 13:32:37 -04:00
Robbie Harwood
3f80a77313 Remove support for single-DES and CRC 2019-05-28 15:22:45 -04:00
Robbie Harwood
f50ceacadf Add missing newlines to deprecation warnings 
Switch to upstream's ksu path patch
 2019-05-22 10:59:16 -04:00
Robbie Harwood
79613952e3 Update default krb5kdc mkey manual-entry enctype 
Also update account lockout patch to upstream version
 2019-05-21 12:59:56 -04:00
Robbie Harwood
39ba823db6 Test & docs fixes in preparation for DES removal 2019-05-20 16:49:04 -04:00
Robbie Harwood
f91545040c Drop krb5_realm_compare() etc. NULL check patches 2019-05-15 17:01:26 -04:00
Robbie Harwood
bebe7bd29f Re-provide krb5-kdb-version in -devel as well (IPA wants it) 2019-05-15 15:16:18 +00:00
Robbie Harwood
aa55266a84 (Patch consolidation; hopefully no changes) 2019-05-14 12:34:12 -04:00
Robbie Harwood
4b3d9079ae Remove checksum type profile variables 2019-05-14 11:07:43 -04:00
Robbie Harwood
0b0d802a54 Pull in 2019-05-02 static analysis updates 2019-05-10 13:50:56 -04:00
Robbie Harwood
d1b5e24f4c Drop --with-pkinit-crypto-impl 2019-05-06 14:38:08 -04:00
Robbie Harwood
85664dde3d Move krb5-kdb-version provide into krb5-server for freeipa 2019-05-03 18:36:31 +00:00
Robbie Harwood
4c5654d0fb Use secure_getenv() where appropriate 2019-05-01 12:47:31 -04:00
Robbie Harwood
cdfd42332f Get that squeaky rpmlint clean 2019-04-24 15:51:18 -04:00
Robbie Harwood
0555bc87c8 Add dns_canonicalize_hostname=fallback support 2019-04-24 11:45:11 -04:00
Robbie Harwood
9d9730eb07 Check more errors in OpenSSL crypto backend 2019-04-24 11:39:04 -04:00
Robbie Harwood
aa800df204 Fix potential close(-1) in cc_file.c 2019-04-22 13:09:23 -04:00
Robbie Harwood
707673a505 Remove ovsec_adm_export and confvalidator 2019-04-17 16:17:17 -04:00
Robbie Harwood
5ebfb70254 Fix config realm change logic in FILE remove_cred 2019-04-17 16:16:38 -04:00
Robbie Harwood
05efb47898 Remove Kerberos v4 support vestiges (including ktany support) 2019-04-11 16:44:09 -04:00
Robbie Harwood
7f7eba0cef Implement krb5_cc_remove_cred for remaining types 
Resolves: #1693836
 2019-04-11 13:18:46 -04:00
Robbie Harwood
caa2dd1a26 FIPS-aware SPAKE group negotiation 2019-04-01 13:13:49 -04:00
Robbie Harwood
bf081fdccd Fix memory leak in 'none' replay cache type 
Silence a coverity warning while we're here.
 2019-02-25 15:24:36 -05:00
Robbie Harwood
ae3b432439 Update FIPS blocking for RC4 2019-02-01 16:11:20 -05:00
Fedora Release Engineering
f417500667 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2019-02-01 06:00:21 +00:00
Igor Gnatenko
acad58ce13 Remove obsolete Group tag 
References: https://fedoraproject.org/wiki/Changes/Remove_Group_Tag
 2019-01-28 20:24:10 +01:00
Robbie Harwood
1458a863a4 enctype logging and explicit_bzero() 2019-01-17 13:44:00 -05:00
Robbie Harwood
658f28f754 New upstream version (1.17) 2019-01-08 19:15:01 +00:00
Robbie Harwood
7e29fac83e Use openssl's PRNG in FIPS mode 2019-01-04 17:01:07 -05:00
Robbie Harwood
645562ea2f Address some optimized-out memset() calls 2019-01-04 10:52:20 -05:00
Robbie Harwood
7338b669da Remove incorrect KDC assertion 2018-12-20 18:00:42 -05:00
Robbie Harwood
6c692d18f2 Fix syntax on pkinit_anchors field in default krb5.conf 2018-12-20 21:46:31 +00:00
Robbie Harwood
8968aa45c7 Restore pdfs source file 
Resolves: #1659716
 2018-12-17 20:39:53 +00:00
Robbie Harwood
56c48beaec Forgot to bump prerelease... 2018-12-06 18:35:50 +00:00
Robbie Harwood
59f64bf750 New upstream release (1.17-beta2) 
Drop pdfs source file
 2018-12-06 18:31:06 +00:00
Robbie Harwood
fef40744ec Add tests for KCM ccache type 2018-11-29 14:58:18 -05:00
Robbie Harwood
83e3cdfc7d Gain FIPS awareness 2018-11-12 20:39:38 +00:00
Robbie Harwood
d401b30b5f Fix spurious errors from kcmio_unix_socket_write 
Resolves: #1645912
 2018-11-08 11:22:27 -05:00
Robbie Harwood
f745542b78 New upstream beta release (1.17-beta1) 2018-11-01 20:07:33 +00:00
Robbie Harwood
5f59f89111 Package kerberos(7) 2018-10-24 15:36:36 -04:00
Robbie Harwood
3ce8c381c3 Update man pages to reference kerberos(7) 
Resolves: #1143767
 2018-10-24 15:07:14 -04:00
Robbie Harwood
d760ebeab2 Use port-sockets.h macros in cc_kcm, sendto_kdc 
Resolves: #1631998
 2018-10-17 15:27:45 -04:00
Robbie Harwood
c0ac611ad3 Correct kpasswd_server description in krb5.conf(5) 
Resolves: #1640272
 2018-10-17 13:49:20 -04:00
Robbie Harwood
0eeac3abaf Prefer TCP to UDP for password changes 
Resolves: #1637611
 2018-10-15 13:26:07 -04:00
Adam Williamson
4a2dfb104c Revert the patch from -20 as it seems to make FreeIPA worse 2018-10-09 13:57:21 -07:00
Robbie Harwood
af8b6635d6 Fix bugs with concurrent use of MEMORY ccaches 2018-10-02 13:36:43 -04:00
Robbie Harwood
ef8eae7c7b In FIPS mode, add plaintext fallback for RC4 usages and taint 2018-08-01 15:11:35 -04:00
Robbie Harwood
d21edd514c Fix k5test prompts for Python 3 2018-07-26 14:23:13 -04:00
Robbie Harwood
29b7ff3bb1 Remove outdated note in krb5kdc man page 2018-07-19 16:43:33 -04:00
Robbie Harwood
e506fad693 Make krb5kdc -p affect TCP ports 2018-07-19 16:43:21 -04:00
Robbie Harwood
e3ab2c3591 Eliminate preprocessor-disabled dead code 2018-07-19 16:43:06 -04:00
Robbie Harwood
b5615f9f2c Fix some broken tests for Python 3 2018-07-18 17:25:00 -04:00
Robbie Harwood
c0f34c36f8 Zap copy of secret in RC4 string-to-key 2018-07-16 10:38:52 -04:00
Robbie Harwood
6bb371b555 Convert Python tests to Python 3 2018-07-12 13:08:20 -04:00
Robbie Harwood
18245c6b0f Actually add the dependency this time 2018-07-11 12:56:14 -04:00
Robbie Harwood
50f81aad57 Add build dependency on gcc 2018-07-11 16:49:26 +00:00
Robbie Harwood
40a05d0347 Use SHA-256 instead of MD5 for audit ticket IDs 2018-07-10 17:34:02 -04:00
Jason Tibbitts
816afcf8e2 Remove needless use of %defattr 2018-07-10 01:32:54 -05:00
Robbie Harwood
2fc18e9142 Add BuildRequires on python2 so we can run tests at build-time 2018-07-06 15:27:23 +00:00
Robbie Harwood
97d3fa66d0 Explicitly look for python2 in configure.in 2018-07-06 10:59:48 -04:00
Robbie Harwood
ff388043f1 Add flag to disable encrypted timestamp on client 2018-06-14 17:45:09 -04:00
Robbie Harwood
d6ae33b85a Switch to python3-sphinx for docs 
Resolves: #1590928
 2018-06-14 16:56:44 +00:00
Robbie Harwood
367b100b3b Make docs build python3-compatible 
Resolves: #1590928
 2018-06-14 10:49:23 -04:00
Robbie Harwood
6dd406494d Update includedir processing to match upstream 2018-06-07 12:37:24 -04:00
Robbie Harwood
6e3058a9c5 Log when non-root ksu authorization fails 
Resolves: #1575771
 2018-06-01 14:04:16 -04:00
Robbie Harwood
9467290bc7 Remove "-nodes" option from make-certs scripts 2018-05-04 10:59:52 -04:00
Robbie Harwood
88ba66fe53 New upstream release - 1.16.1 2018-05-04 14:59:45 +00:00
Robbie Harwood
ab1e0477e9 Fix indentation in krb5.conf of default_ccache_name 2018-05-03 13:01:11 -04:00
Robbie Harwood
ace60f7773 Set error message on KCM get_princ failure 2018-04-30 12:08:36 -04:00
Robbie Harwood
c150a97555 Set error message on KCM get_princ failure 2018-04-30 12:08:15 -04:00
Robbie Harwood
1dc2c64cf3 Fix KDC null dereference on large TGS replies 2018-04-24 11:19:31 -04:00
Robbie Harwood
58b0bd97d4 Explicitly use openssl rather than builtin crypto 
Resolves: #1570910
 2018-04-23 17:11:53 +00:00
Robbie Harwood
a48c97c32b Merge duplicate subsections in profile library 2018-04-17 13:28:40 -04:00
Robbie Harwood
8ed07abedf Restrict pre-authentication fallback cases 2018-04-09 12:12:08 -04:00
Robbie Harwood
9f52d3d29f Be more careful asking for AS key in SPAKE client 2018-04-03 15:05:13 -04:00
Robbie Harwood
091dcbf794 Zap data when freeing krb5_spake_factor 2018-04-02 12:37:37 -04:00
Robbie Harwood
09f9308fd8 Continue after KRB5_CC_END in KCM cache iteration 2018-03-29 10:43:22 -04:00
Robbie Harwood
27ca1f2678 Fix SPAKE memory leak 
Also fix build problem
 2018-03-27 18:01:05 +00:00
Robbie Harwood
99cea2e511 Fix gitignore problem with previous patchset 2018-03-27 15:13:46 +00:00
Robbie Harwood
2c340efca2 Add SPAKE support 
- Improve protections on internal sensitive buffers
- Improve internal hex encoding/decoding
 2018-03-27 15:09:05 +00:00
Robbie Harwood
8b49b0644c Fix problem with ccache_name logic in previous build 2018-03-20 18:20:01 +00:00
Robbie Harwood
6b1b652d4d Add pkinit_anchors default value to krb5.conf 
Reindent krb5.conf to not be terrible
 2018-03-20 17:53:38 +00:00
Robbie Harwood
2eafc4d8aa Include preauth names in trace output where possible 
Also fix misc bugs
 2018-03-20 15:21:19 +00:00
Robbie Harwood
a387becbf5 Add PKINIT KDC support for freshness token 
Also, fix securid_sam2 preauth for non-default salt
 2018-03-19 22:16:46 +00:00
Robbie Harwood
ed142b51b1 Exit with status 0 from kadmind 2018-03-14 14:44:04 -04:00
Robbie Harwood
5f3f6ef19b Fix hex conversion of PKINIT certid strings 2018-03-13 17:45:47 -04:00
Robbie Harwood
4b5cd8c1f8 Fix capaths "." values on client 
Resolves: 1551099
 2018-03-07 17:41:04 +00:00
Igor Gnatenko
03afcfa42c
Remove %clean section 
None of currently supported distributions need that.
Last one was EL5 which is EOL for a while.

Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
 2018-02-14 09:55:56 +01:00
Igor Gnatenko
307e1c3fab Remove BuildRoot definition 
None of currently supported distributions need that.
It was needed last for EL5 which is EOL now

Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
 2018-02-13 23:36:56 +01:00
Robbie Harwood
392309c493 Fix flaws in LDAP DN checking 
CVE-2018-5729, CVE-2018-5730
 2018-02-13 11:09:41 -05:00
Robbie Harwood
c4848e3332 Fix a leak in the previous commit 
Also, restore dist macro that was accidentally removed

Resolves: #1540939
 2018-02-12 17:40:48 +00:00
Fedora Release Engineering
bfe3c598b5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2018-02-07 20:27:38 +00:00
Igor Gnatenko
caf02999e0
Switch to %ldconfig_scriptlets 
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
 2018-02-03 17:31:01 +01:00
Robbie Harwood
85d9f736b5 Process included directories in alphabetical order 2018-01-29 17:48:17 +01:00
Robbie Harwood
30d56290b3 Fix network service dependencies 
Resolves: #1525230
 2017-12-12 21:45:17 +00:00
Robbie Harwood
e714c57927 Fix copr rule sop that the spec file builds 2017-12-06 18:10:36 +00:00
Robbie Harwood
9869daa1e8 New upstream release (1.16) 
- No changes from beta2
- Add spec file support for COPR
 2017-12-06 18:07:52 +00:00
Robbie Harwood
6f4f842e5f New upstream prerelease (1.16-beta2) 2017-11-27 22:15:31 +00:00
Robbie Harwood
23141c22b1 Fix CVE-2017-15088 (Buffer overflow in get_matching_data()) 2017-10-24 16:10:22 -04:00
Robbie Harwood
6e83fb6a5e Drop dependency on python2-pyrad (dead upstream, broken with new python) 2017-10-23 16:28:55 +00:00
Robbie Harwood
e02d5c1dac Actually bump kdbversion like I was supposed to 2017-10-09 15:24:04 +00:00
Robbie Harwood
533a73fdd1 New upstream prerelease (1.16-beta1) 2017-10-05 20:29:13 +00:00
Robbie Harwood
0c7302b5bc Add German translation 2017-09-28 21:50:19 +00:00
Robbie Harwood
f1e535bb81 New upstream release - krb5-1.15.2 
Adjust patches as appropriate
 2017-09-25 19:24:33 +00:00
Robbie Harwood
11b90e9e6e Save other programs from worrying about CVE-2017-11462 
Resolves: #1488873
Resolves: #1488874
 2017-09-06 16:43:59 +00:00
Robbie Harwood
f6b653fac2 Add hostname-based ccselect module 
Also update certauth EKU stuff

Resolves: #1463665
 2017-09-05 18:16:58 +00:00
Robbie Harwood
8f0349dc3e Backport certauth eku security fix 2017-08-25 16:43:43 +00:00
Robbie Harwood
95b80fb0b9 Backport kdc policy plugin, but this time with dependencies 2017-08-22 19:11:06 +00:00
Robbie Harwood
48ad53c66e Backport kdcpolicy interface 2017-08-21 17:23:54 +00:00
Robbie Harwood
2674e01b27 * Mon Aug 07 2017 Robbie Harwood <rharwood@redhat.com> 1.15.1-21 
Display an error message if ocsp pkinit is requested
 2017-08-16 20:07:07 +00:00
Robbie Harwood
0d402dae7f Display an error message if ocsp pkinit is requested 2017-08-07 20:42:47 +00:00
Robbie Harwood
ccd78d8ee9 Disable dns_canonicalize_hostname. This may break some setups. 2017-08-02 17:02:48 +00:00
Robbie Harwood
0f2af40d1e Re-enable test suite on ppc64le (no other changes) 2017-08-02 14:42:30 +00:00
Fedora Release Engineering
e2a7f10a2f - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild 2017-07-26 17:59:47 +00:00
Robbie Harwood
45c6f63563 Fix CVE-2017-11368 (remote triggerable assertion failure) 2017-07-20 15:31:44 +00:00
Robbie Harwood
bb9cd0748a Explicitly require python2 packages 2017-07-19 20:08:14 +00:00
Robbie Harwood
dd3f3e78a4 Add support to query the SSF of a context 2017-07-19 18:24:50 +00:00
Petr Písař
887df81921 perl dependency renamed to perl-interpreter <https://fedoraproject.org/wiki/Changes/perl_Package_to_Install_Core_Modules> 2017-07-12 14:04:40 +02:00
Robbie Harwood
ff9e66e349 Fix leaks in gss_inquire_cred_by_oid() 2017-07-06 17:06:13 +00:00
Robbie Harwood
b3eef12e9a Fix arch name (ppc64le, not ppc64el) 
Related-to: #1464381
 2017-06-26 19:49:21 +00:00
Robbie Harwood
a51673420f Skip test suite on ppc64el 
Related-to: #1464381
 2017-06-26 19:45:34 +00:00
Robbie Harwood
db0f9d981a Include more test suite changes from upstream 
Resolves: #1464381
 2017-06-23 20:45:16 +00:00
Robbie Harwood
58aed41605 Fix custom build with -DDEBUG 2017-06-07 15:18:05 +00:00
Robbie Harwood
d322a08712 Use standard trigger logic for krb5 snippet 2017-05-24 19:04:22 +00:00
Robbie Harwood
3cae6ae5c3 Add kprop service env config file 2017-04-28 20:14:01 +00:00
Robbie Harwood
21848ec3e1 Update backports of certauth and corresponding test 2017-04-19 17:49:45 +00:00
Robbie Harwood
291b968871 Include fixes for previous commit 
Resolves: #1433083
 2017-04-13 20:00:14 +00:00
Robbie Harwood
3d952fc6c0 Automatically add includedir where not present 
Also try removing sleep statement to see if it is still needed

Resolves: #1433083
 2017-04-13 19:57:23 +00:00
Robbie Harwood
82cabae196 Fix use of enterprise principals with forwarding 2017-04-07 16:13:00 +00:00
Robbie Harwood
0dc40d929f Backport certauth plugin and related pkinit changes 2017-03-22 18:09:06 +00:00
Robbie Harwood
fd8a9e22c4 Remove duplication between subpackages 
Resolves: #1250228
 2017-03-07 19:41:05 +00:00
Robbie Harwood
2a20da0e2a New upstream release - 1.15.1 2017-03-04 00:34:47 +00:00
Robbie Harwood
9ce824b289 Patch build by disabling failing test; will fix properly soon 2017-03-01 22:58:53 +00:00
Robbie Harwood
ae83ec3024 Hammer refresh around transient rawhide issue 2017-02-17 23:45:56 +00:00
Robbie Harwood
beaf0637a0 Backport fix for GSSAPI fallback realm 2017-02-17 22:47:38 +00:00
Robbie Harwood
0d08e37340 Move krb5-kdb-version provides from -libs to -devel 2017-02-07 18:25:18 +00:00
Robbie Harwood
621f3cf2e6 Add free hook to KDB; increments KDB version 
Add KDB version flag.

All patches are touched because git made the hash lengths in patches longer.
 2017-01-20 18:07:42 -05:00
Robbie Harwood
be80cb9861 New upstream release 2016-12-05 20:52:58 +00:00
Robbie Harwood
f68ddd3a8e Comment how betas work 2016-11-17 09:00:11 -05:00
Robbie Harwood
c3f7090334 New upstream release 2016-11-16 21:22:01 +00:00
Robbie Harwood
442bc9dfe4 Ensure we can build with the new CFLAGS 
Also remove the git versioning in patches.
 2016-11-10 20:32:41 +00:00
Robbie Harwood
821dac42ed Upstream release 1.15-beta1 
Also update selinux with RHEL hygene.

Resolves: #1314096
 2016-10-20 23:34:55 +00:00
Tomas Mraz
895d0bdfea rebuild with OpenSSL 1.1.0, added backported upstream patch 2016-10-11 14:04:59 +02:00
Robbie Harwood
76843c3ef0 Properly close krad sockets 
Resolves: #1380836
 2016-09-30 17:38:09 +00:00
Robbie Harwood
5a1a649bda Fix backward check in kprop.service 2016-09-30 16:40:22 +00:00
Robbie Harwood
bbb54d328c Switch to using autosetup macro 
Patches come from git, so it is easiest to just make a git repo
 2016-09-30 16:40:14 +00:00
Robbie Harwood
32ef372877 Backport getrandom() support and remove patch numbering 2016-09-22 19:39:24 +00:00
Robbie Harwood
14f028579d New upstream release and integrate with external git 2016-09-19 23:49:31 +00:00
Robbie Harwood
4f5955da72 Add krb5_db_register_keytab 
Resolves: #1376812
 2016-09-19 16:18:42 +00:00
Robbie Harwood
3e13029eb0 Use responder for non-preauth AS requests 
Resolves: #1370622
 2016-08-29 17:58:02 +00:00
Robbie Harwood
10d34c1413 Guess Samba client mutual flag using ap_option 
Resolves: #1370980
 2016-08-29 17:44:23 +00:00
Robbie Harwood
1dd613afe8 Fix KDC return code and set prompt types for OTP client preauth 
Resolves: #1370072
 2016-08-25 14:05:05 +00:00
Robbie Harwood
136cc25087 Turn OFD locks back on with glibc workaround 
Resolves: #1274922
 2016-08-15 17:33:33 +00:00
Robbie Harwood
766ee8e989 Fix use of KKDCPP with SNI 
Resolves: #1365027
 2016-08-10 17:21:41 +00:00
Robbie Harwood
da7614606c Make krb5-devel depend on libkadm5 
Resolves: #1364487
 2016-08-05 17:02:52 +00:00
Robbie Harwood
480d266a1d Up-port a bunch of stuff from the el-7.3 cycle 
Resolves: #1255450
ResolveS: #1314989
 2016-08-03 21:15:16 +00:00
Robbie Harwood
482c8e1687 New upstream version 1.14.3 2016-08-01 20:44:35 +00:00
Robbie Harwood
528404bbf5 Fix CVE-2016-3120 
Resolves: #1361051
 2016-07-28 21:56:33 +00:00
Robbie Harwood
e165eeccda Fix incorrect recv() size calculation in libkrad 2016-06-23 16:07:51 +00:00
Robbie Harwood
802e825d17 Separate out the kadm5 libs 2016-06-16 16:34:18 +00:00
Robbie Harwood
db300d8761 Fix setting of AS key in OTP preauth failure 2016-05-27 21:19:24 +00:00
Robbie Harwood
0429334fa0 Use the correct patches this time. 
Resolves: #1321135
 2016-04-05 20:14:05 +00:00
Robbie Harwood
2f3f20f718 Add send/receive sendto_kdc hooks and corresponding tests 
Resolves: #1321135
 2016-04-04 18:38:02 +00:00
Robbie Harwood
f0b5fc56f2 Fix CVE-2016-3119 (NULL deref in LDAP module) 2016-03-18 21:02:15 +00:00
Robbie Harwood
7b4e88e425 Backport OID mech fix 
Resolves: #1317609
 2016-03-17 17:17:30 +00:00
Robbie Harwood
f1cb770b53 New rawhide, new upstream version 
- Drop CVE patches
- Rename fix_interposer.patch to acquire_cred_interposer.patch
- Update acquire_cred_interposer.patch to apply to new source
 2016-02-29 23:45:38 +00:00
Robbie Harwood
8bddc884ac Fix log file permissions patch with our selinux 
Resolves: #1309421
 2016-02-22 22:06:57 +00:00
Robbie Harwood
96d71f74f7 Backport my interposer fixes from upstream 
Supersedes krb5-mechglue_inqure_attrs.patch
 2016-02-19 20:11:26 +00:00
Robbie Harwood
5d016a51a3 Clean up bad merge 2016-02-16 17:08:51 +00:00
Robbie Harwood
9707484326 Adjust dependency on crypto-polices to be just the file we want 
Patch courtesy of lslebodn.

Resolves: #1308984
 2016-02-16 17:07:34 +00:00
Dennis Gilmore
04850893e4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild 2016-02-04 02:24:34 +00:00
Robbie Harwood
f525729cee Replace _kadmin/_kprop with systemd macros 
Remove traces of upstart from fedora package per policy

Resolves: #1290185
 2016-01-28 19:44:10 +00:00
Robbie Harwood
c52f5baf4b Fix CVE-2015-8629, CVE-2015-8630, CVE-2015-8631 2016-01-27 23:17:07 +00:00
Robbie Harwood
93772ec156 Make krb5kdc.log not world-readable by default 
Resolves: #1276484
 2016-01-21 19:05:45 +00:00
Robbie Harwood
892fe9b7b5 Allow verification of attributes on krb5.conf 2016-01-21 18:05:08 +00:00
Robbie Harwood
ce63dad07e Use "new" systemd macros for service handling. (Thanks vpavlin!) 
Resolves: #850399
 2016-01-20 22:11:00 +00:00
Robbie Harwood
21a49ad7c7 Simplify spec file by removing some dead code paths 
This includes removal of the following macros:
- WITH_NSS (always false)
- WITH_SYSTEMD (always true)
- WITH_LDAP (always true)
- WITH_OPENSSL (always true)
 2016-01-20 21:15:02 +00:00
Robbie Harwood
b653d26d53 Backport fix for chrome crash in spnego_gss_inquire_context 
Resolves: #1295893
 2016-01-08 18:38:57 +00:00
Robbie Harwood
07d6f2cd01 Backport patch to fix mechglue for gss_inqure_attrs_for_mech() 2015-12-17 02:12:51 +00:00
Robbie Harwood (frozencemetery)
1560d2b3cc Backport interposer fix from master 
Drop workaround pwsize initialization patch (gcc has been fixed)

Resolves: rhbz#1284985
 2015-12-03 22:02:09 +00:00
Robbie Harwood (frozencemetery)
bf282deaf1 Fix FTBFS by no longer working around bug in nss_wrapper 2015-11-24 16:39:15 +00:00
Robbie Harwood (frozencemetery)
89ae1a3c67 Upstream release. No actual change from beta, just version bump 
Also clean up unused parts of spec file.
 2015-11-23 22:56:02 +00:00
Robbie Harwood (frozencemetery)
806928902d Release 1.14-beta2 2015-11-16 18:11:20 +00:00
Robbie Harwood (frozencemetery)
b81fddfea1 Patch CVE-2015-2698 2015-11-04 20:26:21 +00:00
Robbie Harwood (frozencemetery)
def8c582bb Patch CVE-2015-2697, CVE-2015-2696, CVE-2015-2695 2015-10-27 17:31:54 +00:00
Robbie Harwood (frozencemetery)
255e769785 Ensure pwsize is initialized in chpass_util.c 2015-10-22 18:30:26 +00:00
Robbie Harwood (frozencemetery)
5eb94ecfab Fix typo of crypto-policies file in previous version 2015-10-22 15:14:45 +00:00
Robbie Harwood (frozencemetery)
9baef8fa8f Start using crypto-policies 2015-10-19 23:01:44 +00:00
Robbie Harwood (frozencemetery)
582b087130 TEMPORARILY disable usage of OFD locks as a workaround for x86 2015-10-19 17:38:34 +00:00
Robbie Harwood (frozencemetery)
98128c4038 New upstream beta version 2015-10-15 20:51:57 +00:00
Robbie Harwood (frozencemetery)
4529758a74 Work around KDC client prinicipal in referrals issue 
Resolves: rhbz#1259844
 2015-10-08 19:24:20 +00:00