Commit Graph

987 Commits

Author SHA1 Message Date
Robbie Harwood (frozencemetery)
89ae1a3c67 Upstream release. No actual change from beta, just version bump
Also clean up unused parts of spec file.
2015-11-23 22:56:02 +00:00
Robbie Harwood (frozencemetery)
806928902d Release 1.14-beta2 2015-11-16 18:11:20 +00:00
Robbie Harwood (frozencemetery)
b81fddfea1 Patch CVE-2015-2698 2015-11-04 20:26:21 +00:00
Robbie Harwood (frozencemetery)
def8c582bb Patch CVE-2015-2697, CVE-2015-2696, CVE-2015-2695 2015-10-27 17:31:54 +00:00
Robbie Harwood (frozencemetery)
255e769785 Ensure pwsize is initialized in chpass_util.c 2015-10-22 18:30:26 +00:00
Robbie Harwood (frozencemetery)
5eb94ecfab Fix typo of crypto-policies file in previous version 2015-10-22 15:14:45 +00:00
Robbie Harwood (frozencemetery)
9baef8fa8f Start using crypto-policies 2015-10-19 23:01:44 +00:00
Robbie Harwood (frozencemetery)
582b087130 TEMPORARILY disable usage of OFD locks as a workaround for x86 2015-10-19 17:38:34 +00:00
Robbie Harwood (frozencemetery)
98128c4038 New upstream beta version 2015-10-15 20:51:57 +00:00
Robbie Harwood (frozencemetery)
4529758a74 Work around KDC client prinicipal in referrals issue
Resolves: rhbz#1259844
2015-10-08 19:24:20 +00:00
Robbie Harwood (frozencemetery)
a89bdde4da Revert "New upstream version: krb5-1.14-alpha1"
This reverts commit 1138991893.
2015-10-01 18:33:34 +00:00
Robbie Harwood
5ccfdd171d Bring back krb5.conf.d and allow building with bad krb5.conf 2015-09-29 14:47:06 -04:00
Robbie Harwood (frozencemetery)
1138991893 New upstream version: krb5-1.14-alpha1
Drop patches that have since been applied.  Create new patches as
needed.
2015-09-24 17:57:53 +00:00
Robbie Harwood (frozencemetery)
a328acab1b Drop dependency on pax&ksh and remove support for fedora < 20 2015-09-23 18:42:40 +00:00
Robbie Harwood (frozencemetery)
a9af3c8817 Nix /usr/share/krb5.conf.d to reduce complexity 2015-09-23 15:11:53 +00:00
Robbie Harwood (frozencemetery)
65ce267be1 Depend on crypto-policies which provides /etc/krb5.conf.d
Resolves: rhbz#1225792
2015-09-23 14:02:37 +00:00
Robbie Harwood (frozencemetery)
5ec8cb89e0 Miscalaneous spec fixes.
Remove dependency on systemd-sysv which is no longer needed for fedora
> 20.  Other fixes as needed to resolve a fail-to-build issue.
2015-09-11 17:02:31 +00:00
Robbie Harwood (frozencemetery)
2e058adfc5 Bump minor release 2015-09-10 19:55:53 +00:00
Robbie Harwood (frozencemetery)
6cb6b69409 Support config snippets in /etc/krb5.conf.d/ and /usr/share/krb5.conf.d/
Resolves: rhbz#1225792, rhbz#1146370, rhbz#1145808
2015-09-10 19:45:12 +00:00
Roland Mainz
580aefb618 * Thu Jun 25 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-6
- Use system nss_wrapper and socket_wrapper for testing.
  Patch by Andreas Schneider <asn@redhat.com>
2015-06-26 02:47:13 +02:00
Roland Mainz
d4aa04d87c * Thu Jun 25 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-5
- Remove Zanata test glue and related workarounds
  - Bug #1234292 ("IPA server cannot be run in container due to incorrect /usr/sbin/_kadmind")
  - Bug #1234326 ("krb5-server introduces new rpm dependency on ksh")
2015-06-25 14:23:31 +02:00
Roland Mainz
168ec0c9e7 * Thu Jun 18 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-4
- Fix dependicy on binfmt.service
2015-06-19 18:22:15 +02:00
Dennis Gilmore
57f951a0e2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild 2015-06-17 13:38:13 +00:00
Roland Mainz
7029c6670c * Tue Jun 2 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-2
- Add patch to fix Redhat Bug #1227542 ("[SELinux] AVC denials may appear
  when kadmind starts"). The issue was caused by an unneeded |htons()|
  which triggered SELinux AVC denials due to the "random" port usage.
2015-06-03 02:57:20 +02:00
Roland Mainz
8c2cea93bb * Thu May 21 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-1
- Add fix for RedHat Bug #1164304 ("Upstream unit tests loads
  the installed shared libraries instead the ones from the build")
2015-05-22 16:28:26 +02:00
Roland Mainz
9997960299 * Thu May 14 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-0
- Update to krb5-1.13.2
  - drop patch for krb5-1.13.2-CVE_2015_2694_requires_preauth_bypass_in_PKINIT_enabled_KDC, fixed in krb5-1.13.2
  - drop patch for krb5-1.12.1-CVE_2014_5355_fix_krb5_read_message_handling, fixed in krb5-1.13.2
- Add script processing for upcoming Zanata l10n support
- Minor spec cleanup
2015-05-15 01:03:28 +02:00
Roland Mainz
3ae7a21305 * Thu May 14 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-0
- Update to krb5-1.13.2
  - drop patch for krb5-1.13.2-CVE_2015_2694_requires_preauth_bypass_in_PKINIT_enabled_KDC, fixed in krb5-1.13.2
  - drop patch for krb5-1.12.1-CVE_2014_5355_fix_krb5_read_message_handling, fixed in krb5-1.13.2
- Add script processing for upcoming Zanata l10n support
- Minor spec cleanup
2015-05-15 01:02:21 +02:00
Roland Mainz
1171aa60d0 * Mon May 4 2015 Roland Mainz <rmainz@redhat.com> - 1.13.1-4
- fix for CVE-2015-2694 (#1216133) "requires_preauth bypass
  in PKINIT-enabled KDC".
  In MIT krb5 1.12 and later, when the KDC is configured with
  PKINIT support, an unauthenticated remote attacker can
  bypass the requires_preauth flag on a client principal and
  obtain a ciphertext encrypted in the principal's long-term
  key.  This ciphertext could be used to conduct an off-line
  dictionary attack against the user's password.
resolves: #1216134
2015-05-06 01:15:00 +02:00
Roland Mainz
14a63ce373 * Wed Mar 25 2015 Roland Mainz <rmainz@redhat.com> - 1.13.1-3
- Add temporay workaround for RH bug #1204646 ("krb5-config
  returns wrong -specs path") which modifies krb5-config post
  build so that development of krb5 dependicies gets unstuck.
  This MUST be removed before rawhide becomes F23 ...
2015-03-25 16:06:10 +01:00
Roland Mainz
1984e0ee1d * Thu Mar 19 2015 Roland Mainz <rmainz@redhat.com> - 1.13.1-2
- fix for CVE-2014-5355 (#1193939) "krb5: unauthenticated
  denial of service in recvauth_common() and others"
2015-03-20 13:24:47 +01:00
Roland Mainz
54e60b1162 * Thu Mar 19 2015 Roland Mainz <rmainz@redhat.com> - 1.13.1-2
- fix for CVE-2014-5355 (#1193939) "krb5: unauthenticated
  denial of service in recvauth_common() and others"
2015-03-20 13:23:20 +01:00
Roland Mainz
2a8abfedf0 * Fri Feb 13 2015 Roland Mainz <rmainz@redhat.com> - 1.13.1-1
- Update to krb5-1.13.1
  - drop patch for CVE_2014_5353_fix_LDAP_misused_policy_name_crash, fixed in krb5-1.13.1
  - drop patch for kinit -C loops (MIT/krb5 bug #243), fixed in krb5-1.13.1
  - drop patch for CVEs { 2014-9421, 2014-9422, 2014-9423, 2014-5352 }, fixed in krb5-1.13.1
- Minor spec cleanup
2015-02-13 18:07:12 +01:00
Roland Mainz
e1dbd4ed12 * Fri Feb 13 2015 Roland Mainz <rmainz@redhat.com> - 1.13.1-1
- Update to krb5-1.13.1
  - drop patch for CVE_2014_5353_fix_LDAP_misused_policy_name_crash, fixed in krb5-1.13.1
  - drop patch for kinit -C loops (MIT/krb5 bug #243), fixed in krb5-1.13.1
  - drop patch for CVEs { 2014-9421, 2014-9422, 2014-9423, 2014-5352 }, fixed in krb5-1.13.1
- Minor spec cleanup
2015-02-13 17:58:34 +01:00
Roland Mainz
570cb5eeb3 * Fri Feb 13 2015 Roland Mainz <rmainz@redhat.com> - 1.13.1-1
- Update to krb5-1.13.1
  - drop patch for CVE_2014_5353_fix_LDAP_misused_policy_name_crash, fixed in krb5-1.13.1
  - drop patch for kinit -C loops (MIT/krb5 bug #243), fixed in krb5-1.13.1
  - drop patch for CVEs { 2014-9421, 2014-9422, 2014-9423, 2014-5352 }, fixed in krb5-1.13.1
- Minor spec cleanup
2015-02-13 17:40:35 +01:00
Roland Mainz
03981c354e * Fri Feb 13 2015 Roland Mainz <rmainz@redhat.com> - 1.13.1-1
- Update to krb5-1.13.1
  - drop patch for CVE_2014_5353_fix_LDAP_misused_policy_name_crash, fixed in krb5-1.13.1
  - drop patch for kinit -C loops (MIT/krb5 bug #243), fixed in krb5-1.13.1
  - drop patch for CVEs { 2014-9421, 2014-9422, 2014-9423, 2014-5352 }, fixed in krb5-1.13.1
- Minor spec cleanup
2015-02-13 17:35:10 +01:00
Roland Mainz
c74e97faa9 * Wed Feb 4 2015 Roland Mainz <rmainz@redhat.com> - 1.13-8
- fix for CVE-2014-5352 (#1179856) "gss_process_context_token()
  incorrectly frees context (MITKRB5-SA-2015-001)"
- fix for CVE-2014-9421 (#1179857) "kadmind doubly frees partial
  deserialization results (MITKRB5-SA-2015-001)"
- fix for CVE-2014-9422 (#1179861) "kadmind incorrectly
  validates server principal name (MITKRB5-SA-2015-001)"
- fix for CVE-2014-9423 (#1179863) "libgssrpc server applications
  leak uninitialized bytes (MITKRB5-SA-2015-001)"
2015-02-04 12:02:36 +01:00
Roland Mainz
aad351ad29 * Wed Feb 4 2015 Roland Mainz <rmainz@redhat.com> - 1.13-7
- Remove "python-sphinx-latex" and "tar" from the build requirements
  to fix build failures on F22 machines.
- Minor spec cleanup
2015-02-04 11:47:44 +01:00
Nathaniel McCallum
7188a346bd Support KDC_ERR_MORE_PREAUTH_DATA_REQUIRED (RT#8063) 2015-02-03 17:48:30 +01:00
Roland Mainz
fb520967f9 * Mon Jan 26 2015 Roland Mainz <rmainz@redhat.com> - 1.13-5
- fix for kinit -C loops (#1184629, MIT/krb5 issue 243, "Do not
  loop on principal unknown errors").
- Added "python-sphinx-latex" to the build requirements
  to fix build failures on F22 machines.
2015-01-26 18:38:55 +01:00
Roland Mainz
6baee3e656 * Thu Dec 19 2014 Roland Mainz <rmainz@redhat.com> - 1.13-4
- fix for CVE-2014-5354 (#1174546) "krb5: NULL pointer
  dereference when using keyless entries"
2014-12-18 17:57:19 +01:00
Roland Mainz
8545575f69 * Wed Dec 17 2014 Roland Mainz <rmainz@redhat.com> - 1.13-3
- fix for CVE-2014-5353 (#1174543) "Fix LDAP misused policy
  name crash"
2014-12-17 12:06:33 +01:00
Roland Mainz
a54d1f9ac9 * Wed Oct 29 2014 Roland Mainz <rmainz@redhat.com> - 1.13-0
- Bump 1%%{?dist} to 2%%{?dist} to workaround RPM sort issue
  which would lead yum updates to treat the last alpha as newer
  than the final version.
2014-10-29 22:25:13 +01:00
Roland Mainz
eca7fd3d15 * Wed Oct 29 2014 Roland Mainz <rmainz@redhat.com> - 1.13-0
- Update from krb5-1.13-alpha1 to final krb5-1.13
- Removed patch for CVE-2014-5351 (#1145425) "krb5: current
  keys returned when randomizing the keys for a service principal" -
  now part of upstream sources
- Use patch for glibc |eventfd()| prototype mismatch (#1147887) only
  for Fedora > 20
2014-10-29 21:55:10 +01:00
Roland Mainz
6a0c01a783 * Wed Oct 29 2014 Roland Mainz <rmainz@redhat.com> - 1.13-0
- Update from krb5-1.13-alpha1 to final krb5-1.13
- Removed patch for CVE-2014-5351 (#1145425) "krb5: current
  keys returned when randomizing the keys for a service principal" -
  now part of upstream sources
- Use patch for glibc |eventfd()| prototype mismatch (#1147887) only
  for Fedora > 20
2014-10-29 21:48:06 +01:00
Roland Mainz
210ae0a2c1 * Tue Sep 30 2014 Roland Mainz <rmainz@redhat.com> - 1.13-0.alpha1.3
- fix build failure caused by change of prototype for glibc
  |eventfd()| (#1147887)
2014-09-30 12:19:07 +02:00
Roland Mainz
c5c716d7e4 - fix for CVE-2014-5351 (#1145425) "krb5: current keys returned when
randomizing the keys for a service principal" (fix rpm spec file)
2014-09-29 23:04:48 +02:00
Roland Mainz
db753ab79b * Mon Sep 29 2014 Roland Mainz <rmainz@redhat.com> - 1.13-0.alpha1.3
- fix for CVE-2014-5351 (#1145425) "krb5: current keys returned when
  randomizing the keys for a service principal"
2014-09-29 22:53:31 +02:00
Nalin Dahyabhai
67988a74d0 Keep the license from being a dangling symlink
Processing of %license puts the named file in a directory other than the
docs directory, and doesn't rewrite relative symlinks to be correct.  So
we can't use a symlink to one of them as the license.
2014-09-08 18:57:52 -04:00
Nalin Dahyabhai
56cd96f9bd Remove the -S flag from kprop.service
- kpropd hasn't bothered with -S since 1.11; stop trying to use that
  flag in the systemd unit file and change its type from "forking" to
  "simple"
2014-08-28 14:05:37 -04:00
Nalin Dahyabhai
8563ebea46 Updating to 1.13 alpha1 2014-08-22 16:14:20 -04:00