Robbie Harwood
1458a863a4
enctype logging and explicit_bzero()
2019-01-17 13:44:00 -05:00
Robbie Harwood
658f28f754
New upstream version (1.17)
2019-01-08 19:15:01 +00:00
Robbie Harwood
7e29fac83e
Use openssl's PRNG in FIPS mode
2019-01-04 17:01:07 -05:00
Robbie Harwood
645562ea2f
Address some optimized-out memset() calls
2019-01-04 10:52:20 -05:00
Robbie Harwood
7338b669da
Remove incorrect KDC assertion
2018-12-20 18:00:42 -05:00
Robbie Harwood
6c692d18f2
Fix syntax on pkinit_anchors field in default krb5.conf
2018-12-20 21:46:31 +00:00
Robbie Harwood
8968aa45c7
Restore pdfs source file
...
Resolves : #1659716
2018-12-17 20:39:53 +00:00
Robbie Harwood
56c48beaec
Forgot to bump prerelease...
2018-12-06 18:35:50 +00:00
Robbie Harwood
59f64bf750
New upstream release (1.17-beta2)
...
Drop pdfs source file
2018-12-06 18:31:06 +00:00
Robbie Harwood
fef40744ec
Add tests for KCM ccache type
2018-11-29 14:58:18 -05:00
Robbie Harwood
83e3cdfc7d
Gain FIPS awareness
2018-11-12 20:39:38 +00:00
Robbie Harwood
d401b30b5f
Fix spurious errors from kcmio_unix_socket_write
...
Resolves : #1645912
2018-11-08 11:22:27 -05:00
Robbie Harwood
f745542b78
New upstream beta release (1.17-beta1)
2018-11-01 20:07:33 +00:00
Robbie Harwood
5f59f89111
Package kerberos(7)
2018-10-24 15:36:36 -04:00
Robbie Harwood
3ce8c381c3
Update man pages to reference kerberos(7)
...
Resolves : #1143767
2018-10-24 15:07:14 -04:00
Robbie Harwood
d760ebeab2
Use port-sockets.h macros in cc_kcm, sendto_kdc
...
Resolves : #1631998
2018-10-17 15:27:45 -04:00
Robbie Harwood
c0ac611ad3
Correct kpasswd_server description in krb5.conf(5)
...
Resolves : #1640272
2018-10-17 13:49:20 -04:00
Robbie Harwood
0eeac3abaf
Prefer TCP to UDP for password changes
...
Resolves : #1637611
2018-10-15 13:26:07 -04:00
Adam Williamson
4a2dfb104c
Revert the patch from -20 as it seems to make FreeIPA worse
2018-10-09 13:57:21 -07:00
Robbie Harwood
af8b6635d6
Fix bugs with concurrent use of MEMORY ccaches
2018-10-02 13:36:43 -04:00
Robbie Harwood
ef8eae7c7b
In FIPS mode, add plaintext fallback for RC4 usages and taint
2018-08-01 15:11:35 -04:00
Robbie Harwood
d21edd514c
Fix k5test prompts for Python 3
2018-07-26 14:23:13 -04:00
Robbie Harwood
29b7ff3bb1
Remove outdated note in krb5kdc man page
2018-07-19 16:43:33 -04:00
Robbie Harwood
e506fad693
Make krb5kdc -p affect TCP ports
2018-07-19 16:43:21 -04:00
Robbie Harwood
e3ab2c3591
Eliminate preprocessor-disabled dead code
2018-07-19 16:43:06 -04:00
Robbie Harwood
b5615f9f2c
Fix some broken tests for Python 3
2018-07-18 17:25:00 -04:00
Robbie Harwood
c0f34c36f8
Zap copy of secret in RC4 string-to-key
2018-07-16 10:38:52 -04:00
Robbie Harwood
6bb371b555
Convert Python tests to Python 3
2018-07-12 13:08:20 -04:00
Robbie Harwood
18245c6b0f
Actually add the dependency this time
2018-07-11 12:56:14 -04:00
Robbie Harwood
50f81aad57
Add build dependency on gcc
2018-07-11 16:49:26 +00:00
Robbie Harwood
40a05d0347
Use SHA-256 instead of MD5 for audit ticket IDs
2018-07-10 17:34:02 -04:00
Jason Tibbitts
816afcf8e2
Remove needless use of %defattr
2018-07-10 01:32:54 -05:00
Robbie Harwood
2fc18e9142
Add BuildRequires on python2 so we can run tests at build-time
2018-07-06 15:27:23 +00:00
Robbie Harwood
97d3fa66d0
Explicitly look for python2 in configure.in
2018-07-06 10:59:48 -04:00
Robbie Harwood
ff388043f1
Add flag to disable encrypted timestamp on client
2018-06-14 17:45:09 -04:00
Robbie Harwood
d6ae33b85a
Switch to python3-sphinx for docs
...
Resolves : #1590928
2018-06-14 16:56:44 +00:00
Robbie Harwood
367b100b3b
Make docs build python3-compatible
...
Resolves : #1590928
2018-06-14 10:49:23 -04:00
Robbie Harwood
6dd406494d
Update includedir processing to match upstream
2018-06-07 12:37:24 -04:00
Robbie Harwood
6e3058a9c5
Log when non-root ksu authorization fails
...
Resolves : #1575771
2018-06-01 14:04:16 -04:00
Robbie Harwood
9467290bc7
Remove "-nodes" option from make-certs scripts
2018-05-04 10:59:52 -04:00
Robbie Harwood
88ba66fe53
New upstream release - 1.16.1
2018-05-04 14:59:45 +00:00
Robbie Harwood
ab1e0477e9
Fix indentation in krb5.conf of default_ccache_name
2018-05-03 13:01:11 -04:00
Robbie Harwood
ace60f7773
Set error message on KCM get_princ failure
2018-04-30 12:08:36 -04:00
Robbie Harwood
c150a97555
Set error message on KCM get_princ failure
2018-04-30 12:08:15 -04:00
Robbie Harwood
1dc2c64cf3
Fix KDC null dereference on large TGS replies
2018-04-24 11:19:31 -04:00
Robbie Harwood
58b0bd97d4
Explicitly use openssl rather than builtin crypto
...
Resolves : #1570910
2018-04-23 17:11:53 +00:00
Robbie Harwood
a48c97c32b
Merge duplicate subsections in profile library
2018-04-17 13:28:40 -04:00
Robbie Harwood
8ed07abedf
Restrict pre-authentication fallback cases
2018-04-09 12:12:08 -04:00
Robbie Harwood
9f52d3d29f
Be more careful asking for AS key in SPAKE client
2018-04-03 15:05:13 -04:00
Robbie Harwood
091dcbf794
Zap data when freeing krb5_spake_factor
2018-04-02 12:37:37 -04:00
Robbie Harwood
09f9308fd8
Continue after KRB5_CC_END in KCM cache iteration
2018-03-29 10:43:22 -04:00
Robbie Harwood
27ca1f2678
Fix SPAKE memory leak
...
Also fix build problem
2018-03-27 18:01:05 +00:00
Robbie Harwood
99cea2e511
Fix gitignore problem with previous patchset
2018-03-27 15:13:46 +00:00
Robbie Harwood
2c340efca2
Add SPAKE support
...
- Improve protections on internal sensitive buffers
- Improve internal hex encoding/decoding
2018-03-27 15:09:05 +00:00
Robbie Harwood
8b49b0644c
Fix problem with ccache_name logic in previous build
2018-03-20 18:20:01 +00:00
Robbie Harwood
6b1b652d4d
Add pkinit_anchors default value to krb5.conf
...
Reindent krb5.conf to not be terrible
2018-03-20 17:53:38 +00:00
Robbie Harwood
2eafc4d8aa
Include preauth names in trace output where possible
...
Also fix misc bugs
2018-03-20 15:21:19 +00:00
Robbie Harwood
a387becbf5
Add PKINIT KDC support for freshness token
...
Also, fix securid_sam2 preauth for non-default salt
2018-03-19 22:16:46 +00:00
Robbie Harwood
ed142b51b1
Exit with status 0 from kadmind
2018-03-14 14:44:04 -04:00
Robbie Harwood
5f3f6ef19b
Fix hex conversion of PKINIT certid strings
2018-03-13 17:45:47 -04:00
Robbie Harwood
4b5cd8c1f8
Fix capaths "." values on client
...
Resolves: 1551099
2018-03-07 17:41:04 +00:00
Igor Gnatenko
03afcfa42c
Remove %clean section
...
None of currently supported distributions need that.
Last one was EL5 which is EOL for a while.
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-02-14 09:55:56 +01:00
Igor Gnatenko
307e1c3fab
Remove BuildRoot definition
...
None of currently supported distributions need that.
It was needed last for EL5 which is EOL now
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-02-13 23:36:56 +01:00
Robbie Harwood
392309c493
Fix flaws in LDAP DN checking
...
CVE-2018-5729, CVE-2018-5730
2018-02-13 11:09:41 -05:00
Robbie Harwood
c4848e3332
Fix a leak in the previous commit
...
Also, restore dist macro that was accidentally removed
Resolves : #1540939
2018-02-12 17:40:48 +00:00
Fedora Release Engineering
bfe3c598b5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-02-07 20:27:38 +00:00
Igor Gnatenko
caf02999e0
Switch to %ldconfig_scriptlets
...
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-02-03 17:31:01 +01:00
Robbie Harwood
85d9f736b5
Process included directories in alphabetical order
2018-01-29 17:48:17 +01:00
Robbie Harwood
30d56290b3
Fix network service dependencies
...
Resolves : #1525230
2017-12-12 21:45:17 +00:00
Robbie Harwood
e714c57927
Fix copr rule sop that the spec file builds
2017-12-06 18:10:36 +00:00
Robbie Harwood
9869daa1e8
New upstream release (1.16)
...
- No changes from beta2
- Add spec file support for COPR
2017-12-06 18:07:52 +00:00
Robbie Harwood
6f4f842e5f
New upstream prerelease (1.16-beta2)
2017-11-27 22:15:31 +00:00
Robbie Harwood
23141c22b1
Fix CVE-2017-15088 (Buffer overflow in get_matching_data())
2017-10-24 16:10:22 -04:00
Robbie Harwood
6e83fb6a5e
Drop dependency on python2-pyrad (dead upstream, broken with new python)
2017-10-23 16:28:55 +00:00
Robbie Harwood
e02d5c1dac
Actually bump kdbversion like I was supposed to
2017-10-09 15:24:04 +00:00
Robbie Harwood
533a73fdd1
New upstream prerelease (1.16-beta1)
2017-10-05 20:29:13 +00:00
Robbie Harwood
0c7302b5bc
Add German translation
2017-09-28 21:50:19 +00:00
Robbie Harwood
f1e535bb81
New upstream release - krb5-1.15.2
...
Adjust patches as appropriate
2017-09-25 19:24:33 +00:00
Robbie Harwood
11b90e9e6e
Save other programs from worrying about CVE-2017-11462
...
Resolves : #1488873
Resolves : #1488874
2017-09-06 16:43:59 +00:00
Robbie Harwood
f6b653fac2
Add hostname-based ccselect module
...
Also update certauth EKU stuff
Resolves : #1463665
2017-09-05 18:16:58 +00:00
Robbie Harwood
8f0349dc3e
Backport certauth eku security fix
2017-08-25 16:43:43 +00:00
Robbie Harwood
95b80fb0b9
Backport kdc policy plugin, but this time with dependencies
2017-08-22 19:11:06 +00:00
Robbie Harwood
48ad53c66e
Backport kdcpolicy interface
2017-08-21 17:23:54 +00:00
Robbie Harwood
2674e01b27
* Mon Aug 07 2017 Robbie Harwood <rharwood@redhat.com> 1.15.1-21
...
Display an error message if ocsp pkinit is requested
2017-08-16 20:07:07 +00:00
Robbie Harwood
0d402dae7f
Display an error message if ocsp pkinit is requested
2017-08-07 20:42:47 +00:00
Robbie Harwood
ccd78d8ee9
Disable dns_canonicalize_hostname. This may break some setups.
2017-08-02 17:02:48 +00:00
Robbie Harwood
0f2af40d1e
Re-enable test suite on ppc64le (no other changes)
2017-08-02 14:42:30 +00:00
Fedora Release Engineering
e2a7f10a2f
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
2017-07-26 17:59:47 +00:00
Robbie Harwood
45c6f63563
Fix CVE-2017-11368 (remote triggerable assertion failure)
2017-07-20 15:31:44 +00:00
Robbie Harwood
bb9cd0748a
Explicitly require python2 packages
2017-07-19 20:08:14 +00:00
Robbie Harwood
dd3f3e78a4
Add support to query the SSF of a context
2017-07-19 18:24:50 +00:00
Petr Písař
887df81921
perl dependency renamed to perl-interpreter < https://fedoraproject.org/wiki/Changes/perl_Package_to_Install_Core_Modules >
2017-07-12 14:04:40 +02:00
Robbie Harwood
ff9e66e349
Fix leaks in gss_inquire_cred_by_oid()
2017-07-06 17:06:13 +00:00
Robbie Harwood
b3eef12e9a
Fix arch name (ppc64le, not ppc64el)
...
Related-to: #1464381
2017-06-26 19:49:21 +00:00
Robbie Harwood
a51673420f
Skip test suite on ppc64el
...
Related-to: #1464381
2017-06-26 19:45:34 +00:00
Robbie Harwood
db0f9d981a
Include more test suite changes from upstream
...
Resolves : #1464381
2017-06-23 20:45:16 +00:00
Robbie Harwood
58aed41605
Fix custom build with -DDEBUG
2017-06-07 15:18:05 +00:00
Robbie Harwood
d322a08712
Use standard trigger logic for krb5 snippet
2017-05-24 19:04:22 +00:00
Robbie Harwood
3cae6ae5c3
Add kprop service env config file
2017-04-28 20:14:01 +00:00
Robbie Harwood
21848ec3e1
Update backports of certauth and corresponding test
2017-04-19 17:49:45 +00:00
Robbie Harwood
291b968871
Include fixes for previous commit
...
Resolves : #1433083
2017-04-13 20:00:14 +00:00
Robbie Harwood
3d952fc6c0
Automatically add includedir where not present
...
Also try removing sleep statement to see if it is still needed
Resolves : #1433083
2017-04-13 19:57:23 +00:00
Robbie Harwood
82cabae196
Fix use of enterprise principals with forwarding
2017-04-07 16:13:00 +00:00
Robbie Harwood
0dc40d929f
Backport certauth plugin and related pkinit changes
2017-03-22 18:09:06 +00:00
Robbie Harwood
fd8a9e22c4
Remove duplication between subpackages
...
Resolves : #1250228
2017-03-07 19:41:05 +00:00
Robbie Harwood
2a20da0e2a
New upstream release - 1.15.1
2017-03-04 00:34:47 +00:00
Robbie Harwood
9ce824b289
Patch build by disabling failing test; will fix properly soon
2017-03-01 22:58:53 +00:00
Robbie Harwood
ae83ec3024
Hammer refresh around transient rawhide issue
2017-02-17 23:45:56 +00:00
Robbie Harwood
beaf0637a0
Backport fix for GSSAPI fallback realm
2017-02-17 22:47:38 +00:00
Robbie Harwood
0d08e37340
Move krb5-kdb-version provides from -libs to -devel
2017-02-07 18:25:18 +00:00
Robbie Harwood
621f3cf2e6
Add free hook to KDB; increments KDB version
...
Add KDB version flag.
All patches are touched because git made the hash lengths in patches longer.
2017-01-20 18:07:42 -05:00
Robbie Harwood
be80cb9861
New upstream release
2016-12-05 20:52:58 +00:00
Robbie Harwood
f68ddd3a8e
Comment how betas work
2016-11-17 09:00:11 -05:00
Robbie Harwood
c3f7090334
New upstream release
2016-11-16 21:22:01 +00:00
Robbie Harwood
442bc9dfe4
Ensure we can build with the new CFLAGS
...
Also remove the git versioning in patches.
2016-11-10 20:32:41 +00:00
Robbie Harwood
821dac42ed
Upstream release 1.15-beta1
...
Also update selinux with RHEL hygene.
Resolves : #1314096
2016-10-20 23:34:55 +00:00
Tomas Mraz
895d0bdfea
rebuild with OpenSSL 1.1.0, added backported upstream patch
2016-10-11 14:04:59 +02:00
Robbie Harwood
76843c3ef0
Properly close krad sockets
...
Resolves : #1380836
2016-09-30 17:38:09 +00:00
Robbie Harwood
5a1a649bda
Fix backward check in kprop.service
2016-09-30 16:40:22 +00:00
Robbie Harwood
bbb54d328c
Switch to using autosetup macro
...
Patches come from git, so it is easiest to just make a git repo
2016-09-30 16:40:14 +00:00
Robbie Harwood
32ef372877
Backport getrandom() support and remove patch numbering
2016-09-22 19:39:24 +00:00
Robbie Harwood
14f028579d
New upstream release and integrate with external git
2016-09-19 23:49:31 +00:00
Robbie Harwood
4f5955da72
Add krb5_db_register_keytab
...
Resolves : #1376812
2016-09-19 16:18:42 +00:00
Robbie Harwood
3e13029eb0
Use responder for non-preauth AS requests
...
Resolves : #1370622
2016-08-29 17:58:02 +00:00
Robbie Harwood
10d34c1413
Guess Samba client mutual flag using ap_option
...
Resolves : #1370980
2016-08-29 17:44:23 +00:00
Robbie Harwood
1dd613afe8
Fix KDC return code and set prompt types for OTP client preauth
...
Resolves : #1370072
2016-08-25 14:05:05 +00:00
Robbie Harwood
136cc25087
Turn OFD locks back on with glibc workaround
...
Resolves : #1274922
2016-08-15 17:33:33 +00:00
Robbie Harwood
766ee8e989
Fix use of KKDCPP with SNI
...
Resolves : #1365027
2016-08-10 17:21:41 +00:00
Robbie Harwood
da7614606c
Make krb5-devel depend on libkadm5
...
Resolves : #1364487
2016-08-05 17:02:52 +00:00
Robbie Harwood
480d266a1d
Up-port a bunch of stuff from the el-7.3 cycle
...
Resolves : #1255450
ResolveS : #1314989
2016-08-03 21:15:16 +00:00
Robbie Harwood
482c8e1687
New upstream version 1.14.3
2016-08-01 20:44:35 +00:00
Robbie Harwood
528404bbf5
Fix CVE-2016-3120
...
Resolves : #1361051
2016-07-28 21:56:33 +00:00
Robbie Harwood
e165eeccda
Fix incorrect recv() size calculation in libkrad
2016-06-23 16:07:51 +00:00
Robbie Harwood
802e825d17
Separate out the kadm5 libs
2016-06-16 16:34:18 +00:00
Robbie Harwood
db300d8761
Fix setting of AS key in OTP preauth failure
2016-05-27 21:19:24 +00:00
Robbie Harwood
0429334fa0
Use the correct patches this time.
...
Resolves : #1321135
2016-04-05 20:14:05 +00:00
Robbie Harwood
2f3f20f718
Add send/receive sendto_kdc hooks and corresponding tests
...
Resolves : #1321135
2016-04-04 18:38:02 +00:00
Robbie Harwood
f0b5fc56f2
Fix CVE-2016-3119 (NULL deref in LDAP module)
2016-03-18 21:02:15 +00:00
Robbie Harwood
7b4e88e425
Backport OID mech fix
...
Resolves : #1317609
2016-03-17 17:17:30 +00:00
Robbie Harwood
f1cb770b53
New rawhide, new upstream version
...
- Drop CVE patches
- Rename fix_interposer.patch to acquire_cred_interposer.patch
- Update acquire_cred_interposer.patch to apply to new source
2016-02-29 23:45:38 +00:00
Robbie Harwood
8bddc884ac
Fix log file permissions patch with our selinux
...
Resolves : #1309421
2016-02-22 22:06:57 +00:00
Robbie Harwood
96d71f74f7
Backport my interposer fixes from upstream
...
Supersedes krb5-mechglue_inqure_attrs.patch
2016-02-19 20:11:26 +00:00
Robbie Harwood
5d016a51a3
Clean up bad merge
2016-02-16 17:08:51 +00:00
Robbie Harwood
9707484326
Adjust dependency on crypto-polices to be just the file we want
...
Patch courtesy of lslebodn.
Resolves : #1308984
2016-02-16 17:07:34 +00:00
Dennis Gilmore
04850893e4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
2016-02-04 02:24:34 +00:00
Robbie Harwood
f525729cee
Replace _kadmin/_kprop with systemd macros
...
Remove traces of upstart from fedora package per policy
Resolves : #1290185
2016-01-28 19:44:10 +00:00
Robbie Harwood
c52f5baf4b
Fix CVE-2015-8629, CVE-2015-8630, CVE-2015-8631
2016-01-27 23:17:07 +00:00
Robbie Harwood
93772ec156
Make krb5kdc.log not world-readable by default
...
Resolves : #1276484
2016-01-21 19:05:45 +00:00
Robbie Harwood
892fe9b7b5
Allow verification of attributes on krb5.conf
2016-01-21 18:05:08 +00:00
Robbie Harwood
ce63dad07e
Use "new" systemd macros for service handling. (Thanks vpavlin!)
...
Resolves : #850399
2016-01-20 22:11:00 +00:00
Robbie Harwood
21a49ad7c7
Simplify spec file by removing some dead code paths
...
This includes removal of the following macros:
- WITH_NSS (always false)
- WITH_SYSTEMD (always true)
- WITH_LDAP (always true)
- WITH_OPENSSL (always true)
2016-01-20 21:15:02 +00:00
Robbie Harwood
b653d26d53
Backport fix for chrome crash in spnego_gss_inquire_context
...
Resolves : #1295893
2016-01-08 18:38:57 +00:00
Robbie Harwood
07d6f2cd01
Backport patch to fix mechglue for gss_inqure_attrs_for_mech()
2015-12-17 02:12:51 +00:00
Robbie Harwood (frozencemetery)
1560d2b3cc
Backport interposer fix from master
...
Drop workaround pwsize initialization patch (gcc has been fixed)
Resolves: rhbz#1284985
2015-12-03 22:02:09 +00:00
Robbie Harwood (frozencemetery)
bf282deaf1
Fix FTBFS by no longer working around bug in nss_wrapper
2015-11-24 16:39:15 +00:00
Robbie Harwood (frozencemetery)
89ae1a3c67
Upstream release. No actual change from beta, just version bump
...
Also clean up unused parts of spec file.
2015-11-23 22:56:02 +00:00
Robbie Harwood (frozencemetery)
806928902d
Release 1.14-beta2
2015-11-16 18:11:20 +00:00
Robbie Harwood (frozencemetery)
b81fddfea1
Patch CVE-2015-2698
2015-11-04 20:26:21 +00:00
Robbie Harwood (frozencemetery)
def8c582bb
Patch CVE-2015-2697, CVE-2015-2696, CVE-2015-2695
2015-10-27 17:31:54 +00:00
Robbie Harwood (frozencemetery)
255e769785
Ensure pwsize is initialized in chpass_util.c
2015-10-22 18:30:26 +00:00
Robbie Harwood (frozencemetery)
5eb94ecfab
Fix typo of crypto-policies file in previous version
2015-10-22 15:14:45 +00:00
Robbie Harwood (frozencemetery)
9baef8fa8f
Start using crypto-policies
2015-10-19 23:01:44 +00:00
Robbie Harwood (frozencemetery)
582b087130
TEMPORARILY disable usage of OFD locks as a workaround for x86
2015-10-19 17:38:34 +00:00
Robbie Harwood (frozencemetery)
98128c4038
New upstream beta version
2015-10-15 20:51:57 +00:00
Robbie Harwood (frozencemetery)
4529758a74
Work around KDC client prinicipal in referrals issue
...
Resolves: rhbz#1259844
2015-10-08 19:24:20 +00:00
Robbie Harwood (frozencemetery)
a89bdde4da
Revert "New upstream version: krb5-1.14-alpha1"
...
This reverts commit 1138991893
.
2015-10-01 18:33:34 +00:00
Robbie Harwood
5ccfdd171d
Bring back krb5.conf.d and allow building with bad krb5.conf
2015-09-29 14:47:06 -04:00
Robbie Harwood (frozencemetery)
1138991893
New upstream version: krb5-1.14-alpha1
...
Drop patches that have since been applied. Create new patches as
needed.
2015-09-24 17:57:53 +00:00
Robbie Harwood (frozencemetery)
a328acab1b
Drop dependency on pax&ksh and remove support for fedora < 20
2015-09-23 18:42:40 +00:00
Robbie Harwood (frozencemetery)
a9af3c8817
Nix /usr/share/krb5.conf.d to reduce complexity
2015-09-23 15:11:53 +00:00
Robbie Harwood (frozencemetery)
65ce267be1
Depend on crypto-policies which provides /etc/krb5.conf.d
...
Resolves: rhbz#1225792
2015-09-23 14:02:37 +00:00
Robbie Harwood (frozencemetery)
5ec8cb89e0
Miscalaneous spec fixes.
...
Remove dependency on systemd-sysv which is no longer needed for fedora
> 20. Other fixes as needed to resolve a fail-to-build issue.
2015-09-11 17:02:31 +00:00
Robbie Harwood (frozencemetery)
2e058adfc5
Bump minor release
2015-09-10 19:55:53 +00:00
Robbie Harwood (frozencemetery)
6cb6b69409
Support config snippets in /etc/krb5.conf.d/ and /usr/share/krb5.conf.d/
...
Resolves: rhbz#1225792, rhbz#1146370, rhbz#1145808
2015-09-10 19:45:12 +00:00
Roland Mainz
580aefb618
* Thu Jun 25 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-6
...
- Use system nss_wrapper and socket_wrapper for testing.
Patch by Andreas Schneider <asn@redhat.com>
2015-06-26 02:47:13 +02:00
Roland Mainz
d4aa04d87c
* Thu Jun 25 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-5
...
- Remove Zanata test glue and related workarounds
- Bug #1234292 ("IPA server cannot be run in container due to incorrect /usr/sbin/_kadmind")
- Bug #1234326 ("krb5-server introduces new rpm dependency on ksh")
2015-06-25 14:23:31 +02:00
Roland Mainz
168ec0c9e7
* Thu Jun 18 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-4
...
- Fix dependicy on binfmt.service
2015-06-19 18:22:15 +02:00
Dennis Gilmore
57f951a0e2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
2015-06-17 13:38:13 +00:00
Roland Mainz
7029c6670c
* Tue Jun 2 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-2
...
- Add patch to fix Redhat Bug #1227542 ("[SELinux] AVC denials may appear
when kadmind starts"). The issue was caused by an unneeded |htons()|
which triggered SELinux AVC denials due to the "random" port usage.
2015-06-03 02:57:20 +02:00
Roland Mainz
8c2cea93bb
* Thu May 21 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-1
...
- Add fix for RedHat Bug #1164304 ("Upstream unit tests loads
the installed shared libraries instead the ones from the build")
2015-05-22 16:28:26 +02:00
Roland Mainz
3ae7a21305
* Thu May 14 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-0
...
- Update to krb5-1.13.2
- drop patch for krb5-1.13.2-CVE_2015_2694_requires_preauth_bypass_in_PKINIT_enabled_KDC, fixed in krb5-1.13.2
- drop patch for krb5-1.12.1-CVE_2014_5355_fix_krb5_read_message_handling, fixed in krb5-1.13.2
- Add script processing for upcoming Zanata l10n support
- Minor spec cleanup
2015-05-15 01:02:21 +02:00
Roland Mainz
1171aa60d0
* Mon May 4 2015 Roland Mainz <rmainz@redhat.com> - 1.13.1-4
...
- fix for CVE-2015-2694 (#1216133 ) "requires_preauth bypass
in PKINIT-enabled KDC".
In MIT krb5 1.12 and later, when the KDC is configured with
PKINIT support, an unauthenticated remote attacker can
bypass the requires_preauth flag on a client principal and
obtain a ciphertext encrypted in the principal's long-term
key. This ciphertext could be used to conduct an off-line
dictionary attack against the user's password.
resolves : #1216134
2015-05-06 01:15:00 +02:00
Roland Mainz
14a63ce373
* Wed Mar 25 2015 Roland Mainz <rmainz@redhat.com> - 1.13.1-3
...
- Add temporay workaround for RH bug #1204646 ("krb5-config
returns wrong -specs path") which modifies krb5-config post
build so that development of krb5 dependicies gets unstuck.
This MUST be removed before rawhide becomes F23 ...
2015-03-25 16:06:10 +01:00
Roland Mainz
1984e0ee1d
* Thu Mar 19 2015 Roland Mainz <rmainz@redhat.com> - 1.13.1-2
...
- fix for CVE-2014-5355 (#1193939 ) "krb5: unauthenticated
denial of service in recvauth_common() and others"
2015-03-20 13:24:47 +01:00
Roland Mainz
54e60b1162
* Thu Mar 19 2015 Roland Mainz <rmainz@redhat.com> - 1.13.1-2
...
- fix for CVE-2014-5355 (#1193939 ) "krb5: unauthenticated
denial of service in recvauth_common() and others"
2015-03-20 13:23:20 +01:00
Roland Mainz
03981c354e
* Fri Feb 13 2015 Roland Mainz <rmainz@redhat.com> - 1.13.1-1
...
- Update to krb5-1.13.1
- drop patch for CVE_2014_5353_fix_LDAP_misused_policy_name_crash, fixed in krb5-1.13.1
- drop patch for kinit -C loops (MIT/krb5 bug #243 ), fixed in krb5-1.13.1
- drop patch for CVEs { 2014-9421, 2014-9422, 2014-9423, 2014-5352 }, fixed in krb5-1.13.1
- Minor spec cleanup
2015-02-13 17:35:10 +01:00
Roland Mainz
c74e97faa9
* Wed Feb 4 2015 Roland Mainz <rmainz@redhat.com> - 1.13-8
...
- fix for CVE-2014-5352 (#1179856 ) "gss_process_context_token()
incorrectly frees context (MITKRB5-SA-2015-001)"
- fix for CVE-2014-9421 (#1179857 ) "kadmind doubly frees partial
deserialization results (MITKRB5-SA-2015-001)"
- fix for CVE-2014-9422 (#1179861 ) "kadmind incorrectly
validates server principal name (MITKRB5-SA-2015-001)"
- fix for CVE-2014-9423 (#1179863 ) "libgssrpc server applications
leak uninitialized bytes (MITKRB5-SA-2015-001)"
2015-02-04 12:02:36 +01:00
Roland Mainz
aad351ad29
* Wed Feb 4 2015 Roland Mainz <rmainz@redhat.com> - 1.13-7
...
- Remove "python-sphinx-latex" and "tar" from the build requirements
to fix build failures on F22 machines.
- Minor spec cleanup
2015-02-04 11:47:44 +01:00
Nathaniel McCallum
7188a346bd
Support KDC_ERR_MORE_PREAUTH_DATA_REQUIRED (RT#8063)
2015-02-03 17:48:30 +01:00
Roland Mainz
fb520967f9
* Mon Jan 26 2015 Roland Mainz <rmainz@redhat.com> - 1.13-5
...
- fix for kinit -C loops (#1184629 , MIT/krb5 issue 243, "Do not
loop on principal unknown errors").
- Added "python-sphinx-latex" to the build requirements
to fix build failures on F22 machines.
2015-01-26 18:38:55 +01:00
Roland Mainz
6baee3e656
* Thu Dec 19 2014 Roland Mainz <rmainz@redhat.com> - 1.13-4
...
- fix for CVE-2014-5354 (#1174546 ) "krb5: NULL pointer
dereference when using keyless entries"
2014-12-18 17:57:19 +01:00
Roland Mainz
8545575f69
* Wed Dec 17 2014 Roland Mainz <rmainz@redhat.com> - 1.13-3
...
- fix for CVE-2014-5353 (#1174543 ) "Fix LDAP misused policy
name crash"
2014-12-17 12:06:33 +01:00
Roland Mainz
a54d1f9ac9
* Wed Oct 29 2014 Roland Mainz <rmainz@redhat.com> - 1.13-0
...
- Bump 1%%{?dist} to 2%%{?dist} to workaround RPM sort issue
which would lead yum updates to treat the last alpha as newer
than the final version.
2014-10-29 22:25:13 +01:00
Roland Mainz
eca7fd3d15
* Wed Oct 29 2014 Roland Mainz <rmainz@redhat.com> - 1.13-0
...
- Update from krb5-1.13-alpha1 to final krb5-1.13
- Removed patch for CVE-2014-5351 (#1145425 ) "krb5: current
keys returned when randomizing the keys for a service principal" -
now part of upstream sources
- Use patch for glibc |eventfd()| prototype mismatch (#1147887 ) only
for Fedora > 20
2014-10-29 21:55:10 +01:00
Roland Mainz
210ae0a2c1
* Tue Sep 30 2014 Roland Mainz <rmainz@redhat.com> - 1.13-0.alpha1.3
...
- fix build failure caused by change of prototype for glibc
|eventfd()| (#1147887 )
2014-09-30 12:19:07 +02:00
Roland Mainz
c5c716d7e4
- fix for CVE-2014-5351 ( #1145425 ) "krb5: current keys returned when
...
randomizing the keys for a service principal" (fix rpm spec file)
2014-09-29 23:04:48 +02:00
Nalin Dahyabhai
67988a74d0
Keep the license from being a dangling symlink
...
Processing of %license puts the named file in a directory other than the
docs directory, and doesn't rewrite relative symlinks to be correct. So
we can't use a symlink to one of them as the license.
2014-09-08 18:57:52 -04:00
Nalin Dahyabhai
56cd96f9bd
Remove the -S flag from kprop.service
...
- kpropd hasn't bothered with -S since 1.11; stop trying to use that
flag in the systemd unit file and change its type from "forking" to
"simple"
2014-08-28 14:05:37 -04:00
Nalin Dahyabhai
8563ebea46
Updating to 1.13 alpha1
2014-08-22 16:14:20 -04:00
Nalin Dahyabhai
c48fd0f0bc
Pull in upstream fix for an mischecked strdup()
...
- pull in upstream fix for an incorrect check on the value returned by a
strdup() call (#1132062 )
2014-08-20 17:36:44 -04:00