rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity
819 Commits 9 Branches 52 Tags 8.1 MiB
6cb6b69409
Commit Graph

610 Commits

Author SHA1 Message Date
Robbie Harwood (frozencemetery)
6cb6b69409 Support config snippets in /etc/krb5.conf.d/ and /usr/share/krb5.conf.d/ 
Resolves: rhbz#1225792, rhbz#1146370, rhbz#1145808
 2015-09-10 19:45:12 +00:00
Roland Mainz
580aefb618 * Thu Jun 25 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-6 
- Use system nss_wrapper and socket_wrapper for testing.
  Patch by Andreas Schneider <asn@redhat.com>
 2015-06-26 02:47:13 +02:00
Roland Mainz
d4aa04d87c * Thu Jun 25 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-5 
- Remove Zanata test glue and related workarounds
  - Bug #1234292 ("IPA server cannot be run in container due to incorrect /usr/sbin/_kadmind")
  - Bug #1234326 ("krb5-server introduces new rpm dependency on ksh")
 2015-06-25 14:23:31 +02:00
Roland Mainz
168ec0c9e7 * Thu Jun 18 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-4 
- Fix dependicy on binfmt.service
 2015-06-19 18:22:15 +02:00
Dennis Gilmore
57f951a0e2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild 2015-06-17 13:38:13 +00:00
Roland Mainz
7029c6670c * Tue Jun 2 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-2 
- Add patch to fix Redhat Bug #1227542 ("[SELinux] AVC denials may appear
  when kadmind starts"). The issue was caused by an unneeded |htons()|
  which triggered SELinux AVC denials due to the "random" port usage.
 2015-06-03 02:57:20 +02:00
Roland Mainz
8c2cea93bb * Thu May 21 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-1 
- Add fix for RedHat Bug #1164304 ("Upstream unit tests loads
  the installed shared libraries instead the ones from the build")
 2015-05-22 16:28:26 +02:00
Roland Mainz
3ae7a21305 * Thu May 14 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-0 
- Update to krb5-1.13.2
  - drop patch for krb5-1.13.2-CVE_2015_2694_requires_preauth_bypass_in_PKINIT_enabled_KDC, fixed in krb5-1.13.2
  - drop patch for krb5-1.12.1-CVE_2014_5355_fix_krb5_read_message_handling, fixed in krb5-1.13.2
- Add script processing for upcoming Zanata l10n support
- Minor spec cleanup
 2015-05-15 01:02:21 +02:00
Roland Mainz
1171aa60d0 * Mon May 4 2015 Roland Mainz <rmainz@redhat.com> - 1.13.1-4 
- fix for CVE-2015-2694 (#1216133) "requires_preauth bypass
  in PKINIT-enabled KDC".
  In MIT krb5 1.12 and later, when the KDC is configured with
  PKINIT support, an unauthenticated remote attacker can
  bypass the requires_preauth flag on a client principal and
  obtain a ciphertext encrypted in the principal's long-term
  key.  This ciphertext could be used to conduct an off-line
  dictionary attack against the user's password.
resolves: #1216134
 2015-05-06 01:15:00 +02:00
Roland Mainz
14a63ce373 * Wed Mar 25 2015 Roland Mainz <rmainz@redhat.com> - 1.13.1-3 
- Add temporay workaround for RH bug #1204646 ("krb5-config
  returns wrong -specs path") which modifies krb5-config post
  build so that development of krb5 dependicies gets unstuck.
  This MUST be removed before rawhide becomes F23 ...
 2015-03-25 16:06:10 +01:00
Roland Mainz
1984e0ee1d * Thu Mar 19 2015 Roland Mainz <rmainz@redhat.com> - 1.13.1-2 
- fix for CVE-2014-5355 (#1193939) "krb5: unauthenticated
  denial of service in recvauth_common() and others"
 2015-03-20 13:24:47 +01:00
Roland Mainz
54e60b1162 * Thu Mar 19 2015 Roland Mainz <rmainz@redhat.com> - 1.13.1-2 
- fix for CVE-2014-5355 (#1193939) "krb5: unauthenticated
  denial of service in recvauth_common() and others"
 2015-03-20 13:23:20 +01:00
Roland Mainz
03981c354e * Fri Feb 13 2015 Roland Mainz <rmainz@redhat.com> - 1.13.1-1 
- Update to krb5-1.13.1
  - drop patch for CVE_2014_5353_fix_LDAP_misused_policy_name_crash, fixed in krb5-1.13.1
  - drop patch for kinit -C loops (MIT/krb5 bug #243), fixed in krb5-1.13.1
  - drop patch for CVEs { 2014-9421, 2014-9422, 2014-9423, 2014-5352 }, fixed in krb5-1.13.1
- Minor spec cleanup
 2015-02-13 17:35:10 +01:00
Roland Mainz
c74e97faa9 * Wed Feb 4 2015 Roland Mainz <rmainz@redhat.com> - 1.13-8 
- fix for CVE-2014-5352 (#1179856) "gss_process_context_token()
  incorrectly frees context (MITKRB5-SA-2015-001)"
- fix for CVE-2014-9421 (#1179857) "kadmind doubly frees partial
  deserialization results (MITKRB5-SA-2015-001)"
- fix for CVE-2014-9422 (#1179861) "kadmind incorrectly
  validates server principal name (MITKRB5-SA-2015-001)"
- fix for CVE-2014-9423 (#1179863) "libgssrpc server applications
  leak uninitialized bytes (MITKRB5-SA-2015-001)"
 2015-02-04 12:02:36 +01:00
Roland Mainz
aad351ad29 * Wed Feb 4 2015 Roland Mainz <rmainz@redhat.com> - 1.13-7 
- Remove "python-sphinx-latex" and "tar" from the build requirements
  to fix build failures on F22 machines.
- Minor spec cleanup
 2015-02-04 11:47:44 +01:00
Nathaniel McCallum
7188a346bd Support KDC_ERR_MORE_PREAUTH_DATA_REQUIRED (RT#8063) 2015-02-03 17:48:30 +01:00
Roland Mainz
fb520967f9 * Mon Jan 26 2015 Roland Mainz <rmainz@redhat.com> - 1.13-5 
- fix for kinit -C loops (#1184629, MIT/krb5 issue 243, "Do not
  loop on principal unknown errors").
- Added "python-sphinx-latex" to the build requirements
  to fix build failures on F22 machines.
 2015-01-26 18:38:55 +01:00
Roland Mainz
6baee3e656 * Thu Dec 19 2014 Roland Mainz <rmainz@redhat.com> - 1.13-4 
- fix for CVE-2014-5354 (#1174546) "krb5: NULL pointer
  dereference when using keyless entries"
 2014-12-18 17:57:19 +01:00
Roland Mainz
8545575f69 * Wed Dec 17 2014 Roland Mainz <rmainz@redhat.com> - 1.13-3 
- fix for CVE-2014-5353 (#1174543) "Fix LDAP misused policy
  name crash"
 2014-12-17 12:06:33 +01:00
Roland Mainz
a54d1f9ac9 * Wed Oct 29 2014 Roland Mainz <rmainz@redhat.com> - 1.13-0 
- Bump 1%%{?dist} to 2%%{?dist} to workaround RPM sort issue
  which would lead yum updates to treat the last alpha as newer
  than the final version.
 2014-10-29 22:25:13 +01:00
Roland Mainz
eca7fd3d15 * Wed Oct 29 2014 Roland Mainz <rmainz@redhat.com> - 1.13-0 
- Update from krb5-1.13-alpha1 to final krb5-1.13
- Removed patch for CVE-2014-5351 (#1145425) "krb5: current
  keys returned when randomizing the keys for a service principal" -
  now part of upstream sources
- Use patch for glibc |eventfd()| prototype mismatch (#1147887) only
  for Fedora > 20
 2014-10-29 21:55:10 +01:00
Roland Mainz
210ae0a2c1 * Tue Sep 30 2014 Roland Mainz <rmainz@redhat.com> - 1.13-0.alpha1.3 
- fix build failure caused by change of prototype for glibc
  |eventfd()| (#1147887)
 2014-09-30 12:19:07 +02:00
Roland Mainz
c5c716d7e4 - fix for CVE-2014-5351 (#1145425) "krb5: current keys returned when 
randomizing the keys for a service principal" (fix rpm spec file)
 2014-09-29 23:04:48 +02:00
Nalin Dahyabhai
67988a74d0 Keep the license from being a dangling symlink 
Processing of %license puts the named file in a directory other than the
docs directory, and doesn't rewrite relative symlinks to be correct.  So
we can't use a symlink to one of them as the license.
 2014-09-08 18:57:52 -04:00
Nalin Dahyabhai
56cd96f9bd Remove the -S flag from kprop.service 
- kpropd hasn't bothered with -S since 1.11; stop trying to use that
  flag in the systemd unit file and change its type from "forking" to
  "simple"
 2014-08-28 14:05:37 -04:00
Nalin Dahyabhai
8563ebea46 Updating to 1.13 alpha1 2014-08-22 16:14:20 -04:00
Nalin Dahyabhai
c48fd0f0bc Pull in upstream fix for an mischecked strdup() 
- pull in upstream fix for an incorrect check on the value returned by a
  strdup() call (#1132062)
 2014-08-20 17:36:44 -04:00
Peter Robinson
9c7c7781c4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild 2014-08-17 00:48:14 +00:00
Nalin Dahyabhai
4f7f51121b drop patch for CVE-2014-4345, included in 1.12.2 2014-08-15 15:04:26 -04:00
Nalin Dahyabhai
7880fca0ad drop patch for CVE-2014-4344, included in 1.12.2 2014-08-15 15:02:04 -04:00
Nalin Dahyabhai
b234a3d334 drop patch for CVE-2014-4343, included in 1.12.2 2014-08-15 15:01:01 -04:00
Nalin Dahyabhai
56235f0463 drop patches for CVE-2014-4341/CVE-2014-4342, included in 1.12.2 2014-08-15 14:59:36 -04:00
Nalin Dahyabhai
2184fad363 drop patch for RT#7926, fixed in 1.12.2 2014-08-15 14:56:39 -04:00
Nalin Dahyabhai
7041f914bd drop patch for RT#7924, fixed in 1.12.2 2014-08-15 14:52:23 -04:00
Nalin Dahyabhai
0bd95b4771 drop patch for RT#7858, fixed in 1.12.2 2014-08-15 14:50:08 -04:00
Nalin Dahyabhai
d41320b7c1 drop patch for RT#7836, fixed in 1.12.2 2014-08-15 14:37:24 -04:00
Nalin Dahyabhai
1d44a8f927 drop patch for RT#7818, fixed in 1.12.2 2014-08-15 14:35:45 -04:00
Nalin Dahyabhai
f543a683b0 Drop patch for #231147, fixed in 1.12.2 2014-08-15 14:13:21 -04:00
Nalin Dahyabhai
e5a4698cf5 drop patch for RT#7820, merged in 1.12.2 2014-08-15 14:02:13 -04:00
Nalin Dahyabhai
c042f71c80 Update collection cache patch set for ksu 
- replace older proposed changes for ksu with backports of the changes
  after review and merging upstream (#1015559, #1026099, #1118347)
 2014-08-15 14:00:14 -04:00
Nalin Dahyabhai
b324000e34 fix MITKRB5-SA-2014-001 (CVE-2014-4345) 
- incorporate fix for MITKRB5-SA-2014-001 (CVE-2014-4345)
 2014-08-07 19:25:49 -04:00
Nalin Dahyabhai
38595f5338 Add patch for CVE-2014-4344 
- gssapi: pull in upstream fix for a possible NULL dereference
  in spnego (CVE-2014-4344)
 2014-07-21 17:51:10 -04:00
Nalin Dahyabhai
24f7f1a446 Update to upstream patch 
Update to the as-committed version of this patch, which affects the
comments it includes.
 2014-07-21 17:19:42 -04:00
Nalin Dahyabhai
9594be4f3a Add proposed fix for a double-free in gss clients 
- gssapi: pull in proposed fix for a double free in initiators (David
  Woodhouse, #1117963)
 2014-07-16 15:14:38 -04:00
Tom Callaway
79897b3c5d fix license handling 2014-07-12 18:45:11 -04:00
Nalin Dahyabhai
e2bc024559 Pull in fix for CVE-2014-4341/CVE-2014-4342 
- pull in fix for denial of service by injection of malformed GSSAPI
  tokens (CVE-2014-4341, CVE-2014-4342, #1116181)
 2014-07-07 17:56:12 -04:00
Nalin Dahyabhai
40e2189ede Backport support for scanning /etc/gss/mech.d/*.conf 
- pull in changes from upstream which add processing of the contents of
  /etc/gss/mech.d/*.conf when loading GSS modules (#1102839)
 2014-06-24 16:47:17 -04:00
Nalin Dahyabhai
47d56d9162 Fix FTBFS #1107061 using a patch from upstream 
- pull in fix for building against tcl 8.6 (#1107061)
 2014-06-12 16:23:15 -04:00
Nalin Dahyabhai
790a56ba59 Add a buildrequires: on texlive-pdftex 
We were having trouble building the PDFs due to a missing pdfcolor.tex
after the latest update to python-sphinx, but an even newer
texlive-pdftex provides that, so add it as a BuildRequires:
 2014-06-12 12:04:06 -04:00
Dennis Gilmore
dd2e1e4398 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild 2014-06-07 22:22:03 -05:00