rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity
34 Commits 9 Branches 50 Tags 8.1 MiB
99ca133dd0
Commit Graph

34 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Julien Rische
99ca133dd0 Use p11-kit as default PKCS11 module 
Resolves: rhbz#2030981

Signed-off-by: Julien Rische <jrische@redhat.com>
 2022-05-03 17:07:12 +02:00
Julien Rische
4262e013b4 Try harder to avoid password change replay errors 
change_set_password() was changed to prefer TCP.  However, because
UDP_LAST falls back to UDP after one second, we can still get a replay
error due to a dropped packet, before the TCP layer has a chance to
retry.

Instead, try k5_sendto() with NO_UDP, and only fall back to UDP after
TCP fails completely without reaching a server.  In sendto_kdc.c,
implement an ONLY_UDP transport strategy to allow the UDP fallback.

Resolves: rhbz#2075186

Signed-off-by: Julien Rische <jrische@redhat.com>
 2022-04-26 15:32:34 +02:00
Julien Rische
670d3af2d8 Fix global dejagnu test suite 
Global dejagnu tests in src/tests/dejagnu were not following the
enforced test suite directory naming.

Resolves: rhbz#2053133

Signed-off-by: Julien Rische <jrische@redhat.com>
 2022-04-11 12:03:13 +02:00
Julien Rische
72dec680b5 Use newly enforced dejagnu path naming convention 
Since version 1.6.3, dejagnu started to enforce a naming convention that
was already in place, but not mandatory: dejagnu test directories have
to be named "testsuite". If they don't implicit relative sub-paths
resolution (e.g. "lib", "config") is not forking.

This commit renames kadm5 library's unit tests directory to match this
requirement.

This fix won't be applied upstream because these tests were removed in
version 1.20.

Resolves: rhbz#2053133

Signed-off-by: Julien Rische <jrische@redhat.com>
 2022-03-31 19:03:03 +02:00
Julien Rische
743ee90668 Use SHA-256 instead of SHA-1 for PKINIT CMS digest 
CMS digest and signature algorithm for the anonymous PKINIT is changed
from SHA-1 to SHA-256. SHA-1 hasn't been considered secure anymore for
this kind of purposes for some years already.

Resolves: rhbz#2064823

Signed-off-by: Julien Rische <jrische@redhat.com>
 2022-03-16 17:49:06 +01:00
Julien Rische
d5c38cc27b Do not block KRB5KDF and MD4/5 in FIPS mode 
Bypass OpenSSL's restrictions to use KRB5KDF in FIPS mode in case at
least one of AES SHA-1 HMAC encryption types are used.

Use OpenSSL 3.0 library context to access MD4 and MD5 lazily from
legacy provider if RADIUS is being used or RC4 encryption type is
enabled, without affecting global context.

Remove EVP_MD_CTX_FLAG_NON_FIPS_ALLOW flag since does not have any
effect anymore.

Such exceptions should not be allowed by the default FIPS crypto
policy.

Resolves: rhbz#2039684
Resolves: rhbz#2053135

Signed-off-by: Julien Rische <jrische@redhat.com>
 2022-02-28 14:19:37 +01:00
Antonio Torres
859e264a8c Remove -specs= from krb5-config output 
Resolves: bz#1997021
Signed-off-by: Antonio Torres <antorres@redhat.com>
 2021-12-17 14:12:12 +01:00
Antonio Torres
f34cb373a2 Fix KDC null deref on TGS inner body null server (CVE-2021-37750) 
Resolves: #1997602
Signed-off-by: Antonio Torres <antorres@redhat.com>
 2021-10-20 17:08:04 +02:00
Mohan Boddu
364706b0c5 Rebuilt for IMA sigs, glibc 2.34, aarch64 flags 
Related: rhbz#1991688
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
 2021-08-09 21:12:46 +00:00
Robbie Harwood
d14638ed20 Fix KDC null deref on bad encrypted challenge (CVE-2021-36222) 
Resolves: #1983733
 2021-07-20 14:51:15 -04:00
Robbie Harwood
f1e7f38975 Update OpenSSL 3 provider handling to clean up properly 
Resolves: #1955873
 2021-07-14 16:32:30 -04:00
Robbie Harwood
e7aeea399f Sync openssl3 patches with upstream 
Resolves: #1955873
 2021-06-21 13:24:29 -04:00
Robbie Harwood
8855babfbf Add rpminspect and clean up mass rebuild mess 
Resolves: #1967505
 2021-06-17 18:55:14 -04:00
Robbie Harwood
bbae1053b5 Fix several fallback canonicalization problems 
Resolves: #1967505
 2021-06-17 17:47:21 -04:00
Mohan Boddu
b99dafad10 - Rebuilt for RHEL 9 BETA for openssl 3.0 
Related: rhbz#1971065
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
 2021-06-15 20:29:45 +00:00
Kaleemullah Siddiqui
9cc7b9bf08 Add gating definition for RHEL 9 
Related: rhbz#1947473

Signed-off-by: Kaleemullah Siddiqui <ksiddiqu@redhat.com>
 2021-06-11 13:08:52 +00:00
Robbie Harwood
d223dacd67 Backport KCM retrieval fixes 
Resolves: #1956403
 2021-06-10 15:27:22 -04:00
Robbie Harwood
aec30dcfcb Fix DES3 mention in KDFs 
Resolves: #1955873
 2021-05-20 10:39:59 -04:00
Robbie Harwood
0018db9e38 Port to OpenSSL 3 (alpha 15) 
Resolves: #1955873
 2021-05-19 19:58:33 -04:00
Mohan Boddu
028c031c89 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
 2021-04-16 00:56:33 +00:00
DistroBaker
7a9f036cee Merged update from upstream sources 
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/krb5.git#1c03da79deb8ed96af1eed5beacd2db24c4212a6
 2021-03-11 20:10:59 +00:00
Robbie Harwood
22be492dbf Manual merge with Fedora 34 
Update to 1c03da79de
 2021-03-09 12:06:44 -05:00
DistroBaker
94bc4ee9cb Merged update from upstream sources 
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/krb5.git#ab3f34f0e757af2367b8c31b9bd42feae03d0e48
 2021-02-18 22:21:10 +00:00
DistroBaker
f7785327ef Merged update from upstream sources 
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/krb5.git#35a4aa7b99d1eb139f4ae0e0fe87b17ada77a999
 2021-02-05 21:26:51 +00:00
DistroBaker
63115b8a52 Merged update from upstream sources 
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/krb5.git#0dd40e4ff052566efcaa5425c4cb56bd5d23d56f
 2021-01-29 07:35:20 +00:00
DistroBaker
0f0d613782 Merged update from upstream sources 
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/krb5.git#327ebd0b263aa5adaafd83851b8dd9953f984c01
 2021-01-27 21:06:42 +00:00
DistroBaker
638537960c Merged update from upstream sources 
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/krb5.git#9fb5239517e1095421fd19cb964949a1f5594988
 2021-01-12 23:24:10 +00:00
DistroBaker
da5db561e5 Merged update from upstream sources 
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/krb5.git#b783a5421cf5820f19f2e3aeb999ad24de39747e
 2020-11-24 18:42:16 +00:00
Troy Dawson
85d9be4ef7 RHEL 9.0.0 Alpha bootstrap 
The content of this branch was automatically imported from Fedora ELN
with the following as its source:
https://src.fedoraproject.org/rpms/krb5#dc8775d11d7134f84024545f21b4561a6bd8dccf
 2020-11-18 14:34:00 -08:00
Troy Dawson
dcd44d26dc RHEL 9.0.0 Alpha bootstrap 
The content of this branch was automatically imported from Fedora ELN
with the following as its source:
https://src.fedoraproject.org/rpms/krb5#015255764a8b2e22bcb29b8abd0813344c423da1
 2020-11-18 09:51:25 -08:00
DistroBaker
f0185a4c0a Merged update from upstream sources 
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/krb5.git#d2da394f6768fee0f055e022ccbf4c011586bd93
 2020-11-05 18:01:23 +00:00
DistroBaker
2c0634c50d Merged update from upstream sources 
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/krb5.git#bfdc7c0b7be1f33f451a173fb1155450fbe25690
 2020-10-27 21:13:14 +01:00
Petr Šabata
908aeb56b2 RHEL 9.0.0 Alpha bootstrap 
The content of this branch was automatically imported from Fedora ELN
with the following as its source:
https://src.fedoraproject.org/rpms/krb5#501e2980728bcbd0c757fd9bb2b6274342420d2a
 2020-10-15 15:05:18 +02:00
Release Configuration Management
c5329a1c4a New branch setup 2020-10-08 16:19:50 +00:00