rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity
771 Commits 9 Branches 52 Tags 8.1 MiB
b324000e34
Commit Graph

570 Commits

Author SHA1 Message Date
Nalin Dahyabhai
b324000e34 fix MITKRB5-SA-2014-001 (CVE-2014-4345) 
- incorporate fix for MITKRB5-SA-2014-001 (CVE-2014-4345)
 2014-08-07 19:25:49 -04:00
Nalin Dahyabhai
38595f5338 Add patch for CVE-2014-4344 
- gssapi: pull in upstream fix for a possible NULL dereference
  in spnego (CVE-2014-4344)
 2014-07-21 17:51:10 -04:00
Nalin Dahyabhai
24f7f1a446 Update to upstream patch 
Update to the as-committed version of this patch, which affects the
comments it includes.
 2014-07-21 17:19:42 -04:00
Nalin Dahyabhai
9594be4f3a Add proposed fix for a double-free in gss clients 
- gssapi: pull in proposed fix for a double free in initiators (David
  Woodhouse, #1117963)
 2014-07-16 15:14:38 -04:00
Tom Callaway
79897b3c5d fix license handling 2014-07-12 18:45:11 -04:00
Nalin Dahyabhai
e2bc024559 Pull in fix for CVE-2014-4341/CVE-2014-4342 
- pull in fix for denial of service by injection of malformed GSSAPI
  tokens (CVE-2014-4341, CVE-2014-4342, #1116181)
 2014-07-07 17:56:12 -04:00
Nalin Dahyabhai
40e2189ede Backport support for scanning /etc/gss/mech.d/*.conf 
- pull in changes from upstream which add processing of the contents of
  /etc/gss/mech.d/*.conf when loading GSS modules (#1102839)
 2014-06-24 16:47:17 -04:00
Nalin Dahyabhai
47d56d9162 Fix FTBFS #1107061 using a patch from upstream 
- pull in fix for building against tcl 8.6 (#1107061)
 2014-06-12 16:23:15 -04:00
Nalin Dahyabhai
790a56ba59 Add a buildrequires: on texlive-pdftex 
We were having trouble building the PDFs due to a missing pdfcolor.tex
after the latest update to python-sphinx, but an even newer
texlive-pdftex provides that, so add it as a BuildRequires:
 2014-06-12 12:04:06 -04:00
Dennis Gilmore
dd2e1e4398 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild 2014-06-07 22:22:03 -05:00
Nathaniel McCallum
44d0e80df0 Backport fix for change password requests when using FAST (RT#7868) 2014-03-04 11:22:42 -05:00
Nalin Dahyabhai
2550f0f56b Backport fix for RT#7858 
- spnego: pull in patch from master to restore preserving the OID of the
  mechanism the initiator requested when we have multiple OIDs for the
  same mechanism, so that we reply using the same mechanism OID and the
  initiator doesn't get confused (#1066000, RT#7858)
 2014-02-17 21:06:07 -05:00
Nalin Dahyabhai
c0d64aa79f Note that "runstatedir" changes are also #1040056 2014-02-10 14:17:15 -05:00
Nalin Dahyabhai
bdb8c58c53 Move the default directory for OTP sockets to /var/run/krb5kdc 
- pull in patch from master to move the default directory which the KDC
  uses when computing the socket path for a local OTP daemon from the
  database directory (/var/kerberos/krb5kdc) to the newly-added run
  directory (/run/krb5kdc), in line with what we're expecting in 1.13
  (RT#7859)
- add a tmpfiles.d configuration file to have /run/krb5kdc created at
  boot-time
- own /var/run/krb5kdc
 2014-02-07 16:13:29 -05:00
Nalin Dahyabhai
419c14d6ac Pull from the right wrapper branches 
... and add our local patch to fix the bind-then-connect case.
 2014-02-04 15:31:21 -05:00
Nalin Dahyabhai
956ccfdfb4 refresh nss_wrapper, add socket_wrapper 2014-01-31 16:56:05 -05:00
Nalin Dahyabhai
5c7bab5883 Take x bit off of an html doc file, fix whitespace 2014-01-31 16:55:11 -05:00
Nalin Dahyabhai
9b18d26ce3 Add proposed ksu KEYRING+default_ccache_name patch 
- add currently-proposed changes to teach ksu about credential cache
  collections and the default_ccache_name setting (#1015559,#1026099)
 2014-01-31 16:55:05 -05:00
Nalin Dahyabhai
2eb0567065 Backport changes to allow "rcache" credstores 
- pull in multiple changes to allow replay caches to be added to a GSS
  credential store as "rcache"-type credentials (RT#7818/#7819/#7836,
  #1056078/#1056080)
 2014-01-21 18:52:57 -05:00
Nalin Dahyabhai
792d78fa47 Backport fixes for timesync with keyring caches 
add patch to always retrieve the KDC time offsets from keyring caches,
so that we don't mistakenly interpret creds as expired before their
time when our clock is ahead of the KDC's (RT#7820, #1030607)
 2014-01-17 10:58:19 -05:00
Nalin Dahyabhai
4dec248a05 Drop obsolete patches 2014-01-17 10:55:16 -05:00
Nalin Dahyabhai
8ae5258eb3 Drop obsolete patch 2014-01-17 10:48:08 -05:00
Nalin Dahyabhai
29afef6c24 Drop obsolete patch 2014-01-17 10:47:01 -05:00
Nalin Dahyabhai
007e77a2b3 Drop obsolete patch 2014-01-17 10:17:19 -05:00
Nalin Dahyabhai
6a8573e3af Drop obsolete patch 2014-01-17 10:08:58 -05:00
Nalin Dahyabhai
0b6ebaab00 Drop obsolete patch 2014-01-17 09:59:39 -05:00
Nalin Dahyabhai
6265fcabf5 Drop obsolete patch 2014-01-17 09:58:40 -05:00
Nalin Dahyabhai
aef7c262b1 Update the textrel patch for x86 
- update the PIC patch for iaesx86.s to not use ELF relocations
  (RT#7815, #1045699) to the version that landed upstream
 2014-01-13 11:41:47 -05:00
Nalin Dahyabhai
8fe7e82068 Note why we started saving ebx 2014-01-09 13:20:22 -05:00
Nalin Dahyabhai
6e03c5ada1 Link shared libs using -Wl,--warn-shared-textrel 
- pass -Wl,--warn-shared-textrel to the compiler when we're creating shared
  libraries
 2014-01-09 13:13:30 -05:00
Nalin Dahyabhai
5de1fa728f bump release for a new build 2014-01-09 11:03:45 -05:00
Nalin Dahyabhai
8a1df153c6 Save/restore ebx in functions where we modify it 
- amend the PIC patch for iaesx86.s to also save/restore ebx in the
  functions where we modify it
 2014-01-09 11:02:26 -05:00
Nalin Dahyabhai
75edc7c7ca Try to remove execmod from 32-bit AES-NI k5crypto 
- make a guess at making the 32-bit AES-NI implementation sufficiently
  position-independent to not require execmod permissions for libk5crypto
  (more of #1045699)
 2014-01-06 18:53:03 -05:00
Nalin Dahyabhai
05c4140d32 Switch to as-committed version 
- grab a more-commented version of the most recent patch from upstream
  master
 2014-01-06 15:58:20 -05:00
Nalin Dahyabhai
480b9efaa3 Add Dhiru Kholia's patch to restore noexecstack 
- add patch from Dhiru Kholia for the AES-NI implementations to allow
  libk5crypto to be properly marked as not needing an executable stack
  on arches where they're used (#1045699, and so many others)
 2014-01-02 23:46:42 -05:00
Nalin Dahyabhai
13df2d5386 Remove the BuildRequires: on yasm for now 
Go back to not using AES-NI, until we sort out execstack (#1045699).
 2014-01-02 17:08:52 -05:00
Nalin Dahyabhai
911b9e932d Add the buildrequires: for AES-NI support 
- add yasm as a build requirement for AES-NI support, on arches that have
  yasm and AES-NI
 2013-12-19 13:07:54 -05:00
Nalin Dahyabhai
e1cb527238 Pull in fix to improve SPNEGO error messages 
- pull in fix from master to make reporting of errors encountered by the
  SPNEGO mechanism work better (RT#7045, part of #1043962)
 2013-12-19 11:52:30 -05:00
Nalin Dahyabhai
45d93c6d1c Enable pyrad-based tests 
- update a test wrapper to properly handle things that the new libkrad does,
  and add python-pyrad as a build requirement so that we can run its tests
 2013-12-19 11:17:28 -05:00
Nalin Dahyabhai
9f2cb9776b For completeness, also initialize an unused field 2013-12-18 18:01:30 -05:00
Nalin Dahyabhai
82c5b9f9b2 Backport fixes for krb5_copy_context 
- backport fixes to krb5_copy_context (RT#7807, #1044735/#1044739)
 2013-12-18 17:38:54 -05:00
Nalin Dahyabhai
2550a37b4f Pull in a fix for a mem leak from master (RT#7805) 
- pull in fix from master to avoid a memory leak in a couple of error
  cases which could occur while obtaining acceptor credentials (RT#7805, part
  of #1043962)
 2013-12-18 14:33:23 -05:00
Nalin Dahyabhai
460d74d224 Pull in a fix for a mem leak from master (RT#7803) 
- pull in fix from master to avoid a memory leak when a mechanism's
  init_sec_context function fails (RT#7803, part of #1043962)
 2013-12-18 14:23:21 -05:00
Nalin Dahyabhai
39888b7c42 Pick up another interop fix from master (RT#7797) 
- pull in fix from master to ignore an empty token from an acceptor if
  we've already finished authenticating (RT#7797, part of #1043962)
 2013-12-18 14:22:24 -05:00
Nalin Dahyabhai
735b73ebbb Pick up an interop fix from master (RT#7794) 
- pull in fix from master to return a NULL pointer rather than allocating
  zero bytes of memory if we read a zero-length input token (RT#7794, part of
  #1043962)
 2013-12-18 14:20:57 -05:00
Nalin Dahyabhai
3a1e355f38 Update to 1.12 final 2013-12-11 10:52:40 -05:00
Nalin Dahyabhai
93ae18a6c5 Whoops, grab the beta 2 PDFs 2013-12-02 11:58:32 -05:00
Nalin Dahyabhai
f002059e62 Update to 1.12 beta2 
- drop obsolete backports for storing KDC time offsets and expiration times
  in keyring credential caches
 2013-12-02 11:47:40 -05:00
Nalin Dahyabhai
88c0c528bd Update to 1.12 beta 2013-11-19 18:08:43 -05:00
Nalin Dahyabhai
3c08a1616e BuildRequire: pkgconfig and package pkgconfig data 2013-11-19 17:40:02 -05:00