Robbie Harwood (frozencemetery)
b81fddfea1
Patch CVE-2015-2698
2015-11-04 20:26:21 +00:00
Robbie Harwood (frozencemetery)
def8c582bb
Patch CVE-2015-2697, CVE-2015-2696, CVE-2015-2695
2015-10-27 17:31:54 +00:00
Robbie Harwood (frozencemetery)
255e769785
Ensure pwsize is initialized in chpass_util.c
2015-10-22 18:30:26 +00:00
Robbie Harwood (frozencemetery)
5eb94ecfab
Fix typo of crypto-policies file in previous version
2015-10-22 15:14:45 +00:00
Robbie Harwood (frozencemetery)
9baef8fa8f
Start using crypto-policies
2015-10-19 23:01:44 +00:00
Robbie Harwood (frozencemetery)
582b087130
TEMPORARILY disable usage of OFD locks as a workaround for x86
2015-10-19 17:38:34 +00:00
Robbie Harwood (frozencemetery)
98128c4038
New upstream beta version
2015-10-15 20:51:57 +00:00
Robbie Harwood (frozencemetery)
4529758a74
Work around KDC client prinicipal in referrals issue
...
Resolves: rhbz#1259844
2015-10-08 19:24:20 +00:00
Robbie Harwood (frozencemetery)
a89bdde4da
Revert "New upstream version: krb5-1.14-alpha1"
...
This reverts commit 1138991893
.
2015-10-01 18:33:34 +00:00
Robbie Harwood
5ccfdd171d
Bring back krb5.conf.d and allow building with bad krb5.conf
2015-09-29 14:47:06 -04:00
Robbie Harwood (frozencemetery)
1138991893
New upstream version: krb5-1.14-alpha1
...
Drop patches that have since been applied. Create new patches as
needed.
2015-09-24 17:57:53 +00:00
Robbie Harwood (frozencemetery)
a328acab1b
Drop dependency on pax&ksh and remove support for fedora < 20
2015-09-23 18:42:40 +00:00
Robbie Harwood (frozencemetery)
a9af3c8817
Nix /usr/share/krb5.conf.d to reduce complexity
2015-09-23 15:11:53 +00:00
Robbie Harwood (frozencemetery)
65ce267be1
Depend on crypto-policies which provides /etc/krb5.conf.d
...
Resolves: rhbz#1225792
2015-09-23 14:02:37 +00:00
Robbie Harwood (frozencemetery)
5ec8cb89e0
Miscalaneous spec fixes.
...
Remove dependency on systemd-sysv which is no longer needed for fedora
> 20. Other fixes as needed to resolve a fail-to-build issue.
2015-09-11 17:02:31 +00:00
Robbie Harwood (frozencemetery)
2e058adfc5
Bump minor release
2015-09-10 19:55:53 +00:00
Robbie Harwood (frozencemetery)
6cb6b69409
Support config snippets in /etc/krb5.conf.d/ and /usr/share/krb5.conf.d/
...
Resolves: rhbz#1225792, rhbz#1146370, rhbz#1145808
2015-09-10 19:45:12 +00:00
Roland Mainz
580aefb618
* Thu Jun 25 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-6
...
- Use system nss_wrapper and socket_wrapper for testing.
Patch by Andreas Schneider <asn@redhat.com>
2015-06-26 02:47:13 +02:00
Roland Mainz
d4aa04d87c
* Thu Jun 25 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-5
...
- Remove Zanata test glue and related workarounds
- Bug #1234292 ("IPA server cannot be run in container due to incorrect /usr/sbin/_kadmind")
- Bug #1234326 ("krb5-server introduces new rpm dependency on ksh")
2015-06-25 14:23:31 +02:00
Roland Mainz
168ec0c9e7
* Thu Jun 18 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-4
...
- Fix dependicy on binfmt.service
2015-06-19 18:22:15 +02:00
Dennis Gilmore
57f951a0e2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
2015-06-17 13:38:13 +00:00
Roland Mainz
7029c6670c
* Tue Jun 2 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-2
...
- Add patch to fix Redhat Bug #1227542 ("[SELinux] AVC denials may appear
when kadmind starts"). The issue was caused by an unneeded |htons()|
which triggered SELinux AVC denials due to the "random" port usage.
2015-06-03 02:57:20 +02:00
Roland Mainz
8c2cea93bb
* Thu May 21 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-1
...
- Add fix for RedHat Bug #1164304 ("Upstream unit tests loads
the installed shared libraries instead the ones from the build")
2015-05-22 16:28:26 +02:00
Roland Mainz
3ae7a21305
* Thu May 14 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-0
...
- Update to krb5-1.13.2
- drop patch for krb5-1.13.2-CVE_2015_2694_requires_preauth_bypass_in_PKINIT_enabled_KDC, fixed in krb5-1.13.2
- drop patch for krb5-1.12.1-CVE_2014_5355_fix_krb5_read_message_handling, fixed in krb5-1.13.2
- Add script processing for upcoming Zanata l10n support
- Minor spec cleanup
2015-05-15 01:02:21 +02:00
Roland Mainz
1171aa60d0
* Mon May 4 2015 Roland Mainz <rmainz@redhat.com> - 1.13.1-4
...
- fix for CVE-2015-2694 (#1216133 ) "requires_preauth bypass
in PKINIT-enabled KDC".
In MIT krb5 1.12 and later, when the KDC is configured with
PKINIT support, an unauthenticated remote attacker can
bypass the requires_preauth flag on a client principal and
obtain a ciphertext encrypted in the principal's long-term
key. This ciphertext could be used to conduct an off-line
dictionary attack against the user's password.
resolves : #1216134
2015-05-06 01:15:00 +02:00
Roland Mainz
14a63ce373
* Wed Mar 25 2015 Roland Mainz <rmainz@redhat.com> - 1.13.1-3
...
- Add temporay workaround for RH bug #1204646 ("krb5-config
returns wrong -specs path") which modifies krb5-config post
build so that development of krb5 dependicies gets unstuck.
This MUST be removed before rawhide becomes F23 ...
2015-03-25 16:06:10 +01:00
Roland Mainz
1984e0ee1d
* Thu Mar 19 2015 Roland Mainz <rmainz@redhat.com> - 1.13.1-2
...
- fix for CVE-2014-5355 (#1193939 ) "krb5: unauthenticated
denial of service in recvauth_common() and others"
2015-03-20 13:24:47 +01:00
Roland Mainz
54e60b1162
* Thu Mar 19 2015 Roland Mainz <rmainz@redhat.com> - 1.13.1-2
...
- fix for CVE-2014-5355 (#1193939 ) "krb5: unauthenticated
denial of service in recvauth_common() and others"
2015-03-20 13:23:20 +01:00
Roland Mainz
03981c354e
* Fri Feb 13 2015 Roland Mainz <rmainz@redhat.com> - 1.13.1-1
...
- Update to krb5-1.13.1
- drop patch for CVE_2014_5353_fix_LDAP_misused_policy_name_crash, fixed in krb5-1.13.1
- drop patch for kinit -C loops (MIT/krb5 bug #243 ), fixed in krb5-1.13.1
- drop patch for CVEs { 2014-9421, 2014-9422, 2014-9423, 2014-5352 }, fixed in krb5-1.13.1
- Minor spec cleanup
2015-02-13 17:35:10 +01:00
Roland Mainz
c74e97faa9
* Wed Feb 4 2015 Roland Mainz <rmainz@redhat.com> - 1.13-8
...
- fix for CVE-2014-5352 (#1179856 ) "gss_process_context_token()
incorrectly frees context (MITKRB5-SA-2015-001)"
- fix for CVE-2014-9421 (#1179857 ) "kadmind doubly frees partial
deserialization results (MITKRB5-SA-2015-001)"
- fix for CVE-2014-9422 (#1179861 ) "kadmind incorrectly
validates server principal name (MITKRB5-SA-2015-001)"
- fix for CVE-2014-9423 (#1179863 ) "libgssrpc server applications
leak uninitialized bytes (MITKRB5-SA-2015-001)"
2015-02-04 12:02:36 +01:00
Roland Mainz
aad351ad29
* Wed Feb 4 2015 Roland Mainz <rmainz@redhat.com> - 1.13-7
...
- Remove "python-sphinx-latex" and "tar" from the build requirements
to fix build failures on F22 machines.
- Minor spec cleanup
2015-02-04 11:47:44 +01:00
Nathaniel McCallum
7188a346bd
Support KDC_ERR_MORE_PREAUTH_DATA_REQUIRED (RT#8063)
2015-02-03 17:48:30 +01:00
Roland Mainz
fb520967f9
* Mon Jan 26 2015 Roland Mainz <rmainz@redhat.com> - 1.13-5
...
- fix for kinit -C loops (#1184629 , MIT/krb5 issue 243, "Do not
loop on principal unknown errors").
- Added "python-sphinx-latex" to the build requirements
to fix build failures on F22 machines.
2015-01-26 18:38:55 +01:00
Roland Mainz
6baee3e656
* Thu Dec 19 2014 Roland Mainz <rmainz@redhat.com> - 1.13-4
...
- fix for CVE-2014-5354 (#1174546 ) "krb5: NULL pointer
dereference when using keyless entries"
2014-12-18 17:57:19 +01:00
Roland Mainz
8545575f69
* Wed Dec 17 2014 Roland Mainz <rmainz@redhat.com> - 1.13-3
...
- fix for CVE-2014-5353 (#1174543 ) "Fix LDAP misused policy
name crash"
2014-12-17 12:06:33 +01:00
Roland Mainz
a54d1f9ac9
* Wed Oct 29 2014 Roland Mainz <rmainz@redhat.com> - 1.13-0
...
- Bump 1%%{?dist} to 2%%{?dist} to workaround RPM sort issue
which would lead yum updates to treat the last alpha as newer
than the final version.
2014-10-29 22:25:13 +01:00
Roland Mainz
eca7fd3d15
* Wed Oct 29 2014 Roland Mainz <rmainz@redhat.com> - 1.13-0
...
- Update from krb5-1.13-alpha1 to final krb5-1.13
- Removed patch for CVE-2014-5351 (#1145425 ) "krb5: current
keys returned when randomizing the keys for a service principal" -
now part of upstream sources
- Use patch for glibc |eventfd()| prototype mismatch (#1147887 ) only
for Fedora > 20
2014-10-29 21:55:10 +01:00
Roland Mainz
210ae0a2c1
* Tue Sep 30 2014 Roland Mainz <rmainz@redhat.com> - 1.13-0.alpha1.3
...
- fix build failure caused by change of prototype for glibc
|eventfd()| (#1147887 )
2014-09-30 12:19:07 +02:00
Roland Mainz
c5c716d7e4
- fix for CVE-2014-5351 ( #1145425 ) "krb5: current keys returned when
...
randomizing the keys for a service principal" (fix rpm spec file)
2014-09-29 23:04:48 +02:00
Nalin Dahyabhai
67988a74d0
Keep the license from being a dangling symlink
...
Processing of %license puts the named file in a directory other than the
docs directory, and doesn't rewrite relative symlinks to be correct. So
we can't use a symlink to one of them as the license.
2014-09-08 18:57:52 -04:00
Nalin Dahyabhai
56cd96f9bd
Remove the -S flag from kprop.service
...
- kpropd hasn't bothered with -S since 1.11; stop trying to use that
flag in the systemd unit file and change its type from "forking" to
"simple"
2014-08-28 14:05:37 -04:00
Nalin Dahyabhai
8563ebea46
Updating to 1.13 alpha1
2014-08-22 16:14:20 -04:00
Nalin Dahyabhai
c48fd0f0bc
Pull in upstream fix for an mischecked strdup()
...
- pull in upstream fix for an incorrect check on the value returned by a
strdup() call (#1132062 )
2014-08-20 17:36:44 -04:00
Peter Robinson
9c7c7781c4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
2014-08-17 00:48:14 +00:00
Nalin Dahyabhai
4f7f51121b
drop patch for CVE-2014-4345, included in 1.12.2
2014-08-15 15:04:26 -04:00
Nalin Dahyabhai
7880fca0ad
drop patch for CVE-2014-4344, included in 1.12.2
2014-08-15 15:02:04 -04:00
Nalin Dahyabhai
b234a3d334
drop patch for CVE-2014-4343, included in 1.12.2
2014-08-15 15:01:01 -04:00
Nalin Dahyabhai
56235f0463
drop patches for CVE-2014-4341/CVE-2014-4342, included in 1.12.2
2014-08-15 14:59:36 -04:00
Nalin Dahyabhai
2184fad363
drop patch for RT#7926, fixed in 1.12.2
2014-08-15 14:56:39 -04:00
Nalin Dahyabhai
7041f914bd
drop patch for RT#7924, fixed in 1.12.2
2014-08-15 14:52:23 -04:00