Nalin Dahyabhai
007e77a2b3
Drop obsolete patch
2014-01-17 10:17:19 -05:00
Nalin Dahyabhai
6a8573e3af
Drop obsolete patch
2014-01-17 10:08:58 -05:00
Nalin Dahyabhai
0b6ebaab00
Drop obsolete patch
2014-01-17 09:59:39 -05:00
Nalin Dahyabhai
6265fcabf5
Drop obsolete patch
2014-01-17 09:58:40 -05:00
Nalin Dahyabhai
aef7c262b1
Update the textrel patch for x86
...
- update the PIC patch for iaesx86.s to not use ELF relocations
(RT#7815, #1045699 ) to the version that landed upstream
2014-01-13 11:41:47 -05:00
Nalin Dahyabhai
8fe7e82068
Note why we started saving ebx
2014-01-09 13:20:22 -05:00
Nalin Dahyabhai
6e03c5ada1
Link shared libs using -Wl,--warn-shared-textrel
...
- pass -Wl,--warn-shared-textrel to the compiler when we're creating shared
libraries
2014-01-09 13:13:30 -05:00
Nalin Dahyabhai
5de1fa728f
bump release for a new build
2014-01-09 11:03:45 -05:00
Nalin Dahyabhai
8a1df153c6
Save/restore ebx in functions where we modify it
...
- amend the PIC patch for iaesx86.s to also save/restore ebx in the
functions where we modify it
2014-01-09 11:02:26 -05:00
Nalin Dahyabhai
75edc7c7ca
Try to remove execmod from 32-bit AES-NI k5crypto
...
- make a guess at making the 32-bit AES-NI implementation sufficiently
position-independent to not require execmod permissions for libk5crypto
(more of #1045699 )
2014-01-06 18:53:03 -05:00
Nalin Dahyabhai
05c4140d32
Switch to as-committed version
...
- grab a more-commented version of the most recent patch from upstream
master
2014-01-06 15:58:20 -05:00
Nalin Dahyabhai
480b9efaa3
Add Dhiru Kholia's patch to restore noexecstack
...
- add patch from Dhiru Kholia for the AES-NI implementations to allow
libk5crypto to be properly marked as not needing an executable stack
on arches where they're used (#1045699 , and so many others)
2014-01-02 23:46:42 -05:00
Nalin Dahyabhai
13df2d5386
Remove the BuildRequires: on yasm for now
...
Go back to not using AES-NI, until we sort out execstack (#1045699 ).
2014-01-02 17:08:52 -05:00
Nalin Dahyabhai
911b9e932d
Add the buildrequires: for AES-NI support
...
- add yasm as a build requirement for AES-NI support, on arches that have
yasm and AES-NI
2013-12-19 13:07:54 -05:00
Nalin Dahyabhai
e1cb527238
Pull in fix to improve SPNEGO error messages
...
- pull in fix from master to make reporting of errors encountered by the
SPNEGO mechanism work better (RT#7045, part of #1043962 )
2013-12-19 11:52:30 -05:00
Nalin Dahyabhai
45d93c6d1c
Enable pyrad-based tests
...
- update a test wrapper to properly handle things that the new libkrad does,
and add python-pyrad as a build requirement so that we can run its tests
2013-12-19 11:17:28 -05:00
Nalin Dahyabhai
9f2cb9776b
For completeness, also initialize an unused field
2013-12-18 18:01:30 -05:00
Nalin Dahyabhai
82c5b9f9b2
Backport fixes for krb5_copy_context
...
- backport fixes to krb5_copy_context (RT#7807, #1044735/#1044739)
2013-12-18 17:38:54 -05:00
Nalin Dahyabhai
2550a37b4f
Pull in a fix for a mem leak from master (RT#7805)
...
- pull in fix from master to avoid a memory leak in a couple of error
cases which could occur while obtaining acceptor credentials (RT#7805, part
of #1043962 )
2013-12-18 14:33:23 -05:00
Nalin Dahyabhai
460d74d224
Pull in a fix for a mem leak from master (RT#7803)
...
- pull in fix from master to avoid a memory leak when a mechanism's
init_sec_context function fails (RT#7803, part of #1043962 )
2013-12-18 14:23:21 -05:00
Nalin Dahyabhai
39888b7c42
Pick up another interop fix from master (RT#7797)
...
- pull in fix from master to ignore an empty token from an acceptor if
we've already finished authenticating (RT#7797, part of #1043962 )
2013-12-18 14:22:24 -05:00
Nalin Dahyabhai
735b73ebbb
Pick up an interop fix from master (RT#7794)
...
- pull in fix from master to return a NULL pointer rather than allocating
zero bytes of memory if we read a zero-length input token (RT#7794, part of
#1043962 )
2013-12-18 14:20:57 -05:00
Nalin Dahyabhai
3a1e355f38
Update to 1.12 final
2013-12-11 10:52:40 -05:00
Nalin Dahyabhai
93ae18a6c5
Whoops, grab the beta 2 PDFs
2013-12-02 11:58:32 -05:00
Nalin Dahyabhai
f002059e62
Update to 1.12 beta2
...
- drop obsolete backports for storing KDC time offsets and expiration times
in keyring credential caches
2013-12-02 11:47:40 -05:00
Nalin Dahyabhai
88c0c528bd
Update to 1.12 beta
2013-11-19 18:08:43 -05:00
Nalin Dahyabhai
3c08a1616e
BuildRequire: pkgconfig and package pkgconfig data
2013-11-19 17:40:02 -05:00
Nalin Dahyabhai
f8f559ef32
Drop backports for RT#7656 and RT#7657
2013-11-19 17:39:59 -05:00
Nalin Dahyabhai
447ee6c9e6
Update for 1.12's removal of krb5_xfree()
2013-11-19 17:38:54 -05:00
Nalin Dahyabhai
f619caa9c9
Drop OTP backport
2013-11-19 17:38:54 -05:00
Nalin Dahyabhai
7448cea67e
Untweak for 1.11.3
2013-11-19 17:38:54 -05:00
Nalin Dahyabhai
00cf6df3e6
Drop backport for RT#7590 and partial for RT#7680
2013-11-19 17:38:54 -05:00
Nalin Dahyabhai
19bc209a19
Drop backport for RT#7709
2013-11-19 17:38:54 -05:00
Nalin Dahyabhai
13b2f96a29
Drop backports for RT#7682
2013-11-19 17:38:46 -05:00
Nalin Dahyabhai
0b296b8b04
Drop obsolete patches to skip GSSRPC-over-UDP test
...
- drop patches from master to not test GSSRPC-over-UDP and to not
depend on the portmapper, which are areas where our build systems
often give us trouble, too; obsolete
2013-11-19 17:32:19 -05:00
Nalin Dahyabhai
25fe69d885
Drop backport for RT#7643
2013-11-19 17:32:19 -05:00
Nalin Dahyabhai
a2e5f1f872
Drop backport for RT#7642
2013-11-19 17:32:19 -05:00
Nalin Dahyabhai
9e1d45535e
Drop backport for RT#7172
2013-11-19 17:32:19 -05:00
Nalin Dahyabhai
bd8c46afd2
Drop backport for RT#7598
2013-11-19 17:32:19 -05:00
Nalin Dahyabhai
286168174b
Drop patch to teach config.* about aarch64-linux
2013-11-19 17:32:19 -05:00
Nalin Dahyabhai
11656c4fe0
Drop obsolete patch fixing a test use-before-init
2013-11-19 17:32:19 -05:00
Nalin Dahyabhai
9c8c2d53ba
Update for 1.12
2013-11-19 17:32:19 -05:00
Nalin Dahyabhai
d2ea586766
Update for 1.12
2013-11-19 17:32:19 -05:00
Nalin Dahyabhai
f618776e18
Update for 1.12
2013-11-19 17:32:18 -05:00
Nalin Dahyabhai
d175d043f1
Update for 1.12
2013-11-19 17:32:18 -05:00
Nalin Dahyabhai
daca172770
Update patch for 1.12
2013-11-19 17:32:18 -05:00
Nalin Dahyabhai
15dceb5da6
Drop backport for RT#7689
2013-11-19 17:32:18 -05:00
Nalin Dahyabhai
b1f558a0f5
Drop backported patch
2013-11-19 17:32:18 -05:00
Nalin Dahyabhai
8a39d5ff72
Start rebasing to 1.12 alpha1
2013-11-19 17:32:18 -05:00
Nalin Dahyabhai
a77ee55771
Pull in keyring expiration from RT#7769
...
- pull in fix to set expiration times on keyrings used for storing keyring
credential caches (RT#7769, #1031724 )
2013-11-18 18:02:20 -05:00
Nalin Dahyabhai
81715b1776
Pull in keyring offset storage from RT#7768
...
- pull in fix to store KDC time offsets in keyring credential caches
(RT#7768, #1030607 )
2013-11-18 17:14:07 -05:00
Nalin Dahyabhai
dee7ae00a4
Note where CVE-2013-6800 was fixed
...
CVE-2013-6800 appears to be fixed by the same patch that fixes
CVE-2013-1418, so mention the first in changelog entries that refer to
the second.
2013-11-18 16:24:33 -05:00
Nalin Dahyabhai
cac86c9df2
Bump the release to 1
2013-11-12 16:32:02 -05:00
Nalin Dahyabhai
8f876bbbeb
Drop patch for CVE-2013-1418, included in 1.11.4
2013-11-12 16:25:26 -05:00
Nalin Dahyabhai
1f02b0bc49
Drop patch for RT#7706, obsoleted as RT#7723
2013-11-12 16:23:38 -05:00
Nalin Dahyabhai
0c6ad14521
Drop patch for RT#7650, included in 1.11.4
2013-11-12 16:20:49 -05:00
Nalin Dahyabhai
2b359c527a
Start updating to 1.11.4
2013-11-12 16:20:31 -05:00
Nalin Dahyabhai
b3399eb8fb
Switch to the upstream patch for #1029110
...
Switch to the simplified version of the patch for #1029110 that ended up
being committed upstream (RT#7764).
2013-11-12 13:20:50 -05:00
Nalin Dahyabhai
11d14a1e7c
Fix a typo in a changelog entry
2013-11-11 14:34:29 -05:00
Nalin Dahyabhai
49c8edfa6b
Catch more strtol() failures when using KEYRINGs
...
- check more thorougly for errors when resolving KEYRING ccache names of type
"persistent", which should only have a numeric UID as the next part of the
name (#1029110 )
2013-11-11 14:11:29 -05:00
Nalin Dahyabhai
bfdc4351bf
Point to the RT for the patch for the right branch
2013-11-05 13:43:32 -05:00
Nalin Dahyabhai
a244d8f93c
Incorporate patch for RT#7755 (CVE-2013-1418)
...
- incorporate upstream patch for remote crash of KDCs which serve multiple
realms simultaneously (RT#7755, CVE-2013-1418)
2013-11-04 16:11:59 -05:00
Nalin Dahyabhai
a00c810e4e
Drop call-access()-more patch for ksu
...
- drop patch to add additional access() checks to ksu - they add to breakage
when non-FILE: caches are in use (#1026099 ), shouldn't be resulting in any
benefit, and clash with proposed changes to fix its cache handling
2013-11-04 10:26:41 -05:00
Nalin Dahyabhai
433fcb1772
Expand on comments in the daemon wrapper scripts
...
- add some minimal description to the top of the wrapper scripts we use
when starting krb5kdc and kadmind to describe why they exist (tooling)
2013-10-22 17:48:49 -04:00
Nalin Dahyabhai
31e8e33c43
Create and own /etc/gss ( #1019937 )
2013-10-16 18:12:24 -04:00
Nalin Dahyabhai
16e749771f
Pull up fix for reimporting ccaches in gssapi
...
- pull up fix for importing previously-exported credential caches in the
gssapi library (RT# 7706, #1019420 )
2013-10-15 14:40:24 -04:00
Nalin Dahyabhai
84fe7d69da
Finish fixing the don't-call-NULL-prompters bug
...
- extract the rest of the fix #965721/#1016690 from the changes for RT#7680
2013-10-14 14:07:56 -04:00
Nalin Dahyabhai
822059250e
Use the prompter callback for PEM files
...
- backport the callback to use the libkrb5 prompter when we can't load
PEM files for PKINIT (RT#7590, includes part of #965721/#1016690)
2013-10-14 14:07:19 -04:00
Nalin Dahyabhai
37f8b28f7d
fix trigger's invocation of sed ( #1016945 )
...
- fix trigger scriptlet's invocation of sed (#1016945 )
2013-10-14 12:42:56 -04:00
Nalin Dahyabhai
52b6b401df
- rebuild with keyutils 1.5.8 (part of #1012043 )
...
Rebuild against a keyutils which tags the new symbols we're using with a
newer symbol version, so that RPM can tell the difference between
versions of the package which contain a shared library that doesn't
include them and versions of the package which contain a shared library
which does.
2013-10-04 09:47:38 -04:00
Nalin Dahyabhai
494e7adbb0
Updated persistent-keyring changes, set as default
...
- switch to the version of persistent-keyring that was just merged to
master (RT#7711), along with related changes to kinit (RT#7689)
- go back to setting default_ccache_name to a KEYRING type
2013-10-02 14:46:20 -04:00
Nalin Dahyabhai
682dc07d28
pull up fix to call kdb check-transited-path first
...
- pull up fix for not calling a kdb plugin's check-transited-path
method before calling the library's default version, which only knows
how to read what's in the configuration file (RT#7709, #1013664 )
2013-09-30 11:26:50 -04:00
Nalin Dahyabhai
43d2548f26
configure --without-krb5-config
...
- configure --without-krb5-config so that we don't pull in the old default
ccache name when we want to stop setting a default ccache name at configure-
time
2013-09-26 14:38:01 -04:00
Nalin Dahyabhai
e43f75f274
- fix broken dependency on awk (rdieter)
...
- fix broken dependency on awk (should be gawk, rdieter)
2013-09-25 12:34:03 -04:00
Nalin Dahyabhai
a375099fe1
add missing dependency on newer keyutils-libs
...
- add missing dependency on newer keyutils-libs (#1012034 )
2013-09-25 11:26:19 -04:00
Nalin Dahyabhai
3bc9a0ec21
Back to DIR: caches by default, for now
...
- back out setting default_ccache_name to the new default for now, resetting
it to the old default while the kernel/keyutils bits get sorted (sgallagh)
2013-09-24 17:10:48 -04:00
Nalin Dahyabhai
ee7be3f07f
buildrequire the newest keyutils
...
- add explicit build-time dependency on a version of keyutils that's new
enough to include keyctl_get_persistent() (more of #991148 )
2013-09-23 13:32:21 -04:00
Nalin Dahyabhai
df24e0aeda
pull in an updated persistent_keyring.patch
...
- incorporate Simo's updated backport of his updated persistent-keyring
changes (more of #991148 )
2013-09-19 16:29:52 -04:00
Nalin Dahyabhai
00da3519ec
Don't break during %%check with revoked keyrings
...
If the session keyring is revoked, we'll to walk the ccache collections.
Work around that so that we don't have to go and disable more tests.
2013-09-13 18:21:09 -04:00
Nalin Dahyabhai
21b73fcc00
pull the newer F21 defaults back to F20 (sgallagh)
2013-09-13 09:13:37 -04:00
Nalin Dahyabhai
5128324677
Only create /run/user/0 on releases where we use it
...
- only apply the patch to autocreate /run/user/0 when we're hard-wiring the
default ccache location to be under it; otherwise it's unnecessary
2013-09-09 13:15:18 -04:00
Nalin Dahyabhai
b81045ccea
Don't pass a "script" to ldconfig
...
- don't let comments intended for one scriptlet become part of the "script"
that gets passed to ldconfig as part of another one (Mattias Ellert, #1005675 )
2013-09-09 09:43:05 -04:00
Nalin Dahyabhai
4404e63e31
Conditional triggerun to set default_ccache_name
...
- on releases where we expect krb5.conf to be configured with a
default_ccache_name, add it whenever we upgrade from an older version of
the package that wouldn't have included it in its default configuration
file (#991148 )
2013-09-06 17:32:20 -04:00
Nalin Dahyabhai
16afa92610
Set the default ccname via config, not at build
...
- restore build-time default DEFCCNAME on Fedora 21 and later and EL, and
instead set it in the default krb5.conf's [libdefaults] section (#991148 )
2013-09-06 16:05:14 -04:00
Nalin Dahyabhai
b0c672125e
- restore build-time default DEFCCNAME on F21, EL
...
- restore build-time default DEFCCNAME on Fedora 21 and later and EL (#991148 )
2013-09-06 14:13:31 -04:00
Nalin Dahyabhai
bf2b6cb4e7
- incorporate backported persistent-keyring (Simo)
...
- incorporate Simo's backport of his persistent-keyring changes (#991148 )
2013-09-06 14:12:24 -04:00
Nalin Dahyabhai
e6591a5194
ship an nss_wrappers snapshot, not a git repo
...
- switch to just the snapshot of nss_wrapper we were using, since we
no longer need to carry anything that isn't in the cwrap.org repository
(ssorce)
2013-08-23 14:21:20 -04:00
Nalin Dahyabhai
c3f5bd1fb8
UnversionedDocdirs, take two
...
- take another stab at accounting for UnversionedDocdirs for the -libs
subpackage (spotted by ssorce)
2013-08-23 14:08:59 -04:00
Nalin Dahyabhai
6c46043c16
Do the horrible hostname check _before_ faking it
2013-08-15 01:50:42 -04:00
Nalin Dahyabhai
ee18500d9b
Fix error detection when starting kpropd/kadmind
...
- drop a patch we're not applying
- wrap kadmind and kpropd in scripts which check for the presence/absence
of files which dictate particular exit codes before exec'ing the actual
binaries, instead of trying to use ConditionPathExists in the unit files
to accomplish that, so that we exit with failure properly when what we
expect isn't actually in effect on the system (#800343 )
2013-08-15 00:10:24 -04:00
Nalin Dahyabhai
272aaeef17
Assume 32 when __isa_bits isn't defined
2013-07-29 17:47:21 -04:00
Nalin Dahyabhai
d6a5b8b7d7
fixup for UnversionedDocdirs
...
- attempt to account for UnversionedDocdirs for the -libs subpackage
2013-07-29 17:00:25 -04:00
Nalin Dahyabhai
4c8469c258
tweak configs used by tests
...
- tweak configuration files used during tests to try to reduce the number
of conflicts encountered when builds for multiple arches land on the same
builder
2013-07-26 18:47:03 -04:00
Nalin Dahyabhai
66d9928651
Backport from RT#7682
...
- pull up changes to allow GSSAPI modules to provide more functions (RT#7682, #986564/#986565)
2013-07-22 14:23:24 -04:00
Nalin Dahyabhai
36dbacb706
Use LD_PRELOAD to be able to run more self-tests
...
Use nss_wrapper (from cwrap.org) to be able to run more of the
self-tests during %%check. Help it along a little bit by being
more emphatic about cutting off access to DNS.
2013-07-19 15:52:31 -04:00
Nalin Dahyabhai
909ac318c3
Use %%{?_isa} when hard-coding deps on krb5-libs
...
- specify dependencies on the same arch of krb5-libs by using the %%{?_isa}
suffix, to avoid dragging 32-bit libraries onto 64-bit systems (#980155 )
2013-07-01 11:48:17 -04:00
Nalin Dahyabhai
d00d276a47
Bring back "Back out the krb5-1.11-run_user_0.patch"
...
This reverts commit 8a5a8d492c
.
Special-case /run/user/0, attempting to create it when resolving a
directory cache below it fails due to ENOENT and we find that it doesn't
already exist, either, before attempting to create the directory cache
(maybe helping, maybe just making things more confusing for #961235 ).
2013-06-13 13:23:54 -04:00
Nalin Dahyabhai
7b66f600ef
update to 1.11.3
...
- update to 1.11.3
- drop patch for RT#7605, fixed in this release
- drop patch for CVE-2002-2443, fixed in this release
- drop patch for RT#7369, fixed in this release
- pull upstream fix for breaking t_skew.py by adding the patch for #961221
2013-06-04 11:13:25 -04:00
Nalin Dahyabhai
ff0ee94342
Respin with updated version of patch for RT#7650
...
Respin with updated version of patch for RT#7650, and don't forget to
keep track of the bug ID (#969331 ).
2013-05-31 14:29:57 -04:00
Nalin Dahyabhai
8a5a8d492c
Back out the krb5-1.11-run_user_0.patch
...
It's not a complete fix, and it may only muddy things further on systems
that are having the kind of trouble it's trying to avoid, so hold off.
For now, at least.
2013-05-30 15:10:35 -04:00