rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity
858 Commits 9 Branches 46 Tags 7.8 MiB
db300d8761
Commit Graph

858 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Robbie Harwood
db300d8761 Fix setting of AS key in OTP preauth failure 2016-05-27 21:19:24 +00:00
Robbie Harwood
0429334fa0 Use the correct patches this time. 
Resolves: #1321135
 2016-04-05 20:14:05 +00:00
Robbie Harwood
2f3f20f718 Add send/receive sendto_kdc hooks and corresponding tests 
Resolves: #1321135
 2016-04-04 18:38:02 +00:00
Robbie Harwood
f0b5fc56f2 Fix CVE-2016-3119 (NULL deref in LDAP module) 2016-03-18 21:02:15 +00:00
Robbie Harwood
7b4e88e425 Backport OID mech fix 
Resolves: #1317609
 2016-03-17 17:17:30 +00:00
Robbie Harwood
f1cb770b53 New rawhide, new upstream version 
- Drop CVE patches
- Rename fix_interposer.patch to acquire_cred_interposer.patch
- Update acquire_cred_interposer.patch to apply to new source
 2016-02-29 23:45:38 +00:00
Robbie Harwood
8bddc884ac Fix log file permissions patch with our selinux 
Resolves: #1309421
 2016-02-22 22:06:57 +00:00
Robbie Harwood
96d71f74f7 Backport my interposer fixes from upstream 
Supersedes krb5-mechglue_inqure_attrs.patch
 2016-02-19 20:11:26 +00:00
Robbie Harwood
5d016a51a3 Clean up bad merge 2016-02-16 17:08:51 +00:00
Robbie Harwood
9707484326 Adjust dependency on crypto-polices to be just the file we want 
Patch courtesy of lslebodn.

Resolves: #1308984
 2016-02-16 17:07:34 +00:00
Dennis Gilmore
04850893e4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild 2016-02-04 02:24:34 +00:00
Robbie Harwood
f525729cee Replace _kadmin/_kprop with systemd macros 
Remove traces of upstart from fedora package per policy

Resolves: #1290185
 2016-01-28 19:44:10 +00:00
Robbie Harwood
c52f5baf4b Fix CVE-2015-8629, CVE-2015-8630, CVE-2015-8631 2016-01-27 23:17:07 +00:00
Robbie Harwood
93772ec156 Make krb5kdc.log not world-readable by default 
Resolves: #1276484
 2016-01-21 19:05:45 +00:00
Robbie Harwood
892fe9b7b5 Allow verification of attributes on krb5.conf 2016-01-21 18:05:08 +00:00
Robbie Harwood
ce63dad07e Use "new" systemd macros for service handling. (Thanks vpavlin!) 
Resolves: #850399
 2016-01-20 22:11:00 +00:00
Robbie Harwood
21a49ad7c7 Simplify spec file by removing some dead code paths 
This includes removal of the following macros:
- WITH_NSS (always false)
- WITH_SYSTEMD (always true)
- WITH_LDAP (always true)
- WITH_OPENSSL (always true)
 2016-01-20 21:15:02 +00:00
Robbie Harwood
b653d26d53 Backport fix for chrome crash in spnego_gss_inquire_context 
Resolves: #1295893
 2016-01-08 18:38:57 +00:00
Robbie Harwood
07d6f2cd01 Backport patch to fix mechglue for gss_inqure_attrs_for_mech() 2015-12-17 02:12:51 +00:00
Robbie Harwood (frozencemetery)
1560d2b3cc Backport interposer fix from master 
Drop workaround pwsize initialization patch (gcc has been fixed)

Resolves: rhbz#1284985
 2015-12-03 22:02:09 +00:00
Robbie Harwood (frozencemetery)
bf282deaf1 Fix FTBFS by no longer working around bug in nss_wrapper 2015-11-24 16:39:15 +00:00
Robbie Harwood (frozencemetery)
89ae1a3c67 Upstream release. No actual change from beta, just version bump 
Also clean up unused parts of spec file.
 2015-11-23 22:56:02 +00:00
Robbie Harwood (frozencemetery)
806928902d Release 1.14-beta2 2015-11-16 18:11:20 +00:00
Robbie Harwood (frozencemetery)
b81fddfea1 Patch CVE-2015-2698 2015-11-04 20:26:21 +00:00
Robbie Harwood (frozencemetery)
def8c582bb Patch CVE-2015-2697, CVE-2015-2696, CVE-2015-2695 2015-10-27 17:31:54 +00:00
Robbie Harwood (frozencemetery)
255e769785 Ensure pwsize is initialized in chpass_util.c 2015-10-22 18:30:26 +00:00
Robbie Harwood (frozencemetery)
5eb94ecfab Fix typo of crypto-policies file in previous version 2015-10-22 15:14:45 +00:00
Robbie Harwood (frozencemetery)
9baef8fa8f Start using crypto-policies 2015-10-19 23:01:44 +00:00
Robbie Harwood (frozencemetery)
582b087130 TEMPORARILY disable usage of OFD locks as a workaround for x86 2015-10-19 17:38:34 +00:00
Robbie Harwood (frozencemetery)
98128c4038 New upstream beta version 2015-10-15 20:51:57 +00:00
Robbie Harwood (frozencemetery)
4529758a74 Work around KDC client prinicipal in referrals issue 
Resolves: rhbz#1259844
 2015-10-08 19:24:20 +00:00
Robbie Harwood (frozencemetery)
a89bdde4da Revert "New upstream version: krb5-1.14-alpha1" 
This reverts commit 1138991893.
 2015-10-01 18:33:34 +00:00
Robbie Harwood
5ccfdd171d Bring back krb5.conf.d and allow building with bad krb5.conf 2015-09-29 14:47:06 -04:00
Robbie Harwood (frozencemetery)
1138991893 New upstream version: krb5-1.14-alpha1 
Drop patches that have since been applied.  Create new patches as
needed.
 2015-09-24 17:57:53 +00:00
Robbie Harwood (frozencemetery)
a328acab1b Drop dependency on pax&ksh and remove support for fedora < 20 2015-09-23 18:42:40 +00:00
Robbie Harwood (frozencemetery)
a9af3c8817 Nix /usr/share/krb5.conf.d to reduce complexity 2015-09-23 15:11:53 +00:00
Robbie Harwood (frozencemetery)
65ce267be1 Depend on crypto-policies which provides /etc/krb5.conf.d 
Resolves: rhbz#1225792
 2015-09-23 14:02:37 +00:00
Robbie Harwood (frozencemetery)
5ec8cb89e0 Miscalaneous spec fixes. 
Remove dependency on systemd-sysv which is no longer needed for fedora
> 20.  Other fixes as needed to resolve a fail-to-build issue.
 2015-09-11 17:02:31 +00:00
Robbie Harwood (frozencemetery)
2e058adfc5 Bump minor release 2015-09-10 19:55:53 +00:00
Robbie Harwood (frozencemetery)
6cb6b69409 Support config snippets in /etc/krb5.conf.d/ and /usr/share/krb5.conf.d/ 
Resolves: rhbz#1225792, rhbz#1146370, rhbz#1145808
 2015-09-10 19:45:12 +00:00
Roland Mainz
580aefb618 * Thu Jun 25 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-6 
- Use system nss_wrapper and socket_wrapper for testing.
  Patch by Andreas Schneider <asn@redhat.com>
 2015-06-26 02:47:13 +02:00
Roland Mainz
d4aa04d87c * Thu Jun 25 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-5 
- Remove Zanata test glue and related workarounds
  - Bug #1234292 ("IPA server cannot be run in container due to incorrect /usr/sbin/_kadmind")
  - Bug #1234326 ("krb5-server introduces new rpm dependency on ksh")
 2015-06-25 14:23:31 +02:00
Roland Mainz
168ec0c9e7 * Thu Jun 18 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-4 
- Fix dependicy on binfmt.service
 2015-06-19 18:22:15 +02:00
Dennis Gilmore
57f951a0e2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild 2015-06-17 13:38:13 +00:00
Roland Mainz
7029c6670c * Tue Jun 2 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-2 
- Add patch to fix Redhat Bug #1227542 ("[SELinux] AVC denials may appear
  when kadmind starts"). The issue was caused by an unneeded |htons()|
  which triggered SELinux AVC denials due to the "random" port usage.
 2015-06-03 02:57:20 +02:00
Roland Mainz
8c2cea93bb * Thu May 21 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-1 
- Add fix for RedHat Bug #1164304 ("Upstream unit tests loads
  the installed shared libraries instead the ones from the build")
 2015-05-22 16:28:26 +02:00
Roland Mainz
9997960299 * Thu May 14 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-0 
- Update to krb5-1.13.2
  - drop patch for krb5-1.13.2-CVE_2015_2694_requires_preauth_bypass_in_PKINIT_enabled_KDC, fixed in krb5-1.13.2
  - drop patch for krb5-1.12.1-CVE_2014_5355_fix_krb5_read_message_handling, fixed in krb5-1.13.2
- Add script processing for upcoming Zanata l10n support
- Minor spec cleanup
 2015-05-15 01:03:28 +02:00
Roland Mainz
3ae7a21305 * Thu May 14 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-0 
- Update to krb5-1.13.2
  - drop patch for krb5-1.13.2-CVE_2015_2694_requires_preauth_bypass_in_PKINIT_enabled_KDC, fixed in krb5-1.13.2
  - drop patch for krb5-1.12.1-CVE_2014_5355_fix_krb5_read_message_handling, fixed in krb5-1.13.2
- Add script processing for upcoming Zanata l10n support
- Minor spec cleanup
 2015-05-15 01:02:21 +02:00
Roland Mainz
1171aa60d0 * Mon May 4 2015 Roland Mainz <rmainz@redhat.com> - 1.13.1-4 
- fix for CVE-2015-2694 (#1216133) "requires_preauth bypass
  in PKINIT-enabled KDC".
  In MIT krb5 1.12 and later, when the KDC is configured with
  PKINIT support, an unauthenticated remote attacker can
  bypass the requires_preauth flag on a client principal and
  obtain a ciphertext encrypted in the principal's long-term
  key.  This ciphertext could be used to conduct an off-line
  dictionary attack against the user's password.
resolves: #1216134
 2015-05-06 01:15:00 +02:00
Roland Mainz
14a63ce373 * Wed Mar 25 2015 Roland Mainz <rmainz@redhat.com> - 1.13.1-3 
- Add temporay workaround for RH bug #1204646 ("krb5-config
  returns wrong -specs path") which modifies krb5-config post
  build so that development of krb5 dependicies gets unstuck.
  This MUST be removed before rawhide becomes F23 ...
 2015-03-25 16:06:10 +01:00