Roland Mainz
c5c716d7e4
- fix for CVE-2014-5351 ( #1145425 ) "krb5: current keys returned when
...
randomizing the keys for a service principal" (fix rpm spec file)
2014-09-29 23:04:48 +02:00
Nalin Dahyabhai
67988a74d0
Keep the license from being a dangling symlink
...
Processing of %license puts the named file in a directory other than the
docs directory, and doesn't rewrite relative symlinks to be correct. So
we can't use a symlink to one of them as the license.
2014-09-08 18:57:52 -04:00
Nalin Dahyabhai
56cd96f9bd
Remove the -S flag from kprop.service
...
- kpropd hasn't bothered with -S since 1.11; stop trying to use that
flag in the systemd unit file and change its type from "forking" to
"simple"
2014-08-28 14:05:37 -04:00
Nalin Dahyabhai
8563ebea46
Updating to 1.13 alpha1
2014-08-22 16:14:20 -04:00
Nalin Dahyabhai
c48fd0f0bc
Pull in upstream fix for an mischecked strdup()
...
- pull in upstream fix for an incorrect check on the value returned by a
strdup() call (#1132062 )
2014-08-20 17:36:44 -04:00
Peter Robinson
9c7c7781c4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
2014-08-17 00:48:14 +00:00
Nalin Dahyabhai
4f7f51121b
drop patch for CVE-2014-4345, included in 1.12.2
2014-08-15 15:04:26 -04:00
Nalin Dahyabhai
7880fca0ad
drop patch for CVE-2014-4344, included in 1.12.2
2014-08-15 15:02:04 -04:00
Nalin Dahyabhai
b234a3d334
drop patch for CVE-2014-4343, included in 1.12.2
2014-08-15 15:01:01 -04:00
Nalin Dahyabhai
56235f0463
drop patches for CVE-2014-4341/CVE-2014-4342, included in 1.12.2
2014-08-15 14:59:36 -04:00
Nalin Dahyabhai
2184fad363
drop patch for RT#7926, fixed in 1.12.2
2014-08-15 14:56:39 -04:00
Nalin Dahyabhai
7041f914bd
drop patch for RT#7924, fixed in 1.12.2
2014-08-15 14:52:23 -04:00
Nalin Dahyabhai
0bd95b4771
drop patch for RT#7858, fixed in 1.12.2
2014-08-15 14:50:08 -04:00
Nalin Dahyabhai
d41320b7c1
drop patch for RT#7836, fixed in 1.12.2
2014-08-15 14:37:24 -04:00
Nalin Dahyabhai
1d44a8f927
drop patch for RT#7818, fixed in 1.12.2
2014-08-15 14:35:45 -04:00
Nalin Dahyabhai
f543a683b0
Drop patch for #231147 , fixed in 1.12.2
2014-08-15 14:13:21 -04:00
Nalin Dahyabhai
e5a4698cf5
drop patch for RT#7820, merged in 1.12.2
2014-08-15 14:02:13 -04:00
Nalin Dahyabhai
c042f71c80
Update collection cache patch set for ksu
...
- replace older proposed changes for ksu with backports of the changes
after review and merging upstream (#1015559 , #1026099 , #1118347 )
2014-08-15 14:00:14 -04:00
Nalin Dahyabhai
b324000e34
fix MITKRB5-SA-2014-001 (CVE-2014-4345)
...
- incorporate fix for MITKRB5-SA-2014-001 (CVE-2014-4345)
2014-08-07 19:25:49 -04:00
Nalin Dahyabhai
38595f5338
Add patch for CVE-2014-4344
...
- gssapi: pull in upstream fix for a possible NULL dereference
in spnego (CVE-2014-4344)
2014-07-21 17:51:10 -04:00
Nalin Dahyabhai
24f7f1a446
Update to upstream patch
...
Update to the as-committed version of this patch, which affects the
comments it includes.
2014-07-21 17:19:42 -04:00
Nalin Dahyabhai
9594be4f3a
Add proposed fix for a double-free in gss clients
...
- gssapi: pull in proposed fix for a double free in initiators (David
Woodhouse, #1117963 )
2014-07-16 15:14:38 -04:00
Tom Callaway
79897b3c5d
fix license handling
2014-07-12 18:45:11 -04:00
Nalin Dahyabhai
e2bc024559
Pull in fix for CVE-2014-4341/CVE-2014-4342
...
- pull in fix for denial of service by injection of malformed GSSAPI
tokens (CVE-2014-4341, CVE-2014-4342, #1116181 )
2014-07-07 17:56:12 -04:00
Nalin Dahyabhai
40e2189ede
Backport support for scanning /etc/gss/mech.d/*.conf
...
- pull in changes from upstream which add processing of the contents of
/etc/gss/mech.d/*.conf when loading GSS modules (#1102839 )
2014-06-24 16:47:17 -04:00
Nalin Dahyabhai
47d56d9162
Fix FTBFS #1107061 using a patch from upstream
...
- pull in fix for building against tcl 8.6 (#1107061 )
2014-06-12 16:23:15 -04:00
Nalin Dahyabhai
790a56ba59
Add a buildrequires: on texlive-pdftex
...
We were having trouble building the PDFs due to a missing pdfcolor.tex
after the latest update to python-sphinx, but an even newer
texlive-pdftex provides that, so add it as a BuildRequires:
2014-06-12 12:04:06 -04:00
Dennis Gilmore
dd2e1e4398
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
2014-06-07 22:22:03 -05:00
Nathaniel McCallum
44d0e80df0
Backport fix for change password requests when using FAST (RT#7868)
2014-03-04 11:22:42 -05:00
Nalin Dahyabhai
2550f0f56b
Backport fix for RT#7858
...
- spnego: pull in patch from master to restore preserving the OID of the
mechanism the initiator requested when we have multiple OIDs for the
same mechanism, so that we reply using the same mechanism OID and the
initiator doesn't get confused (#1066000 , RT#7858)
2014-02-17 21:06:07 -05:00
Nalin Dahyabhai
c0d64aa79f
Note that "runstatedir" changes are also #1040056
2014-02-10 14:17:15 -05:00
Nalin Dahyabhai
bdb8c58c53
Move the default directory for OTP sockets to /var/run/krb5kdc
...
- pull in patch from master to move the default directory which the KDC
uses when computing the socket path for a local OTP daemon from the
database directory (/var/kerberos/krb5kdc) to the newly-added run
directory (/run/krb5kdc), in line with what we're expecting in 1.13
(RT#7859)
- add a tmpfiles.d configuration file to have /run/krb5kdc created at
boot-time
- own /var/run/krb5kdc
2014-02-07 16:13:29 -05:00
Nalin Dahyabhai
419c14d6ac
Pull from the right wrapper branches
...
... and add our local patch to fix the bind-then-connect case.
2014-02-04 15:31:21 -05:00
Nalin Dahyabhai
956ccfdfb4
refresh nss_wrapper, add socket_wrapper
2014-01-31 16:56:05 -05:00
Nalin Dahyabhai
5c7bab5883
Take x bit off of an html doc file, fix whitespace
2014-01-31 16:55:11 -05:00
Nalin Dahyabhai
9b18d26ce3
Add proposed ksu KEYRING+default_ccache_name patch
...
- add currently-proposed changes to teach ksu about credential cache
collections and the default_ccache_name setting (#1015559,#1026099)
2014-01-31 16:55:05 -05:00
Nalin Dahyabhai
2eb0567065
Backport changes to allow "rcache" credstores
...
- pull in multiple changes to allow replay caches to be added to a GSS
credential store as "rcache"-type credentials (RT#7818/#7819/#7836,
#1056078/#1056080)
2014-01-21 18:52:57 -05:00
Nalin Dahyabhai
792d78fa47
Backport fixes for timesync with keyring caches
...
add patch to always retrieve the KDC time offsets from keyring caches,
so that we don't mistakenly interpret creds as expired before their
time when our clock is ahead of the KDC's (RT#7820, #1030607 )
2014-01-17 10:58:19 -05:00
Nalin Dahyabhai
4dec248a05
Drop obsolete patches
2014-01-17 10:55:16 -05:00
Nalin Dahyabhai
8ae5258eb3
Drop obsolete patch
2014-01-17 10:48:08 -05:00
Nalin Dahyabhai
29afef6c24
Drop obsolete patch
2014-01-17 10:47:01 -05:00
Nalin Dahyabhai
007e77a2b3
Drop obsolete patch
2014-01-17 10:17:19 -05:00
Nalin Dahyabhai
6a8573e3af
Drop obsolete patch
2014-01-17 10:08:58 -05:00
Nalin Dahyabhai
0b6ebaab00
Drop obsolete patch
2014-01-17 09:59:39 -05:00
Nalin Dahyabhai
6265fcabf5
Drop obsolete patch
2014-01-17 09:58:40 -05:00
Nalin Dahyabhai
aef7c262b1
Update the textrel patch for x86
...
- update the PIC patch for iaesx86.s to not use ELF relocations
(RT#7815, #1045699 ) to the version that landed upstream
2014-01-13 11:41:47 -05:00
Nalin Dahyabhai
8fe7e82068
Note why we started saving ebx
2014-01-09 13:20:22 -05:00
Nalin Dahyabhai
6e03c5ada1
Link shared libs using -Wl,--warn-shared-textrel
...
- pass -Wl,--warn-shared-textrel to the compiler when we're creating shared
libraries
2014-01-09 13:13:30 -05:00
Nalin Dahyabhai
5de1fa728f
bump release for a new build
2014-01-09 11:03:45 -05:00
Nalin Dahyabhai
8a1df153c6
Save/restore ebx in functions where we modify it
...
- amend the PIC patch for iaesx86.s to also save/restore ebx in the
functions where we modify it
2014-01-09 11:02:26 -05:00
Nalin Dahyabhai
75edc7c7ca
Try to remove execmod from 32-bit AES-NI k5crypto
...
- make a guess at making the 32-bit AES-NI implementation sufficiently
position-independent to not require execmod permissions for libk5crypto
(more of #1045699 )
2014-01-06 18:53:03 -05:00
Nalin Dahyabhai
05c4140d32
Switch to as-committed version
...
- grab a more-commented version of the most recent patch from upstream
master
2014-01-06 15:58:20 -05:00
Nalin Dahyabhai
480b9efaa3
Add Dhiru Kholia's patch to restore noexecstack
...
- add patch from Dhiru Kholia for the AES-NI implementations to allow
libk5crypto to be properly marked as not needing an executable stack
on arches where they're used (#1045699 , and so many others)
2014-01-02 23:46:42 -05:00
Nalin Dahyabhai
13df2d5386
Remove the BuildRequires: on yasm for now
...
Go back to not using AES-NI, until we sort out execstack (#1045699 ).
2014-01-02 17:08:52 -05:00
Nalin Dahyabhai
911b9e932d
Add the buildrequires: for AES-NI support
...
- add yasm as a build requirement for AES-NI support, on arches that have
yasm and AES-NI
2013-12-19 13:07:54 -05:00
Nalin Dahyabhai
e1cb527238
Pull in fix to improve SPNEGO error messages
...
- pull in fix from master to make reporting of errors encountered by the
SPNEGO mechanism work better (RT#7045, part of #1043962 )
2013-12-19 11:52:30 -05:00
Nalin Dahyabhai
45d93c6d1c
Enable pyrad-based tests
...
- update a test wrapper to properly handle things that the new libkrad does,
and add python-pyrad as a build requirement so that we can run its tests
2013-12-19 11:17:28 -05:00
Nalin Dahyabhai
9f2cb9776b
For completeness, also initialize an unused field
2013-12-18 18:01:30 -05:00
Nalin Dahyabhai
82c5b9f9b2
Backport fixes for krb5_copy_context
...
- backport fixes to krb5_copy_context (RT#7807, #1044735/#1044739)
2013-12-18 17:38:54 -05:00
Nalin Dahyabhai
2550a37b4f
Pull in a fix for a mem leak from master (RT#7805)
...
- pull in fix from master to avoid a memory leak in a couple of error
cases which could occur while obtaining acceptor credentials (RT#7805, part
of #1043962 )
2013-12-18 14:33:23 -05:00
Nalin Dahyabhai
460d74d224
Pull in a fix for a mem leak from master (RT#7803)
...
- pull in fix from master to avoid a memory leak when a mechanism's
init_sec_context function fails (RT#7803, part of #1043962 )
2013-12-18 14:23:21 -05:00
Nalin Dahyabhai
39888b7c42
Pick up another interop fix from master (RT#7797)
...
- pull in fix from master to ignore an empty token from an acceptor if
we've already finished authenticating (RT#7797, part of #1043962 )
2013-12-18 14:22:24 -05:00
Nalin Dahyabhai
735b73ebbb
Pick up an interop fix from master (RT#7794)
...
- pull in fix from master to return a NULL pointer rather than allocating
zero bytes of memory if we read a zero-length input token (RT#7794, part of
#1043962 )
2013-12-18 14:20:57 -05:00
Nalin Dahyabhai
3a1e355f38
Update to 1.12 final
2013-12-11 10:52:40 -05:00
Nalin Dahyabhai
93ae18a6c5
Whoops, grab the beta 2 PDFs
2013-12-02 11:58:32 -05:00
Nalin Dahyabhai
f002059e62
Update to 1.12 beta2
...
- drop obsolete backports for storing KDC time offsets and expiration times
in keyring credential caches
2013-12-02 11:47:40 -05:00
Nalin Dahyabhai
88c0c528bd
Update to 1.12 beta
2013-11-19 18:08:43 -05:00
Nalin Dahyabhai
3c08a1616e
BuildRequire: pkgconfig and package pkgconfig data
2013-11-19 17:40:02 -05:00
Nalin Dahyabhai
f8f559ef32
Drop backports for RT#7656 and RT#7657
2013-11-19 17:39:59 -05:00
Nalin Dahyabhai
447ee6c9e6
Update for 1.12's removal of krb5_xfree()
2013-11-19 17:38:54 -05:00
Nalin Dahyabhai
f619caa9c9
Drop OTP backport
2013-11-19 17:38:54 -05:00
Nalin Dahyabhai
7448cea67e
Untweak for 1.11.3
2013-11-19 17:38:54 -05:00
Nalin Dahyabhai
00cf6df3e6
Drop backport for RT#7590 and partial for RT#7680
2013-11-19 17:38:54 -05:00
Nalin Dahyabhai
19bc209a19
Drop backport for RT#7709
2013-11-19 17:38:54 -05:00
Nalin Dahyabhai
13b2f96a29
Drop backports for RT#7682
2013-11-19 17:38:46 -05:00
Nalin Dahyabhai
0b296b8b04
Drop obsolete patches to skip GSSRPC-over-UDP test
...
- drop patches from master to not test GSSRPC-over-UDP and to not
depend on the portmapper, which are areas where our build systems
often give us trouble, too; obsolete
2013-11-19 17:32:19 -05:00
Nalin Dahyabhai
25fe69d885
Drop backport for RT#7643
2013-11-19 17:32:19 -05:00
Nalin Dahyabhai
a2e5f1f872
Drop backport for RT#7642
2013-11-19 17:32:19 -05:00
Nalin Dahyabhai
9e1d45535e
Drop backport for RT#7172
2013-11-19 17:32:19 -05:00
Nalin Dahyabhai
bd8c46afd2
Drop backport for RT#7598
2013-11-19 17:32:19 -05:00
Nalin Dahyabhai
286168174b
Drop patch to teach config.* about aarch64-linux
2013-11-19 17:32:19 -05:00
Nalin Dahyabhai
11656c4fe0
Drop obsolete patch fixing a test use-before-init
2013-11-19 17:32:19 -05:00
Nalin Dahyabhai
9c8c2d53ba
Update for 1.12
2013-11-19 17:32:19 -05:00
Nalin Dahyabhai
d2ea586766
Update for 1.12
2013-11-19 17:32:19 -05:00
Nalin Dahyabhai
f618776e18
Update for 1.12
2013-11-19 17:32:18 -05:00
Nalin Dahyabhai
d175d043f1
Update for 1.12
2013-11-19 17:32:18 -05:00
Nalin Dahyabhai
daca172770
Update patch for 1.12
2013-11-19 17:32:18 -05:00
Nalin Dahyabhai
15dceb5da6
Drop backport for RT#7689
2013-11-19 17:32:18 -05:00
Nalin Dahyabhai
b1f558a0f5
Drop backported patch
2013-11-19 17:32:18 -05:00
Nalin Dahyabhai
8a39d5ff72
Start rebasing to 1.12 alpha1
2013-11-19 17:32:18 -05:00
Nalin Dahyabhai
a77ee55771
Pull in keyring expiration from RT#7769
...
- pull in fix to set expiration times on keyrings used for storing keyring
credential caches (RT#7769, #1031724 )
2013-11-18 18:02:20 -05:00
Nalin Dahyabhai
81715b1776
Pull in keyring offset storage from RT#7768
...
- pull in fix to store KDC time offsets in keyring credential caches
(RT#7768, #1030607 )
2013-11-18 17:14:07 -05:00
Nalin Dahyabhai
dee7ae00a4
Note where CVE-2013-6800 was fixed
...
CVE-2013-6800 appears to be fixed by the same patch that fixes
CVE-2013-1418, so mention the first in changelog entries that refer to
the second.
2013-11-18 16:24:33 -05:00
Nalin Dahyabhai
cac86c9df2
Bump the release to 1
2013-11-12 16:32:02 -05:00
Nalin Dahyabhai
8f876bbbeb
Drop patch for CVE-2013-1418, included in 1.11.4
2013-11-12 16:25:26 -05:00
Nalin Dahyabhai
1f02b0bc49
Drop patch for RT#7706, obsoleted as RT#7723
2013-11-12 16:23:38 -05:00
Nalin Dahyabhai
0c6ad14521
Drop patch for RT#7650, included in 1.11.4
2013-11-12 16:20:49 -05:00
Nalin Dahyabhai
2b359c527a
Start updating to 1.11.4
2013-11-12 16:20:31 -05:00
Nalin Dahyabhai
b3399eb8fb
Switch to the upstream patch for #1029110
...
Switch to the simplified version of the patch for #1029110 that ended up
being committed upstream (RT#7764).
2013-11-12 13:20:50 -05:00
Nalin Dahyabhai
11d14a1e7c
Fix a typo in a changelog entry
2013-11-11 14:34:29 -05:00