Alexander Bokovoy
fc958d4773
Fix libkrad client cleanup code
...
Resolves: rhbz#2072059
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2022-04-05 22:18:53 +03:00
Alexander Bokovoy
29a69aee06
fix dist macro
2022-04-05 16:52:33 +03:00
Alexander Bokovoy
0ceb166d96
Allow use of larger RADIUS attributes in krad library
...
In kr_attrset_decode(), explicitly treat the length byte as unsigned.
Otherwise attributes longer than 125 characters will be rejected with
EBADMSG.
Add a 253-character-long NAS-Identifier attribute to the tests to make
sure that attributes with the maximal number of characters are working
as expected.
[ghudson@mit.edu: used uint8_t cast per current practices; edited
commit message]
ticket: 9036 (new)
From upstream, needed in preparation for OAuth2 support for FreeIPA and
SSSD.
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2022-04-05 16:51:11 +03:00
Julien Rische
2ef37ab30d
Use SHA-256 instead of SHA-1 for PKINIT CMS digest
...
CMS digest and signature algorithm for the anonymous PKINIT is changed
from SHA-1 to SHA-256. SHA-1 hasn't been considered secure anymore for
this kind of purposes for some years already.
Resolves: rhbz#2067121
Signed-off-by: Julien Rische <jrische@redhat.com>
2022-03-23 12:28:27 +01:00
Zbigniew Jędrzejewski-Szmek
970430cbff
Drop link flags from krb5-config
...
Introspecing krb5-config shows that all of the flags in LDFLAGS= are
inappropriate for export, so just drop them all.
2022-02-09 10:54:56 +01:00
Zbigniew Jędrzejewski-Szmek
f858c7e550
Drop old trigger scriptlet
...
1.15.1 was ~2017, so there is no need to support upgrades from such old
systemd. This allows the dependency on grep to be dropped. grep pulls
in pcre, but most other programs in the core group depend on the newer
pcre2, so it's nicer to avoid pulling in pcre in minimal installations.
2022-02-08 14:07:47 +01:00
Alexander Bokovoy
b998554176
Temporarily remove package note to unblock krb5-dependent packages
...
Resolves: rhbz#2048909
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
2022-02-03 12:27:25 +02:00
Fedora Release Engineering
75355e197a
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-01-20 15:08:32 +00:00
Antonio Torres
ad88d4fd50
Add patches to support OpenSSL 3.0.0
...
Signed-off-by: Antonio Torres <antorres@redhat.com>
2021-12-03 11:25:46 +01:00
Sahana Prasad
70255ea5b0
Rebuilt with OpenSSL 3.0.0
2021-09-14 19:05:45 +02:00
Robbie Harwood
91c904e5df
Remove -specs= from krb5-config output
2021-08-24 17:13:22 +00:00
Robbie Harwood
ca196a9d6b
Fix KDC null deref on TGS inner body null server (CVE-2021-37750)
2021-08-19 12:29:56 -04:00
Robbie Harwood
c4016b4e4c
New upstream version (1.19.2)
2021-07-26 14:49:39 -04:00
Robbie Harwood
2484569caa
Fix defcred leak in krb5 gss_inquire_cred()
2021-07-21 12:44:26 -04:00
Robbie Harwood
6a2eeb9666
Fix KDC null deref on bad encrypted challenge (CVE-2021-36222)
2021-07-12 13:11:12 -04:00
Robbie Harwood
af96dc0c6c
Fix use-after-free during krad remote_shutdown()
2021-07-01 13:17:47 -04:00
Robbie Harwood
c5044b0741
MEMORY locking fix and static analysis pullup
2021-06-28 17:50:46 -04:00
Robbie Harwood
91bbbda93f
Add the backward-compatible parts of openssl3 support
2021-06-21 13:16:44 -04:00
Robbie Harwood
4df0096f20
Fix three canonicalization cases for fallback
2021-06-09 10:55:13 -04:00
Robbie Harwood
65a1e5607c
Fix doc build for Sphinx 4.0
2021-06-02 12:09:09 -04:00
Robbie Harwood
72e80d67ef
Add all the sssd-kcm workarounds
2021-05-20 17:26:12 -04:00
Robbie Harwood
c4150c67d1
Fix context for previous backport
2021-05-20 13:59:39 -04:00
Robbie Harwood
904d264a41
Add KCM_OP_GET_CRED_LIST and KCM_OP_RETRIEVE support
2021-05-20 13:48:19 -04:00
Robbie Harwood
e9fb111a11
Suppress static analyzer warning in FIPS override
2021-05-04 15:02:53 -04:00
Robbie Harwood
c183c8de7d
Fix the mess the mass rebuild made of Release
2021-03-30 14:36:09 -04:00
Zbigniew Jędrzejewski-Szmek
cf3e70c97c
Rebuilt for updated systemd-rpm-macros
...
See https://pagure.io/fesco/issue/2583 .
2021-03-02 16:13:34 +01:00
Robbie Harwood
1c03da79de
Further test dependency fixes; no code changes
2021-03-01 16:49:32 -05:00
Robbie Harwood
d20ec5d3bc
Make test dependencies contingent on skipcheck; no code changes
2021-03-01 21:27:49 +00:00
Robbie Harwood
3faaf11da7
New upstream version (1.19.1)
2021-02-18 16:51:47 -05:00
Robbie Harwood
00a0ac8abc
Restore krb5_set_default_tgs_ktypes()
2021-02-17 16:12:41 -05:00
Robbie Harwood
d3ac4cf9b0
Hoist the KDC_RUN_DIR check
2021-02-15 15:54:54 -05:00
Robbie Harwood
35a4aa7b99
No code change; just coping with reverted autoconf
2021-02-05 20:39:13 +00:00
Robbie Harwood
90bc2e25b3
Cope with autoconf rollback
2021-02-05 15:33:20 -05:00
Robbie Harwood
d5839d0511
New upstream version (1.19)
2021-02-02 15:32:32 +00:00
Robbie Harwood
105082cb42
Hoist and add an option for disabling %check
2021-02-01 16:21:47 -05:00
Robbie Harwood
0dd40e4ff0
Support host-based GSS initiator names
2021-01-28 13:18:14 -05:00
Robbie Harwood
042ca4af99
Require krb5-pkinit from krb5-{server,workstation}
2021-01-28 16:37:37 +00:00
Robbie Harwood
54bf131a4a
Fix up weird mass rebuild versioning
2021-01-28 16:16:22 +00:00
Robbie Harwood
ef09340be0
Add APIs for marshalling credentials
2021-01-28 10:56:02 -05:00
Robbie Harwood
327ebd0b26
Cope with new autotools behavior wrt runstatedir
2021-01-27 14:45:26 -05:00
Fedora Release Engineering
b23f8f6215
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-01-26 16:06:22 +00:00
Robbie Harwood
9fb5239517
New upstream version (1.19-beta2)
2021-01-12 12:45:35 -05:00
Robbie Harwood
0da55d6175
New upstream version (1.19-beta1)
2020-12-16 16:30:40 -05:00
Robbie Harwood
58924baeb4
Fix runstatedir configuration
...
Why couldn't systemd just leave it alone?
Partially reverts ec1ab43ca2
.
2020-12-16 11:20:57 -05:00
Robbie Harwood
ed80b08062
Add make to BuildRequires
...
Drop cmake since we don't use it for anything
2020-12-01 14:37:26 -05:00
Robbie Harwood
b783a5421c
Document -k option in kvno(1) synopsis
2020-11-24 12:55:33 -05:00
Robbie Harwood
ab7a2a35c2
Upstream executable shared libraries patch
2020-11-20 11:43:18 -05:00
Robbie Harwood
dc8775d11d
Fix build failure in -1
2020-11-18 13:33:37 -05:00
Robbie Harwood
5facc9df4d
New upstream version (1.18.3)
2020-11-18 18:16:20 +00:00
Robbie Harwood
015255764a
Sigh, date fix
2020-11-17 12:50:36 -05:00