2e058adfc5Bump minor release
Robbie Harwood (frozencemetery)
2015-09-10 19:55:53 +0000
6cb6b69409Support config snippets in /etc/krb5.conf.d/ and /usr/share/krb5.conf.d/
Robbie Harwood (frozencemetery)
2015-09-10 19:37:58 +0000
580aefb618* Thu Jun 25 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-6 - Use system nss_wrapper and socket_wrapper for testing. Patch by Andreas Schneider <asn@redhat.com>
Roland Mainz
2015-06-26 02:47:13 +0200
d4aa04d87c* Thu Jun 25 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-5 - Remove Zanata test glue and related workarounds - Bug #1234292 ("IPA server cannot be run in container due to incorrect /usr/sbin/_kadmind") - Bug #1234326 ("krb5-server introduces new rpm dependency on ksh")
Roland Mainz
2015-06-25 14:23:31 +0200
168ec0c9e7* Thu Jun 18 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-4 - Fix dependicy on binfmt.service
Roland Mainz
2015-06-19 18:22:15 +0200
7029c6670c* Tue Jun 2 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-2 - Add patch to fix Redhat Bug #1227542 ("[SELinux] AVC denials may appear when kadmind starts"). The issue was caused by an unneeded |htons()| which triggered SELinux AVC denials due to the "random" port usage.
Roland Mainz
2015-06-03 02:57:20 +0200
8c2cea93bb* Thu May 21 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-1 - Add fix for RedHat Bug #1164304 ("Upstream unit tests loads the installed shared libraries instead the ones from the build")
Roland Mainz
2015-05-22 16:28:26 +0200
9997960299* Thu May 14 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-0 - Update to krb5-1.13.2 - drop patch for krb5-1.13.2-CVE_2015_2694_requires_preauth_bypass_in_PKINIT_enabled_KDC, fixed in krb5-1.13.2 - drop patch for krb5-1.12.1-CVE_2014_5355_fix_krb5_read_message_handling, fixed in krb5-1.13.2 - Add script processing for upcoming Zanata l10n support - Minor spec cleanup
Roland Mainz
2015-05-15 01:03:28 +0200
3ae7a21305* Thu May 14 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-0 - Update to krb5-1.13.2 - drop patch for krb5-1.13.2-CVE_2015_2694_requires_preauth_bypass_in_PKINIT_enabled_KDC, fixed in krb5-1.13.2 - drop patch for krb5-1.12.1-CVE_2014_5355_fix_krb5_read_message_handling, fixed in krb5-1.13.2 - Add script processing for upcoming Zanata l10n support - Minor spec cleanup
Roland Mainz
2015-05-15 01:02:21 +0200
1171aa60d0* Mon May 4 2015 Roland Mainz <rmainz@redhat.com> - 1.13.1-4 - fix for CVE-2015-2694 (#1216133) "requires_preauth bypass in PKINIT-enabled KDC". In MIT krb5 1.12 and later, when the KDC is configured with PKINIT support, an unauthenticated remote attacker can bypass the requires_preauth flag on a client principal and obtain a ciphertext encrypted in the principal's long-term key. This ciphertext could be used to conduct an off-line dictionary attack against the user's password. resolves: #1216134
Roland Mainz
2015-05-06 01:15:00 +0200
14a63ce373* Wed Mar 25 2015 Roland Mainz <rmainz@redhat.com> - 1.13.1-3 - Add temporay workaround for RH bug #1204646 ("krb5-config returns wrong -specs path") which modifies krb5-config post build so that development of krb5 dependicies gets unstuck. This MUST be removed before rawhide becomes F23 ...
Roland Mainz
2015-03-25 16:06:10 +0100
1984e0ee1d* Thu Mar 19 2015 Roland Mainz <rmainz@redhat.com> - 1.13.1-2 - fix for CVE-2014-5355 (#1193939) "krb5: unauthenticated denial of service in recvauth_common() and others"
Roland Mainz
2015-03-20 13:24:47 +0100
54e60b1162* Thu Mar 19 2015 Roland Mainz <rmainz@redhat.com> - 1.13.1-2 - fix for CVE-2014-5355 (#1193939) "krb5: unauthenticated denial of service in recvauth_common() and others"
Roland Mainz
2015-03-20 13:23:20 +0100
2a8abfedf0* Fri Feb 13 2015 Roland Mainz <rmainz@redhat.com> - 1.13.1-1 - Update to krb5-1.13.1 - drop patch for CVE_2014_5353_fix_LDAP_misused_policy_name_crash, fixed in krb5-1.13.1 - drop patch for kinit -C loops (MIT/krb5 bug #243), fixed in krb5-1.13.1 - drop patch for CVEs { 2014-9421, 2014-9422, 2014-9423, 2014-5352 }, fixed in krb5-1.13.1 - Minor spec cleanup
Roland Mainz
2015-02-13 18:07:12 +0100
e1dbd4ed12* Fri Feb 13 2015 Roland Mainz <rmainz@redhat.com> - 1.13.1-1 - Update to krb5-1.13.1 - drop patch for CVE_2014_5353_fix_LDAP_misused_policy_name_crash, fixed in krb5-1.13.1 - drop patch for kinit -C loops (MIT/krb5 bug #243), fixed in krb5-1.13.1 - drop patch for CVEs { 2014-9421, 2014-9422, 2014-9423, 2014-5352 }, fixed in krb5-1.13.1 - Minor spec cleanup
Roland Mainz
2015-02-13 17:58:34 +0100
570cb5eeb3* Fri Feb 13 2015 Roland Mainz <rmainz@redhat.com> - 1.13.1-1 - Update to krb5-1.13.1 - drop patch for CVE_2014_5353_fix_LDAP_misused_policy_name_crash, fixed in krb5-1.13.1 - drop patch for kinit -C loops (MIT/krb5 bug #243), fixed in krb5-1.13.1 - drop patch for CVEs { 2014-9421, 2014-9422, 2014-9423, 2014-5352 }, fixed in krb5-1.13.1 - Minor spec cleanup
Roland Mainz
2015-02-13 17:40:35 +0100
03981c354e* Fri Feb 13 2015 Roland Mainz <rmainz@redhat.com> - 1.13.1-1 - Update to krb5-1.13.1 - drop patch for CVE_2014_5353_fix_LDAP_misused_policy_name_crash, fixed in krb5-1.13.1 - drop patch for kinit -C loops (MIT/krb5 bug #243), fixed in krb5-1.13.1 - drop patch for CVEs { 2014-9421, 2014-9422, 2014-9423, 2014-5352 }, fixed in krb5-1.13.1 - Minor spec cleanup
Roland Mainz
2015-02-13 17:35:10 +0100
c74e97faa9* Wed Feb 4 2015 Roland Mainz <rmainz@redhat.com> - 1.13-8 - fix for CVE-2014-5352 (#1179856) "gss_process_context_token() incorrectly frees context (MITKRB5-SA-2015-001)" - fix for CVE-2014-9421 (#1179857) "kadmind doubly frees partial deserialization results (MITKRB5-SA-2015-001)" - fix for CVE-2014-9422 (#1179861) "kadmind incorrectly validates server principal name (MITKRB5-SA-2015-001)" - fix for CVE-2014-9423 (#1179863) "libgssrpc server applications leak uninitialized bytes (MITKRB5-SA-2015-001)"
Roland Mainz
2015-02-04 12:02:36 +0100
aad351ad29* Wed Feb 4 2015 Roland Mainz <rmainz@redhat.com> - 1.13-7 - Remove "python-sphinx-latex" and "tar" from the build requirements to fix build failures on F22 machines. - Minor spec cleanup
Roland Mainz
2015-02-04 11:47:44 +0100
fb520967f9* Mon Jan 26 2015 Roland Mainz <rmainz@redhat.com> - 1.13-5 - fix for kinit -C loops (#1184629, MIT/krb5 issue 243, "Do not loop on principal unknown errors"). - Added "python-sphinx-latex" to the build requirements to fix build failures on F22 machines.
Roland Mainz
2015-01-26 18:38:55 +0100
6baee3e656* Thu Dec 19 2014 Roland Mainz <rmainz@redhat.com> - 1.13-4 - fix for CVE-2014-5354 (#1174546) "krb5: NULL pointer dereference when using keyless entries"
Roland Mainz
2014-12-18 17:57:19 +0100
8545575f69* Wed Dec 17 2014 Roland Mainz <rmainz@redhat.com> - 1.13-3 - fix for CVE-2014-5353 (#1174543) "Fix LDAP misused policy name crash"
Roland Mainz
2014-12-17 12:06:33 +0100
a54d1f9ac9* Wed Oct 29 2014 Roland Mainz <rmainz@redhat.com> - 1.13-0 - Bump 1%%{?dist} to 2%%{?dist} to workaround RPM sort issue which would lead yum updates to treat the last alpha as newer than the final version.
Roland Mainz
2014-10-29 22:25:13 +0100
eca7fd3d15* Wed Oct 29 2014 Roland Mainz <rmainz@redhat.com> - 1.13-0 - Update from krb5-1.13-alpha1 to final krb5-1.13 - Removed patch for CVE-2014-5351 (#1145425) "krb5: current keys returned when randomizing the keys for a service principal" - now part of upstream sources - Use patch for glibc |eventfd()| prototype mismatch (#1147887) only for Fedora > 20
Roland Mainz
2014-10-29 21:48:06 +0100
6a0c01a783* Wed Oct 29 2014 Roland Mainz <rmainz@redhat.com> - 1.13-0 - Update from krb5-1.13-alpha1 to final krb5-1.13 - Removed patch for CVE-2014-5351 (#1145425) "krb5: current keys returned when randomizing the keys for a service principal" - now part of upstream sources - Use patch for glibc |eventfd()| prototype mismatch (#1147887) only for Fedora > 20
Roland Mainz
2014-10-29 21:48:06 +0100
210ae0a2c1* Tue Sep 30 2014 Roland Mainz <rmainz@redhat.com> - 1.13-0.alpha1.3 - fix build failure caused by change of prototype for glibc |eventfd()| (#1147887)
Roland Mainz
2014-09-30 12:09:28 +0200
c5c716d7e4- fix for CVE-2014-5351 (#1145425) "krb5: current keys returned when randomizing the keys for a service principal" (fix rpm spec file)
Roland Mainz
2014-09-29 23:04:48 +0200
db753ab79b* Mon Sep 29 2014 Roland Mainz <rmainz@redhat.com> - 1.13-0.alpha1.3 - fix for CVE-2014-5351 (#1145425) "krb5: current keys returned when randomizing the keys for a service principal"
Roland Mainz
2014-09-29 20:49:37 +0200
67988a74d0Keep the license from being a dangling symlink
Nalin Dahyabhai
2014-09-08 18:43:06 -0400
56cd96f9bdRemove the -S flag from kprop.service
Nalin Dahyabhai
2014-08-26 11:23:52 -0400
8563ebea46Updating to 1.13 alpha1
Nalin Dahyabhai
2014-08-22 13:39:24 -0400
c48fd0f0bcPull in upstream fix for an mischecked strdup()
Nalin Dahyabhai
2014-08-20 17:16:30 -0400