Commit Graph

160 Commits

Author SHA256 Message Date
Michael Ströder
9ec64c1b6a Accepting request 544664 from home:RBrownSUSE:branches:network
Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)

OBS-URL: https://build.opensuse.org/request/show/544664
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=202
2017-11-23 14:51:34 +00:00
Howard Guo
e5f49d0c42 - Remove build dependency doxygen, python-Cheetah, python-Sphinx,
python-libxml2, python-lxml, most of which are python 2 programs.
  Consequently remove -doc subpackage. Users are encouraged to use
  online documentation. (bsc#1066461)

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=200
2017-11-06 10:43:49 +00:00
Michael Ströder
c09363cbd0 Accepting request 530605 from home:jengelh:branches:network
- Update package descriptions.

OBS-URL: https://build.opensuse.org/request/show/530605
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=198
2017-10-02 23:37:48 +00:00
Michael Ströder
f7aad59b95 Accepting request 528703 from home:stroeder:branches:network
- Upgrade to 1.15.2
  * Fix a KDC denial of service vulnerability caused by unset status
    strings [CVE-2017-11368]
  * Preserve GSS contexts on init/accept failure [CVE-2017-11462]
  * Fix kadm5 setkey operation with LDAP KDB module
  * Use a ten-second timeout after successful connection for HTTPS KDC
    requests, as we do for TCP requests
  * Fix client null dereference when KDC offers encrypted challenge
    without FAST
  * Ignore dotfiles when processing profile includedir directive
  * Improve documentation
- Upgrade to 1.15.2
  * Fix a KDC denial of service vulnerability caused by unset status
    strings [CVE-2017-11368]
  * Preserve GSS contexts on init/accept failure [CVE-2017-11462]
  * Fix kadm5 setkey operation with LDAP KDB module
  * Use a ten-second timeout after successful connection for HTTPS KDC
    requests, as we do for TCP requests
  * Fix client null dereference when KDC offers encrypted challenge
    without FAST
  * Ignore dotfiles when processing profile includedir directive
  * Improve documentation

OBS-URL: https://build.opensuse.org/request/show/528703
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=196
2017-09-27 08:29:01 +00:00
7566d42d93 Accepting request 486033 from home:kukuk:branches:network
- Remove wrong PreRequires

- Remove wrong PreRequires from krb5

OBS-URL: https://build.opensuse.org/request/show/486033
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=189
2017-04-07 06:22:42 +00:00
Howard Guo
4205fb7129 Accepting request 478048 from home:stroeder:branches:network
use HTTPS project and source URLs

OBS-URL: https://build.opensuse.org/request/show/478048
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=187
2017-03-13 08:48:12 +00:00
353b1c8ae7 - use source urls.
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=186
2017-03-09 18:22:08 +00:00
Howard Guo
68cd296a9a Accepting request 476962 from home:stroeder:branches:network
update to upstream release 1.15.1

OBS-URL: https://build.opensuse.org/request/show/476962
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=183
2017-03-06 08:55:39 +00:00
Michael Ströder
c4c458e8fe Accepting request 452968 from home:bmwiedemann:branches:network
remove useless environment.pickle to make build-compare happy

OBS-URL: https://build.opensuse.org/request/show/452968
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=181
2017-01-27 15:29:04 +00:00
Michael Ströder
0cd0c46b3a Accepting request 451650 from home:gladiac:branches:network
Introduce patch
krb5-1.15-fix_kdb_free_principal_e_data.patch
to fix freeing of e_data in the kdb principal

OBS-URL: https://build.opensuse.org/request/show/451650
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=179
2017-01-20 14:28:35 +00:00
Michael Ströder
6fe08c82e5 Accepting request 443689 from home:stroeder:branches:network
Update to upstream release 1.15.
Successfully tested KDC with LDAP backend with one kinit on Tumbleweed x86_64 (but without selinux).
Please carefully review the updated C code patches!

OBS-URL: https://build.opensuse.org/request/show/443689
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=177
2016-12-05 17:34:31 +00:00
Howard Guo
e30e1bbad9 Accepting request 440200 from home:hauky:branches:network
- add pam configuration file required for ksu 
  just use a copy of "su" one from Tumbleweed

OBS-URL: https://build.opensuse.org/request/show/440200
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=175
2016-11-24 14:43:00 +00:00
Ismail Dönmez
80be49d3d2 Fixup
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=173
2016-07-22 11:04:02 +00:00
Ismail Dönmez
06399cb6eb Accepting request 412758 from home:stroeder:branches:network
update to 1.14.3

OBS-URL: https://build.opensuse.org/request/show/412758
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=172
2016-07-22 10:37:56 +00:00
Ismail Dönmez
ac8428f53d - Remove comments breaking post scripts.
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=170
2016-07-02 11:39:29 +00:00
Ismail Dönmez
a0dc13d8ee Accepting request 405706 from home:fcrozat:branches:network
- Do no use systemd_requires macros in main package, it adds
  unneeded dependencies which pulls systemd into minimal chroot.
- Only call %insserv_prereq when building for pre-systemd
  distributions.
- Optimise some %post/%postun when only /sbin/ldconfig is called.

OBS-URL: https://build.opensuse.org/request/show/405706
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=169
2016-07-02 07:38:07 +00:00
Howard Guo
f423fdf030 ------------------------------------------------------------------
- Remove source file ccapi/common/win/OldCC/autolock.hxx
  that is not needed and does not carry an acceptable license.
  (bsc#968111)
------------------------------------------------------------------
- Remove source file ccapi/common/win/OldCC/autolock.hxx
  that is not needed and does not carry an acceptable license.
  (bsc#968111)

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=168
2016-06-13 12:41:05 +00:00
Ismail Dönmez
f73cb2534d Accepting request 392049 from home:stroeder:branches:network
Update to 1.14.2. Please review carefully.

Especially from glancing over the upstream source krb5-mechglue_inqure_attrs.patch seems obsolete even though the solution in upstream code looks slightly different.

OBS-URL: https://build.opensuse.org/request/show/392049
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=166
2016-04-29 08:00:03 +00:00
Howard Guo
9f56699b06 - Upgrade from 1.14 to 1.14.1:
* Remove expired patches:
    0104-Verify-decoded-kadmin-C-strings-CVE-2015-8629.patch
    0105-Fix-leaks-in-kadmin-server-stubs-CVE-2015-8631.patch
    0106-Check-for-null-kadm5-policy-name-CVE-2015-8630.patch
    krbdev.mit.edu-8301.patch
  * Replace source archives:
    krb5-1.14.tar.gz ->
    krb5-1.14.1.tar.gz
    krb5-1.14.tar.gz.asc ->
    krb5-1.14.1.tar.gz.asc
  * Adjust line numbers in:
    krb5-fix_interposer.patch

- Upgrade from 1.14 to 1.14.1:
  * Remove expired patches:
    0104-Verify-decoded-kadmin-C-strings-CVE-2015-8629.patch
    0105-Fix-leaks-in-kadmin-server-stubs-CVE-2015-8631.patch
    0106-Check-for-null-kadm5-policy-name-CVE-2015-8630.patch
    krbdev.mit.edu-8301.patch
  * Replace source archives:
    krb5-1.14.tar.gz ->
    krb5-1.14.1.tar.gz
    krb5-1.14.tar.gz.asc ->
    krb5-1.14.1.tar.gz.asc
  * Adjust line numbers in:
    krb5-fix_interposer.patch

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=165
2016-04-01 07:50:43 +00:00
Howard Guo
83e7befa84 Accepting request 378678 from home:guohouzuo:branches:network
- Introduce patch
  0107-Fix-LDAP-null-deref-on-empty-arg-CVE-2016-3119.patch
  to fix CVE-2016-3119 (bsc#971942)

OBS-URL: https://build.opensuse.org/request/show/378678
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=162
2016-03-23 13:16:38 +00:00
f8868d141a Accepting request 359629 from home:guohouzuo:branches:network
- Remove krb5 pieces from spec file.
  Hence remove pre_checkin.sh
- Remove expired macros and other minor clena-ups in spec file.
- Change package description to explain what "mini" means.

- Remove krb5-mini pieces from spec file.
  Hence remove pre_checkin.sh
- Remove expired macros and other minor clean-ups in spec file.

OBS-URL: https://build.opensuse.org/request/show/359629
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=160
2016-02-18 11:50:30 +00:00
Ismail Dönmez
e206af5319 Accepting request 357309 from home:guohouzuo:branches:network
- Fix CVE-2015-8629: krb5: xdr_nullstring() doesn't check for terminating null character
  with patch 0104-Verify-decoded-kadmin-C-strings-CVE-2015-8629.patch
  (bsc#963968)
- Fix CVE-2015-8631: krb5: Memory leak caused by supplying a null principal name in request
  with patch 0105-Fix-leaks-in-kadmin-server-stubs-CVE-2015-8631.patch
  (bsc#963975)
- Fix CVE-2015-8630: krb5: krb5 doesn't check for null policy when KADM5_POLICY is set in the mask
  with patch 0106-Check-for-null-kadm5-policy-name-CVE-2015-8630.patch
  (bsc#963964)

OBS-URL: https://build.opensuse.org/request/show/357309
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=158
2016-02-02 08:54:49 +00:00
Ismail Dönmez
b9ca4cd2ca - Add two patches from Fedora, fixing two crashes:
* krb5-fix_interposer.patch
  * krb5-mechglue_inqure_attrs.patch

- Add two patches from Fedora, fixing two crashes:
  * krb5-fix_interposer.patch
  * krb5-mechglue_inqure_attrs.patch

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=156
2016-01-11 12:39:08 +00:00
Ismail Dönmez
e9af2abc6d Accepting request 352796 from home:stroeder:branches:network
update to 1.14, successfully tested on Tumbleweed x86_64 
1. purely as client for MS AD and
2. as KDC with LDAP backend

OBS-URL: https://build.opensuse.org/request/show/352796
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=154
2016-01-10 16:41:42 +00:00
Ismail Dönmez
ee705d6c1a Accepting request 347770 from home:stroeder:branches:network
update to 1.13.3

OBS-URL: https://build.opensuse.org/request/show/347770
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=152
2015-12-07 12:50:29 +00:00
Ismail Dönmez
ea14ad7c34 Accepting request 343479 from home:guohouzuo:branches:network
- Apply patch 0103-Fix-IAKERB-context-export-import-CVE-2015-2698.patch
  to fix a memory corruption regression introduced by resolution of
  CVE-2015-2698. bsc#954204

OBS-URL: https://build.opensuse.org/request/show/343479
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=150
2015-11-10 16:57:00 +00:00
Ismail Dönmez
aa93054403 Accepting request 341521 from home:guohouzuo:branches:network
One bug fix in manual page + 3 CVE fixes.

OBS-URL: https://build.opensuse.org/request/show/341521
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=148
2015-10-29 18:14:03 +00:00
Ismail Dönmez
172a23219f Accepting request 309550 from home:guohouzuo:freeipa
Let server depend on libev (module of libverto). This was the
 embedded implementation before the separation of libverto from krb.

OBS-URL: https://build.opensuse.org/request/show/309550
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=146
2015-06-01 09:44:23 +00:00
Ismail Dönmez
f1babf4554 Accepting request 309029 from home:dimstar:Factory
- Drop libverto and libverto-libev Requires from the -server
  package: those package names don't exist and the shared libs
  are pulled in automatically.

- Drop libverto and libverto-libev Requires from the -server
  package: those package names don't exist and the shared libs
  are pulled in automatically.

OBS-URL: https://build.opensuse.org/request/show/309029
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=144
2015-05-28 08:59:56 +00:00
Ismail Dönmez
d9be576ce1 Accepting request 308898 from home:dimstar:Factory
Also build dep libverto for the -mini variant... so it can actually be built

OBS-URL: https://build.opensuse.org/request/show/308898
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=143
2015-05-27 16:09:38 +00:00
7991a93622 - pre_checkin.sh aligned changes between krb5/krb5-mini
- added krb5.keyring

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=142
2015-05-22 09:30:16 +00:00
8103840325 * Add client support for the Kerberos Cache Manager protocol. If the host
* Add support for doing unlocked database dumps for the DB2 KDC back end,
  * krb5-1.7-doublelog.patch

- Work around replay cache creation race; (bnc#898439).
  krb5-1.13-work-around-replay-cache-creation-race.patch

-  bnc#897874 CVE-2014-5351: krb5: current keys returned when randomizing the keys for a service principal 
- added patches:
  * bnc#897874-CVE-2014-5351.diff

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=141
2015-05-22 09:22:57 +00:00
Andrey Karepin
71a09ab035 Accepting request 306592 from home:stroeder:branches:network
update to 1.13.2

OBS-URL: https://build.opensuse.org/request/show/306592
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=139
2015-05-13 19:25:01 +00:00
24de3e2bab Accepting request 305915 from home:guohouzuo:freeipa
OBS-URL: https://build.opensuse.org/request/show/305915
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=138
2015-05-11 11:41:14 +00:00
cefda77aa1 Accepting request 286613 from home:stroeder:branches:network
security update 1.13.1

OBS-URL: https://build.opensuse.org/request/show/286613
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=136
2015-02-18 17:22:56 +00:00
42eb1db8e7 Accepting request 280024 from home:mlin7442:branches:network
update to 1.13, also fixed build with bison3

OBS-URL: https://build.opensuse.org/request/show/280024
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=134
2015-01-06 10:58:20 +00:00
35dbbe780b Accepting request 252436 from home:dmdiss:branches:bnc898439_krb_reply_cache_race_factory
- Work around replay cache creation race; (bnc#898439).
  krb5-1.13-work-around-replay-cache-creation-race.patch

OBS-URL: https://build.opensuse.org/request/show/252436
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=132
2014-10-01 07:19:37 +00:00
23582573aa Accepting request 251631 from home:varkoly:branches:network
-  bnc#897874 CVE-2014-5351: krb5: current keys returned when randomizing the keys for a service principal 
- added patches:
  * bnc#897874-CVE-2014-5351.diff

OBS-URL: https://build.opensuse.org/request/show/251631
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=130
2014-09-25 08:28:07 +00:00
1e26a2fb1a Accepting request 246966 from home:AndreasStieger:branches:network
krb5 5.12.2

- Fix build with doxygen 1.8.8 - adding krb5-1.12-doxygen.patch
  from upstream
  See https://build.opensuse.org/request/show/246780

OBS-URL: https://build.opensuse.org/request/show/246966
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=128
2014-09-01 15:41:18 +00:00
Christian Kornacker
e1506944cc - buffer overrun in kadmind with LDAP backend
CVE-2014-4345 (bnc#891082)
  krb5-1.12-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.patch

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=126
2014-08-11 11:01:01 +00:00
Christian Kornacker
f2e853070c - Fix double-free in SPNEGO [CVE-2014-4343] (bnc#888697)
krb5-1.12-CVE-2014-4343-Fix-double-free-in-SPNEGO.patch
  Fix null deref in SPNEGO acceptor [CVE-2014-4344]
  krb5-1.12-CVE-2014-4344-Fix-null-deref-in-SPNEGO-acceptor.patch

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=124
2014-07-28 09:58:41 +00:00
Christian Kornacker
3ac7b19a80 Accepting request 241590 from home:posophe:branches:network
Fix for systemd

OBS-URL: https://build.opensuse.org/request/show/241590
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=122
2014-07-21 12:42:45 +00:00
Christian Kornacker
3f646c425e - denial of service flaws when handling RFC 1964 tokens (bnc#886016)
krb5-1.12-CVE-2014-4341-CVE-2014-4342.patch
- start krb5kdc after slapd (bnc#886102)
- obsolete krb5-plugin-preauth-pkinit-nss (bnc#881674)
  similar functionality is provided by krb5-plugin-preauth-pkinit

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=121
2014-07-15 08:18:37 +00:00
Christian Kornacker
5f3b47a9fc - don't deliver SysV init files to systemd distributions
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=119
2014-02-18 17:40:34 +00:00
Christian Kornacker
869a682f2d - update to version 1.12.1
* Make KDC log service principal names more consistently during
    some error conditions, instead of "<unknown server>"
  * Fix several bugs related to building AES-NI support on less
    common configurations
  * Fix several bugs related to keyring credential caches
- upstream obsoletes:
  krb5-1.12-copy_context.patch
  krb5-1.12-enable-NX.patch
  krb5-1.12-pic-aes-ni.patch
  krb5-master-no-malloc0.patch
  krb5-master-ignore-empty-unnecessary-final-token.patch

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=117
2014-01-21 15:06:23 +00:00
Michael Calmer
03254981cb Accepting request 213903 from home:ckornacker:branches:network
- update to version 1.12
  * Add GSSAPI extensions for constructing MIC tokens using IOV lists
  * Add a FAST OTP preauthentication module for the KDC which uses
    RADIUS to validate OTP token values.
  * The AES-based encryption types will use AES-NI instructions
    when possible for improved performance.
- revert dependency on libcom_err-mini-devel since it's not yet
  available
- update and rebase patches

OBS-URL: https://build.opensuse.org/request/show/213903
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=114
2014-01-15 14:14:20 +00:00
10b96098f3 Accepting request 210105 from home:neilbrown:branches:network
Reduce build dependencies for krb5-mini
This requires a change to e2fsprogs which will include
the creation of e2fsprogs-mini, so it shouldn't be accepted
before that other change is accepted

- Reduce build dependencies for krb5-mini by removing
  doxygen and changing libcom_err-devel to
  libcom_err-mini-devel
- Small fix to pre_checkin.sh so krb5-mini.spec is correct.

- Reduce build dependencies for krb5-mini by removing
  doxygen and changing libcom_err-devel to
  libcom_err-mini-devel
- Small fix to pre_checkin.sh so krb5-mini.spec is correct.

OBS-URL: https://build.opensuse.org/request/show/210105
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=112
2013-12-10 09:48:22 +00:00
3e0687cac7 Accepting request 207746 from home:ckornacker:branches:network
- update to version 1.11.4
  - Fix a KDC null pointer dereference [CVE-2013-1417] that could
    affect realms with an uncommon configuration.
  - Fix a KDC null pointer dereference [CVE-2013-1418] that could
    affect KDCs that serve multiple realms.
  - Fix a number of bugs related to KDC master key rollover.

OBS-URL: https://build.opensuse.org/request/show/207746
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=110
2013-11-20 12:36:50 +00:00
Michael Calmer
6ca487dd65 - install and enable systemd service files also in -mini package
- install and enable systemd service files also in -mini package

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=108
2013-06-24 16:22:21 +00:00
Michael Calmer
071b9cc1bd Accepting request 180374 from home:elvigia:branches:network
- remove fstack-protector-all from CFLAGS, just use the 
  lighter/fast version already present in %optflags
- Use LFS_CFLAGS to build in 32 bit archs.

- remove fstack-protector-all from CFLAGS, just use the 
  lighter/fast version already present in %optflags
- Use LFS_CFLAGS to build in 32 bit archs.

OBS-URL: https://build.opensuse.org/request/show/180374
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=107
2013-06-21 12:43:11 +00:00