This commit is contained in:
OBS User unknown
Git OBS Bridge
parent
c454ede08e
commit
1decc015c4
13
krb5-1.6-fix-CVE-2007-5894.dif
Normal file
13
krb5-1.6-fix-CVE-2007-5894.dif
Normal file
@ -0,0 +1,13 @@
|
||||
Index: src/appl/gssftp/ftpd/ftpd.c
|
||||
===================================================================
|
||||
--- src/appl/gssftp/ftpd/ftpd.c.orig
|
||||
+++ src/appl/gssftp/ftpd/ftpd.c
|
||||
@@ -1823,7 +1823,7 @@ reply(n, fmt, p0, p1, p2, p3, p4, p5)
|
||||
* radix_encode, gss_seal, plus slop.
|
||||
*/
|
||||
char in[FTP_BUFSIZ*3/2], out[FTP_BUFSIZ*3/2];
|
||||
- int length, kerror;
|
||||
+ int length = 0, kerror;
|
||||
if (n) sprintf(in, "%d%c", n, cont_char);
|
||||
else in[0] = '\0';
|
||||
strncat(in, buf, sizeof (in) - strlen(in) - 1);
|
||||
13
krb5-1.6-fix-CVE-2007-5902.dif
Normal file
13
krb5-1.6-fix-CVE-2007-5902.dif
Normal file
@ -0,0 +1,13 @@
|
||||
Index: src/lib/rpc/svc_auth_gss.c
|
||||
===================================================================
|
||||
--- src/lib/rpc/svc_auth_gss.c.orig
|
||||
+++ src/lib/rpc/svc_auth_gss.c
|
||||
@@ -671,7 +671,7 @@ svcauth_gss_get_principal(SVCAUTH *auth)
|
||||
|
||||
gd = SVCAUTH_PRIVATE(auth);
|
||||
|
||||
- if (gd->cname.length == 0)
|
||||
+ if (gd->cname.length == 0 || gd->cname.length >= SIZE_MAX)
|
||||
return (NULL);
|
||||
|
||||
if ((pname = malloc(gd->cname.length + 1)) == NULL)
|
||||
25
krb5-1.6-fix-CVE-2007-5971.dif
Normal file
25
krb5-1.6-fix-CVE-2007-5971.dif
Normal file
@ -0,0 +1,25 @@
|
||||
Index: src/lib/gssapi/krb5/k5sealv3.c
|
||||
===================================================================
|
||||
--- src/lib/gssapi/krb5/k5sealv3.c.orig
|
||||
+++ src/lib/gssapi/krb5/k5sealv3.c
|
||||
@@ -248,7 +248,6 @@ gss_krb5int_make_seal_token_v3 (krb5_con
|
||||
plain.data = 0;
|
||||
if (err) {
|
||||
zap(outbuf,bufsize);
|
||||
- free(outbuf);
|
||||
goto error;
|
||||
}
|
||||
if (sum.length != ctx->cksum_size)
|
||||
Index: src/lib/gssapi/mechglue/g_initialize.c
|
||||
===================================================================
|
||||
--- src/lib/gssapi/mechglue/g_initialize.c.orig
|
||||
+++ src/lib/gssapi/mechglue/g_initialize.c
|
||||
@@ -208,7 +208,7 @@ gss_OID_set *mechSet;
|
||||
free((*mechSet)->elements[j].elements);
|
||||
}
|
||||
free((*mechSet)->elements);
|
||||
- free(mechSet);
|
||||
+ free(*mechSet);
|
||||
*mechSet = NULL;
|
||||
return (GSS_S_FAILURE);
|
||||
}
|
||||
14
krb5-1.6-fix-CVE-2007-5972.dif
Normal file
14
krb5-1.6-fix-CVE-2007-5972.dif
Normal file
@ -0,0 +1,14 @@
|
||||
Index: src/lib/kdb/kdb_default.c
|
||||
===================================================================
|
||||
--- src/lib/kdb/kdb_default.c.orig
|
||||
+++ src/lib/kdb/kdb_default.c
|
||||
@@ -185,8 +185,7 @@ krb5_def_store_mkey(context, keyfile, mn
|
||||
kf) != key->length)) {
|
||||
retval = errno;
|
||||
(void) fclose(kf);
|
||||
- }
|
||||
- if (fclose(kf) == EOF)
|
||||
+ } else if (fclose(kf) == EOF)
|
||||
retval = errno;
|
||||
#if HAVE_UMASK
|
||||
(void) umask(oumask);
|
||||
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package krb5-doc (Version 1.6.3)
|
||||
#
|
||||
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
# This file and all modifications and additions to the pristine
|
||||
# package are under the same license as the package itself.
|
||||
#
|
||||
@ -13,7 +13,7 @@
|
||||
Name: krb5-doc
|
||||
BuildRequires: ghostscript-library latex2html texlive
|
||||
Version: 1.6.3
|
||||
Release: 16
|
||||
Release: 30
|
||||
%define srcRoot krb5-1.6.3
|
||||
Summary: MIT Kerberos5 Implementation--Documentation
|
||||
License: X11/MIT
|
||||
@ -90,41 +90,41 @@ rm -rf %{buildroot}
|
||||
%doc doc/html
|
||||
|
||||
%changelog
|
||||
* Tue Oct 23 2007 - mc@suse.de
|
||||
* Tue Oct 23 2007 mc@suse.de
|
||||
- update to krb5 version 1.6.3
|
||||
* fix CVE-2007-3999, CVE-2007-4743 svc_auth_gss.c buffer overflow
|
||||
* fix CVE-2007-4000 modify_policy vulnerability
|
||||
* Add PKINIT support
|
||||
- remove patches which are upstream now
|
||||
- enhance init scripts and xinetd profiles
|
||||
* Thu Jul 12 2007 - mc@suse.de
|
||||
* Thu Jul 12 2007 mc@suse.de
|
||||
- update to version 1.6.2
|
||||
- remove krb5-1.6.1-post.dif all fixes are included in this release
|
||||
* Wed Jun 13 2007 - sschober@suse.de
|
||||
* Wed Jun 13 2007 sschober@suse.de
|
||||
- removed executable permission from doc file
|
||||
* Mon Apr 23 2007 - mc@suse.de
|
||||
* Mon Apr 23 2007 mc@suse.de
|
||||
- update to final 1.6.1 version
|
||||
- replace te_ams with texlive in BuildRequires
|
||||
* Wed Apr 18 2007 - mc@suse.de
|
||||
* Wed Apr 18 2007 mc@suse.de
|
||||
- build implementor.ps
|
||||
* Mon Apr 16 2007 - mc@suse.de
|
||||
* Mon Apr 16 2007 mc@suse.de
|
||||
- update to version 1.6.1 Beta1
|
||||
- remove obsolete patches
|
||||
(krb5-1.6-post.dif, krb5-1.6-patchlevel.dif)
|
||||
* Mon Feb 19 2007 - mc@suse.de
|
||||
* Mon Feb 19 2007 mc@suse.de
|
||||
- add krb5-1.6-post.dif
|
||||
* Mon Jan 22 2007 - mc@suse.de
|
||||
* Mon Jan 22 2007 mc@suse.de
|
||||
- update to version 1.6
|
||||
* Major changes in 1.6 include
|
||||
* Partial client implementation to handle server name referrals.
|
||||
* Pre-authentication plug-in framework, donated by Red Hat.
|
||||
* LDAP KDB plug-in, donated by Novell.
|
||||
* Thu Aug 24 2006 - mc@suse.de
|
||||
* Thu Aug 24 2006 mc@suse.de
|
||||
- update to version 1.5.1
|
||||
- remove obsolete patches which are now included upstream
|
||||
* krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif
|
||||
* trunk-fix-uninitialized-vars.dif
|
||||
* Mon Jul 03 2006 - mc@suse.de
|
||||
* Mon Jul 03 2006 mc@suse.de
|
||||
- update to version 1.5
|
||||
* KDB abstraction layer, donated by Novell.
|
||||
* plug-in architecture, allowing for extension modules to be
|
||||
@ -134,34 +134,34 @@ rm -rf %{buildroot}
|
||||
* Simple and Protected GSS-API negotiation mechanism ("SPNEGO")
|
||||
implementation, donated by Sun Microsystems
|
||||
- remove obsolete patches and add some new
|
||||
* Mon Mar 13 2006 - mc@suse.de
|
||||
* Mon Mar 13 2006 mc@suse.de
|
||||
- set BuildArchitectures to noarch
|
||||
- set norootforbuild
|
||||
* Wed Jan 25 2006 - mls@suse.de
|
||||
* Wed Jan 25 2006 mls@suse.de
|
||||
- converted neededforbuild to BuildRequires
|
||||
* Fri Nov 18 2005 - mc@suse.de
|
||||
* Fri Nov 18 2005 mc@suse.de
|
||||
- update to version 1.4.3
|
||||
- fix tex for kadm5 documentation (krb5-1.4.3-kadm5-tex.dif)
|
||||
* Wed Oct 12 2005 - mc@suse.de
|
||||
* Wed Oct 12 2005 mc@suse.de
|
||||
- build kadm5 documentation
|
||||
- build documentation also as html
|
||||
- include the text only documentation
|
||||
* Tue Oct 11 2005 - mc@suse.de
|
||||
* Tue Oct 11 2005 mc@suse.de
|
||||
- update to version 1.4.2
|
||||
- remove some obsolet patches
|
||||
* Mon Jun 27 2005 - mc@suse.de
|
||||
* Mon Jun 27 2005 mc@suse.de
|
||||
- update to version 1.4.1
|
||||
- remove obsolet patches
|
||||
- krb5-1.4-VUL-0-telnet.dif
|
||||
* Thu Feb 10 2005 - ro@suse.de
|
||||
* Thu Feb 10 2005 ro@suse.de
|
||||
- added libpng to neededforbuild (for tetex)
|
||||
* Fri Feb 04 2005 - mc@suse.de
|
||||
* Fri Feb 04 2005 mc@suse.de
|
||||
- remove spx.c from tarball because of legal risk
|
||||
- add README.Source which tell the user about this
|
||||
action.
|
||||
* Fri Jan 28 2005 - mc@suse.de
|
||||
* Fri Jan 28 2005 mc@suse.de
|
||||
- update to version 1.4
|
||||
* Mon Jan 10 2005 - mc@suse.de
|
||||
* Mon Jan 10 2005 mc@suse.de
|
||||
- update to version 1.3.6
|
||||
* Tue Dec 14 2004 - mc@suse.de
|
||||
* Tue Dec 14 2004 mc@suse.de
|
||||
- initial release
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package krb5-plugins (Version 1.6.3)
|
||||
#
|
||||
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
# This file and all modifications and additions to the pristine
|
||||
# package are under the same license as the package itself.
|
||||
#
|
||||
@ -13,7 +13,7 @@
|
||||
|
||||
Name: krb5-plugins
|
||||
Version: 1.6.3
|
||||
Release: 3
|
||||
Release: 4
|
||||
BuildRequires: bison krb5-devel ncurses-devel openldap2-devel
|
||||
%define srcRoot krb5-1.6.3
|
||||
%define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/
|
||||
@ -48,6 +48,10 @@ Patch31: krb5-1.6-ldap-man.dif
|
||||
Patch32: krb5-1.4.3-enospc.dif
|
||||
Patch33: krb5-1.3.3-rcp-markus.dif
|
||||
Patch34: gssapi_improve_errormessages.dif
|
||||
Patch35: krb5-1.6-fix-CVE-2007-5894.dif
|
||||
Patch36: krb5-1.6-fix-CVE-2007-5902.dif
|
||||
Patch37: krb5-1.6-fix-CVE-2007-5971.dif
|
||||
Patch38: krb5-1.6-fix-CVE-2007-5972.dif
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
|
||||
%description
|
||||
@ -134,6 +138,10 @@ fi
|
||||
%patch32 -p1
|
||||
%patch33 -p1
|
||||
%patch34 -p1
|
||||
%patch35
|
||||
%patch36
|
||||
%patch37
|
||||
%patch38
|
||||
cp %{_sourcedir}/EncryptWithMasterKey.c %{_builddir}/%{srcRoot}/src/kadmin/dbutil/EncryptWithMasterKey.c
|
||||
# Rename the man pages so that they'll get generated correctly.
|
||||
pushd src
|
||||
@ -248,35 +256,35 @@ rm -rf %{buildroot}
|
||||
%{_libdir}/krb5/plugins/preauth/pkinit.so
|
||||
|
||||
%changelog
|
||||
* Tue Dec 04 2007 - mc@suse.de
|
||||
* Tue Dec 04 2007 mc@suse.de
|
||||
- improve GSSAPI error messages
|
||||
* Tue Oct 23 2007 - mc@suse.de
|
||||
* Tue Oct 23 2007 mc@suse.de
|
||||
- update to krb5 version 1.6.3
|
||||
* fix CVE-2007-3999, CVE-2007-4743 svc_auth_gss.c buffer overflow
|
||||
* fix CVE-2007-4000 modify_policy vulnerability
|
||||
* Add PKINIT support
|
||||
- remove patches which are upstream now
|
||||
- enhance init scripts and xinetd profiles
|
||||
* Fri Sep 14 2007 - mc@suse.de
|
||||
* Fri Sep 14 2007 mc@suse.de
|
||||
- update krb5-1.6.2-post.dif
|
||||
* If a KDC returns KDC_ERR_SVC_UNAVAILABLE, it appears that
|
||||
that the client library will not failover to the next KDC.
|
||||
[#310540]
|
||||
* Tue Sep 11 2007 - mc@suse.de
|
||||
* Tue Sep 11 2007 mc@suse.de
|
||||
- update krb5-1.6.2-post.dif
|
||||
* new -S sname option for kvno
|
||||
* read_entropy_from_device on partial read will not fill buffer
|
||||
* Bail out if encoded "ticket" doesn't decode correctly.
|
||||
* patch for referrals loop
|
||||
* Thu Sep 06 2007 - mc@suse.de
|
||||
* Thu Sep 06 2007 mc@suse.de
|
||||
- fix a problem with the originally published patch
|
||||
for MITKRB5-SA-2007-006 - CVE-2007-3999
|
||||
[#302377]
|
||||
* Wed Sep 05 2007 - mc@suse.de
|
||||
* Wed Sep 05 2007 mc@suse.de
|
||||
- fix execute arbitrary code
|
||||
(MITKRB5-SA-2007-006 - CVE-2007-3999,2007-4000)
|
||||
[#302377]
|
||||
* Tue Aug 07 2007 - mc@suse.de
|
||||
* Tue Aug 07 2007 mc@suse.de
|
||||
- add krb5-1.6.2-post.dif
|
||||
* during the referrals loop, check to see if the
|
||||
session key enctype of a returned credential for the final
|
||||
@ -286,10 +294,10 @@ rm -rf %{buildroot}
|
||||
the subsequent open(O_CREAT|O_EXCL) call fails because the file
|
||||
was already created by mkstemp(). Apply patch from Apple to keep
|
||||
the file descriptor open.
|
||||
* Thu Jul 12 2007 - mc@suse.de
|
||||
* Thu Jul 12 2007 mc@suse.de
|
||||
- update to version 1.6.2
|
||||
- remove krb5-1.6.1-post.dif all fixes are included in this release
|
||||
* Mon Jul 02 2007 - mc@suse.de
|
||||
* Mon Jul 02 2007 mc@suse.de
|
||||
- update krb5-1.6.1-post.dif
|
||||
* fix leak in krb5_walk_realm_tree
|
||||
* rd_req_decoded needs to deal with referral realms
|
||||
@ -299,22 +307,22 @@ rm -rf %{buildroot}
|
||||
* fix kadmind code execution bug
|
||||
(MITKRB5-SA-2007-004 - CVE-2007-2442 - CVE-2007-2443)
|
||||
[#271191]
|
||||
* Wed May 09 2007 - mc@suse.de
|
||||
* Wed May 09 2007 mc@suse.de
|
||||
- fix uninitialized salt length
|
||||
- add extra check for keytab file
|
||||
* Thu May 03 2007 - mc@suse.de
|
||||
* Thu May 03 2007 mc@suse.de
|
||||
- adding krb5-1.6.1-post.dif
|
||||
* fix segfault in krb5_get_init_creds_password
|
||||
* remove debug output in ftp client
|
||||
* profile stores empty string values without double quotes
|
||||
* Mon Apr 23 2007 - mc@suse.de
|
||||
* Mon Apr 23 2007 mc@suse.de
|
||||
- update to final 1.6.1 version
|
||||
* Mon Apr 16 2007 - mc@suse.de
|
||||
* Mon Apr 16 2007 mc@suse.de
|
||||
- update to version 1.6.1 Beta1
|
||||
- remove obsolete patches
|
||||
(krb5-1.6-post.dif, krb5-1.6-patchlevel.dif)
|
||||
- rework compile_pie patch
|
||||
* Wed Apr 11 2007 - mc@suse.de
|
||||
* Wed Apr 11 2007 mc@suse.de
|
||||
- update krb5-1.6-post.dif
|
||||
* fix kadmind stack overflow in krb5_klog_syslog
|
||||
(MITKRB5-SA-2007-002 - CVE-2007-0957)
|
||||
@ -325,24 +333,24 @@ rm -rf %{buildroot}
|
||||
* fix krb5 telnetd login injection
|
||||
(MIT-SA-2007-001 - CVE-2007-0956)
|
||||
[#247765]
|
||||
* Thu Mar 29 2007 - mc@suse.de
|
||||
* Thu Mar 29 2007 mc@suse.de
|
||||
- add ncurses-devel and bison to BuildRequires
|
||||
- rework some patches
|
||||
* Mon Feb 19 2007 - mc@suse.de
|
||||
* Mon Feb 19 2007 mc@suse.de
|
||||
- update krb5-1.6-post.dif
|
||||
* Fri Feb 09 2007 - mc@suse.de
|
||||
* Fri Feb 09 2007 mc@suse.de
|
||||
- update krb5-1.6-post.dif
|
||||
* Mon Jan 29 2007 - ro@suse.de
|
||||
* Mon Jan 29 2007 ro@suse.de
|
||||
- no main package, no debuginfo
|
||||
* Mon Jan 29 2007 - mc@suse.de
|
||||
* Mon Jan 29 2007 mc@suse.de
|
||||
- krb5-1.6-fix-passwd-tcp.dif and krb5-1.6-fix-sendto_kdc-memset.dif
|
||||
are now upstream. Remove patches.
|
||||
- fix leak in krb5_kt_resolve and krb5_kt_wresolve
|
||||
* Tue Jan 23 2007 - mc@suse.de
|
||||
* Tue Jan 23 2007 mc@suse.de
|
||||
- fix "local variable used before set" in ftp.c
|
||||
[#237684]
|
||||
- use less BuildRequires
|
||||
* Mon Jan 22 2007 - mc@suse.de
|
||||
* Mon Jan 22 2007 mc@suse.de
|
||||
- initial release (version 1.6)
|
||||
* Major changes in 1.6 include
|
||||
* Partial client implementation to handle server name referrals.
|
||||
|
||||
10
krb5.changes
10
krb5.changes
@ -1,3 +1,13 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Dec 14 10:48:52 CET 2007 - mc@suse.de
|
||||
|
||||
- fix several security bugs:
|
||||
* CVE-2007-5894 apparent uninit length
|
||||
* CVE-2007-5902 integer overflow
|
||||
* CVE-2007-5971 free of non-heap pointer and double-free
|
||||
* CVE-2007-5972 double fclose()
|
||||
[#346745, #346748, #346746, #346749, #346747]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Dec 4 16:36:07 CET 2007 - mc@suse.de
|
||||
|
||||
|
||||
181
krb5.spec
181
krb5.spec
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package krb5 (Version 1.6.3)
|
||||
#
|
||||
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
# This file and all modifications and additions to the pristine
|
||||
# package are under the same license as the package itself.
|
||||
#
|
||||
@ -12,7 +12,7 @@
|
||||
|
||||
Name: krb5
|
||||
Version: 1.6.3
|
||||
Release: 11
|
||||
Release: 20
|
||||
BuildRequires: bison libcom_err-devel ncurses-devel
|
||||
%if %{suse_version} > 1010
|
||||
BuildRequires: keyutils keyutils-devel
|
||||
@ -52,6 +52,10 @@ Patch31: krb5-1.6-ldap-man.dif
|
||||
Patch32: krb5-1.4.3-enospc.dif
|
||||
Patch33: krb5-1.3.3-rcp-markus.dif
|
||||
Patch34: gssapi_improve_errormessages.dif
|
||||
Patch35: krb5-1.6-fix-CVE-2007-5894.dif
|
||||
Patch36: krb5-1.6-fix-CVE-2007-5902.dif
|
||||
Patch37: krb5-1.6-fix-CVE-2007-5971.dif
|
||||
Patch38: krb5-1.6-fix-CVE-2007-5972.dif
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
PreReq: mktemp, grep, /bin/touch, coreutils
|
||||
|
||||
@ -206,6 +210,10 @@ fi
|
||||
%patch32 -p1
|
||||
%patch33 -p1
|
||||
%patch34 -p1
|
||||
%patch35
|
||||
%patch36
|
||||
%patch37
|
||||
%patch38
|
||||
cp %{_sourcedir}/EncryptWithMasterKey.c %{_builddir}/%{srcRoot}/src/kadmin/dbutil/EncryptWithMasterKey.c
|
||||
# Rename the man pages so that they'll get generated correctly.
|
||||
pushd src
|
||||
@ -522,37 +530,44 @@ rm -rf %{buildroot}
|
||||
%{_mandir}/man1/krb5-config.1*
|
||||
|
||||
%changelog
|
||||
* Tue Dec 04 2007 - mc@suse.de
|
||||
* Fri Dec 14 2007 mc@suse.de
|
||||
- fix several security bugs:
|
||||
* CVE-2007-5894 apparent uninit length
|
||||
* CVE-2007-5902 integer overflow
|
||||
* CVE-2007-5971 free of non-heap pointer and double-free
|
||||
* CVE-2007-5972 double fclose()
|
||||
[#346745, #346748, #346746, #346749, #346747]
|
||||
* Tue Dec 04 2007 mc@suse.de
|
||||
- improve GSSAPI error messages
|
||||
* Tue Nov 06 2007 - mc@suse.de
|
||||
* Tue Nov 06 2007 mc@suse.de
|
||||
- add coreutils to PreReq
|
||||
* Tue Oct 23 2007 - mc@suse.de
|
||||
* Tue Oct 23 2007 mc@suse.de
|
||||
- update to krb5 version 1.6.3
|
||||
* fix CVE-2007-3999, CVE-2007-4743 svc_auth_gss.c buffer overflow
|
||||
* fix CVE-2007-4000 modify_policy vulnerability
|
||||
* Add PKINIT support
|
||||
- remove patches which are upstream now
|
||||
- enhance init scripts and xinetd profiles
|
||||
* Fri Sep 14 2007 - mc@suse.de
|
||||
* Fri Sep 14 2007 mc@suse.de
|
||||
- update krb5-1.6.2-post.dif
|
||||
* If a KDC returns KDC_ERR_SVC_UNAVAILABLE, it appears that
|
||||
that the client library will not failover to the next KDC.
|
||||
[#310540]
|
||||
* Tue Sep 11 2007 - mc@suse.de
|
||||
* Tue Sep 11 2007 mc@suse.de
|
||||
- update krb5-1.6.2-post.dif
|
||||
* new -S sname option for kvno
|
||||
* read_entropy_from_device on partial read will not fill buffer
|
||||
* Bail out if encoded "ticket" doesn't decode correctly.
|
||||
* patch for referrals loop
|
||||
* Thu Sep 06 2007 - mc@suse.de
|
||||
* Thu Sep 06 2007 mc@suse.de
|
||||
- fix a problem with the originally published patch
|
||||
for MITKRB5-SA-2007-006 - CVE-2007-3999
|
||||
[#302377]
|
||||
* Wed Sep 05 2007 - mc@suse.de
|
||||
* Wed Sep 05 2007 mc@suse.de
|
||||
- fix execute arbitrary code
|
||||
(MITKRB5-SA-2007-006 - CVE-2007-3999,2007-4000)
|
||||
[#302377]
|
||||
* Tue Aug 07 2007 - mc@suse.de
|
||||
* Tue Aug 07 2007 mc@suse.de
|
||||
- add krb5-1.6.2-post.dif
|
||||
* during the referrals loop, check to see if the
|
||||
session key enctype of a returned credential for the final
|
||||
@ -562,12 +577,12 @@ rm -rf %{buildroot}
|
||||
the subsequent open(O_CREAT|O_EXCL) call fails because the file
|
||||
was already created by mkstemp(). Apply patch from Apple to keep
|
||||
the file descriptor open.
|
||||
* Thu Jul 12 2007 - mc@suse.de
|
||||
* Thu Jul 12 2007 mc@suse.de
|
||||
- update to version 1.6.2
|
||||
- remove krb5-1.6.1-post.dif all fixes are included in this release
|
||||
* Thu Jul 05 2007 - mc@suse.de
|
||||
* Thu Jul 05 2007 mc@suse.de
|
||||
- change requires to libcom_err-devel
|
||||
* Mon Jul 02 2007 - mc@suse.de
|
||||
* Mon Jul 02 2007 mc@suse.de
|
||||
- update krb5-1.6.1-post.dif
|
||||
* fix leak in krb5_walk_realm_tree
|
||||
* rd_req_decoded needs to deal with referral realms
|
||||
@ -577,9 +592,9 @@ rm -rf %{buildroot}
|
||||
* fix kadmind code execution bug
|
||||
(MITKRB5-SA-2007-004 - CVE-2007-2442 - CVE-2007-2443)
|
||||
[#271191]
|
||||
* Thu Jun 14 2007 - mc@suse.de
|
||||
* Thu Jun 14 2007 mc@suse.de
|
||||
- fix unstripped-binary-or-object rpmlint warning
|
||||
* Mon Jun 11 2007 - sschober@suse.de
|
||||
* Mon Jun 11 2007 sschober@suse.de
|
||||
- fixing rpmlint warnings and errors:
|
||||
* merged logrotate scripts kadmin and krb5kdc into a single file
|
||||
krb5-server.
|
||||
@ -591,24 +606,24 @@ rm -rf %{buildroot}
|
||||
(see [#147912]).
|
||||
* set default runlevel of init scripts in chkconfig line to 3 and
|
||||
5
|
||||
* Wed May 09 2007 - mc@suse.de
|
||||
* Wed May 09 2007 mc@suse.de
|
||||
- fix uninitialized salt length
|
||||
- add extra check for keytab file
|
||||
* Thu May 03 2007 - mc@suse.de
|
||||
* Thu May 03 2007 mc@suse.de
|
||||
- adding krb5-1.6.1-post.dif
|
||||
* fix segfault in krb5_get_init_creds_password
|
||||
* remove debug output in ftp client
|
||||
* profile stores empty string values without double quotes
|
||||
* Mon Apr 23 2007 - mc@suse.de
|
||||
* Mon Apr 23 2007 mc@suse.de
|
||||
- update to final 1.6.1 version
|
||||
* Wed Apr 18 2007 - mc@suse.de
|
||||
* Wed Apr 18 2007 mc@suse.de
|
||||
- add plugin directories to main package
|
||||
* Mon Apr 16 2007 - mc@suse.de
|
||||
* Mon Apr 16 2007 mc@suse.de
|
||||
- update to version 1.6.1 Beta1
|
||||
- remove obsolete patches
|
||||
(krb5-1.6-post.dif, krb5-1.6-patchlevel.dif)
|
||||
- rework compile_pie patch
|
||||
* Wed Apr 11 2007 - mc@suse.de
|
||||
* Wed Apr 11 2007 mc@suse.de
|
||||
- update krb5-1.6-post.dif
|
||||
* fix kadmind stack overflow in krb5_klog_syslog
|
||||
(MITKRB5-SA-2007-002 - CVE-2007-0957)
|
||||
@ -619,36 +634,36 @@ rm -rf %{buildroot}
|
||||
* fix krb5 telnetd login injection
|
||||
(MIT-SA-2007-001 - CVE-2007-0956)
|
||||
[#247765]
|
||||
* Thu Mar 29 2007 - mc@suse.de
|
||||
* Thu Mar 29 2007 mc@suse.de
|
||||
- add ncurses-devel and bison to BuildRequires
|
||||
- rework some patches
|
||||
* Mon Mar 05 2007 - mc@suse.de
|
||||
* Mon Mar 05 2007 mc@suse.de
|
||||
- move SuSEFirewall service definitions to
|
||||
/etc/sysconfig/SuSEfirewall2.d/services
|
||||
* Thu Feb 22 2007 - mc@suse.de
|
||||
* Thu Feb 22 2007 mc@suse.de
|
||||
- add firewall definition to krb5-server, FATE #300687
|
||||
* Mon Feb 19 2007 - mc@suse.de
|
||||
* Mon Feb 19 2007 mc@suse.de
|
||||
- update krb5-1.6-post.dif
|
||||
- move some applications into the right package
|
||||
* Fri Feb 09 2007 - mc@suse.de
|
||||
* Fri Feb 09 2007 mc@suse.de
|
||||
- update krb5-1.6-post.dif
|
||||
* Mon Jan 29 2007 - mc@suse.de
|
||||
* Mon Jan 29 2007 mc@suse.de
|
||||
- krb5-1.6-fix-passwd-tcp.dif and krb5-1.6-fix-sendto_kdc-memset.dif
|
||||
are now upstream. Remove patches.
|
||||
- fix leak in krb5_kt_resolve and krb5_kt_wresolve
|
||||
* Tue Jan 23 2007 - mc@suse.de
|
||||
* Tue Jan 23 2007 mc@suse.de
|
||||
- fix "local variable used before set" in ftp.c
|
||||
[#237684]
|
||||
* Mon Jan 22 2007 - mc@suse.de
|
||||
* Mon Jan 22 2007 mc@suse.de
|
||||
- krb5-devel should require keyutils-devel
|
||||
* Mon Jan 22 2007 - mc@suse.de
|
||||
* Mon Jan 22 2007 mc@suse.de
|
||||
- update to version 1.6
|
||||
* Major changes in 1.6 include
|
||||
* Partial client implementation to handle server name referrals.
|
||||
* Pre-authentication plug-in framework, donated by Red Hat.
|
||||
* LDAP KDB plug-in, donated by Novell.
|
||||
- remove obsolete patches
|
||||
* Wed Jan 10 2007 - mc@suse.de
|
||||
* Wed Jan 10 2007 mc@suse.de
|
||||
- fix for
|
||||
kadmind (via RPC library) calls uninitialized function pointer
|
||||
(CVE-2006-6143)(Bug #225990)
|
||||
@ -657,32 +672,32 @@ rm -rf %{buildroot}
|
||||
kadmind (via GSS-API mechglue) frees uninitialized pointers
|
||||
(CVE-2006-6144)(Bug #225992)
|
||||
krb5-1.5-MITKRB5-SA-2006-003-fix-free-of-uninitialized-pointer.dif
|
||||
* Tue Jan 02 2007 - mc@suse.de
|
||||
* Tue Jan 02 2007 mc@suse.de
|
||||
- Fix Requires in krb5-devel
|
||||
[Bug #231008]
|
||||
* Mon Nov 06 2006 - mc@suse.de
|
||||
* Mon Nov 06 2006 mc@suse.de
|
||||
- fix "local variable used before set" [#217692]
|
||||
- fix strncat warning
|
||||
* Fri Oct 27 2006 - mc@suse.de
|
||||
* Fri Oct 27 2006 mc@suse.de
|
||||
- add a default kadm5.dict file
|
||||
- require $network on daemon start
|
||||
* Wed Sep 13 2006 - mc@suse.de
|
||||
* Wed Sep 13 2006 mc@suse.de
|
||||
- fix function call with too few arguments [#203837]
|
||||
* Thu Aug 24 2006 - mc@suse.de
|
||||
* Thu Aug 24 2006 mc@suse.de
|
||||
- update to version 1.5.1
|
||||
- remove obsolete patches which are now included upstream
|
||||
* krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif
|
||||
* trunk-fix-uninitialized-vars.dif
|
||||
* Fri Aug 11 2006 - mc@suse.de
|
||||
* Fri Aug 11 2006 mc@suse.de
|
||||
- krb5 setuid return check fixes
|
||||
krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif
|
||||
[#182351]
|
||||
* Mon Aug 07 2006 - mc@suse.de
|
||||
* Mon Aug 07 2006 mc@suse.de
|
||||
- remove update-messages
|
||||
* Mon Jul 24 2006 - mc@suse.de
|
||||
* Mon Jul 24 2006 mc@suse.de
|
||||
- add check for krb5_prop in services to kpropd init script.
|
||||
[#192446]
|
||||
* Mon Jul 03 2006 - mc@suse.de
|
||||
* Mon Jul 03 2006 mc@suse.de
|
||||
- update to version 1.5
|
||||
* KDB abstraction layer, donated by Novell.
|
||||
* plug-in architecture, allowing for extension modules to be
|
||||
@ -692,104 +707,104 @@ rm -rf %{buildroot}
|
||||
* Simple and Protected GSS-API negotiation mechanism ("SPNEGO")
|
||||
implementation, donated by Sun Microsystems
|
||||
- remove obsolete patches and add some new
|
||||
* Fri May 26 2006 - ro@suse.de
|
||||
* Fri May 26 2006 ro@suse.de
|
||||
- libcom is not in e2fsck-devel but in its own package now, change
|
||||
Requires accordingly.
|
||||
* Mon Mar 27 2006 - mc@suse.de
|
||||
* Mon Mar 27 2006 mc@suse.de
|
||||
- add all daemons to %%stop_on_removal and %%restart_on_update
|
||||
- add reload to kpropd init script
|
||||
- add force-reload to all init scripts
|
||||
* Mon Mar 13 2006 - mc@suse.de
|
||||
* Mon Mar 13 2006 mc@suse.de
|
||||
- add libgssapi_krb5.so link to main package [#147912]
|
||||
* Fri Feb 03 2006 - mc@suse.de
|
||||
* Fri Feb 03 2006 mc@suse.de
|
||||
- fix logging section for kadmind in convert script
|
||||
* Wed Jan 25 2006 - mls@suse.de
|
||||
* Wed Jan 25 2006 mls@suse.de
|
||||
- converted neededforbuild to BuildRequires
|
||||
* Fri Jan 13 2006 - mc@suse.de
|
||||
* Fri Jan 13 2006 mc@suse.de
|
||||
- change the logging defaults
|
||||
* Wed Jan 11 2006 - mc@suse.de
|
||||
* Wed Jan 11 2006 mc@suse.de
|
||||
- add tools and README for heimdal => MIT update
|
||||
* Mon Jan 09 2006 - mc@suse.de
|
||||
* Mon Jan 09 2006 mc@suse.de
|
||||
- fix build problems, define _GNU_SOURCE
|
||||
(krb5-1.4.3-set_gnu_source.dif )
|
||||
* Tue Jan 03 2006 - mc@suse.de
|
||||
* Tue Jan 03 2006 mc@suse.de
|
||||
- added "make %%{?jobs:-j%%jobs}"
|
||||
* Fri Nov 18 2005 - mc@suse.de
|
||||
* Fri Nov 18 2005 mc@suse.de
|
||||
- update to version 1.4.3
|
||||
* some memmory leaks fixed
|
||||
* fix for "AS_REP padata has wrong enctype"
|
||||
* fix for "AS_REP padata missing PA-ETYPE-INFO"
|
||||
* ... and more
|
||||
* Wed Nov 02 2005 - dmueller@suse.de
|
||||
* Wed Nov 02 2005 dmueller@suse.de
|
||||
- don't build as root
|
||||
* Tue Oct 11 2005 - mc@suse.de
|
||||
* Tue Oct 11 2005 mc@suse.de
|
||||
- update to version 1.4.2
|
||||
- remove some obsolet patches
|
||||
* Mon Aug 08 2005 - mc@suse.de
|
||||
* Mon Aug 08 2005 mc@suse.de
|
||||
- build with --disable-static
|
||||
* Thu Aug 04 2005 - ro@suse.de
|
||||
* Thu Aug 04 2005 ro@suse.de
|
||||
- remove devel-static subpackage
|
||||
* Thu Jun 30 2005 - mc@suse.de
|
||||
* Thu Jun 30 2005 mc@suse.de
|
||||
- better patch for princ_comp problem
|
||||
* Mon Jun 27 2005 - mc@suse.de
|
||||
* Mon Jun 27 2005 mc@suse.de
|
||||
- update to version 1.4.1
|
||||
- remove obsolet patches
|
||||
- krb5-1.4-gcc4.dif
|
||||
- krb5-1.4-reduce-namespace-polution.dif
|
||||
- krb5-1.4-VUL-0-telnet.dif
|
||||
* Thu Jun 23 2005 - mc@suse.de
|
||||
* Thu Jun 23 2005 mc@suse.de
|
||||
- fixed krb5 KDC heap corruption by random free
|
||||
[#80574, CAN-2005-1174, MITKRB5-SA-2005-002]
|
||||
- fixed krb5 double free()
|
||||
[#86768, CAN-2005-1689, MITKRB5-SA-2005-003]
|
||||
- fix krb5 NULL pointer reference while comparing principals
|
||||
[#91600]
|
||||
* Fri Jun 17 2005 - mc@suse.de
|
||||
* Fri Jun 17 2005 mc@suse.de
|
||||
- fix uninitialized variables
|
||||
- compile with -fPIE/ link with -pie
|
||||
* Wed Apr 20 2005 - mc@suse.de
|
||||
* Wed Apr 20 2005 mc@suse.de
|
||||
- fixed wrong xinetd files [#77149]
|
||||
* Fri Apr 08 2005 - mt@suse.de
|
||||
* Fri Apr 08 2005 mt@suse.de
|
||||
- removed krb5-1.4-fix-error_tables.dif patch obsoleted
|
||||
by libcom_err locking patches
|
||||
* Thu Apr 07 2005 - mc@suse.de
|
||||
* Thu Apr 07 2005 mc@suse.de
|
||||
- fixed missing descriptions in init files
|
||||
[#76164, #76165, #76166, #76169]
|
||||
* Wed Mar 30 2005 - mc@suse.de
|
||||
* Wed Mar 30 2005 mc@suse.de
|
||||
- enhance $PATH via /etc/profile.d/ [#74018]
|
||||
- remove the "links to important programs"
|
||||
* Fri Mar 18 2005 - mc@suse.de
|
||||
* Fri Mar 18 2005 mc@suse.de
|
||||
- fixed not running converter script [#72854]
|
||||
* Thu Mar 17 2005 - mc@suse.de
|
||||
* Thu Mar 17 2005 mc@suse.de
|
||||
- Fix CAN-2005-0469: Multiple Telnet Client slc_add_reply() Buffer
|
||||
Overflow
|
||||
- Fix CAN-2005-0468: Multiple Telnet Client env_opt_add() Buffer
|
||||
Overflow
|
||||
[#73618]
|
||||
* Wed Mar 16 2005 - mc@suse.de
|
||||
* Wed Mar 16 2005 mc@suse.de
|
||||
- fixed wrong PreReqs [#73020]
|
||||
* Tue Mar 15 2005 - mc@suse.de
|
||||
* Tue Mar 15 2005 mc@suse.de
|
||||
- add a simple krb5.conf converter [#72854]
|
||||
* Mon Mar 14 2005 - mc@suse.de
|
||||
* Mon Mar 14 2005 mc@suse.de
|
||||
- fixed: rckrb5kdc restart gives wrong status with non-running service
|
||||
[#72446]
|
||||
* Thu Mar 10 2005 - mc@suse.de
|
||||
* Thu Mar 10 2005 mc@suse.de
|
||||
- add requires: e2fsprogs-devel to krb5-devel package [#71732]
|
||||
* Fri Feb 25 2005 - mc@suse.de
|
||||
* Fri Feb 25 2005 mc@suse.de
|
||||
- fix double free [#66534]
|
||||
krb5-1.4-fix-error_tables.dif
|
||||
* Fri Feb 11 2005 - mc@suse.de
|
||||
* Fri Feb 11 2005 mc@suse.de
|
||||
- change mode for shared libraries to 755
|
||||
* Fri Feb 04 2005 - mc@suse.de
|
||||
* Fri Feb 04 2005 mc@suse.de
|
||||
- remove spx.c from tarball because of legal risk
|
||||
- add README.Source which tell the user about this
|
||||
action.
|
||||
- add a check for spx.c in the spec-file
|
||||
- use rich-text for update-messages [#50250]
|
||||
* Tue Feb 01 2005 - mc@suse.de
|
||||
* Tue Feb 01 2005 mc@suse.de
|
||||
- add krb5-1.4-reduce-namespace-polution.dif
|
||||
reduce namespace polution in gssapi.h [#50356]
|
||||
* Fri Jan 28 2005 - mc@suse.de
|
||||
* Fri Jan 28 2005 mc@suse.de
|
||||
- update to version 1.4
|
||||
- Add implementation of the RPCSEC_GSS authentication flavor to the
|
||||
RPC library.
|
||||
@ -803,37 +818,37 @@ rm -rf %{buildroot}
|
||||
- Incorporate gss_krb5_set_allowable_enctypes() and
|
||||
gss_krb5_export_lucid_sec_context(), which are needed for NFSv4.
|
||||
- remove obsolet patches
|
||||
* Mon Jan 17 2005 - mc@suse.de
|
||||
* Mon Jan 17 2005 mc@suse.de
|
||||
- add proofreaded update-messages
|
||||
* Fri Jan 14 2005 - mc@suse.de
|
||||
* Fri Jan 14 2005 mc@suse.de
|
||||
- remove Conflicts: and add Provides:
|
||||
- add some insserv stuff
|
||||
* Thu Jan 13 2005 - mc@suse.de
|
||||
* Thu Jan 13 2005 mc@suse.de
|
||||
- move vendor files to vendor-files.tar.bz2
|
||||
- add obsoletes: heimdal
|
||||
- add %%pre and %%post sections to detect update
|
||||
from heimdal and backup invalid configuration files
|
||||
- add update-messages for heimdal update
|
||||
* Mon Jan 10 2005 - mc@suse.de
|
||||
* Mon Jan 10 2005 mc@suse.de
|
||||
- update to version 1.3.6
|
||||
- fix for: heap buffer overflow in libkadm5srv
|
||||
[CAN-2004-1189 / MITKRB5-SA-2004-004]
|
||||
* Tue Dec 14 2004 - mc@suse.de
|
||||
* Tue Dec 14 2004 mc@suse.de
|
||||
- build doc subpackage in an own specfile
|
||||
- removed unnecessary neededforbuild requirements
|
||||
* Wed Nov 24 2004 - coolo@suse.de
|
||||
* Wed Nov 24 2004 coolo@suse.de
|
||||
- fix build with gcc 4
|
||||
* Mon Nov 15 2004 - mc@suse.de
|
||||
* Mon Nov 15 2004 mc@suse.de
|
||||
- added Conflicts with heimdal*
|
||||
- rename some manpages to avoid conflicts
|
||||
* Thu Nov 04 2004 - mc@suse.de
|
||||
* Thu Nov 04 2004 mc@suse.de
|
||||
- new init scripts
|
||||
- fix logrotate scripts
|
||||
- add some 64Bit fixes
|
||||
- add default krb5.conf, kdc.conf and kadm5.acl
|
||||
* Wed Nov 03 2004 - mc@suse.de
|
||||
* Wed Nov 03 2004 mc@suse.de
|
||||
- add e2fsprogs to NFB
|
||||
- use system-et and system-ss
|
||||
- fix includes of com_err.h
|
||||
* Thu Oct 28 2004 - mc@suse.de
|
||||
* Thu Oct 28 2004 mc@suse.de
|
||||
- Initital checkin
|
||||
|
||||
Loading…
Reference in New Issue
Block a user