Howard Guo
1d1e68ea09
- There is no change made about the package itself, this is only
...
copying over some changelog texts from SLE package:
- bug#918595 owned by varkoly@suse.com: VUL-0: CVE-2014-5355
krb5: denial of service in krb5_read_message
- bug#912002 owned by varkoly@suse.com: VUL-0
CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423:
krb5: Vulnerabilities in kadmind, libgssrpc, gss_process_context_token
- bug#910458 owned by varkoly@suse.com: VUL-1
CVE-2014-5354: krb5: NULL pointer dereference when using keyless entries
- bug#928978 owned by varkoly@suse.com: VUL-0
CVE-2015-2694: krb5: issues in OTP and PKINIT kdcpreauth modules leading
to requires_preauth bypass
- bug#910457 owned by varkoly@suse.com: VUL-1
CVE-2014-5353: krb5: NULL pointer dereference when using a ticket policy
name as a password policy name
- bug#991088 owned by hguo@suse.com: VUL-1
CVE-2016-3120: krb5: S4U2Self KDC crash when anon is restricted
- bug#992853 owned by hguo@suse.com: krb5: bogus prerequires
- [fate#320326](https://fate.suse.com/320326 )
- bug#982313 owned by pgajdos@suse.com: Doxygen unable to resolve reference
from \cite
- There is no change made about the package itself, this is only
copying over some changelog texts from SLE package:
- bug#918595 owned by varkoly@suse.com: VUL-0: CVE-2014-5355
krb5: denial of service in krb5_read_message
- bug#912002 owned by varkoly@suse.com: VUL-0
CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423:
krb5: Vulnerabilities in kadmind, libgssrpc, gss_process_context_token
- bug#910458 owned by varkoly@suse.com: VUL-1
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=191
2017-06-06 13:39:13 +00:00
7566d42d93
Accepting request 486033 from home:kukuk:branches:network
...
- Remove wrong PreRequires
- Remove wrong PreRequires from krb5
OBS-URL: https://build.opensuse.org/request/show/486033
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=189
2017-04-07 06:22:42 +00:00
Howard Guo
4205fb7129
Accepting request 478048 from home:stroeder:branches:network
...
use HTTPS project and source URLs
OBS-URL: https://build.opensuse.org/request/show/478048
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=187
2017-03-13 08:48:12 +00:00
353b1c8ae7
- use source urls.
...
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=186
2017-03-09 18:22:08 +00:00
Howard Guo
68cd296a9a
Accepting request 476962 from home:stroeder:branches:network
...
update to upstream release 1.15.1
OBS-URL: https://build.opensuse.org/request/show/476962
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=183
2017-03-06 08:55:39 +00:00
Michael Ströder
c4c458e8fe
Accepting request 452968 from home:bmwiedemann:branches:network
...
remove useless environment.pickle to make build-compare happy
OBS-URL: https://build.opensuse.org/request/show/452968
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=181
2017-01-27 15:29:04 +00:00
Michael Ströder
0cd0c46b3a
Accepting request 451650 from home:gladiac:branches:network
...
Introduce patch
krb5-1.15-fix_kdb_free_principal_e_data.patch
to fix freeing of e_data in the kdb principal
OBS-URL: https://build.opensuse.org/request/show/451650
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=179
2017-01-20 14:28:35 +00:00
Michael Ströder
6fe08c82e5
Accepting request 443689 from home:stroeder:branches:network
...
Update to upstream release 1.15.
Successfully tested KDC with LDAP backend with one kinit on Tumbleweed x86_64 (but without selinux).
Please carefully review the updated C code patches!
OBS-URL: https://build.opensuse.org/request/show/443689
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=177
2016-12-05 17:34:31 +00:00
Howard Guo
e30e1bbad9
Accepting request 440200 from home:hauky:branches:network
...
- add pam configuration file required for ksu
just use a copy of "su" one from Tumbleweed
OBS-URL: https://build.opensuse.org/request/show/440200
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=175
2016-11-24 14:43:00 +00:00
Ismail Dönmez
06399cb6eb
Accepting request 412758 from home:stroeder:branches:network
...
update to 1.14.3
OBS-URL: https://build.opensuse.org/request/show/412758
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=172
2016-07-22 10:37:56 +00:00
Ismail Dönmez
ac8428f53d
- Remove comments breaking post scripts.
...
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=170
2016-07-02 11:39:29 +00:00
Ismail Dönmez
a0dc13d8ee
Accepting request 405706 from home:fcrozat:branches:network
...
- Do no use systemd_requires macros in main package, it adds
unneeded dependencies which pulls systemd into minimal chroot.
- Only call %insserv_prereq when building for pre-systemd
distributions.
- Optimise some %post/%postun when only /sbin/ldconfig is called.
OBS-URL: https://build.opensuse.org/request/show/405706
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=169
2016-07-02 07:38:07 +00:00
Howard Guo
f423fdf030
------------------------------------------------------------------
...
- Remove source file ccapi/common/win/OldCC/autolock.hxx
that is not needed and does not carry an acceptable license.
(bsc#968111)
------------------------------------------------------------------
- Remove source file ccapi/common/win/OldCC/autolock.hxx
that is not needed and does not carry an acceptable license.
(bsc#968111)
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=168
2016-06-13 12:41:05 +00:00
Ismail Dönmez
f73cb2534d
Accepting request 392049 from home:stroeder:branches:network
...
Update to 1.14.2. Please review carefully.
Especially from glancing over the upstream source krb5-mechglue_inqure_attrs.patch seems obsolete even though the solution in upstream code looks slightly different.
OBS-URL: https://build.opensuse.org/request/show/392049
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=166
2016-04-29 08:00:03 +00:00
Howard Guo
9f56699b06
- Upgrade from 1.14 to 1.14.1:
...
* Remove expired patches:
0104-Verify-decoded-kadmin-C-strings-CVE-2015-8629.patch
0105-Fix-leaks-in-kadmin-server-stubs-CVE-2015-8631.patch
0106-Check-for-null-kadm5-policy-name-CVE-2015-8630.patch
krbdev.mit.edu-8301.patch
* Replace source archives:
krb5-1.14.tar.gz ->
krb5-1.14.1.tar.gz
krb5-1.14.tar.gz.asc ->
krb5-1.14.1.tar.gz.asc
* Adjust line numbers in:
krb5-fix_interposer.patch
- Upgrade from 1.14 to 1.14.1:
* Remove expired patches:
0104-Verify-decoded-kadmin-C-strings-CVE-2015-8629.patch
0105-Fix-leaks-in-kadmin-server-stubs-CVE-2015-8631.patch
0106-Check-for-null-kadm5-policy-name-CVE-2015-8630.patch
krbdev.mit.edu-8301.patch
* Replace source archives:
krb5-1.14.tar.gz ->
krb5-1.14.1.tar.gz
krb5-1.14.tar.gz.asc ->
krb5-1.14.1.tar.gz.asc
* Adjust line numbers in:
krb5-fix_interposer.patch
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=165
2016-04-01 07:50:43 +00:00
Howard Guo
83e7befa84
Accepting request 378678 from home:guohouzuo:branches:network
...
- Introduce patch
0107-Fix-LDAP-null-deref-on-empty-arg-CVE-2016-3119.patch
to fix CVE-2016-3119 (bsc#971942)
OBS-URL: https://build.opensuse.org/request/show/378678
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=162
2016-03-23 13:16:38 +00:00
f8868d141a
Accepting request 359629 from home:guohouzuo:branches:network
...
- Remove krb5 pieces from spec file.
Hence remove pre_checkin.sh
- Remove expired macros and other minor clena-ups in spec file.
- Change package description to explain what "mini" means.
- Remove krb5-mini pieces from spec file.
Hence remove pre_checkin.sh
- Remove expired macros and other minor clean-ups in spec file.
OBS-URL: https://build.opensuse.org/request/show/359629
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=160
2016-02-18 11:50:30 +00:00
Ismail Dönmez
e206af5319
Accepting request 357309 from home:guohouzuo:branches:network
...
- Fix CVE-2015-8629: krb5: xdr_nullstring() doesn't check for terminating null character
with patch 0104-Verify-decoded-kadmin-C-strings-CVE-2015-8629.patch
(bsc#963968)
- Fix CVE-2015-8631: krb5: Memory leak caused by supplying a null principal name in request
with patch 0105-Fix-leaks-in-kadmin-server-stubs-CVE-2015-8631.patch
(bsc#963975)
- Fix CVE-2015-8630: krb5: krb5 doesn't check for null policy when KADM5_POLICY is set in the mask
with patch 0106-Check-for-null-kadm5-policy-name-CVE-2015-8630.patch
(bsc#963964)
OBS-URL: https://build.opensuse.org/request/show/357309
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=158
2016-02-02 08:54:49 +00:00
Ismail Dönmez
b9ca4cd2ca
- Add two patches from Fedora, fixing two crashes:
...
* krb5-fix_interposer.patch
* krb5-mechglue_inqure_attrs.patch
- Add two patches from Fedora, fixing two crashes:
* krb5-fix_interposer.patch
* krb5-mechglue_inqure_attrs.patch
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=156
2016-01-11 12:39:08 +00:00
Ismail Dönmez
e9af2abc6d
Accepting request 352796 from home:stroeder:branches:network
...
update to 1.14, successfully tested on Tumbleweed x86_64
1. purely as client for MS AD and
2. as KDC with LDAP backend
OBS-URL: https://build.opensuse.org/request/show/352796
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=154
2016-01-10 16:41:42 +00:00
Ismail Dönmez
ee705d6c1a
Accepting request 347770 from home:stroeder:branches:network
...
update to 1.13.3
OBS-URL: https://build.opensuse.org/request/show/347770
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=152
2015-12-07 12:50:29 +00:00
Ismail Dönmez
ea14ad7c34
Accepting request 343479 from home:guohouzuo:branches:network
...
- Apply patch 0103-Fix-IAKERB-context-export-import-CVE-2015-2698.patch
to fix a memory corruption regression introduced by resolution of
CVE-2015-2698. bsc#954204
OBS-URL: https://build.opensuse.org/request/show/343479
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=150
2015-11-10 16:57:00 +00:00
Ismail Dönmez
aa93054403
Accepting request 341521 from home:guohouzuo:branches:network
...
One bug fix in manual page + 3 CVE fixes.
OBS-URL: https://build.opensuse.org/request/show/341521
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=148
2015-10-29 18:14:03 +00:00
Ismail Dönmez
172a23219f
Accepting request 309550 from home:guohouzuo:freeipa
...
Let server depend on libev (module of libverto). This was the
embedded implementation before the separation of libverto from krb.
OBS-URL: https://build.opensuse.org/request/show/309550
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=146
2015-06-01 09:44:23 +00:00
Ismail Dönmez
f1babf4554
Accepting request 309029 from home:dimstar:Factory
...
- Drop libverto and libverto-libev Requires from the -server
package: those package names don't exist and the shared libs
are pulled in automatically.
- Drop libverto and libverto-libev Requires from the -server
package: those package names don't exist and the shared libs
are pulled in automatically.
OBS-URL: https://build.opensuse.org/request/show/309029
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=144
2015-05-28 08:59:56 +00:00
Ismail Dönmez
d9be576ce1
Accepting request 308898 from home:dimstar:Factory
...
Also build dep libverto for the -mini variant... so it can actually be built
OBS-URL: https://build.opensuse.org/request/show/308898
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=143
2015-05-27 16:09:38 +00:00
7991a93622
- pre_checkin.sh aligned changes between krb5/krb5-mini
...
- added krb5.keyring
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=142
2015-05-22 09:30:16 +00:00
Andrey Karepin
71a09ab035
Accepting request 306592 from home:stroeder:branches:network
...
update to 1.13.2
OBS-URL: https://build.opensuse.org/request/show/306592
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=139
2015-05-13 19:25:01 +00:00
24de3e2bab
Accepting request 305915 from home:guohouzuo:freeipa
...
OBS-URL: https://build.opensuse.org/request/show/305915
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=138
2015-05-11 11:41:14 +00:00
cefda77aa1
Accepting request 286613 from home:stroeder:branches:network
...
security update 1.13.1
OBS-URL: https://build.opensuse.org/request/show/286613
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=136
2015-02-18 17:22:56 +00:00
42eb1db8e7
Accepting request 280024 from home:mlin7442:branches:network
...
update to 1.13, also fixed build with bison3
OBS-URL: https://build.opensuse.org/request/show/280024
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=134
2015-01-06 10:58:20 +00:00
35dbbe780b
Accepting request 252436 from home:dmdiss:branches:bnc898439_krb_reply_cache_race_factory
...
- Work around replay cache creation race; (bnc#898439).
krb5-1.13-work-around-replay-cache-creation-race.patch
OBS-URL: https://build.opensuse.org/request/show/252436
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=132
2014-10-01 07:19:37 +00:00
23582573aa
Accepting request 251631 from home:varkoly:branches:network
...
- bnc#897874 CVE-2014-5351: krb5: current keys returned when randomizing the keys for a service principal
- added patches:
* bnc#897874-CVE-2014-5351.diff
OBS-URL: https://build.opensuse.org/request/show/251631
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=130
2014-09-25 08:28:07 +00:00
1e26a2fb1a
Accepting request 246966 from home:AndreasStieger:branches:network
...
krb5 5.12.2
- Fix build with doxygen 1.8.8 - adding krb5-1.12-doxygen.patch
from upstream
See https://build.opensuse.org/request/show/246780
OBS-URL: https://build.opensuse.org/request/show/246966
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=128
2014-09-01 15:41:18 +00:00
Christian Kornacker
e1506944cc
- buffer overrun in kadmind with LDAP backend
...
CVE-2014-4345 (bnc#891082)
krb5-1.12-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.patch
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=126
2014-08-11 11:01:01 +00:00
Christian Kornacker
f2e853070c
- Fix double-free in SPNEGO [CVE-2014-4343] (bnc#888697)
...
krb5-1.12-CVE-2014-4343-Fix-double-free-in-SPNEGO.patch
Fix null deref in SPNEGO acceptor [CVE-2014-4344]
krb5-1.12-CVE-2014-4344-Fix-null-deref-in-SPNEGO-acceptor.patch
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=124
2014-07-28 09:58:41 +00:00
Christian Kornacker
3ac7b19a80
Accepting request 241590 from home:posophe:branches:network
...
Fix for systemd
OBS-URL: https://build.opensuse.org/request/show/241590
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=122
2014-07-21 12:42:45 +00:00
Christian Kornacker
3f646c425e
- denial of service flaws when handling RFC 1964 tokens (bnc#886016)
...
krb5-1.12-CVE-2014-4341-CVE-2014-4342.patch
- start krb5kdc after slapd (bnc#886102)
- obsolete krb5-plugin-preauth-pkinit-nss (bnc#881674)
similar functionality is provided by krb5-plugin-preauth-pkinit
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=121
2014-07-15 08:18:37 +00:00
Christian Kornacker
5f3b47a9fc
- don't deliver SysV init files to systemd distributions
...
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=119
2014-02-18 17:40:34 +00:00
Christian Kornacker
869a682f2d
- update to version 1.12.1
...
* Make KDC log service principal names more consistently during
some error conditions, instead of "<unknown server>"
* Fix several bugs related to building AES-NI support on less
common configurations
* Fix several bugs related to keyring credential caches
- upstream obsoletes:
krb5-1.12-copy_context.patch
krb5-1.12-enable-NX.patch
krb5-1.12-pic-aes-ni.patch
krb5-master-no-malloc0.patch
krb5-master-ignore-empty-unnecessary-final-token.patch
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=117
2014-01-21 15:06:23 +00:00
Christian Kornacker
673bd84f01
extended changelog for Factory
...
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=115
2014-01-16 13:19:42 +00:00
Michael Calmer
03254981cb
Accepting request 213903 from home:ckornacker:branches:network
...
- update to version 1.12
* Add GSSAPI extensions for constructing MIC tokens using IOV lists
* Add a FAST OTP preauthentication module for the KDC which uses
RADIUS to validate OTP token values.
* The AES-based encryption types will use AES-NI instructions
when possible for improved performance.
- revert dependency on libcom_err-mini-devel since it's not yet
available
- update and rebase patches
OBS-URL: https://build.opensuse.org/request/show/213903
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=114
2014-01-15 14:14:20 +00:00
10b96098f3
Accepting request 210105 from home:neilbrown:branches:network
...
Reduce build dependencies for krb5-mini
This requires a change to e2fsprogs which will include
the creation of e2fsprogs-mini, so it shouldn't be accepted
before that other change is accepted
- Reduce build dependencies for krb5-mini by removing
doxygen and changing libcom_err-devel to
libcom_err-mini-devel
- Small fix to pre_checkin.sh so krb5-mini.spec is correct.
- Reduce build dependencies for krb5-mini by removing
doxygen and changing libcom_err-devel to
libcom_err-mini-devel
- Small fix to pre_checkin.sh so krb5-mini.spec is correct.
OBS-URL: https://build.opensuse.org/request/show/210105
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=112
2013-12-10 09:48:22 +00:00
3e0687cac7
Accepting request 207746 from home:ckornacker:branches:network
...
- update to version 1.11.4
- Fix a KDC null pointer dereference [CVE-2013-1417] that could
affect realms with an uncommon configuration.
- Fix a KDC null pointer dereference [CVE-2013-1418] that could
affect KDCs that serve multiple realms.
- Fix a number of bugs related to KDC master key rollover.
OBS-URL: https://build.opensuse.org/request/show/207746
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=110
2013-11-20 12:36:50 +00:00
Michael Calmer
6ca487dd65
- install and enable systemd service files also in -mini package
...
- install and enable systemd service files also in -mini package
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=108
2013-06-24 16:22:21 +00:00
Michael Calmer
071b9cc1bd
Accepting request 180374 from home:elvigia:branches:network
...
- remove fstack-protector-all from CFLAGS, just use the
lighter/fast version already present in %optflags
- Use LFS_CFLAGS to build in 32 bit archs.
- remove fstack-protector-all from CFLAGS, just use the
lighter/fast version already present in %optflags
- Use LFS_CFLAGS to build in 32 bit archs.
OBS-URL: https://build.opensuse.org/request/show/180374
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=107
2013-06-21 12:43:11 +00:00
Michael Calmer
eaff141ce0
- update to version 1.11.3
...
- Fix a UDP ping-pong vulnerability in the kpasswd
(password changing) service. [CVE-2002-2443]
- Improve interoperability with some Windows native PKINIT clients.
- install translation files
- remove outdated configure options
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=104
2013-06-09 14:19:29 +00:00
Michael Calmer
333c9356fd
- cleanup systemd files (remove syslog.target)
...
- cleanup systemd files (remove syslog.target)
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=102
2013-05-28 17:08:58 +00:00
Michael Calmer
be7c32c3a0
- let krb5-mini conflict with all main packages
...
- let krb5-mini conflict with all main packages
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=100
2013-05-03 07:44:44 +00:00
Michael Calmer
d494e8c485
- add conflicts between krb5-mini and krb5-server
...
- add conflicts between krb5-mini and krb5-server
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=99
2013-05-02 14:44:19 +00:00