SHA256
1
0
forked from pool/krb5
Commit Graph

261 Commits

Author SHA256 Message Date
Dominique Leuenberger
65956d3363 Accepting request 530615 from network
1

OBS-URL: https://build.opensuse.org/request/show/530615
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=131
2017-10-05 09:48:05 +00:00
Michael Ströder
c09363cbd0 Accepting request 530605 from home:jengelh:branches:network
- Update package descriptions.

OBS-URL: https://build.opensuse.org/request/show/530605
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=198
2017-10-02 23:37:48 +00:00
Dominique Leuenberger
05310b3a34 Accepting request 528906 from network
1

OBS-URL: https://build.opensuse.org/request/show/528906
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=130
2017-10-01 14:58:35 +00:00
Michael Ströder
f7aad59b95 Accepting request 528703 from home:stroeder:branches:network
- Upgrade to 1.15.2
  * Fix a KDC denial of service vulnerability caused by unset status
    strings [CVE-2017-11368]
  * Preserve GSS contexts on init/accept failure [CVE-2017-11462]
  * Fix kadm5 setkey operation with LDAP KDB module
  * Use a ten-second timeout after successful connection for HTTPS KDC
    requests, as we do for TCP requests
  * Fix client null dereference when KDC offers encrypted challenge
    without FAST
  * Ignore dotfiles when processing profile includedir directive
  * Improve documentation
- Upgrade to 1.15.2
  * Fix a KDC denial of service vulnerability caused by unset status
    strings [CVE-2017-11368]
  * Preserve GSS contexts on init/accept failure [CVE-2017-11462]
  * Fix kadm5 setkey operation with LDAP KDB module
  * Use a ten-second timeout after successful connection for HTTPS KDC
    requests, as we do for TCP requests
  * Fix client null dereference when KDC offers encrypted challenge
    without FAST
  * Ignore dotfiles when processing profile includedir directive
  * Improve documentation

OBS-URL: https://build.opensuse.org/request/show/528703
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=196
2017-09-27 08:29:01 +00:00
Dominique Leuenberger
06fb469c84 Accepting request 517510 from network
- Set "rdns" and "dns_canonicalize_hostname" to false in krb5.conf
  in order to improve client security in handling service principle
  names. (bsc#1054028)

- Set "rdns" and "dns_canonicalize_hostname" to false in krb5.conf
  in order to improve client security in handling service principle
  names. (bsc#1054028)

- Prevent kadmind.service startup failure caused by absence of
  LDAP service. (bsc#903543)

OBS-URL: https://build.opensuse.org/request/show/517510
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=129
2017-08-21 09:32:24 +00:00
Howard Guo
45350c1e0c - Set "rdns" and "dns_canonicalize_hostname" to false in krb5.conf
in order to improve client security in handling service principle
  names. (bsc#1054028)

- Set "rdns" and "dns_canonicalize_hostname" to false in krb5.conf
  in order to improve client security in handling service principle
  names. (bsc#1054028)

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=194
2017-08-18 08:38:17 +00:00
Howard Guo
17c6c6c5ee - Prevent kadmind.service startup failure caused by absence of
LDAP service. (bsc#903543)

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=193
2017-08-11 09:12:41 +00:00
Dominique Leuenberger
1ea059ff9c Accepting request 501409 from network
OBS-URL: https://build.opensuse.org/request/show/501409
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=128
2017-06-15 09:19:29 +00:00
Howard Guo
1d1e68ea09 - There is no change made about the package itself, this is only
copying over some changelog texts from SLE package:
- bug#918595 owned by varkoly@suse.com: VUL-0: CVE-2014-5355
  krb5: denial of service in krb5_read_message
- bug#912002 owned by varkoly@suse.com: VUL-0
  CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423:
  krb5: Vulnerabilities in kadmind, libgssrpc, gss_process_context_token
- bug#910458 owned by varkoly@suse.com: VUL-1
  CVE-2014-5354: krb5: NULL pointer dereference when using keyless entries
- bug#928978 owned by varkoly@suse.com: VUL-0
  CVE-2015-2694: krb5: issues in OTP and PKINIT kdcpreauth modules leading
  to requires_preauth bypass
- bug#910457 owned by varkoly@suse.com: VUL-1
  CVE-2014-5353: krb5: NULL pointer dereference when using a ticket policy
  name as a password policy name
- bug#991088 owned by hguo@suse.com: VUL-1
  CVE-2016-3120: krb5: S4U2Self KDC crash when anon is restricted
- bug#992853 owned by hguo@suse.com: krb5: bogus prerequires
- [fate#320326](https://fate.suse.com/320326)
- bug#982313 owned by pgajdos@suse.com: Doxygen unable to resolve reference
  from \cite

- There is no change made about the package itself, this is only
  copying over some changelog texts from SLE package:
- bug#918595 owned by varkoly@suse.com: VUL-0: CVE-2014-5355
  krb5: denial of service in krb5_read_message
- bug#912002 owned by varkoly@suse.com: VUL-0
  CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423:
  krb5: Vulnerabilities in kadmind, libgssrpc, gss_process_context_token
- bug#910458 owned by varkoly@suse.com: VUL-1

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=191
2017-06-06 13:39:13 +00:00
Dominique Leuenberger
5f40336666 Accepting request 486278 from network
1

OBS-URL: https://build.opensuse.org/request/show/486278
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=127
2017-04-29 08:47:05 +00:00
7566d42d93 Accepting request 486033 from home:kukuk:branches:network
- Remove wrong PreRequires

- Remove wrong PreRequires from krb5

OBS-URL: https://build.opensuse.org/request/show/486033
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=189
2017-04-07 06:22:42 +00:00
Yuchen Lin
d7f7cda6ff Accepting request 478948 from network
1

OBS-URL: https://build.opensuse.org/request/show/478948
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=126
2017-03-29 11:20:32 +00:00
Howard Guo
4205fb7129 Accepting request 478048 from home:stroeder:branches:network
use HTTPS project and source URLs

OBS-URL: https://build.opensuse.org/request/show/478048
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=187
2017-03-13 08:48:12 +00:00
353b1c8ae7 - use source urls.
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=186
2017-03-09 18:22:08 +00:00
fcf9fee442 Accepting request 478007 from home:gladiac:branches:network
This is a new source code upload with the krb5.keyring updated

The keyring missed Greg Hudson his gpg signature:
C4493CB739F4A89F9852CBC20CBA08575F8372DF

The command to create the keyring is:

gpg2 --export --export-options export-minimal \
         2C732B1C0DBEF678AB3AF606A32F17FD0055C305 \
         C4493CB739F4A89F9852CBC20CBA08575F8372DF > krb5.keyring

OBS-URL: https://build.opensuse.org/request/show/478007
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=185
2017-03-09 18:20:50 +00:00
Howard Guo
f465a11baf redownload source tar archive, delete obsolete patch file
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=184
2017-03-06 09:15:20 +00:00
Howard Guo
68cd296a9a Accepting request 476962 from home:stroeder:branches:network
update to upstream release 1.15.1

OBS-URL: https://build.opensuse.org/request/show/476962
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=183
2017-03-06 08:55:39 +00:00
Dominique Leuenberger
ba5c727b4d Accepting request 452976 from network
1

OBS-URL: https://build.opensuse.org/request/show/452976
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=125
2017-02-08 11:11:00 +00:00
Michael Ströder
c4c458e8fe Accepting request 452968 from home:bmwiedemann:branches:network
remove useless environment.pickle to make build-compare happy

OBS-URL: https://build.opensuse.org/request/show/452968
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=181
2017-01-27 15:29:04 +00:00
Dominique Leuenberger
4429fe8254 Accepting request 451651 from network
1

OBS-URL: https://build.opensuse.org/request/show/451651
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=124
2017-01-25 21:32:44 +00:00
Michael Ströder
0cd0c46b3a Accepting request 451650 from home:gladiac:branches:network
Introduce patch
krb5-1.15-fix_kdb_free_principal_e_data.patch
to fix freeing of e_data in the kdb principal

OBS-URL: https://build.opensuse.org/request/show/451650
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=179
2017-01-20 14:28:35 +00:00
Dominique Leuenberger
df71d696ec Accepting request 443977 from network
1

OBS-URL: https://build.opensuse.org/request/show/443977
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=123
2016-12-11 12:21:25 +00:00
Michael Ströder
6fe08c82e5 Accepting request 443689 from home:stroeder:branches:network
Update to upstream release 1.15.
Successfully tested KDC with LDAP backend with one kinit on Tumbleweed x86_64 (but without selinux).
Please carefully review the updated C code patches!

OBS-URL: https://build.opensuse.org/request/show/443689
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=177
2016-12-05 17:34:31 +00:00
Dominique Leuenberger
358de06623 Accepting request 441866 from network
1

OBS-URL: https://build.opensuse.org/request/show/441866
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=122
2016-11-28 14:02:59 +00:00
Howard Guo
e30e1bbad9 Accepting request 440200 from home:hauky:branches:network
- add pam configuration file required for ksu 
  just use a copy of "su" one from Tumbleweed

OBS-URL: https://build.opensuse.org/request/show/440200
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=175
2016-11-24 14:43:00 +00:00
Dominique Leuenberger
1b43fa31ca Accepting request 412764 from network
- Upgrade from 1.14.2 to 1.14.3:
  * Improve some error messages
  * Improve documentation
  * Allow a principal with nonexistent policy to bypass the minimum
    password lifetime check, consistent with other aspects of
    nonexistent policies
  * Fix a rare KDC denial of service vulnerability when anonymous client
    principals are restricted to obtaining TGTs only [CVE-2016-3120]
  
- Upgrade from 1.14.2 to 1.14.3:
  * Improve some error messages
  * Improve documentation
  * Allow a principal with nonexistent policy to bypass the minimum
    password lifetime check, consistent with other aspects of
    nonexistent policies
  * Fix a rare KDC denial of service vulnerability when anonymous client
    principals are restricted to obtaining TGTs only [CVE-2016-3120]

OBS-URL: https://build.opensuse.org/request/show/412764
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=121
2016-08-05 16:11:29 +00:00
Ismail Dönmez
80be49d3d2 Fixup
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=173
2016-07-22 11:04:02 +00:00
Ismail Dönmez
06399cb6eb Accepting request 412758 from home:stroeder:branches:network
update to 1.14.3

OBS-URL: https://build.opensuse.org/request/show/412758
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=172
2016-07-22 10:37:56 +00:00
Dominique Leuenberger
3c44b32878 Accepting request 406062 from network
------------------------------------------------------------------
- Remove source file ccapi/common/win/OldCC/autolock.hxx
  that is not needed and does not carry an acceptable license.
  (bsc#968111)
- Remove comments breaking post scripts. 

- Do no use systemd_requires macros in main package, it adds
  unneeded dependencies which pulls systemd into minimal chroot.
- Only call %insserv_prereq when building for pre-systemd
  distributions.
- Optimise some %post/%postun when only /sbin/ldconfig is called.
------------------------------------------------------------------
- Remove source file ccapi/common/win/OldCC/autolock.hxx
  that is not needed and does not carry an acceptable license.
  (bsc#968111)

OBS-URL: https://build.opensuse.org/request/show/406062
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=120
2016-07-12 21:44:09 +00:00
Ismail Dönmez
ac8428f53d - Remove comments breaking post scripts.
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=170
2016-07-02 11:39:29 +00:00
Ismail Dönmez
a0dc13d8ee Accepting request 405706 from home:fcrozat:branches:network
- Do no use systemd_requires macros in main package, it adds
  unneeded dependencies which pulls systemd into minimal chroot.
- Only call %insserv_prereq when building for pre-systemd
  distributions.
- Optimise some %post/%postun when only /sbin/ldconfig is called.

OBS-URL: https://build.opensuse.org/request/show/405706
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=169
2016-07-02 07:38:07 +00:00
Howard Guo
f423fdf030 ------------------------------------------------------------------
- Remove source file ccapi/common/win/OldCC/autolock.hxx
  that is not needed and does not carry an acceptable license.
  (bsc#968111)
------------------------------------------------------------------
- Remove source file ccapi/common/win/OldCC/autolock.hxx
  that is not needed and does not carry an acceptable license.
  (bsc#968111)

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=168
2016-06-13 12:41:05 +00:00
Dominique Leuenberger
4c53150c83 Accepting request 392051 from network
1

OBS-URL: https://build.opensuse.org/request/show/392051
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=119
2016-05-02 08:43:55 +00:00
Ismail Dönmez
f73cb2534d Accepting request 392049 from home:stroeder:branches:network
Update to 1.14.2. Please review carefully.

Especially from glancing over the upstream source krb5-mechglue_inqure_attrs.patch seems obsolete even though the solution in upstream code looks slightly different.

OBS-URL: https://build.opensuse.org/request/show/392049
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=166
2016-04-29 08:00:03 +00:00
Dominique Leuenberger
4817f926f7 Accepting request 382782 from network
OBS-URL: https://build.opensuse.org/request/show/382782
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=118
2016-04-06 09:50:34 +00:00
Howard Guo
9f56699b06 - Upgrade from 1.14 to 1.14.1:
* Remove expired patches:
    0104-Verify-decoded-kadmin-C-strings-CVE-2015-8629.patch
    0105-Fix-leaks-in-kadmin-server-stubs-CVE-2015-8631.patch
    0106-Check-for-null-kadm5-policy-name-CVE-2015-8630.patch
    krbdev.mit.edu-8301.patch
  * Replace source archives:
    krb5-1.14.tar.gz ->
    krb5-1.14.1.tar.gz
    krb5-1.14.tar.gz.asc ->
    krb5-1.14.1.tar.gz.asc
  * Adjust line numbers in:
    krb5-fix_interposer.patch

- Upgrade from 1.14 to 1.14.1:
  * Remove expired patches:
    0104-Verify-decoded-kadmin-C-strings-CVE-2015-8629.patch
    0105-Fix-leaks-in-kadmin-server-stubs-CVE-2015-8631.patch
    0106-Check-for-null-kadm5-policy-name-CVE-2015-8630.patch
    krbdev.mit.edu-8301.patch
  * Replace source archives:
    krb5-1.14.tar.gz ->
    krb5-1.14.1.tar.gz
    krb5-1.14.tar.gz.asc ->
    krb5-1.14.1.tar.gz.asc
  * Adjust line numbers in:
    krb5-fix_interposer.patch

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=165
2016-04-01 07:50:43 +00:00
Dominique Leuenberger
1a837358cb Accepting request 378714 from network
- Introduce patch
  0107-Fix-LDAP-null-deref-on-empty-arg-CVE-2016-3119.patch
  to fix CVE-2016-3119 (bsc#971942)

OBS-URL: https://build.opensuse.org/request/show/378714
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=117
2016-03-29 07:53:21 +00:00
Howard Guo
fcaedabd68 add credits to patch
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=163
2016-03-23 13:33:17 +00:00
Howard Guo
83e7befa84 Accepting request 378678 from home:guohouzuo:branches:network
- Introduce patch
  0107-Fix-LDAP-null-deref-on-empty-arg-CVE-2016-3119.patch
  to fix CVE-2016-3119 (bsc#971942)

OBS-URL: https://build.opensuse.org/request/show/378678
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=162
2016-03-23 13:16:38 +00:00
Dominique Leuenberger
9edf221a87 Accepting request 360110 from network
1

OBS-URL: https://build.opensuse.org/request/show/360110
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=116
2016-02-25 20:52:19 +00:00
f8868d141a Accepting request 359629 from home:guohouzuo:branches:network
- Remove krb5 pieces from spec file.
  Hence remove pre_checkin.sh
- Remove expired macros and other minor clena-ups in spec file.
- Change package description to explain what "mini" means.

- Remove krb5-mini pieces from spec file.
  Hence remove pre_checkin.sh
- Remove expired macros and other minor clean-ups in spec file.

OBS-URL: https://build.opensuse.org/request/show/359629
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=160
2016-02-18 11:50:30 +00:00
Dominique Leuenberger
802c8f6eff Accepting request 357310 from network
1

OBS-URL: https://build.opensuse.org/request/show/357310
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=115
2016-02-12 10:20:54 +00:00
Ismail Dönmez
e206af5319 Accepting request 357309 from home:guohouzuo:branches:network
- Fix CVE-2015-8629: krb5: xdr_nullstring() doesn't check for terminating null character
  with patch 0104-Verify-decoded-kadmin-C-strings-CVE-2015-8629.patch
  (bsc#963968)
- Fix CVE-2015-8631: krb5: Memory leak caused by supplying a null principal name in request
  with patch 0105-Fix-leaks-in-kadmin-server-stubs-CVE-2015-8631.patch
  (bsc#963975)
- Fix CVE-2015-8630: krb5: krb5 doesn't check for null policy when KADM5_POLICY is set in the mask
  with patch 0106-Check-for-null-kadm5-policy-name-CVE-2015-8630.patch
  (bsc#963964)

OBS-URL: https://build.opensuse.org/request/show/357309
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=158
2016-02-02 08:54:49 +00:00
Dominique Leuenberger
7d356ebc8e Accepting request 353069 from network
- Add two patches from Fedora, fixing two crashes:
  * krb5-fix_interposer.patch
  * krb5-mechglue_inqure_attrs.patch

- Update to 1.14
- dropped krb5-kvno-230379.patch
- added krbdev.mit.edu-8301.patch fixing wrong function call
Major changes in 1.14 (2015-11-20)
==================================
Administrator experience:
* Add a new kdb5_util tabdump command to provide reporting-friendly
  tabular dump formats (tab-separated or CSV) for the KDC database.
  Unlike the normal dump format, each output table has a fixed number
  of fields.  Some tables include human-readable forms of data that
  are opaque in ordinary dump files.  This format is also suitable for
  importing into relational databases for complex queries.
* Add support to kadmin and kadmin.local for specifying a single
  command line following any global options, where the command
  arguments are split by the shell--for example, "kadmin getprinc
  principalname".  Commands issued this way do not prompt for
  confirmation or display warning messages, and exit with non-zero
  status if the operation fails.
* Accept the same principal flag names in kadmin as we do for the
  default_principal_flags kdc.conf variable, and vice versa.  Also
  accept flag specifiers in the form that kadmin prints, as well as
  hexadecimal numbers.
* Remove the triple-DES and RC4 encryption types from the default
  value of supported_enctypes, which determines the default key and
  salt types for new password-derived keys.  By default, keys will
  only created only for AES128 and AES256.  This mitigates some types

OBS-URL: https://build.opensuse.org/request/show/353069
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=114
2016-01-13 21:43:58 +00:00
Ismail Dönmez
b9ca4cd2ca - Add two patches from Fedora, fixing two crashes:
* krb5-fix_interposer.patch
  * krb5-mechglue_inqure_attrs.patch

- Add two patches from Fedora, fixing two crashes:
  * krb5-fix_interposer.patch
  * krb5-mechglue_inqure_attrs.patch

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=156
2016-01-11 12:39:08 +00:00
Ismail Dönmez
89512499b6 -
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=155
2016-01-10 16:46:56 +00:00
Ismail Dönmez
e9af2abc6d Accepting request 352796 from home:stroeder:branches:network
update to 1.14, successfully tested on Tumbleweed x86_64 
1. purely as client for MS AD and
2. as KDC with LDAP backend

OBS-URL: https://build.opensuse.org/request/show/352796
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=154
2016-01-10 16:41:42 +00:00
Stephan Kulow
3a0928caa1 Accepting request 347776 from network
1

OBS-URL: https://build.opensuse.org/request/show/347776
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=113
2015-12-13 08:38:29 +00:00
Ismail Dönmez
ee705d6c1a Accepting request 347770 from home:stroeder:branches:network
update to 1.13.3

OBS-URL: https://build.opensuse.org/request/show/347770
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=152
2015-12-07 12:50:29 +00:00
Dominique Leuenberger
4fe99a992a Accepting request 343500 from network
1

OBS-URL: https://build.opensuse.org/request/show/343500
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=112
2015-11-15 11:45:42 +00:00