SHA256
1
0
forked from pool/krb5
Commit Graph

187 Commits

Author SHA256 Message Date
Michael Ströder
9ec64c1b6a Accepting request 544664 from home:RBrownSUSE:branches:network
Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)

OBS-URL: https://build.opensuse.org/request/show/544664
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=202
2017-11-23 14:51:34 +00:00
Howard Guo
e5f49d0c42 - Remove build dependency doxygen, python-Cheetah, python-Sphinx,
python-libxml2, python-lxml, most of which are python 2 programs.
  Consequently remove -doc subpackage. Users are encouraged to use
  online documentation. (bsc#1066461)

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=200
2017-11-06 10:43:49 +00:00
Michael Ströder
c09363cbd0 Accepting request 530605 from home:jengelh:branches:network
- Update package descriptions.

OBS-URL: https://build.opensuse.org/request/show/530605
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=198
2017-10-02 23:37:48 +00:00
Michael Ströder
f7aad59b95 Accepting request 528703 from home:stroeder:branches:network
- Upgrade to 1.15.2
  * Fix a KDC denial of service vulnerability caused by unset status
    strings [CVE-2017-11368]
  * Preserve GSS contexts on init/accept failure [CVE-2017-11462]
  * Fix kadm5 setkey operation with LDAP KDB module
  * Use a ten-second timeout after successful connection for HTTPS KDC
    requests, as we do for TCP requests
  * Fix client null dereference when KDC offers encrypted challenge
    without FAST
  * Ignore dotfiles when processing profile includedir directive
  * Improve documentation
- Upgrade to 1.15.2
  * Fix a KDC denial of service vulnerability caused by unset status
    strings [CVE-2017-11368]
  * Preserve GSS contexts on init/accept failure [CVE-2017-11462]
  * Fix kadm5 setkey operation with LDAP KDB module
  * Use a ten-second timeout after successful connection for HTTPS KDC
    requests, as we do for TCP requests
  * Fix client null dereference when KDC offers encrypted challenge
    without FAST
  * Ignore dotfiles when processing profile includedir directive
  * Improve documentation

OBS-URL: https://build.opensuse.org/request/show/528703
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=196
2017-09-27 08:29:01 +00:00
Howard Guo
45350c1e0c - Set "rdns" and "dns_canonicalize_hostname" to false in krb5.conf
in order to improve client security in handling service principle
  names. (bsc#1054028)

- Set "rdns" and "dns_canonicalize_hostname" to false in krb5.conf
  in order to improve client security in handling service principle
  names. (bsc#1054028)

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=194
2017-08-18 08:38:17 +00:00
Howard Guo
17c6c6c5ee - Prevent kadmind.service startup failure caused by absence of
LDAP service. (bsc#903543)

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=193
2017-08-11 09:12:41 +00:00
Howard Guo
1d1e68ea09 - There is no change made about the package itself, this is only
copying over some changelog texts from SLE package:
- bug#918595 owned by varkoly@suse.com: VUL-0: CVE-2014-5355
  krb5: denial of service in krb5_read_message
- bug#912002 owned by varkoly@suse.com: VUL-0
  CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423:
  krb5: Vulnerabilities in kadmind, libgssrpc, gss_process_context_token
- bug#910458 owned by varkoly@suse.com: VUL-1
  CVE-2014-5354: krb5: NULL pointer dereference when using keyless entries
- bug#928978 owned by varkoly@suse.com: VUL-0
  CVE-2015-2694: krb5: issues in OTP and PKINIT kdcpreauth modules leading
  to requires_preauth bypass
- bug#910457 owned by varkoly@suse.com: VUL-1
  CVE-2014-5353: krb5: NULL pointer dereference when using a ticket policy
  name as a password policy name
- bug#991088 owned by hguo@suse.com: VUL-1
  CVE-2016-3120: krb5: S4U2Self KDC crash when anon is restricted
- bug#992853 owned by hguo@suse.com: krb5: bogus prerequires
- [fate#320326](https://fate.suse.com/320326)
- bug#982313 owned by pgajdos@suse.com: Doxygen unable to resolve reference
  from \cite

- There is no change made about the package itself, this is only
  copying over some changelog texts from SLE package:
- bug#918595 owned by varkoly@suse.com: VUL-0: CVE-2014-5355
  krb5: denial of service in krb5_read_message
- bug#912002 owned by varkoly@suse.com: VUL-0
  CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423:
  krb5: Vulnerabilities in kadmind, libgssrpc, gss_process_context_token
- bug#910458 owned by varkoly@suse.com: VUL-1

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=191
2017-06-06 13:39:13 +00:00
7566d42d93 Accepting request 486033 from home:kukuk:branches:network
- Remove wrong PreRequires

- Remove wrong PreRequires from krb5

OBS-URL: https://build.opensuse.org/request/show/486033
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=189
2017-04-07 06:22:42 +00:00
Howard Guo
4205fb7129 Accepting request 478048 from home:stroeder:branches:network
use HTTPS project and source URLs

OBS-URL: https://build.opensuse.org/request/show/478048
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=187
2017-03-13 08:48:12 +00:00
353b1c8ae7 - use source urls.
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=186
2017-03-09 18:22:08 +00:00
fcf9fee442 Accepting request 478007 from home:gladiac:branches:network
This is a new source code upload with the krb5.keyring updated

The keyring missed Greg Hudson his gpg signature:
C4493CB739F4A89F9852CBC20CBA08575F8372DF

The command to create the keyring is:

gpg2 --export --export-options export-minimal \
         2C732B1C0DBEF678AB3AF606A32F17FD0055C305 \
         C4493CB739F4A89F9852CBC20CBA08575F8372DF > krb5.keyring

OBS-URL: https://build.opensuse.org/request/show/478007
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=185
2017-03-09 18:20:50 +00:00
Howard Guo
f465a11baf redownload source tar archive, delete obsolete patch file
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=184
2017-03-06 09:15:20 +00:00
Howard Guo
68cd296a9a Accepting request 476962 from home:stroeder:branches:network
update to upstream release 1.15.1

OBS-URL: https://build.opensuse.org/request/show/476962
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=183
2017-03-06 08:55:39 +00:00
Michael Ströder
c4c458e8fe Accepting request 452968 from home:bmwiedemann:branches:network
remove useless environment.pickle to make build-compare happy

OBS-URL: https://build.opensuse.org/request/show/452968
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=181
2017-01-27 15:29:04 +00:00
Michael Ströder
0cd0c46b3a Accepting request 451650 from home:gladiac:branches:network
Introduce patch
krb5-1.15-fix_kdb_free_principal_e_data.patch
to fix freeing of e_data in the kdb principal

OBS-URL: https://build.opensuse.org/request/show/451650
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=179
2017-01-20 14:28:35 +00:00
Michael Ströder
6fe08c82e5 Accepting request 443689 from home:stroeder:branches:network
Update to upstream release 1.15.
Successfully tested KDC with LDAP backend with one kinit on Tumbleweed x86_64 (but without selinux).
Please carefully review the updated C code patches!

OBS-URL: https://build.opensuse.org/request/show/443689
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=177
2016-12-05 17:34:31 +00:00
Howard Guo
e30e1bbad9 Accepting request 440200 from home:hauky:branches:network
- add pam configuration file required for ksu 
  just use a copy of "su" one from Tumbleweed

OBS-URL: https://build.opensuse.org/request/show/440200
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=175
2016-11-24 14:43:00 +00:00
Ismail Dönmez
80be49d3d2 Fixup
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=173
2016-07-22 11:04:02 +00:00
Ismail Dönmez
06399cb6eb Accepting request 412758 from home:stroeder:branches:network
update to 1.14.3

OBS-URL: https://build.opensuse.org/request/show/412758
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=172
2016-07-22 10:37:56 +00:00
Ismail Dönmez
ac8428f53d - Remove comments breaking post scripts.
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=170
2016-07-02 11:39:29 +00:00
Ismail Dönmez
a0dc13d8ee Accepting request 405706 from home:fcrozat:branches:network
- Do no use systemd_requires macros in main package, it adds
  unneeded dependencies which pulls systemd into minimal chroot.
- Only call %insserv_prereq when building for pre-systemd
  distributions.
- Optimise some %post/%postun when only /sbin/ldconfig is called.

OBS-URL: https://build.opensuse.org/request/show/405706
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=169
2016-07-02 07:38:07 +00:00
Howard Guo
f423fdf030 ------------------------------------------------------------------
- Remove source file ccapi/common/win/OldCC/autolock.hxx
  that is not needed and does not carry an acceptable license.
  (bsc#968111)
------------------------------------------------------------------
- Remove source file ccapi/common/win/OldCC/autolock.hxx
  that is not needed and does not carry an acceptable license.
  (bsc#968111)

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=168
2016-06-13 12:41:05 +00:00
Ismail Dönmez
f73cb2534d Accepting request 392049 from home:stroeder:branches:network
Update to 1.14.2. Please review carefully.

Especially from glancing over the upstream source krb5-mechglue_inqure_attrs.patch seems obsolete even though the solution in upstream code looks slightly different.

OBS-URL: https://build.opensuse.org/request/show/392049
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=166
2016-04-29 08:00:03 +00:00
Howard Guo
9f56699b06 - Upgrade from 1.14 to 1.14.1:
* Remove expired patches:
    0104-Verify-decoded-kadmin-C-strings-CVE-2015-8629.patch
    0105-Fix-leaks-in-kadmin-server-stubs-CVE-2015-8631.patch
    0106-Check-for-null-kadm5-policy-name-CVE-2015-8630.patch
    krbdev.mit.edu-8301.patch
  * Replace source archives:
    krb5-1.14.tar.gz ->
    krb5-1.14.1.tar.gz
    krb5-1.14.tar.gz.asc ->
    krb5-1.14.1.tar.gz.asc
  * Adjust line numbers in:
    krb5-fix_interposer.patch

- Upgrade from 1.14 to 1.14.1:
  * Remove expired patches:
    0104-Verify-decoded-kadmin-C-strings-CVE-2015-8629.patch
    0105-Fix-leaks-in-kadmin-server-stubs-CVE-2015-8631.patch
    0106-Check-for-null-kadm5-policy-name-CVE-2015-8630.patch
    krbdev.mit.edu-8301.patch
  * Replace source archives:
    krb5-1.14.tar.gz ->
    krb5-1.14.1.tar.gz
    krb5-1.14.tar.gz.asc ->
    krb5-1.14.1.tar.gz.asc
  * Adjust line numbers in:
    krb5-fix_interposer.patch

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=165
2016-04-01 07:50:43 +00:00
Howard Guo
fcaedabd68 add credits to patch
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=163
2016-03-23 13:33:17 +00:00
Howard Guo
83e7befa84 Accepting request 378678 from home:guohouzuo:branches:network
- Introduce patch
  0107-Fix-LDAP-null-deref-on-empty-arg-CVE-2016-3119.patch
  to fix CVE-2016-3119 (bsc#971942)

OBS-URL: https://build.opensuse.org/request/show/378678
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=162
2016-03-23 13:16:38 +00:00
f8868d141a Accepting request 359629 from home:guohouzuo:branches:network
- Remove krb5 pieces from spec file.
  Hence remove pre_checkin.sh
- Remove expired macros and other minor clena-ups in spec file.
- Change package description to explain what "mini" means.

- Remove krb5-mini pieces from spec file.
  Hence remove pre_checkin.sh
- Remove expired macros and other minor clean-ups in spec file.

OBS-URL: https://build.opensuse.org/request/show/359629
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=160
2016-02-18 11:50:30 +00:00
Ismail Dönmez
e206af5319 Accepting request 357309 from home:guohouzuo:branches:network
- Fix CVE-2015-8629: krb5: xdr_nullstring() doesn't check for terminating null character
  with patch 0104-Verify-decoded-kadmin-C-strings-CVE-2015-8629.patch
  (bsc#963968)
- Fix CVE-2015-8631: krb5: Memory leak caused by supplying a null principal name in request
  with patch 0105-Fix-leaks-in-kadmin-server-stubs-CVE-2015-8631.patch
  (bsc#963975)
- Fix CVE-2015-8630: krb5: krb5 doesn't check for null policy when KADM5_POLICY is set in the mask
  with patch 0106-Check-for-null-kadm5-policy-name-CVE-2015-8630.patch
  (bsc#963964)

OBS-URL: https://build.opensuse.org/request/show/357309
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=158
2016-02-02 08:54:49 +00:00
Ismail Dönmez
b9ca4cd2ca - Add two patches from Fedora, fixing two crashes:
* krb5-fix_interposer.patch
  * krb5-mechglue_inqure_attrs.patch

- Add two patches from Fedora, fixing two crashes:
  * krb5-fix_interposer.patch
  * krb5-mechglue_inqure_attrs.patch

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=156
2016-01-11 12:39:08 +00:00
Ismail Dönmez
89512499b6 -
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=155
2016-01-10 16:46:56 +00:00
Ismail Dönmez
e9af2abc6d Accepting request 352796 from home:stroeder:branches:network
update to 1.14, successfully tested on Tumbleweed x86_64 
1. purely as client for MS AD and
2. as KDC with LDAP backend

OBS-URL: https://build.opensuse.org/request/show/352796
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=154
2016-01-10 16:41:42 +00:00
Ismail Dönmez
ee705d6c1a Accepting request 347770 from home:stroeder:branches:network
update to 1.13.3

OBS-URL: https://build.opensuse.org/request/show/347770
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=152
2015-12-07 12:50:29 +00:00
Ismail Dönmez
ea14ad7c34 Accepting request 343479 from home:guohouzuo:branches:network
- Apply patch 0103-Fix-IAKERB-context-export-import-CVE-2015-2698.patch
  to fix a memory corruption regression introduced by resolution of
  CVE-2015-2698. bsc#954204

OBS-URL: https://build.opensuse.org/request/show/343479
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=150
2015-11-10 16:57:00 +00:00
Ismail Dönmez
aa93054403 Accepting request 341521 from home:guohouzuo:branches:network
One bug fix in manual page + 3 CVE fixes.

OBS-URL: https://build.opensuse.org/request/show/341521
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=148
2015-10-29 18:14:03 +00:00
Ismail Dönmez
172a23219f Accepting request 309550 from home:guohouzuo:freeipa
Let server depend on libev (module of libverto). This was the
 embedded implementation before the separation of libverto from krb.

OBS-URL: https://build.opensuse.org/request/show/309550
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=146
2015-06-01 09:44:23 +00:00
Ismail Dönmez
f1babf4554 Accepting request 309029 from home:dimstar:Factory
- Drop libverto and libverto-libev Requires from the -server
  package: those package names don't exist and the shared libs
  are pulled in automatically.

- Drop libverto and libverto-libev Requires from the -server
  package: those package names don't exist and the shared libs
  are pulled in automatically.

OBS-URL: https://build.opensuse.org/request/show/309029
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=144
2015-05-28 08:59:56 +00:00
Ismail Dönmez
d9be576ce1 Accepting request 308898 from home:dimstar:Factory
Also build dep libverto for the -mini variant... so it can actually be built

OBS-URL: https://build.opensuse.org/request/show/308898
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=143
2015-05-27 16:09:38 +00:00
7991a93622 - pre_checkin.sh aligned changes between krb5/krb5-mini
- added krb5.keyring

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=142
2015-05-22 09:30:16 +00:00
8103840325 * Add client support for the Kerberos Cache Manager protocol. If the host
* Add support for doing unlocked database dumps for the DB2 KDC back end,
  * krb5-1.7-doublelog.patch

- Work around replay cache creation race; (bnc#898439).
  krb5-1.13-work-around-replay-cache-creation-race.patch

-  bnc#897874 CVE-2014-5351: krb5: current keys returned when randomizing the keys for a service principal 
- added patches:
  * bnc#897874-CVE-2014-5351.diff

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=141
2015-05-22 09:22:57 +00:00
Andrey Karepin
cdaf49db88 OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=140 2015-05-13 19:33:48 +00:00
Andrey Karepin
71a09ab035 Accepting request 306592 from home:stroeder:branches:network
update to 1.13.2

OBS-URL: https://build.opensuse.org/request/show/306592
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=139
2015-05-13 19:25:01 +00:00
24de3e2bab Accepting request 305915 from home:guohouzuo:freeipa
OBS-URL: https://build.opensuse.org/request/show/305915
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=138
2015-05-11 11:41:14 +00:00
cefda77aa1 Accepting request 286613 from home:stroeder:branches:network
security update 1.13.1

OBS-URL: https://build.opensuse.org/request/show/286613
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=136
2015-02-18 17:22:56 +00:00
42eb1db8e7 Accepting request 280024 from home:mlin7442:branches:network
update to 1.13, also fixed build with bison3

OBS-URL: https://build.opensuse.org/request/show/280024
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=134
2015-01-06 10:58:20 +00:00
35dbbe780b Accepting request 252436 from home:dmdiss:branches:bnc898439_krb_reply_cache_race_factory
- Work around replay cache creation race; (bnc#898439).
  krb5-1.13-work-around-replay-cache-creation-race.patch

OBS-URL: https://build.opensuse.org/request/show/252436
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=132
2014-10-01 07:19:37 +00:00
23582573aa Accepting request 251631 from home:varkoly:branches:network
-  bnc#897874 CVE-2014-5351: krb5: current keys returned when randomizing the keys for a service principal 
- added patches:
  * bnc#897874-CVE-2014-5351.diff

OBS-URL: https://build.opensuse.org/request/show/251631
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=130
2014-09-25 08:28:07 +00:00
1e26a2fb1a Accepting request 246966 from home:AndreasStieger:branches:network
krb5 5.12.2

- Fix build with doxygen 1.8.8 - adding krb5-1.12-doxygen.patch
  from upstream
  See https://build.opensuse.org/request/show/246780

OBS-URL: https://build.opensuse.org/request/show/246966
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=128
2014-09-01 15:41:18 +00:00
Christian Kornacker
e1506944cc - buffer overrun in kadmind with LDAP backend
CVE-2014-4345 (bnc#891082)
  krb5-1.12-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.patch

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=126
2014-08-11 11:01:01 +00:00
Christian Kornacker
f2e853070c - Fix double-free in SPNEGO [CVE-2014-4343] (bnc#888697)
krb5-1.12-CVE-2014-4343-Fix-double-free-in-SPNEGO.patch
  Fix null deref in SPNEGO acceptor [CVE-2014-4344]
  krb5-1.12-CVE-2014-4344-Fix-null-deref-in-SPNEGO-acceptor.patch

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=124
2014-07-28 09:58:41 +00:00
Christian Kornacker
3ac7b19a80 Accepting request 241590 from home:posophe:branches:network
Fix for systemd

OBS-URL: https://build.opensuse.org/request/show/241590
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=122
2014-07-21 12:42:45 +00:00