SHA256
1
0
forked from pool/krb5
Commit Graph

106 Commits

Author SHA256 Message Date
d42ae2c82a Accepting request 670179 from home:scabrero:branches:network
- Upgrade to 1.17. Major changes:
  Administrator experience:
  * A new Kerberos database module using the Lightning Memory-Mapped
    Database library (LMDB) has been added.  The LMDB KDB module should
    be more performant and more robust than the DB2 module, and may
    become the default module for new databases in a future release.
  * "kdb5_util dump" will no longer dump policy entries when specific
    principal names are requested.
  Developer experience:
  * The new krb5_get_etype_info() API can be used to retrieve enctype,
    salt, and string-to-key parameters from the KDC for a client
    principal.
  * The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise
    principal names to be used with GSS-API functions.
  * KDC and kadmind modules which call com_err() will now write to the
    log file in a format more consistent with other log messages.
  * Programs which use large numbers of memory credential caches should
    perform better.
  Protocol evolution:
  * The SPAKE pre-authentication mechanism is now supported.  This
    mechanism protects against password dictionary attacks without
    requiring any additional infrastructure such as certificates.  SPAKE
    is enabled by default on clients, but must be manually enabled on
    the KDC for this release.
  * PKINIT freshness tokens are now supported.  Freshness tokens can
    protect against scenarios where an attacker uses temporary access to
    a smart card to generate authentication requests for the future.
  * Password change operations now prefer TCP over UDP, to avoid
    spurious error messages about replays when a response packet is
    dropped.
  * The KDC now supports cross-realm S4U2Self requests when used with a
    third-party KDB module such as Samba's.  The client code for
    cross-realm S4U2Self requests is also now more robust.
  User experience:
  * The new ktutil addent -f flag can be used to fetch salt information
    from the KDC for password-based keys.
  * The new kdestroy -p option can be used to destroy a credential cache
    within a collection by client principal name.
  * The Kerberos man page has been restored, and documents the
    environment variables that affect programs using the Kerberos
    library.
  Code quality:
  * Python test scripts now use Python 3.
  * Python test scripts now display markers in verbose output, making it
    easier to find where a failure occurred within the scripts.
  * The Windows build system has been simplified and updated to work
    with more recent versions of Visual Studio.  A large volume of
    unused Windows-specific code has been removed.  Visual Studio 2013
    or later is now required.
- Use systemd-tmpfiles to create files under /var/lib/kerberos, required
  by transactional updates; (bsc#1100126);
- Rename patches:
  * krb5-1.12-pam.patch => 0001-krb5-1.12-pam.patch
  * krb5-1.9-manpaths.dif => 0002-krb5-1.9-manpaths.patch
  * krb5-1.12-buildconf.patch => 0003-krb5-1.12-buildconf.patch
  * krb5-1.6.3-gssapi_improve_errormessages.dif to
    0004-krb5-1.6.3-gssapi_improve_errormessages.patch
  * krb5-1.6.3-ktutil-manpage.dif => 0005-krb5-1.6.3-ktutil-manpage.patch
  * krb5-1.12-api.patch => 0006-krb5-1.12-api.patch
  * krb5-1.12-ksu-path.patch => 0007-krb5-1.12-ksu-path.patch
  * krb5-1.12-selinux-label.patch =>  0008-krb5-1.12-selinux-label.patch
  * krb5-1.9-debuginfo.patch => 0009-krb5-1.9-debuginfo.patch
- Upgrade to 1.17. Major changes:
  Administrator experience:
  * A new Kerberos database module using the Lightning Memory-Mapped
    Database library (LMDB) has been added.  The LMDB KDB module should
    be more performant and more robust than the DB2 module, and may
    become the default module for new databases in a future release.
  * "kdb5_util dump" will no longer dump policy entries when specific
    principal names are requested.
  Developer experience:
  * The new krb5_get_etype_info() API can be used to retrieve enctype,
    salt, and string-to-key parameters from the KDC for a client
    principal.
  * The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise
    principal names to be used with GSS-API functions.
  * KDC and kadmind modules which call com_err() will now write to the
    log file in a format more consistent with other log messages.
  * Programs which use large numbers of memory credential caches should
    perform better.
  Protocol evolution:
  * The SPAKE pre-authentication mechanism is now supported.  This
    mechanism protects against password dictionary attacks without
    requiring any additional infrastructure such as certificates.  SPAKE
    is enabled by default on clients, but must be manually enabled on
    the KDC for this release.
  * PKINIT freshness tokens are now supported.  Freshness tokens can
    protect against scenarios where an attacker uses temporary access to
    a smart card to generate authentication requests for the future.
  * Password change operations now prefer TCP over UDP, to avoid
    spurious error messages about replays when a response packet is
    dropped.
  * The KDC now supports cross-realm S4U2Self requests when used with a
    third-party KDB module such as Samba's.  The client code for
    cross-realm S4U2Self requests is also now more robust.
  User experience:
  * The new ktutil addent -f flag can be used to fetch salt information
    from the KDC for password-based keys.
  * The new kdestroy -p option can be used to destroy a credential cache
    within a collection by client principal name.
  * The Kerberos man page has been restored, and documents the
    environment variables that affect programs using the Kerberos
    library.
  Code quality:
  * Python test scripts now use Python 3.
  * Python test scripts now display markers in verbose output, making it
    easier to find where a failure occurred within the scripts.
  * The Windows build system has been simplified and updated to work
    with more recent versions of Visual Studio.  A large volume of
    unused Windows-specific code has been removed.  Visual Studio 2013
    or later is now required.
- Use systemd-tmpfiles to create files under /var/lib/kerberos, required
  by transactional updates; (bsc#1100126);
- Rename patches:
  * krb5-1.12-pam.patch => 0001-krb5-1.12-pam.patch
  * krb5-1.9-manpaths.dif => 0002-krb5-1.9-manpaths.patch
  * krb5-1.12-buildconf.patch => 0003-krb5-1.12-buildconf.patch
  * krb5-1.6.3-gssapi_improve_errormessages.dif to
    0004-krb5-1.6.3-gssapi_improve_errormessages.patch
  * krb5-1.6.3-ktutil-manpage.dif => 0005-krb5-1.6.3-ktutil-manpage.patch
  * krb5-1.12-api.patch => 0006-krb5-1.12-api.patch
  * krb5-1.12-ksu-path.patch => 0007-krb5-1.12-ksu-path.patch
  * krb5-1.12-selinux-label.patch =>  0008-krb5-1.12-selinux-label.patch
  * krb5-1.9-debuginfo.patch => 0009-krb5-1.9-debuginfo.patch

OBS-URL: https://build.opensuse.org/request/show/670179
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=212
2019-02-13 17:01:33 +00:00
Ismail Dönmez
b76b76ea62 Accepting request 640882 from home:jmcdough:branches:network
Update to krb5-1.16.1

OBS-URL: https://build.opensuse.org/request/show/640882
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=210
2018-10-15 15:08:42 +00:00
Michael Ströder
5dab1b263d Accepting request 603974 from home:stroeder:branches:network
Security fixes in release 1.15.3

OBS-URL: https://build.opensuse.org/request/show/603974
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=206
2018-05-04 11:22:34 +00:00
OBS User mrdocs
9cf7cfa8e9 Accepting request 601071 from home:luizluca:branches:network
- Added support for /etc/krb5.conf.d/ for configuration snippets

/etc/krb5.conf.d/ existance is now mandatory

OBS-URL: https://build.opensuse.org/request/show/601071
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=204
2018-05-01 03:19:15 +00:00
Michael Ströder
9ec64c1b6a Accepting request 544664 from home:RBrownSUSE:branches:network
Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)

OBS-URL: https://build.opensuse.org/request/show/544664
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=202
2017-11-23 14:51:34 +00:00
Michael Ströder
c09363cbd0 Accepting request 530605 from home:jengelh:branches:network
- Update package descriptions.

OBS-URL: https://build.opensuse.org/request/show/530605
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=198
2017-10-02 23:37:48 +00:00
Michael Ströder
f7aad59b95 Accepting request 528703 from home:stroeder:branches:network
- Upgrade to 1.15.2
  * Fix a KDC denial of service vulnerability caused by unset status
    strings [CVE-2017-11368]
  * Preserve GSS contexts on init/accept failure [CVE-2017-11462]
  * Fix kadm5 setkey operation with LDAP KDB module
  * Use a ten-second timeout after successful connection for HTTPS KDC
    requests, as we do for TCP requests
  * Fix client null dereference when KDC offers encrypted challenge
    without FAST
  * Ignore dotfiles when processing profile includedir directive
  * Improve documentation
- Upgrade to 1.15.2
  * Fix a KDC denial of service vulnerability caused by unset status
    strings [CVE-2017-11368]
  * Preserve GSS contexts on init/accept failure [CVE-2017-11462]
  * Fix kadm5 setkey operation with LDAP KDB module
  * Use a ten-second timeout after successful connection for HTTPS KDC
    requests, as we do for TCP requests
  * Fix client null dereference when KDC offers encrypted challenge
    without FAST
  * Ignore dotfiles when processing profile includedir directive
  * Improve documentation

OBS-URL: https://build.opensuse.org/request/show/528703
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=196
2017-09-27 08:29:01 +00:00
Howard Guo
45350c1e0c - Set "rdns" and "dns_canonicalize_hostname" to false in krb5.conf
in order to improve client security in handling service principle
  names. (bsc#1054028)

- Set "rdns" and "dns_canonicalize_hostname" to false in krb5.conf
  in order to improve client security in handling service principle
  names. (bsc#1054028)

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=194
2017-08-18 08:38:17 +00:00
Howard Guo
1d1e68ea09 - There is no change made about the package itself, this is only
copying over some changelog texts from SLE package:
- bug#918595 owned by varkoly@suse.com: VUL-0: CVE-2014-5355
  krb5: denial of service in krb5_read_message
- bug#912002 owned by varkoly@suse.com: VUL-0
  CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423:
  krb5: Vulnerabilities in kadmind, libgssrpc, gss_process_context_token
- bug#910458 owned by varkoly@suse.com: VUL-1
  CVE-2014-5354: krb5: NULL pointer dereference when using keyless entries
- bug#928978 owned by varkoly@suse.com: VUL-0
  CVE-2015-2694: krb5: issues in OTP and PKINIT kdcpreauth modules leading
  to requires_preauth bypass
- bug#910457 owned by varkoly@suse.com: VUL-1
  CVE-2014-5353: krb5: NULL pointer dereference when using a ticket policy
  name as a password policy name
- bug#991088 owned by hguo@suse.com: VUL-1
  CVE-2016-3120: krb5: S4U2Self KDC crash when anon is restricted
- bug#992853 owned by hguo@suse.com: krb5: bogus prerequires
- [fate#320326](https://fate.suse.com/320326)
- bug#982313 owned by pgajdos@suse.com: Doxygen unable to resolve reference
  from \cite

- There is no change made about the package itself, this is only
  copying over some changelog texts from SLE package:
- bug#918595 owned by varkoly@suse.com: VUL-0: CVE-2014-5355
  krb5: denial of service in krb5_read_message
- bug#912002 owned by varkoly@suse.com: VUL-0
  CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423:
  krb5: Vulnerabilities in kadmind, libgssrpc, gss_process_context_token
- bug#910458 owned by varkoly@suse.com: VUL-1

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=191
2017-06-06 13:39:13 +00:00
7566d42d93 Accepting request 486033 from home:kukuk:branches:network
- Remove wrong PreRequires

- Remove wrong PreRequires from krb5

OBS-URL: https://build.opensuse.org/request/show/486033
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=189
2017-04-07 06:22:42 +00:00
Howard Guo
4205fb7129 Accepting request 478048 from home:stroeder:branches:network
use HTTPS project and source URLs

OBS-URL: https://build.opensuse.org/request/show/478048
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=187
2017-03-13 08:48:12 +00:00
353b1c8ae7 - use source urls.
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=186
2017-03-09 18:22:08 +00:00
Howard Guo
68cd296a9a Accepting request 476962 from home:stroeder:branches:network
update to upstream release 1.15.1

OBS-URL: https://build.opensuse.org/request/show/476962
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=183
2017-03-06 08:55:39 +00:00
Michael Ströder
0cd0c46b3a Accepting request 451650 from home:gladiac:branches:network
Introduce patch
krb5-1.15-fix_kdb_free_principal_e_data.patch
to fix freeing of e_data in the kdb principal

OBS-URL: https://build.opensuse.org/request/show/451650
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=179
2017-01-20 14:28:35 +00:00
Michael Ströder
6fe08c82e5 Accepting request 443689 from home:stroeder:branches:network
Update to upstream release 1.15.
Successfully tested KDC with LDAP backend with one kinit on Tumbleweed x86_64 (but without selinux).
Please carefully review the updated C code patches!

OBS-URL: https://build.opensuse.org/request/show/443689
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=177
2016-12-05 17:34:31 +00:00
Ismail Dönmez
06399cb6eb Accepting request 412758 from home:stroeder:branches:network
update to 1.14.3

OBS-URL: https://build.opensuse.org/request/show/412758
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=172
2016-07-22 10:37:56 +00:00
Howard Guo
f423fdf030 ------------------------------------------------------------------
- Remove source file ccapi/common/win/OldCC/autolock.hxx
  that is not needed and does not carry an acceptable license.
  (bsc#968111)
------------------------------------------------------------------
- Remove source file ccapi/common/win/OldCC/autolock.hxx
  that is not needed and does not carry an acceptable license.
  (bsc#968111)

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=168
2016-06-13 12:41:05 +00:00
Ismail Dönmez
f73cb2534d Accepting request 392049 from home:stroeder:branches:network
Update to 1.14.2. Please review carefully.

Especially from glancing over the upstream source krb5-mechglue_inqure_attrs.patch seems obsolete even though the solution in upstream code looks slightly different.

OBS-URL: https://build.opensuse.org/request/show/392049
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=166
2016-04-29 08:00:03 +00:00
Howard Guo
9f56699b06 - Upgrade from 1.14 to 1.14.1:
* Remove expired patches:
    0104-Verify-decoded-kadmin-C-strings-CVE-2015-8629.patch
    0105-Fix-leaks-in-kadmin-server-stubs-CVE-2015-8631.patch
    0106-Check-for-null-kadm5-policy-name-CVE-2015-8630.patch
    krbdev.mit.edu-8301.patch
  * Replace source archives:
    krb5-1.14.tar.gz ->
    krb5-1.14.1.tar.gz
    krb5-1.14.tar.gz.asc ->
    krb5-1.14.1.tar.gz.asc
  * Adjust line numbers in:
    krb5-fix_interposer.patch

- Upgrade from 1.14 to 1.14.1:
  * Remove expired patches:
    0104-Verify-decoded-kadmin-C-strings-CVE-2015-8629.patch
    0105-Fix-leaks-in-kadmin-server-stubs-CVE-2015-8631.patch
    0106-Check-for-null-kadm5-policy-name-CVE-2015-8630.patch
    krbdev.mit.edu-8301.patch
  * Replace source archives:
    krb5-1.14.tar.gz ->
    krb5-1.14.1.tar.gz
    krb5-1.14.tar.gz.asc ->
    krb5-1.14.1.tar.gz.asc
  * Adjust line numbers in:
    krb5-fix_interposer.patch

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=165
2016-04-01 07:50:43 +00:00
f8868d141a Accepting request 359629 from home:guohouzuo:branches:network
- Remove krb5 pieces from spec file.
  Hence remove pre_checkin.sh
- Remove expired macros and other minor clena-ups in spec file.
- Change package description to explain what "mini" means.

- Remove krb5-mini pieces from spec file.
  Hence remove pre_checkin.sh
- Remove expired macros and other minor clean-ups in spec file.

OBS-URL: https://build.opensuse.org/request/show/359629
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=160
2016-02-18 11:50:30 +00:00
Ismail Dönmez
b9ca4cd2ca - Add two patches from Fedora, fixing two crashes:
* krb5-fix_interposer.patch
  * krb5-mechglue_inqure_attrs.patch

- Add two patches from Fedora, fixing two crashes:
  * krb5-fix_interposer.patch
  * krb5-mechglue_inqure_attrs.patch

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=156
2016-01-11 12:39:08 +00:00
Ismail Dönmez
e9af2abc6d Accepting request 352796 from home:stroeder:branches:network
update to 1.14, successfully tested on Tumbleweed x86_64 
1. purely as client for MS AD and
2. as KDC with LDAP backend

OBS-URL: https://build.opensuse.org/request/show/352796
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=154
2016-01-10 16:41:42 +00:00
Ismail Dönmez
ee705d6c1a Accepting request 347770 from home:stroeder:branches:network
update to 1.13.3

OBS-URL: https://build.opensuse.org/request/show/347770
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=152
2015-12-07 12:50:29 +00:00
Ismail Dönmez
172a23219f Accepting request 309550 from home:guohouzuo:freeipa
Let server depend on libev (module of libverto). This was the
 embedded implementation before the separation of libverto from krb.

OBS-URL: https://build.opensuse.org/request/show/309550
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=146
2015-06-01 09:44:23 +00:00
Ismail Dönmez
f1babf4554 Accepting request 309029 from home:dimstar:Factory
- Drop libverto and libverto-libev Requires from the -server
  package: those package names don't exist and the shared libs
  are pulled in automatically.

- Drop libverto and libverto-libev Requires from the -server
  package: those package names don't exist and the shared libs
  are pulled in automatically.

OBS-URL: https://build.opensuse.org/request/show/309029
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=144
2015-05-28 08:59:56 +00:00
Ismail Dönmez
d9be576ce1 Accepting request 308898 from home:dimstar:Factory
Also build dep libverto for the -mini variant... so it can actually be built

OBS-URL: https://build.opensuse.org/request/show/308898
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=143
2015-05-27 16:09:38 +00:00
7991a93622 - pre_checkin.sh aligned changes between krb5/krb5-mini
- added krb5.keyring

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=142
2015-05-22 09:30:16 +00:00
8103840325 * Add client support for the Kerberos Cache Manager protocol. If the host
* Add support for doing unlocked database dumps for the DB2 KDC back end,
  * krb5-1.7-doublelog.patch

- Work around replay cache creation race; (bnc#898439).
  krb5-1.13-work-around-replay-cache-creation-race.patch

-  bnc#897874 CVE-2014-5351: krb5: current keys returned when randomizing the keys for a service principal 
- added patches:
  * bnc#897874-CVE-2014-5351.diff

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=141
2015-05-22 09:22:57 +00:00
Andrey Karepin
71a09ab035 Accepting request 306592 from home:stroeder:branches:network
update to 1.13.2

OBS-URL: https://build.opensuse.org/request/show/306592
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=139
2015-05-13 19:25:01 +00:00
cefda77aa1 Accepting request 286613 from home:stroeder:branches:network
security update 1.13.1

OBS-URL: https://build.opensuse.org/request/show/286613
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=136
2015-02-18 17:22:56 +00:00
42eb1db8e7 Accepting request 280024 from home:mlin7442:branches:network
update to 1.13, also fixed build with bison3

OBS-URL: https://build.opensuse.org/request/show/280024
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=134
2015-01-06 10:58:20 +00:00
1e26a2fb1a Accepting request 246966 from home:AndreasStieger:branches:network
krb5 5.12.2

- Fix build with doxygen 1.8.8 - adding krb5-1.12-doxygen.patch
  from upstream
  See https://build.opensuse.org/request/show/246780

OBS-URL: https://build.opensuse.org/request/show/246966
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=128
2014-09-01 15:41:18 +00:00
Christian Kornacker
e1506944cc - buffer overrun in kadmind with LDAP backend
CVE-2014-4345 (bnc#891082)
  krb5-1.12-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.patch

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=126
2014-08-11 11:01:01 +00:00
Christian Kornacker
f2e853070c - Fix double-free in SPNEGO [CVE-2014-4343] (bnc#888697)
krb5-1.12-CVE-2014-4343-Fix-double-free-in-SPNEGO.patch
  Fix null deref in SPNEGO acceptor [CVE-2014-4344]
  krb5-1.12-CVE-2014-4344-Fix-null-deref-in-SPNEGO-acceptor.patch

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=124
2014-07-28 09:58:41 +00:00
Christian Kornacker
3ac7b19a80 Accepting request 241590 from home:posophe:branches:network
Fix for systemd

OBS-URL: https://build.opensuse.org/request/show/241590
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=122
2014-07-21 12:42:45 +00:00
Christian Kornacker
3f646c425e - denial of service flaws when handling RFC 1964 tokens (bnc#886016)
krb5-1.12-CVE-2014-4341-CVE-2014-4342.patch
- start krb5kdc after slapd (bnc#886102)
- obsolete krb5-plugin-preauth-pkinit-nss (bnc#881674)
  similar functionality is provided by krb5-plugin-preauth-pkinit

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=121
2014-07-15 08:18:37 +00:00
Christian Kornacker
5f3b47a9fc - don't deliver SysV init files to systemd distributions
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=119
2014-02-18 17:40:34 +00:00
Christian Kornacker
869a682f2d - update to version 1.12.1
* Make KDC log service principal names more consistently during
    some error conditions, instead of "<unknown server>"
  * Fix several bugs related to building AES-NI support on less
    common configurations
  * Fix several bugs related to keyring credential caches
- upstream obsoletes:
  krb5-1.12-copy_context.patch
  krb5-1.12-enable-NX.patch
  krb5-1.12-pic-aes-ni.patch
  krb5-master-no-malloc0.patch
  krb5-master-ignore-empty-unnecessary-final-token.patch

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=117
2014-01-21 15:06:23 +00:00
Christian Kornacker
673bd84f01 extended changelog for Factory
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=115
2014-01-16 13:19:42 +00:00
Michael Calmer
03254981cb Accepting request 213903 from home:ckornacker:branches:network
- update to version 1.12
  * Add GSSAPI extensions for constructing MIC tokens using IOV lists
  * Add a FAST OTP preauthentication module for the KDC which uses
    RADIUS to validate OTP token values.
  * The AES-based encryption types will use AES-NI instructions
    when possible for improved performance.
- revert dependency on libcom_err-mini-devel since it's not yet
  available
- update and rebase patches

OBS-URL: https://build.opensuse.org/request/show/213903
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=114
2014-01-15 14:14:20 +00:00
10b96098f3 Accepting request 210105 from home:neilbrown:branches:network
Reduce build dependencies for krb5-mini
This requires a change to e2fsprogs which will include
the creation of e2fsprogs-mini, so it shouldn't be accepted
before that other change is accepted

- Reduce build dependencies for krb5-mini by removing
  doxygen and changing libcom_err-devel to
  libcom_err-mini-devel
- Small fix to pre_checkin.sh so krb5-mini.spec is correct.

- Reduce build dependencies for krb5-mini by removing
  doxygen and changing libcom_err-devel to
  libcom_err-mini-devel
- Small fix to pre_checkin.sh so krb5-mini.spec is correct.

OBS-URL: https://build.opensuse.org/request/show/210105
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=112
2013-12-10 09:48:22 +00:00
3e0687cac7 Accepting request 207746 from home:ckornacker:branches:network
- update to version 1.11.4
  - Fix a KDC null pointer dereference [CVE-2013-1417] that could
    affect realms with an uncommon configuration.
  - Fix a KDC null pointer dereference [CVE-2013-1418] that could
    affect KDCs that serve multiple realms.
  - Fix a number of bugs related to KDC master key rollover.

OBS-URL: https://build.opensuse.org/request/show/207746
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=110
2013-11-20 12:36:50 +00:00
Michael Calmer
6ca487dd65 - install and enable systemd service files also in -mini package
- install and enable systemd service files also in -mini package

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=108
2013-06-24 16:22:21 +00:00
Michael Calmer
071b9cc1bd Accepting request 180374 from home:elvigia:branches:network
- remove fstack-protector-all from CFLAGS, just use the 
  lighter/fast version already present in %optflags
- Use LFS_CFLAGS to build in 32 bit archs.

- remove fstack-protector-all from CFLAGS, just use the 
  lighter/fast version already present in %optflags
- Use LFS_CFLAGS to build in 32 bit archs.

OBS-URL: https://build.opensuse.org/request/show/180374
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=107
2013-06-21 12:43:11 +00:00
Michael Calmer
62c3aa1413 fix mini spec and changes
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=105
2013-06-09 14:26:32 +00:00
Michael Calmer
333c9356fd - cleanup systemd files (remove syslog.target)
- cleanup systemd files (remove syslog.target)

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=102
2013-05-28 17:08:58 +00:00
Michael Calmer
be7c32c3a0 - let krb5-mini conflict with all main packages
- let krb5-mini conflict with all main packages

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=100
2013-05-03 07:44:44 +00:00
Michael Calmer
d494e8c485 - add conflicts between krb5-mini and krb5-server
- add conflicts between krb5-mini and krb5-server

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=99
2013-05-02 14:44:19 +00:00
Michael Calmer
703aff2fdd - update to version 1.11.2
* Incremental propagation could erroneously act as if a slave's
    database were current after the slave received a full dump
    that failed to load.
  * gss_import_sec_context incorrectly set internal state that
    identifies whether an imported context is from an interposer
    mechanism or from the underlying mechanism. 
- upstream fix obsolete krb5-lookup_etypes-leak.patch

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=97
2013-04-28 15:20:13 +00:00
Michael Calmer
fe67473a6d - add conflicts between krb5-mini-devel and krb5-devel
- add conflicts between krb5-mini-devel and krb5-devel

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=95
2013-04-04 13:10:58 +00:00