SHA256
1
0
forked from pool/krb5
Commit Graph

83 Commits

Author SHA256 Message Date
Christian Kornacker
e1506944cc - buffer overrun in kadmind with LDAP backend
CVE-2014-4345 (bnc#891082)
  krb5-1.12-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.patch

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=126
2014-08-11 11:01:01 +00:00
Christian Kornacker
f2e853070c - Fix double-free in SPNEGO [CVE-2014-4343] (bnc#888697)
krb5-1.12-CVE-2014-4343-Fix-double-free-in-SPNEGO.patch
  Fix null deref in SPNEGO acceptor [CVE-2014-4344]
  krb5-1.12-CVE-2014-4344-Fix-null-deref-in-SPNEGO-acceptor.patch

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=124
2014-07-28 09:58:41 +00:00
Christian Kornacker
3ac7b19a80 Accepting request 241590 from home:posophe:branches:network
Fix for systemd

OBS-URL: https://build.opensuse.org/request/show/241590
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=122
2014-07-21 12:42:45 +00:00
Christian Kornacker
3f646c425e - denial of service flaws when handling RFC 1964 tokens (bnc#886016)
krb5-1.12-CVE-2014-4341-CVE-2014-4342.patch
- start krb5kdc after slapd (bnc#886102)
- obsolete krb5-plugin-preauth-pkinit-nss (bnc#881674)
  similar functionality is provided by krb5-plugin-preauth-pkinit

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=121
2014-07-15 08:18:37 +00:00
Christian Kornacker
5f3b47a9fc - don't deliver SysV init files to systemd distributions
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=119
2014-02-18 17:40:34 +00:00
Christian Kornacker
869a682f2d - update to version 1.12.1
* Make KDC log service principal names more consistently during
    some error conditions, instead of "<unknown server>"
  * Fix several bugs related to building AES-NI support on less
    common configurations
  * Fix several bugs related to keyring credential caches
- upstream obsoletes:
  krb5-1.12-copy_context.patch
  krb5-1.12-enable-NX.patch
  krb5-1.12-pic-aes-ni.patch
  krb5-master-no-malloc0.patch
  krb5-master-ignore-empty-unnecessary-final-token.patch

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=117
2014-01-21 15:06:23 +00:00
Michael Calmer
03254981cb Accepting request 213903 from home:ckornacker:branches:network
- update to version 1.12
  * Add GSSAPI extensions for constructing MIC tokens using IOV lists
  * Add a FAST OTP preauthentication module for the KDC which uses
    RADIUS to validate OTP token values.
  * The AES-based encryption types will use AES-NI instructions
    when possible for improved performance.
- revert dependency on libcom_err-mini-devel since it's not yet
  available
- update and rebase patches

OBS-URL: https://build.opensuse.org/request/show/213903
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=114
2014-01-15 14:14:20 +00:00
9e3edabdc0 OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=113 2013-12-10 16:50:56 +00:00
10b96098f3 Accepting request 210105 from home:neilbrown:branches:network
Reduce build dependencies for krb5-mini
This requires a change to e2fsprogs which will include
the creation of e2fsprogs-mini, so it shouldn't be accepted
before that other change is accepted

- Reduce build dependencies for krb5-mini by removing
  doxygen and changing libcom_err-devel to
  libcom_err-mini-devel
- Small fix to pre_checkin.sh so krb5-mini.spec is correct.

- Reduce build dependencies for krb5-mini by removing
  doxygen and changing libcom_err-devel to
  libcom_err-mini-devel
- Small fix to pre_checkin.sh so krb5-mini.spec is correct.

OBS-URL: https://build.opensuse.org/request/show/210105
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=112
2013-12-10 09:48:22 +00:00
3e0687cac7 Accepting request 207746 from home:ckornacker:branches:network
- update to version 1.11.4
  - Fix a KDC null pointer dereference [CVE-2013-1417] that could
    affect realms with an uncommon configuration.
  - Fix a KDC null pointer dereference [CVE-2013-1418] that could
    affect KDCs that serve multiple realms.
  - Fix a number of bugs related to KDC master key rollover.

OBS-URL: https://build.opensuse.org/request/show/207746
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=110
2013-11-20 12:36:50 +00:00
Michael Calmer
6ca487dd65 - install and enable systemd service files also in -mini package
- install and enable systemd service files also in -mini package

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=108
2013-06-24 16:22:21 +00:00
Michael Calmer
071b9cc1bd Accepting request 180374 from home:elvigia:branches:network
- remove fstack-protector-all from CFLAGS, just use the 
  lighter/fast version already present in %optflags
- Use LFS_CFLAGS to build in 32 bit archs.

- remove fstack-protector-all from CFLAGS, just use the 
  lighter/fast version already present in %optflags
- Use LFS_CFLAGS to build in 32 bit archs.

OBS-URL: https://build.opensuse.org/request/show/180374
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=107
2013-06-21 12:43:11 +00:00
Michael Calmer
62c3aa1413 fix mini spec and changes
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=105
2013-06-09 14:26:32 +00:00
Michael Calmer
eaff141ce0 - update to version 1.11.3
- Fix a UDP ping-pong vulnerability in the kpasswd
    (password changing) service. [CVE-2002-2443]
  - Improve interoperability with some Windows native PKINIT clients.
- install translation files
- remove outdated configure options

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=104
2013-06-09 14:19:29 +00:00
Michael Calmer
be7c32c3a0 - let krb5-mini conflict with all main packages
- let krb5-mini conflict with all main packages

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=100
2013-05-03 07:44:44 +00:00
Michael Calmer
d494e8c485 - add conflicts between krb5-mini and krb5-server
- add conflicts between krb5-mini and krb5-server

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=99
2013-05-02 14:44:19 +00:00
Michael Calmer
bb6c75aaa8 package new man page
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=98
2013-04-28 15:33:40 +00:00
Michael Calmer
703aff2fdd - update to version 1.11.2
* Incremental propagation could erroneously act as if a slave's
    database were current after the slave received a full dump
    that failed to load.
  * gss_import_sec_context incorrectly set internal state that
    identifies whether an imported context is from an interposer
    mechanism or from the underlying mechanism. 
- upstream fix obsolete krb5-lookup_etypes-leak.patch

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=97
2013-04-28 15:20:13 +00:00
Michael Calmer
fe67473a6d - add conflicts between krb5-mini-devel and krb5-devel
- add conflicts between krb5-mini-devel and krb5-devel

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=95
2013-04-04 13:10:58 +00:00
Michael Calmer
91ad28ede3 - add conflicts between krb5-mini and krb5 and krb5-client
- add conflicts between krb5-mini and krb5 and krb5-client

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=94
2013-04-02 15:33:04 +00:00
Michael Calmer
c043de4335 - enable selinux and set openssl as crypto implementation
- enable selinux and set openssl as crypto implementation

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=92
2013-03-27 10:45:21 +00:00
Michael Calmer
13e38775f6 - update to version 1.11.1
* Improve ASN.1 support code, making it table-driven for
    decoding as well as encoding
  * Refactor parts of KDC
  * Documentation consolidation
  * build docs in the main package
  * bugfixing
- obsolets a lot of patches
- refactor some patches

- update to version 1.11.1
  * Improve ASN.1 support code, making it table-driven for
    decoding as well as encoding
  * Refactor parts of KDC
  * Documentation consolidation
  * build docs in the main package
  * bugfixing
- obsolets a lot of patches
- refactor some patches

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=90
2013-03-15 10:21:16 +00:00
Michael Calmer
66ced8b26b - fix PKINIT null pointer deref in pkinit_check_kdc_pkid()
CVE-2012-1016 (bnc#807556)
  bug-807556-CVE-2012-1016-fix-PKINIT-null-pointer-deref2.dif
  bug-806715-CVE-2013-1415-fix-PKINIT-null-pointer-deref.dif

- fix PKINIT null pointer deref in pkinit_check_kdc_pkid()
  CVE-2012-1016 (bnc#807556)
  bug-807556-CVE-2012-1016-fix-PKINIT-null-pointer-deref2.dif
  bug-806715-CVE-2013-1415-fix-PKINIT-null-pointer-deref.dif

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=88
2013-03-06 11:03:13 +00:00
Michael Calmer
b06750d1e3 - fix PKINIT null pointer deref
CVE-2013-1415 (bnc#806715)

- package missing file (bnc#794784)

- revert the -p usage in %postun to fix SLE build

- fix PKINIT null pointer deref
  CVE-2013-1415 (bnc#806715)

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=87
2013-03-04 10:24:33 +00:00
Michael Calmer
3833bf033c osc copypac from project:openSUSE:Factory package:krb5 revision:87, using keep-link
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=84
2013-01-25 14:25:26 +00:00
Michael Calmer
9107e5e0a0 - package missing file (bnc#794784)
- package missing file (bnc#794784)

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=82
2013-01-14 09:13:37 +00:00
Michael Calmer
ebe2f14d13 - update to version 1.11
* Improve ASN.1 support code, making it table-driven for
    decoding as well as encoding
  * Refactor parts of KDC 
  * Documentation consolidation
  * build docs in the main package
  * bugfixing

- revert the -p usage in %postun to fix SLE build

- update to version 1.11
  * Improve ASN.1 support code, making it table-driven for
    decoding as well as encoding
  * Refactor parts of KDC 
  * Documentation consolidation
  * build docs in the main package
  * bugfixing

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=81
2013-01-13 16:54:32 +00:00
Michael Calmer
9f81fd6bf3 Accepting request 138418 from openSUSE:Factory:Staging:Systemd
- buildrequire systemd by pkgconfig provide to get systemd-mini

- revert the -p usage in %postun to fix SLE build

- buildrequire systemd by pkgconfig provide to get systemd-mini

OBS-URL: https://build.opensuse.org/request/show/138418
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=79
2012-10-17 07:48:12 +00:00
df32a9b4a9 Accepting request 138156 from openSUSE:Factory:Staging:Systemd
OBS-URL: https://build.opensuse.org/request/show/138156
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=77
2012-10-15 13:04:28 +00:00
Michael Calmer
4152ef5ebb fix build for older distries
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=75
2012-10-05 15:26:30 +00:00
Michael Calmer
dc50be2adf - add systemd service files for kadmind, krb5kdc and kpropd
- add sysconfig templates for kadmind and krb5kdc

- add systemd service files for kadmind, krb5kdc and kpropd
- add sysconfig templates for kadmind and krb5kdc

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=74
2012-10-05 14:25:10 +00:00
Michael Calmer
ff4c5cf360 Accepting request 124805 from home:coolo:branches:openSUSE:Factory
- fix %files section for krb5-mini

OBS-URL: https://build.opensuse.org/request/show/124805
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=70
2012-06-13 09:15:26 +00:00
Michael Calmer
6735fa647b - fix gcc47 issues
- fix gcc47 issues

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=68
2012-06-07 11:40:00 +00:00
Michael Calmer
ea9e71d4e1 fix filelist
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=66
2012-06-06 15:14:50 +00:00
Michael Calmer
84f939323f - update to version 1.10.2
obsolte patches:
  * krb5-1.7-nodeplibs.patch
  * krb5-1.9.1-ai_addrconfig.patch
  * krb5-1.9.1-ai_addrconfig2.patch
  * krb5-1.9.1-sendto_poll.patch
  * krb5-1.9-canonicalize-fallback.patch
  * krb5-1.9-paren.patch
  * krb5-klist_s.patch
  * krb5-pkinit-cms2.patch
  * krb5-trunk-chpw-err.patch
  * krb5-trunk-gss_delete_sec.patch
  * krb5-trunk-kadmin-oldproto.patch
  * krb5-1.9-MITKRB5-SA-2011-006.dif
  * krb5-1.9-gss_display_status-iakerb.patch
  * krb5-1.9.1-sendto_poll2.patch
  * krb5-1.9.1-sendto_poll3.patch
  * krb5-1.9-MITKRB5-SA-2011-007.dif
- Fix an interop issue with Windows Server 2008 R2 Read-Only Domain
  Controllers.
- Update a workaround for a glibc bug that would cause DNS PTR queries
  to occur even when rdns = false.
- Fix a kadmind denial of service issue (null pointer dereference),
  which could only be triggered by an administrator with the "create"
  privilege.  [CVE-2012-1013]
- Fix access controls for KDB string attributes [CVE-2012-1012]
- Make the ASN.1 encoding of key version numbers interoperate with
  Windows Read-Only Domain Controllers
- Avoid generating spurious password expiry warnings in cases where
  the KDC sends an account expiry time without a password expiry time

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=65
2012-06-06 14:55:51 +00:00
3e20fdd243 Accepting request 102242 from home:msmeissn:branches:network
move license/summary/group tags out of ifdef

OBS-URL: https://build.opensuse.org/request/show/102242
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=61
2012-02-08 08:11:14 +00:00
Stephan Kulow
7cd74a1dc5 Accepting request 97386 from home:coolo:removeautoconf
add autoconf to buildrequires

OBS-URL: https://build.opensuse.org/request/show/97386
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=59
2011-12-25 21:43:39 +00:00
Michael Calmer
6e6175d4bc - fix KDC null pointer dereference in TGS handling
(MITKRB5-SA-2011-007, bnc#730393)
  CVE-2011-1530

- fix KDC null pointer dereference in TGS handling
  (MITKRB5-SA-2011-007, bnc#730393)
  CVE-2011-1530
  (RT#6951, bnc#731648)

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=56
2011-12-07 08:41:31 +00:00
Michael Calmer
f4d30b42a2 - fix KDC HA feature introduced with implementing KDC poll
(RT#6951)

- fix KDC HA feature introduced with implementing KDC poll
  (RT#6951)

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=55
2011-11-21 10:17:08 +00:00
Michael Calmer
46ef3c181c Accepting request 92055 from home:rhafer:branches:network
fix minor error messages for the IAKERB GSSAPI mechanism
(see: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7020)

OBS-URL: https://build.opensuse.org/request/show/92055
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=54
2011-11-21 09:54:25 +00:00
Michael Calmer
f55551038a - fix kdc remote denial of service
(MITKRB5-SA-2011-006, bnc#719393)
  CVE-2011-1527, CVE-2011-1528, CVE-2011-1529

- fix kdc remote denial of service
  (MITKRB5-SA-2011-006, bnc#719393)
  CVE-2011-1527, CVE-2011-1528, CVE-2011-1529

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=51
2011-10-19 07:48:04 +00:00
OBS User buildservice-autocommit
0b3bb9a064 Updating link to change in openSUSE:Factory/krb5 revision 72.0
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=791524bc053d34f24fab2de0182f0e31
2011-08-24 11:36:07 +00:00
Michael Calmer
fa4d11a0f8 - use --without-pam to build krb5-mini
- use --without-pam to build krb5-mini

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=49
2011-08-23 11:52:42 +00:00
OBS User buildservice-autocommit
38b3b7be0d Updating link to change in openSUSE:Factory/krb5 revision 70.0
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=2b4796e351a3d42a3bb42949f7b36ed1
2011-08-22 13:22:28 +00:00
Michael Calmer
da75d9099c Accepting request 79466 from home:mcalmer:branches:network
- add patches from Fedora and upstream 
- fix init scripts (bnc#689006)

- update to version 1.9.1
  * obsolete patches:
    MITKRB5-SA-2010-007-1.8.dif
    krb5-1.8-MITKRB5-SA-2010-006.dif
    krb5-1.8-MITKRB5-SA-2011-001.dif
    krb5-1.8-MITKRB5-SA-2011-002.dif
    krb5-1.8-MITKRB5-SA-2011-003.dif
    krb5-1.8-MITKRB5-SA-2011-004.dif
    krb5-1.4.3-enospc.dif
  * replace krb5-1.6.1-compile_pie.dif

- fix init scripts (bnc#689006)

OBS-URL: https://build.opensuse.org/request/show/79466
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=46
2011-08-22 08:19:13 +00:00
OBS User buildservice-autocommit
0677406d15 Updating link to change in openSUSE:Factory/krb5 revision 68.0
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=6d61089ad52902686bd02effa34dc857
2011-04-14 12:31:56 +00:00
Michael Calmer
4434f35b8f - fix kadmind invalid pointer free()
(MITKRB5-SA-2011-004, bnc#687469)
  CVE-2011-0285

- fix kadmind invalid pointer free()
  (MITKRB5-SA-2011-004, bnc#687469)
  CVE-2011-0285

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=43
2011-04-14 09:34:57 +00:00
OBS User buildservice-autocommit
a6f8b7928f Updating link to change in openSUSE:Factory/krb5 revision 66.0
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=704fe4b80714ccd8c9cc49e461a747ff
2011-03-16 09:31:26 +00:00
Michael Calmer
b12b5169d7 - Fix vulnerability to a double-free condition in KDC daemon
(MITKRB5-SA-2011-003, bnc#671717)
  CVE-2011-0284

- Fix vulnerability to a double-free condition in KDC daemon
  (MITKRB5-SA-2011-003, bnc#671717)
  CVE-2011-0284

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=41
2011-03-16 07:59:53 +00:00
Michael Calmer
1e4178c989 - Fix kpropd denial of service
(MITKRB5-SA-2011-001, bnc#662665)
  CVE-2010-4022
- Fix KDC denial of service attacks with LDAP back end
  (MITKRB5-SA-2011-002, bnc#663619)
  CVE-2011-0281, CVE-2011-0282 

- Fix kpropd denial of service
  (MITKRB5-SA-2011-001, bnc#662665)
  CVE-2010-4022
- Fix KDC denial of service attacks with LDAP back end
  (MITKRB5-SA-2011-002, bnc#663619)
  CVE-2011-0281, CVE-2011-0282

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=39
2011-02-09 09:12:27 +00:00