SHA256
1
0
forked from pool/krb5
Commit Graph

101 Commits

Author SHA256 Message Date
Michael Calmer
66ced8b26b - fix PKINIT null pointer deref in pkinit_check_kdc_pkid()
CVE-2012-1016 (bnc#807556)
  bug-807556-CVE-2012-1016-fix-PKINIT-null-pointer-deref2.dif
  bug-806715-CVE-2013-1415-fix-PKINIT-null-pointer-deref.dif

- fix PKINIT null pointer deref in pkinit_check_kdc_pkid()
  CVE-2012-1016 (bnc#807556)
  bug-807556-CVE-2012-1016-fix-PKINIT-null-pointer-deref2.dif
  bug-806715-CVE-2013-1415-fix-PKINIT-null-pointer-deref.dif

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=88
2013-03-06 11:03:13 +00:00
Michael Calmer
b06750d1e3 - fix PKINIT null pointer deref
CVE-2013-1415 (bnc#806715)

- package missing file (bnc#794784)

- revert the -p usage in %postun to fix SLE build

- fix PKINIT null pointer deref
  CVE-2013-1415 (bnc#806715)

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=87
2013-03-04 10:24:33 +00:00
Michael Calmer
3833bf033c osc copypac from project:openSUSE:Factory package:krb5 revision:87, using keep-link
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=84
2013-01-25 14:25:26 +00:00
Michael Calmer
9107e5e0a0 - package missing file (bnc#794784)
- package missing file (bnc#794784)

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=82
2013-01-14 09:13:37 +00:00
Michael Calmer
ebe2f14d13 - update to version 1.11
* Improve ASN.1 support code, making it table-driven for
    decoding as well as encoding
  * Refactor parts of KDC 
  * Documentation consolidation
  * build docs in the main package
  * bugfixing

- revert the -p usage in %postun to fix SLE build

- update to version 1.11
  * Improve ASN.1 support code, making it table-driven for
    decoding as well as encoding
  * Refactor parts of KDC 
  * Documentation consolidation
  * build docs in the main package
  * bugfixing

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=81
2013-01-13 16:54:32 +00:00
Michael Calmer
9f81fd6bf3 Accepting request 138418 from openSUSE:Factory:Staging:Systemd
- buildrequire systemd by pkgconfig provide to get systemd-mini

- revert the -p usage in %postun to fix SLE build

- buildrequire systemd by pkgconfig provide to get systemd-mini

OBS-URL: https://build.opensuse.org/request/show/138418
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=79
2012-10-17 07:48:12 +00:00
df32a9b4a9 Accepting request 138156 from openSUSE:Factory:Staging:Systemd
OBS-URL: https://build.opensuse.org/request/show/138156
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=77
2012-10-15 13:04:28 +00:00
Michael Calmer
dc50be2adf - add systemd service files for kadmind, krb5kdc and kpropd
- add sysconfig templates for kadmind and krb5kdc

- add systemd service files for kadmind, krb5kdc and kpropd
- add sysconfig templates for kadmind and krb5kdc

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=74
2012-10-05 14:25:10 +00:00
Michael Calmer
ff4c5cf360 Accepting request 124805 from home:coolo:branches:openSUSE:Factory
- fix %files section for krb5-mini

OBS-URL: https://build.opensuse.org/request/show/124805
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=70
2012-06-13 09:15:26 +00:00
Michael Calmer
6735fa647b - fix gcc47 issues
- fix gcc47 issues

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=68
2012-06-07 11:40:00 +00:00
Michael Calmer
84f939323f - update to version 1.10.2
obsolte patches:
  * krb5-1.7-nodeplibs.patch
  * krb5-1.9.1-ai_addrconfig.patch
  * krb5-1.9.1-ai_addrconfig2.patch
  * krb5-1.9.1-sendto_poll.patch
  * krb5-1.9-canonicalize-fallback.patch
  * krb5-1.9-paren.patch
  * krb5-klist_s.patch
  * krb5-pkinit-cms2.patch
  * krb5-trunk-chpw-err.patch
  * krb5-trunk-gss_delete_sec.patch
  * krb5-trunk-kadmin-oldproto.patch
  * krb5-1.9-MITKRB5-SA-2011-006.dif
  * krb5-1.9-gss_display_status-iakerb.patch
  * krb5-1.9.1-sendto_poll2.patch
  * krb5-1.9.1-sendto_poll3.patch
  * krb5-1.9-MITKRB5-SA-2011-007.dif
- Fix an interop issue with Windows Server 2008 R2 Read-Only Domain
  Controllers.
- Update a workaround for a glibc bug that would cause DNS PTR queries
  to occur even when rdns = false.
- Fix a kadmind denial of service issue (null pointer dereference),
  which could only be triggered by an administrator with the "create"
  privilege.  [CVE-2012-1013]
- Fix access controls for KDB string attributes [CVE-2012-1012]
- Make the ASN.1 encoding of key version numbers interoperate with
  Windows Read-Only Domain Controllers
- Avoid generating spurious password expiry warnings in cases where
  the KDC sends an account expiry time without a password expiry time

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=65
2012-06-06 14:55:51 +00:00
3e20fdd243 Accepting request 102242 from home:msmeissn:branches:network
move license/summary/group tags out of ifdef

OBS-URL: https://build.opensuse.org/request/show/102242
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=61
2012-02-08 08:11:14 +00:00
Stephan Kulow
7cd74a1dc5 Accepting request 97386 from home:coolo:removeautoconf
add autoconf to buildrequires

OBS-URL: https://build.opensuse.org/request/show/97386
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=59
2011-12-25 21:43:39 +00:00
Michael Calmer
6e6175d4bc - fix KDC null pointer dereference in TGS handling
(MITKRB5-SA-2011-007, bnc#730393)
  CVE-2011-1530

- fix KDC null pointer dereference in TGS handling
  (MITKRB5-SA-2011-007, bnc#730393)
  CVE-2011-1530
  (RT#6951, bnc#731648)

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=56
2011-12-07 08:41:31 +00:00
Michael Calmer
f4d30b42a2 - fix KDC HA feature introduced with implementing KDC poll
(RT#6951)

- fix KDC HA feature introduced with implementing KDC poll
  (RT#6951)

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=55
2011-11-21 10:17:08 +00:00
Michael Calmer
46ef3c181c Accepting request 92055 from home:rhafer:branches:network
fix minor error messages for the IAKERB GSSAPI mechanism
(see: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7020)

OBS-URL: https://build.opensuse.org/request/show/92055
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=54
2011-11-21 09:54:25 +00:00
Michael Calmer
f55551038a - fix kdc remote denial of service
(MITKRB5-SA-2011-006, bnc#719393)
  CVE-2011-1527, CVE-2011-1528, CVE-2011-1529

- fix kdc remote denial of service
  (MITKRB5-SA-2011-006, bnc#719393)
  CVE-2011-1527, CVE-2011-1528, CVE-2011-1529

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=51
2011-10-19 07:48:04 +00:00
Michael Calmer
fa4d11a0f8 - use --without-pam to build krb5-mini
- use --without-pam to build krb5-mini

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=49
2011-08-23 11:52:42 +00:00
Michael Calmer
da75d9099c Accepting request 79466 from home:mcalmer:branches:network
- add patches from Fedora and upstream 
- fix init scripts (bnc#689006)

- update to version 1.9.1
  * obsolete patches:
    MITKRB5-SA-2010-007-1.8.dif
    krb5-1.8-MITKRB5-SA-2010-006.dif
    krb5-1.8-MITKRB5-SA-2011-001.dif
    krb5-1.8-MITKRB5-SA-2011-002.dif
    krb5-1.8-MITKRB5-SA-2011-003.dif
    krb5-1.8-MITKRB5-SA-2011-004.dif
    krb5-1.4.3-enospc.dif
  * replace krb5-1.6.1-compile_pie.dif

- fix init scripts (bnc#689006)

OBS-URL: https://build.opensuse.org/request/show/79466
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=46
2011-08-22 08:19:13 +00:00
Michael Calmer
4434f35b8f - fix kadmind invalid pointer free()
(MITKRB5-SA-2011-004, bnc#687469)
  CVE-2011-0285

- fix kadmind invalid pointer free()
  (MITKRB5-SA-2011-004, bnc#687469)
  CVE-2011-0285

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=43
2011-04-14 09:34:57 +00:00
Michael Calmer
b12b5169d7 - Fix vulnerability to a double-free condition in KDC daemon
(MITKRB5-SA-2011-003, bnc#671717)
  CVE-2011-0284

- Fix vulnerability to a double-free condition in KDC daemon
  (MITKRB5-SA-2011-003, bnc#671717)
  CVE-2011-0284

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=41
2011-03-16 07:59:53 +00:00
Michael Calmer
1e4178c989 - Fix kpropd denial of service
(MITKRB5-SA-2011-001, bnc#662665)
  CVE-2010-4022
- Fix KDC denial of service attacks with LDAP back end
  (MITKRB5-SA-2011-002, bnc#663619)
  CVE-2011-0281, CVE-2011-0282 

- Fix kpropd denial of service
  (MITKRB5-SA-2011-001, bnc#662665)
  CVE-2010-4022
- Fix KDC denial of service attacks with LDAP back end
  (MITKRB5-SA-2011-002, bnc#663619)
  CVE-2011-0281, CVE-2011-0282

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=39
2011-02-09 09:12:27 +00:00
Michael Calmer
248552dcc5 - Fix multiple checksum handling vulnerabilities
(MITKRB5-SA-2010-007, bnc#650650)
  CVE-2010-1324
  * krb5 GSS-API applications may accept unkeyed checksums
  * krb5 application services may accept unkeyed PAC checksums
  * krb5 KDC may accept low-entropy KrbFastArmoredReq checksums
  CVE-2010-1323
  * krb5 clients may accept unkeyed SAM-2 challenge checksums
  * krb5 may accept KRB-SAFE checksums with low-entropy derived keys
  CVE-2010-4020
  * krb5 may accept authdata checksums with low-entropy derived keys
  CVE-2010-4021
  * krb5 KDC may issue unrequested tickets due to KrbFastReq forgery

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=37
2010-12-01 10:45:18 +00:00
Michael Calmer
69ae6baf15 - fix csh profile (bnc#649856)
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=35
2010-10-28 10:53:57 +00:00
Michael Calmer
2e757e8e48 add changes to -mini
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=31
2010-10-22 09:18:00 +00:00
Michael Calmer
089523862c - change environment variable PATH directly for csh
(bnc#642080)

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=29
2010-10-22 08:51:14 +00:00
OBS User buildservice-autocommit
b40723da81 Updating link to change in openSUSE:Factory/krb5 revision 55.0
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=16c75c266da5ee523e21706d624b6e46
2010-10-11 09:50:03 +00:00
OBS User autobuild
74e4ec3b00 Accepting request 50195 from network
checked in (request 50195)

OBS-URL: https://build.opensuse.org/request/show/50195
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=28
2010-10-11 09:50:02 +00:00
Michael Calmer
9482246780 - fix a dereference of an uninitialized pointer while processing
authorization data. 
  CVE-2010-1322, MITKRB5-SA-2010-006 (bnc#640990)

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=27
2010-10-11 08:46:56 +00:00
Michael Calmer
09a8594db3 Accepting request 41854 from home:leonardocf:branches:network
Copy from home:leonardocf:branches:network/krb5 via accept of submit request 41854 revision 2.
Request was accepted with message:

OBS-URL: https://build.opensuse.org/request/show/41854
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=25
2010-06-22 07:49:38 +00:00
OBS User buildservice-autocommit
c773282ebc Updating link to change in openSUSE:Factory/krb5 revision 51.0
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=76e7c9e1fc886111a06aa8aebfb6ed24
2010-05-25 08:35:36 +00:00
OBS User autobuild
3631c963d5 Accepting request 40365 from network
checked in (request 40365)

OBS-URL: https://build.opensuse.org/request/show/40365
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=24
2010-05-25 08:35:35 +00:00
Michael Calmer
b83e316992 - fix GSS-API library null pointer dereference
CVE-2010-1321, MITKRB5-SA-2010-005 (bnc#596826)

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=23
2010-05-19 12:28:19 +00:00
OBS User buildservice-autocommit
b4fda1ea93 Updating link to change in openSUSE:Factory/krb5 revision 50.0
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=9e2221a1d23355de5bbe8ae3fe775e8d
2010-04-23 17:17:38 +00:00
OBS User autobuild
8eb1b656d3 Accepting request 38408 from network
checked in (request 38408)

OBS-URL: https://build.opensuse.org/request/show/38408
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=22
2010-04-23 17:17:37 +00:00
Michael Calmer
26f8bba482 - fix a double free vulnerability in the KDC
CVE-2010-1320, MITKRB5-SA-2010-004 (bnc#596002)

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=21
2010-04-21 08:32:07 +00:00
OBS User buildservice-autocommit
0d6b79cec0 Updating link to change in openSUSE:Factory/krb5 revision 49.0
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=ce934bf77d29ffcb7323f9a17cc82caf
2010-04-14 13:16:17 +00:00
OBS User autobuild
8f6bba81c7 Accepting request 37899 from network
checked in (request 37899)

OBS-URL: https://build.opensuse.org/request/show/37899
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=20
2010-04-14 13:16:16 +00:00
Michael Calmer
558c7472cd - update to version 1.8.1
* include krb5-1.8-POST.dif
  * include MITKRB5-SA-2010-002

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=17
2010-04-09 10:47:38 +00:00
Michael Calmer
9b7065a839 - update krb5-1.8-POST.dif
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=16
2010-04-06 12:16:20 +00:00
OBS User buildservice-autocommit
527022b424 Updating link to change in openSUSE:Factory/krb5 revision 48.0
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=03eeb0c694a7c98f62758afbaf724d78
2010-03-25 23:13:31 +00:00
OBS User autobuild
2c72bcf882 Accepting request 35620 from network
checked in (request 35620)

OBS-URL: https://build.opensuse.org/request/show/35620
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=15
2010-03-25 23:13:30 +00:00
Michael Calmer
28dc0dd056 Accepting request 35618 from home:mcalmer:branches:network
Copy from home:mcalmer:branches:network/krb5 via accept of submit request 35618 revision 2.
Request was accepted with message:

OBS-URL: https://build.opensuse.org/request/show/35618
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=14
2010-03-24 09:00:53 +00:00
Michael Calmer
f9e6d882fd - add post 1.8 fixes
* Add IPv6 support to changepw.c
  * fix two problems in kadm5_get_principal mask handling 
  * Ignore improperly encoded signedpath AD elements
  * handle NT_SRV_INST in service principal referrals
  * dereference options while checking 
    KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT
  * Fix the kpasswd fallback from the ccache principal name
  * Document the ticket_lifetime libdefaults setting
  * Change KRB5_AUTHDATA_SIGNTICKET from 142 to 512

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=13
2010-03-23 11:40:55 +00:00
OBS User autobuild
2e036bfdfd Accepting request 33933 from network
checked in (request 33933)

OBS-URL: https://build.opensuse.org/request/show/33933
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=12
2010-03-05 01:10:03 +00:00
Michael Calmer
6c03664bc8 - update to version 1.8
- update to version 1.8
  * Increase code quality 
  * Move toward improved KDB interface
  * Investigate and remedy repeatedly-reported performance 
    bottlenecks.
  * Reduce DNS dependence by implementing an interface that allows
    client library to track whether a KDC supports service 
    principal referrals.
  * Disable DES by default 
  * Account lockout for repeated login failures
  * Bridge layer to allow Heimdal HDB modules to act as KDB 
    backend modules
  * FAST enhancements
  * Microsoft Services for User (S4U) compatibility
  * Anonymous PKINIT
- fix KDC denial of service
  CVE-2010-0283, MITKRB5-SA-2010-001 (bnc#571781)
  CVE-2009-4212, MITKRB5-SA-2009-004 (bnc#561351)
- moved krb5 applications (telnet, ftp, rlogin, ...) to krb5-appl
 
- update to version 1.8
  * Increase code quality 
  * Move toward improved KDB interface
  * Investigate and remedy repeatedly-reported performance 
    bottlenecks.
  * Reduce DNS dependence by implementing an interface that allows
    client library to track whether a KDC supports service 
    principal referrals.
  * Disable DES by default 
  * Account lockout for repeated login failures
  * Bridge layer to allow Heimdal HDB modules to act as KDB 
    backend modules
  * FAST enhancements
  * Microsoft Services for User (S4U) compatibility
  * Anonymous PKINIT
- fix KDC denial of service
  CVE-2010-0283, MITKRB5-SA-2010-001 (bnc#571781)
  CVE-2009-4212, MITKRB5-SA-2009-004 (bnc#561351)
- moved krb5 applications (telnet, ftp, rlogin, ...) to krb5-appl

OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=11
2010-03-04 10:58:13 +00:00
OBS User autobuild
2400da9106 Accepting request 33933 from network
Copy from network/krb5 based on submit request 33933 from user mcalmer

OBS-URL: https://build.opensuse.org/request/show/33933
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=46
2010-03-05 01:10:04 +00:00
OBS User autobuild
5670e1eed5 Accepting request 28402 from network
Copy from network/krb5 based on submit request 28402 from user coolo

OBS-URL: https://build.opensuse.org/request/show/28402
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=45
2010-01-14 14:34:47 +00:00
OBS User autobuild
7f71d89cdd Accepting request 24524 from network
Copy from network/krb5 based on submit request 24524 from user mcalmer

OBS-URL: https://build.opensuse.org/request/show/24524
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=44
2009-11-16 15:21:45 +00:00
OBS User unknown
2bdceaa356 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=42 2009-07-17 14:31:27 +00:00
OBS User unknown
7b77761d5a OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=41 2009-07-08 17:41:43 +00:00