Nalin Dahyabhai
0d81cc8c03
- add patch for attempt to free uninitialized pointer in libkrb5
...
(CVE-2009-0846)
2009-04-07 18:15:12 +00:00
Nalin Dahyabhai
b28fb4b7da
- add patches for read overflow and null pointer dereference in the
...
implementation of the SPNEGO mechanism (CVE-2009-0844, CVE-2009-0845)
2009-04-07 18:14:43 +00:00
Nalin Dahyabhai
d43a03520f
- make the kpropd init script treat reload as restart (part of #225974 )
2009-04-06 20:33:44 +00:00
Nalin Dahyabhai
45bffcbf45
- take the execute bit off of the protocol docs (part of #225974 )
...
- unflag init scripts as configuration files (part of #225974 )
2009-04-06 18:22:58 +00:00
Nalin Dahyabhai
303d2c20d2
- fixup summary texts (part of #225974 )
2009-04-06 18:00:53 +00:00
Nalin Dahyabhai
fa314d1962
- escape possible macros in the changelog (part of #225974 )
2009-04-06 17:52:21 +00:00
Nalin Dahyabhai
5ee95cc082
- clean up buildprereq/prereqs, explicit mktemp requires, and add the
...
ldconfig for the -server-ldap subpackage (part of #225974 )
2009-04-06 17:45:29 +00:00
Nalin Dahyabhai
98a3610002
- make splitting up of the workstation bits unconditional
2009-04-06 16:46:35 +00:00
Nalin Dahyabhai
1644a79505
- move the libraries to /%{_lib}, but leave --libdir alone so that plugins
...
get installed and are searched for in the same locations (#473333 )
2009-04-06 16:22:45 +00:00
Nalin Dahyabhai
e61be4fa97
- turn off krb4 support (it won't be part of the 1.7 release, but do it
...
now)
- use triggeruns to properly shut down and disable krb524d when -server and
-workstation-servers gets upgraded, because it's gone now
2009-04-06 15:56:45 +00:00
Nalin Dahyabhai
434cefd85a
- libgssapi_krb5: backport fix for some errors which can occur when we fail
...
to set up the server half of a context (CVE-2009-0845)
2009-03-17 22:26:27 +00:00
Jesse Keating
78b02cd911
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
2009-02-25 11:58:27 +00:00
Nalin Dahyabhai
ab1cdb5d37
- add a patch to catch out-of-space errors rcp'ing files to NFS
...
destinations
2009-02-19 23:11:41 +00:00
Nalin Dahyabhai
2ef50f0d66
- flesh out the note to include why the patch isn't going anywhere
2009-02-19 22:35:32 +00:00
Nalin Dahyabhai
4e24fa3147
- add a hunk so that the db2 test will compile correctly
2009-02-19 22:34:47 +00:00
Nalin Dahyabhai
9d9088d1cc
- note the RT number for the upstream discussion
2009-02-19 22:32:32 +00:00
Nalin Dahyabhai
4c798e4ee7
aargh, what year is it?
2009-01-16 16:19:02 +00:00
Nalin Dahyabhai
2bf7daea40
rebuild
2009-01-16 16:17:56 +00:00
Nalin Dahyabhai
6df4ee1a7a
- krb5_fcc_generate_new(): unlock the fcc list lock before returning in the
...
non-mkstemp() case, don't unlock the lock twice before returning if we
happen to run out of memory (fixed in trunk by rewriting the function)
2008-10-28 21:36:18 +00:00
Nalin Dahyabhai
0d57fe8b86
- telnet can suspend itself if the calling shell supports job control, and
...
around here that's not unique to csh (#433947 ) Of course, if it turns
out that we do have a shell that doesn't support job control, we get to
change this to enumerate the ones that do. Which is sure to be all
kinds of fun.
2008-10-28 21:35:45 +00:00
Nalin Dahyabhai
b1efb9b86d
- if we successfully change the user's password during an attempt to get
...
initial credentials, but then fail to get initial creds from a
non-master using the new password, retry against the master (#432334 )
2008-09-04 15:13:51 +00:00
Tom Callaway
bb9aa2106c
fix license tag
2008-08-05 17:46:07 +00:00
Nalin Dahyabhai
2352d208e3
- define ASN1BUF_OMIT_INLINE_FUNCS at compile-time (for now) to keep
...
building
2008-07-16 21:54:24 +00:00
Nalin Dahyabhai
b5dfa8576a
quote %%{__cc} where needed because it includes whitespace now
2008-07-16 18:40:35 +00:00
Nalin Dahyabhai
6197407f58
- clear fuzz out of patches, dropping a man page patch which is no longer
...
necessary
2008-07-16 18:09:47 +00:00
Nalin Dahyabhai
14f675bab9
- build with -fno-strict-aliasing, which is needed because the library
...
triggers these warnings
2008-07-11 15:16:54 +00:00
Nalin Dahyabhai
37b6c5e715
- rework how labeling is handled to avoid a bootstrapping problem in
...
headers
- don't forget to label the principal database lock file
2008-07-11 15:14:57 +00:00
Tom Callaway
f06f7f1e03
generate include/krb5/krb5.h before building, fix conditional for sparcv9
2008-06-14 18:22:01 +00:00
Nalin Dahyabhai
d11c1aff3a
- whoops, forgot to go back and get the ITS entry number
2008-05-12 18:50:56 +00:00
Nalin Dahyabhai
9f105b4df2
- ftp: use the correct local filename during mget when the 'case' option is
...
enabled (#442713 )
2008-04-16 18:54:08 +00:00
Nalin Dahyabhai
d17f0b5f35
Provide an option to make the KDC also listen on loopback interfaces for
...
datagram requests. Adds an internal symbol to libkrb5 which the KDC
will need if listening on loopback is enabled.
The default might be better changed from FALSE to TRUE so that the default
matches what we do with stream sockets. Or maybe that should be the
default anyway, with no configuration option.
FIXME: doesn't add documentation anywhere.
2008-04-04 21:32:15 +00:00
Nalin Dahyabhai
af9bedd61a
- stop exporting kadmin keys to a keytab file when kadmind starts -- the
...
daemon's been able to use the database directly for a long long time
now
- belatedly add aes128,aes256 to the default set of supported key types
2008-04-04 21:29:53 +00:00
Nalin Dahyabhai
f56b6ee2db
bump for build
2008-04-01 20:54:54 +00:00
Nalin Dahyabhai
ddde7d0f6e
- libgssapi_krb5: properly export the acceptor subkey when creating a lucid
...
context (Kevin Coffman, via the nfs4 mailing list)
2008-04-01 20:53:54 +00:00
Nalin Dahyabhai
7668599d1d
- add fixes from MITKRB5-SA-2008-001 for use of null or dangling pointer
...
when v4 compatibility is enabled on the KDC (CVE-2008-0062,
CVE-2008-0063, #432620 , #432621 )
- add fixes from MITKRB5-SA-2008-002 for array out-of-bounds accesses when
high-numbered descriptors are used (CVE-2008-0947, #433596 )
- add backport bug fix for an attempt to free non-heap memory in
libgssapi_krb5 (CVE-2007-5901, #415321 )
- add backport bug fix for a double-free in out-of-memory situations in
libgssapi_krb5 (CVE-2007-5971, #415351 )
2008-03-18 18:13:22 +00:00
Nalin Dahyabhai
e7e5a76eb7
- remove a couple of hunks where on third look we don't need to be using
...
WRITABLEFOPEN instead of fopen, because the mode doesn't include
writing
2008-03-18 15:49:52 +00:00
Nalin Dahyabhai
638efe585f
- rework file labeling patch to not depend on fragile preprocessor
...
trickery, in another attempt at fixing #428355 and friends
2008-03-18 15:35:39 +00:00
Nalin Dahyabhai
723980d239
bump release number for rebuild
2008-02-26 21:48:24 +00:00
Nalin Dahyabhai
d4963922a8
- ftp: add patch to fix "runique on" case when globbing fixes applied
...
- stop adding a redundant but harmless call to initialize the gssapi
internals
2008-02-26 21:18:38 +00:00
Nalin Dahyabhai
2a567feda3
- add the bug ID, close the bug
2008-02-25 20:55:41 +00:00
Nalin Dahyabhai
d5971d2776
- add patch to suppress double-processing of /etc/krb5.conf when we build
...
with --sysconfdir=/etc, thereby suppressing double-logging (#231147 )
2008-02-25 20:53:41 +00:00
Nalin Dahyabhai
d73fcc15fb
- remove a patch to fix problems with interfaces which are "up" but which
...
have no address assigned which conflicted with a change to fix the same
problem in 1.5 (#200979 )
2008-02-25 19:58:51 +00:00
Nalin Dahyabhai
2cc4303bbc
- ftp: don't lose track of a descriptor on passive get when the server
...
fails to open a file
2008-02-25 19:50:42 +00:00
Nalin Dahyabhai
a7d42c7b03
- in login, allow PAM to interact with the user when they've been strongly
...
authenticated
- in login, signal PAM when we're changing an expired password that it's an
expired password, so that when cracklib flags a password as being weak
it's treated as an error even if we're running as root
2008-02-25 18:33:34 +00:00
Nalin Dahyabhai
ea9df965b8
comment: Treat 'nsAccountLock: true' the same as 'loginDisabled: true'.
...
RT#5891
2008-02-25 18:32:02 +00:00
Nalin Dahyabhai
8e9e1c07b0
- drop netdb patch
...
- kdb_ldap: add patch to treat 'nsAccountLock: true' as an indication that
the DISALLOW_ALL_TIX flag is set on an entry, for better interop with
Fedora, Netscape, Red Hat Directory Server (Simo Sorce)
2008-02-18 18:44:39 +00:00
Nalin Dahyabhai
d64960eca0
- the constants are now provided even without __USE_GNU, so no need for
...
this
2008-02-18 16:54:29 +00:00
Nalin Dahyabhai
a77ce35c52
- avoid depending on <netdb.h> to define NI_MAXHOST and NI_MAXSERV for us
2008-02-13 23:10:32 +00:00
Nalin Dahyabhai
820100e165
- wow, fix a syntax error
2008-02-12 21:03:29 +00:00
Nalin Dahyabhai
7ccda19051
- a second approach proposed in RT
2008-02-12 16:28:13 +00:00