rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity
809 Commits 9 Branches 52 Tags 8.1 MiB
14a63ce373
Commit Graph

809 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nalin Dahyabhai
16a5c7affc back out the recent labeling change, per dwalsh 
- back out this labeling change (dwalsh):
  - when building the new label for a file we're about to create, also mix
    in the current range, in addition to the current user
 2012-06-05 16:24:15 -04:00
Nalin Dahyabhai
6e8c2c396c add explicit buildrequires: on 'hostname' and 'net-tools' 
- add explicit buildrequires: on 'hostname', for the tests, on systems where
  it's in its own package, and require net-tools, which used to provide the
  command, everywhere
 2012-06-01 16:31:50 -04:00
Nalin Dahyabhai
f06298144d no-separate-/usr means we don't have to move shlibs 
- don't shuffle around any shared libraries on releases with
  no-separate-/usr, since /lib and /usr/lib are the same anyway
 2012-06-01 15:41:01 -04:00
Nalin Dahyabhai
037ab925da backport a fix for keytabs which don't have keys for all enctypes 
- add a backport of Stef's patch to set the client's list of supported
  enctypes to match the types of keys that we have when we are using a
  keytab to try to get initial credentials, so that a KDC won't send us
  an AS reply that we can't encrypt (RT#2131, #748528)
 2012-06-01 15:24:41 -04:00
Nalin Dahyabhai
b8b71859bb update to 1.10.2 
- when building the new label for a file we're about to create, also mix
  in the current range, in addition to the current user
- also package the PDF format admin, user, and install guides
- drop some PDFs that no longer get built right
 2012-06-01 14:05:55 -04:00
Nalin Dahyabhai
cd92a2cbb4 - skip the setfscreatecon() if fopen() is passed "rb" as the open mode (part of #819115) 2012-05-07 17:28:51 -04:00
Nalin Dahyabhai
2057747130 - have -server require /usr/share/dict/words, which we set as the default dict_file in kdc.conf (#817089) 2012-05-01 11:44:13 -04:00
Nalin Dahyabhai
f2a7c1df57 - comment out example.com examples in default krb5.conf (Stef Walter, #805320) 2012-03-20 18:21:01 -04:00
Nalin Dahyabhai
f8503cf35b - changelog that last change 2012-03-20 18:20:08 -04:00
Stef Walter
2da8874065 Change back dns_lookup_kdc to the default 
The specifications recommend against using TXT records to mapping
hostnames to realms. However they do not recommend against using
SRV records to lookup the KDC.

Change back to the MIT default of enabling DNS for KDC lookup.
This allows automatic configuration and failover.

A theoretical attack involving SRV records could be similarly
accomplished by a similar attack involving the A records for
the KDC hosts.
 2012-03-20 18:16:59 -04:00
Nalin Dahyabhai
7d6fe6def6 update sources 2012-03-09 18:48:50 -05:00
Nalin Dahyabhai
70240d81c8 - update to 1.10.1 
- drop the KDC crash fix
  - drop the KDC lookaside cache fix
  - drop the fix for kadmind RPC ACLs (CVE-2012-1012)
 2012-03-09 18:37:47 -05:00
Nalin Dahyabhai
df8a03bc2b - note the RT number 2012-03-08 16:21:52 -05:00
Nalin Dahyabhai
4093154587 - when removing -workstation, remove our files from the info index while the file is still there, in %%preun, rather than %%postun, and use the compressed file's name (#801035) 2012-03-07 12:04:24 -05:00
Nathaniel McCallum
b44189a932 Fix string RPC ACLs (RT#7093); CVE-2012-1012 2012-02-21 15:40:50 -05:00
Nathaniel McCallum
1b8eb90a4f add upstream lookaside cache fix RT#7082 2012-01-31 13:42:23 -05:00
Nalin Dahyabhai
9e5f5995cd - add patch to accept keytab entries with vno==0 as matches when we're searching for an entry with a specific name/kvno (#230382/#782211,RT#3349) 2012-01-30 19:49:10 -05:00
Nalin Dahyabhai
6ac0d24fa5 - note the RT number 2012-01-30 12:51:02 -05:00
Nalin Dahyabhai
fbe4130509 - update to 1.10 final 2012-01-30 10:28:53 -05:00
Nathaniel McCallum
767944b7d8 fix release number 2012-01-26 12:17:35 -05:00
Nathaniel McCallum
a134a66915 add upstream crashfix patch 2012-01-26 11:58:18 -05:00
Nalin Dahyabhai
a04da4baa4 - note the RT number 2012-01-23 18:21:02 -05:00
Nalin Dahyabhai
0ce26f54ef - update to beta 1 2012-01-12 18:47:26 -05:00
Nalin Dahyabhai
cf65017ae3 - update to beta 1 2012-01-12 18:47:18 -05:00
Nalin Dahyabhai
fd2308c2b8 - update to beta 1 2012-01-12 18:43:25 -05:00
Nalin Dahyabhai
3e2b8913b0 - add missing changelog item 2012-01-12 16:11:04 -05:00
Peter Robinson
c5fead3d7e mktemp was long obsoleted by coreutils 2012-01-11 10:36:49 +00:00
Nalin Dahyabhai
620baf13cd - modify the deltat grammar to also tell gcc (4.7) to suppress "maybe-uninitialized" warnings in addition to the "uninitialized" warnings it's already being told to suppress 2012-01-04 13:52:34 -05:00
Nalin Dahyabhai
2496d7a5c9 - update to alpha 2 
- drop a couple of patches which were integrated for alpha 2
 2011-12-20 13:18:27 -05:00
Nalin Dahyabhai
e0a60dd473 - don't need this any more 2011-12-20 11:49:22 -05:00
Nalin Dahyabhai
298c87aab9 - don't need this any more 2011-12-20 11:48:50 -05:00
Nalin Dahyabhai
f28b57af20 - pull in patch for RT#7048: allow PAC verification to only bother trying to 
verify the signature with keys that it's given (still more of #761317)
 2011-12-13 10:50:02 -05:00
Nalin Dahyabhai
6d68d342c9 - pull in patch for RT#7047: allow tickets obtained via S4U2Proxy to be cached 
(more of #761317)
 2011-12-13 10:48:28 -05:00
Nalin Dahyabhai
fb7c02faff - pull in patch for RT#7046: tag a ccache containing credentials obtained via 
S4U2Proxy with the principal name of the proxying principal (part of #761317)
 2011-12-13 10:47:31 -05:00
Nalin Dahyabhai
03e76d7832 - apply upstream patch to fix a null pointer dereference when processing TGS requests (CVE-2011-1530, #753748) 2011-12-06 14:12:15 -05:00
Nalin Dahyabhai
4584a88e40 correct the release to match the changelog 2011-11-30 15:13:54 -05:00
Nalin Dahyabhai
635a422817 - correct a bug in the fix for #754001 so that the file creation context is consistently reset 2011-11-30 15:03:45 -05:00
Nalin Dahyabhai
a45a82724d - require libverto-module-base at build- and runtime so that tests which 
use verto can work properly
 2011-11-15 13:32:43 -05:00
Nalin Dahyabhai
1110ccd873 - bump to 1.10 alpha 1 2011-11-15 12:45:44 -05:00
Nalin Dahyabhai
a8e279c6ee - get the 'make check' target to build in the gss-kernel-lib subdir 2011-11-14 16:41:13 -05:00
Nalin Dahyabhai
efdfc3a244 update for 1.10 2011-11-09 18:44:22 -05:00
Nalin Dahyabhai
6d42ba9cb1 update for 1.10 2011-11-09 18:44:01 -05:00
Nalin Dahyabhai
be0f417bc2 we shouldn't need this any more, per RT#6893 2011-11-09 18:25:44 -05:00
Nalin Dahyabhai
18b089b01f update for 1.10 2011-11-09 18:20:14 -05:00
Nalin Dahyabhai
74f66f3e49 dependency libs aren't output any more 2011-11-09 17:15:32 -05:00
Nalin Dahyabhai
530ff94e09 update, adding the default location for KRB5_KDC_PROFILE 2011-11-09 16:47:29 -05:00
Nalin Dahyabhai
dc853050a1 update for 1.10 2011-11-09 16:21:31 -05:00
Nalin Dahyabhai
0fde11f889 update for 1.10; we don't need to prune out CFLAGS any more 2011-11-09 15:26:34 -05:00
Nalin Dahyabhai
2e2a9f645f update, move /bin before /usr/sbin to keep up with login 2011-11-09 15:17:06 -05:00
Nalin Dahyabhai
8ef1736cb6 update for 1.10 2011-11-09 15:09:41 -05:00