Nalin Dahyabhai
20266fd9d7
switch to the upstream patch for #707145
2011-05-26 10:55:11 -04:00
Nalin Dahyabhai
e14f89fa17
klist: don't trip over referral entries when invoked with -s ( #707145 , RT#6915)
2011-05-25 16:55:39 -04:00
Nalin Dahyabhai
7368cf9d38
- fixup URL in a comment
...
- when built with NSS, require 3.12.10 rather than 3.12.9
2011-05-06 10:09:53 -04:00
Nalin Dahyabhai
ac127d5263
- update to 1.9.1:
...
- drop no-longer-needed patches for CVE-2010-4022, CVE-2011-0281,
CVE-2011-0282, CVE-2011-0283, CVE-2011-0284, CVE-2011-0285
2011-05-05 19:03:10 -04:00
Nalin Dahyabhai
d2ffb0c7c5
add the bug ID for that last fix
2011-04-13 17:21:33 -04:00
Nalin Dahyabhai
301c9d3ae2
- kadmind: add upstream patch to fix free() on an invalid pointer (MITKRB5-SA-2011-004, CVE-2011-0285)
2011-04-13 15:38:22 -04:00
Nalin Dahyabhai
5ad8efcad5
- don't discard the error code from an error message received in response
...
to a change-password request (#658871 , RT#6893)
2011-04-04 19:04:05 -04:00
Nalin Dahyabhai
2ee39c5e61
- override INSTALL_SETUID at build-time so that ksu is installed into
...
the buildroot with the right permissions (part of #225974 )
2011-04-01 15:52:29 -04:00
Nalin Dahyabhai
27e969332f
- backport change from SVN to fix a computed-value-not-used warning in
...
kpropd (#684065 )
2011-03-18 13:23:22 -04:00
Nalin Dahyabhai
41bc7a0e62
- turn off NSS as the backend for libk5crypto for now to work around its
...
DES string2key not working (#679012 )
- add revised upstream patch to fix double-free in KDC while returning
typed-data with errors (CVE-2011-0284, #674325 )
2011-03-15 14:25:01 -04:00
Nalin Dahyabhai
cbdf0e37a6
- throw in a not-applied-by-default patch to try to make pkinit debugging into a run-time boolean option named "pkinit_debug"
2011-02-17 11:31:49 -05:00
Nalin Dahyabhai
b77e5a0e35
turn on NSS as the backend for libk5crypto, adding nss-devel as a build dependency when that switch is flipped
2011-02-16 19:05:39 -05:00
Nalin Dahyabhai
08f510b379
- krb5kdc init script: prototype some changes to do a quick spot-check
...
of the TGS and kadmind keys and warn if there aren't any non-weak keys
on file for them (to flush out parts of #651466 )
2011-02-09 15:25:17 -05:00
Nalin Dahyabhai
62cb58fe6f
reference the raw hide bug ID for CVE-2011-0283 in the changelog
2011-02-08 16:38:16 -05:00
Nalin Dahyabhai
be633bbbb2
- add upstream patches to fix standalone kpropd exiting if the per-client
...
child process exits with an error (MITKRB5-SA-2011-001), a hang or crash
in the KDC when using the LDAP kdb backend, and an uninitialized pointer
use in the KDC (MITKRB5-SA-2011-002) (CVE-2010-4022, #664009 ,
CVE-2011-0281, #668719 , CVE-2011-0282, #668726 , CVE-2011-0283, #670567 )
2011-02-08 14:37:19 -05:00
Dennis Gilmore
4fe1ed04f8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
2011-02-07 21:09:16 -06:00
Nalin Dahyabhai
9fed313d79
fix a compile error in the SELinux labeling patch when -DDEBUG is used (Sumit Bose)
2011-02-07 11:24:03 -05:00
Nalin Dahyabhai
293e1a6e51
- properly advertise that the kpropd init script now supports force-reload (Zbysek Mraz #630587 )
2011-02-01 10:38:05 -05:00
Nalin Dahyabhai
3442cb8a33
- pkinit: when verifying signed data, use the CMS APIs for better interoperability ( #636985 , RT#6851)
2011-01-26 13:59:56 -05:00
Nalin Dahyabhai
8c3bae0303
update to 1.9 final
2010-12-22 17:22:08 -05:00
Nalin Dahyabhai
09a9ac8a63
- fix link flags and permissions on shared libraries (ausil)
2010-12-20 15:20:01 -05:00
Nalin Dahyabhai
ce5e3836b2
- update to 1.9 beta 3
2010-12-16 14:43:53 -05:00
Nalin Dahyabhai
695c21dd42
- update to beta 2
2010-12-06 16:55:35 -05:00
Nalin Dahyabhai
478f86fe1e
add tweaks for initial whitespace that cause 389-ds to choke on the schema ldif
2010-12-06 16:55:34 -05:00
Nalin Dahyabhai
eb90866aa9
- drop not-needed-since-1.8 build dependency on rsh (ssorce)
2010-12-06 16:55:34 -05:00
Nalin Dahyabhai
b9f9657a15
- if WITH_NSS is set, built with --with-crypto-impl=nss (requires NSS 3.12.9)
2010-12-06 16:55:34 -05:00
Nalin Dahyabhai
66b6f44b6c
- initial jump to 1.9 beta 1
2010-12-06 16:55:33 -05:00
Nalin Dahyabhai
5faba5957f
- right, renamed the patch
2010-11-30 14:28:42 -05:00
Nalin Dahyabhai
786702d87a
add upstream patch to fix various issues from MITKRB5-SA-2010-007
2010-11-30 12:00:23 -05:00
Nalin Dahyabhai
60f5ea8eaf
- incorporate upstream patch to fix uninitialized pointer crash in the KDC's authorization data handling (CVE-2010-1322, #636335 )
2010-10-05 15:29:32 -04:00
Nalin Dahyabhai
e84327e216
- pull down patches from trunk to implement k5login_authoritative and k5login_directory settings for krb5.conf ( #539423 )
2010-10-04 19:01:38 -04:00
Jesse Keating
82f4c7f41e
- Rebuilt for gcc bug 634757
2010-09-29 14:34:57 -07:00
Nalin Dahyabhai
f44b554d1b
- fix reading of keyUsage extensions when attempting to select pkinit client certs (part of #629022 , RT#6775)
...
- fix selection of pkinit client certs when one or more don't include a subjectAltName extension (part of #629022 , RT#6774)
2010-09-16 19:32:06 -04:00
Nalin Dahyabhai
3f5343a0b9
- build with -fstack-protector-all instead of the default -fstack-protector,
...
so that we add checking to more functions (i.e., all of them) (#629950 )
2010-09-03 13:50:17 -04:00
Nalin Dahyabhai
a7376e1a41
- also link binaries with -Wl,-z,relro,-z,now (part of #629950 )
2010-09-03 13:08:45 -04:00
Nalin Dahyabhai
6130f43a46
- fix a logic bug in computing key expiration times (RT#6762, #627022 )
2010-08-24 18:29:42 -04:00
Nalin Dahyabhai
0c20d8744b
- update to 1.8.3
...
- drop backports of fixes for gss context expiration and error table
registration/deregistration mismatch
- drop patch for upstream #6750
2010-08-04 18:22:20 -04:00
Nalin Dahyabhai
eed65b02ae
- fix a typo in the changelog
2010-07-15 15:47:39 +00:00
Nalin Dahyabhai
45b591b3eb
- fix parsing of the pidfile option in the KDC (upstream #6750 )
2010-07-07 20:56:07 +00:00
Nalin Dahyabhai
8b8653b9be
- add logrotate configuration files for krb5kdc and kadmind ( #462658 )
2010-07-07 18:09:05 +00:00
Nalin Dahyabhai
a0ca6e4d98
- tell krb5kdc and kadmind to create pid files, since they can
2010-07-07 17:41:39 +00:00
Nalin Dahyabhai
cb407c5fa1
- libgssapi: pull in patch from svn to stop returning context-expired
...
errors when the ticket which was used to set up the context expires
(#605366 , upstream #6739 )
2010-06-21 18:26:35 +00:00
Nalin Dahyabhai
da92cbb7b4
- pull up fix for upstream #6745 , in which the gssapi library would add the
...
wrong error table but subsequently attempt to unload the right one
2010-06-21 18:11:40 +00:00
Nalin Dahyabhai
e067cf87fe
- update to 1.8.2
...
- drop patches for CVE-2010-1320, CVE-2010-1321
2010-06-10 22:21:43 +00:00
Nalin Dahyabhai
1313c14673
- reference the right bug -- this wasn't a problem until the revision
2010-05-27 21:10:28 +00:00
Nalin Dahyabhai
17238354c3
don't skip the PAM account check for root or the same user (more of
...
#477033 )
2010-05-27 20:53:30 +00:00
Nalin Dahyabhai
ccdc4a4228
- ksu: move session management calls to before we drop privileges, like su
...
does (#596887 )
2010-05-27 20:01:43 +00:00
Nalin Dahyabhai
b60e63ef2b
- that -fno-strict-aliasing change merits a rebuild
2010-05-24 22:15:15 +00:00
Nalin Dahyabhai
ab9e2985db
- go back to building without strict aliasing (compiler warnings in gssrpc)
2010-05-24 21:31:38 +00:00
Nalin Dahyabhai
5d72216a22
- drop explicit linking with libtinfo for applications that use libss, now
...
that readline itself links with libtinfo (as of readline-5.2-3, since
fedora 7 or so)
2010-05-24 20:42:04 +00:00