Nalin Dahyabhai
2057747130
- have -server require /usr/share/dict/words, which we set as the default dict_file in kdc.conf ( #817089 )
2012-05-01 11:44:13 -04:00
Nalin Dahyabhai
f2a7c1df57
- comment out example.com examples in default krb5.conf (Stef Walter, #805320 )
2012-03-20 18:21:01 -04:00
Nalin Dahyabhai
f8503cf35b
- changelog that last change
2012-03-20 18:20:08 -04:00
Stef Walter
2da8874065
Change back dns_lookup_kdc to the default
...
The specifications recommend against using TXT records to mapping
hostnames to realms. However they do not recommend against using
SRV records to lookup the KDC.
Change back to the MIT default of enabling DNS for KDC lookup.
This allows automatic configuration and failover.
A theoretical attack involving SRV records could be similarly
accomplished by a similar attack involving the A records for
the KDC hosts.
2012-03-20 18:16:59 -04:00
Nalin Dahyabhai
7d6fe6def6
update sources
2012-03-09 18:48:50 -05:00
Nalin Dahyabhai
70240d81c8
- update to 1.10.1
...
- drop the KDC crash fix
- drop the KDC lookaside cache fix
- drop the fix for kadmind RPC ACLs (CVE-2012-1012)
2012-03-09 18:37:47 -05:00
Nalin Dahyabhai
df8a03bc2b
- note the RT number
2012-03-08 16:21:52 -05:00
Nalin Dahyabhai
4093154587
- when removing -workstation, remove our files from the info index while the file is still there, in %%preun, rather than %%postun, and use the compressed file's name ( #801035 )
2012-03-07 12:04:24 -05:00
Nathaniel McCallum
b44189a932
Fix string RPC ACLs (RT#7093); CVE-2012-1012
2012-02-21 15:40:50 -05:00
Nathaniel McCallum
1b8eb90a4f
add upstream lookaside cache fix RT#7082
2012-01-31 13:42:23 -05:00
Nalin Dahyabhai
9e5f5995cd
- add patch to accept keytab entries with vno==0 as matches when we're searching for an entry with a specific name/kvno (#230382/#782211,RT#3349)
2012-01-30 19:49:10 -05:00
Nalin Dahyabhai
6ac0d24fa5
- note the RT number
2012-01-30 12:51:02 -05:00
Nalin Dahyabhai
fbe4130509
- update to 1.10 final
2012-01-30 10:28:53 -05:00
Nathaniel McCallum
767944b7d8
fix release number
2012-01-26 12:17:35 -05:00
Nathaniel McCallum
a134a66915
add upstream crashfix patch
2012-01-26 11:58:18 -05:00
Nalin Dahyabhai
a04da4baa4
- note the RT number
2012-01-23 18:21:02 -05:00
Nalin Dahyabhai
0ce26f54ef
- update to beta 1
2012-01-12 18:47:26 -05:00
Nalin Dahyabhai
cf65017ae3
- update to beta 1
2012-01-12 18:47:18 -05:00
Nalin Dahyabhai
fd2308c2b8
- update to beta 1
2012-01-12 18:43:25 -05:00
Nalin Dahyabhai
3e2b8913b0
- add missing changelog item
2012-01-12 16:11:04 -05:00
Peter Robinson
c5fead3d7e
mktemp was long obsoleted by coreutils
2012-01-11 10:36:49 +00:00
Nalin Dahyabhai
620baf13cd
- modify the deltat grammar to also tell gcc (4.7) to suppress "maybe-uninitialized" warnings in addition to the "uninitialized" warnings it's already being told to suppress
2012-01-04 13:52:34 -05:00
Nalin Dahyabhai
2496d7a5c9
- update to alpha 2
...
- drop a couple of patches which were integrated for alpha 2
2011-12-20 13:18:27 -05:00
Nalin Dahyabhai
e0a60dd473
- don't need this any more
2011-12-20 11:49:22 -05:00
Nalin Dahyabhai
298c87aab9
- don't need this any more
2011-12-20 11:48:50 -05:00
Nalin Dahyabhai
f28b57af20
- pull in patch for RT#7048: allow PAC verification to only bother trying to
...
verify the signature with keys that it's given (still more of #761317 )
2011-12-13 10:50:02 -05:00
Nalin Dahyabhai
6d68d342c9
- pull in patch for RT#7047: allow tickets obtained via S4U2Proxy to be cached
...
(more of #761317 )
2011-12-13 10:48:28 -05:00
Nalin Dahyabhai
fb7c02faff
- pull in patch for RT#7046: tag a ccache containing credentials obtained via
...
S4U2Proxy with the principal name of the proxying principal (part of #761317 )
2011-12-13 10:47:31 -05:00
Nalin Dahyabhai
03e76d7832
- apply upstream patch to fix a null pointer dereference when processing TGS requests (CVE-2011-1530, #753748 )
2011-12-06 14:12:15 -05:00
Nalin Dahyabhai
4584a88e40
correct the release to match the changelog
2011-11-30 15:13:54 -05:00
Nalin Dahyabhai
635a422817
- correct a bug in the fix for #754001 so that the file creation context is consistently reset
2011-11-30 15:03:45 -05:00
Nalin Dahyabhai
a45a82724d
- require libverto-module-base at build- and runtime so that tests which
...
use verto can work properly
2011-11-15 13:32:43 -05:00
Nalin Dahyabhai
1110ccd873
- bump to 1.10 alpha 1
2011-11-15 12:45:44 -05:00
Nalin Dahyabhai
a8e279c6ee
- get the 'make check' target to build in the gss-kernel-lib subdir
2011-11-14 16:41:13 -05:00
Nalin Dahyabhai
efdfc3a244
update for 1.10
2011-11-09 18:44:22 -05:00
Nalin Dahyabhai
6d42ba9cb1
update for 1.10
2011-11-09 18:44:01 -05:00
Nalin Dahyabhai
be0f417bc2
we shouldn't need this any more, per RT#6893
2011-11-09 18:25:44 -05:00
Nalin Dahyabhai
18b089b01f
update for 1.10
2011-11-09 18:20:14 -05:00
Nalin Dahyabhai
74f66f3e49
dependency libs aren't output any more
2011-11-09 17:15:32 -05:00
Nalin Dahyabhai
530ff94e09
update, adding the default location for KRB5_KDC_PROFILE
2011-11-09 16:47:29 -05:00
Nalin Dahyabhai
dc853050a1
update for 1.10
2011-11-09 16:21:31 -05:00
Nalin Dahyabhai
0fde11f889
update for 1.10; we don't need to prune out CFLAGS any more
2011-11-09 15:26:34 -05:00
Nalin Dahyabhai
2e2a9f645f
update, move /bin before /usr/sbin to keep up with login
2011-11-09 15:17:06 -05:00
Nalin Dahyabhai
8ef1736cb6
update for 1.10
2011-11-09 15:09:41 -05:00
Nalin Dahyabhai
19826e3133
update for 1.10
2011-11-09 15:07:52 -05:00
Nalin Dahyabhai
440e28a51c
update
2011-11-09 14:53:27 -05:00
Nalin Dahyabhai
17a1f736bd
we'll need this until the next upstream refresh
2011-11-09 14:39:29 -05:00
Nalin Dahyabhai
17be63590c
1.10 incorporates this fix
2011-11-09 14:35:36 -05:00
Nalin Dahyabhai
2a0db84775
don't need this backport any more
2011-11-09 14:35:19 -05:00
Nalin Dahyabhai
0709f21db5
don't need this backport any more
2011-11-09 14:29:15 -05:00