rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity
203 Commits 9 Branches 46 Tags 7.8 MiB
3d4d8cf991
Commit Graph

152 Commits

Author SHA1 Message Date
Nalin Dahyabhai
3d4d8cf991 - note RT numbers for reference 
- include but don't apply the other suggested patch for
    kpasswd-doesn't-use-tcp
 2008-01-23 18:27:03 +00:00
Nalin Dahyabhai
dcfbb5995a - revise to reference a different patch which we also don't apply 2008-01-03 16:51:53 +00:00
Nalin Dahyabhai
f25a7f96a5 - reference unapplied patch to fix password-changing with servers other 
than the first one we try to contact
- reference bug 242502 (rawhide) instead of 242500 (rhel)
 2008-01-03 15:47:35 +00:00
Nalin Dahyabhai
1343fd1973 - bump the release 2008-01-02 17:06:19 +00:00
Nalin Dahyabhai
48872e3b7b - right, new year 2008-01-02 17:05:02 +00:00
Nalin Dahyabhai
f072055a76 - some init script cleanups 
- drop unquoted check and silent exit for "$NETWORKING" (#426852, #242500)
- krb524: don't barf on missing database if it looks like we're using
    kldap, same as for kadmin
- return non-zero status for missing files which cause startup to fail
 2008-01-02 17:03:38 +00:00
Nalin Dahyabhai
0aaa920daa - allocate space for the nul-terminator in the local pathname when looking 
up a file context, and properly free a previous context (Jose Plans,
    #426085)
 2007-12-18 18:34:06 +00:00
Nalin Dahyabhai
ea868608c1 rebuild 2007-12-05 15:21:20 +00:00
Nalin Dahyabhai
6c3186e173 note the CVE for needing the revised patch 2007-11-13 21:58:04 +00:00
Nalin Dahyabhai
4ba98f8eab add duplicate bug id 2007-11-13 21:41:20 +00:00
Nalin Dahyabhai
276a481e88 - update to 1.6.3, dropping now-integrated patches for CVE-2007-3999 and 
CVE-2007-4000 (the new pkinit module is built conditionally and goes
    into the -pkinit-openssl package, at least for now, to make a buildreq
    loop with openssl avoidable)
 2007-10-23 19:40:45 +00:00
Nalin Dahyabhai
a0f391756d - make proper use of pam_loginuid and pam_selinux in rshd and ftpd 2007-10-17 17:48:52 +00:00
Nalin Dahyabhai
528eff0ac5 - make krb5.conf %%verify(not md5 size mtime) in addition to 
%%config(noreplace), like /etc/nsswitch.conf (#329811)
 2007-10-12 18:32:28 +00:00
Nalin Dahyabhai
6e3299423a - proposed fix for not being able to find delegated krb5 creds when using 
spnego
 2007-10-04 22:08:39 +00:00
Nalin Dahyabhai
1dd0ff3e30 - proposed patch to fix receipt of delegated creds in mod_auth_kerb 2007-10-01 19:40:47 +00:00
Nalin Dahyabhai
14a08486e8 - add the bug ID to the kadmind fixes, note Fran's patch was identical to 
the one I thought we were already using in the F-7 branch
 2007-09-17 20:47:02 +00:00
Nalin Dahyabhai
2688de92f1 - move the db2 kdb plugin from -server to -libs, because a multilib libkdb 
might need it
 2007-09-11 20:52:15 +00:00
Nalin Dahyabhai
83381c77e7 - also perform PAM session and credential management when ftpd accepts a 
client using strong authentication, missed earlier
- also label kadmind log files and files created by the db2 plugin
 2007-09-11 14:12:38 +00:00
Nalin Dahyabhai
251df090d0 bump the revision 2007-09-06 20:09:14 +00:00
Nalin Dahyabhai
07adde54fa - incorporate updated fix for CVE-2007-3999 2007-09-06 20:08:19 +00:00
Nalin Dahyabhai
b54c6a0718 - incorporate fixes for MITKRB5-SA-2007-006 (CVE-2007-3999, CVE-2007-4000) 2007-09-04 18:10:23 +00:00
Nalin Dahyabhai
929680a650 add missing gawk buildrequirement 2007-08-25 05:12:34 +00:00
Nalin Dahyabhai
8499d2199c - actually bump the release number 2007-08-25 04:33:13 +00:00
Nalin Dahyabhai
5502d6651d - cover more cases in labeling files on creation 2007-08-25 04:31:34 +00:00
Nalin Dahyabhai
e0443e5457 - experimental ok-as-delegate setting patch (not applied) 2007-08-25 04:28:10 +00:00
Nalin Dahyabhai
79f8a98d4f rebuild 2007-08-23 20:50:42 +00:00
Nalin Dahyabhai
2f7dffc0f3 - include but don't apply 2007-07-26 19:08:20 +00:00
Nalin Dahyabhai
fbe8865459 - kdc.conf: default to listening for TCP clients, too (#248415) 2007-07-26 18:36:57 +00:00
Nalin Dahyabhai
34ce3fe705 - add a preliminary patch for #231147. initially not applied. 2007-07-23 21:01:33 +00:00
Nalin Dahyabhai
c0cd730c79 - update to 1.6.2 
- add "buildrequires: texinfo-tex" to get texi2pdf
 2007-07-19 16:50:28 +00:00
Nalin Dahyabhai
147635188d add CVE identifiers to the more recent changelog 2007-06-27 18:39:06 +00:00
Nalin Dahyabhai
cd3f50fb19 - incorporate fixes for MITKRB5-SA-2007-004 and MITKRB5-SA-2007-005 2007-06-27 06:08:01 +00:00
Nalin Dahyabhai
196ea67f06 - add missing pam-devel build requirement, force selinux-or-fail build 2007-06-25 01:16:51 +00:00
Nalin Dahyabhai
cb76d1ea2b rebuild 2007-06-25 00:56:37 +00:00
Nalin Dahyabhai
d360ed53e4 - label all files at creation-time according to the SELinux policy 
(#228157)
 2007-06-25 00:55:25 +00:00
Nalin Dahyabhai
e773dcc288 - um, maybe not just yet 2007-06-22 22:33:07 +00:00
Nalin Dahyabhai
2ecf4e22d8 nope, we don't provide that file 2007-06-22 22:15:03 +00:00
Nalin Dahyabhai
70ccd082ae - oops, note that pam changes went in, too 2007-06-22 22:10:15 +00:00
Nalin Dahyabhai
117cdbbea7 - preprocess kerberos.ldif into a format FDS will like better, and include 
that as a doc file as well
 2007-06-22 22:06:27 +00:00
Nalin Dahyabhai
37416c24a6 - switch man pages to being generated with the right paths in them 
- drop old, incomplete SELinux patch
- add patch from Greg Hudson to make srvtab routines report missing-file
    errors at same point that keytab routines do (#241805)
 2007-06-22 22:04:38 +00:00
Nalin Dahyabhai
ad9d82cb5c - pull patch from svn to undo unintentional chattiness in ftp 
- pull patch from svn to handle NULL krb5_get_init_creds_opt structures
    better in a couple of places where they're expected
 2007-05-24 15:43:24 +00:00
Nalin Dahyabhai
3f30bc2d6d bump release number 2007-05-23 22:06:26 +00:00
Nalin Dahyabhai
7877c27fc3 - bump to 1.6.1 2007-05-23 21:48:27 +00:00
Nalin Dahyabhai
a9c20b1574 - kadmind.init: don't fail outright if the default principal database isn't 
there if it looks like we might be using the kldap plugin
- kadmind.init: attempt to extract the key for the host-specific kadmin
    service when we try to create the keytab
 2007-05-18 22:16:16 +00:00
Nalin Dahyabhai
ea9e19241a - omit dependent libraries from the krb5-config --libs output, as using 
shared libraries (no more static libraries) makes them unnecessary and
    they're not part of the libkrb5 interface (patch by Rex Dieter,
    #240220) (strips out libkeyutils, libresolv, libdl)
 2007-05-16 19:48:19 +00:00
Nalin Dahyabhai
a7114b4891 - pull in keyutils as a build requirement to get the "KEYRING:" ccache 
type, because we've merged
 2007-05-04 19:03:00 +00:00
Nalin Dahyabhai
a321e486d2 - fix an uninitialized length value which could cause a crash when parsing 
key data coming from a directory server
- correct a typo in the krb5.conf man page ("ldap_server"->"ldap_servers")
 2007-05-04 18:10:01 +00:00
Nalin Dahyabhai
1739ef7213 - move the default acl_file, dict_file, and admin_keytab settings to the 
part of the default/example kdc.conf where they'll actually have an
    effect (#236417)
 2007-04-13 19:07:25 +00:00
Nalin Dahyabhai
471b4b51f3 - add patch to correct unauthorized access via krb5-aware telnet daemon 
(#229782, CVE-2007-0956)
- add patch to fix buffer overflow in krb5kdc and kadmind (#231528,
    CVE-2007-0957)
- add patch to fix double-free in kadmind (#231537, CVE-2007-1216)
 2007-04-03 18:46:41 +00:00
Nalin Dahyabhai
598e71ffbc - add a couple of ldap-specific data files as documentation, so that admins 
have the needed schema for their directory servers
 2007-04-03 18:43:05 +00:00