Nalin Dahyabhai
af9bedd61a
- stop exporting kadmin keys to a keytab file when kadmind starts -- the
...
daemon's been able to use the database directly for a long long time
now
- belatedly add aes128,aes256 to the default set of supported key types
2008-04-04 21:29:53 +00:00
Nalin Dahyabhai
f56b6ee2db
bump for build
2008-04-01 20:54:54 +00:00
Nalin Dahyabhai
ddde7d0f6e
- libgssapi_krb5: properly export the acceptor subkey when creating a lucid
...
context (Kevin Coffman, via the nfs4 mailing list)
2008-04-01 20:53:54 +00:00
Nalin Dahyabhai
7668599d1d
- add fixes from MITKRB5-SA-2008-001 for use of null or dangling pointer
...
when v4 compatibility is enabled on the KDC (CVE-2008-0062,
CVE-2008-0063, #432620 , #432621 )
- add fixes from MITKRB5-SA-2008-002 for array out-of-bounds accesses when
high-numbered descriptors are used (CVE-2008-0947, #433596 )
- add backport bug fix for an attempt to free non-heap memory in
libgssapi_krb5 (CVE-2007-5901, #415321 )
- add backport bug fix for a double-free in out-of-memory situations in
libgssapi_krb5 (CVE-2007-5971, #415351 )
2008-03-18 18:13:22 +00:00
Nalin Dahyabhai
e7e5a76eb7
- remove a couple of hunks where on third look we don't need to be using
...
WRITABLEFOPEN instead of fopen, because the mode doesn't include
writing
2008-03-18 15:49:52 +00:00
Nalin Dahyabhai
638efe585f
- rework file labeling patch to not depend on fragile preprocessor
...
trickery, in another attempt at fixing #428355 and friends
2008-03-18 15:35:39 +00:00
Nalin Dahyabhai
723980d239
bump release number for rebuild
2008-02-26 21:48:24 +00:00
Nalin Dahyabhai
d4963922a8
- ftp: add patch to fix "runique on" case when globbing fixes applied
...
- stop adding a redundant but harmless call to initialize the gssapi
internals
2008-02-26 21:18:38 +00:00
Nalin Dahyabhai
2a567feda3
- add the bug ID, close the bug
2008-02-25 20:55:41 +00:00
Nalin Dahyabhai
d5971d2776
- add patch to suppress double-processing of /etc/krb5.conf when we build
...
with --sysconfdir=/etc, thereby suppressing double-logging (#231147 )
2008-02-25 20:53:41 +00:00
Nalin Dahyabhai
d73fcc15fb
- remove a patch to fix problems with interfaces which are "up" but which
...
have no address assigned which conflicted with a change to fix the same
problem in 1.5 (#200979 )
2008-02-25 19:58:51 +00:00
Nalin Dahyabhai
2cc4303bbc
- ftp: don't lose track of a descriptor on passive get when the server
...
fails to open a file
2008-02-25 19:50:42 +00:00
Nalin Dahyabhai
a7d42c7b03
- in login, allow PAM to interact with the user when they've been strongly
...
authenticated
- in login, signal PAM when we're changing an expired password that it's an
expired password, so that when cracklib flags a password as being weak
it's treated as an error even if we're running as root
2008-02-25 18:33:34 +00:00
Nalin Dahyabhai
ea9df965b8
comment: Treat 'nsAccountLock: true' the same as 'loginDisabled: true'.
...
RT#5891
2008-02-25 18:32:02 +00:00
Nalin Dahyabhai
8e9e1c07b0
- drop netdb patch
...
- kdb_ldap: add patch to treat 'nsAccountLock: true' as an indication that
the DISALLOW_ALL_TIX flag is set on an entry, for better interop with
Fedora, Netscape, Red Hat Directory Server (Simo Sorce)
2008-02-18 18:44:39 +00:00
Nalin Dahyabhai
d64960eca0
- the constants are now provided even without __USE_GNU, so no need for
...
this
2008-02-18 16:54:29 +00:00
Nalin Dahyabhai
a77ce35c52
- avoid depending on <netdb.h> to define NI_MAXHOST and NI_MAXSERV for us
2008-02-13 23:10:32 +00:00
Nalin Dahyabhai
820100e165
- wow, fix a syntax error
2008-02-12 21:03:29 +00:00
Nalin Dahyabhai
7ccda19051
- a second approach proposed in RT
2008-02-12 16:28:13 +00:00
Nalin Dahyabhai
e4d2a874a4
- enable patch for key-expiration reporting
...
- enable patch to make kpasswd fall back to TCP if UDP fails
- enable patch to make kpasswd use the right sequence number on retransmit
- enable patch to allow mech-specific creds delegated under spnego to be
found when searching for creds
2008-02-12 16:22:38 +00:00
Nalin Dahyabhai
3d4d8cf991
- note RT numbers for reference
...
- include but don't apply the other suggested patch for
kpasswd-doesn't-use-tcp
2008-01-23 18:27:03 +00:00
Nalin Dahyabhai
dcfbb5995a
- revise to reference a different patch which we also don't apply
2008-01-03 16:51:53 +00:00
Nalin Dahyabhai
3a41ec53ed
- less invasive approach to letting kpasswd hit tcp-only servers
2008-01-03 16:51:16 +00:00
Nalin Dahyabhai
f25a7f96a5
- reference unapplied patch to fix password-changing with servers other
...
than the first one we try to contact
- reference bug 242502 (rawhide) instead of 242500 (rhel)
2008-01-03 15:47:35 +00:00
Nalin Dahyabhai
1343fd1973
- bump the release
2008-01-02 17:06:19 +00:00
Nalin Dahyabhai
48872e3b7b
- right, new year
2008-01-02 17:05:02 +00:00
Nalin Dahyabhai
f072055a76
- some init script cleanups
...
- drop unquoted check and silent exit for "$NETWORKING" (#426852 , #242500 )
- krb524: don't barf on missing database if it looks like we're using
kldap, same as for kadmin
- return non-zero status for missing files which cause startup to fail
2008-01-02 17:03:38 +00:00
Nalin Dahyabhai
0aaa920daa
- allocate space for the nul-terminator in the local pathname when looking
...
up a file context, and properly free a previous context (Jose Plans,
#426085 )
2007-12-18 18:34:06 +00:00
Nalin Dahyabhai
ea868608c1
rebuild
2007-12-05 15:21:20 +00:00
Nalin Dahyabhai
6c3186e173
note the CVE for needing the revised patch
2007-11-13 21:58:04 +00:00
Nalin Dahyabhai
4ba98f8eab
add duplicate bug id
2007-11-13 21:41:20 +00:00
Nalin Dahyabhai
acf89fe1da
note the RT number
2007-11-09 15:40:20 +00:00
Nalin Dahyabhai
276a481e88
- update to 1.6.3, dropping now-integrated patches for CVE-2007-3999 and
...
CVE-2007-4000 (the new pkinit module is built conditionally and goes
into the -pkinit-openssl package, at least for now, to make a buildreq
loop with openssl avoidable)
2007-10-23 19:40:45 +00:00
Nalin Dahyabhai
a0f391756d
- make proper use of pam_loginuid and pam_selinux in rshd and ftpd
2007-10-17 17:48:52 +00:00
Bill Nottingham
345c67344c
makefile update to properly grab makefile.common
2007-10-15 18:56:42 +00:00
Nalin Dahyabhai
528eff0ac5
- make krb5.conf %%verify(not md5 size mtime) in addition to
...
%%config(noreplace), like /etc/nsswitch.conf (#329811 )
2007-10-12 18:32:28 +00:00
Nalin Dahyabhai
6e3299423a
- proposed fix for not being able to find delegated krb5 creds when using
...
spnego
2007-10-04 22:08:39 +00:00
Nalin Dahyabhai
359196dde6
- revert to the version that hit upstream SVN
2007-10-04 21:44:02 +00:00
Nalin Dahyabhai
1bb4c4c0c2
- reflect the adjustment just submitted to upstream RT #5802
2007-10-01 21:39:09 +00:00
Nalin Dahyabhai
1dd0ff3e30
- proposed patch to fix receipt of delegated creds in mod_auth_kerb
2007-10-01 19:40:47 +00:00
Nalin Dahyabhai
14a08486e8
- add the bug ID to the kadmind fixes, note Fran's patch was identical to
...
the one I thought we were already using in the F-7 branch
2007-09-17 20:47:02 +00:00
Nalin Dahyabhai
995166d33c
- undef functions that we override before redefining them; ultimately this
...
will have to be completely reworked to not use preprocessor magic
because it's gotten way uglier than originally planned
2007-09-17 20:46:21 +00:00
Nalin Dahyabhai
2688de92f1
- move the db2 kdb plugin from -server to -libs, because a multilib libkdb
...
might need it
2007-09-11 20:52:15 +00:00
Nalin Dahyabhai
f330d3856e
- don't exit if we have a kldap db
2007-09-11 19:03:15 +00:00
Nalin Dahyabhai
83381c77e7
- also perform PAM session and credential management when ftpd accepts a
...
client using strong authentication, missed earlier
- also label kadmind log files and files created by the db2 plugin
2007-09-11 14:12:38 +00:00
Nalin Dahyabhai
71c80f37b5
- also label kadmind log files and files created by the db2 plugin
2007-09-11 14:12:03 +00:00
Nalin Dahyabhai
c6b195a8d3
- ftpd: also do PAM management for clients who use strong authentication
2007-09-11 14:11:22 +00:00
Nalin Dahyabhai
8684e97aa9
bye-bye obsolete patch
2007-09-06 21:03:00 +00:00
Nalin Dahyabhai
78cfdd7edb
- incorporate updated fix for CVE-2007-3999
2007-09-06 20:20:55 +00:00
Nalin Dahyabhai
251df090d0
bump the revision
2007-09-06 20:09:14 +00:00