rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity
565 Commits 9 Branches 46 Tags 7.8 MiB
5d6308abab
Commit Graph

377 Commits

Author SHA1 Message Date
Nalin Dahyabhai
5d6308abab cache the selabel context between uses (dwalsh) 
- selinux: hang on to the list of selinux contexts, freeing and reloading
  it only when the file we read it from is modified, freeing it when the
  shared library is being unloaded (#845125)
 2012-08-02 18:50:32 -04:00
Nalin Dahyabhai
38e22af414 undo file-move fixes on Fedora 17 
- go back to not messing with library file paths on Fedora 17: it breaks
  file path dependencies in other packages, and since Fedora 17 is already
  released, breaking that is our fault
 2012-08-02 11:15:21 -04:00
Nalin Dahyabhai
899e166076 update bug numbers for this update 2012-07-31 14:34:09 -04:00
Nalin Dahyabhai
718a1573e1 fixes for MITKRB5-SA-2012-001 and .so symlinks 
- add upstream patch to fix freeing an uninitialized pointer and dereferencing
  another uninitialized pointer in the KDC (MITKRB5-SA-2012-001, CVE-2012-1014
  and CVE-2012-1015, #838012)
- fix a thinko in whether or not we mess around with devel .so symlinks on
  systems without a separate /usr (sbose)
 2012-07-31 14:14:12 -04:00
Dennis Gilmore
a020fb0304 Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild 2012-07-27 00:46:48 -05:00
Nalin Dahyabhai
f60e9ef28c backport RT#7183 
- backport a fix to allow a PKINIT client to handle SignedData from a KDC
  that's signed with a certificate that isn't in the SignedData, but which
  is available as an anchor or intermediate on the client (RT#7183)
 2012-06-22 14:07:46 -04:00
Nalin Dahyabhai
16a5c7affc back out the recent labeling change, per dwalsh 
- back out this labeling change (dwalsh):
  - when building the new label for a file we're about to create, also mix
    in the current range, in addition to the current user
 2012-06-05 16:24:15 -04:00
Nalin Dahyabhai
6e8c2c396c add explicit buildrequires: on 'hostname' and 'net-tools' 
- add explicit buildrequires: on 'hostname', for the tests, on systems where
  it's in its own package, and require net-tools, which used to provide the
  command, everywhere
 2012-06-01 16:31:50 -04:00
Nalin Dahyabhai
f06298144d no-separate-/usr means we don't have to move shlibs 
- don't shuffle around any shared libraries on releases with
  no-separate-/usr, since /lib and /usr/lib are the same anyway
 2012-06-01 15:41:01 -04:00
Nalin Dahyabhai
037ab925da backport a fix for keytabs which don't have keys for all enctypes 
- add a backport of Stef's patch to set the client's list of supported
  enctypes to match the types of keys that we have when we are using a
  keytab to try to get initial credentials, so that a KDC won't send us
  an AS reply that we can't encrypt (RT#2131, #748528)
 2012-06-01 15:24:41 -04:00
Nalin Dahyabhai
b8b71859bb update to 1.10.2 
- when building the new label for a file we're about to create, also mix
  in the current range, in addition to the current user
- also package the PDF format admin, user, and install guides
- drop some PDFs that no longer get built right
 2012-06-01 14:05:55 -04:00
Nalin Dahyabhai
cd92a2cbb4 - skip the setfscreatecon() if fopen() is passed "rb" as the open mode (part of #819115) 2012-05-07 17:28:51 -04:00
Nalin Dahyabhai
2057747130 - have -server require /usr/share/dict/words, which we set as the default dict_file in kdc.conf (#817089) 2012-05-01 11:44:13 -04:00
Nalin Dahyabhai
f2a7c1df57 - comment out example.com examples in default krb5.conf (Stef Walter, #805320) 2012-03-20 18:21:01 -04:00
Nalin Dahyabhai
f8503cf35b - changelog that last change 2012-03-20 18:20:08 -04:00
Nalin Dahyabhai
70240d81c8 - update to 1.10.1 
- drop the KDC crash fix
  - drop the KDC lookaside cache fix
  - drop the fix for kadmind RPC ACLs (CVE-2012-1012)
 2012-03-09 18:37:47 -05:00
Nalin Dahyabhai
4093154587 - when removing -workstation, remove our files from the info index while the file is still there, in %%preun, rather than %%postun, and use the compressed file's name (#801035) 2012-03-07 12:04:24 -05:00
Nathaniel McCallum
b44189a932 Fix string RPC ACLs (RT#7093); CVE-2012-1012 2012-02-21 15:40:50 -05:00
Nathaniel McCallum
1b8eb90a4f add upstream lookaside cache fix RT#7082 2012-01-31 13:42:23 -05:00
Nalin Dahyabhai
9e5f5995cd - add patch to accept keytab entries with vno==0 as matches when we're searching for an entry with a specific name/kvno (#230382/#782211,RT#3349) 2012-01-30 19:49:10 -05:00
Nalin Dahyabhai
6ac0d24fa5 - note the RT number 2012-01-30 12:51:02 -05:00
Nalin Dahyabhai
fbe4130509 - update to 1.10 final 2012-01-30 10:28:53 -05:00
Nathaniel McCallum
767944b7d8 fix release number 2012-01-26 12:17:35 -05:00
Nathaniel McCallum
a134a66915 add upstream crashfix patch 2012-01-26 11:58:18 -05:00
Nalin Dahyabhai
a04da4baa4 - note the RT number 2012-01-23 18:21:02 -05:00
Nalin Dahyabhai
cf65017ae3 - update to beta 1 2012-01-12 18:47:18 -05:00
Nalin Dahyabhai
3e2b8913b0 - add missing changelog item 2012-01-12 16:11:04 -05:00
Peter Robinson
c5fead3d7e mktemp was long obsoleted by coreutils 2012-01-11 10:36:49 +00:00
Nalin Dahyabhai
620baf13cd - modify the deltat grammar to also tell gcc (4.7) to suppress "maybe-uninitialized" warnings in addition to the "uninitialized" warnings it's already being told to suppress 2012-01-04 13:52:34 -05:00
Nalin Dahyabhai
2496d7a5c9 - update to alpha 2 
- drop a couple of patches which were integrated for alpha 2
 2011-12-20 13:18:27 -05:00
Nalin Dahyabhai
f28b57af20 - pull in patch for RT#7048: allow PAC verification to only bother trying to 
verify the signature with keys that it's given (still more of #761317)
 2011-12-13 10:50:02 -05:00
Nalin Dahyabhai
6d68d342c9 - pull in patch for RT#7047: allow tickets obtained via S4U2Proxy to be cached 
(more of #761317)
 2011-12-13 10:48:28 -05:00
Nalin Dahyabhai
fb7c02faff - pull in patch for RT#7046: tag a ccache containing credentials obtained via 
S4U2Proxy with the principal name of the proxying principal (part of #761317)
 2011-12-13 10:47:31 -05:00
Nalin Dahyabhai
03e76d7832 - apply upstream patch to fix a null pointer dereference when processing TGS requests (CVE-2011-1530, #753748) 2011-12-06 14:12:15 -05:00
Nalin Dahyabhai
4584a88e40 correct the release to match the changelog 2011-11-30 15:13:54 -05:00
Nalin Dahyabhai
635a422817 - correct a bug in the fix for #754001 so that the file creation context is consistently reset 2011-11-30 15:03:45 -05:00
Nalin Dahyabhai
a45a82724d - require libverto-module-base at build- and runtime so that tests which 
use verto can work properly
 2011-11-15 13:32:43 -05:00
Nalin Dahyabhai
1110ccd873 - bump to 1.10 alpha 1 2011-11-15 12:45:44 -05:00
Dennis Gilmore
39cc62dcc1 - Rebuilt for glibc bug#747377 2011-10-26 19:09:40 -05:00
Nalin Dahyabhai
af8b546790 - apply upstream patch to fix a null pointer dereference with the LDAP kdb backend (CVE-2011-1527, #744125), an assertion failure with multiple kdb backends (CVE-2011-1528), and a null pointer dereference with multiple kdb backends (CVE-2011-1529) (#737711) 2011-10-18 14:28:08 -04:00
Nalin Dahyabhai
73b7dd3ece - pull in patch from trunk to rename krb5int_pac_sign() to krb5_pac_sign() and 
make it public (#745533)
 2011-10-13 15:31:36 -04:00
Nalin Dahyabhai
28837545d5 - handle a harder-to-trigger assertion failure that starts cropping up when we 
exit the transmit loop on time (#739853)
 2011-10-07 16:29:28 -04:00
Nalin Dahyabhai
098a308f7e - kadmin.service: fix #723723 again 
- kadmin.service,krb5kdc.service: remove optional use of $KRB5REALM in command
  lines, because systemd parsing doesn't handle alternate value shell variable
  syntax
- kprop.service: add missing Type=forking so that systemd doesn't assume simple
- kprop.service: expect the ACL configuration to be there, not absent
 2011-10-07 15:10:35 -04:00
Tom "spot" Callaway
e645180a9a hardcode pid file path as option to krb5kdc.service 2011-10-02 15:05:51 +02:00
Tom "spot" Callaway
3545dd2571 fix typo 2011-09-30 12:20:58 +02:00
Tom "spot" Callaway
82129e3a0d convert to systemd 2011-09-19 14:45:57 -04:00
Nalin Dahyabhai
207fa55d00 - pull in upstream patch for RT#6952, confusion following referrals for cross-realm auth (#734341) 2011-09-06 00:19:38 -04:00
Nalin Dahyabhai
a26dd7c42c - switch to the upstream patch for #727829 2011-09-01 09:29:29 -04:00
Nalin Dahyabhai
57d5eabb48 - bump the release number 2011-08-31 13:33:23 -04:00
Nalin Dahyabhai
db0e796a50 - handle an assertion failure that starts cropping up when the patch for using poll (#701446) meets servers that aren't running KDCs or against which the connection fails for other reasons (#727829, #734172) 2011-08-31 13:31:58 -04:00