Nalin Dahyabhai
45bffcbf45
- take the execute bit off of the protocol docs (part of #225974 )
...
- unflag init scripts as configuration files (part of #225974 )
2009-04-06 18:22:58 +00:00
Nalin Dahyabhai
303d2c20d2
- fixup summary texts (part of #225974 )
2009-04-06 18:00:53 +00:00
Nalin Dahyabhai
fa314d1962
- escape possible macros in the changelog (part of #225974 )
2009-04-06 17:52:21 +00:00
Nalin Dahyabhai
5ee95cc082
- clean up buildprereq/prereqs, explicit mktemp requires, and add the
...
ldconfig for the -server-ldap subpackage (part of #225974 )
2009-04-06 17:45:29 +00:00
Nalin Dahyabhai
98a3610002
- make splitting up of the workstation bits unconditional
2009-04-06 16:46:35 +00:00
Nalin Dahyabhai
1644a79505
- move the libraries to /%{_lib}, but leave --libdir alone so that plugins
...
get installed and are searched for in the same locations (#473333 )
2009-04-06 16:22:45 +00:00
Nalin Dahyabhai
e61be4fa97
- turn off krb4 support (it won't be part of the 1.7 release, but do it
...
now)
- use triggeruns to properly shut down and disable krb524d when -server and
-workstation-servers gets upgraded, because it's gone now
2009-04-06 15:56:45 +00:00
Nalin Dahyabhai
434cefd85a
- libgssapi_krb5: backport fix for some errors which can occur when we fail
...
to set up the server half of a context (CVE-2009-0845)
2009-03-17 22:26:27 +00:00
Jesse Keating
78b02cd911
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
2009-02-25 11:58:27 +00:00
Nalin Dahyabhai
4c798e4ee7
aargh, what year is it?
2009-01-16 16:19:02 +00:00
Nalin Dahyabhai
2bf7daea40
rebuild
2009-01-16 16:17:56 +00:00
Nalin Dahyabhai
b1efb9b86d
- if we successfully change the user's password during an attempt to get
...
initial credentials, but then fail to get initial creds from a
non-master using the new password, retry against the master (#432334 )
2008-09-04 15:13:51 +00:00
Tom Callaway
bb9aa2106c
fix license tag
2008-08-05 17:46:07 +00:00
Nalin Dahyabhai
2352d208e3
- define ASN1BUF_OMIT_INLINE_FUNCS at compile-time (for now) to keep
...
building
2008-07-16 21:54:24 +00:00
Nalin Dahyabhai
b5dfa8576a
quote %%{__cc} where needed because it includes whitespace now
2008-07-16 18:40:35 +00:00
Nalin Dahyabhai
6197407f58
- clear fuzz out of patches, dropping a man page patch which is no longer
...
necessary
2008-07-16 18:09:47 +00:00
Nalin Dahyabhai
14f675bab9
- build with -fno-strict-aliasing, which is needed because the library
...
triggers these warnings
2008-07-11 15:16:54 +00:00
Nalin Dahyabhai
37b6c5e715
- rework how labeling is handled to avoid a bootstrapping problem in
...
headers
- don't forget to label the principal database lock file
2008-07-11 15:14:57 +00:00
Tom Callaway
f06f7f1e03
generate include/krb5/krb5.h before building, fix conditional for sparcv9
2008-06-14 18:22:01 +00:00
Nalin Dahyabhai
9f105b4df2
- ftp: use the correct local filename during mget when the 'case' option is
...
enabled (#442713 )
2008-04-16 18:54:08 +00:00
Nalin Dahyabhai
af9bedd61a
- stop exporting kadmin keys to a keytab file when kadmind starts -- the
...
daemon's been able to use the database directly for a long long time
now
- belatedly add aes128,aes256 to the default set of supported key types
2008-04-04 21:29:53 +00:00
Nalin Dahyabhai
f56b6ee2db
bump for build
2008-04-01 20:54:54 +00:00
Nalin Dahyabhai
ddde7d0f6e
- libgssapi_krb5: properly export the acceptor subkey when creating a lucid
...
context (Kevin Coffman, via the nfs4 mailing list)
2008-04-01 20:53:54 +00:00
Nalin Dahyabhai
7668599d1d
- add fixes from MITKRB5-SA-2008-001 for use of null or dangling pointer
...
when v4 compatibility is enabled on the KDC (CVE-2008-0062,
CVE-2008-0063, #432620 , #432621 )
- add fixes from MITKRB5-SA-2008-002 for array out-of-bounds accesses when
high-numbered descriptors are used (CVE-2008-0947, #433596 )
- add backport bug fix for an attempt to free non-heap memory in
libgssapi_krb5 (CVE-2007-5901, #415321 )
- add backport bug fix for a double-free in out-of-memory situations in
libgssapi_krb5 (CVE-2007-5971, #415351 )
2008-03-18 18:13:22 +00:00
Nalin Dahyabhai
638efe585f
- rework file labeling patch to not depend on fragile preprocessor
...
trickery, in another attempt at fixing #428355 and friends
2008-03-18 15:35:39 +00:00
Nalin Dahyabhai
723980d239
bump release number for rebuild
2008-02-26 21:48:24 +00:00
Nalin Dahyabhai
d4963922a8
- ftp: add patch to fix "runique on" case when globbing fixes applied
...
- stop adding a redundant but harmless call to initialize the gssapi
internals
2008-02-26 21:18:38 +00:00
Nalin Dahyabhai
2a567feda3
- add the bug ID, close the bug
2008-02-25 20:55:41 +00:00
Nalin Dahyabhai
d5971d2776
- add patch to suppress double-processing of /etc/krb5.conf when we build
...
with --sysconfdir=/etc, thereby suppressing double-logging (#231147 )
2008-02-25 20:53:41 +00:00
Nalin Dahyabhai
d73fcc15fb
- remove a patch to fix problems with interfaces which are "up" but which
...
have no address assigned which conflicted with a change to fix the same
problem in 1.5 (#200979 )
2008-02-25 19:58:51 +00:00
Nalin Dahyabhai
2cc4303bbc
- ftp: don't lose track of a descriptor on passive get when the server
...
fails to open a file
2008-02-25 19:50:42 +00:00
Nalin Dahyabhai
a7d42c7b03
- in login, allow PAM to interact with the user when they've been strongly
...
authenticated
- in login, signal PAM when we're changing an expired password that it's an
expired password, so that when cracklib flags a password as being weak
it's treated as an error even if we're running as root
2008-02-25 18:33:34 +00:00
Nalin Dahyabhai
8e9e1c07b0
- drop netdb patch
...
- kdb_ldap: add patch to treat 'nsAccountLock: true' as an indication that
the DISALLOW_ALL_TIX flag is set on an entry, for better interop with
Fedora, Netscape, Red Hat Directory Server (Simo Sorce)
2008-02-18 18:44:39 +00:00
Nalin Dahyabhai
a77ce35c52
- avoid depending on <netdb.h> to define NI_MAXHOST and NI_MAXSERV for us
2008-02-13 23:10:32 +00:00
Nalin Dahyabhai
e4d2a874a4
- enable patch for key-expiration reporting
...
- enable patch to make kpasswd fall back to TCP if UDP fails
- enable patch to make kpasswd use the right sequence number on retransmit
- enable patch to allow mech-specific creds delegated under spnego to be
found when searching for creds
2008-02-12 16:22:38 +00:00
Nalin Dahyabhai
3d4d8cf991
- note RT numbers for reference
...
- include but don't apply the other suggested patch for
kpasswd-doesn't-use-tcp
2008-01-23 18:27:03 +00:00
Nalin Dahyabhai
dcfbb5995a
- revise to reference a different patch which we also don't apply
2008-01-03 16:51:53 +00:00
Nalin Dahyabhai
f25a7f96a5
- reference unapplied patch to fix password-changing with servers other
...
than the first one we try to contact
- reference bug 242502 (rawhide) instead of 242500 (rhel)
2008-01-03 15:47:35 +00:00
Nalin Dahyabhai
1343fd1973
- bump the release
2008-01-02 17:06:19 +00:00
Nalin Dahyabhai
48872e3b7b
- right, new year
2008-01-02 17:05:02 +00:00
Nalin Dahyabhai
f072055a76
- some init script cleanups
...
- drop unquoted check and silent exit for "$NETWORKING" (#426852 , #242500 )
- krb524: don't barf on missing database if it looks like we're using
kldap, same as for kadmin
- return non-zero status for missing files which cause startup to fail
2008-01-02 17:03:38 +00:00
Nalin Dahyabhai
0aaa920daa
- allocate space for the nul-terminator in the local pathname when looking
...
up a file context, and properly free a previous context (Jose Plans,
#426085 )
2007-12-18 18:34:06 +00:00
Nalin Dahyabhai
ea868608c1
rebuild
2007-12-05 15:21:20 +00:00
Nalin Dahyabhai
6c3186e173
note the CVE for needing the revised patch
2007-11-13 21:58:04 +00:00
Nalin Dahyabhai
4ba98f8eab
add duplicate bug id
2007-11-13 21:41:20 +00:00
Nalin Dahyabhai
276a481e88
- update to 1.6.3, dropping now-integrated patches for CVE-2007-3999 and
...
CVE-2007-4000 (the new pkinit module is built conditionally and goes
into the -pkinit-openssl package, at least for now, to make a buildreq
loop with openssl avoidable)
2007-10-23 19:40:45 +00:00
Nalin Dahyabhai
a0f391756d
- make proper use of pam_loginuid and pam_selinux in rshd and ftpd
2007-10-17 17:48:52 +00:00
Nalin Dahyabhai
528eff0ac5
- make krb5.conf %%verify(not md5 size mtime) in addition to
...
%%config(noreplace), like /etc/nsswitch.conf (#329811 )
2007-10-12 18:32:28 +00:00
Nalin Dahyabhai
6e3299423a
- proposed fix for not being able to find delegated krb5 creds when using
...
spnego
2007-10-04 22:08:39 +00:00
Nalin Dahyabhai
1dd0ff3e30
- proposed patch to fix receipt of delegated creds in mod_auth_kerb
2007-10-01 19:40:47 +00:00
Nalin Dahyabhai
14a08486e8
- add the bug ID to the kadmind fixes, note Fran's patch was identical to
...
the one I thought we were already using in the F-7 branch
2007-09-17 20:47:02 +00:00
Nalin Dahyabhai
2688de92f1
- move the db2 kdb plugin from -server to -libs, because a multilib libkdb
...
might need it
2007-09-11 20:52:15 +00:00
Nalin Dahyabhai
83381c77e7
- also perform PAM session and credential management when ftpd accepts a
...
client using strong authentication, missed earlier
- also label kadmind log files and files created by the db2 plugin
2007-09-11 14:12:38 +00:00
Nalin Dahyabhai
251df090d0
bump the revision
2007-09-06 20:09:14 +00:00
Nalin Dahyabhai
07adde54fa
- incorporate updated fix for CVE-2007-3999
2007-09-06 20:08:19 +00:00
Nalin Dahyabhai
b54c6a0718
- incorporate fixes for MITKRB5-SA-2007-006 (CVE-2007-3999, CVE-2007-4000)
2007-09-04 18:10:23 +00:00
Nalin Dahyabhai
929680a650
add missing gawk buildrequirement
2007-08-25 05:12:34 +00:00
Nalin Dahyabhai
8499d2199c
- actually bump the release number
2007-08-25 04:33:13 +00:00
Nalin Dahyabhai
5502d6651d
- cover more cases in labeling files on creation
2007-08-25 04:31:34 +00:00
Nalin Dahyabhai
e0443e5457
- experimental ok-as-delegate setting patch (not applied)
2007-08-25 04:28:10 +00:00
Nalin Dahyabhai
79f8a98d4f
rebuild
2007-08-23 20:50:42 +00:00
Nalin Dahyabhai
2f7dffc0f3
- include but don't apply
2007-07-26 19:08:20 +00:00
Nalin Dahyabhai
fbe8865459
- kdc.conf: default to listening for TCP clients, too ( #248415 )
2007-07-26 18:36:57 +00:00
Nalin Dahyabhai
34ce3fe705
- add a preliminary patch for #231147 . initially not applied.
2007-07-23 21:01:33 +00:00
Nalin Dahyabhai
c0cd730c79
- update to 1.6.2
...
- add "buildrequires: texinfo-tex" to get texi2pdf
2007-07-19 16:50:28 +00:00
Nalin Dahyabhai
147635188d
add CVE identifiers to the more recent changelog
2007-06-27 18:39:06 +00:00
Nalin Dahyabhai
cd3f50fb19
- incorporate fixes for MITKRB5-SA-2007-004 and MITKRB5-SA-2007-005
2007-06-27 06:08:01 +00:00
Nalin Dahyabhai
196ea67f06
- add missing pam-devel build requirement, force selinux-or-fail build
2007-06-25 01:16:51 +00:00
Nalin Dahyabhai
cb76d1ea2b
rebuild
2007-06-25 00:56:37 +00:00
Nalin Dahyabhai
d360ed53e4
- label all files at creation-time according to the SELinux policy
...
(#228157 )
2007-06-25 00:55:25 +00:00
Nalin Dahyabhai
e773dcc288
- um, maybe not just yet
2007-06-22 22:33:07 +00:00
Nalin Dahyabhai
2ecf4e22d8
nope, we don't provide that file
2007-06-22 22:15:03 +00:00
Nalin Dahyabhai
70ccd082ae
- oops, note that pam changes went in, too
2007-06-22 22:10:15 +00:00
Nalin Dahyabhai
117cdbbea7
- preprocess kerberos.ldif into a format FDS will like better, and include
...
that as a doc file as well
2007-06-22 22:06:27 +00:00
Nalin Dahyabhai
37416c24a6
- switch man pages to being generated with the right paths in them
...
- drop old, incomplete SELinux patch
- add patch from Greg Hudson to make srvtab routines report missing-file
errors at same point that keytab routines do (#241805 )
2007-06-22 22:04:38 +00:00
Nalin Dahyabhai
ad9d82cb5c
- pull patch from svn to undo unintentional chattiness in ftp
...
- pull patch from svn to handle NULL krb5_get_init_creds_opt structures
better in a couple of places where they're expected
2007-05-24 15:43:24 +00:00
Nalin Dahyabhai
3f30bc2d6d
bump release number
2007-05-23 22:06:26 +00:00
Nalin Dahyabhai
7877c27fc3
- bump to 1.6.1
2007-05-23 21:48:27 +00:00
Nalin Dahyabhai
a9c20b1574
- kadmind.init: don't fail outright if the default principal database isn't
...
there if it looks like we might be using the kldap plugin
- kadmind.init: attempt to extract the key for the host-specific kadmin
service when we try to create the keytab
2007-05-18 22:16:16 +00:00
Nalin Dahyabhai
ea9e19241a
- omit dependent libraries from the krb5-config --libs output, as using
...
shared libraries (no more static libraries) makes them unnecessary and
they're not part of the libkrb5 interface (patch by Rex Dieter,
#240220 ) (strips out libkeyutils, libresolv, libdl)
2007-05-16 19:48:19 +00:00
Nalin Dahyabhai
a7114b4891
- pull in keyutils as a build requirement to get the "KEYRING:" ccache
...
type, because we've merged
2007-05-04 19:03:00 +00:00
Nalin Dahyabhai
a321e486d2
- fix an uninitialized length value which could cause a crash when parsing
...
key data coming from a directory server
- correct a typo in the krb5.conf man page ("ldap_server"->"ldap_servers")
2007-05-04 18:10:01 +00:00
Nalin Dahyabhai
1739ef7213
- move the default acl_file, dict_file, and admin_keytab settings to the
...
part of the default/example kdc.conf where they'll actually have an
effect (#236417 )
2007-04-13 19:07:25 +00:00
Nalin Dahyabhai
471b4b51f3
- add patch to correct unauthorized access via krb5-aware telnet daemon
...
(#229782 , CVE-2007-0956)
- add patch to fix buffer overflow in krb5kdc and kadmind (#231528 ,
CVE-2007-0957)
- add patch to fix double-free in kadmind (#231537 , CVE-2007-1216)
2007-04-03 18:46:41 +00:00
Nalin Dahyabhai
598e71ffbc
- add a couple of ldap-specific data files as documentation, so that admins
...
have the needed schema for their directory servers
2007-04-03 18:43:05 +00:00
Nalin Dahyabhai
aece600301
whoops, that won't work - can't do core -> extras deps
2007-03-22 20:17:58 +00:00
Nalin Dahyabhai
5c8daeafa2
- add buildrequires: on keyutils-libs-devel to enable use of keyring
...
ccaches, dragging keyutils-libs in as a dependency for everyone
2007-03-22 19:37:26 +00:00
Nalin Dahyabhai
da1eb7f057
- add patch to build semi-useful static libraries, but don't apply it
...
unless we need them
2007-02-28 20:35:53 +00:00
Nalin Dahyabhai
4aefd50874
- make profile.d scriptlets mode 644 instead of 755 ( #225974 )
2007-02-19 21:28:07 +00:00
Nalin Dahyabhai
3299c4b519
mock says "no resolv.conf for you!"
2007-01-30 21:21:21 +00:00
Nalin Dahyabhai
cb68887273
- clean up quoting of command-line arguments passed to the krsh/krlogin
...
wrapper scripts
2007-01-30 21:01:21 +00:00
Nalin Dahyabhai
6e6adec726
- initial update to 1.6, making the package-split optional
...
- move workstation daemons to a new subpackage (#81836 , #216356 , #217301 ),
and make the new subpackage require xinetd (#211885 )
We don't get static libraries any more. Holding off on build until
verification that this doesn't kill other things, or until we get them
building in a semi-useful way.
2007-01-23 22:14:15 +00:00
Nalin Dahyabhai
160a188e65
- merge back changes made between fc6 and rawhide to date
...
- somewhere in here we fixed the spelling of James's last name
2007-01-22 21:27:49 +00:00
Nalin Dahyabhai
f3820b972d
- preserve timestamps on profile.d shell scriptlets
...
- first cut at making RPM scriptlets failproof for install-info
- pull up pre-generated PDF docs so that we don't have multiarch
differences due to document IDs, timestamps, and compressed data,
- pull up the script to make sure that the PDF matches its source to guard
against the package maintainer forgetting to update when we move to a
new release
2007-01-22 21:23:54 +00:00
Nalin Dahyabhai
a9e6df4ffc
- apply fixes from Tom Yu for MITKRB5-SA-2006-002 (CVE-2006-6143) ( #218456 )
...
- apply fixes from Tom Yu for MITKRB5-SA-2006-003 (CVE-2006-6144) (#218456 )
Related: #218456
2007-01-09 19:31:40 +00:00
Nalin Dahyabhai
3ffdc43878
- don't bail from the KDC init script if there's no database, it may be in
...
a different location than the default (fenlason)
- remove the [kdc] section from the default krb5.conf -- doesn't seem to
have been applicable for a while
2006-10-23 20:23:05 +00:00
Nalin Dahyabhai
54faf41556
add newlines after new errors
2006-10-18 21:36:40 +00:00
Nalin Dahyabhai
74169f4b3c
- way-late application of added error info in kadmind.init ( #65853 )
2006-10-18 16:02:47 +00:00
Nalin Dahyabhai
acad7e7e15
call autoheader when needed
2006-10-13 21:23:35 +00:00
Nalin Dahyabhai
0b70aa4de2
- provide docs in PDF format instead of as tex source (Enrico Scholz,
...
#209943 )
2006-10-09 16:38:39 +00:00
Nalin Dahyabhai
6f6f8aff91
- add missing shebang headers to krsh and krlogin wrapper scripts ( #209238 )
2006-10-04 14:16:41 +00:00
Nalin Dahyabhai
ee98daaf74
actually bump the release
2006-09-06 20:28:20 +00:00
Nalin Dahyabhai
2ad1703afb
set SS_LIB at configure-time so that libss-using apps get working readline
...
support (#197044 )
2006-09-06 20:28:01 +00:00
Nalin Dahyabhai
d859fd0556
- switch to the updated patch for MITKRB-SA-2006-001
2006-08-18 16:50:54 +00:00
Nalin Dahyabhai
2bc5a13d2a
- apply patch to address MITKRB-SA-2006-001 (CVE-2006-3084)
2006-08-08 22:43:10 +00:00
Nalin Dahyabhai
8c4df25456
- ensure that the gssapi library's been initialized before walking the
...
internal mechanism list in gss_release_oid(), needed if called from
gss_release_name() right after a gss_import_name() (#198092 )
2006-08-07 17:52:52 +00:00
Nalin Dahyabhai
92a65fb1b1
rebuild
2006-07-25 17:55:38 +00:00
Nalin Dahyabhai
30f6a9b1cb
- pull up latest revision of patch to reduce lockups in rsh/rshd
2006-07-25 15:52:36 +00:00
Nalin Dahyabhai
ece8aeb4c7
rebuild
2006-07-17 14:36:02 +00:00
Jesse Keating
12232351f7
bumped for rebuild
2006-07-12 06:43:08 +00:00
Nalin Dahyabhai
574f4b1c31
finally think all the ducks are lined up
2006-07-06 21:25:26 +00:00
Nalin Dahyabhai
28c66f7806
- update to 1.5
2006-07-06 15:56:38 +00:00
Nalin Dahyabhai
2802804a49
actually bump the release number
2006-06-23 15:51:41 +00:00
Nalin Dahyabhai
b6fc39f13d
- mark profile.d config files noreplace (Laurent Rineau, #196447 )
2006-06-23 15:49:20 +00:00
Nalin Dahyabhai
a230e5aaed
- add buildprereq for autoconf
2006-06-08 21:42:52 +00:00
Nalin Dahyabhai
a7215484dc
- further munge krb5-config so that 'libdir=/usr/lib' is given even on
...
64-bit architectures, to avoid multilib conflicts; other changes will
conspire to strip out the -L flag which uses this, so it should be
harmless (#192692 )
2006-05-22 23:04:06 +00:00
Nalin Dahyabhai
b3724c4388
- adjust the patch which removes the use of rpath to also produce a
...
krb5-config which is okay in multilib environments (#190118 )
- make the name-of-the-tempfile comment which compile_et adds to error code
headers always list the same file to avoid conflicts on multilib
installations
- strip SIZEOF_LONG out of krb5.h so that it doesn't conflict on multilib
boxes
- strip GSS_SIZEOF_LONG out of gssapi.h so that it doesn't conflict on
mulitlib boxes
2006-05-08 21:47:26 +00:00
skasal
6944b2e68a
Change the release number.
2006-04-14 11:25:22 +00:00
skasal
8216ee6b75
- Fix formatting typo in kinit.1 (krb5-kinit-man-typo.patch)
2006-04-14 11:21:50 +00:00
Jesse Keating
77bf5aa481
bump for bug in double-long on ppc(64)
2006-02-11 03:49:47 +00:00
Nalin Dahyabhai
2118c17c6b
- give a little bit more information to the user when kinit gets the
...
catch-all I/O error (#180175 )
2006-02-06 20:04:44 +00:00
Nalin Dahyabhai
5bf2d7bd12
- rebuild properly when pthread_mutexattr_setrobust_np() is defined but not
...
declared, such as with recent glibc when _GNU_SOURCE isn't being used
2006-01-20 00:28:41 +00:00
Matthias Clasen
a6fb2997f1
Use full paths in krb5.sh to avoid path lookups
2006-01-19 18:05:28 +00:00
Jesse Keating
29b9703f11
gcc update bump
2005-12-09 22:41:14 +00:00
Nalin Dahyabhai
f817e39736
- login: don't truncate passwords before passing them into crypt(), in case
...
they're significant (#149476 )
2005-12-02 01:46:50 +00:00
Nalin Dahyabhai
4584045a70
- conditionalize installation of the new autoconf macro
2005-11-17 19:23:05 +00:00
Nalin Dahyabhai
f54e522bb9
- update to 1.4.3
...
- make ksu setuid again (#137934 , others)
2005-11-17 18:43:13 +00:00
Nalin Dahyabhai
c82cff7d10
bump release
2005-09-13 20:27:12 +00:00
Nalin Dahyabhai
1237c021c7
- mark %%{krb5prefix}/man so that files which are packaged within it are
...
flagged as %%doc (#168163 )
2005-09-13 20:26:57 +00:00
Nalin Dahyabhai
552acc8a70
- add an xinetd configuration file for encryption-only telnetd,
...
parallelling the kshell/ekshell pair (#167535 )
2005-09-06 14:05:59 +00:00
Nalin Dahyabhai
fd0f8c753b
bump release
2005-08-31 19:38:08 +00:00
Nalin Dahyabhai
1fcd49e050
- change the default configured encryption type for KDC databases to the
...
compiled-in default of des3-hmac-sha1 (#57847 )
2005-08-31 19:37:54 +00:00
Nalin Dahyabhai
f5b93c728e
update to 1.4.2
2005-08-11 22:06:35 +00:00
Nalin Dahyabhai
80238a2fd8
merge fixes for MITKRB5-SA-2005-002 and MITKRB5-SA-2005-003
2005-07-12 18:09:21 +00:00
Nalin Dahyabhai
73316152b6
- fix double-close in keytab handling
...
- add port of fixes for CAN-2004-0175 to krb5-aware rcp
2005-06-24 20:28:25 +00:00
Nalin Dahyabhai
77a40621a2
- prevent spurious EBADF in krshd when stdin is closed by the client while
...
the command is running (#151111 )
2005-05-13 23:16:55 +00:00
Martin Stransky
ebda005fa9
add deadlock patch, removed old patch
2005-05-13 11:36:41 +00:00
Nalin Dahyabhai
2e8f6b3b97
- update to 1.4.1, incorporating fixes for CAN-2005-0468 and CAN-2005-0469
...
- when starting the KDC or kadmind, if KRB5REALM is set via the
/etc/sysconfig file for the service, pass it as an argument for the -r
flag
2005-05-06 20:16:06 +00:00
Nalin Dahyabhai
9142032a6f
- add draft fix from Tom Yu for slc_add_reply() buffer overflow
...
(CAN-2005-0469)
- add draft fix from Tom Yu for env_opt_add() buffer overflow
(CAN-2005-0468)
will need to re-roll if the draft fix isn't the same as the final one *
2005-03-28 18:25:19 +00:00
Nalin Dahyabhai
fe186e59d9
- don't include <term.h> into the telnet client when we're not using curses
2005-03-16 22:59:54 +00:00
Nalin Dahyabhai
d46e1d65be
- use libncurses instead of libtermcap for the telnet client, because it
...
provides setupterm(), which we can use instead of the internal version
2005-03-16 00:21:35 +00:00
Nalin Dahyabhai
3759eb0ddd
note to self: krb5_init_ets disappeared
2005-03-01 00:05:15 +00:00
Nalin Dahyabhai
6cf61960fa
- add a doc file
2005-02-24 23:31:35 +00:00
Nalin Dahyabhai
708fedd9ea
- update to 1.4
...
- v1.4 kadmin client requires a v1.4 kadmind on the server, or use the "-O"
flag to specify that it should communicate with the server using the
older protocol
- new libkrb5support library
- v5passwdd and kadmind4 are gone
- versioned symbols
- pick up $KRB5KDC_ARGS from /etc/sysconfig/krb5kdc, if it exists, and pass
it on to krb5kdc
- pick up $KADMIND_ARGS from /etc/sysconfig/kadmin, if it exists, and pass
it on to kadmind
- pick up $KRB524D_ARGS from /etc/sysconfig/krb524, if it exists, and pass
it on to krb524d *instead of* "-m"
- set "forwardable" in [libdefaults] in the default krb5.conf to match the
default setting which we supply for pam_krb5
- set a default of 24h for "ticket_lifetime" in [libdefaults], reflecting
the compiled-in default
2005-02-24 23:16:08 +00:00
Nalin Dahyabhai
e7236e5850
rebuild
2004-12-20 23:42:32 +00:00
Nalin Dahyabhai
712b0183e7
- 1.3.6 is out, obsoleting the patch. aargh! i mean, yay!
2004-12-20 23:30:28 +00:00
Nalin Dahyabhai
ad18b8355f
- unscrew up martin's changelog date
...
- incorporate fix for MITKRB5-SA-2004-004
2004-12-20 23:24:09 +00:00
Nalin Dahyabhai
6580269909
- fixup comments
2004-12-20 23:17:34 +00:00
Martin Stransky
8f54e95678
- fix deadlock during file transfer via rsync/krsh
...
- thanks goes to James Antil for hint
2004-12-20 09:31:41 +00:00
Nalin Dahyabhai
d402e6c91a
use a release number which is not already taken
2004-11-26 17:31:47 +00:00