rpms/krb5 - krb5 - AlmaLinux OS Foundation Git Server

rpms/krb5

Author	SHA1	Message	Date
Nalin Dahyabhai	03e76d7832	- apply upstream patch to fix a null pointer dereference when processing TGS requests (CVE-2011-1530, #753748 )	2011-12-06 14:12:15 -05:00
Nalin Dahyabhai	4584a88e40	correct the release to match the changelog	2011-11-30 15:13:54 -05:00
Nalin Dahyabhai	635a422817	- correct a bug in the fix for #754001 so that the file creation context is consistently reset	2011-11-30 15:03:45 -05:00
Nalin Dahyabhai	a45a82724d	- require libverto-module-base at build- and runtime so that tests which use verto can work properly	2011-11-15 13:32:43 -05:00
Nalin Dahyabhai	1110ccd873	- bump to 1.10 alpha 1	2011-11-15 12:45:44 -05:00
Dennis Gilmore	39cc62dcc1	- Rebuilt for glibc bug#747377	2011-10-26 19:09:40 -05:00
Nalin Dahyabhai	af8b546790	- apply upstream patch to fix a null pointer dereference with the LDAP kdb backend (CVE-2011-1527, #744125 ), an assertion failure with multiple kdb backends (CVE-2011-1528), and a null pointer dereference with multiple kdb backends (CVE-2011-1529) (#737711 )	2011-10-18 14:28:08 -04:00
Nalin Dahyabhai	73b7dd3ece	- pull in patch from trunk to rename krb5int_pac_sign() to krb5_pac_sign() and make it public (#745533)	2011-10-13 15:31:36 -04:00
Nalin Dahyabhai	28837545d5	- handle a harder-to-trigger assertion failure that starts cropping up when we exit the transmit loop on time (#739853)	2011-10-07 16:29:28 -04:00
Nalin Dahyabhai	098a308f7e	- kadmin.service: fix #723723 again - kadmin.service,krb5kdc.service: remove optional use of $KRB5REALM in command lines, because systemd parsing doesn't handle alternate value shell variable syntax - kprop.service: add missing Type=forking so that systemd doesn't assume simple - kprop.service: expect the ACL configuration to be there, not absent	2011-10-07 15:10:35 -04:00
Tom "spot" Callaway	e645180a9a	hardcode pid file path as option to krb5kdc.service	2011-10-02 15:05:51 +02:00
Tom "spot" Callaway	3545dd2571	fix typo	2011-09-30 12:20:58 +02:00
Tom "spot" Callaway	82129e3a0d	convert to systemd	2011-09-19 14:45:57 -04:00
Nalin Dahyabhai	207fa55d00	- pull in upstream patch for RT#6952, confusion following referrals for cross-realm auth (#734341 )	2011-09-06 00:19:38 -04:00
Nalin Dahyabhai	a26dd7c42c	- switch to the upstream patch for #727829	2011-09-01 09:29:29 -04:00
Nalin Dahyabhai	57d5eabb48	- bump the release number	2011-08-31 13:33:23 -04:00
Nalin Dahyabhai	db0e796a50	- handle an assertion failure that starts cropping up when the patch for using poll (#701446 ) meets servers that aren't running KDCs or against which the connection fails for other reasons (#727829 , #734172 )	2011-08-31 13:31:58 -04:00
Nalin Dahyabhai	0ad36e9c38	- override the default build rules to not delete temporary y.tab.c files, so that they can be packaged, allowing debuginfo files which point to them do so usefully (#729044)	2011-08-08 18:39:55 -04:00
Nalin Dahyabhai	ad0dcf5042	- pull in a patch to fix losing track of the replay cache FD, from SVN by way of Kevin Coffman	2011-07-22 16:57:35 -04:00
Nalin Dahyabhai	2202e378de	- build shared libraries with partial RELRO support (#723995 ) - filter out potentially multiple instances of -Wl,-z,relro from krb5-config output, now that it's in the buildroot's default LDFLAGS	2011-07-22 16:29:06 -04:00
Nalin Dahyabhai	a0e423054a	- kadmind.init: drop the attempt to detect no-database-present errors (#723723 )	2011-07-20 17:58:20 -04:00
Nalin Dahyabhai	4e66f1237b	- backport RT#6905: use poll() so that we can use higher descriptor numbers when the client is talking to a KDC	2011-07-19 14:54:29 -04:00
Nalin Dahyabhai	ba9d039a3a	- have a bug number for this now	2011-06-28 14:08:13 -04:00
Nalin Dahyabhai	da69bf39fa	- pull a fix from SVN to use AI_ADDRCONFIG more often (RT#6923)	2011-06-23 16:07:40 -04:00
Nalin Dahyabhai	4a5ca5b2d3	- pull a fix from SVN to try to avoid triggering a PTR lookup in getaddrinfo() during krb5_sname_to_principal(), and to let getaddrinfo() decide whether or not to ask for an IPv6 address based on the set of configured interfaces (RT#6922)	2011-06-23 16:05:54 -04:00
Nalin Dahyabhai	23ef754340	- fix that bug ID	2011-06-21 18:38:01 -04:00
Nalin Dahyabhai	092982212a	- apply upstream patch by way of Burt Holzman to fall back to a non-referral method in cases where we might be derailed by a KDC that rejects the canonicalize option (for example, those from the RHEL 2.1 or 3 era) (#713518)	2011-06-20 13:34:21 -04:00
Nalin Dahyabhai	e1fdb93038	- don't burn a release number	2011-06-14 14:44:36 -04:00
Nalin Dahyabhai	17c9104b1d	- pull a fix from SVN to get libgssrpc clients (e.g. kadmin) authenticating using the old protocol over IPv4 again (RT#6920)	2011-06-14 14:25:28 -04:00
Nalin Dahyabhai	6a7a118058	- incorporate a fix to teach the file labeling bits about when replay caches are expunged (#576093 )	2011-06-14 14:15:55 -04:00
Nalin Dahyabhai	20266fd9d7	switch to the upstream patch for #707145	2011-05-26 10:55:11 -04:00
Nalin Dahyabhai	e14f89fa17	klist: don't trip over referral entries when invoked with -s (#707145 , RT#6915)	2011-05-25 16:55:39 -04:00
Nalin Dahyabhai	7368cf9d38	- fixup URL in a comment - when built with NSS, require 3.12.10 rather than 3.12.9	2011-05-06 10:09:53 -04:00
Nalin Dahyabhai	ac127d5263	- update to 1.9.1: - drop no-longer-needed patches for CVE-2010-4022, CVE-2011-0281, CVE-2011-0282, CVE-2011-0283, CVE-2011-0284, CVE-2011-0285	2011-05-05 19:03:10 -04:00
Nalin Dahyabhai	d2ffb0c7c5	add the bug ID for that last fix	2011-04-13 17:21:33 -04:00
Nalin Dahyabhai	301c9d3ae2	- kadmind: add upstream patch to fix free() on an invalid pointer (MITKRB5-SA-2011-004, CVE-2011-0285)	2011-04-13 15:38:22 -04:00
Nalin Dahyabhai	5ad8efcad5	- don't discard the error code from an error message received in response to a change-password request (#658871, RT#6893)	2011-04-04 19:04:05 -04:00
Nalin Dahyabhai	2ee39c5e61	- override INSTALL_SETUID at build-time so that ksu is installed into the buildroot with the right permissions (part of #225974)	2011-04-01 15:52:29 -04:00
Nalin Dahyabhai	27e969332f	- backport change from SVN to fix a computed-value-not-used warning in kpropd (#684065)	2011-03-18 13:23:22 -04:00
Nalin Dahyabhai	41bc7a0e62	- turn off NSS as the backend for libk5crypto for now to work around its DES string2key not working (#679012) - add revised upstream patch to fix double-free in KDC while returning typed-data with errors (CVE-2011-0284, #674325)	2011-03-15 14:25:01 -04:00
Nalin Dahyabhai	cbdf0e37a6	- throw in a not-applied-by-default patch to try to make pkinit debugging into a run-time boolean option named "pkinit_debug"	2011-02-17 11:31:49 -05:00
Nalin Dahyabhai	b77e5a0e35	turn on NSS as the backend for libk5crypto, adding nss-devel as a build dependency when that switch is flipped	2011-02-16 19:05:39 -05:00
Nalin Dahyabhai	08f510b379	- krb5kdc init script: prototype some changes to do a quick spot-check of the TGS and kadmind keys and warn if there aren't any non-weak keys on file for them (to flush out parts of #651466)	2011-02-09 15:25:17 -05:00
Nalin Dahyabhai	62cb58fe6f	reference the raw hide bug ID for CVE-2011-0283 in the changelog	2011-02-08 16:38:16 -05:00
Nalin Dahyabhai	be633bbbb2	- add upstream patches to fix standalone kpropd exiting if the per-client child process exits with an error (MITKRB5-SA-2011-001), a hang or crash in the KDC when using the LDAP kdb backend, and an uninitialized pointer use in the KDC (MITKRB5-SA-2011-002) (CVE-2010-4022, #664009, CVE-2011-0281, #668719, CVE-2011-0282, #668726, CVE-2011-0283, #670567)	2011-02-08 14:37:19 -05:00
Dennis Gilmore	4fe1ed04f8	- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild	2011-02-07 21:09:16 -06:00
Nalin Dahyabhai	9fed313d79	fix a compile error in the SELinux labeling patch when -DDEBUG is used (Sumit Bose)	2011-02-07 11:24:03 -05:00
Nalin Dahyabhai	293e1a6e51	- properly advertise that the kpropd init script now supports force-reload (Zbysek Mraz #630587 )	2011-02-01 10:38:05 -05:00
Nalin Dahyabhai	3442cb8a33	- pkinit: when verifying signed data, use the CMS APIs for better interoperability (#636985 , RT#6851)	2011-01-26 13:59:56 -05:00
Nalin Dahyabhai	8c3bae0303	update to 1.9 final	2010-12-22 17:22:08 -05:00
Nalin Dahyabhai	09a9ac8a63	- fix link flags and permissions on shared libraries (ausil)	2010-12-20 15:20:01 -05:00
Nalin Dahyabhai	ce5e3836b2	- update to 1.9 beta 3	2010-12-16 14:43:53 -05:00
Nalin Dahyabhai	695c21dd42	- update to beta 2	2010-12-06 16:55:35 -05:00
Nalin Dahyabhai	478f86fe1e	add tweaks for initial whitespace that cause 389-ds to choke on the schema ldif	2010-12-06 16:55:34 -05:00
Nalin Dahyabhai	eb90866aa9	- drop not-needed-since-1.8 build dependency on rsh (ssorce)	2010-12-06 16:55:34 -05:00
Nalin Dahyabhai	b9f9657a15	- if WITH_NSS is set, built with --with-crypto-impl=nss (requires NSS 3.12.9)	2010-12-06 16:55:34 -05:00
Nalin Dahyabhai	66b6f44b6c	- initial jump to 1.9 beta 1	2010-12-06 16:55:33 -05:00
Nalin Dahyabhai	5faba5957f	- right, renamed the patch	2010-11-30 14:28:42 -05:00
Nalin Dahyabhai	786702d87a	add upstream patch to fix various issues from MITKRB5-SA-2010-007	2010-11-30 12:00:23 -05:00
Nalin Dahyabhai	60f5ea8eaf	- incorporate upstream patch to fix uninitialized pointer crash in the KDC's authorization data handling (CVE-2010-1322, #636335 )	2010-10-05 15:29:32 -04:00
Nalin Dahyabhai	e84327e216	- pull down patches from trunk to implement k5login_authoritative and k5login_directory settings for krb5.conf (#539423 )	2010-10-04 19:01:38 -04:00
Jesse Keating	82f4c7f41e	- Rebuilt for gcc bug 634757	2010-09-29 14:34:57 -07:00
Nalin Dahyabhai	f44b554d1b	- fix reading of keyUsage extensions when attempting to select pkinit client certs (part of #629022 , RT#6775) - fix selection of pkinit client certs when one or more don't include a subjectAltName extension (part of #629022, RT#6774)	2010-09-16 19:32:06 -04:00
Nalin Dahyabhai	3f5343a0b9	- build with -fstack-protector-all instead of the default -fstack-protector, so that we add checking to more functions (i.e., all of them) (#629950)	2010-09-03 13:50:17 -04:00
Nalin Dahyabhai	a7376e1a41	- also link binaries with -Wl,-z,relro,-z,now (part of #629950 )	2010-09-03 13:08:45 -04:00
Nalin Dahyabhai	6130f43a46	- fix a logic bug in computing key expiration times (RT#6762, #627022 )	2010-08-24 18:29:42 -04:00
Nalin Dahyabhai	0c20d8744b	- update to 1.8.3 - drop backports of fixes for gss context expiration and error table registration/deregistration mismatch - drop patch for upstream #6750	2010-08-04 18:22:20 -04:00
Nalin Dahyabhai	eed65b02ae	- fix a typo in the changelog	2010-07-15 15:47:39 +00:00
Nalin Dahyabhai	45b591b3eb	- fix parsing of the pidfile option in the KDC (upstream #6750 )	2010-07-07 20:56:07 +00:00
Nalin Dahyabhai	8b8653b9be	- add logrotate configuration files for krb5kdc and kadmind (#462658 )	2010-07-07 18:09:05 +00:00
Nalin Dahyabhai	a0ca6e4d98	- tell krb5kdc and kadmind to create pid files, since they can	2010-07-07 17:41:39 +00:00
Nalin Dahyabhai	cb407c5fa1	- libgssapi: pull in patch from svn to stop returning context-expired errors when the ticket which was used to set up the context expires (#605366, upstream #6739)	2010-06-21 18:26:35 +00:00
Nalin Dahyabhai	da92cbb7b4	- pull up fix for upstream #6745 , in which the gssapi library would add the wrong error table but subsequently attempt to unload the right one	2010-06-21 18:11:40 +00:00
Nalin Dahyabhai	e067cf87fe	- update to 1.8.2 - drop patches for CVE-2010-1320, CVE-2010-1321	2010-06-10 22:21:43 +00:00
Nalin Dahyabhai	1313c14673	- reference the right bug -- this wasn't a problem until the revision	2010-05-27 21:10:28 +00:00
Nalin Dahyabhai	17238354c3	don't skip the PAM account check for root or the same user (more of #477033)	2010-05-27 20:53:30 +00:00
Nalin Dahyabhai	ccdc4a4228	- ksu: move session management calls to before we drop privileges, like su does (#596887)	2010-05-27 20:01:43 +00:00
Nalin Dahyabhai	b60e63ef2b	- that -fno-strict-aliasing change merits a rebuild	2010-05-24 22:15:15 +00:00
Nalin Dahyabhai	ab9e2985db	- go back to building without strict aliasing (compiler warnings in gssrpc)	2010-05-24 21:31:38 +00:00
Nalin Dahyabhai	5d72216a22	- drop explicit linking with libtinfo for applications that use libss, now that readline itself links with libtinfo (as of readline-5.2-3, since fedora 7 or so)	2010-05-24 20:42:04 +00:00
Nalin Dahyabhai	c430745262	- make krb5-server-ldap also depend on the same version-release of krb5-libs, as the other subpackages do, if only to make it clearer than it is when we just do it through krb5-server	2010-05-24 20:07:09 +00:00
Nalin Dahyabhai	b3e836cce9	- add patch to correct GSSAPI library null pointer dereference which could be triggered by malformed client requests (CVE-2010-1321, #582466)	2010-05-18 18:14:30 +00:00
Nalin Dahyabhai	59f0148016	- fix output of kprop's init script's "status" and "reload" commands (#588222)	2010-05-04 19:32:52 +00:00
Nalin Dahyabhai	98bc7d7d76	- incorporate patch to fix double-free in the KDC (CVE-2010-1320, #581922 )	2010-04-20 18:26:39 +00:00
Nalin Dahyabhai	044f184f7a	- fix a typo in kerberos.ldif	2010-04-14 14:28:32 +00:00
Nalin Dahyabhai	b48f2bcb58	- update to 1.8.1 - no longer need patches for #555875, #561174, #563431, RT#6661, CVE-2010-0628 - replace buildrequires on tetex-latex with one on texlive-latex, which is the package that provides it now	2010-04-09 13:44:05 +00:00
Nalin Dahyabhai	6b3df78771	- kdc.conf: no more need to suggest a v4 mode, or listening on the v4 port	2010-04-08 21:27:15 +00:00
Nalin Dahyabhai	8d606a93f5	- drop patch to suppress key expiration warnings sent from the KDC in the last-req field, as the KDC is expected to just be configured to either send them or not as a particular key approaches expiration (#556495)	2010-04-08 19:14:31 +00:00
Nalin Dahyabhai	665fa22b0f	- add bug numbers for the fix for CVE-2010-0628	2010-03-23 22:56:35 +00:00
Nalin Dahyabhai	cac63d2dfa	- kdc.conf: no more need to suggest keeping keys with v4-compatible salting	2010-03-23 18:18:32 +00:00
Nalin Dahyabhai	4a2bf7dc5d	- add upstream fix for denial-of-service in SPNEGO (CVE-2010-0628)	2010-03-23 18:07:13 +00:00
Nalin Dahyabhai	1f83fab4c7	- remove the krb5-appl bits (the -workstation-clients and -workstation-servers subpackages) now that krb5-appl is its own package	2010-03-19 21:15:33 +00:00
Nalin Dahyabhai	39cf8a4b2d	- whoops, -p level off by one	2010-03-12 22:26:03 +00:00
Nalin Dahyabhai	fe99267cdf	- add documentation for the ticket_lifetime option (#561174 )	2010-03-12 20:44:02 +00:00
Nalin Dahyabhai	daa38f9cf3	- drop this; we're not going to worry about it	2010-03-11 19:24:17 +00:00
Nalin Dahyabhai	e03499409a	- drop this; it's not sufficient any more anyway	2010-03-11 19:20:22 +00:00
Nalin Dahyabhai	0f6f154014	- correct a few typos - note the review bug for splitting out krb5-appl	2010-03-08 20:10:52 +00:00
Nalin Dahyabhai	a32fda650f	- this patch is no longer needed; at some point between 1.7 and 1.8 this was fixed in SVN	2010-03-08 18:16:23 +00:00
Nalin Dahyabhai	516763ea91	- pull up patch to get the client libraries to correctly perform password changes over IPv6 (Sumit Bose, RT#6661)	2010-03-08 16:47:24 +00:00
Nalin Dahyabhai	75b08040ff	- update to 1.8 - temporarily bundling the krb5-appl package (split upstream as of 1.8) until its package review is complete - profile.d scriptlets are now only needed by -workstation-clients - adjust paths in init scripts - drop upstreamed fix for KDC denial of service (CVE-2010-0283) - drop patch to check the user's password correctly using crypt(), which isn't a code path we hit when we're using PAM	2010-03-05 22:19:38 +00:00
Nalin Dahyabhai	9c84ef7b56	- whoops, revert inadvertent not-working version bump	2010-03-03 16:16:35 +00:00
Nalin Dahyabhai	5ee10a1ffb	- fix a null pointer dereference and crash introduced in our PAM patch that would happen if ftpd was given the name of a user who wasn't known to the local system, limited to being triggerable by gssapi-authenticated clients by the default xinetd config (Olivier Fourdan, #569472)	2010-03-03 16:09:47 +00:00
Nalin Dahyabhai	d605c80ae2	- fix a regression (not labeling a kdb database lock file correctly, #569902)	2010-03-02 23:01:23 +00:00
Nalin Dahyabhai	669a15d24b	- move the package changelog to the end to match the usual style (jdennis) - scrub out references to $RPM_SOURCE_DIR (jdennis) - include a symlink to the readme with the name LICENSE so that people can find it more easily (jdennis)	2010-02-25 23:00:23 +00:00
Nalin Dahyabhai	33efa14da1	- pull up the change to make kpasswd's behavior better match the docs when there's no ccache (#563431)	2010-02-17 23:25:50 +00:00
Nalin Dahyabhai	20683b0e60	- whoops, that's the wrong filename for the patch	2010-02-16 22:15:46 +00:00
Nalin Dahyabhai	c84cd0185b	- apply patch from upstream to fix KDC denial of service (CVE-2010-0283, #566002)	2010-02-16 21:45:25 +00:00
Nalin Dahyabhai	edcbea8d17	- update to 1.7.1 - don't trip AD lockout on wrong password (#542687, #554351) - incorporates fixes for CVE-2009-4212 and CVE-2009-3295 - fixes gss_krb5_copy_ccache() when SPNEGO is used - move sim_client/sim_server, gss-client/gss-server, uuclient/uuserver to the devel subpackage, better lining up with the expected krb5/krb5-appl split in 1.8 - drop kvno,kadmin,k5srvutil,ktutil from -workstation-servers, as it already depends on -workstation which also includes them	2010-02-03 17:11:35 +00:00
Nalin Dahyabhai	f20db54891	- tighten up default permissions on kdc.conf and kadm5.acl (#558343 )	2010-01-25 16:58:14 +00:00
Nalin Dahyabhai	9a31789f24	- use portreserve correctly -- portrelease takes the basename of the file whose entries should be released, so we need three files, not one	2010-01-22 15:08:24 +00:00
Nalin Dahyabhai	304c10003d	- suppress warnings of impending password expiration if expiration is more than seven days away when the KDC reports it via the last-req field, just as we already do when it reports expiration via the key-expiration field (#556495) - link with libtinfo rather than libncurses, when we can, in future RHEL	2010-01-18 20:13:04 +00:00
Nalin Dahyabhai	da536a5974	- krb5_get_init_creds_password: check opte->flags instead of options->flags when checking whether or not we get to use the prompter callback (#555875)	2010-01-15 20:24:36 +00:00
Nalin Dahyabhai	2baf72c02f	- use portreserve to make sure the KDC can always bind to the kerberos-iv port, kpropd can always bind to the krb5_prop port, and that kadmind can always bind to the kerberos-adm port (#555279) - correct inadvertent use of macros in the changelog (rpmlint)	2010-01-14 21:14:26 +00:00
Nalin Dahyabhai	60b2cbeb09	- fix the description of the problem	2010-01-12 19:27:00 +00:00
Nalin Dahyabhai	c81c7789b7	- add upstream patches for KDC crash during AES and RC4 decryption (CVE-2009-4212), via Tom Yu (#545015)	2010-01-12 19:24:24 +00:00
Nalin Dahyabhai	3ad86e219a	- back down to the earlier version of the patch for #551764 ; the backported alternate version was incomplete	2010-01-06 23:54:23 +00:00
Nalin Dahyabhai	abd49c944b	- put the conditional back for the -devel subpackage	2010-01-06 20:05:00 +00:00
Nalin Dahyabhai	b199476767	- pull up proposed patch for creating previously-not-there lock files for kdb databases when 'kdb5_util' is called to 'load' (#551764)	2010-01-05 22:55:55 +00:00
Nalin Dahyabhai	65631fa1bb	- use %%global instead of %%define - fix conditional for future RHEL	2010-01-05 22:55:30 +00:00
Nalin Dahyabhai	14efc0c6dd	- add tracking bug ID for the latest security patch	2010-01-04 15:59:00 +00:00
Nalin Dahyabhai	795e5e14a6	- add upstream patch for KDC crash during referral processing (CVE-2009-3295), via Tom Yu	2010-01-04 15:56:24 +00:00
Nalin Dahyabhai	a019df8a50	- fix a typo	2009-12-21 19:41:25 +00:00
Nalin Dahyabhai	cc8c049fe1	refresh patch for #542868 from trunk	2009-12-21 19:27:25 +00:00
Nalin Dahyabhai	ec702e8192	- move man pages that live in the -libs subpackage into the regular %%{_mandir} tree where they'll still be found if that package is the only one %installed (#529319)	2009-12-10 22:50:50 +00:00
Nalin Dahyabhai	bfccd3939a	- re-enable this change: - try to make gss_krb5_copy_ccache() work correctly for spnego (#542868)	2009-12-09 21:40:48 +00:00
Nalin Dahyabhai	f21202d6a4	back that last change out	2009-12-08 20:51:25 +00:00
Nalin Dahyabhai	2358ad9bad	- try to make gss_krb5_copy_ccache() work correctly for spnego (#542868 )	2009-12-08 20:05:41 +00:00
Nalin Dahyabhai	d59dcd39c0	- make krb5-config suppress CFLAGS output when called with --libs (#544391 )	2009-12-04 22:16:38 +00:00
Nalin Dahyabhai	19b0f85a6e	- configure with --enable-dns-for-realm instead of --enable-dns, which isn't recognized any more	2009-12-03 23:26:02 +00:00
Nalin Dahyabhai	fd8edea8d9	- move /etc/pam.d/ksu from krb5-workstation-servers to krb5-workstation, where it's actually needed (#538703)	2009-11-20 16:09:35 +00:00
Nalin Dahyabhai	c6f29fd1c4	add some conditional logic to simplify building on older Fedora releases	2009-10-23 20:29:53 +00:00
Nalin Dahyabhai	0abe2288c5	- don't forget the readme file	2009-10-13 15:49:29 +00:00
Nalin Dahyabhai	d2ad657773	- specify the location of the subsystem lock when using the status() function in the kadmind and kpropd init scripts, so that we get the right error when we're dead but have a lock file - requires initscripts 8.99 (#521772)	2009-09-14 17:18:59 +00:00
Nalin Dahyabhai	060205dbf8	- if the init script fails to start krb5kdc/kadmind/kpropd because it's already running (according to status()), return 0 (part of #521772)	2009-09-08 19:08:28 +00:00
Nalin Dahyabhai	51ff876d52	- work around a compile problem with new openssl	2009-08-24 15:51:36 +00:00
Tomáš Mráz	c297ec78d9	- rebuilt with new openssl	2009-08-21 14:11:01 +00:00
Jesse Keating	dd62488dfd	- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild	2009-07-25 04:46:50 +00:00
Nalin Dahyabhai	e1e3b07810	- simplify the man pages patch by only preprocessing the files we care about and moving shared configure.in logic into a shared function	2009-07-06 22:56:11 +00:00
Nalin Dahyabhai	9e296310c6	- catch the case of ftpd printing file sizes using %i, when they might be bigger than an int now	2009-07-06 22:54:34 +00:00
Nalin Dahyabhai	6f1fb7d51e	- try to merge and clean up all the large file support for ftp and rcp	2009-07-01 17:52:16 +00:00
Nalin Dahyabhai	c835c2a921	- switch buildrequires: and requires: on e2fsprogs-devel into buildrequires: and requires: on libss-devel, libcom_err-devel, per sandeen on fedora-devel-list	2009-06-29 19:28:01 +00:00
Nalin Dahyabhai	3f291ca045	- selinux labeling: use selabel_open() family of functions rather than matchpathcon(), bail on it if attempting to get the mutex lock fails	2009-06-26 21:45:54 +00:00
Nalin Dahyabhai	84ade2f840	- fix a type mismatch in krb5_copy_error_message() - ftp: fix some odd use of strlen()	2009-06-26 21:36:54 +00:00
Nalin Dahyabhai	1d6f8b9bad	- compile with %%{?_smp_mflags} (Steve Grubb) - drop the bit where we munge part of the error table header, as it's not needed any more	2009-06-16 21:29:37 +00:00
Nalin Dahyabhai	aecce15d40	add and own %%{_libdir}/krb5/plugins/authdata	2009-06-05 15:18:29 +00:00
Nalin Dahyabhai	34072014a1	remove obsolete files	2009-06-04 22:38:18 +00:00
Nalin Dahyabhai	2f1613d440	- update to 1.7, second pass	2009-06-04 22:09:07 +00:00
Nalin Dahyabhai	3c1272ff63	- add an auth stack to ksu's PAM configuration so that pam_setcred() calls won't just fail	2009-05-19 23:21:48 +00:00
Nalin Dahyabhai	06c77ea1cd	- make PAM support for ksu also set PAM_RUSER	2009-05-11 18:19:08 +00:00
Nalin Dahyabhai	df43b1e2b6	yeah, actually bump the release number	2009-04-23 22:51:25 +00:00
Nalin Dahyabhai	5ebd815122	- extend PAM support to ksu: perform account and session management for the target user - pull up and merge James Leddy's changes to also set PAM_RHOST in PAM-aware network-facing services	2009-04-23 22:43:26 +00:00
Nalin Dahyabhai	d3b2b69619	- fix a typo in a ksu error message (Marek Mahut)	2009-04-21 18:46:52 +00:00
Nalin Dahyabhai	f0389e0488	note why we don't just run make check here	2009-04-20 21:15:12 +00:00
Nalin Dahyabhai	724545eab6	- add LSB-style informational headers to the init scripts	2009-04-20 20:32:02 +00:00
Nalin Dahyabhai	980855a07a	- explicitly run the pdf generation script using sh (part of #225974 )	2009-04-17 13:29:41 +00:00
Nalin Dahyabhai	f51ed46fff	- remove obsolete patch for CVE-2009-0845 - add patches for read overflow and null pointer dereference in the implementation of the SPNEGO mechanism (CVE-2009-0844, CVE-2009-0845) - add patch for attempt to free uninitialized pointer in libkrb5 (CVE-2009-0846) - add patch to fix length validation bug in libkrb5 (CVE-2009-0847)	2009-04-07 18:16:28 +00:00
Nalin Dahyabhai	d43a03520f	- make the kpropd init script treat reload as restart (part of #225974 )	2009-04-06 20:33:44 +00:00
Nalin Dahyabhai	45bffcbf45	- take the execute bit off of the protocol docs (part of #225974 ) - unflag init scripts as configuration files (part of #225974)	2009-04-06 18:22:58 +00:00
Nalin Dahyabhai	303d2c20d2	- fixup summary texts (part of #225974 )	2009-04-06 18:00:53 +00:00
Nalin Dahyabhai	fa314d1962	- escape possible macros in the changelog (part of #225974 )	2009-04-06 17:52:21 +00:00
Nalin Dahyabhai	5ee95cc082	- clean up buildprereq/prereqs, explicit mktemp requires, and add the ldconfig for the -server-ldap subpackage (part of #225974)	2009-04-06 17:45:29 +00:00
Nalin Dahyabhai	98a3610002	- make splitting up of the workstation bits unconditional	2009-04-06 16:46:35 +00:00
Nalin Dahyabhai	1644a79505	- move the libraries to /%{_lib}, but leave --libdir alone so that plugins get installed and are searched for in the same locations (#473333)	2009-04-06 16:22:45 +00:00
Nalin Dahyabhai	e61be4fa97	- turn off krb4 support (it won't be part of the 1.7 release, but do it now) - use triggeruns to properly shut down and disable krb524d when -server and -workstation-servers gets upgraded, because it's gone now	2009-04-06 15:56:45 +00:00
Nalin Dahyabhai	434cefd85a	- libgssapi_krb5: backport fix for some errors which can occur when we fail to set up the server half of a context (CVE-2009-0845)	2009-03-17 22:26:27 +00:00
Jesse Keating	78b02cd911	- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild	2009-02-25 11:58:27 +00:00
Nalin Dahyabhai	4c798e4ee7	aargh, what year is it?	2009-01-16 16:19:02 +00:00
Nalin Dahyabhai	2bf7daea40	rebuild	2009-01-16 16:17:56 +00:00
Nalin Dahyabhai	b1efb9b86d	- if we successfully change the user's password during an attempt to get initial credentials, but then fail to get initial creds from a non-master using the new password, retry against the master (#432334)	2008-09-04 15:13:51 +00:00
Tom Callaway	bb9aa2106c	fix license tag	2008-08-05 17:46:07 +00:00
Nalin Dahyabhai	2352d208e3	- define ASN1BUF_OMIT_INLINE_FUNCS at compile-time (for now) to keep building	2008-07-16 21:54:24 +00:00
Nalin Dahyabhai	b5dfa8576a	quote %%{__cc} where needed because it includes whitespace now	2008-07-16 18:40:35 +00:00
Nalin Dahyabhai	6197407f58	- clear fuzz out of patches, dropping a man page patch which is no longer necessary	2008-07-16 18:09:47 +00:00
Nalin Dahyabhai	14f675bab9	- build with -fno-strict-aliasing, which is needed because the library triggers these warnings	2008-07-11 15:16:54 +00:00
Nalin Dahyabhai	37b6c5e715	- rework how labeling is handled to avoid a bootstrapping problem in headers - don't forget to label the principal database lock file	2008-07-11 15:14:57 +00:00
Tom Callaway	f06f7f1e03	generate include/krb5/krb5.h before building, fix conditional for sparcv9	2008-06-14 18:22:01 +00:00
Nalin Dahyabhai	9f105b4df2	- ftp: use the correct local filename during mget when the 'case' option is enabled (#442713)	2008-04-16 18:54:08 +00:00
Nalin Dahyabhai	af9bedd61a	- stop exporting kadmin keys to a keytab file when kadmind starts -- the daemon's been able to use the database directly for a long long time now - belatedly add aes128,aes256 to the default set of supported key types	2008-04-04 21:29:53 +00:00
Nalin Dahyabhai	f56b6ee2db	bump for build	2008-04-01 20:54:54 +00:00
Nalin Dahyabhai	ddde7d0f6e	- libgssapi_krb5: properly export the acceptor subkey when creating a lucid context (Kevin Coffman, via the nfs4 mailing list)	2008-04-01 20:53:54 +00:00
Nalin Dahyabhai	7668599d1d	- add fixes from MITKRB5-SA-2008-001 for use of null or dangling pointer when v4 compatibility is enabled on the KDC (CVE-2008-0062, CVE-2008-0063, #432620, #432621) - add fixes from MITKRB5-SA-2008-002 for array out-of-bounds accesses when high-numbered descriptors are used (CVE-2008-0947, #433596) - add backport bug fix for an attempt to free non-heap memory in libgssapi_krb5 (CVE-2007-5901, #415321) - add backport bug fix for a double-free in out-of-memory situations in libgssapi_krb5 (CVE-2007-5971, #415351)	2008-03-18 18:13:22 +00:00
Nalin Dahyabhai	638efe585f	- rework file labeling patch to not depend on fragile preprocessor trickery, in another attempt at fixing #428355 and friends	2008-03-18 15:35:39 +00:00
Nalin Dahyabhai	723980d239	bump release number for rebuild	2008-02-26 21:48:24 +00:00
Nalin Dahyabhai	d4963922a8	- ftp: add patch to fix "runique on" case when globbing fixes applied - stop adding a redundant but harmless call to initialize the gssapi internals	2008-02-26 21:18:38 +00:00
Nalin Dahyabhai	2a567feda3	- add the bug ID, close the bug	2008-02-25 20:55:41 +00:00
Nalin Dahyabhai	d5971d2776	- add patch to suppress double-processing of /etc/krb5.conf when we build with --sysconfdir=/etc, thereby suppressing double-logging (#231147)	2008-02-25 20:53:41 +00:00
Nalin Dahyabhai	d73fcc15fb	- remove a patch to fix problems with interfaces which are "up" but which have no address assigned which conflicted with a change to fix the same problem in 1.5 (#200979)	2008-02-25 19:58:51 +00:00
Nalin Dahyabhai	2cc4303bbc	- ftp: don't lose track of a descriptor on passive get when the server fails to open a file	2008-02-25 19:50:42 +00:00
Nalin Dahyabhai	a7d42c7b03	- in login, allow PAM to interact with the user when they've been strongly authenticated - in login, signal PAM when we're changing an expired password that it's an expired password, so that when cracklib flags a password as being weak it's treated as an error even if we're running as root	2008-02-25 18:33:34 +00:00
Nalin Dahyabhai	8e9e1c07b0	- drop netdb patch - kdb_ldap: add patch to treat 'nsAccountLock: true' as an indication that the DISALLOW_ALL_TIX flag is set on an entry, for better interop with Fedora, Netscape, Red Hat Directory Server (Simo Sorce)	2008-02-18 18:44:39 +00:00
Nalin Dahyabhai	a77ce35c52	- avoid depending on <netdb.h> to define NI_MAXHOST and NI_MAXSERV for us	2008-02-13 23:10:32 +00:00
Nalin Dahyabhai	e4d2a874a4	- enable patch for key-expiration reporting - enable patch to make kpasswd fall back to TCP if UDP fails - enable patch to make kpasswd use the right sequence number on retransmit - enable patch to allow mech-specific creds delegated under spnego to be found when searching for creds	2008-02-12 16:22:38 +00:00
Nalin Dahyabhai	3d4d8cf991	- note RT numbers for reference - include but don't apply the other suggested patch for kpasswd-doesn't-use-tcp	2008-01-23 18:27:03 +00:00
Nalin Dahyabhai	dcfbb5995a	- revise to reference a different patch which we also don't apply	2008-01-03 16:51:53 +00:00
Nalin Dahyabhai	f25a7f96a5	- reference unapplied patch to fix password-changing with servers other than the first one we try to contact - reference bug 242502 (rawhide) instead of 242500 (rhel)	2008-01-03 15:47:35 +00:00
Nalin Dahyabhai	1343fd1973	- bump the release	2008-01-02 17:06:19 +00:00
Nalin Dahyabhai	48872e3b7b	- right, new year	2008-01-02 17:05:02 +00:00
Nalin Dahyabhai	f072055a76	- some init script cleanups - drop unquoted check and silent exit for "$NETWORKING" (#426852, #242500) - krb524: don't barf on missing database if it looks like we're using kldap, same as for kadmin - return non-zero status for missing files which cause startup to fail	2008-01-02 17:03:38 +00:00
Nalin Dahyabhai	0aaa920daa	- allocate space for the nul-terminator in the local pathname when looking up a file context, and properly free a previous context (Jose Plans, #426085)	2007-12-18 18:34:06 +00:00
Nalin Dahyabhai	ea868608c1	rebuild	2007-12-05 15:21:20 +00:00
Nalin Dahyabhai	6c3186e173	note the CVE for needing the revised patch	2007-11-13 21:58:04 +00:00
Nalin Dahyabhai	4ba98f8eab	add duplicate bug id	2007-11-13 21:41:20 +00:00
Nalin Dahyabhai	276a481e88	- update to 1.6.3, dropping now-integrated patches for CVE-2007-3999 and CVE-2007-4000 (the new pkinit module is built conditionally and goes into the -pkinit-openssl package, at least for now, to make a buildreq loop with openssl avoidable)	2007-10-23 19:40:45 +00:00
Nalin Dahyabhai	a0f391756d	- make proper use of pam_loginuid and pam_selinux in rshd and ftpd	2007-10-17 17:48:52 +00:00
Nalin Dahyabhai	528eff0ac5	- make krb5.conf %%verify(not md5 size mtime) in addition to %%config(noreplace), like /etc/nsswitch.conf (#329811)	2007-10-12 18:32:28 +00:00
Nalin Dahyabhai	6e3299423a	- proposed fix for not being able to find delegated krb5 creds when using spnego	2007-10-04 22:08:39 +00:00
Nalin Dahyabhai	1dd0ff3e30	- proposed patch to fix receipt of delegated creds in mod_auth_kerb	2007-10-01 19:40:47 +00:00
Nalin Dahyabhai	14a08486e8	- add the bug ID to the kadmind fixes, note Fran's patch was identical to the one I thought we were already using in the F-7 branch	2007-09-17 20:47:02 +00:00
Nalin Dahyabhai	2688de92f1	- move the db2 kdb plugin from -server to -libs, because a multilib libkdb might need it	2007-09-11 20:52:15 +00:00
Nalin Dahyabhai	83381c77e7	- also perform PAM session and credential management when ftpd accepts a client using strong authentication, missed earlier - also label kadmind log files and files created by the db2 plugin	2007-09-11 14:12:38 +00:00
Nalin Dahyabhai	251df090d0	bump the revision	2007-09-06 20:09:14 +00:00
Nalin Dahyabhai	07adde54fa	- incorporate updated fix for CVE-2007-3999	2007-09-06 20:08:19 +00:00
Nalin Dahyabhai	b54c6a0718	- incorporate fixes for MITKRB5-SA-2007-006 (CVE-2007-3999, CVE-2007-4000)	2007-09-04 18:10:23 +00:00
Nalin Dahyabhai	929680a650	add missing gawk buildrequirement	2007-08-25 05:12:34 +00:00
Nalin Dahyabhai	8499d2199c	- actually bump the release number	2007-08-25 04:33:13 +00:00
Nalin Dahyabhai	5502d6651d	- cover more cases in labeling files on creation	2007-08-25 04:31:34 +00:00
Nalin Dahyabhai	e0443e5457	- experimental ok-as-delegate setting patch (not applied)	2007-08-25 04:28:10 +00:00
Nalin Dahyabhai	79f8a98d4f	rebuild	2007-08-23 20:50:42 +00:00
Nalin Dahyabhai	2f7dffc0f3	- include but don't apply	2007-07-26 19:08:20 +00:00
Nalin Dahyabhai	fbe8865459	- kdc.conf: default to listening for TCP clients, too (#248415 )	2007-07-26 18:36:57 +00:00
Nalin Dahyabhai	34ce3fe705	- add a preliminary patch for #231147 . initially not applied.	2007-07-23 21:01:33 +00:00
Nalin Dahyabhai	c0cd730c79	- update to 1.6.2 - add "buildrequires: texinfo-tex" to get texi2pdf	2007-07-19 16:50:28 +00:00
Nalin Dahyabhai	147635188d	add CVE identifiers to the more recent changelog	2007-06-27 18:39:06 +00:00
Nalin Dahyabhai	cd3f50fb19	- incorporate fixes for MITKRB5-SA-2007-004 and MITKRB5-SA-2007-005	2007-06-27 06:08:01 +00:00
Nalin Dahyabhai	196ea67f06	- add missing pam-devel build requirement, force selinux-or-fail build	2007-06-25 01:16:51 +00:00
Nalin Dahyabhai	cb76d1ea2b	rebuild	2007-06-25 00:56:37 +00:00
Nalin Dahyabhai	d360ed53e4	- label all files at creation-time according to the SELinux policy (#228157)	2007-06-25 00:55:25 +00:00
Nalin Dahyabhai	e773dcc288	- um, maybe not just yet	2007-06-22 22:33:07 +00:00
Nalin Dahyabhai	2ecf4e22d8	nope, we don't provide that file	2007-06-22 22:15:03 +00:00
Nalin Dahyabhai	70ccd082ae	- oops, note that pam changes went in, too	2007-06-22 22:10:15 +00:00
Nalin Dahyabhai	117cdbbea7	- preprocess kerberos.ldif into a format FDS will like better, and include that as a doc file as well	2007-06-22 22:06:27 +00:00
Nalin Dahyabhai	37416c24a6	- switch man pages to being generated with the right paths in them - drop old, incomplete SELinux patch - add patch from Greg Hudson to make srvtab routines report missing-file errors at same point that keytab routines do (#241805)	2007-06-22 22:04:38 +00:00
Nalin Dahyabhai	ad9d82cb5c	- pull patch from svn to undo unintentional chattiness in ftp - pull patch from svn to handle NULL krb5_get_init_creds_opt structures better in a couple of places where they're expected	2007-05-24 15:43:24 +00:00
Nalin Dahyabhai	3f30bc2d6d	bump release number	2007-05-23 22:06:26 +00:00
Nalin Dahyabhai	7877c27fc3	- bump to 1.6.1	2007-05-23 21:48:27 +00:00
Nalin Dahyabhai	a9c20b1574	- kadmind.init: don't fail outright if the default principal database isn't there if it looks like we might be using the kldap plugin - kadmind.init: attempt to extract the key for the host-specific kadmin service when we try to create the keytab	2007-05-18 22:16:16 +00:00
Nalin Dahyabhai	ea9e19241a	- omit dependent libraries from the krb5-config --libs output, as using shared libraries (no more static libraries) makes them unnecessary and they're not part of the libkrb5 interface (patch by Rex Dieter, #240220) (strips out libkeyutils, libresolv, libdl)	2007-05-16 19:48:19 +00:00
Nalin Dahyabhai	a7114b4891	- pull in keyutils as a build requirement to get the "KEYRING:" ccache type, because we've merged	2007-05-04 19:03:00 +00:00
Nalin Dahyabhai	a321e486d2	- fix an uninitialized length value which could cause a crash when parsing key data coming from a directory server - correct a typo in the krb5.conf man page ("ldap_server"->"ldap_servers")	2007-05-04 18:10:01 +00:00
Nalin Dahyabhai	1739ef7213	- move the default acl_file, dict_file, and admin_keytab settings to the part of the default/example kdc.conf where they'll actually have an effect (#236417)	2007-04-13 19:07:25 +00:00
Nalin Dahyabhai	471b4b51f3	- add patch to correct unauthorized access via krb5-aware telnet daemon (#229782, CVE-2007-0956) - add patch to fix buffer overflow in krb5kdc and kadmind (#231528, CVE-2007-0957) - add patch to fix double-free in kadmind (#231537, CVE-2007-1216)	2007-04-03 18:46:41 +00:00
Nalin Dahyabhai	598e71ffbc	- add a couple of ldap-specific data files as documentation, so that admins have the needed schema for their directory servers	2007-04-03 18:43:05 +00:00
Nalin Dahyabhai	aece600301	whoops, that won't work - can't do core -> extras deps	2007-03-22 20:17:58 +00:00
Nalin Dahyabhai	5c8daeafa2	- add buildrequires: on keyutils-libs-devel to enable use of keyring ccaches, dragging keyutils-libs in as a dependency for everyone	2007-03-22 19:37:26 +00:00
Nalin Dahyabhai	da1eb7f057	- add patch to build semi-useful static libraries, but don't apply it unless we need them	2007-02-28 20:35:53 +00:00
Nalin Dahyabhai	4aefd50874	- make profile.d scriptlets mode 644 instead of 755 (#225974 )	2007-02-19 21:28:07 +00:00
Nalin Dahyabhai	3299c4b519	mock says "no resolv.conf for you!"	2007-01-30 21:21:21 +00:00
Nalin Dahyabhai	cb68887273	- clean up quoting of command-line arguments passed to the krsh/krlogin wrapper scripts	2007-01-30 21:01:21 +00:00
Nalin Dahyabhai	6e6adec726	- initial update to 1.6, making the package-split optional - move workstation daemons to a new subpackage (#81836, #216356, #217301), and make the new subpackage require xinetd (#211885) We don't get static libraries any more. Holding off on build until verification that this doesn't kill other things, or until we get them building in a semi-useful way.	2007-01-23 22:14:15 +00:00
Nalin Dahyabhai	160a188e65	- merge back changes made between fc6 and rawhide to date - somewhere in here we fixed the spelling of James's last name	2007-01-22 21:27:49 +00:00

... 3 4 5 6 7 ...

544 Commits