Roland Mainz
c5c716d7e4
- fix for CVE-2014-5351 ( #1145425 ) "krb5: current keys returned when
...
randomizing the keys for a service principal" (fix rpm spec file)
2014-09-29 23:04:48 +02:00
Roland Mainz
db753ab79b
* Mon Sep 29 2014 Roland Mainz <rmainz@redhat.com> - 1.13-0.alpha1.3
...
- fix for CVE-2014-5351 (#1145425 ) "krb5: current keys returned when
randomizing the keys for a service principal"
2014-09-29 22:53:31 +02:00
Nalin Dahyabhai
67988a74d0
Keep the license from being a dangling symlink
...
Processing of %license puts the named file in a directory other than the
docs directory, and doesn't rewrite relative symlinks to be correct. So
we can't use a symlink to one of them as the license.
2014-09-08 18:57:52 -04:00
Nalin Dahyabhai
56cd96f9bd
Remove the -S flag from kprop.service
...
- kpropd hasn't bothered with -S since 1.11; stop trying to use that
flag in the systemd unit file and change its type from "forking" to
"simple"
2014-08-28 14:05:37 -04:00
Nalin Dahyabhai
8563ebea46
Updating to 1.13 alpha1
2014-08-22 16:14:20 -04:00
Nalin Dahyabhai
c48fd0f0bc
Pull in upstream fix for an mischecked strdup()
...
- pull in upstream fix for an incorrect check on the value returned by a
strdup() call (#1132062 )
2014-08-20 17:36:44 -04:00
Peter Robinson
9c7c7781c4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
2014-08-17 00:48:14 +00:00
Nalin Dahyabhai
f3d3f13006
Upload 1.12.2 sources
2014-08-15 15:20:08 -04:00
Nalin Dahyabhai
4f7f51121b
drop patch for CVE-2014-4345, included in 1.12.2
2014-08-15 15:04:26 -04:00
Nalin Dahyabhai
7880fca0ad
drop patch for CVE-2014-4344, included in 1.12.2
2014-08-15 15:02:04 -04:00
Nalin Dahyabhai
b234a3d334
drop patch for CVE-2014-4343, included in 1.12.2
2014-08-15 15:01:01 -04:00
Nalin Dahyabhai
56235f0463
drop patches for CVE-2014-4341/CVE-2014-4342, included in 1.12.2
2014-08-15 14:59:36 -04:00
Nalin Dahyabhai
2184fad363
drop patch for RT#7926, fixed in 1.12.2
2014-08-15 14:56:39 -04:00
Nalin Dahyabhai
7041f914bd
drop patch for RT#7924, fixed in 1.12.2
2014-08-15 14:52:23 -04:00
Nalin Dahyabhai
0bd95b4771
drop patch for RT#7858, fixed in 1.12.2
2014-08-15 14:50:08 -04:00
Nalin Dahyabhai
b3f78cf0dc
Update for 1.12.2
2014-08-15 14:43:47 -04:00
Nalin Dahyabhai
d41320b7c1
drop patch for RT#7836, fixed in 1.12.2
2014-08-15 14:37:24 -04:00
Nalin Dahyabhai
1d44a8f927
drop patch for RT#7818, fixed in 1.12.2
2014-08-15 14:35:45 -04:00
Nalin Dahyabhai
f543a683b0
Drop patch for #231147 , fixed in 1.12.2
2014-08-15 14:13:21 -04:00
Nalin Dahyabhai
e5a4698cf5
drop patch for RT#7820, merged in 1.12.2
2014-08-15 14:02:13 -04:00
Nalin Dahyabhai
c042f71c80
Update collection cache patch set for ksu
...
- replace older proposed changes for ksu with backports of the changes
after review and merging upstream (#1015559 , #1026099 , #1118347 )
2014-08-15 14:00:14 -04:00
Nalin Dahyabhai
b324000e34
fix MITKRB5-SA-2014-001 (CVE-2014-4345)
...
- incorporate fix for MITKRB5-SA-2014-001 (CVE-2014-4345)
2014-08-07 19:25:49 -04:00
Nalin Dahyabhai
38595f5338
Add patch for CVE-2014-4344
...
- gssapi: pull in upstream fix for a possible NULL dereference
in spnego (CVE-2014-4344)
2014-07-21 17:51:10 -04:00
Nalin Dahyabhai
24f7f1a446
Update to upstream patch
...
Update to the as-committed version of this patch, which affects the
comments it includes.
2014-07-21 17:19:42 -04:00
Nalin Dahyabhai
9594be4f3a
Add proposed fix for a double-free in gss clients
...
- gssapi: pull in proposed fix for a double free in initiators (David
Woodhouse, #1117963 )
2014-07-16 15:14:38 -04:00
Tom Callaway
79897b3c5d
fix license handling
2014-07-12 18:45:11 -04:00
Nalin Dahyabhai
e2bc024559
Pull in fix for CVE-2014-4341/CVE-2014-4342
...
- pull in fix for denial of service by injection of malformed GSSAPI
tokens (CVE-2014-4341, CVE-2014-4342, #1116181 )
2014-07-07 17:56:12 -04:00
Nalin Dahyabhai
40e2189ede
Backport support for scanning /etc/gss/mech.d/*.conf
...
- pull in changes from upstream which add processing of the contents of
/etc/gss/mech.d/*.conf when loading GSS modules (#1102839 )
2014-06-24 16:47:17 -04:00
Nalin Dahyabhai
47d56d9162
Fix FTBFS #1107061 using a patch from upstream
...
- pull in fix for building against tcl 8.6 (#1107061 )
2014-06-12 16:23:15 -04:00
Nalin Dahyabhai
790a56ba59
Add a buildrequires: on texlive-pdftex
...
We were having trouble building the PDFs due to a missing pdfcolor.tex
after the latest update to python-sphinx, but an even newer
texlive-pdftex provides that, so add it as a BuildRequires:
2014-06-12 12:04:06 -04:00
Dennis Gilmore
dd2e1e4398
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
2014-06-07 22:22:03 -05:00
Nathaniel McCallum
44d0e80df0
Backport fix for change password requests when using FAST (RT#7868)
2014-03-04 11:22:42 -05:00
Nalin Dahyabhai
2550f0f56b
Backport fix for RT#7858
...
- spnego: pull in patch from master to restore preserving the OID of the
mechanism the initiator requested when we have multiple OIDs for the
same mechanism, so that we reply using the same mechanism OID and the
initiator doesn't get confused (#1066000 , RT#7858)
2014-02-17 21:06:07 -05:00
Nalin Dahyabhai
c0d64aa79f
Note that "runstatedir" changes are also #1040056
2014-02-10 14:17:15 -05:00
Nalin Dahyabhai
bdb8c58c53
Move the default directory for OTP sockets to /var/run/krb5kdc
...
- pull in patch from master to move the default directory which the KDC
uses when computing the socket path for a local OTP daemon from the
database directory (/var/kerberos/krb5kdc) to the newly-added run
directory (/run/krb5kdc), in line with what we're expecting in 1.13
(RT#7859)
- add a tmpfiles.d configuration file to have /run/krb5kdc created at
boot-time
- own /var/run/krb5kdc
2014-02-07 16:13:29 -05:00
Nalin Dahyabhai
99444865b1
Add those proposed patches
...
... as referenced by 9b18d26ce3
2014-02-05 14:53:25 -05:00
Nalin Dahyabhai
419c14d6ac
Pull from the right wrapper branches
...
... and add our local patch to fix the bind-then-connect case.
2014-02-04 15:31:21 -05:00
Nalin Dahyabhai
956ccfdfb4
refresh nss_wrapper, add socket_wrapper
2014-01-31 16:56:05 -05:00
Nalin Dahyabhai
5c7bab5883
Take x bit off of an html doc file, fix whitespace
2014-01-31 16:55:11 -05:00
Nalin Dahyabhai
9b18d26ce3
Add proposed ksu KEYRING+default_ccache_name patch
...
- add currently-proposed changes to teach ksu about credential cache
collections and the default_ccache_name setting (#1015559,#1026099)
2014-01-31 16:55:05 -05:00
Nalin Dahyabhai
2eb0567065
Backport changes to allow "rcache" credstores
...
- pull in multiple changes to allow replay caches to be added to a GSS
credential store as "rcache"-type credentials (RT#7818/#7819/#7836,
#1056078/#1056080)
2014-01-21 18:52:57 -05:00
Nalin Dahyabhai
79cf8c599f
Pull this patch from master, instead
2014-01-17 11:47:53 -05:00
Nalin Dahyabhai
ca47c3ce74
Finish updating to 1.12.1
2014-01-17 11:08:51 -05:00
Nalin Dahyabhai
792d78fa47
Backport fixes for timesync with keyring caches
...
add patch to always retrieve the KDC time offsets from keyring caches,
so that we don't mistakenly interpret creds as expired before their
time when our clock is ahead of the KDC's (RT#7820, #1030607 )
2014-01-17 10:58:19 -05:00
Nalin Dahyabhai
4dec248a05
Drop obsolete patches
2014-01-17 10:55:16 -05:00
Nalin Dahyabhai
8ae5258eb3
Drop obsolete patch
2014-01-17 10:48:08 -05:00
Nalin Dahyabhai
29afef6c24
Drop obsolete patch
2014-01-17 10:47:01 -05:00
Nalin Dahyabhai
007e77a2b3
Drop obsolete patch
2014-01-17 10:17:19 -05:00
Nalin Dahyabhai
6a8573e3af
Drop obsolete patch
2014-01-17 10:08:58 -05:00
Nalin Dahyabhai
0b6ebaab00
Drop obsolete patch
2014-01-17 09:59:39 -05:00