rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity
595 Commits 9 Branches 46 Tags 7.8 MiB
9f497eac9f
Commit Graph

404 Commits

Author SHA1 Message Date
Nalin Dahyabhai
4a2bf7dc5d - add upstream fix for denial-of-service in SPNEGO (CVE-2010-0628) 2010-03-23 18:07:13 +00:00
Nalin Dahyabhai
1f83fab4c7 - remove the krb5-appl bits (the -workstation-clients and 
-workstation-servers subpackages) now that krb5-appl is its own package
 2010-03-19 21:15:33 +00:00
Nalin Dahyabhai
39cf8a4b2d - whoops, -p level off by one 2010-03-12 22:26:03 +00:00
Nalin Dahyabhai
fe99267cdf - add documentation for the ticket_lifetime option (#561174) 2010-03-12 20:44:02 +00:00
Nalin Dahyabhai
daa38f9cf3 - drop this; we're not going to worry about it 2010-03-11 19:24:17 +00:00
Nalin Dahyabhai
e03499409a - drop this; it's not sufficient any more anyway 2010-03-11 19:20:22 +00:00
Nalin Dahyabhai
0f6f154014 - correct a few typos 
- note the review bug for splitting out krb5-appl
 2010-03-08 20:10:52 +00:00
Nalin Dahyabhai
a32fda650f - this patch is no longer needed; at some point between 1.7 and 1.8 this 
was fixed in SVN
 2010-03-08 18:16:23 +00:00
Nalin Dahyabhai
516763ea91 - pull up patch to get the client libraries to correctly perform password 
changes over IPv6 (Sumit Bose, RT#6661)
 2010-03-08 16:47:24 +00:00
Nalin Dahyabhai
75b08040ff - update to 1.8 
- temporarily bundling the krb5-appl package (split upstream as of 1.8)
    until its package review is complete
- profile.d scriptlets are now only needed by -workstation-clients
- adjust paths in init scripts
- drop upstreamed fix for KDC denial of service (CVE-2010-0283)
- drop patch to check the user's password correctly using crypt(), which
    isn't a code path we hit when we're using PAM
 2010-03-05 22:19:38 +00:00
Nalin Dahyabhai
9c84ef7b56 - whoops, revert inadvertent not-working version bump 2010-03-03 16:16:35 +00:00
Nalin Dahyabhai
5ee10a1ffb - fix a null pointer dereference and crash introduced in our PAM patch that 
would happen if ftpd was given the name of a user who wasn't known to
    the local system, limited to being triggerable by gssapi-authenticated
    clients by the default xinetd config (Olivier Fourdan, #569472)
 2010-03-03 16:09:47 +00:00
Nalin Dahyabhai
d605c80ae2 - fix a regression (not labeling a kdb database lock file correctly, 
#569902)
 2010-03-02 23:01:23 +00:00
Nalin Dahyabhai
669a15d24b - move the package changelog to the end to match the usual style (jdennis) 
- scrub out references to $RPM_SOURCE_DIR (jdennis)
- include a symlink to the readme with the name LICENSE so that people can
    find it more easily (jdennis)
 2010-02-25 23:00:23 +00:00
Nalin Dahyabhai
33efa14da1 - pull up the change to make kpasswd's behavior better match the docs when 
there's no ccache (#563431)
 2010-02-17 23:25:50 +00:00
Nalin Dahyabhai
20683b0e60 - whoops, that's the wrong filename for the patch 2010-02-16 22:15:46 +00:00
Nalin Dahyabhai
c84cd0185b - apply patch from upstream to fix KDC denial of service (CVE-2010-0283, 
#566002)
 2010-02-16 21:45:25 +00:00
Nalin Dahyabhai
edcbea8d17 - update to 1.7.1 
- don't trip AD lockout on wrong password (#542687, #554351)
- incorporates fixes for CVE-2009-4212 and CVE-2009-3295
- fixes gss_krb5_copy_ccache() when SPNEGO is used
- move sim_client/sim_server, gss-client/gss-server, uuclient/uuserver to
    the devel subpackage, better lining up with the expected krb5/krb5-appl
    split in 1.8
- drop kvno,kadmin,k5srvutil,ktutil from -workstation-servers, as it
    already depends on -workstation which also includes them
 2010-02-03 17:11:35 +00:00
Nalin Dahyabhai
f20db54891 - tighten up default permissions on kdc.conf and kadm5.acl (#558343) 2010-01-25 16:58:14 +00:00
Nalin Dahyabhai
9a31789f24 - use portreserve correctly -- portrelease takes the basename of the file 
whose entries should be released, so we need three files, not one
 2010-01-22 15:08:24 +00:00
Nalin Dahyabhai
304c10003d - suppress warnings of impending password expiration if expiration is more 
than seven days away when the KDC reports it via the last-req field,
    just as we already do when it reports expiration via the key-expiration
    field (#556495)
- link with libtinfo rather than libncurses, when we can, in future RHEL
 2010-01-18 20:13:04 +00:00
Nalin Dahyabhai
da536a5974 - krb5_get_init_creds_password: check opte->flags instead of options->flags 
when checking whether or not we get to use the prompter callback
    (#555875)
 2010-01-15 20:24:36 +00:00
Nalin Dahyabhai
2baf72c02f - use portreserve to make sure the KDC can always bind to the kerberos-iv 
port, kpropd can always bind to the krb5_prop port, and that kadmind
    can always bind to the kerberos-adm port (#555279)
- correct inadvertent use of macros in the changelog (rpmlint)
 2010-01-14 21:14:26 +00:00
Nalin Dahyabhai
60b2cbeb09 - fix the description of the problem 2010-01-12 19:27:00 +00:00
Nalin Dahyabhai
c81c7789b7 - add upstream patches for KDC crash during AES and RC4 decryption 
(CVE-2009-4212), via Tom Yu (#545015)
 2010-01-12 19:24:24 +00:00
Nalin Dahyabhai
3ad86e219a - back down to the earlier version of the patch for #551764; the backported 
alternate version was incomplete
 2010-01-06 23:54:23 +00:00
Nalin Dahyabhai
abd49c944b - put the conditional back for the -devel subpackage 2010-01-06 20:05:00 +00:00
Nalin Dahyabhai
b199476767 - pull up proposed patch for creating previously-not-there lock files for 
kdb databases when 'kdb5_util' is called to 'load' (#551764)
 2010-01-05 22:55:55 +00:00
Nalin Dahyabhai
65631fa1bb - use %%global instead of %%define 
- fix conditional for future RHEL
 2010-01-05 22:55:30 +00:00
Nalin Dahyabhai
14efc0c6dd - add tracking bug ID for the latest security patch 2010-01-04 15:59:00 +00:00
Nalin Dahyabhai
795e5e14a6 - add upstream patch for KDC crash during referral processing 
(CVE-2009-3295), via Tom Yu
 2010-01-04 15:56:24 +00:00
Nalin Dahyabhai
a019df8a50 - fix a typo 2009-12-21 19:41:25 +00:00
Nalin Dahyabhai
cc8c049fe1 refresh patch for #542868 from trunk 2009-12-21 19:27:25 +00:00
Nalin Dahyabhai
ec702e8192 - move man pages that live in the -libs subpackage into the regular 
%%{_mandir} tree where they'll still be found if that package is the
    only one %installed (#529319)
 2009-12-10 22:50:50 +00:00
Nalin Dahyabhai
bfccd3939a - re-enable this change: 
- try to make gss_krb5_copy_ccache() work correctly for spnego (#542868)
 2009-12-09 21:40:48 +00:00
Nalin Dahyabhai
f21202d6a4 back that last change out 2009-12-08 20:51:25 +00:00
Nalin Dahyabhai
2358ad9bad - try to make gss_krb5_copy_ccache() work correctly for spnego (#542868) 2009-12-08 20:05:41 +00:00
Nalin Dahyabhai
d59dcd39c0 - make krb5-config suppress CFLAGS output when called with --libs (#544391) 2009-12-04 22:16:38 +00:00
Nalin Dahyabhai
19b0f85a6e - configure with --enable-dns-for-realm instead of --enable-dns, which 
isn't recognized any more
 2009-12-03 23:26:02 +00:00
Nalin Dahyabhai
fd8edea8d9 - move /etc/pam.d/ksu from krb5-workstation-servers to krb5-workstation, 
where it's actually needed (#538703)
 2009-11-20 16:09:35 +00:00
Nalin Dahyabhai
c6f29fd1c4 add some conditional logic to simplify building on older Fedora releases 2009-10-23 20:29:53 +00:00
Nalin Dahyabhai
0abe2288c5 - don't forget the readme file 2009-10-13 15:49:29 +00:00
Nalin Dahyabhai
d2ad657773 - specify the location of the subsystem lock when using the status() 
function in the kadmind and kpropd init scripts, so that we get the
    right error when we're dead but have a lock file - requires initscripts
    8.99 (#521772)
 2009-09-14 17:18:59 +00:00
Nalin Dahyabhai
060205dbf8 - if the init script fails to start krb5kdc/kadmind/kpropd because it's 
already running (according to status()), return 0 (part of #521772)
 2009-09-08 19:08:28 +00:00
Nalin Dahyabhai
51ff876d52 - work around a compile problem with new openssl 2009-08-24 15:51:36 +00:00
Tomáš Mráz
c297ec78d9 - rebuilt with new openssl 2009-08-21 14:11:01 +00:00
Jesse Keating
dd62488dfd - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild 2009-07-25 04:46:50 +00:00
Nalin Dahyabhai
e1e3b07810 - simplify the man pages patch by only preprocessing the files we care 
about and moving shared configure.in logic into a shared function
 2009-07-06 22:56:11 +00:00
Nalin Dahyabhai
9e296310c6 - catch the case of ftpd printing file sizes using %i, when they might be 
bigger than an int now
 2009-07-06 22:54:34 +00:00
Nalin Dahyabhai
6f1fb7d51e - try to merge and clean up all the large file support for ftp and rcp 2009-07-01 17:52:16 +00:00
Nalin Dahyabhai
c835c2a921 - switch buildrequires: and requires: on e2fsprogs-devel into 
buildrequires: and requires: on libss-devel, libcom_err-devel, per
    sandeen on fedora-devel-list
 2009-06-29 19:28:01 +00:00
Nalin Dahyabhai
3f291ca045 - selinux labeling: use selabel_open() family of functions rather than 
matchpathcon(), bail on it if attempting to get the mutex lock fails
 2009-06-26 21:45:54 +00:00
Nalin Dahyabhai
84ade2f840 - fix a type mismatch in krb5_copy_error_message() 
- ftp: fix some odd use of strlen()
 2009-06-26 21:36:54 +00:00
Nalin Dahyabhai
1d6f8b9bad - compile with %%{?_smp_mflags} (Steve Grubb) 
- drop the bit where we munge part of the error table header, as it's not
    needed any more
 2009-06-16 21:29:37 +00:00
Nalin Dahyabhai
aecce15d40 add and own %%{_libdir}/krb5/plugins/authdata 2009-06-05 15:18:29 +00:00
Nalin Dahyabhai
34072014a1 remove obsolete files 2009-06-04 22:38:18 +00:00
Nalin Dahyabhai
2f1613d440 - update to 1.7, second pass 2009-06-04 22:09:07 +00:00
Nalin Dahyabhai
3c1272ff63 - add an auth stack to ksu's PAM configuration so that pam_setcred() calls 
won't just fail
 2009-05-19 23:21:48 +00:00
Nalin Dahyabhai
06c77ea1cd - make PAM support for ksu also set PAM_RUSER 2009-05-11 18:19:08 +00:00
Nalin Dahyabhai
df43b1e2b6 yeah, actually bump the release number 2009-04-23 22:51:25 +00:00
Nalin Dahyabhai
5ebd815122 - extend PAM support to ksu: perform account and session management for the 
target user
- pull up and merge James Leddy's changes to also set PAM_RHOST in
    PAM-aware network-facing services
 2009-04-23 22:43:26 +00:00
Nalin Dahyabhai
d3b2b69619 - fix a typo in a ksu error message (Marek Mahut) 2009-04-21 18:46:52 +00:00
Nalin Dahyabhai
f0389e0488 note why we don't just run make check here 2009-04-20 21:15:12 +00:00
Nalin Dahyabhai
724545eab6 - add LSB-style informational headers to the init scripts 2009-04-20 20:32:02 +00:00
Nalin Dahyabhai
980855a07a - explicitly run the pdf generation script using sh (part of #225974) 2009-04-17 13:29:41 +00:00
Nalin Dahyabhai
f51ed46fff - remove obsolete patch for CVE-2009-0845 
- add patches for read overflow and null pointer dereference in the
    implementation of the SPNEGO mechanism (CVE-2009-0844, CVE-2009-0845)
- add patch for attempt to free uninitialized pointer in libkrb5
    (CVE-2009-0846)
- add patch to fix length validation bug in libkrb5 (CVE-2009-0847)
 2009-04-07 18:16:28 +00:00
Nalin Dahyabhai
d43a03520f - make the kpropd init script treat reload as restart (part of #225974) 2009-04-06 20:33:44 +00:00
Nalin Dahyabhai
45bffcbf45 - take the execute bit off of the protocol docs (part of #225974) 
- unflag init scripts as configuration files (part of #225974)
 2009-04-06 18:22:58 +00:00
Nalin Dahyabhai
303d2c20d2 - fixup summary texts (part of #225974) 2009-04-06 18:00:53 +00:00
Nalin Dahyabhai
fa314d1962 - escape possible macros in the changelog (part of #225974) 2009-04-06 17:52:21 +00:00
Nalin Dahyabhai
5ee95cc082 - clean up buildprereq/prereqs, explicit mktemp requires, and add the 
ldconfig for the -server-ldap subpackage (part of #225974)
 2009-04-06 17:45:29 +00:00
Nalin Dahyabhai
98a3610002 - make splitting up of the workstation bits unconditional 2009-04-06 16:46:35 +00:00
Nalin Dahyabhai
1644a79505 - move the libraries to /%{_lib}, but leave --libdir alone so that plugins 
get installed and are searched for in the same locations (#473333)
 2009-04-06 16:22:45 +00:00
Nalin Dahyabhai
e61be4fa97 - turn off krb4 support (it won't be part of the 1.7 release, but do it 
now)
- use triggeruns to properly shut down and disable krb524d when -server and
-workstation-servers gets upgraded, because it's gone now
 2009-04-06 15:56:45 +00:00
Nalin Dahyabhai
434cefd85a - libgssapi_krb5: backport fix for some errors which can occur when we fail 
to set up the server half of a context (CVE-2009-0845)
 2009-03-17 22:26:27 +00:00
Jesse Keating
78b02cd911 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild 2009-02-25 11:58:27 +00:00
Nalin Dahyabhai
4c798e4ee7 aargh, what year is it? 2009-01-16 16:19:02 +00:00
Nalin Dahyabhai
2bf7daea40 rebuild 2009-01-16 16:17:56 +00:00
Nalin Dahyabhai
b1efb9b86d - if we successfully change the user's password during an attempt to get 
initial credentials, but then fail to get initial creds from a
    non-master using the new password, retry against the master (#432334)
 2008-09-04 15:13:51 +00:00
Tom Callaway
bb9aa2106c fix license tag 2008-08-05 17:46:07 +00:00
Nalin Dahyabhai
2352d208e3 - define ASN1BUF_OMIT_INLINE_FUNCS at compile-time (for now) to keep 
building
 2008-07-16 21:54:24 +00:00
Nalin Dahyabhai
b5dfa8576a quote %%{__cc} where needed because it includes whitespace now 2008-07-16 18:40:35 +00:00
Nalin Dahyabhai
6197407f58 - clear fuzz out of patches, dropping a man page patch which is no longer 
necessary
 2008-07-16 18:09:47 +00:00
Nalin Dahyabhai
14f675bab9 - build with -fno-strict-aliasing, which is needed because the library 
triggers these warnings
 2008-07-11 15:16:54 +00:00
Nalin Dahyabhai
37b6c5e715 - rework how labeling is handled to avoid a bootstrapping problem in 
headers
- don't forget to label the principal database lock file
 2008-07-11 15:14:57 +00:00
Tom Callaway
f06f7f1e03 generate include/krb5/krb5.h before building, fix conditional for sparcv9 2008-06-14 18:22:01 +00:00
Nalin Dahyabhai
9f105b4df2 - ftp: use the correct local filename during mget when the 'case' option is 
enabled (#442713)
 2008-04-16 18:54:08 +00:00
Nalin Dahyabhai
af9bedd61a - stop exporting kadmin keys to a keytab file when kadmind starts -- the 
daemon's been able to use the database directly for a long long time
    now
- belatedly add aes128,aes256 to the default set of supported key types
 2008-04-04 21:29:53 +00:00
Nalin Dahyabhai
f56b6ee2db bump for build 2008-04-01 20:54:54 +00:00
Nalin Dahyabhai
ddde7d0f6e - libgssapi_krb5: properly export the acceptor subkey when creating a lucid 
context (Kevin Coffman, via the nfs4 mailing list)
 2008-04-01 20:53:54 +00:00
Nalin Dahyabhai
7668599d1d - add fixes from MITKRB5-SA-2008-001 for use of null or dangling pointer 
when v4 compatibility is enabled on the KDC (CVE-2008-0062,
    CVE-2008-0063, #432620, #432621)
- add fixes from MITKRB5-SA-2008-002 for array out-of-bounds accesses when
    high-numbered descriptors are used (CVE-2008-0947, #433596)
- add backport bug fix for an attempt to free non-heap memory in
    libgssapi_krb5 (CVE-2007-5901, #415321)
- add backport bug fix for a double-free in out-of-memory situations in
    libgssapi_krb5 (CVE-2007-5971, #415351)
 2008-03-18 18:13:22 +00:00
Nalin Dahyabhai
638efe585f - rework file labeling patch to not depend on fragile preprocessor 
trickery, in another attempt at fixing #428355 and friends
 2008-03-18 15:35:39 +00:00
Nalin Dahyabhai
723980d239 bump release number for rebuild 2008-02-26 21:48:24 +00:00
Nalin Dahyabhai
d4963922a8 - ftp: add patch to fix "runique on" case when globbing fixes applied 
- stop adding a redundant but harmless call to initialize the gssapi
    internals
 2008-02-26 21:18:38 +00:00
Nalin Dahyabhai
2a567feda3 - add the bug ID, close the bug 2008-02-25 20:55:41 +00:00
Nalin Dahyabhai
d5971d2776 - add patch to suppress double-processing of /etc/krb5.conf when we build 
with --sysconfdir=/etc, thereby suppressing double-logging (#231147)
 2008-02-25 20:53:41 +00:00
Nalin Dahyabhai
d73fcc15fb - remove a patch to fix problems with interfaces which are "up" but which 
have no address assigned which conflicted with a change to fix the same
    problem in 1.5 (#200979)
 2008-02-25 19:58:51 +00:00
Nalin Dahyabhai
2cc4303bbc - ftp: don't lose track of a descriptor on passive get when the server 
fails to open a file
 2008-02-25 19:50:42 +00:00
Nalin Dahyabhai
a7d42c7b03 - in login, allow PAM to interact with the user when they've been strongly 
authenticated
- in login, signal PAM when we're changing an expired password that it's an
    expired password, so that when cracklib flags a password as being weak
    it's treated as an error even if we're running as root
 2008-02-25 18:33:34 +00:00
Nalin Dahyabhai
8e9e1c07b0 - drop netdb patch 
- kdb_ldap: add patch to treat 'nsAccountLock: true' as an indication that
    the DISALLOW_ALL_TIX flag is set on an entry, for better interop with
    Fedora, Netscape, Red Hat Directory Server (Simo Sorce)
 2008-02-18 18:44:39 +00:00
Nalin Dahyabhai
a77ce35c52 - avoid depending on <netdb.h> to define NI_MAXHOST and NI_MAXSERV for us 2008-02-13 23:10:32 +00:00
Nalin Dahyabhai
e4d2a874a4 - enable patch for key-expiration reporting 
- enable patch to make kpasswd fall back to TCP if UDP fails
- enable patch to make kpasswd use the right sequence number on retransmit
- enable patch to allow mech-specific creds delegated under spnego to be
    found when searching for creds
 2008-02-12 16:22:38 +00:00
Nalin Dahyabhai
3d4d8cf991 - note RT numbers for reference 
- include but don't apply the other suggested patch for
    kpasswd-doesn't-use-tcp
 2008-01-23 18:27:03 +00:00
Nalin Dahyabhai
dcfbb5995a - revise to reference a different patch which we also don't apply 2008-01-03 16:51:53 +00:00
Nalin Dahyabhai
f25a7f96a5 - reference unapplied patch to fix password-changing with servers other 
than the first one we try to contact
- reference bug 242502 (rawhide) instead of 242500 (rhel)
 2008-01-03 15:47:35 +00:00
Nalin Dahyabhai
1343fd1973 - bump the release 2008-01-02 17:06:19 +00:00
Nalin Dahyabhai
48872e3b7b - right, new year 2008-01-02 17:05:02 +00:00
Nalin Dahyabhai
f072055a76 - some init script cleanups 
- drop unquoted check and silent exit for "$NETWORKING" (#426852, #242500)
- krb524: don't barf on missing database if it looks like we're using
    kldap, same as for kadmin
- return non-zero status for missing files which cause startup to fail
 2008-01-02 17:03:38 +00:00
Nalin Dahyabhai
0aaa920daa - allocate space for the nul-terminator in the local pathname when looking 
up a file context, and properly free a previous context (Jose Plans,
    #426085)
 2007-12-18 18:34:06 +00:00
Nalin Dahyabhai
ea868608c1 rebuild 2007-12-05 15:21:20 +00:00
Nalin Dahyabhai
6c3186e173 note the CVE for needing the revised patch 2007-11-13 21:58:04 +00:00
Nalin Dahyabhai
4ba98f8eab add duplicate bug id 2007-11-13 21:41:20 +00:00
Nalin Dahyabhai
276a481e88 - update to 1.6.3, dropping now-integrated patches for CVE-2007-3999 and 
CVE-2007-4000 (the new pkinit module is built conditionally and goes
    into the -pkinit-openssl package, at least for now, to make a buildreq
    loop with openssl avoidable)
 2007-10-23 19:40:45 +00:00
Nalin Dahyabhai
a0f391756d - make proper use of pam_loginuid and pam_selinux in rshd and ftpd 2007-10-17 17:48:52 +00:00
Nalin Dahyabhai
528eff0ac5 - make krb5.conf %%verify(not md5 size mtime) in addition to 
%%config(noreplace), like /etc/nsswitch.conf (#329811)
 2007-10-12 18:32:28 +00:00
Nalin Dahyabhai
6e3299423a - proposed fix for not being able to find delegated krb5 creds when using 
spnego
 2007-10-04 22:08:39 +00:00
Nalin Dahyabhai
1dd0ff3e30 - proposed patch to fix receipt of delegated creds in mod_auth_kerb 2007-10-01 19:40:47 +00:00
Nalin Dahyabhai
14a08486e8 - add the bug ID to the kadmind fixes, note Fran's patch was identical to 
the one I thought we were already using in the F-7 branch
 2007-09-17 20:47:02 +00:00
Nalin Dahyabhai
2688de92f1 - move the db2 kdb plugin from -server to -libs, because a multilib libkdb 
might need it
 2007-09-11 20:52:15 +00:00
Nalin Dahyabhai
83381c77e7 - also perform PAM session and credential management when ftpd accepts a 
client using strong authentication, missed earlier
- also label kadmind log files and files created by the db2 plugin
 2007-09-11 14:12:38 +00:00
Nalin Dahyabhai
251df090d0 bump the revision 2007-09-06 20:09:14 +00:00
Nalin Dahyabhai
07adde54fa - incorporate updated fix for CVE-2007-3999 2007-09-06 20:08:19 +00:00
Nalin Dahyabhai
b54c6a0718 - incorporate fixes for MITKRB5-SA-2007-006 (CVE-2007-3999, CVE-2007-4000) 2007-09-04 18:10:23 +00:00
Nalin Dahyabhai
929680a650 add missing gawk buildrequirement 2007-08-25 05:12:34 +00:00
Nalin Dahyabhai
8499d2199c - actually bump the release number 2007-08-25 04:33:13 +00:00
Nalin Dahyabhai
5502d6651d - cover more cases in labeling files on creation 2007-08-25 04:31:34 +00:00
Nalin Dahyabhai
e0443e5457 - experimental ok-as-delegate setting patch (not applied) 2007-08-25 04:28:10 +00:00
Nalin Dahyabhai
79f8a98d4f rebuild 2007-08-23 20:50:42 +00:00
Nalin Dahyabhai
2f7dffc0f3 - include but don't apply 2007-07-26 19:08:20 +00:00
Nalin Dahyabhai
fbe8865459 - kdc.conf: default to listening for TCP clients, too (#248415) 2007-07-26 18:36:57 +00:00
Nalin Dahyabhai
34ce3fe705 - add a preliminary patch for #231147. initially not applied. 2007-07-23 21:01:33 +00:00
Nalin Dahyabhai
c0cd730c79 - update to 1.6.2 
- add "buildrequires: texinfo-tex" to get texi2pdf
 2007-07-19 16:50:28 +00:00
Nalin Dahyabhai
147635188d add CVE identifiers to the more recent changelog 2007-06-27 18:39:06 +00:00
Nalin Dahyabhai
cd3f50fb19 - incorporate fixes for MITKRB5-SA-2007-004 and MITKRB5-SA-2007-005 2007-06-27 06:08:01 +00:00
Nalin Dahyabhai
196ea67f06 - add missing pam-devel build requirement, force selinux-or-fail build 2007-06-25 01:16:51 +00:00
Nalin Dahyabhai
cb76d1ea2b rebuild 2007-06-25 00:56:37 +00:00
Nalin Dahyabhai
d360ed53e4 - label all files at creation-time according to the SELinux policy 
(#228157)
 2007-06-25 00:55:25 +00:00
Nalin Dahyabhai
e773dcc288 - um, maybe not just yet 2007-06-22 22:33:07 +00:00
Nalin Dahyabhai
2ecf4e22d8 nope, we don't provide that file 2007-06-22 22:15:03 +00:00
Nalin Dahyabhai
70ccd082ae - oops, note that pam changes went in, too 2007-06-22 22:10:15 +00:00
Nalin Dahyabhai
117cdbbea7 - preprocess kerberos.ldif into a format FDS will like better, and include 
that as a doc file as well
 2007-06-22 22:06:27 +00:00
Nalin Dahyabhai
37416c24a6 - switch man pages to being generated with the right paths in them 
- drop old, incomplete SELinux patch
- add patch from Greg Hudson to make srvtab routines report missing-file
    errors at same point that keytab routines do (#241805)
 2007-06-22 22:04:38 +00:00
Nalin Dahyabhai
ad9d82cb5c - pull patch from svn to undo unintentional chattiness in ftp 
- pull patch from svn to handle NULL krb5_get_init_creds_opt structures
    better in a couple of places where they're expected
 2007-05-24 15:43:24 +00:00
Nalin Dahyabhai
3f30bc2d6d bump release number 2007-05-23 22:06:26 +00:00
Nalin Dahyabhai
7877c27fc3 - bump to 1.6.1 2007-05-23 21:48:27 +00:00
Nalin Dahyabhai
a9c20b1574 - kadmind.init: don't fail outright if the default principal database isn't 
there if it looks like we might be using the kldap plugin
- kadmind.init: attempt to extract the key for the host-specific kadmin
    service when we try to create the keytab
 2007-05-18 22:16:16 +00:00
Nalin Dahyabhai
ea9e19241a - omit dependent libraries from the krb5-config --libs output, as using 
shared libraries (no more static libraries) makes them unnecessary and
    they're not part of the libkrb5 interface (patch by Rex Dieter,
    #240220) (strips out libkeyutils, libresolv, libdl)
 2007-05-16 19:48:19 +00:00
Nalin Dahyabhai
a7114b4891 - pull in keyutils as a build requirement to get the "KEYRING:" ccache 
type, because we've merged
 2007-05-04 19:03:00 +00:00
Nalin Dahyabhai
a321e486d2 - fix an uninitialized length value which could cause a crash when parsing 
key data coming from a directory server
- correct a typo in the krb5.conf man page ("ldap_server"->"ldap_servers")
 2007-05-04 18:10:01 +00:00
Nalin Dahyabhai
1739ef7213 - move the default acl_file, dict_file, and admin_keytab settings to the 
part of the default/example kdc.conf where they'll actually have an
    effect (#236417)
 2007-04-13 19:07:25 +00:00
Nalin Dahyabhai
471b4b51f3 - add patch to correct unauthorized access via krb5-aware telnet daemon 
(#229782, CVE-2007-0956)
- add patch to fix buffer overflow in krb5kdc and kadmind (#231528,
    CVE-2007-0957)
- add patch to fix double-free in kadmind (#231537, CVE-2007-1216)
 2007-04-03 18:46:41 +00:00
Nalin Dahyabhai
598e71ffbc - add a couple of ldap-specific data files as documentation, so that admins 
have the needed schema for their directory servers
 2007-04-03 18:43:05 +00:00
Nalin Dahyabhai
aece600301 whoops, that won't work - can't do core -> extras deps 2007-03-22 20:17:58 +00:00
Nalin Dahyabhai
5c8daeafa2 - add buildrequires: on keyutils-libs-devel to enable use of keyring 
ccaches, dragging keyutils-libs in as a dependency for everyone
 2007-03-22 19:37:26 +00:00
Nalin Dahyabhai
da1eb7f057 - add patch to build semi-useful static libraries, but don't apply it 
unless we need them
 2007-02-28 20:35:53 +00:00
Nalin Dahyabhai
4aefd50874 - make profile.d scriptlets mode 644 instead of 755 (#225974) 2007-02-19 21:28:07 +00:00
Nalin Dahyabhai
3299c4b519 mock says "no resolv.conf for you!" 2007-01-30 21:21:21 +00:00
Nalin Dahyabhai
cb68887273 - clean up quoting of command-line arguments passed to the krsh/krlogin 
wrapper scripts
 2007-01-30 21:01:21 +00:00
Nalin Dahyabhai
6e6adec726 - initial update to 1.6, making the package-split optional 
- move workstation daemons to a new subpackage (#81836, #216356, #217301),
    and make the new subpackage require xinetd (#211885)
We don't get static libraries any more. Holding off on build until
    verification that this doesn't kill other things, or until we get them
    building in a semi-useful way.
 2007-01-23 22:14:15 +00:00
Nalin Dahyabhai
160a188e65 - merge back changes made between fc6 and rawhide to date 
- somewhere in here we fixed the spelling of James's last name
 2007-01-22 21:27:49 +00:00
Nalin Dahyabhai
f3820b972d - preserve timestamps on profile.d shell scriptlets 
- first cut at making RPM scriptlets failproof for install-info
- pull up pre-generated PDF docs so that we don't have multiarch
    differences due to document IDs, timestamps, and compressed data,
- pull up the script to make sure that the PDF matches its source to guard
    against the package maintainer forgetting to update when we move to a
    new release
 2007-01-22 21:23:54 +00:00
Nalin Dahyabhai
a9e6df4ffc - apply fixes from Tom Yu for MITKRB5-SA-2006-002 (CVE-2006-6143) (#218456) 
- apply fixes from Tom Yu for MITKRB5-SA-2006-003 (CVE-2006-6144) (#218456)
    Related: #218456
 2007-01-09 19:31:40 +00:00
Nalin Dahyabhai
3ffdc43878 - don't bail from the KDC init script if there's no database, it may be in 
a different location than the default (fenlason)
- remove the [kdc] section from the default krb5.conf -- doesn't seem to
    have been applicable for a while
 2006-10-23 20:23:05 +00:00
Nalin Dahyabhai
54faf41556 add newlines after new errors 2006-10-18 21:36:40 +00:00
Nalin Dahyabhai
74169f4b3c - way-late application of added error info in kadmind.init (#65853) 2006-10-18 16:02:47 +00:00
Nalin Dahyabhai
acad7e7e15 call autoheader when needed 2006-10-13 21:23:35 +00:00
Nalin Dahyabhai
0b70aa4de2 - provide docs in PDF format instead of as tex source (Enrico Scholz, 
#209943)
 2006-10-09 16:38:39 +00:00
Nalin Dahyabhai
6f6f8aff91 - add missing shebang headers to krsh and krlogin wrapper scripts (#209238) 2006-10-04 14:16:41 +00:00
Nalin Dahyabhai
ee98daaf74 actually bump the release 2006-09-06 20:28:20 +00:00
Nalin Dahyabhai
2ad1703afb set SS_LIB at configure-time so that libss-using apps get working readline 
support (#197044)
 2006-09-06 20:28:01 +00:00
Nalin Dahyabhai
d859fd0556 - switch to the updated patch for MITKRB-SA-2006-001 2006-08-18 16:50:54 +00:00
Nalin Dahyabhai
2bc5a13d2a - apply patch to address MITKRB-SA-2006-001 (CVE-2006-3084) 2006-08-08 22:43:10 +00:00
Nalin Dahyabhai
8c4df25456 - ensure that the gssapi library's been initialized before walking the 
internal mechanism list in gss_release_oid(), needed if called from
    gss_release_name() right after a gss_import_name() (#198092)
 2006-08-07 17:52:52 +00:00
Nalin Dahyabhai
92a65fb1b1 rebuild 2006-07-25 17:55:38 +00:00
Nalin Dahyabhai
30f6a9b1cb - pull up latest revision of patch to reduce lockups in rsh/rshd 2006-07-25 15:52:36 +00:00
Nalin Dahyabhai
ece8aeb4c7 rebuild 2006-07-17 14:36:02 +00:00
Jesse Keating
12232351f7 bumped for rebuild 2006-07-12 06:43:08 +00:00
Nalin Dahyabhai
574f4b1c31 finally think all the ducks are lined up 2006-07-06 21:25:26 +00:00
Nalin Dahyabhai
28c66f7806 - update to 1.5 2006-07-06 15:56:38 +00:00
Nalin Dahyabhai
2802804a49 actually bump the release number 2006-06-23 15:51:41 +00:00
Nalin Dahyabhai
b6fc39f13d - mark profile.d config files noreplace (Laurent Rineau, #196447) 2006-06-23 15:49:20 +00:00
Nalin Dahyabhai
a230e5aaed - add buildprereq for autoconf 2006-06-08 21:42:52 +00:00
Nalin Dahyabhai
a7215484dc - further munge krb5-config so that 'libdir=/usr/lib' is given even on 
64-bit architectures, to avoid multilib conflicts; other changes will
    conspire to strip out the -L flag which uses this, so it should be
    harmless (#192692)
 2006-05-22 23:04:06 +00:00
Nalin Dahyabhai
b3724c4388 - adjust the patch which removes the use of rpath to also produce a 
krb5-config which is okay in multilib environments (#190118)
- make the name-of-the-tempfile comment which compile_et adds to error code
    headers always list the same file to avoid conflicts on multilib
    installations
- strip SIZEOF_LONG out of krb5.h so that it doesn't conflict on multilib
    boxes
- strip GSS_SIZEOF_LONG out of gssapi.h so that it doesn't conflict on
    mulitlib boxes
 2006-05-08 21:47:26 +00:00
skasal
6944b2e68a Change the release number. 2006-04-14 11:25:22 +00:00
skasal
8216ee6b75 - Fix formatting typo in kinit.1 (krb5-kinit-man-typo.patch) 2006-04-14 11:21:50 +00:00
Jesse Keating
77bf5aa481 bump for bug in double-long on ppc(64) 2006-02-11 03:49:47 +00:00
Nalin Dahyabhai
2118c17c6b - give a little bit more information to the user when kinit gets the 
catch-all I/O error (#180175)
 2006-02-06 20:04:44 +00:00
Nalin Dahyabhai
5bf2d7bd12 - rebuild properly when pthread_mutexattr_setrobust_np() is defined but not 
declared, such as with recent glibc when _GNU_SOURCE isn't being used
 2006-01-20 00:28:41 +00:00
Matthias Clasen
a6fb2997f1 Use full paths in krb5.sh to avoid path lookups 2006-01-19 18:05:28 +00:00
Jesse Keating
29b9703f11 gcc update bump 2005-12-09 22:41:14 +00:00
Nalin Dahyabhai
f817e39736 - login: don't truncate passwords before passing them into crypt(), in case 
they're significant (#149476)
 2005-12-02 01:46:50 +00:00
Nalin Dahyabhai
4584045a70 - conditionalize installation of the new autoconf macro 2005-11-17 19:23:05 +00:00
Nalin Dahyabhai
f54e522bb9 - update to 1.4.3 
- make ksu setuid again (#137934, others)
 2005-11-17 18:43:13 +00:00
Nalin Dahyabhai
c82cff7d10 bump release 2005-09-13 20:27:12 +00:00
Nalin Dahyabhai
1237c021c7 - mark %%{krb5prefix}/man so that files which are packaged within it are 
flagged as %%doc (#168163)
 2005-09-13 20:26:57 +00:00
Nalin Dahyabhai
552acc8a70 - add an xinetd configuration file for encryption-only telnetd, 
parallelling the kshell/ekshell pair (#167535)
 2005-09-06 14:05:59 +00:00
Nalin Dahyabhai
fd0f8c753b bump release 2005-08-31 19:38:08 +00:00
Nalin Dahyabhai
1fcd49e050 - change the default configured encryption type for KDC databases to the 
compiled-in default of des3-hmac-sha1 (#57847)
 2005-08-31 19:37:54 +00:00
Nalin Dahyabhai
f5b93c728e update to 1.4.2 2005-08-11 22:06:35 +00:00