rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity
669 Commits 9 Branches 52 Tags 8.1 MiB
a375099fe1
Commit Graph

473 Commits

Author SHA1 Message Date
Dennis Gilmore
a020fb0304 Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild 2012-07-27 00:46:48 -05:00
Nalin Dahyabhai
f60e9ef28c backport RT#7183 
- backport a fix to allow a PKINIT client to handle SignedData from a KDC
  that's signed with a certificate that isn't in the SignedData, but which
  is available as an anchor or intermediate on the client (RT#7183)
 2012-06-22 14:07:46 -04:00
Nalin Dahyabhai
16a5c7affc back out the recent labeling change, per dwalsh 
- back out this labeling change (dwalsh):
  - when building the new label for a file we're about to create, also mix
    in the current range, in addition to the current user
 2012-06-05 16:24:15 -04:00
Nalin Dahyabhai
6e8c2c396c add explicit buildrequires: on 'hostname' and 'net-tools' 
- add explicit buildrequires: on 'hostname', for the tests, on systems where
  it's in its own package, and require net-tools, which used to provide the
  command, everywhere
 2012-06-01 16:31:50 -04:00
Nalin Dahyabhai
f06298144d no-separate-/usr means we don't have to move shlibs 
- don't shuffle around any shared libraries on releases with
  no-separate-/usr, since /lib and /usr/lib are the same anyway
 2012-06-01 15:41:01 -04:00
Nalin Dahyabhai
037ab925da backport a fix for keytabs which don't have keys for all enctypes 
- add a backport of Stef's patch to set the client's list of supported
  enctypes to match the types of keys that we have when we are using a
  keytab to try to get initial credentials, so that a KDC won't send us
  an AS reply that we can't encrypt (RT#2131, #748528)
 2012-06-01 15:24:41 -04:00
Nalin Dahyabhai
b8b71859bb update to 1.10.2 
- when building the new label for a file we're about to create, also mix
  in the current range, in addition to the current user
- also package the PDF format admin, user, and install guides
- drop some PDFs that no longer get built right
 2012-06-01 14:05:55 -04:00
Nalin Dahyabhai
cd92a2cbb4 - skip the setfscreatecon() if fopen() is passed "rb" as the open mode (part of #819115) 2012-05-07 17:28:51 -04:00
Nalin Dahyabhai
2057747130 - have -server require /usr/share/dict/words, which we set as the default dict_file in kdc.conf (#817089) 2012-05-01 11:44:13 -04:00
Nalin Dahyabhai
f2a7c1df57 - comment out example.com examples in default krb5.conf (Stef Walter, #805320) 2012-03-20 18:21:01 -04:00
Nalin Dahyabhai
f8503cf35b - changelog that last change 2012-03-20 18:20:08 -04:00
Nalin Dahyabhai
70240d81c8 - update to 1.10.1 
- drop the KDC crash fix
  - drop the KDC lookaside cache fix
  - drop the fix for kadmind RPC ACLs (CVE-2012-1012)
 2012-03-09 18:37:47 -05:00
Nalin Dahyabhai
4093154587 - when removing -workstation, remove our files from the info index while the file is still there, in %%preun, rather than %%postun, and use the compressed file's name (#801035) 2012-03-07 12:04:24 -05:00
Nathaniel McCallum
b44189a932 Fix string RPC ACLs (RT#7093); CVE-2012-1012 2012-02-21 15:40:50 -05:00
Nathaniel McCallum
1b8eb90a4f add upstream lookaside cache fix RT#7082 2012-01-31 13:42:23 -05:00
Nalin Dahyabhai
9e5f5995cd - add patch to accept keytab entries with vno==0 as matches when we're searching for an entry with a specific name/kvno (#230382/#782211,RT#3349) 2012-01-30 19:49:10 -05:00
Nalin Dahyabhai
6ac0d24fa5 - note the RT number 2012-01-30 12:51:02 -05:00
Nalin Dahyabhai
fbe4130509 - update to 1.10 final 2012-01-30 10:28:53 -05:00
Nathaniel McCallum
767944b7d8 fix release number 2012-01-26 12:17:35 -05:00
Nathaniel McCallum
a134a66915 add upstream crashfix patch 2012-01-26 11:58:18 -05:00
Nalin Dahyabhai
a04da4baa4 - note the RT number 2012-01-23 18:21:02 -05:00
Nalin Dahyabhai
cf65017ae3 - update to beta 1 2012-01-12 18:47:18 -05:00
Nalin Dahyabhai
3e2b8913b0 - add missing changelog item 2012-01-12 16:11:04 -05:00
Peter Robinson
c5fead3d7e mktemp was long obsoleted by coreutils 2012-01-11 10:36:49 +00:00
Nalin Dahyabhai
620baf13cd - modify the deltat grammar to also tell gcc (4.7) to suppress "maybe-uninitialized" warnings in addition to the "uninitialized" warnings it's already being told to suppress 2012-01-04 13:52:34 -05:00
Nalin Dahyabhai
2496d7a5c9 - update to alpha 2 
- drop a couple of patches which were integrated for alpha 2
 2011-12-20 13:18:27 -05:00
Nalin Dahyabhai
f28b57af20 - pull in patch for RT#7048: allow PAC verification to only bother trying to 
verify the signature with keys that it's given (still more of #761317)
 2011-12-13 10:50:02 -05:00
Nalin Dahyabhai
6d68d342c9 - pull in patch for RT#7047: allow tickets obtained via S4U2Proxy to be cached 
(more of #761317)
 2011-12-13 10:48:28 -05:00
Nalin Dahyabhai
fb7c02faff - pull in patch for RT#7046: tag a ccache containing credentials obtained via 
S4U2Proxy with the principal name of the proxying principal (part of #761317)
 2011-12-13 10:47:31 -05:00
Nalin Dahyabhai
03e76d7832 - apply upstream patch to fix a null pointer dereference when processing TGS requests (CVE-2011-1530, #753748) 2011-12-06 14:12:15 -05:00
Nalin Dahyabhai
4584a88e40 correct the release to match the changelog 2011-11-30 15:13:54 -05:00
Nalin Dahyabhai
635a422817 - correct a bug in the fix for #754001 so that the file creation context is consistently reset 2011-11-30 15:03:45 -05:00
Nalin Dahyabhai
a45a82724d - require libverto-module-base at build- and runtime so that tests which 
use verto can work properly
 2011-11-15 13:32:43 -05:00
Nalin Dahyabhai
1110ccd873 - bump to 1.10 alpha 1 2011-11-15 12:45:44 -05:00
Dennis Gilmore
39cc62dcc1 - Rebuilt for glibc bug#747377 2011-10-26 19:09:40 -05:00
Nalin Dahyabhai
af8b546790 - apply upstream patch to fix a null pointer dereference with the LDAP kdb backend (CVE-2011-1527, #744125), an assertion failure with multiple kdb backends (CVE-2011-1528), and a null pointer dereference with multiple kdb backends (CVE-2011-1529) (#737711) 2011-10-18 14:28:08 -04:00
Nalin Dahyabhai
73b7dd3ece - pull in patch from trunk to rename krb5int_pac_sign() to krb5_pac_sign() and 
make it public (#745533)
 2011-10-13 15:31:36 -04:00
Nalin Dahyabhai
28837545d5 - handle a harder-to-trigger assertion failure that starts cropping up when we 
exit the transmit loop on time (#739853)
 2011-10-07 16:29:28 -04:00
Nalin Dahyabhai
098a308f7e - kadmin.service: fix #723723 again 
- kadmin.service,krb5kdc.service: remove optional use of $KRB5REALM in command
  lines, because systemd parsing doesn't handle alternate value shell variable
  syntax
- kprop.service: add missing Type=forking so that systemd doesn't assume simple
- kprop.service: expect the ACL configuration to be there, not absent
 2011-10-07 15:10:35 -04:00
Tom "spot" Callaway
e645180a9a hardcode pid file path as option to krb5kdc.service 2011-10-02 15:05:51 +02:00
Tom "spot" Callaway
3545dd2571 fix typo 2011-09-30 12:20:58 +02:00
Tom "spot" Callaway
82129e3a0d convert to systemd 2011-09-19 14:45:57 -04:00
Nalin Dahyabhai
207fa55d00 - pull in upstream patch for RT#6952, confusion following referrals for cross-realm auth (#734341) 2011-09-06 00:19:38 -04:00
Nalin Dahyabhai
a26dd7c42c - switch to the upstream patch for #727829 2011-09-01 09:29:29 -04:00
Nalin Dahyabhai
57d5eabb48 - bump the release number 2011-08-31 13:33:23 -04:00
Nalin Dahyabhai
db0e796a50 - handle an assertion failure that starts cropping up when the patch for using poll (#701446) meets servers that aren't running KDCs or against which the connection fails for other reasons (#727829, #734172) 2011-08-31 13:31:58 -04:00
Nalin Dahyabhai
0ad36e9c38 - override the default build rules to not delete temporary y.tab.c files, 
so that they can be packaged, allowing debuginfo files which point to them
  do so usefully (#729044)
 2011-08-08 18:39:55 -04:00
Nalin Dahyabhai
ad0dcf5042 - pull in a patch to fix losing track of the replay cache FD, from SVN by way of Kevin Coffman 2011-07-22 16:57:35 -04:00
Nalin Dahyabhai
2202e378de - build shared libraries with partial RELRO support (#723995) 
- filter out potentially multiple instances of -Wl,-z,relro from krb5-config
  output, now that it's in the buildroot's default LDFLAGS
 2011-07-22 16:29:06 -04:00
Nalin Dahyabhai
a0e423054a - kadmind.init: drop the attempt to detect no-database-present errors (#723723) 2011-07-20 17:58:20 -04:00
Nalin Dahyabhai
4e66f1237b - backport RT#6905: use poll() so that we can use higher descriptor numbers when the client is talking to a KDC 2011-07-19 14:54:29 -04:00
Nalin Dahyabhai
ba9d039a3a - have a bug number for this now 2011-06-28 14:08:13 -04:00
Nalin Dahyabhai
da69bf39fa - pull a fix from SVN to use AI_ADDRCONFIG more often (RT#6923) 2011-06-23 16:07:40 -04:00
Nalin Dahyabhai
4a5ca5b2d3 - pull a fix from SVN to try to avoid triggering a PTR lookup in getaddrinfo() 
during krb5_sname_to_principal(), and to let getaddrinfo() decide whether or
  not to ask for an IPv6 address based on the set of configured interfaces
  (RT#6922)
 2011-06-23 16:05:54 -04:00
Nalin Dahyabhai
23ef754340 - fix that bug ID 2011-06-21 18:38:01 -04:00
Nalin Dahyabhai
092982212a - apply upstream patch by way of Burt Holzman to fall back to a non-referral 
method in cases where we might be derailed by a KDC that rejects the
  canonicalize option (for example, those from the RHEL 2.1 or 3 era) (#713518)
 2011-06-20 13:34:21 -04:00
Nalin Dahyabhai
e1fdb93038 - don't burn a release number 2011-06-14 14:44:36 -04:00
Nalin Dahyabhai
17c9104b1d - pull a fix from SVN to get libgssrpc clients (e.g. kadmin) authenticating 
using the old protocol over IPv4 again (RT#6920)
 2011-06-14 14:25:28 -04:00
Nalin Dahyabhai
6a7a118058 - incorporate a fix to teach the file labeling bits about when replay caches are expunged (#576093) 2011-06-14 14:15:55 -04:00
Nalin Dahyabhai
20266fd9d7 switch to the upstream patch for #707145 2011-05-26 10:55:11 -04:00
Nalin Dahyabhai
e14f89fa17 klist: don't trip over referral entries when invoked with -s (#707145, RT#6915) 2011-05-25 16:55:39 -04:00
Nalin Dahyabhai
7368cf9d38 - fixup URL in a comment 
- when built with NSS, require 3.12.10 rather than 3.12.9
 2011-05-06 10:09:53 -04:00
Nalin Dahyabhai
ac127d5263 - update to 1.9.1: 
- drop no-longer-needed patches for CVE-2010-4022, CVE-2011-0281,
    CVE-2011-0282, CVE-2011-0283, CVE-2011-0284, CVE-2011-0285
 2011-05-05 19:03:10 -04:00
Nalin Dahyabhai
d2ffb0c7c5 add the bug ID for that last fix 2011-04-13 17:21:33 -04:00
Nalin Dahyabhai
301c9d3ae2 - kadmind: add upstream patch to fix free() on an invalid pointer (MITKRB5-SA-2011-004, CVE-2011-0285) 2011-04-13 15:38:22 -04:00
Nalin Dahyabhai
5ad8efcad5 - don't discard the error code from an error message received in response 
to a change-password request (#658871, RT#6893)
 2011-04-04 19:04:05 -04:00
Nalin Dahyabhai
2ee39c5e61 - override INSTALL_SETUID at build-time so that ksu is installed into 
the buildroot with the right permissions (part of #225974)
 2011-04-01 15:52:29 -04:00
Nalin Dahyabhai
27e969332f - backport change from SVN to fix a computed-value-not-used warning in 
kpropd (#684065)
 2011-03-18 13:23:22 -04:00
Nalin Dahyabhai
41bc7a0e62 - turn off NSS as the backend for libk5crypto for now to work around its 
DES string2key not working (#679012)
- add revised upstream patch to fix double-free in KDC while returning
  typed-data with errors (CVE-2011-0284, #674325)
 2011-03-15 14:25:01 -04:00
Nalin Dahyabhai
cbdf0e37a6 - throw in a not-applied-by-default patch to try to make pkinit debugging into a run-time boolean option named "pkinit_debug" 2011-02-17 11:31:49 -05:00
Nalin Dahyabhai
b77e5a0e35 turn on NSS as the backend for libk5crypto, adding nss-devel as a build dependency when that switch is flipped 2011-02-16 19:05:39 -05:00
Nalin Dahyabhai
08f510b379 - krb5kdc init script: prototype some changes to do a quick spot-check 
of the TGS and kadmind keys and warn if there aren't any non-weak keys
  on file for them (to flush out parts of #651466)
 2011-02-09 15:25:17 -05:00
Nalin Dahyabhai
62cb58fe6f reference the raw hide bug ID for CVE-2011-0283 in the changelog 2011-02-08 16:38:16 -05:00
Nalin Dahyabhai
be633bbbb2 - add upstream patches to fix standalone kpropd exiting if the per-client 
child process exits with an error (MITKRB5-SA-2011-001), a hang or crash
  in the KDC when using the LDAP kdb backend, and an uninitialized pointer
  use in the KDC (MITKRB5-SA-2011-002) (CVE-2010-4022, #664009,
  CVE-2011-0281, #668719, CVE-2011-0282, #668726, CVE-2011-0283, #670567)
 2011-02-08 14:37:19 -05:00
Dennis Gilmore
4fe1ed04f8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild 2011-02-07 21:09:16 -06:00
Nalin Dahyabhai
9fed313d79 fix a compile error in the SELinux labeling patch when -DDEBUG is used (Sumit Bose) 2011-02-07 11:24:03 -05:00
Nalin Dahyabhai
293e1a6e51 - properly advertise that the kpropd init script now supports force-reload (Zbysek Mraz #630587) 2011-02-01 10:38:05 -05:00
Nalin Dahyabhai
3442cb8a33 - pkinit: when verifying signed data, use the CMS APIs for better interoperability (#636985, RT#6851) 2011-01-26 13:59:56 -05:00
Nalin Dahyabhai
8c3bae0303 update to 1.9 final 2010-12-22 17:22:08 -05:00
Nalin Dahyabhai
09a9ac8a63 - fix link flags and permissions on shared libraries (ausil) 2010-12-20 15:20:01 -05:00
Nalin Dahyabhai
ce5e3836b2 - update to 1.9 beta 3 2010-12-16 14:43:53 -05:00
Nalin Dahyabhai
695c21dd42 - update to beta 2 2010-12-06 16:55:35 -05:00
Nalin Dahyabhai
478f86fe1e add tweaks for initial whitespace that cause 389-ds to choke on the schema ldif 2010-12-06 16:55:34 -05:00
Nalin Dahyabhai
eb90866aa9 - drop not-needed-since-1.8 build dependency on rsh (ssorce) 2010-12-06 16:55:34 -05:00
Nalin Dahyabhai
b9f9657a15 - if WITH_NSS is set, built with --with-crypto-impl=nss (requires NSS 3.12.9) 2010-12-06 16:55:34 -05:00
Nalin Dahyabhai
66b6f44b6c - initial jump to 1.9 beta 1 2010-12-06 16:55:33 -05:00
Nalin Dahyabhai
5faba5957f - right, renamed the patch 2010-11-30 14:28:42 -05:00
Nalin Dahyabhai
786702d87a add upstream patch to fix various issues from MITKRB5-SA-2010-007 2010-11-30 12:00:23 -05:00
Nalin Dahyabhai
60f5ea8eaf - incorporate upstream patch to fix uninitialized pointer crash in the KDC's authorization data handling (CVE-2010-1322, #636335) 2010-10-05 15:29:32 -04:00
Nalin Dahyabhai
e84327e216 - pull down patches from trunk to implement k5login_authoritative and k5login_directory settings for krb5.conf (#539423) 2010-10-04 19:01:38 -04:00
Jesse Keating
82f4c7f41e - Rebuilt for gcc bug 634757 2010-09-29 14:34:57 -07:00
Nalin Dahyabhai
f44b554d1b - fix reading of keyUsage extensions when attempting to select pkinit client certs (part of #629022, RT#6775) 
- fix selection of pkinit client certs when one or more don't include a subjectAltName extension (part of #629022, RT#6774)
 2010-09-16 19:32:06 -04:00
Nalin Dahyabhai
3f5343a0b9 - build with -fstack-protector-all instead of the default -fstack-protector, 
so that we add checking to more functions (i.e., all of them) (#629950)
 2010-09-03 13:50:17 -04:00
Nalin Dahyabhai
a7376e1a41 - also link binaries with -Wl,-z,relro,-z,now (part of #629950) 2010-09-03 13:08:45 -04:00
Nalin Dahyabhai
6130f43a46 - fix a logic bug in computing key expiration times (RT#6762, #627022) 2010-08-24 18:29:42 -04:00
Nalin Dahyabhai
0c20d8744b - update to 1.8.3 
- drop backports of fixes for gss context expiration and error table
    registration/deregistration mismatch
  - drop patch for upstream #6750
 2010-08-04 18:22:20 -04:00
Nalin Dahyabhai
eed65b02ae - fix a typo in the changelog 2010-07-15 15:47:39 +00:00
Nalin Dahyabhai
45b591b3eb - fix parsing of the pidfile option in the KDC (upstream #6750) 2010-07-07 20:56:07 +00:00
Nalin Dahyabhai
8b8653b9be - add logrotate configuration files for krb5kdc and kadmind (#462658) 2010-07-07 18:09:05 +00:00
Nalin Dahyabhai
a0ca6e4d98 - tell krb5kdc and kadmind to create pid files, since they can 2010-07-07 17:41:39 +00:00
Nalin Dahyabhai
cb407c5fa1 - libgssapi: pull in patch from svn to stop returning context-expired 
errors when the ticket which was used to set up the context expires
    (#605366, upstream #6739)
 2010-06-21 18:26:35 +00:00
Nalin Dahyabhai
da92cbb7b4 - pull up fix for upstream #6745, in which the gssapi library would add the 
wrong error table but subsequently attempt to unload the right one
 2010-06-21 18:11:40 +00:00
Nalin Dahyabhai
e067cf87fe - update to 1.8.2 
- drop patches for CVE-2010-1320, CVE-2010-1321
 2010-06-10 22:21:43 +00:00
Nalin Dahyabhai
1313c14673 - reference the right bug -- this wasn't a problem until the revision 2010-05-27 21:10:28 +00:00
Nalin Dahyabhai
17238354c3 don't skip the PAM account check for root or the same user (more of 
#477033)
 2010-05-27 20:53:30 +00:00
Nalin Dahyabhai
ccdc4a4228 - ksu: move session management calls to before we drop privileges, like su 
does (#596887)
 2010-05-27 20:01:43 +00:00
Nalin Dahyabhai
b60e63ef2b - that -fno-strict-aliasing change merits a rebuild 2010-05-24 22:15:15 +00:00
Nalin Dahyabhai
ab9e2985db - go back to building without strict aliasing (compiler warnings in gssrpc) 2010-05-24 21:31:38 +00:00
Nalin Dahyabhai
5d72216a22 - drop explicit linking with libtinfo for applications that use libss, now 
that readline itself links with libtinfo (as of readline-5.2-3, since
    fedora 7 or so)
 2010-05-24 20:42:04 +00:00
Nalin Dahyabhai
c430745262 - make krb5-server-ldap also depend on the same version-release of 
krb5-libs, as the other subpackages do, if only to make it clearer than
    it is when we just do it through krb5-server
 2010-05-24 20:07:09 +00:00
Nalin Dahyabhai
b3e836cce9 - add patch to correct GSSAPI library null pointer dereference which could 
be triggered by malformed client requests (CVE-2010-1321, #582466)
 2010-05-18 18:14:30 +00:00
Nalin Dahyabhai
59f0148016 - fix output of kprop's init script's "status" and "reload" commands 
(#588222)
 2010-05-04 19:32:52 +00:00
Nalin Dahyabhai
98bc7d7d76 - incorporate patch to fix double-free in the KDC (CVE-2010-1320, #581922) 2010-04-20 18:26:39 +00:00
Nalin Dahyabhai
044f184f7a - fix a typo in kerberos.ldif 2010-04-14 14:28:32 +00:00
Nalin Dahyabhai
b48f2bcb58 - update to 1.8.1 
- no longer need patches for #555875, #561174, #563431, RT#6661,
    CVE-2010-0628
- replace buildrequires on tetex-latex with one on texlive-latex, which is
    the package that provides it now
 2010-04-09 13:44:05 +00:00
Nalin Dahyabhai
6b3df78771 - kdc.conf: no more need to suggest a v4 mode, or listening on the v4 port 2010-04-08 21:27:15 +00:00
Nalin Dahyabhai
8d606a93f5 - drop patch to suppress key expiration warnings sent from the KDC in the 
last-req field, as the KDC is expected to just be configured to either
    send them or not as a particular key approaches expiration (#556495)
 2010-04-08 19:14:31 +00:00
Nalin Dahyabhai
665fa22b0f - add bug numbers for the fix for CVE-2010-0628 2010-03-23 22:56:35 +00:00
Nalin Dahyabhai
cac63d2dfa - kdc.conf: no more need to suggest keeping keys with v4-compatible salting 2010-03-23 18:18:32 +00:00
Nalin Dahyabhai
4a2bf7dc5d - add upstream fix for denial-of-service in SPNEGO (CVE-2010-0628) 2010-03-23 18:07:13 +00:00
Nalin Dahyabhai
1f83fab4c7 - remove the krb5-appl bits (the -workstation-clients and 
-workstation-servers subpackages) now that krb5-appl is its own package
 2010-03-19 21:15:33 +00:00
Nalin Dahyabhai
39cf8a4b2d - whoops, -p level off by one 2010-03-12 22:26:03 +00:00
Nalin Dahyabhai
fe99267cdf - add documentation for the ticket_lifetime option (#561174) 2010-03-12 20:44:02 +00:00
Nalin Dahyabhai
daa38f9cf3 - drop this; we're not going to worry about it 2010-03-11 19:24:17 +00:00
Nalin Dahyabhai
e03499409a - drop this; it's not sufficient any more anyway 2010-03-11 19:20:22 +00:00
Nalin Dahyabhai
0f6f154014 - correct a few typos 
- note the review bug for splitting out krb5-appl
 2010-03-08 20:10:52 +00:00
Nalin Dahyabhai
a32fda650f - this patch is no longer needed; at some point between 1.7 and 1.8 this 
was fixed in SVN
 2010-03-08 18:16:23 +00:00
Nalin Dahyabhai
516763ea91 - pull up patch to get the client libraries to correctly perform password 
changes over IPv6 (Sumit Bose, RT#6661)
 2010-03-08 16:47:24 +00:00
Nalin Dahyabhai
75b08040ff - update to 1.8 
- temporarily bundling the krb5-appl package (split upstream as of 1.8)
    until its package review is complete
- profile.d scriptlets are now only needed by -workstation-clients
- adjust paths in init scripts
- drop upstreamed fix for KDC denial of service (CVE-2010-0283)
- drop patch to check the user's password correctly using crypt(), which
    isn't a code path we hit when we're using PAM
 2010-03-05 22:19:38 +00:00
Nalin Dahyabhai
9c84ef7b56 - whoops, revert inadvertent not-working version bump 2010-03-03 16:16:35 +00:00
Nalin Dahyabhai
5ee10a1ffb - fix a null pointer dereference and crash introduced in our PAM patch that 
would happen if ftpd was given the name of a user who wasn't known to
    the local system, limited to being triggerable by gssapi-authenticated
    clients by the default xinetd config (Olivier Fourdan, #569472)
 2010-03-03 16:09:47 +00:00
Nalin Dahyabhai
d605c80ae2 - fix a regression (not labeling a kdb database lock file correctly, 
#569902)
 2010-03-02 23:01:23 +00:00
Nalin Dahyabhai
669a15d24b - move the package changelog to the end to match the usual style (jdennis) 
- scrub out references to $RPM_SOURCE_DIR (jdennis)
- include a symlink to the readme with the name LICENSE so that people can
    find it more easily (jdennis)
 2010-02-25 23:00:23 +00:00
Nalin Dahyabhai
33efa14da1 - pull up the change to make kpasswd's behavior better match the docs when 
there's no ccache (#563431)
 2010-02-17 23:25:50 +00:00
Nalin Dahyabhai
20683b0e60 - whoops, that's the wrong filename for the patch 2010-02-16 22:15:46 +00:00
Nalin Dahyabhai
c84cd0185b - apply patch from upstream to fix KDC denial of service (CVE-2010-0283, 
#566002)
 2010-02-16 21:45:25 +00:00
Nalin Dahyabhai
edcbea8d17 - update to 1.7.1 
- don't trip AD lockout on wrong password (#542687, #554351)
- incorporates fixes for CVE-2009-4212 and CVE-2009-3295
- fixes gss_krb5_copy_ccache() when SPNEGO is used
- move sim_client/sim_server, gss-client/gss-server, uuclient/uuserver to
    the devel subpackage, better lining up with the expected krb5/krb5-appl
    split in 1.8
- drop kvno,kadmin,k5srvutil,ktutil from -workstation-servers, as it
    already depends on -workstation which also includes them
 2010-02-03 17:11:35 +00:00
Nalin Dahyabhai
f20db54891 - tighten up default permissions on kdc.conf and kadm5.acl (#558343) 2010-01-25 16:58:14 +00:00
Nalin Dahyabhai
9a31789f24 - use portreserve correctly -- portrelease takes the basename of the file 
whose entries should be released, so we need three files, not one
 2010-01-22 15:08:24 +00:00
Nalin Dahyabhai
304c10003d - suppress warnings of impending password expiration if expiration is more 
than seven days away when the KDC reports it via the last-req field,
    just as we already do when it reports expiration via the key-expiration
    field (#556495)
- link with libtinfo rather than libncurses, when we can, in future RHEL
 2010-01-18 20:13:04 +00:00
Nalin Dahyabhai
da536a5974 - krb5_get_init_creds_password: check opte->flags instead of options->flags 
when checking whether or not we get to use the prompter callback
    (#555875)
 2010-01-15 20:24:36 +00:00
Nalin Dahyabhai
2baf72c02f - use portreserve to make sure the KDC can always bind to the kerberos-iv 
port, kpropd can always bind to the krb5_prop port, and that kadmind
    can always bind to the kerberos-adm port (#555279)
- correct inadvertent use of macros in the changelog (rpmlint)
 2010-01-14 21:14:26 +00:00
Nalin Dahyabhai
60b2cbeb09 - fix the description of the problem 2010-01-12 19:27:00 +00:00
Nalin Dahyabhai
c81c7789b7 - add upstream patches for KDC crash during AES and RC4 decryption 
(CVE-2009-4212), via Tom Yu (#545015)
 2010-01-12 19:24:24 +00:00
Nalin Dahyabhai
3ad86e219a - back down to the earlier version of the patch for #551764; the backported 
alternate version was incomplete
 2010-01-06 23:54:23 +00:00
Nalin Dahyabhai
abd49c944b - put the conditional back for the -devel subpackage 2010-01-06 20:05:00 +00:00
Nalin Dahyabhai
b199476767 - pull up proposed patch for creating previously-not-there lock files for 
kdb databases when 'kdb5_util' is called to 'load' (#551764)
 2010-01-05 22:55:55 +00:00
Nalin Dahyabhai
65631fa1bb - use %%global instead of %%define 
- fix conditional for future RHEL
 2010-01-05 22:55:30 +00:00
Nalin Dahyabhai
14efc0c6dd - add tracking bug ID for the latest security patch 2010-01-04 15:59:00 +00:00
Nalin Dahyabhai
795e5e14a6 - add upstream patch for KDC crash during referral processing 
(CVE-2009-3295), via Tom Yu
 2010-01-04 15:56:24 +00:00