Nalin Dahyabhai
af8b546790
- apply upstream patch to fix a null pointer dereference with the LDAP kdb backend (CVE-2011-1527, #744125 ), an assertion failure with multiple kdb backends (CVE-2011-1528), and a null pointer dereference with multiple kdb backends (CVE-2011-1529) ( #737711 )
2011-10-18 14:28:08 -04:00
Nalin Dahyabhai
73b7dd3ece
- pull in patch from trunk to rename krb5int_pac_sign() to krb5_pac_sign() and
...
make it public (#745533 )
2011-10-13 15:31:36 -04:00
Nalin Dahyabhai
28837545d5
- handle a harder-to-trigger assertion failure that starts cropping up when we
...
exit the transmit loop on time (#739853 )
2011-10-07 16:29:28 -04:00
Nalin Dahyabhai
098a308f7e
- kadmin.service: fix #723723 again
...
- kadmin.service,krb5kdc.service: remove optional use of $KRB5REALM in command
lines, because systemd parsing doesn't handle alternate value shell variable
syntax
- kprop.service: add missing Type=forking so that systemd doesn't assume simple
- kprop.service: expect the ACL configuration to be there, not absent
2011-10-07 15:10:35 -04:00
Tom "spot" Callaway
e645180a9a
hardcode pid file path as option to krb5kdc.service
2011-10-02 15:05:51 +02:00
Tom "spot" Callaway
3545dd2571
fix typo
2011-09-30 12:20:58 +02:00
Tom "spot" Callaway
82129e3a0d
convert to systemd
2011-09-19 14:45:57 -04:00
Nalin Dahyabhai
207fa55d00
- pull in upstream patch for RT#6952, confusion following referrals for cross-realm auth ( #734341 )
2011-09-06 00:19:38 -04:00
Nalin Dahyabhai
a26dd7c42c
- switch to the upstream patch for #727829
2011-09-01 09:29:29 -04:00
Nalin Dahyabhai
57d5eabb48
- bump the release number
2011-08-31 13:33:23 -04:00
Nalin Dahyabhai
db0e796a50
- handle an assertion failure that starts cropping up when the patch for using poll ( #701446 ) meets servers that aren't running KDCs or against which the connection fails for other reasons ( #727829 , #734172 )
2011-08-31 13:31:58 -04:00
Nalin Dahyabhai
0ad36e9c38
- override the default build rules to not delete temporary y.tab.c files,
...
so that they can be packaged, allowing debuginfo files which point to them
do so usefully (#729044 )
2011-08-08 18:39:55 -04:00
Nalin Dahyabhai
ad0dcf5042
- pull in a patch to fix losing track of the replay cache FD, from SVN by way of Kevin Coffman
2011-07-22 16:57:35 -04:00
Nalin Dahyabhai
2202e378de
- build shared libraries with partial RELRO support ( #723995 )
...
- filter out potentially multiple instances of -Wl,-z,relro from krb5-config
output, now that it's in the buildroot's default LDFLAGS
2011-07-22 16:29:06 -04:00
Nalin Dahyabhai
94ead682ba
- prune 1.9 sources
2011-07-22 15:38:33 -04:00
Nalin Dahyabhai
a0e423054a
- kadmind.init: drop the attempt to detect no-database-present errors ( #723723 )
2011-07-20 17:58:20 -04:00
Nalin Dahyabhai
4e66f1237b
- backport RT#6905: use poll() so that we can use higher descriptor numbers when the client is talking to a KDC
2011-07-19 14:54:29 -04:00
Nalin Dahyabhai
ba9d039a3a
- have a bug number for this now
2011-06-28 14:08:13 -04:00
Nalin Dahyabhai
da69bf39fa
- pull a fix from SVN to use AI_ADDRCONFIG more often (RT#6923)
2011-06-23 16:07:40 -04:00
Nalin Dahyabhai
4a5ca5b2d3
- pull a fix from SVN to try to avoid triggering a PTR lookup in getaddrinfo()
...
during krb5_sname_to_principal(), and to let getaddrinfo() decide whether or
not to ask for an IPv6 address based on the set of configured interfaces
(RT#6922)
2011-06-23 16:05:54 -04:00
Nalin Dahyabhai
23ef754340
- fix that bug ID
2011-06-21 18:38:01 -04:00
Nalin Dahyabhai
092982212a
- apply upstream patch by way of Burt Holzman to fall back to a non-referral
...
method in cases where we might be derailed by a KDC that rejects the
canonicalize option (for example, those from the RHEL 2.1 or 3 era) (#713518 )
2011-06-20 13:34:21 -04:00
Nalin Dahyabhai
e1fdb93038
- don't burn a release number
2011-06-14 14:44:36 -04:00
Nalin Dahyabhai
17c9104b1d
- pull a fix from SVN to get libgssrpc clients (e.g. kadmin) authenticating
...
using the old protocol over IPv4 again (RT#6920)
2011-06-14 14:25:28 -04:00
Nalin Dahyabhai
6a7a118058
- incorporate a fix to teach the file labeling bits about when replay caches are expunged ( #576093 )
2011-06-14 14:15:55 -04:00
Nalin Dahyabhai
20266fd9d7
switch to the upstream patch for #707145
2011-05-26 10:55:11 -04:00
Nalin Dahyabhai
e14f89fa17
klist: don't trip over referral entries when invoked with -s ( #707145 , RT#6915)
2011-05-25 16:55:39 -04:00
Nalin Dahyabhai
7368cf9d38
- fixup URL in a comment
...
- when built with NSS, require 3.12.10 rather than 3.12.9
2011-05-06 10:09:53 -04:00
Nalin Dahyabhai
ac127d5263
- update to 1.9.1:
...
- drop no-longer-needed patches for CVE-2010-4022, CVE-2011-0281,
CVE-2011-0282, CVE-2011-0283, CVE-2011-0284, CVE-2011-0285
2011-05-05 19:03:10 -04:00
Nalin Dahyabhai
d2ffb0c7c5
add the bug ID for that last fix
2011-04-13 17:21:33 -04:00
Nalin Dahyabhai
301c9d3ae2
- kadmind: add upstream patch to fix free() on an invalid pointer (MITKRB5-SA-2011-004, CVE-2011-0285)
2011-04-13 15:38:22 -04:00
Nalin Dahyabhai
5ad8efcad5
- don't discard the error code from an error message received in response
...
to a change-password request (#658871 , RT#6893)
2011-04-04 19:04:05 -04:00
Nalin Dahyabhai
2ee39c5e61
- override INSTALL_SETUID at build-time so that ksu is installed into
...
the buildroot with the right permissions (part of #225974 )
2011-04-01 15:52:29 -04:00
Nalin Dahyabhai
27e969332f
- backport change from SVN to fix a computed-value-not-used warning in
...
kpropd (#684065 )
2011-03-18 13:23:22 -04:00
Nalin Dahyabhai
41bc7a0e62
- turn off NSS as the backend for libk5crypto for now to work around its
...
DES string2key not working (#679012 )
- add revised upstream patch to fix double-free in KDC while returning
typed-data with errors (CVE-2011-0284, #674325 )
2011-03-15 14:25:01 -04:00
Nalin Dahyabhai
cbdf0e37a6
- throw in a not-applied-by-default patch to try to make pkinit debugging into a run-time boolean option named "pkinit_debug"
2011-02-17 11:31:49 -05:00
Nalin Dahyabhai
b77e5a0e35
turn on NSS as the backend for libk5crypto, adding nss-devel as a build dependency when that switch is flipped
2011-02-16 19:05:39 -05:00
Nalin Dahyabhai
08f510b379
- krb5kdc init script: prototype some changes to do a quick spot-check
...
of the TGS and kadmind keys and warn if there aren't any non-weak keys
on file for them (to flush out parts of #651466 )
2011-02-09 15:25:17 -05:00
Nalin Dahyabhai
62cb58fe6f
reference the raw hide bug ID for CVE-2011-0283 in the changelog
2011-02-08 16:38:16 -05:00
Nalin Dahyabhai
be633bbbb2
- add upstream patches to fix standalone kpropd exiting if the per-client
...
child process exits with an error (MITKRB5-SA-2011-001), a hang or crash
in the KDC when using the LDAP kdb backend, and an uninitialized pointer
use in the KDC (MITKRB5-SA-2011-002) (CVE-2010-4022, #664009 ,
CVE-2011-0281, #668719 , CVE-2011-0282, #668726 , CVE-2011-0283, #670567 )
2011-02-08 14:37:19 -05:00
Dennis Gilmore
4fe1ed04f8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
2011-02-07 21:09:16 -06:00
Nalin Dahyabhai
9fed313d79
fix a compile error in the SELinux labeling patch when -DDEBUG is used (Sumit Bose)
2011-02-07 11:24:03 -05:00
Nalin Dahyabhai
293e1a6e51
- properly advertise that the kpropd init script now supports force-reload (Zbysek Mraz #630587 )
2011-02-01 10:38:05 -05:00
Nalin Dahyabhai
3442cb8a33
- pkinit: when verifying signed data, use the CMS APIs for better interoperability ( #636985 , RT#6851)
2011-01-26 13:59:56 -05:00
Nalin Dahyabhai
8c3bae0303
update to 1.9 final
2010-12-22 17:22:08 -05:00
Nalin Dahyabhai
09a9ac8a63
- fix link flags and permissions on shared libraries (ausil)
2010-12-20 15:20:01 -05:00
Nalin Dahyabhai
0207b5b4fc
- fix link flags and permissions on shared libraries (ausil)
2010-12-20 15:19:23 -05:00
Nalin Dahyabhai
ce5e3836b2
- update to 1.9 beta 3
2010-12-16 14:43:53 -05:00
Nalin Dahyabhai
78ee0957ae
- update to 1.9 beta 3
2010-12-16 14:43:36 -05:00
Nalin Dahyabhai
3ea0e361a2
Merge branch 'master-f15-1.9' of ssh://pkgs.fedoraproject.org/krb5 into master-f15-1.9
...
Conflicts:
krb5.spec
sources
2010-12-06 17:02:02 -05:00