Commit Graph

231 Commits

Author SHA1 Message Date
Nalin Dahyabhai
b5dfa8576a quote %%{__cc} where needed because it includes whitespace now 2008-07-16 18:40:35 +00:00
Nalin Dahyabhai
6197407f58 - clear fuzz out of patches, dropping a man page patch which is no longer
necessary
2008-07-16 18:09:47 +00:00
Nalin Dahyabhai
14f675bab9 - build with -fno-strict-aliasing, which is needed because the library
triggers these warnings
2008-07-11 15:16:54 +00:00
Nalin Dahyabhai
37b6c5e715 - rework how labeling is handled to avoid a bootstrapping problem in
headers
- don't forget to label the principal database lock file
2008-07-11 15:14:57 +00:00
Tom Callaway
f06f7f1e03 generate include/krb5/krb5.h before building, fix conditional for sparcv9 2008-06-14 18:22:01 +00:00
Nalin Dahyabhai
d11c1aff3a - whoops, forgot to go back and get the ITS entry number 2008-05-12 18:50:56 +00:00
Nalin Dahyabhai
9f105b4df2 - ftp: use the correct local filename during mget when the 'case' option is
enabled (#442713)
2008-04-16 18:54:08 +00:00
Nalin Dahyabhai
d17f0b5f35 Provide an option to make the KDC also listen on loopback interfaces for
datagram requests. Adds an internal symbol to libkrb5 which the KDC
    will need if listening on loopback is enabled.
The default might be better changed from FALSE to TRUE so that the default
    matches what we do with stream sockets. Or maybe that should be the
    default anyway, with no configuration option.
FIXME: doesn't add documentation anywhere.
2008-04-04 21:32:15 +00:00
Nalin Dahyabhai
af9bedd61a - stop exporting kadmin keys to a keytab file when kadmind starts -- the
daemon's been able to use the database directly for a long long time
    now
- belatedly add aes128,aes256 to the default set of supported key types
2008-04-04 21:29:53 +00:00
Nalin Dahyabhai
f56b6ee2db bump for build 2008-04-01 20:54:54 +00:00
Nalin Dahyabhai
ddde7d0f6e - libgssapi_krb5: properly export the acceptor subkey when creating a lucid
context (Kevin Coffman, via the nfs4 mailing list)
2008-04-01 20:53:54 +00:00
Nalin Dahyabhai
7668599d1d - add fixes from MITKRB5-SA-2008-001 for use of null or dangling pointer
when v4 compatibility is enabled on the KDC (CVE-2008-0062,
    CVE-2008-0063, #432620, #432621)
- add fixes from MITKRB5-SA-2008-002 for array out-of-bounds accesses when
    high-numbered descriptors are used (CVE-2008-0947, #433596)
- add backport bug fix for an attempt to free non-heap memory in
    libgssapi_krb5 (CVE-2007-5901, #415321)
- add backport bug fix for a double-free in out-of-memory situations in
    libgssapi_krb5 (CVE-2007-5971, #415351)
2008-03-18 18:13:22 +00:00
Nalin Dahyabhai
e7e5a76eb7 - remove a couple of hunks where on third look we don't need to be using
WRITABLEFOPEN instead of fopen, because the mode doesn't include
    writing
2008-03-18 15:49:52 +00:00
Nalin Dahyabhai
638efe585f - rework file labeling patch to not depend on fragile preprocessor
trickery, in another attempt at fixing #428355 and friends
2008-03-18 15:35:39 +00:00
Nalin Dahyabhai
723980d239 bump release number for rebuild 2008-02-26 21:48:24 +00:00
Nalin Dahyabhai
d4963922a8 - ftp: add patch to fix "runique on" case when globbing fixes applied
- stop adding a redundant but harmless call to initialize the gssapi
    internals
2008-02-26 21:18:38 +00:00
Nalin Dahyabhai
2a567feda3 - add the bug ID, close the bug 2008-02-25 20:55:41 +00:00
Nalin Dahyabhai
d5971d2776 - add patch to suppress double-processing of /etc/krb5.conf when we build
with --sysconfdir=/etc, thereby suppressing double-logging (#231147)
2008-02-25 20:53:41 +00:00
Nalin Dahyabhai
d73fcc15fb - remove a patch to fix problems with interfaces which are "up" but which
have no address assigned which conflicted with a change to fix the same
    problem in 1.5 (#200979)
2008-02-25 19:58:51 +00:00
Nalin Dahyabhai
2cc4303bbc - ftp: don't lose track of a descriptor on passive get when the server
fails to open a file
2008-02-25 19:50:42 +00:00
Nalin Dahyabhai
a7d42c7b03 - in login, allow PAM to interact with the user when they've been strongly
authenticated
- in login, signal PAM when we're changing an expired password that it's an
    expired password, so that when cracklib flags a password as being weak
    it's treated as an error even if we're running as root
2008-02-25 18:33:34 +00:00
Nalin Dahyabhai
ea9df965b8 comment: Treat 'nsAccountLock: true' the same as 'loginDisabled: true'.
RT#5891
2008-02-25 18:32:02 +00:00
Nalin Dahyabhai
8e9e1c07b0 - drop netdb patch
- kdb_ldap: add patch to treat 'nsAccountLock: true' as an indication that
    the DISALLOW_ALL_TIX flag is set on an entry, for better interop with
    Fedora, Netscape, Red Hat Directory Server (Simo Sorce)
2008-02-18 18:44:39 +00:00
Nalin Dahyabhai
d64960eca0 - the constants are now provided even without __USE_GNU, so no need for
this
2008-02-18 16:54:29 +00:00
Nalin Dahyabhai
a77ce35c52 - avoid depending on <netdb.h> to define NI_MAXHOST and NI_MAXSERV for us 2008-02-13 23:10:32 +00:00
Nalin Dahyabhai
820100e165 - wow, fix a syntax error 2008-02-12 21:03:29 +00:00
Nalin Dahyabhai
7ccda19051 - a second approach proposed in RT 2008-02-12 16:28:13 +00:00
Nalin Dahyabhai
e4d2a874a4 - enable patch for key-expiration reporting
- enable patch to make kpasswd fall back to TCP if UDP fails
- enable patch to make kpasswd use the right sequence number on retransmit
- enable patch to allow mech-specific creds delegated under spnego to be
    found when searching for creds
2008-02-12 16:22:38 +00:00
Nalin Dahyabhai
3d4d8cf991 - note RT numbers for reference
- include but don't apply the other suggested patch for
    kpasswd-doesn't-use-tcp
2008-01-23 18:27:03 +00:00
Nalin Dahyabhai
dcfbb5995a - revise to reference a different patch which we also don't apply 2008-01-03 16:51:53 +00:00
Nalin Dahyabhai
3a41ec53ed - less invasive approach to letting kpasswd hit tcp-only servers 2008-01-03 16:51:16 +00:00
Nalin Dahyabhai
f25a7f96a5 - reference unapplied patch to fix password-changing with servers other
than the first one we try to contact
- reference bug 242502 (rawhide) instead of 242500 (rhel)
2008-01-03 15:47:35 +00:00
Nalin Dahyabhai
1343fd1973 - bump the release 2008-01-02 17:06:19 +00:00
Nalin Dahyabhai
48872e3b7b - right, new year 2008-01-02 17:05:02 +00:00
Nalin Dahyabhai
f072055a76 - some init script cleanups
- drop unquoted check and silent exit for "$NETWORKING" (#426852, #242500)
- krb524: don't barf on missing database if it looks like we're using
    kldap, same as for kadmin
- return non-zero status for missing files which cause startup to fail
2008-01-02 17:03:38 +00:00
Nalin Dahyabhai
0aaa920daa - allocate space for the nul-terminator in the local pathname when looking
up a file context, and properly free a previous context (Jose Plans,
    #426085)
2007-12-18 18:34:06 +00:00
Nalin Dahyabhai
ea868608c1 rebuild 2007-12-05 15:21:20 +00:00
Nalin Dahyabhai
6c3186e173 note the CVE for needing the revised patch 2007-11-13 21:58:04 +00:00
Nalin Dahyabhai
4ba98f8eab add duplicate bug id 2007-11-13 21:41:20 +00:00
Nalin Dahyabhai
acf89fe1da note the RT number 2007-11-09 15:40:20 +00:00
Nalin Dahyabhai
276a481e88 - update to 1.6.3, dropping now-integrated patches for CVE-2007-3999 and
CVE-2007-4000 (the new pkinit module is built conditionally and goes
    into the -pkinit-openssl package, at least for now, to make a buildreq
    loop with openssl avoidable)
2007-10-23 19:40:45 +00:00
Nalin Dahyabhai
a0f391756d - make proper use of pam_loginuid and pam_selinux in rshd and ftpd 2007-10-17 17:48:52 +00:00
Bill Nottingham
345c67344c makefile update to properly grab makefile.common 2007-10-15 18:56:42 +00:00
Nalin Dahyabhai
528eff0ac5 - make krb5.conf %%verify(not md5 size mtime) in addition to
%%config(noreplace), like /etc/nsswitch.conf (#329811)
2007-10-12 18:32:28 +00:00
Nalin Dahyabhai
6e3299423a - proposed fix for not being able to find delegated krb5 creds when using
spnego
2007-10-04 22:08:39 +00:00
Nalin Dahyabhai
359196dde6 - revert to the version that hit upstream SVN 2007-10-04 21:44:02 +00:00
Nalin Dahyabhai
1bb4c4c0c2 - reflect the adjustment just submitted to upstream RT #5802 2007-10-01 21:39:09 +00:00
Nalin Dahyabhai
1dd0ff3e30 - proposed patch to fix receipt of delegated creds in mod_auth_kerb 2007-10-01 19:40:47 +00:00
Nalin Dahyabhai
14a08486e8 - add the bug ID to the kadmind fixes, note Fran's patch was identical to
the one I thought we were already using in the F-7 branch
2007-09-17 20:47:02 +00:00
Nalin Dahyabhai
995166d33c - undef functions that we override before redefining them; ultimately this
will have to be completely reworked to not use preprocessor magic
    because it's gotten way uglier than originally planned
2007-09-17 20:46:21 +00:00