rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity
656 Commits 9 Branches 52 Tags 8.1 MiB
c3f5bd1fb8
Commit Graph

460 Commits

Author SHA1 Message Date
Nalin Dahyabhai
282fb3c1e0 packaging tweaks 
- handle releases where texlive packaging wasn't yet as complicated as it
  is in Fedora 18
- fix an uninitialized-variable error building one of the test programs
 2012-11-16 17:19:59 -05:00
Nalin Dahyabhai
8cf49572ea more tweaks to try to get doc building working 2012-11-16 15:58:51 -05:00
Nalin Dahyabhai
d97833d1ef just drop package-level deps on tex altogether 2012-11-16 14:56:42 -05:00
Nalin Dahyabhai
b1e19fe613 sure, okay. 2012-11-16 14:51:53 -05:00
Nalin Dahyabhai
5816919080 require pdflatex and makeindex 2012-11-16 14:36:59 -05:00
Nalin Dahyabhai
d8fb585c09 don't dummy up required stylesheets, require them 2012-11-16 13:35:21 -05:00
Nalin Dahyabhai
9f497eac9f also note the multilib impact in the docs 2012-11-16 13:14:55 -05:00
Nalin Dahyabhai
7404a3c685 more packaging fixups 
- move the rather large pile of html and pdf docs to -workstation, so
  that just having something that links to the libraries won't drag
  them onto a system
- actually create %%{_var}/kerberos/kdc/user, so that it can be packaged
- correct the list of packaged man pages
 2012-11-16 13:01:56 -05:00
Nalin Dahyabhai
777f196e39 drop patches to fixup paths in man pages 2012-11-16 13:01:56 -05:00
Nalin Dahyabhai
d0f6217945 own /var/kerberos/kdc/user 2012-11-16 13:01:56 -05:00
Nalin Dahyabhai
18bdbb99e3 drop the only-weak-keys checker 2012-11-16 13:01:56 -05:00
Nalin Dahyabhai
0efe966105 update heed-nsaccountlock patch 
We lost explicit support for eDirectory per se, so just add a toggle to
enable heeding the one native attribute that 389 adds to the mix.
 2012-11-16 13:01:56 -05:00
Nalin Dahyabhai
8a943cb6b5 update selinux labeling patch 2012-11-16 13:01:55 -05:00
Nalin Dahyabhai
423d0d2f67 update the paths-in-man-pages patch 2012-11-15 18:03:30 -05:00
Nalin Dahyabhai
34c8bac7e3 drop backported fix for clock skew errors 
- drop backported fix for avoiding spurious clock skew when a TGT is
  decrypted long after the KDC sent it to the client which decrypts it
 2012-11-15 15:23:18 -05:00
Nalin Dahyabhai
e5f60e0625 drop backports of patch for keytab-based kinit 
- drop backported patches to make keytab-based authentication attempts
  work better when the client tells the KDC that it supports a particular
  cipher, but doesn't have a key for it in the keytab
 2012-11-15 15:21:19 -05:00
Nalin Dahyabhai
b47c708afc drop backported PKINIT fix: directly-trusted KDCs 
- drop backported fix for teaching PKINIT clients which trust the KDC's
  certificate directly to verify signed-data messages that are signed with
  the KDC's certificate, when the blobs don't include a copy of the KDC's
  certificate
 2012-11-15 15:19:00 -05:00
Nalin Dahyabhai
f1f0baeb82 drop backported patch for disabling replay caches 
- drop backported fix for disabling use of a replay cache when verifying
  initial credentials
 2012-11-15 15:18:12 -05:00
Nalin Dahyabhai
e4244fc907 drop backported build patch 2012-11-15 15:15:47 -05:00
Nalin Dahyabhai
d86f9ffaaf the new docs system generates PDFs, so we can stop 2012-11-15 15:14:28 -05:00
Nalin Dahyabhai
03522e1559 drop backported patches for RT #7406,#7407,#7408 
- drop backported patch for RT #7406
- drop backported patch for RT #7407
- drop backported patch for RT #7408
 2012-11-15 15:04:38 -05:00
Nalin Dahyabhai
6baa28a80d start moving to 1.11 2012-11-15 15:03:00 -05:00
Nalin Dahyabhai
c7b12ecdfa tag a couple more patches for %%{?_rawbuild} 
- tag a couple of other patches which we still need to be applied during
  %%{?_rawbuild} builds (zmraz)
 2012-10-17 17:36:50 -04:00
Nalin Dahyabhai
51b608140a - actually pull up the patch for RT#7063, and not some other ticket (#773496) 2012-09-25 02:02:35 -04:00
Nalin Dahyabhai
3e1f3982d4 revise Filip's patch so that it more closely mimics the select() path 2012-09-10 18:47:48 -04:00
Nalin Dahyabhai
a4ad97ae22 abort the current transmit attempt if our timeout is negative 
- add patch from Filip Krska to abort a transmit attempt when we've given
  poll() a negative timeout (#838548)
 2012-09-10 16:30:11 -04:00
Nalin Dahyabhai
4c51c8bc7e more backported fixes for keytab-doesn't-have-all-key-types cases 
- add a backport of more patches to set the client's list of supported enctypes
  when using a keytab to be the list of types of keys in the keytab, plus the
  list of other types the client supports but for which it doesn't have keys,
  in that order, so that KDCs have a better chance of being able to issue
  tickets with session keys of types that the client can use (#837855)
 2012-09-07 16:10:45 -04:00
Nalin Dahyabhai
e39bc82589 pull up patch for RT#7063 - KDC/client time skew 
- pull up patch for RT#7063, in which not noticing a prompt for a long
  time throws the client library's idea of the time difference between it
  and the KDC really far out of whack (#773496)
 2012-09-07 14:05:10 -04:00
Nalin Dahyabhai
9a4c3f763b conflict with broken libsmbclient builds on EL6, so that we don't break them 
- on EL6, conflict with libsmbclient before 3.5.10-124, which is when it
  stopped linking with a symbol which we no longer export (#771687)
 2012-09-07 12:50:09 -04:00
Nalin Dahyabhai
cf693a2998 cut out an extraneous label configuration reload 
- cut down the number of times we load SELinux labeling configuration from
  a minimum of two times to actually one (more of #845125)
 2012-09-06 18:42:40 -04:00
Nalin Dahyabhai
7f06579f48 backport patch from RT#7229 
- backport patch to disable replay detection in krb5_verify_init_creds()
  while reading the AP-REQ that's generated in the same function (RT#7229)
 2012-08-30 14:22:23 -04:00
Nalin Dahyabhai
ec0380bcae merge and conditionalize some EL6isms 
- undo rename from krb5-pkinit-openssl to krb5-pkinit on EL6
- version the Obsoletes: on the krb5-pkinit-openssl to krb5-pkinit rename
- reintroduce the init scripts for non-systemd releases
- forward-port %%{_?rawbuild} annotations from EL6 packaging
 2012-08-30 14:06:23 -04:00
Nalin Dahyabhai
81ca63cffc - update to 1.10.3, rolling in MITKRB5-SA-2012-001 2012-08-09 11:11:24 -04:00
Nalin Dahyabhai
5d6308abab cache the selabel context between uses (dwalsh) 
- selinux: hang on to the list of selinux contexts, freeing and reloading
  it only when the file we read it from is modified, freeing it when the
  shared library is being unloaded (#845125)
 2012-08-02 18:50:32 -04:00
Nalin Dahyabhai
38e22af414 undo file-move fixes on Fedora 17 
- go back to not messing with library file paths on Fedora 17: it breaks
  file path dependencies in other packages, and since Fedora 17 is already
  released, breaking that is our fault
 2012-08-02 11:15:21 -04:00
Nalin Dahyabhai
899e166076 update bug numbers for this update 2012-07-31 14:34:09 -04:00
Nalin Dahyabhai
718a1573e1 fixes for MITKRB5-SA-2012-001 and .so symlinks 
- add upstream patch to fix freeing an uninitialized pointer and dereferencing
  another uninitialized pointer in the KDC (MITKRB5-SA-2012-001, CVE-2012-1014
  and CVE-2012-1015, #838012)
- fix a thinko in whether or not we mess around with devel .so symlinks on
  systems without a separate /usr (sbose)
 2012-07-31 14:14:12 -04:00
Dennis Gilmore
a020fb0304 Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild 2012-07-27 00:46:48 -05:00
Nalin Dahyabhai
f60e9ef28c backport RT#7183 
- backport a fix to allow a PKINIT client to handle SignedData from a KDC
  that's signed with a certificate that isn't in the SignedData, but which
  is available as an anchor or intermediate on the client (RT#7183)
 2012-06-22 14:07:46 -04:00
Nalin Dahyabhai
16a5c7affc back out the recent labeling change, per dwalsh 
- back out this labeling change (dwalsh):
  - when building the new label for a file we're about to create, also mix
    in the current range, in addition to the current user
 2012-06-05 16:24:15 -04:00
Nalin Dahyabhai
6e8c2c396c add explicit buildrequires: on 'hostname' and 'net-tools' 
- add explicit buildrequires: on 'hostname', for the tests, on systems where
  it's in its own package, and require net-tools, which used to provide the
  command, everywhere
 2012-06-01 16:31:50 -04:00
Nalin Dahyabhai
f06298144d no-separate-/usr means we don't have to move shlibs 
- don't shuffle around any shared libraries on releases with
  no-separate-/usr, since /lib and /usr/lib are the same anyway
 2012-06-01 15:41:01 -04:00
Nalin Dahyabhai
037ab925da backport a fix for keytabs which don't have keys for all enctypes 
- add a backport of Stef's patch to set the client's list of supported
  enctypes to match the types of keys that we have when we are using a
  keytab to try to get initial credentials, so that a KDC won't send us
  an AS reply that we can't encrypt (RT#2131, #748528)
 2012-06-01 15:24:41 -04:00
Nalin Dahyabhai
b8b71859bb update to 1.10.2 
- when building the new label for a file we're about to create, also mix
  in the current range, in addition to the current user
- also package the PDF format admin, user, and install guides
- drop some PDFs that no longer get built right
 2012-06-01 14:05:55 -04:00
Nalin Dahyabhai
cd92a2cbb4 - skip the setfscreatecon() if fopen() is passed "rb" as the open mode (part of #819115) 2012-05-07 17:28:51 -04:00
Nalin Dahyabhai
2057747130 - have -server require /usr/share/dict/words, which we set as the default dict_file in kdc.conf (#817089) 2012-05-01 11:44:13 -04:00
Nalin Dahyabhai
f2a7c1df57 - comment out example.com examples in default krb5.conf (Stef Walter, #805320) 2012-03-20 18:21:01 -04:00
Nalin Dahyabhai
f8503cf35b - changelog that last change 2012-03-20 18:20:08 -04:00
Nalin Dahyabhai
70240d81c8 - update to 1.10.1 
- drop the KDC crash fix
  - drop the KDC lookaside cache fix
  - drop the fix for kadmind RPC ACLs (CVE-2012-1012)
 2012-03-09 18:37:47 -05:00
Nalin Dahyabhai
4093154587 - when removing -workstation, remove our files from the info index while the file is still there, in %%preun, rather than %%postun, and use the compressed file's name (#801035) 2012-03-07 12:04:24 -05:00
Nathaniel McCallum
b44189a932 Fix string RPC ACLs (RT#7093); CVE-2012-1012 2012-02-21 15:40:50 -05:00
Nathaniel McCallum
1b8eb90a4f add upstream lookaside cache fix RT#7082 2012-01-31 13:42:23 -05:00
Nalin Dahyabhai
9e5f5995cd - add patch to accept keytab entries with vno==0 as matches when we're searching for an entry with a specific name/kvno (#230382/#782211,RT#3349) 2012-01-30 19:49:10 -05:00
Nalin Dahyabhai
6ac0d24fa5 - note the RT number 2012-01-30 12:51:02 -05:00
Nalin Dahyabhai
fbe4130509 - update to 1.10 final 2012-01-30 10:28:53 -05:00
Nathaniel McCallum
767944b7d8 fix release number 2012-01-26 12:17:35 -05:00
Nathaniel McCallum
a134a66915 add upstream crashfix patch 2012-01-26 11:58:18 -05:00
Nalin Dahyabhai
a04da4baa4 - note the RT number 2012-01-23 18:21:02 -05:00
Nalin Dahyabhai
cf65017ae3 - update to beta 1 2012-01-12 18:47:18 -05:00
Nalin Dahyabhai
3e2b8913b0 - add missing changelog item 2012-01-12 16:11:04 -05:00
Peter Robinson
c5fead3d7e mktemp was long obsoleted by coreutils 2012-01-11 10:36:49 +00:00
Nalin Dahyabhai
620baf13cd - modify the deltat grammar to also tell gcc (4.7) to suppress "maybe-uninitialized" warnings in addition to the "uninitialized" warnings it's already being told to suppress 2012-01-04 13:52:34 -05:00
Nalin Dahyabhai
2496d7a5c9 - update to alpha 2 
- drop a couple of patches which were integrated for alpha 2
 2011-12-20 13:18:27 -05:00
Nalin Dahyabhai
f28b57af20 - pull in patch for RT#7048: allow PAC verification to only bother trying to 
verify the signature with keys that it's given (still more of #761317)
 2011-12-13 10:50:02 -05:00
Nalin Dahyabhai
6d68d342c9 - pull in patch for RT#7047: allow tickets obtained via S4U2Proxy to be cached 
(more of #761317)
 2011-12-13 10:48:28 -05:00
Nalin Dahyabhai
fb7c02faff - pull in patch for RT#7046: tag a ccache containing credentials obtained via 
S4U2Proxy with the principal name of the proxying principal (part of #761317)
 2011-12-13 10:47:31 -05:00
Nalin Dahyabhai
03e76d7832 - apply upstream patch to fix a null pointer dereference when processing TGS requests (CVE-2011-1530, #753748) 2011-12-06 14:12:15 -05:00
Nalin Dahyabhai
4584a88e40 correct the release to match the changelog 2011-11-30 15:13:54 -05:00
Nalin Dahyabhai
635a422817 - correct a bug in the fix for #754001 so that the file creation context is consistently reset 2011-11-30 15:03:45 -05:00
Nalin Dahyabhai
a45a82724d - require libverto-module-base at build- and runtime so that tests which 
use verto can work properly
 2011-11-15 13:32:43 -05:00
Nalin Dahyabhai
1110ccd873 - bump to 1.10 alpha 1 2011-11-15 12:45:44 -05:00
Dennis Gilmore
39cc62dcc1 - Rebuilt for glibc bug#747377 2011-10-26 19:09:40 -05:00
Nalin Dahyabhai
af8b546790 - apply upstream patch to fix a null pointer dereference with the LDAP kdb backend (CVE-2011-1527, #744125), an assertion failure with multiple kdb backends (CVE-2011-1528), and a null pointer dereference with multiple kdb backends (CVE-2011-1529) (#737711) 2011-10-18 14:28:08 -04:00
Nalin Dahyabhai
73b7dd3ece - pull in patch from trunk to rename krb5int_pac_sign() to krb5_pac_sign() and 
make it public (#745533)
 2011-10-13 15:31:36 -04:00
Nalin Dahyabhai
28837545d5 - handle a harder-to-trigger assertion failure that starts cropping up when we 
exit the transmit loop on time (#739853)
 2011-10-07 16:29:28 -04:00
Nalin Dahyabhai
098a308f7e - kadmin.service: fix #723723 again 
- kadmin.service,krb5kdc.service: remove optional use of $KRB5REALM in command
  lines, because systemd parsing doesn't handle alternate value shell variable
  syntax
- kprop.service: add missing Type=forking so that systemd doesn't assume simple
- kprop.service: expect the ACL configuration to be there, not absent
 2011-10-07 15:10:35 -04:00
Tom "spot" Callaway
e645180a9a hardcode pid file path as option to krb5kdc.service 2011-10-02 15:05:51 +02:00
Tom "spot" Callaway
3545dd2571 fix typo 2011-09-30 12:20:58 +02:00
Tom "spot" Callaway
82129e3a0d convert to systemd 2011-09-19 14:45:57 -04:00
Nalin Dahyabhai
207fa55d00 - pull in upstream patch for RT#6952, confusion following referrals for cross-realm auth (#734341) 2011-09-06 00:19:38 -04:00
Nalin Dahyabhai
a26dd7c42c - switch to the upstream patch for #727829 2011-09-01 09:29:29 -04:00
Nalin Dahyabhai
57d5eabb48 - bump the release number 2011-08-31 13:33:23 -04:00
Nalin Dahyabhai
db0e796a50 - handle an assertion failure that starts cropping up when the patch for using poll (#701446) meets servers that aren't running KDCs or against which the connection fails for other reasons (#727829, #734172) 2011-08-31 13:31:58 -04:00
Nalin Dahyabhai
0ad36e9c38 - override the default build rules to not delete temporary y.tab.c files, 
so that they can be packaged, allowing debuginfo files which point to them
  do so usefully (#729044)
 2011-08-08 18:39:55 -04:00
Nalin Dahyabhai
ad0dcf5042 - pull in a patch to fix losing track of the replay cache FD, from SVN by way of Kevin Coffman 2011-07-22 16:57:35 -04:00
Nalin Dahyabhai
2202e378de - build shared libraries with partial RELRO support (#723995) 
- filter out potentially multiple instances of -Wl,-z,relro from krb5-config
  output, now that it's in the buildroot's default LDFLAGS
 2011-07-22 16:29:06 -04:00
Nalin Dahyabhai
a0e423054a - kadmind.init: drop the attempt to detect no-database-present errors (#723723) 2011-07-20 17:58:20 -04:00
Nalin Dahyabhai
4e66f1237b - backport RT#6905: use poll() so that we can use higher descriptor numbers when the client is talking to a KDC 2011-07-19 14:54:29 -04:00
Nalin Dahyabhai
ba9d039a3a - have a bug number for this now 2011-06-28 14:08:13 -04:00
Nalin Dahyabhai
da69bf39fa - pull a fix from SVN to use AI_ADDRCONFIG more often (RT#6923) 2011-06-23 16:07:40 -04:00
Nalin Dahyabhai
4a5ca5b2d3 - pull a fix from SVN to try to avoid triggering a PTR lookup in getaddrinfo() 
during krb5_sname_to_principal(), and to let getaddrinfo() decide whether or
  not to ask for an IPv6 address based on the set of configured interfaces
  (RT#6922)
 2011-06-23 16:05:54 -04:00
Nalin Dahyabhai
23ef754340 - fix that bug ID 2011-06-21 18:38:01 -04:00
Nalin Dahyabhai
092982212a - apply upstream patch by way of Burt Holzman to fall back to a non-referral 
method in cases where we might be derailed by a KDC that rejects the
  canonicalize option (for example, those from the RHEL 2.1 or 3 era) (#713518)
 2011-06-20 13:34:21 -04:00
Nalin Dahyabhai
e1fdb93038 - don't burn a release number 2011-06-14 14:44:36 -04:00
Nalin Dahyabhai
17c9104b1d - pull a fix from SVN to get libgssrpc clients (e.g. kadmin) authenticating 
using the old protocol over IPv4 again (RT#6920)
 2011-06-14 14:25:28 -04:00
Nalin Dahyabhai
6a7a118058 - incorporate a fix to teach the file labeling bits about when replay caches are expunged (#576093) 2011-06-14 14:15:55 -04:00
Nalin Dahyabhai
20266fd9d7 switch to the upstream patch for #707145 2011-05-26 10:55:11 -04:00
Nalin Dahyabhai
e14f89fa17 klist: don't trip over referral entries when invoked with -s (#707145, RT#6915) 2011-05-25 16:55:39 -04:00
Nalin Dahyabhai
7368cf9d38 - fixup URL in a comment 
- when built with NSS, require 3.12.10 rather than 3.12.9
 2011-05-06 10:09:53 -04:00
Nalin Dahyabhai
ac127d5263 - update to 1.9.1: 
- drop no-longer-needed patches for CVE-2010-4022, CVE-2011-0281,
    CVE-2011-0282, CVE-2011-0283, CVE-2011-0284, CVE-2011-0285
 2011-05-05 19:03:10 -04:00