rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity
703 Commits 9 Branches 52 Tags 8.1 MiB
d2ea586766
Commit Graph

703 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nalin Dahyabhai
d2ea586766 Update for 1.12 2013-11-19 17:32:19 -05:00
Nalin Dahyabhai
f618776e18 Update for 1.12 2013-11-19 17:32:18 -05:00
Nalin Dahyabhai
d175d043f1 Update for 1.12 2013-11-19 17:32:18 -05:00
Nalin Dahyabhai
daca172770 Update patch for 1.12 2013-11-19 17:32:18 -05:00
Nalin Dahyabhai
15dceb5da6 Drop backport for RT#7689 2013-11-19 17:32:18 -05:00
Nalin Dahyabhai
b1f558a0f5 Drop backported patch 2013-11-19 17:32:18 -05:00
Nalin Dahyabhai
8a39d5ff72 Start rebasing to 1.12 alpha1 2013-11-19 17:32:18 -05:00
Nalin Dahyabhai
a77ee55771 Pull in keyring expiration from RT#7769 
- pull in fix to set expiration times on keyrings used for storing keyring
  credential caches (RT#7769, #1031724)
 2013-11-18 18:02:20 -05:00
Nalin Dahyabhai
81715b1776 Pull in keyring offset storage from RT#7768 
- pull in fix to store KDC time offsets in keyring credential caches
  (RT#7768, #1030607)
 2013-11-18 17:14:07 -05:00
Nalin Dahyabhai
dee7ae00a4 Note where CVE-2013-6800 was fixed 
CVE-2013-6800 appears to be fixed by the same patch that fixes
CVE-2013-1418, so mention the first in changelog entries that refer to
the second.
 2013-11-18 16:24:33 -05:00
Nalin Dahyabhai
596d52ef7e Whoops, include the new sources, too 2013-11-12 16:45:41 -05:00
Nalin Dahyabhai
cac86c9df2 Bump the release to 1 2013-11-12 16:32:02 -05:00
Nalin Dahyabhai
8f876bbbeb Drop patch for CVE-2013-1418, included in 1.11.4 2013-11-12 16:25:26 -05:00
Nalin Dahyabhai
1f02b0bc49 Drop patch for RT#7706, obsoleted as RT#7723 2013-11-12 16:23:38 -05:00
Nalin Dahyabhai
0c6ad14521 Drop patch for RT#7650, included in 1.11.4 2013-11-12 16:20:49 -05:00
Nalin Dahyabhai
2b359c527a Start updating to 1.11.4 2013-11-12 16:20:31 -05:00
Nalin Dahyabhai
b3399eb8fb Switch to the upstream patch for #1029110 
Switch to the simplified version of the patch for #1029110 that ended up
being committed upstream (RT#7764).
 2013-11-12 13:20:50 -05:00
Nalin Dahyabhai
11d14a1e7c Fix a typo in a changelog entry 2013-11-11 14:34:29 -05:00
Nalin Dahyabhai
49c8edfa6b Catch more strtol() failures when using KEYRINGs 
- check more thorougly for errors when resolving KEYRING ccache names of type
  "persistent", which should only have a numeric UID as the next part of the
  name (#1029110)
 2013-11-11 14:11:29 -05:00
Nalin Dahyabhai
bfdc4351bf Point to the RT for the patch for the right branch 2013-11-05 13:43:32 -05:00
Nalin Dahyabhai
ed5a4a1ffb Switch to 1.11 backport of the CVE-2013-1418 patch 2013-11-04 16:11:59 -05:00
Nalin Dahyabhai
a244d8f93c Incorporate patch for RT#7755 (CVE-2013-1418) 
- incorporate upstream patch for remote crash of KDCs which serve multiple
  realms simultaneously (RT#7755, CVE-2013-1418)
 2013-11-04 16:11:59 -05:00
Nalin Dahyabhai
a00c810e4e Drop call-access()-more patch for ksu 
- drop patch to add additional access() checks to ksu - they add to breakage
  when non-FILE: caches are in use (#1026099), shouldn't be resulting in any
  benefit, and clash with proposed changes to fix its cache handling
 2013-11-04 10:26:41 -05:00
Nalin Dahyabhai
433fcb1772 Expand on comments in the daemon wrapper scripts 
- add some minimal description to the top of the wrapper scripts we use
  when starting krb5kdc and kadmind to describe why they exist (tooling)
 2013-10-22 17:48:49 -04:00
Nalin Dahyabhai
31e8e33c43 Create and own /etc/gss (#1019937) 2013-10-16 18:12:24 -04:00
Nalin Dahyabhai
16e749771f Pull up fix for reimporting ccaches in gssapi 
- pull up fix for importing previously-exported credential caches in the
  gssapi library (RT# 7706, #1019420)
 2013-10-15 14:40:24 -04:00
Nalin Dahyabhai
84fe7d69da Finish fixing the don't-call-NULL-prompters bug 
- extract the rest of the fix #965721/#1016690 from the changes for RT#7680
 2013-10-14 14:07:56 -04:00
Nalin Dahyabhai
822059250e Use the prompter callback for PEM files 
- backport the callback to use the libkrb5 prompter when we can't load
  PEM files for PKINIT (RT#7590, includes part of #965721/#1016690)
 2013-10-14 14:07:19 -04:00
Nalin Dahyabhai
37f8b28f7d fix trigger's invocation of sed (#1016945) 
- fix trigger scriptlet's invocation of sed (#1016945)
 2013-10-14 12:42:56 -04:00
Nalin Dahyabhai
52b6b401df - rebuild with keyutils 1.5.8 (part of #1012043) 
Rebuild against a keyutils which tags the new symbols we're using with a
newer symbol version, so that RPM can tell the difference between
versions of the package which contain a shared library that doesn't
include them and versions of the package which contain a shared library
which does.
 2013-10-04 09:47:38 -04:00
Nalin Dahyabhai
494e7adbb0 Updated persistent-keyring changes, set as default 
- switch to the version of persistent-keyring that was just merged to
  master (RT#7711), along with related changes to kinit (RT#7689)
- go back to setting default_ccache_name to a KEYRING type
 2013-10-02 14:46:20 -04:00
Nalin Dahyabhai
682dc07d28 pull up fix to call kdb check-transited-path first 
- pull up fix for not calling a kdb plugin's check-transited-path
  method before calling the library's default version, which only knows
  how to read what's in the configuration file (RT#7709, #1013664)
 2013-09-30 11:26:50 -04:00
Nalin Dahyabhai
43d2548f26 configure --without-krb5-config 
- configure --without-krb5-config so that we don't pull in the old default
  ccache name when we want to stop setting a default ccache name at configure-
  time
 2013-09-26 14:38:01 -04:00
Nalin Dahyabhai
e43f75f274 - fix broken dependency on awk (rdieter) 
- fix broken dependency on awk (should be gawk, rdieter)
 2013-09-25 12:34:03 -04:00
Nalin Dahyabhai
a375099fe1 add missing dependency on newer keyutils-libs 
- add missing dependency on newer keyutils-libs (#1012034)
 2013-09-25 11:26:19 -04:00
Nalin Dahyabhai
3bc9a0ec21 Back to DIR: caches by default, for now 
- back out setting default_ccache_name to the new default for now, resetting
  it to the old default while the kernel/keyutils bits get sorted (sgallagh)
 2013-09-24 17:10:48 -04:00
Nalin Dahyabhai
ee7be3f07f buildrequire the newest keyutils 
- add explicit build-time dependency on a version of keyutils that's new
  enough to include keyctl_get_persistent() (more of #991148)
 2013-09-23 13:32:21 -04:00
Nalin Dahyabhai
df24e0aeda pull in an updated persistent_keyring.patch 
- incorporate Simo's updated backport of his updated persistent-keyring
  changes (more of #991148)
 2013-09-19 16:29:52 -04:00
Nalin Dahyabhai
00da3519ec Don't break during %%check with revoked keyrings 
If the session keyring is revoked, we'll to walk the ccache collections.
Work around that so that we don't have to go and disable more tests.
 2013-09-13 18:21:09 -04:00
Nalin Dahyabhai
21b73fcc00 pull the newer F21 defaults back to F20 (sgallagh) 2013-09-13 09:13:37 -04:00
Nalin Dahyabhai
5128324677 Only create /run/user/0 on releases where we use it 
- only apply the patch to autocreate /run/user/0 when we're hard-wiring the
  default ccache location to be under it; otherwise it's unnecessary
 2013-09-09 13:15:18 -04:00
Nalin Dahyabhai
b81045ccea Don't pass a "script" to ldconfig 
- don't let comments intended for one scriptlet become part of the "script"
  that gets passed to ldconfig as part of another one (Mattias Ellert, #1005675)
 2013-09-09 09:43:05 -04:00
Nalin Dahyabhai
4404e63e31 Conditional triggerun to set default_ccache_name 
- on releases where we expect krb5.conf to be configured with a
  default_ccache_name, add it whenever we upgrade from an older version of
  the package that wouldn't have included it in its default configuration
  file (#991148)
 2013-09-06 17:32:20 -04:00
Nalin Dahyabhai
16afa92610 Set the default ccname via config, not at build 
- restore build-time default DEFCCNAME on Fedora 21 and later and EL, and
  instead set it in the default krb5.conf's [libdefaults] section (#991148)
 2013-09-06 16:05:14 -04:00
Nalin Dahyabhai
b0c672125e - restore build-time default DEFCCNAME on F21, EL 
- restore build-time default DEFCCNAME on Fedora 21 and later and EL (#991148)
 2013-09-06 14:13:31 -04:00
Nalin Dahyabhai
bf2b6cb4e7 - incorporate backported persistent-keyring (Simo) 
- incorporate Simo's backport of his persistent-keyring changes (#991148)
 2013-09-06 14:12:24 -04:00
Nalin Dahyabhai
e6591a5194 ship an nss_wrappers snapshot, not a git repo 
- switch to just the snapshot of nss_wrapper we were using, since we
  no longer need to carry anything that isn't in the cwrap.org repository
  (ssorce)
 2013-08-23 14:21:20 -04:00
Nalin Dahyabhai
c3f5bd1fb8 UnversionedDocdirs, take two 
- take another stab at accounting for UnversionedDocdirs for the -libs
  subpackage (spotted by ssorce)
 2013-08-23 14:08:59 -04:00
Nalin Dahyabhai
6c46043c16 Do the horrible hostname check _before_ faking it 2013-08-15 01:50:42 -04:00
Nalin Dahyabhai
ee18500d9b Fix error detection when starting kpropd/kadmind 
- drop a patch we're not applying
- wrap kadmind and kpropd in scripts which check for the presence/absence
  of files which dictate particular exit codes before exec'ing the actual
  binaries, instead of trying to use ConditionPathExists in the unit files
  to accomplish that, so that we exit with failure properly when what we
  expect isn't actually in effect on the system (#800343)
 2013-08-15 00:10:24 -04:00