rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity
263 Commits 9 Branches 52 Tags 8.1 MiB
d3b2b69619
Commit Graph

193 Commits

Author SHA1 Message Date
Nalin Dahyabhai
4ba98f8eab add duplicate bug id 2007-11-13 21:41:20 +00:00
Nalin Dahyabhai
276a481e88 - update to 1.6.3, dropping now-integrated patches for CVE-2007-3999 and 
CVE-2007-4000 (the new pkinit module is built conditionally and goes
    into the -pkinit-openssl package, at least for now, to make a buildreq
    loop with openssl avoidable)
 2007-10-23 19:40:45 +00:00
Nalin Dahyabhai
a0f391756d - make proper use of pam_loginuid and pam_selinux in rshd and ftpd 2007-10-17 17:48:52 +00:00
Nalin Dahyabhai
528eff0ac5 - make krb5.conf %%verify(not md5 size mtime) in addition to 
%%config(noreplace), like /etc/nsswitch.conf (#329811)
 2007-10-12 18:32:28 +00:00
Nalin Dahyabhai
6e3299423a - proposed fix for not being able to find delegated krb5 creds when using 
spnego
 2007-10-04 22:08:39 +00:00
Nalin Dahyabhai
1dd0ff3e30 - proposed patch to fix receipt of delegated creds in mod_auth_kerb 2007-10-01 19:40:47 +00:00
Nalin Dahyabhai
14a08486e8 - add the bug ID to the kadmind fixes, note Fran's patch was identical to 
the one I thought we were already using in the F-7 branch
 2007-09-17 20:47:02 +00:00
Nalin Dahyabhai
2688de92f1 - move the db2 kdb plugin from -server to -libs, because a multilib libkdb 
might need it
 2007-09-11 20:52:15 +00:00
Nalin Dahyabhai
83381c77e7 - also perform PAM session and credential management when ftpd accepts a 
client using strong authentication, missed earlier
- also label kadmind log files and files created by the db2 plugin
 2007-09-11 14:12:38 +00:00
Nalin Dahyabhai
251df090d0 bump the revision 2007-09-06 20:09:14 +00:00
Nalin Dahyabhai
07adde54fa - incorporate updated fix for CVE-2007-3999 2007-09-06 20:08:19 +00:00
Nalin Dahyabhai
b54c6a0718 - incorporate fixes for MITKRB5-SA-2007-006 (CVE-2007-3999, CVE-2007-4000) 2007-09-04 18:10:23 +00:00
Nalin Dahyabhai
929680a650 add missing gawk buildrequirement 2007-08-25 05:12:34 +00:00
Nalin Dahyabhai
8499d2199c - actually bump the release number 2007-08-25 04:33:13 +00:00
Nalin Dahyabhai
5502d6651d - cover more cases in labeling files on creation 2007-08-25 04:31:34 +00:00
Nalin Dahyabhai
e0443e5457 - experimental ok-as-delegate setting patch (not applied) 2007-08-25 04:28:10 +00:00
Nalin Dahyabhai
79f8a98d4f rebuild 2007-08-23 20:50:42 +00:00
Nalin Dahyabhai
2f7dffc0f3 - include but don't apply 2007-07-26 19:08:20 +00:00
Nalin Dahyabhai
fbe8865459 - kdc.conf: default to listening for TCP clients, too (#248415) 2007-07-26 18:36:57 +00:00
Nalin Dahyabhai
34ce3fe705 - add a preliminary patch for #231147. initially not applied. 2007-07-23 21:01:33 +00:00
Nalin Dahyabhai
c0cd730c79 - update to 1.6.2 
- add "buildrequires: texinfo-tex" to get texi2pdf
 2007-07-19 16:50:28 +00:00
Nalin Dahyabhai
147635188d add CVE identifiers to the more recent changelog 2007-06-27 18:39:06 +00:00
Nalin Dahyabhai
cd3f50fb19 - incorporate fixes for MITKRB5-SA-2007-004 and MITKRB5-SA-2007-005 2007-06-27 06:08:01 +00:00
Nalin Dahyabhai
196ea67f06 - add missing pam-devel build requirement, force selinux-or-fail build 2007-06-25 01:16:51 +00:00
Nalin Dahyabhai
cb76d1ea2b rebuild 2007-06-25 00:56:37 +00:00
Nalin Dahyabhai
d360ed53e4 - label all files at creation-time according to the SELinux policy 
(#228157)
 2007-06-25 00:55:25 +00:00
Nalin Dahyabhai
e773dcc288 - um, maybe not just yet 2007-06-22 22:33:07 +00:00
Nalin Dahyabhai
2ecf4e22d8 nope, we don't provide that file 2007-06-22 22:15:03 +00:00
Nalin Dahyabhai
70ccd082ae - oops, note that pam changes went in, too 2007-06-22 22:10:15 +00:00
Nalin Dahyabhai
117cdbbea7 - preprocess kerberos.ldif into a format FDS will like better, and include 
that as a doc file as well
 2007-06-22 22:06:27 +00:00
Nalin Dahyabhai
37416c24a6 - switch man pages to being generated with the right paths in them 
- drop old, incomplete SELinux patch
- add patch from Greg Hudson to make srvtab routines report missing-file
    errors at same point that keytab routines do (#241805)
 2007-06-22 22:04:38 +00:00
Nalin Dahyabhai
ad9d82cb5c - pull patch from svn to undo unintentional chattiness in ftp 
- pull patch from svn to handle NULL krb5_get_init_creds_opt structures
    better in a couple of places where they're expected
 2007-05-24 15:43:24 +00:00
Nalin Dahyabhai
3f30bc2d6d bump release number 2007-05-23 22:06:26 +00:00
Nalin Dahyabhai
7877c27fc3 - bump to 1.6.1 2007-05-23 21:48:27 +00:00
Nalin Dahyabhai
a9c20b1574 - kadmind.init: don't fail outright if the default principal database isn't 
there if it looks like we might be using the kldap plugin
- kadmind.init: attempt to extract the key for the host-specific kadmin
    service when we try to create the keytab
 2007-05-18 22:16:16 +00:00
Nalin Dahyabhai
ea9e19241a - omit dependent libraries from the krb5-config --libs output, as using 
shared libraries (no more static libraries) makes them unnecessary and
    they're not part of the libkrb5 interface (patch by Rex Dieter,
    #240220) (strips out libkeyutils, libresolv, libdl)
 2007-05-16 19:48:19 +00:00
Nalin Dahyabhai
a7114b4891 - pull in keyutils as a build requirement to get the "KEYRING:" ccache 
type, because we've merged
 2007-05-04 19:03:00 +00:00
Nalin Dahyabhai
a321e486d2 - fix an uninitialized length value which could cause a crash when parsing 
key data coming from a directory server
- correct a typo in the krb5.conf man page ("ldap_server"->"ldap_servers")
 2007-05-04 18:10:01 +00:00
Nalin Dahyabhai
1739ef7213 - move the default acl_file, dict_file, and admin_keytab settings to the 
part of the default/example kdc.conf where they'll actually have an
    effect (#236417)
 2007-04-13 19:07:25 +00:00
Nalin Dahyabhai
471b4b51f3 - add patch to correct unauthorized access via krb5-aware telnet daemon 
(#229782, CVE-2007-0956)
- add patch to fix buffer overflow in krb5kdc and kadmind (#231528,
    CVE-2007-0957)
- add patch to fix double-free in kadmind (#231537, CVE-2007-1216)
 2007-04-03 18:46:41 +00:00
Nalin Dahyabhai
598e71ffbc - add a couple of ldap-specific data files as documentation, so that admins 
have the needed schema for their directory servers
 2007-04-03 18:43:05 +00:00
Nalin Dahyabhai
aece600301 whoops, that won't work - can't do core -> extras deps 2007-03-22 20:17:58 +00:00
Nalin Dahyabhai
5c8daeafa2 - add buildrequires: on keyutils-libs-devel to enable use of keyring 
ccaches, dragging keyutils-libs in as a dependency for everyone
 2007-03-22 19:37:26 +00:00
Nalin Dahyabhai
da1eb7f057 - add patch to build semi-useful static libraries, but don't apply it 
unless we need them
 2007-02-28 20:35:53 +00:00
Nalin Dahyabhai
4aefd50874 - make profile.d scriptlets mode 644 instead of 755 (#225974) 2007-02-19 21:28:07 +00:00
Nalin Dahyabhai
3299c4b519 mock says "no resolv.conf for you!" 2007-01-30 21:21:21 +00:00
Nalin Dahyabhai
cb68887273 - clean up quoting of command-line arguments passed to the krsh/krlogin 
wrapper scripts
 2007-01-30 21:01:21 +00:00
Nalin Dahyabhai
6e6adec726 - initial update to 1.6, making the package-split optional 
- move workstation daemons to a new subpackage (#81836, #216356, #217301),
    and make the new subpackage require xinetd (#211885)
We don't get static libraries any more. Holding off on build until
    verification that this doesn't kill other things, or until we get them
    building in a semi-useful way.
 2007-01-23 22:14:15 +00:00
Nalin Dahyabhai
160a188e65 - merge back changes made between fc6 and rawhide to date 
- somewhere in here we fixed the spelling of James's last name
 2007-01-22 21:27:49 +00:00
Nalin Dahyabhai
f3820b972d - preserve timestamps on profile.d shell scriptlets 
- first cut at making RPM scriptlets failproof for install-info
- pull up pre-generated PDF docs so that we don't have multiarch
    differences due to document IDs, timestamps, and compressed data,
- pull up the script to make sure that the PDF matches its source to guard
    against the package maintainer forgetting to update when we move to a
    new release
 2007-01-22 21:23:54 +00:00
Nalin Dahyabhai
a9e6df4ffc - apply fixes from Tom Yu for MITKRB5-SA-2006-002 (CVE-2006-6143) (#218456) 
- apply fixes from Tom Yu for MITKRB5-SA-2006-003 (CVE-2006-6144) (#218456)
    Related: #218456
 2007-01-09 19:31:40 +00:00
Nalin Dahyabhai
3ffdc43878 - don't bail from the KDC init script if there's no database, it may be in 
a different location than the default (fenlason)
- remove the [kdc] section from the default krb5.conf -- doesn't seem to
    have been applicable for a while
 2006-10-23 20:23:05 +00:00
Nalin Dahyabhai
54faf41556 add newlines after new errors 2006-10-18 21:36:40 +00:00
Nalin Dahyabhai
74169f4b3c - way-late application of added error info in kadmind.init (#65853) 2006-10-18 16:02:47 +00:00
Nalin Dahyabhai
acad7e7e15 call autoheader when needed 2006-10-13 21:23:35 +00:00
Nalin Dahyabhai
0b70aa4de2 - provide docs in PDF format instead of as tex source (Enrico Scholz, 
#209943)
 2006-10-09 16:38:39 +00:00
Nalin Dahyabhai
6f6f8aff91 - add missing shebang headers to krsh and krlogin wrapper scripts (#209238) 2006-10-04 14:16:41 +00:00
Nalin Dahyabhai
ee98daaf74 actually bump the release 2006-09-06 20:28:20 +00:00
Nalin Dahyabhai
2ad1703afb set SS_LIB at configure-time so that libss-using apps get working readline 
support (#197044)
 2006-09-06 20:28:01 +00:00
Nalin Dahyabhai
d859fd0556 - switch to the updated patch for MITKRB-SA-2006-001 2006-08-18 16:50:54 +00:00
Nalin Dahyabhai
2bc5a13d2a - apply patch to address MITKRB-SA-2006-001 (CVE-2006-3084) 2006-08-08 22:43:10 +00:00
Nalin Dahyabhai
8c4df25456 - ensure that the gssapi library's been initialized before walking the 
internal mechanism list in gss_release_oid(), needed if called from
    gss_release_name() right after a gss_import_name() (#198092)
 2006-08-07 17:52:52 +00:00
Nalin Dahyabhai
92a65fb1b1 rebuild 2006-07-25 17:55:38 +00:00
Nalin Dahyabhai
30f6a9b1cb - pull up latest revision of patch to reduce lockups in rsh/rshd 2006-07-25 15:52:36 +00:00
Nalin Dahyabhai
ece8aeb4c7 rebuild 2006-07-17 14:36:02 +00:00
Jesse Keating
12232351f7 bumped for rebuild 2006-07-12 06:43:08 +00:00
Nalin Dahyabhai
574f4b1c31 finally think all the ducks are lined up 2006-07-06 21:25:26 +00:00
Nalin Dahyabhai
28c66f7806 - update to 1.5 2006-07-06 15:56:38 +00:00
Nalin Dahyabhai
2802804a49 actually bump the release number 2006-06-23 15:51:41 +00:00
Nalin Dahyabhai
b6fc39f13d - mark profile.d config files noreplace (Laurent Rineau, #196447) 2006-06-23 15:49:20 +00:00
Nalin Dahyabhai
a230e5aaed - add buildprereq for autoconf 2006-06-08 21:42:52 +00:00
Nalin Dahyabhai
a7215484dc - further munge krb5-config so that 'libdir=/usr/lib' is given even on 
64-bit architectures, to avoid multilib conflicts; other changes will
    conspire to strip out the -L flag which uses this, so it should be
    harmless (#192692)
 2006-05-22 23:04:06 +00:00
Nalin Dahyabhai
b3724c4388 - adjust the patch which removes the use of rpath to also produce a 
krb5-config which is okay in multilib environments (#190118)
- make the name-of-the-tempfile comment which compile_et adds to error code
    headers always list the same file to avoid conflicts on multilib
    installations
- strip SIZEOF_LONG out of krb5.h so that it doesn't conflict on multilib
    boxes
- strip GSS_SIZEOF_LONG out of gssapi.h so that it doesn't conflict on
    mulitlib boxes
 2006-05-08 21:47:26 +00:00
skasal
6944b2e68a Change the release number. 2006-04-14 11:25:22 +00:00
skasal
8216ee6b75 - Fix formatting typo in kinit.1 (krb5-kinit-man-typo.patch) 2006-04-14 11:21:50 +00:00
Jesse Keating
77bf5aa481 bump for bug in double-long on ppc(64) 2006-02-11 03:49:47 +00:00
Nalin Dahyabhai
2118c17c6b - give a little bit more information to the user when kinit gets the 
catch-all I/O error (#180175)
 2006-02-06 20:04:44 +00:00
Nalin Dahyabhai
5bf2d7bd12 - rebuild properly when pthread_mutexattr_setrobust_np() is defined but not 
declared, such as with recent glibc when _GNU_SOURCE isn't being used
 2006-01-20 00:28:41 +00:00
Matthias Clasen
a6fb2997f1 Use full paths in krb5.sh to avoid path lookups 2006-01-19 18:05:28 +00:00
Jesse Keating
29b9703f11 gcc update bump 2005-12-09 22:41:14 +00:00
Nalin Dahyabhai
f817e39736 - login: don't truncate passwords before passing them into crypt(), in case 
they're significant (#149476)
 2005-12-02 01:46:50 +00:00
Nalin Dahyabhai
4584045a70 - conditionalize installation of the new autoconf macro 2005-11-17 19:23:05 +00:00
Nalin Dahyabhai
f54e522bb9 - update to 1.4.3 
- make ksu setuid again (#137934, others)
 2005-11-17 18:43:13 +00:00
Nalin Dahyabhai
c82cff7d10 bump release 2005-09-13 20:27:12 +00:00
Nalin Dahyabhai
1237c021c7 - mark %%{krb5prefix}/man so that files which are packaged within it are 
flagged as %%doc (#168163)
 2005-09-13 20:26:57 +00:00
Nalin Dahyabhai
552acc8a70 - add an xinetd configuration file for encryption-only telnetd, 
parallelling the kshell/ekshell pair (#167535)
 2005-09-06 14:05:59 +00:00
Nalin Dahyabhai
fd0f8c753b bump release 2005-08-31 19:38:08 +00:00
Nalin Dahyabhai
1fcd49e050 - change the default configured encryption type for KDC databases to the 
compiled-in default of des3-hmac-sha1 (#57847)
 2005-08-31 19:37:54 +00:00
Nalin Dahyabhai
f5b93c728e update to 1.4.2 2005-08-11 22:06:35 +00:00
Nalin Dahyabhai
80238a2fd8 merge fixes for MITKRB5-SA-2005-002 and MITKRB5-SA-2005-003 2005-07-12 18:09:21 +00:00
Nalin Dahyabhai
73316152b6 - fix double-close in keytab handling 
- add port of fixes for CAN-2004-0175 to krb5-aware rcp
 2005-06-24 20:28:25 +00:00
Nalin Dahyabhai
77a40621a2 - prevent spurious EBADF in krshd when stdin is closed by the client while 
the command is running (#151111)
 2005-05-13 23:16:55 +00:00
Martin Stransky
ebda005fa9 add deadlock patch, removed old patch 2005-05-13 11:36:41 +00:00
Nalin Dahyabhai
2e8f6b3b97 - update to 1.4.1, incorporating fixes for CAN-2005-0468 and CAN-2005-0469 
- when starting the KDC or kadmind, if KRB5REALM is set via the
    /etc/sysconfig file for the service, pass it as an argument for the -r
    flag
 2005-05-06 20:16:06 +00:00
Nalin Dahyabhai
9142032a6f - add draft fix from Tom Yu for slc_add_reply() buffer overflow 
(CAN-2005-0469)
- add draft fix from Tom Yu for env_opt_add() buffer overflow
    (CAN-2005-0468)
will need to re-roll if the draft fix isn't the same as the final one *
 2005-03-28 18:25:19 +00:00
Nalin Dahyabhai
fe186e59d9 - don't include <term.h> into the telnet client when we're not using curses 2005-03-16 22:59:54 +00:00
Nalin Dahyabhai
d46e1d65be - use libncurses instead of libtermcap for the telnet client, because it 
provides setupterm(), which we can use instead of the internal version
 2005-03-16 00:21:35 +00:00
Nalin Dahyabhai
3759eb0ddd note to self: krb5_init_ets disappeared 2005-03-01 00:05:15 +00:00
Nalin Dahyabhai
6cf61960fa - add a doc file 2005-02-24 23:31:35 +00:00
Nalin Dahyabhai
708fedd9ea - update to 1.4 
- v1.4 kadmin client requires a v1.4 kadmind on the server, or use the "-O"
    flag to specify that it should communicate with the server using the
    older protocol
- new libkrb5support library
- v5passwdd and kadmind4 are gone
- versioned symbols
- pick up $KRB5KDC_ARGS from /etc/sysconfig/krb5kdc, if it exists, and pass
    it on to krb5kdc
- pick up $KADMIND_ARGS from /etc/sysconfig/kadmin, if it exists, and pass
    it on to kadmind
- pick up $KRB524D_ARGS from /etc/sysconfig/krb524, if it exists, and pass
    it on to krb524d *instead of* "-m"
- set "forwardable" in [libdefaults] in the default krb5.conf to match the
    default setting which we supply for pam_krb5
- set a default of 24h for "ticket_lifetime" in [libdefaults], reflecting
    the compiled-in default
 2005-02-24 23:16:08 +00:00