rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity
472 Commits 9 Branches 52 Tags 8.1 MiB
e1fdb93038
Commit Graph

472 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nalin Dahyabhai
6879d98ef2 - try to avoid locking up in rsh due to client and server blocking on 
writes at the same time
 2009-06-04 19:26:29 +00:00
Nalin Dahyabhai
0b6e153ff8 - use an in-memory ccache instead of an on-disk temporary to avoid 
compile-time warnings about using mktemp()
 2009-06-04 19:16:47 +00:00
Nalin Dahyabhai
dd70d4f4ef - send the length of the file by printf()ing a long long instead of a long, 
so that we don't break on large files on 32-bit machines
 2009-06-04 19:15:24 +00:00
Nalin Dahyabhai
d067ec29b6 - link binaries to produce position-independent executables, and strip the 
flags used to do so, and library path flags, from the output of
    krb5-config
- install shared libraries with the execute bit set
- we used to override RPATH here, but configure takes --disable-rpath now
 2009-06-04 19:09:04 +00:00
Nalin Dahyabhai
bc603de2a8 - forward-port long-present out-of-tree patch to support "ANY" keytab type, 
which takes as its residual a comma-separated list of keytab names and
    will search them all in turn when looking for a specific key
 2009-06-04 19:05:20 +00:00
Nalin Dahyabhai
3c1272ff63 - add an auth stack to ksu's PAM configuration so that pam_setcred() calls 
won't just fail
 2009-05-19 23:21:48 +00:00
Nalin Dahyabhai
06c77ea1cd - make PAM support for ksu also set PAM_RUSER 2009-05-11 18:19:08 +00:00
Nalin Dahyabhai
df43b1e2b6 yeah, actually bump the release number 2009-04-23 22:51:25 +00:00
Nalin Dahyabhai
5ebd815122 - extend PAM support to ksu: perform account and session management for the 
target user
- pull up and merge James Leddy's changes to also set PAM_RHOST in
    PAM-aware network-facing services
 2009-04-23 22:43:26 +00:00
Nalin Dahyabhai
d3b2b69619 - fix a typo in a ksu error message (Marek Mahut) 2009-04-21 18:46:52 +00:00
Nalin Dahyabhai
27c8414969 - okay, finally remove this 2009-04-21 18:46:37 +00:00
Nalin Dahyabhai
8614c0dcd0 - "rev" works the way the test suite expects now, so don't disable tests 
that use it
 2009-04-21 18:46:16 +00:00
Nalin Dahyabhai
f0389e0488 note why we don't just run make check here 2009-04-20 21:15:12 +00:00
Nalin Dahyabhai
41d635cc23 - add empty Default-Start: statements to the init scripts 2009-04-20 20:33:32 +00:00
Nalin Dahyabhai
724545eab6 - add LSB-style informational headers to the init scripts 2009-04-20 20:32:02 +00:00
Nalin Dahyabhai
980855a07a - explicitly run the pdf generation script using sh (part of #225974) 2009-04-17 13:29:41 +00:00
Nalin Dahyabhai
f51ed46fff - remove obsolete patch for CVE-2009-0845 
- add patches for read overflow and null pointer dereference in the
    implementation of the SPNEGO mechanism (CVE-2009-0844, CVE-2009-0845)
- add patch for attempt to free uninitialized pointer in libkrb5
    (CVE-2009-0846)
- add patch to fix length validation bug in libkrb5 (CVE-2009-0847)
 2009-04-07 18:16:28 +00:00
Nalin Dahyabhai
ebb2e9030e - add patch to fix length validation bug in libkrb5 (CVE-2009-0847) 2009-04-07 18:15:43 +00:00
Nalin Dahyabhai
0d81cc8c03 - add patch for attempt to free uninitialized pointer in libkrb5 
(CVE-2009-0846)
 2009-04-07 18:15:12 +00:00
Nalin Dahyabhai
b28fb4b7da - add patches for read overflow and null pointer dereference in the 
implementation of the SPNEGO mechanism (CVE-2009-0844, CVE-2009-0845)
 2009-04-07 18:14:43 +00:00
Nalin Dahyabhai
d43a03520f - make the kpropd init script treat reload as restart (part of #225974) 2009-04-06 20:33:44 +00:00
Nalin Dahyabhai
45bffcbf45 - take the execute bit off of the protocol docs (part of #225974) 
- unflag init scripts as configuration files (part of #225974)
 2009-04-06 18:22:58 +00:00
Nalin Dahyabhai
303d2c20d2 - fixup summary texts (part of #225974) 2009-04-06 18:00:53 +00:00
Nalin Dahyabhai
fa314d1962 - escape possible macros in the changelog (part of #225974) 2009-04-06 17:52:21 +00:00
Nalin Dahyabhai
5ee95cc082 - clean up buildprereq/prereqs, explicit mktemp requires, and add the 
ldconfig for the -server-ldap subpackage (part of #225974)
 2009-04-06 17:45:29 +00:00
Nalin Dahyabhai
98a3610002 - make splitting up of the workstation bits unconditional 2009-04-06 16:46:35 +00:00
Nalin Dahyabhai
1644a79505 - move the libraries to /%{_lib}, but leave --libdir alone so that plugins 
get installed and are searched for in the same locations (#473333)
 2009-04-06 16:22:45 +00:00
Nalin Dahyabhai
e61be4fa97 - turn off krb4 support (it won't be part of the 1.7 release, but do it 
now)
- use triggeruns to properly shut down and disable krb524d when -server and
-workstation-servers gets upgraded, because it's gone now
 2009-04-06 15:56:45 +00:00
Nalin Dahyabhai
434cefd85a - libgssapi_krb5: backport fix for some errors which can occur when we fail 
to set up the server half of a context (CVE-2009-0845)
 2009-03-17 22:26:27 +00:00
Jesse Keating
78b02cd911 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild 2009-02-25 11:58:27 +00:00
Nalin Dahyabhai
ab1cdb5d37 - add a patch to catch out-of-space errors rcp'ing files to NFS 
destinations
 2009-02-19 23:11:41 +00:00
Nalin Dahyabhai
2ef50f0d66 - flesh out the note to include why the patch isn't going anywhere 2009-02-19 22:35:32 +00:00
Nalin Dahyabhai
4e24fa3147 - add a hunk so that the db2 test will compile correctly 2009-02-19 22:34:47 +00:00
Nalin Dahyabhai
9d9088d1cc - note the RT number for the upstream discussion 2009-02-19 22:32:32 +00:00
Nalin Dahyabhai
4c798e4ee7 aargh, what year is it? 2009-01-16 16:19:02 +00:00
Nalin Dahyabhai
2bf7daea40 rebuild 2009-01-16 16:17:56 +00:00
Nalin Dahyabhai
6df4ee1a7a - krb5_fcc_generate_new(): unlock the fcc list lock before returning in the 
non-mkstemp() case, don't unlock the lock twice before returning if we
    happen to run out of memory (fixed in trunk by rewriting the function)
 2008-10-28 21:36:18 +00:00
Nalin Dahyabhai
0d57fe8b86 - telnet can suspend itself if the calling shell supports job control, and 
around here that's not unique to csh (#433947) Of course, if it turns
    out that we do have a shell that doesn't support job control, we get to
    change this to enumerate the ones that do. Which is sure to be all
    kinds of fun.
 2008-10-28 21:35:45 +00:00
Nalin Dahyabhai
b1efb9b86d - if we successfully change the user's password during an attempt to get 
initial credentials, but then fail to get initial creds from a
    non-master using the new password, retry against the master (#432334)
 2008-09-04 15:13:51 +00:00
Tom Callaway
bb9aa2106c fix license tag 2008-08-05 17:46:07 +00:00
Nalin Dahyabhai
2352d208e3 - define ASN1BUF_OMIT_INLINE_FUNCS at compile-time (for now) to keep 
building
 2008-07-16 21:54:24 +00:00
Nalin Dahyabhai
b5dfa8576a quote %%{__cc} where needed because it includes whitespace now 2008-07-16 18:40:35 +00:00
Nalin Dahyabhai
6197407f58 - clear fuzz out of patches, dropping a man page patch which is no longer 
necessary
 2008-07-16 18:09:47 +00:00
Nalin Dahyabhai
14f675bab9 - build with -fno-strict-aliasing, which is needed because the library 
triggers these warnings
 2008-07-11 15:16:54 +00:00
Nalin Dahyabhai
37b6c5e715 - rework how labeling is handled to avoid a bootstrapping problem in 
headers
- don't forget to label the principal database lock file
 2008-07-11 15:14:57 +00:00
Tom Callaway
f06f7f1e03 generate include/krb5/krb5.h before building, fix conditional for sparcv9 2008-06-14 18:22:01 +00:00
Nalin Dahyabhai
d11c1aff3a - whoops, forgot to go back and get the ITS entry number 2008-05-12 18:50:56 +00:00
Nalin Dahyabhai
9f105b4df2 - ftp: use the correct local filename during mget when the 'case' option is 
enabled (#442713)
 2008-04-16 18:54:08 +00:00
Nalin Dahyabhai
d17f0b5f35 Provide an option to make the KDC also listen on loopback interfaces for 
datagram requests. Adds an internal symbol to libkrb5 which the KDC
    will need if listening on loopback is enabled.
The default might be better changed from FALSE to TRUE so that the default
    matches what we do with stream sockets. Or maybe that should be the
    default anyway, with no configuration option.
FIXME: doesn't add documentation anywhere.
 2008-04-04 21:32:15 +00:00
Nalin Dahyabhai
af9bedd61a - stop exporting kadmin keys to a keytab file when kadmind starts -- the 
daemon's been able to use the database directly for a long long time
    now
- belatedly add aes128,aes256 to the default set of supported key types
 2008-04-04 21:29:53 +00:00