rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity
498 Commits 9 Branches 52 Tags 8.1 MiB
eed21c996f
Commit Graph

498 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nalin Dahyabhai
20683b0e60 - whoops, that's the wrong filename for the patch 2010-02-16 22:15:46 +00:00
Nalin Dahyabhai
19c7a3451b - upstream patch to correct a denial-of-service in KDCs in 1.7 and later 2010-02-16 21:53:47 +00:00
Nalin Dahyabhai
c84cd0185b - apply patch from upstream to fix KDC denial of service (CVE-2010-0283, 
#566002)
 2010-02-16 21:45:25 +00:00
Nalin Dahyabhai
edcbea8d17 - update to 1.7.1 
- don't trip AD lockout on wrong password (#542687, #554351)
- incorporates fixes for CVE-2009-4212 and CVE-2009-3295
- fixes gss_krb5_copy_ccache() when SPNEGO is used
- move sim_client/sim_server, gss-client/gss-server, uuclient/uuserver to
    the devel subpackage, better lining up with the expected krb5/krb5-appl
    split in 1.8
- drop kvno,kadmin,k5srvutil,ktutil from -workstation-servers, as it
    already depends on -workstation which also includes them
 2010-02-03 17:11:35 +00:00
Nalin Dahyabhai
f20db54891 - tighten up default permissions on kdc.conf and kadm5.acl (#558343) 2010-01-25 16:58:14 +00:00
Nalin Dahyabhai
9a31789f24 - use portreserve correctly -- portrelease takes the basename of the file 
whose entries should be released, so we need three files, not one
 2010-01-22 15:08:24 +00:00
Nalin Dahyabhai
304c10003d - suppress warnings of impending password expiration if expiration is more 
than seven days away when the KDC reports it via the last-req field,
    just as we already do when it reports expiration via the key-expiration
    field (#556495)
- link with libtinfo rather than libncurses, when we can, in future RHEL
 2010-01-18 20:13:04 +00:00
Nalin Dahyabhai
fba11018d1 - suppress warnings of impending password expiration if expiration is more 
than seven days away when the KDC reports it via the last-req field,
    just as we already do when it reports expiration via the key-expiration
    field (#556495)
 2010-01-18 20:03:17 +00:00
Nalin Dahyabhai
da536a5974 - krb5_get_init_creds_password: check opte->flags instead of options->flags 
when checking whether or not we get to use the prompter callback
    (#555875)
 2010-01-15 20:24:36 +00:00
Nalin Dahyabhai
2baf72c02f - use portreserve to make sure the KDC can always bind to the kerberos-iv 
port, kpropd can always bind to the krb5_prop port, and that kadmind
    can always bind to the kerberos-adm port (#555279)
- correct inadvertent use of macros in the changelog (rpmlint)
 2010-01-14 21:14:26 +00:00
Nalin Dahyabhai
60b2cbeb09 - fix the description of the problem 2010-01-12 19:27:00 +00:00
Nalin Dahyabhai
c81c7789b7 - add upstream patches for KDC crash during AES and RC4 decryption 
(CVE-2009-4212), via Tom Yu (#545015)
 2010-01-12 19:24:24 +00:00
Nalin Dahyabhai
3ad86e219a - back down to the earlier version of the patch for #551764; the backported 
alternate version was incomplete
 2010-01-06 23:54:23 +00:00
Nalin Dahyabhai
abd49c944b - put the conditional back for the -devel subpackage 2010-01-06 20:05:00 +00:00
Nalin Dahyabhai
f6701d5d64 - revise this to look more like what's been done in upstream trunk 2010-01-05 23:38:49 +00:00
Nalin Dahyabhai
b199476767 - pull up proposed patch for creating previously-not-there lock files for 
kdb databases when 'kdb5_util' is called to 'load' (#551764)
 2010-01-05 22:55:55 +00:00
Nalin Dahyabhai
65631fa1bb - use %%global instead of %%define 
- fix conditional for future RHEL
 2010-01-05 22:55:30 +00:00
Nalin Dahyabhai
14efc0c6dd - add tracking bug ID for the latest security patch 2010-01-04 15:59:00 +00:00
Nalin Dahyabhai
795e5e14a6 - add upstream patch for KDC crash during referral processing 
(CVE-2009-3295), via Tom Yu
 2010-01-04 15:56:24 +00:00
Nalin Dahyabhai
a019df8a50 - fix a typo 2009-12-21 19:41:25 +00:00
Nalin Dahyabhai
cc8c049fe1 refresh patch for #542868 from trunk 2009-12-21 19:27:25 +00:00
Nalin Dahyabhai
439a1c75e7 - add the upstream RT number 2009-12-11 18:08:12 +00:00
Nalin Dahyabhai
ec702e8192 - move man pages that live in the -libs subpackage into the regular 
%%{_mandir} tree where they'll still be found if that package is the
    only one %installed (#529319)
 2009-12-10 22:50:50 +00:00
Nalin Dahyabhai
bfccd3939a - re-enable this change: 
- try to make gss_krb5_copy_ccache() work correctly for spnego (#542868)
 2009-12-09 21:40:48 +00:00
Nalin Dahyabhai
ca17214610 - if the result of our attempt to look up the context is NULL, either 
because the right function returned NULL or we failed to initialize the
    library, just skip it, as that's all we can do
 2009-12-09 00:18:58 +00:00
Nalin Dahyabhai
f21202d6a4 back that last change out 2009-12-08 20:51:25 +00:00
Nalin Dahyabhai
2358ad9bad - try to make gss_krb5_copy_ccache() work correctly for spnego (#542868) 2009-12-08 20:05:41 +00:00
Nalin Dahyabhai
d59dcd39c0 - make krb5-config suppress CFLAGS output when called with --libs (#544391) 2009-12-04 22:16:38 +00:00
Nalin Dahyabhai
19b0f85a6e - configure with --enable-dns-for-realm instead of --enable-dns, which 
isn't recognized any more
 2009-12-03 23:26:02 +00:00
Nalin Dahyabhai
ca8e0f8800 - ksu: move account management checks to before we drop privileges, like su 
does (#540769)
 2009-12-03 23:23:54 +00:00
Nalin Dahyabhai
61f3185f70 - selinux: set the user part of creation context to match the current 
context instead of what we looked up
 2009-12-03 23:17:28 +00:00
Bill Nottingham
b4c720591d Fix typo that causes a failure to update the common directory. (releng 
#2781)
 2009-11-25 23:51:28 +00:00
Nalin Dahyabhai
fd8edea8d9 - move /etc/pam.d/ksu from krb5-workstation-servers to krb5-workstation, 
where it's actually needed (#538703)
 2009-11-20 16:09:35 +00:00
Nalin Dahyabhai
c6f29fd1c4 add some conditional logic to simplify building on older Fedora releases 2009-10-23 20:29:53 +00:00
Nalin Dahyabhai
0abe2288c5 - don't forget the readme file 2009-10-13 15:49:29 +00:00
Nalin Dahyabhai
d2ad657773 - specify the location of the subsystem lock when using the status() 
function in the kadmind and kpropd init scripts, so that we get the
    right error when we're dead but have a lock file - requires initscripts
    8.99 (#521772)
 2009-09-14 17:18:59 +00:00
Nalin Dahyabhai
060205dbf8 - if the init script fails to start krb5kdc/kadmind/kpropd because it's 
already running (according to status()), return 0 (part of #521772)
 2009-09-08 19:08:28 +00:00
Nalin Dahyabhai
51ff876d52 - work around a compile problem with new openssl 2009-08-24 15:51:36 +00:00
Nalin Dahyabhai
764c9749f5 - no longer referenced in .spec 2009-08-24 15:51:29 +00:00
Tomáš Mráz
c297ec78d9 - rebuilt with new openssl 2009-08-21 14:11:01 +00:00
Jesse Keating
dd62488dfd - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild 2009-07-25 04:46:50 +00:00
Nalin Dahyabhai
fc50628820 note RT numbers 2009-07-07 14:53:52 +00:00
Nalin Dahyabhai
e1e3b07810 - simplify the man pages patch by only preprocessing the files we care 
about and moving shared configure.in logic into a shared function
 2009-07-06 22:56:11 +00:00
Nalin Dahyabhai
9e296310c6 - catch the case of ftpd printing file sizes using %i, when they might be 
bigger than an int now
 2009-07-06 22:54:34 +00:00
Nalin Dahyabhai
6f1fb7d51e - try to merge and clean up all the large file support for ftp and rcp 2009-07-01 17:52:16 +00:00
Nalin Dahyabhai
1917c4e1aa - pam_rhosts_auth.so's been gone for a while, so use pam_rhosts.so instead 2009-06-30 19:39:34 +00:00
Nalin Dahyabhai
cd1d8493ce - more notes! 2009-06-29 21:36:53 +00:00
Nalin Dahyabhai
c835c2a921 - switch buildrequires: and requires: on e2fsprogs-devel into 
buildrequires: and requires: on libss-devel, libcom_err-devel, per
    sandeen on fedora-devel-list
 2009-06-29 19:28:01 +00:00
Nalin Dahyabhai
f06a358eca - split up so that sections of the tree which have their own configure 
scripts preprocess their own man pages
 2009-06-29 19:00:59 +00:00
Nalin Dahyabhai
612cb4a5ae - call the macro correctly in appl/telnet 
- use MSG_NOTICE rather than MSG_RESULT to note that we're using libselinux
 2009-06-29 18:51:29 +00:00