rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity
249 Commits 9 Branches 46 Tags 7.8 MiB
fa314d1962
Commit Graph

185 Commits

Author SHA1 Message Date
Nalin Dahyabhai
fa314d1962 - escape possible macros in the changelog (part of #225974) 2009-04-06 17:52:21 +00:00
Nalin Dahyabhai
5ee95cc082 - clean up buildprereq/prereqs, explicit mktemp requires, and add the 
ldconfig for the -server-ldap subpackage (part of #225974)
 2009-04-06 17:45:29 +00:00
Nalin Dahyabhai
98a3610002 - make splitting up of the workstation bits unconditional 2009-04-06 16:46:35 +00:00
Nalin Dahyabhai
1644a79505 - move the libraries to /%{_lib}, but leave --libdir alone so that plugins 
get installed and are searched for in the same locations (#473333)
 2009-04-06 16:22:45 +00:00
Nalin Dahyabhai
e61be4fa97 - turn off krb4 support (it won't be part of the 1.7 release, but do it 
now)
- use triggeruns to properly shut down and disable krb524d when -server and
-workstation-servers gets upgraded, because it's gone now
 2009-04-06 15:56:45 +00:00
Nalin Dahyabhai
434cefd85a - libgssapi_krb5: backport fix for some errors which can occur when we fail 
to set up the server half of a context (CVE-2009-0845)
 2009-03-17 22:26:27 +00:00
Jesse Keating
78b02cd911 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild 2009-02-25 11:58:27 +00:00
Nalin Dahyabhai
4c798e4ee7 aargh, what year is it? 2009-01-16 16:19:02 +00:00
Nalin Dahyabhai
2bf7daea40 rebuild 2009-01-16 16:17:56 +00:00
Nalin Dahyabhai
b1efb9b86d - if we successfully change the user's password during an attempt to get 
initial credentials, but then fail to get initial creds from a
    non-master using the new password, retry against the master (#432334)
 2008-09-04 15:13:51 +00:00
Tom Callaway
bb9aa2106c fix license tag 2008-08-05 17:46:07 +00:00
Nalin Dahyabhai
2352d208e3 - define ASN1BUF_OMIT_INLINE_FUNCS at compile-time (for now) to keep 
building
 2008-07-16 21:54:24 +00:00
Nalin Dahyabhai
b5dfa8576a quote %%{__cc} where needed because it includes whitespace now 2008-07-16 18:40:35 +00:00
Nalin Dahyabhai
6197407f58 - clear fuzz out of patches, dropping a man page patch which is no longer 
necessary
 2008-07-16 18:09:47 +00:00
Nalin Dahyabhai
14f675bab9 - build with -fno-strict-aliasing, which is needed because the library 
triggers these warnings
 2008-07-11 15:16:54 +00:00
Nalin Dahyabhai
37b6c5e715 - rework how labeling is handled to avoid a bootstrapping problem in 
headers
- don't forget to label the principal database lock file
 2008-07-11 15:14:57 +00:00
Tom Callaway
f06f7f1e03 generate include/krb5/krb5.h before building, fix conditional for sparcv9 2008-06-14 18:22:01 +00:00
Nalin Dahyabhai
9f105b4df2 - ftp: use the correct local filename during mget when the 'case' option is 
enabled (#442713)
 2008-04-16 18:54:08 +00:00
Nalin Dahyabhai
af9bedd61a - stop exporting kadmin keys to a keytab file when kadmind starts -- the 
daemon's been able to use the database directly for a long long time
    now
- belatedly add aes128,aes256 to the default set of supported key types
 2008-04-04 21:29:53 +00:00
Nalin Dahyabhai
f56b6ee2db bump for build 2008-04-01 20:54:54 +00:00
Nalin Dahyabhai
ddde7d0f6e - libgssapi_krb5: properly export the acceptor subkey when creating a lucid 
context (Kevin Coffman, via the nfs4 mailing list)
 2008-04-01 20:53:54 +00:00
Nalin Dahyabhai
7668599d1d - add fixes from MITKRB5-SA-2008-001 for use of null or dangling pointer 
when v4 compatibility is enabled on the KDC (CVE-2008-0062,
    CVE-2008-0063, #432620, #432621)
- add fixes from MITKRB5-SA-2008-002 for array out-of-bounds accesses when
    high-numbered descriptors are used (CVE-2008-0947, #433596)
- add backport bug fix for an attempt to free non-heap memory in
    libgssapi_krb5 (CVE-2007-5901, #415321)
- add backport bug fix for a double-free in out-of-memory situations in
    libgssapi_krb5 (CVE-2007-5971, #415351)
 2008-03-18 18:13:22 +00:00
Nalin Dahyabhai
638efe585f - rework file labeling patch to not depend on fragile preprocessor 
trickery, in another attempt at fixing #428355 and friends
 2008-03-18 15:35:39 +00:00
Nalin Dahyabhai
723980d239 bump release number for rebuild 2008-02-26 21:48:24 +00:00
Nalin Dahyabhai
d4963922a8 - ftp: add patch to fix "runique on" case when globbing fixes applied 
- stop adding a redundant but harmless call to initialize the gssapi
    internals
 2008-02-26 21:18:38 +00:00
Nalin Dahyabhai
2a567feda3 - add the bug ID, close the bug 2008-02-25 20:55:41 +00:00
Nalin Dahyabhai
d5971d2776 - add patch to suppress double-processing of /etc/krb5.conf when we build 
with --sysconfdir=/etc, thereby suppressing double-logging (#231147)
 2008-02-25 20:53:41 +00:00
Nalin Dahyabhai
d73fcc15fb - remove a patch to fix problems with interfaces which are "up" but which 
have no address assigned which conflicted with a change to fix the same
    problem in 1.5 (#200979)
 2008-02-25 19:58:51 +00:00
Nalin Dahyabhai
2cc4303bbc - ftp: don't lose track of a descriptor on passive get when the server 
fails to open a file
 2008-02-25 19:50:42 +00:00
Nalin Dahyabhai
a7d42c7b03 - in login, allow PAM to interact with the user when they've been strongly 
authenticated
- in login, signal PAM when we're changing an expired password that it's an
    expired password, so that when cracklib flags a password as being weak
    it's treated as an error even if we're running as root
 2008-02-25 18:33:34 +00:00
Nalin Dahyabhai
8e9e1c07b0 - drop netdb patch 
- kdb_ldap: add patch to treat 'nsAccountLock: true' as an indication that
    the DISALLOW_ALL_TIX flag is set on an entry, for better interop with
    Fedora, Netscape, Red Hat Directory Server (Simo Sorce)
 2008-02-18 18:44:39 +00:00
Nalin Dahyabhai
a77ce35c52 - avoid depending on <netdb.h> to define NI_MAXHOST and NI_MAXSERV for us 2008-02-13 23:10:32 +00:00
Nalin Dahyabhai
e4d2a874a4 - enable patch for key-expiration reporting 
- enable patch to make kpasswd fall back to TCP if UDP fails
- enable patch to make kpasswd use the right sequence number on retransmit
- enable patch to allow mech-specific creds delegated under spnego to be
    found when searching for creds
 2008-02-12 16:22:38 +00:00
Nalin Dahyabhai
3d4d8cf991 - note RT numbers for reference 
- include but don't apply the other suggested patch for
    kpasswd-doesn't-use-tcp
 2008-01-23 18:27:03 +00:00
Nalin Dahyabhai
dcfbb5995a - revise to reference a different patch which we also don't apply 2008-01-03 16:51:53 +00:00
Nalin Dahyabhai
f25a7f96a5 - reference unapplied patch to fix password-changing with servers other 
than the first one we try to contact
- reference bug 242502 (rawhide) instead of 242500 (rhel)
 2008-01-03 15:47:35 +00:00
Nalin Dahyabhai
1343fd1973 - bump the release 2008-01-02 17:06:19 +00:00
Nalin Dahyabhai
48872e3b7b - right, new year 2008-01-02 17:05:02 +00:00
Nalin Dahyabhai
f072055a76 - some init script cleanups 
- drop unquoted check and silent exit for "$NETWORKING" (#426852, #242500)
- krb524: don't barf on missing database if it looks like we're using
    kldap, same as for kadmin
- return non-zero status for missing files which cause startup to fail
 2008-01-02 17:03:38 +00:00
Nalin Dahyabhai
0aaa920daa - allocate space for the nul-terminator in the local pathname when looking 
up a file context, and properly free a previous context (Jose Plans,
    #426085)
 2007-12-18 18:34:06 +00:00
Nalin Dahyabhai
ea868608c1 rebuild 2007-12-05 15:21:20 +00:00
Nalin Dahyabhai
6c3186e173 note the CVE for needing the revised patch 2007-11-13 21:58:04 +00:00
Nalin Dahyabhai
4ba98f8eab add duplicate bug id 2007-11-13 21:41:20 +00:00
Nalin Dahyabhai
276a481e88 - update to 1.6.3, dropping now-integrated patches for CVE-2007-3999 and 
CVE-2007-4000 (the new pkinit module is built conditionally and goes
    into the -pkinit-openssl package, at least for now, to make a buildreq
    loop with openssl avoidable)
 2007-10-23 19:40:45 +00:00
Nalin Dahyabhai
a0f391756d - make proper use of pam_loginuid and pam_selinux in rshd and ftpd 2007-10-17 17:48:52 +00:00
Nalin Dahyabhai
528eff0ac5 - make krb5.conf %%verify(not md5 size mtime) in addition to 
%%config(noreplace), like /etc/nsswitch.conf (#329811)
 2007-10-12 18:32:28 +00:00
Nalin Dahyabhai
6e3299423a - proposed fix for not being able to find delegated krb5 creds when using 
spnego
 2007-10-04 22:08:39 +00:00
Nalin Dahyabhai
1dd0ff3e30 - proposed patch to fix receipt of delegated creds in mod_auth_kerb 2007-10-01 19:40:47 +00:00
Nalin Dahyabhai
14a08486e8 - add the bug ID to the kadmind fixes, note Fran's patch was identical to 
the one I thought we were already using in the F-7 branch
 2007-09-17 20:47:02 +00:00
Nalin Dahyabhai
2688de92f1 - move the db2 kdb plugin from -server to -libs, because a multilib libkdb 
might need it
 2007-09-11 20:52:15 +00:00