rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity
535 Commits 9 Branches 46 Tags 7.8 MiB
fd2308c2b8
Commit Graph

351 Commits

Author SHA1 Message Date
Nalin Dahyabhai
62cb58fe6f reference the raw hide bug ID for CVE-2011-0283 in the changelog 2011-02-08 16:38:16 -05:00
Nalin Dahyabhai
be633bbbb2 - add upstream patches to fix standalone kpropd exiting if the per-client 
child process exits with an error (MITKRB5-SA-2011-001), a hang or crash
  in the KDC when using the LDAP kdb backend, and an uninitialized pointer
  use in the KDC (MITKRB5-SA-2011-002) (CVE-2010-4022, #664009,
  CVE-2011-0281, #668719, CVE-2011-0282, #668726, CVE-2011-0283, #670567)
 2011-02-08 14:37:19 -05:00
Dennis Gilmore
4fe1ed04f8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild 2011-02-07 21:09:16 -06:00
Nalin Dahyabhai
9fed313d79 fix a compile error in the SELinux labeling patch when -DDEBUG is used (Sumit Bose) 2011-02-07 11:24:03 -05:00
Nalin Dahyabhai
293e1a6e51 - properly advertise that the kpropd init script now supports force-reload (Zbysek Mraz #630587) 2011-02-01 10:38:05 -05:00
Nalin Dahyabhai
3442cb8a33 - pkinit: when verifying signed data, use the CMS APIs for better interoperability (#636985, RT#6851) 2011-01-26 13:59:56 -05:00
Nalin Dahyabhai
8c3bae0303 update to 1.9 final 2010-12-22 17:22:08 -05:00
Nalin Dahyabhai
09a9ac8a63 - fix link flags and permissions on shared libraries (ausil) 2010-12-20 15:20:01 -05:00
Nalin Dahyabhai
ce5e3836b2 - update to 1.9 beta 3 2010-12-16 14:43:53 -05:00
Nalin Dahyabhai
695c21dd42 - update to beta 2 2010-12-06 16:55:35 -05:00
Nalin Dahyabhai
478f86fe1e add tweaks for initial whitespace that cause 389-ds to choke on the schema ldif 2010-12-06 16:55:34 -05:00
Nalin Dahyabhai
eb90866aa9 - drop not-needed-since-1.8 build dependency on rsh (ssorce) 2010-12-06 16:55:34 -05:00
Nalin Dahyabhai
b9f9657a15 - if WITH_NSS is set, built with --with-crypto-impl=nss (requires NSS 3.12.9) 2010-12-06 16:55:34 -05:00
Nalin Dahyabhai
66b6f44b6c - initial jump to 1.9 beta 1 2010-12-06 16:55:33 -05:00
Nalin Dahyabhai
5faba5957f - right, renamed the patch 2010-11-30 14:28:42 -05:00
Nalin Dahyabhai
786702d87a add upstream patch to fix various issues from MITKRB5-SA-2010-007 2010-11-30 12:00:23 -05:00
Nalin Dahyabhai
60f5ea8eaf - incorporate upstream patch to fix uninitialized pointer crash in the KDC's authorization data handling (CVE-2010-1322, #636335) 2010-10-05 15:29:32 -04:00
Nalin Dahyabhai
e84327e216 - pull down patches from trunk to implement k5login_authoritative and k5login_directory settings for krb5.conf (#539423) 2010-10-04 19:01:38 -04:00
Jesse Keating
82f4c7f41e - Rebuilt for gcc bug 634757 2010-09-29 14:34:57 -07:00
Nalin Dahyabhai
f44b554d1b - fix reading of keyUsage extensions when attempting to select pkinit client certs (part of #629022, RT#6775) 
- fix selection of pkinit client certs when one or more don't include a subjectAltName extension (part of #629022, RT#6774)
 2010-09-16 19:32:06 -04:00
Nalin Dahyabhai
3f5343a0b9 - build with -fstack-protector-all instead of the default -fstack-protector, 
so that we add checking to more functions (i.e., all of them) (#629950)
 2010-09-03 13:50:17 -04:00
Nalin Dahyabhai
a7376e1a41 - also link binaries with -Wl,-z,relro,-z,now (part of #629950) 2010-09-03 13:08:45 -04:00
Nalin Dahyabhai
6130f43a46 - fix a logic bug in computing key expiration times (RT#6762, #627022) 2010-08-24 18:29:42 -04:00
Nalin Dahyabhai
0c20d8744b - update to 1.8.3 
- drop backports of fixes for gss context expiration and error table
    registration/deregistration mismatch
  - drop patch for upstream #6750
 2010-08-04 18:22:20 -04:00
Nalin Dahyabhai
eed65b02ae - fix a typo in the changelog 2010-07-15 15:47:39 +00:00
Nalin Dahyabhai
45b591b3eb - fix parsing of the pidfile option in the KDC (upstream #6750) 2010-07-07 20:56:07 +00:00
Nalin Dahyabhai
8b8653b9be - add logrotate configuration files for krb5kdc and kadmind (#462658) 2010-07-07 18:09:05 +00:00
Nalin Dahyabhai
a0ca6e4d98 - tell krb5kdc and kadmind to create pid files, since they can 2010-07-07 17:41:39 +00:00
Nalin Dahyabhai
cb407c5fa1 - libgssapi: pull in patch from svn to stop returning context-expired 
errors when the ticket which was used to set up the context expires
    (#605366, upstream #6739)
 2010-06-21 18:26:35 +00:00
Nalin Dahyabhai
da92cbb7b4 - pull up fix for upstream #6745, in which the gssapi library would add the 
wrong error table but subsequently attempt to unload the right one
 2010-06-21 18:11:40 +00:00
Nalin Dahyabhai
e067cf87fe - update to 1.8.2 
- drop patches for CVE-2010-1320, CVE-2010-1321
 2010-06-10 22:21:43 +00:00
Nalin Dahyabhai
1313c14673 - reference the right bug -- this wasn't a problem until the revision 2010-05-27 21:10:28 +00:00
Nalin Dahyabhai
17238354c3 don't skip the PAM account check for root or the same user (more of 
#477033)
 2010-05-27 20:53:30 +00:00
Nalin Dahyabhai
ccdc4a4228 - ksu: move session management calls to before we drop privileges, like su 
does (#596887)
 2010-05-27 20:01:43 +00:00
Nalin Dahyabhai
b60e63ef2b - that -fno-strict-aliasing change merits a rebuild 2010-05-24 22:15:15 +00:00
Nalin Dahyabhai
ab9e2985db - go back to building without strict aliasing (compiler warnings in gssrpc) 2010-05-24 21:31:38 +00:00
Nalin Dahyabhai
5d72216a22 - drop explicit linking with libtinfo for applications that use libss, now 
that readline itself links with libtinfo (as of readline-5.2-3, since
    fedora 7 or so)
 2010-05-24 20:42:04 +00:00
Nalin Dahyabhai
c430745262 - make krb5-server-ldap also depend on the same version-release of 
krb5-libs, as the other subpackages do, if only to make it clearer than
    it is when we just do it through krb5-server
 2010-05-24 20:07:09 +00:00
Nalin Dahyabhai
b3e836cce9 - add patch to correct GSSAPI library null pointer dereference which could 
be triggered by malformed client requests (CVE-2010-1321, #582466)
 2010-05-18 18:14:30 +00:00
Nalin Dahyabhai
59f0148016 - fix output of kprop's init script's "status" and "reload" commands 
(#588222)
 2010-05-04 19:32:52 +00:00
Nalin Dahyabhai
98bc7d7d76 - incorporate patch to fix double-free in the KDC (CVE-2010-1320, #581922) 2010-04-20 18:26:39 +00:00
Nalin Dahyabhai
044f184f7a - fix a typo in kerberos.ldif 2010-04-14 14:28:32 +00:00
Nalin Dahyabhai
b48f2bcb58 - update to 1.8.1 
- no longer need patches for #555875, #561174, #563431, RT#6661,
    CVE-2010-0628
- replace buildrequires on tetex-latex with one on texlive-latex, which is
    the package that provides it now
 2010-04-09 13:44:05 +00:00
Nalin Dahyabhai
6b3df78771 - kdc.conf: no more need to suggest a v4 mode, or listening on the v4 port 2010-04-08 21:27:15 +00:00
Nalin Dahyabhai
8d606a93f5 - drop patch to suppress key expiration warnings sent from the KDC in the 
last-req field, as the KDC is expected to just be configured to either
    send them or not as a particular key approaches expiration (#556495)
 2010-04-08 19:14:31 +00:00
Nalin Dahyabhai
665fa22b0f - add bug numbers for the fix for CVE-2010-0628 2010-03-23 22:56:35 +00:00
Nalin Dahyabhai
cac63d2dfa - kdc.conf: no more need to suggest keeping keys with v4-compatible salting 2010-03-23 18:18:32 +00:00
Nalin Dahyabhai
4a2bf7dc5d - add upstream fix for denial-of-service in SPNEGO (CVE-2010-0628) 2010-03-23 18:07:13 +00:00
Nalin Dahyabhai
1f83fab4c7 - remove the krb5-appl bits (the -workstation-clients and 
-workstation-servers subpackages) now that krb5-appl is its own package
 2010-03-19 21:15:33 +00:00
Nalin Dahyabhai
39cf8a4b2d - whoops, -p level off by one 2010-03-12 22:26:03 +00:00
Nalin Dahyabhai
fe99267cdf - add documentation for the ticket_lifetime option (#561174) 2010-03-12 20:44:02 +00:00
Nalin Dahyabhai
daa38f9cf3 - drop this; we're not going to worry about it 2010-03-11 19:24:17 +00:00
Nalin Dahyabhai
e03499409a - drop this; it's not sufficient any more anyway 2010-03-11 19:20:22 +00:00
Nalin Dahyabhai
0f6f154014 - correct a few typos 
- note the review bug for splitting out krb5-appl
 2010-03-08 20:10:52 +00:00
Nalin Dahyabhai
a32fda650f - this patch is no longer needed; at some point between 1.7 and 1.8 this 
was fixed in SVN
 2010-03-08 18:16:23 +00:00
Nalin Dahyabhai
516763ea91 - pull up patch to get the client libraries to correctly perform password 
changes over IPv6 (Sumit Bose, RT#6661)
 2010-03-08 16:47:24 +00:00
Nalin Dahyabhai
75b08040ff - update to 1.8 
- temporarily bundling the krb5-appl package (split upstream as of 1.8)
    until its package review is complete
- profile.d scriptlets are now only needed by -workstation-clients
- adjust paths in init scripts
- drop upstreamed fix for KDC denial of service (CVE-2010-0283)
- drop patch to check the user's password correctly using crypt(), which
    isn't a code path we hit when we're using PAM
 2010-03-05 22:19:38 +00:00
Nalin Dahyabhai
9c84ef7b56 - whoops, revert inadvertent not-working version bump 2010-03-03 16:16:35 +00:00
Nalin Dahyabhai
5ee10a1ffb - fix a null pointer dereference and crash introduced in our PAM patch that 
would happen if ftpd was given the name of a user who wasn't known to
    the local system, limited to being triggerable by gssapi-authenticated
    clients by the default xinetd config (Olivier Fourdan, #569472)
 2010-03-03 16:09:47 +00:00
Nalin Dahyabhai
d605c80ae2 - fix a regression (not labeling a kdb database lock file correctly, 
#569902)
 2010-03-02 23:01:23 +00:00
Nalin Dahyabhai
669a15d24b - move the package changelog to the end to match the usual style (jdennis) 
- scrub out references to $RPM_SOURCE_DIR (jdennis)
- include a symlink to the readme with the name LICENSE so that people can
    find it more easily (jdennis)
 2010-02-25 23:00:23 +00:00
Nalin Dahyabhai
33efa14da1 - pull up the change to make kpasswd's behavior better match the docs when 
there's no ccache (#563431)
 2010-02-17 23:25:50 +00:00
Nalin Dahyabhai
20683b0e60 - whoops, that's the wrong filename for the patch 2010-02-16 22:15:46 +00:00
Nalin Dahyabhai
c84cd0185b - apply patch from upstream to fix KDC denial of service (CVE-2010-0283, 
#566002)
 2010-02-16 21:45:25 +00:00
Nalin Dahyabhai
edcbea8d17 - update to 1.7.1 
- don't trip AD lockout on wrong password (#542687, #554351)
- incorporates fixes for CVE-2009-4212 and CVE-2009-3295
- fixes gss_krb5_copy_ccache() when SPNEGO is used
- move sim_client/sim_server, gss-client/gss-server, uuclient/uuserver to
    the devel subpackage, better lining up with the expected krb5/krb5-appl
    split in 1.8
- drop kvno,kadmin,k5srvutil,ktutil from -workstation-servers, as it
    already depends on -workstation which also includes them
 2010-02-03 17:11:35 +00:00
Nalin Dahyabhai
f20db54891 - tighten up default permissions on kdc.conf and kadm5.acl (#558343) 2010-01-25 16:58:14 +00:00
Nalin Dahyabhai
9a31789f24 - use portreserve correctly -- portrelease takes the basename of the file 
whose entries should be released, so we need three files, not one
 2010-01-22 15:08:24 +00:00
Nalin Dahyabhai
304c10003d - suppress warnings of impending password expiration if expiration is more 
than seven days away when the KDC reports it via the last-req field,
    just as we already do when it reports expiration via the key-expiration
    field (#556495)
- link with libtinfo rather than libncurses, when we can, in future RHEL
 2010-01-18 20:13:04 +00:00
Nalin Dahyabhai
da536a5974 - krb5_get_init_creds_password: check opte->flags instead of options->flags 
when checking whether or not we get to use the prompter callback
    (#555875)
 2010-01-15 20:24:36 +00:00
Nalin Dahyabhai
2baf72c02f - use portreserve to make sure the KDC can always bind to the kerberos-iv 
port, kpropd can always bind to the krb5_prop port, and that kadmind
    can always bind to the kerberos-adm port (#555279)
- correct inadvertent use of macros in the changelog (rpmlint)
 2010-01-14 21:14:26 +00:00
Nalin Dahyabhai
60b2cbeb09 - fix the description of the problem 2010-01-12 19:27:00 +00:00
Nalin Dahyabhai
c81c7789b7 - add upstream patches for KDC crash during AES and RC4 decryption 
(CVE-2009-4212), via Tom Yu (#545015)
 2010-01-12 19:24:24 +00:00
Nalin Dahyabhai
3ad86e219a - back down to the earlier version of the patch for #551764; the backported 
alternate version was incomplete
 2010-01-06 23:54:23 +00:00
Nalin Dahyabhai
abd49c944b - put the conditional back for the -devel subpackage 2010-01-06 20:05:00 +00:00
Nalin Dahyabhai
b199476767 - pull up proposed patch for creating previously-not-there lock files for 
kdb databases when 'kdb5_util' is called to 'load' (#551764)
 2010-01-05 22:55:55 +00:00
Nalin Dahyabhai
65631fa1bb - use %%global instead of %%define 
- fix conditional for future RHEL
 2010-01-05 22:55:30 +00:00
Nalin Dahyabhai
14efc0c6dd - add tracking bug ID for the latest security patch 2010-01-04 15:59:00 +00:00
Nalin Dahyabhai
795e5e14a6 - add upstream patch for KDC crash during referral processing 
(CVE-2009-3295), via Tom Yu
 2010-01-04 15:56:24 +00:00
Nalin Dahyabhai
a019df8a50 - fix a typo 2009-12-21 19:41:25 +00:00
Nalin Dahyabhai
cc8c049fe1 refresh patch for #542868 from trunk 2009-12-21 19:27:25 +00:00
Nalin Dahyabhai
ec702e8192 - move man pages that live in the -libs subpackage into the regular 
%%{_mandir} tree where they'll still be found if that package is the
    only one %installed (#529319)
 2009-12-10 22:50:50 +00:00
Nalin Dahyabhai
bfccd3939a - re-enable this change: 
- try to make gss_krb5_copy_ccache() work correctly for spnego (#542868)
 2009-12-09 21:40:48 +00:00
Nalin Dahyabhai
f21202d6a4 back that last change out 2009-12-08 20:51:25 +00:00
Nalin Dahyabhai
2358ad9bad - try to make gss_krb5_copy_ccache() work correctly for spnego (#542868) 2009-12-08 20:05:41 +00:00
Nalin Dahyabhai
d59dcd39c0 - make krb5-config suppress CFLAGS output when called with --libs (#544391) 2009-12-04 22:16:38 +00:00
Nalin Dahyabhai
19b0f85a6e - configure with --enable-dns-for-realm instead of --enable-dns, which 
isn't recognized any more
 2009-12-03 23:26:02 +00:00
Nalin Dahyabhai
fd8edea8d9 - move /etc/pam.d/ksu from krb5-workstation-servers to krb5-workstation, 
where it's actually needed (#538703)
 2009-11-20 16:09:35 +00:00
Nalin Dahyabhai
c6f29fd1c4 add some conditional logic to simplify building on older Fedora releases 2009-10-23 20:29:53 +00:00
Nalin Dahyabhai
0abe2288c5 - don't forget the readme file 2009-10-13 15:49:29 +00:00
Nalin Dahyabhai
d2ad657773 - specify the location of the subsystem lock when using the status() 
function in the kadmind and kpropd init scripts, so that we get the
    right error when we're dead but have a lock file - requires initscripts
    8.99 (#521772)
 2009-09-14 17:18:59 +00:00
Nalin Dahyabhai
060205dbf8 - if the init script fails to start krb5kdc/kadmind/kpropd because it's 
already running (according to status()), return 0 (part of #521772)
 2009-09-08 19:08:28 +00:00
Nalin Dahyabhai
51ff876d52 - work around a compile problem with new openssl 2009-08-24 15:51:36 +00:00
Tomáš Mráz
c297ec78d9 - rebuilt with new openssl 2009-08-21 14:11:01 +00:00
Jesse Keating
dd62488dfd - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild 2009-07-25 04:46:50 +00:00
Nalin Dahyabhai
e1e3b07810 - simplify the man pages patch by only preprocessing the files we care 
about and moving shared configure.in logic into a shared function
 2009-07-06 22:56:11 +00:00
Nalin Dahyabhai
9e296310c6 - catch the case of ftpd printing file sizes using %i, when they might be 
bigger than an int now
 2009-07-06 22:54:34 +00:00
Nalin Dahyabhai
6f1fb7d51e - try to merge and clean up all the large file support for ftp and rcp 2009-07-01 17:52:16 +00:00
Nalin Dahyabhai
c835c2a921 - switch buildrequires: and requires: on e2fsprogs-devel into 
buildrequires: and requires: on libss-devel, libcom_err-devel, per
    sandeen on fedora-devel-list
 2009-06-29 19:28:01 +00:00
Nalin Dahyabhai
3f291ca045 - selinux labeling: use selabel_open() family of functions rather than 
matchpathcon(), bail on it if attempting to get the mutex lock fails
 2009-06-26 21:45:54 +00:00
Nalin Dahyabhai
84ade2f840 - fix a type mismatch in krb5_copy_error_message() 
- ftp: fix some odd use of strlen()
 2009-06-26 21:36:54 +00:00