f21202d6a4back that last change out
Nalin Dahyabhai
2009-12-08 20:51:25 +0000
2358ad9bad- try to make gss_krb5_copy_ccache() work correctly for spnego (#542868)
Nalin Dahyabhai
2009-12-08 20:05:41 +0000
d59dcd39c0- make krb5-config suppress CFLAGS output when called with --libs (#544391)
Nalin Dahyabhai
2009-12-04 22:16:38 +0000
19b0f85a6e- configure with --enable-dns-for-realm instead of --enable-dns, which isn't recognized any more
Nalin Dahyabhai
2009-12-03 23:26:02 +0000
ca8e0f8800- ksu: move account management checks to before we drop privileges, like su does (#540769)
Nalin Dahyabhai
2009-12-03 23:23:54 +0000
61f3185f70- selinux: set the user part of creation context to match the current context instead of what we looked up
Nalin Dahyabhai
2009-12-03 23:17:28 +0000
b4c720591dFix typo that causes a failure to update the common directory. (releng #2781)
Bill Nottingham
2009-11-25 23:51:28 +0000
fd8edea8d9- move /etc/pam.d/ksu from krb5-workstation-servers to krb5-workstation, where it's actually needed (#538703)
Nalin Dahyabhai
2009-11-20 16:09:35 +0000
c6f29fd1c4add some conditional logic to simplify building on older Fedora releases
Nalin Dahyabhai
2009-10-23 20:29:53 +0000
d2ad657773- specify the location of the subsystem lock when using the status() function in the kadmind and kpropd init scripts, so that we get the right error when we're dead but have a lock file - requires initscripts 8.99 (#521772)
Nalin Dahyabhai
2009-09-14 17:18:59 +0000
060205dbf8- if the init script fails to start krb5kdc/kadmind/kpropd because it's already running (according to status()), return 0 (part of #521772)
Nalin Dahyabhai
2009-09-08 19:08:28 +0000
51ff876d52- work around a compile problem with new openssl
Nalin Dahyabhai
2009-08-24 15:51:36 +0000
764c9749f5- no longer referenced in .spec
Nalin Dahyabhai
2009-08-24 15:51:29 +0000
c297ec78d9- rebuilt with new openssl
Tomáš Mráz
2009-08-21 14:11:01 +0000
e1e3b07810- simplify the man pages patch by only preprocessing the files we care about and moving shared configure.in logic into a shared function
Nalin Dahyabhai
2009-07-06 22:56:11 +0000
9e296310c6- catch the case of ftpd printing file sizes using %i, when they might be bigger than an int now
Nalin Dahyabhai
2009-07-06 22:54:34 +0000
6f1fb7d51e- try to merge and clean up all the large file support for ftp and rcp
Nalin Dahyabhai
2009-07-01 17:52:16 +0000
1917c4e1aa- pam_rhosts_auth.so's been gone for a while, so use pam_rhosts.so instead
Nalin Dahyabhai
2009-06-30 19:39:34 +0000
cd1d8493ce- more notes!
Nalin Dahyabhai
2009-06-29 21:36:53 +0000
c835c2a921- switch buildrequires: and requires: on e2fsprogs-devel into buildrequires: and requires: on libss-devel, libcom_err-devel, per sandeen on fedora-devel-list
Nalin Dahyabhai
2009-06-29 19:28:01 +0000
f06a358eca- split up so that sections of the tree which have their own configure scripts preprocess their own man pages
Nalin Dahyabhai
2009-06-29 19:00:59 +0000
612cb4a5ae- call the macro correctly in appl/telnet - use MSG_NOTICE rather than MSG_RESULT to note that we're using libselinux
Nalin Dahyabhai
2009-06-29 18:51:29 +0000
3f291ca045- selinux labeling: use selabel_open() family of functions rather than matchpathcon(), bail on it if attempting to get the mutex lock fails
Nalin Dahyabhai
2009-06-26 21:45:54 +0000
6e77eee565- merge in another hunk that we reported along with what was already in here
Nalin Dahyabhai
2009-06-26 21:42:13 +0000
7d63382d8d- remove this, more or less implemented upstream
Nalin Dahyabhai
2009-06-26 21:40:10 +0000
84ade2f840- fix a type mismatch in krb5_copy_error_message() - ftp: fix some odd use of strlen()
Nalin Dahyabhai
2009-06-26 21:36:54 +0000
17bcf3db89- fix a type mismatch
Nalin Dahyabhai
2009-06-26 21:35:41 +0000
d7d96cfa8f- correct some dubious use of strlen() in the ftp client
Nalin Dahyabhai
2009-06-26 21:35:25 +0000
525e89b7fd- note the original RT number - use MSG_NOTICE rather than MSG_RESULT to announce that we're enabled
Nalin Dahyabhai
2009-06-23 20:58:07 +0000
1d6f8b9bad- compile with %%{?_smp_mflags} (Steve Grubb) - drop the bit where we munge part of the error table header, as it's not needed any more
Nalin Dahyabhai
2009-06-16 21:29:37 +0000
aecce15d40add and own %%{_libdir}/krb5/plugins/authdata
Nalin Dahyabhai
2009-06-05 15:18:29 +0000
a6e25b4c5d- put $prefix/sbin in everyone's $PATH, not just root's
Nalin Dahyabhai
2009-06-04 22:36:59 +0000
fae1002a8e- drop pam_krb5-specific settings which override library defaults - drop v4-specific default_domain
Nalin Dahyabhai
2009-06-04 22:35:56 +0000
9773673656- drop command-line arguments which previously signalled v5-only
Nalin Dahyabhai
2009-06-04 22:34:40 +0000
ddc65be424- remove references to files which aren't there any more
Nalin Dahyabhai
2009-06-04 22:18:04 +0000
eff2218c3a- eliminate a compiler warning
Nalin Dahyabhai
2009-06-04 22:17:17 +0000
f72d641eb4- new source set
Nalin Dahyabhai
2009-06-04 22:15:04 +0000
2f1613d440- update to 1.7, second pass
Nalin Dahyabhai
2009-06-04 22:09:07 +0000
259e2512e5- fix a syntax error
Nalin Dahyabhai
2009-06-04 20:45:45 +0000
379f28cb47- also treat "nsAccountLock: TRUE" in directory entries as an indication of an account having been disabled
Nalin Dahyabhai
2009-06-04 19:38:46 +0000
55c161be92- patch to label most files at create-time
Nalin Dahyabhai
2009-06-04 19:37:06 +0000
8a5745ff76- update of the PAM support patch
Nalin Dahyabhai
2009-06-04 19:35:17 +0000
7520433037- avoid double-logging in the servers by avoiding processing of the same configuration file twice
Nalin Dahyabhai
2009-06-04 19:32:36 +0000
f4932dde69- suppress our indirect dependencies from the output of --libs, unless the user also passed in the --deps flag
Nalin Dahyabhai
2009-06-04 19:30:50 +0000
94d3c5951e- try to be more resilient to comparisons of malformed principal structures
Nalin Dahyabhai
2009-06-04 19:29:44 +0000
8c991219ab- when we're not doing a recursive transfer, treat subdirectories as a problem
Nalin Dahyabhai
2009-06-04 19:27:50 +0000
6879d98ef2- try to avoid locking up in rsh due to client and server blocking on writes at the same time
Nalin Dahyabhai
2009-06-04 19:26:29 +0000
0b6e153ff8- use an in-memory ccache instead of an on-disk temporary to avoid compile-time warnings about using mktemp()
Nalin Dahyabhai
2009-06-04 19:16:47 +0000
dd70d4f4ef- send the length of the file by printf()ing a long long instead of a long, so that we don't break on large files on 32-bit machines
Nalin Dahyabhai
2009-06-04 19:15:24 +0000
d067ec29b6- link binaries to produce position-independent executables, and strip the flags used to do so, and library path flags, from the output of krb5-config - install shared libraries with the execute bit set - we used to override RPATH here, but configure takes --disable-rpath now
Nalin Dahyabhai
2009-06-04 19:09:04 +0000
bc603de2a8- forward-port long-present out-of-tree patch to support "ANY" keytab type, which takes as its residual a comma-separated list of keytab names and will search them all in turn when looking for a specific key
Nalin Dahyabhai
2009-06-04 19:05:20 +0000
3c1272ff63- add an auth stack to ksu's PAM configuration so that pam_setcred() calls won't just fail
Nalin Dahyabhai
2009-05-19 23:21:48 +0000
06c77ea1cd- make PAM support for ksu also set PAM_RUSER
Nalin Dahyabhai
2009-05-11 18:19:08 +0000
df43b1e2b6yeah, actually bump the release number
Nalin Dahyabhai
2009-04-23 22:51:25 +0000
5ebd815122- extend PAM support to ksu: perform account and session management for the target user - pull up and merge James Leddy's changes to also set PAM_RHOST in PAM-aware network-facing services
Nalin Dahyabhai
2009-04-23 22:43:26 +0000
d3b2b69619- fix a typo in a ksu error message (Marek Mahut)
Nalin Dahyabhai
2009-04-21 18:46:52 +0000
27c8414969- okay, finally remove this
Nalin Dahyabhai
2009-04-21 18:46:37 +0000
8614c0dcd0- "rev" works the way the test suite expects now, so don't disable tests that use it
Nalin Dahyabhai
2009-04-21 18:46:16 +0000
f0389e0488note why we don't just run make check here
Nalin Dahyabhai
2009-04-20 21:15:12 +0000
41d635cc23- add empty Default-Start: statements to the init scripts
Nalin Dahyabhai
2009-04-20 20:33:32 +0000
724545eab6- add LSB-style informational headers to the init scripts
Nalin Dahyabhai
2009-04-20 20:32:02 +0000
980855a07a- explicitly run the pdf generation script using sh (part of #225974)
Nalin Dahyabhai
2009-04-17 13:29:41 +0000
f51ed46fff- remove obsolete patch for CVE-2009-0845 - add patches for read overflow and null pointer dereference in the implementation of the SPNEGO mechanism (CVE-2009-0844, CVE-2009-0845) - add patch for attempt to free uninitialized pointer in libkrb5 (CVE-2009-0846) - add patch to fix length validation bug in libkrb5 (CVE-2009-0847)
Nalin Dahyabhai
2009-04-07 18:16:28 +0000
ebb2e9030e- add patch to fix length validation bug in libkrb5 (CVE-2009-0847)
Nalin Dahyabhai
2009-04-07 18:15:43 +0000
0d81cc8c03- add patch for attempt to free uninitialized pointer in libkrb5 (CVE-2009-0846)
Nalin Dahyabhai
2009-04-07 18:15:12 +0000
b28fb4b7da- add patches for read overflow and null pointer dereference in the implementation of the SPNEGO mechanism (CVE-2009-0844, CVE-2009-0845)
Nalin Dahyabhai
2009-04-07 18:14:43 +0000
d43a03520f- make the kpropd init script treat reload as restart (part of #225974)
Nalin Dahyabhai
2009-04-06 20:33:44 +0000
45bffcbf45- take the execute bit off of the protocol docs (part of #225974) - unflag init scripts as configuration files (part of #225974)
Nalin Dahyabhai
2009-04-06 18:22:58 +0000
fa314d1962- escape possible macros in the changelog (part of #225974)
Nalin Dahyabhai
2009-04-06 17:52:21 +0000
5ee95cc082- clean up buildprereq/prereqs, explicit mktemp requires, and add the ldconfig for the -server-ldap subpackage (part of #225974)
Nalin Dahyabhai
2009-04-06 17:45:29 +0000
98a3610002- make splitting up of the workstation bits unconditional
Nalin Dahyabhai
2009-04-06 16:46:35 +0000
1644a79505- move the libraries to /%{_lib}, but leave --libdir alone so that plugins get installed and are searched for in the same locations (#473333)
Nalin Dahyabhai
2009-04-06 16:22:45 +0000
e61be4fa97- turn off krb4 support (it won't be part of the 1.7 release, but do it now) - use triggeruns to properly shut down and disable krb524d when -server and -workstation-servers gets upgraded, because it's gone now
Nalin Dahyabhai
2009-04-06 15:56:45 +0000
434cefd85a- libgssapi_krb5: backport fix for some errors which can occur when we fail to set up the server half of a context (CVE-2009-0845)
Nalin Dahyabhai
2009-03-17 22:26:27 +0000
6df4ee1a7a- krb5_fcc_generate_new(): unlock the fcc list lock before returning in the non-mkstemp() case, don't unlock the lock twice before returning if we happen to run out of memory (fixed in trunk by rewriting the function)
Nalin Dahyabhai
2008-10-28 21:36:18 +0000
0d57fe8b86- telnet can suspend itself if the calling shell supports job control, and around here that's not unique to csh (#433947) Of course, if it turns out that we do have a shell that doesn't support job control, we get to change this to enumerate the ones that do. Which is sure to be all kinds of fun.
Nalin Dahyabhai
2008-10-28 21:35:45 +0000
b1efb9b86d- if we successfully change the user's password during an attempt to get initial credentials, but then fail to get initial creds from a non-master using the new password, retry against the master (#432334)
Nalin Dahyabhai
2008-09-04 15:13:51 +0000
bb9aa2106cfix license tag
Tom Callaway
2008-08-05 17:46:07 +0000
2352d208e3- define ASN1BUF_OMIT_INLINE_FUNCS at compile-time (for now) to keep building
Nalin Dahyabhai
2008-07-16 21:54:24 +0000
b5dfa8576aquote %%{__cc} where needed because it includes whitespace now
Nalin Dahyabhai
2008-07-16 18:40:35 +0000
6197407f58- clear fuzz out of patches, dropping a man page patch which is no longer necessary
Nalin Dahyabhai
2008-07-16 18:09:47 +0000
14f675bab9- build with -fno-strict-aliasing, which is needed because the library triggers these warnings
Nalin Dahyabhai
2008-07-11 15:16:54 +0000
37b6c5e715- rework how labeling is handled to avoid a bootstrapping problem in headers - don't forget to label the principal database lock file
Nalin Dahyabhai
2008-07-11 15:14:57 +0000
f06f7f1e03generate include/krb5/krb5.h before building, fix conditional for sparcv9
Tom Callaway
2008-06-14 18:22:01 +0000
d11c1aff3a- whoops, forgot to go back and get the ITS entry number
Nalin Dahyabhai
2008-05-12 18:50:56 +0000
9f105b4df2- ftp: use the correct local filename during mget when the 'case' option is enabled (#442713)
Nalin Dahyabhai
2008-04-16 18:54:08 +0000
d17f0b5f35Provide an option to make the KDC also listen on loopback interfaces for datagram requests. Adds an internal symbol to libkrb5 which the KDC will need if listening on loopback is enabled. The default might be better changed from FALSE to TRUE so that the default matches what we do with stream sockets. Or maybe that should be the default anyway, with no configuration option. FIXME: doesn't add documentation anywhere.
Nalin Dahyabhai
2008-04-04 21:32:15 +0000